Add permission check for experiment and task list [SCI-10450] (#7296)

app/controllers/experiments_controller.rb

@@ -450,7 +450,9 @@ class ExperimentsController < ApplicationController
 
   def load_project
     @project = Project.find_by(id: params[:project_id])
+
     render_404 unless @project
+    render_403 unless can_read_project?(@project)
   end
 
   def experiment_params

app/controllers/my_modules_controller.rb

@@ -463,7 +463,9 @@ class MyModulesController < ApplicationController
   def load_experiment
     @experiment = Experiment.preload(user_assignments: %i(user user_role))
                             .find_by(id: params[:id] || params[:experiment_id])
+
     render_404 unless @experiment
+    render_403 unless can_read_experiment?(@experiment)
   end
 
   def load_experiment_my_modules

app/controllers/navigator/projects_controller.rb

@@ -27,6 +27,8 @@ module Navigator
 
     def load_project
       @project = current_team.projects.find_by(id: params[:id])
+
+      render_404 unless @project
     end
 
     def check_read_permissions