O'Reilly logo

Learning Flask Framework by Charles Leifer, Matt Copperwaite

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Restricting access to views

At the moment, all of our blog views are currently unprotected and available to anyone who wants to visit them. In order to prevent a malicious user from trashing our entries, let's add some protection to the views that actually modify data. Flask-Login provides a special decorator login_required that we will use to protect views that should require an authenticated user.

Let's go through the entries blueprint and protect all views that modify data. Start by adding the following import at the top of the blueprint.py module:

from flask.ext.login import login_required

login_required is a decorator, just like app.route, so we will simply wrap the views that we wish to protect. For example, this is how you would protect the ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required