frontend: not access flask.g.user, user parameter instead
IMHO this is a typo, why else we would access `flask.g.user` variable
to find out Coprs permissible by an user, when we are already passing
the user through method parameter.
It forces us to create tests with application context which otherwise
wouldn't be necessary.