When switching to using has_perm and an auth backend for permissions, the filtering through LIKABLE_MODELS went away which reopens exposure to the vulnerable that that filtering addressed. Put this back into place in the auth backend.