Restricting access to views
At the moment, all of our blog views are currently unprotected and available to anyone who wants to visit them. In order to prevent a malicious user from trashing our entries, let's add some protection to the views that actually modify data. Flask-Login provides a special decorator login_required that we will use to protect views that should require an authenticated user.
Let's go through the entries blueprint and protect all views that modify data. Start by adding the following import at the top of the blueprint.py module:
from flask.ext.login import login_required
login_required is a decorator, just like app.route, so we will simply wrap the views that we wish to protect. For example, this is how you would protect the image_upload view:
@entries.route('/image-upload/', methods=['GET', 'POST'])
@login_required
def image_upload():
...Go through the module and add the login_required decorator to the following views, taking care to add it below the route decorator...
