At the moment, all of our blog views are currently unprotected and available to anyone who wants to visit them. In order to prevent a malicious user from trashing our entries, let's add some protection to the views that actually modify data. Flask-Login provides a special decorator login_required that we will use to protect views that should require an authenticated user.

Let's go through the entries blueprint and protect all views that modify data. Start by adding the following import at the top of the blueprint.py module:

from flask.ext.login import login_required

login_required is a decorator, just like app.route, so we will simply wrap the views that we wish to protect. For example, this is how you would protect the ...