SECURITY FIX: Submission actions not restricted to pool

Certain actions, such as looking into the editorial page, were
 possible to do by (possible) authors. All submission views
 related to the EdCol are now filtered by the get_pool filter in
 the SubmissionManager to exclude objects with the requesting user
 being a (possible) author.