Restricting access to views
At the moment, all of our blog views are currently unprotected and available to anyone who wants to visit them. In order to prevent a malicious user from trashing our entries, let's add some protection to the views that actually modify data. Flask-Login provides a special decorator
login_required that we will use to protect views that should require an authenticated user.
Let's go through the entries blueprint and protect all views that modify data. Start by adding the following import at the top of the
from flask.ext.login import login_required
login_required is a decorator, just like
app.route, so we will simply wrap the views that we wish to protect. For example, this is how you would protect the ...