From f1c47d24b10b852f7c4590bfa19bbb8d1e4cc2ca Mon Sep 17 00:00:00 2001
From: Zain Memon <zain@inzain.net>
Date: Fri, 7 Aug 2009 21:26:27 +0000
Subject: [PATCH] [soc2009/admin-ui] The Kaplan-Moss commandeth that thou shalt
 not allow any ol' anonymous user to make arbitrary queries. And so it was
 done.

git-svn-id: http://code.djangoproject.com/svn/django/branches/soc2009/admin-ui@11411 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 django/contrib/admin/views/autocomplete.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/django/contrib/admin/views/autocomplete.py b/django/contrib/admin/views/autocomplete.py
index df5725293a..7980ec7bb6 100644
--- a/django/contrib/admin/views/autocomplete.py
+++ b/django/contrib/admin/views/autocomplete.py
@@ -4,6 +4,7 @@ from django.db.models.query import QuerySet
 from django.utils.encoding import smart_str
 from django.http import HttpResponse, HttpResponseNotFound
 from django.conf import settings
+from django.contrib.admin.views import staff_member_required
  
 def foreignkey_autocomplete(request, related_string_functions=None):
     """
@@ -55,4 +56,5 @@ def foreignkey_autocomplete(request, related_string_functions=None):
             else:
                 data = to_string_function(obj)
         return HttpResponse(data)
-    return HttpResponseNotFound()
\ No newline at end of file
+    return HttpResponseNotFound()
+foreignkey_autocomplete = staff_member_required(foreignkey_autocomplete)
\ No newline at end of file