From 497cb4f76567e8d63ff5220f11cbc3f713f2bc88 Mon Sep 17 00:00:00 2001
From: Magnus Hagander <magnus@hagander.net>
Date: Tue, 8 Oct 2024 14:05:59 +0200
Subject: [PATCH] Decorate mailqueue views with @login_required

We did explicitly check for superuser permissions, so there was no way
to get in, but without the decorator we wouldn't get the redirect to the
login page.
---
 postgresqleu/mailqueue/backendviews.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/postgresqleu/mailqueue/backendviews.py b/postgresqleu/mailqueue/backendviews.py
index d79cde463..dbb0faee6 100644
--- a/postgresqleu/mailqueue/backendviews.py
+++ b/postgresqleu/mailqueue/backendviews.py
@@ -1,6 +1,7 @@
 from django.core.exceptions import PermissionDenied
 from django.shortcuts import get_object_or_404
 from django.http import Http404, HttpResponse
+from django.contrib.auth.decorators import login_required
 
 from postgresqleu.util.backendviews import backend_list_editor
 from postgresqleu.mailqueue.backendforms import BackendMailqueueForm
@@ -8,6 +9,7 @@
 from postgresqleu.mailqueue.util import parse_mail_content, recursive_parse_attachments_from_message
 
 
+@login_required
 def edit_mailqueue(request, rest):
     if not request.user.is_superuser:
         raise PermissionDenied("Access denied")
@@ -24,6 +26,7 @@ def edit_mailqueue(request, rest):
     )
 
 
+@login_required
 def view_attachment(request, queueid, attname):
     if not request.user.is_superuser:
         raise PermissionDenied("Access denied")