Engagement: Add missing permission check to view an Engagement (#10639)

Author: Maffooch

dojo/engagement/views.py

@@ -440,6 +440,8 @@ def get_filtered_tests(
 
     def get(self, request, eid, *args, **kwargs):
         eng = get_object_or_404(Engagement, id=eid)
+        # Make sure the user is authorized
+        user_has_permission_or_403(request.user, eng, Permissions.Engagement_View)
         tests = eng.test_set.all().order_by('test_type__name', '-updated')
         default_page_num = 10
         tests_filter = self.get_filtered_tests(request, tests, eng)
@@ -508,6 +510,8 @@ def get(self, request, eid, *args, **kwargs):
 
     def post(self, request, eid, *args, **kwargs):
         eng = get_object_or_404(Engagement, id=eid)
+        # Make sure the user is authorized
+        user_has_permission_or_403(request.user, eng, Permissions.Engagement_View)
         tests = eng.test_set.all().order_by('test_type__name', '-updated')
 
         default_page_num = 10