Make sure permissions check on individual messages checks subscriber_access

We already did that check in the list of emails, but not on the
individual email.

diff --git a/django/archives/mailarchives/views.py b/django/archives/mailarchives/views.py
index 6ed715baf6020e6f903864b8d0e12d2a9afc3fc5..8c82fc5ba9d9c37fe5449d900468fdb73034369b 100644 (file)
--- a/django/archives/mailarchives/views.py
+++ b/django/archives/mailarchives/views.py
@@ -69,8 +69,10 @@ def ensure_message_permissions(request, msgid):
  WHERE messages.messageid=%(msgid)s
  AND NOT EXISTS (
   SELECT 1 FROM listsubscribers
+  INNER JOIN lists ON lists.listid=listsubscribers.list_id
   WHERE listsubscribers.list_id=list_threads.listid
   AND listsubscribers.username=%(username)s
+  AND subscriber_access
  )
 )""", {
             'msgid': msgid,