diff --git a/webapp/models.py b/webapp/models.py
index 3349e25..36be46f 100644
--- a/webapp/models.py
+++ b/webapp/models.py
@@ -115,7 +115,7 @@ class SignupForm(models.Model):
 
     @property
     def signups(self):
-        return Signup.objects.filter(signupForm=self).order_by('pk')
+        return Signup.objects.filter(signupForm=self, deleted=False).order_by('pk')
 
     @property
     def isOpen(self):
diff --git a/webapp/views.py b/webapp/views.py
index 722cc9d..75adb41 100644
--- a/webapp/views.py
+++ b/webapp/views.py
@@ -12,10 +12,11 @@ from django_filters import rest_framework as filters
 from django.db.models import Prefetch
 from django.core.exceptions import ObjectDoesNotExist
 from rest_framework import routers
+from rest_framework.response import Response
 from rest_framework.viewsets import ModelViewSet, ReadOnlyModelViewSet
 from rest_framework.filters import OrderingFilter, SearchFilter
 from rest_framework.decorators import action
-from rest_framework.permissions import IsAuthenticatedOrReadOnly, BasePermission, AllowAny
+from rest_framework.permissions import IsAuthenticatedOrReadOnly, BasePermission, AllowAny, IsAuthenticated
 from jsonschema import validate
 from jsonschema.exceptions import ValidationError
 
@@ -105,7 +106,7 @@ class SignupFormViewSet(ModelViewSet):
         return SignupForm.objects.filter(visible=True, end_time__gt=timezone.now()).order_by('start_time')
 
 
-    @action(detail=True, methods=['post'])
+    @action(detail=True, methods=['post'], permission_classes=[IsAuthenticated])
     def sendemail(self, request, pk=None, *args, **kwargs):
         subject = request.data["subject"]
         content = request.data["content"]
@@ -118,15 +119,23 @@ class SignupFormViewSet(ModelViewSet):
             admin_send_email_signupees(signupForm.signups, subject, content)
             return JsonResponse(status=201, data={"message": "Email sent"})
         elif (mode == "actual"):
-            admin_send_email_signupees(signupForm.signups, subject, content)
+            admin_send_email_signupees(signupForm.signups[:signupForm.quota], subject, content)
             return JsonResponse(status=201, data={"message": "Email sent"})
         elif (mode == "reserved"):
-            admin_send_email_signupees(signupForm.signups, subject, content)
+            admin_send_email_signupees(signupForm.signups[signupForm.quota:], subject, content)
             return JsonResponse(status=201, data={"message": "Email sent"})
         else:
             return JsonResponse(status=400, data={"error": f"Bad mode '{mode}'"})
 
 
+    @action(detail=True, methods=['get'], permission_classes=[IsAuthenticated])
+    def signups(self, request, pk=None, *args, **kwargs):
+        queryset = self.filter_queryset(self.get_queryset())
+        filter = {'pk': pk}
+        signupForm = get_object_or_404(queryset, **filter)
+        return Response(SignupSerializer(signupForm.signups, many=True).data)
+
+
 class SignupViewSet(ModelViewSet):
     queryset = Signup.objects.filter(deleted=False)
     serializer_class = SignupSerializer