added decorator to the view so not authorized users cannot enter specific pages

application/views.py

@@ -4,6 +4,7 @@ from .models import Post
 from .forms import PostForm
 from django.shortcuts import redirect
 from django.contrib.auth.decorators import login_required
+from django.contrib.admin.views.decorators import staff_member_required
 from django.contrib.auth import authenticate, login, logout
 import logging
 import mysite.settings
@@ -47,6 +48,7 @@ def post_detail(request, pk):
     return render(request, 'post_detail.html', {'post': post})
 
 @login_required
+@staff_member_required
 def post_new(request):
     if request.method == "POST":
         form = PostForm(request.POST)
@@ -60,6 +62,7 @@ def post_new(request):
     return render(request, 'post_edit.html', {'form': form})
 
 @login_required
+@staff_member_required
 def post_edit(request, pk):
     post = get_object_or_404(Post, pk=pk)
     if request.method == "POST":
@@ -74,18 +77,21 @@ def post_edit(request, pk):
     return render(request, 'post_edit.html', {'form': form})
 
 @login_required
+@staff_member_required
 def post_draft_list(request):
     posts = Post.objects.filter(
         published_date__isnull=True).order_by('created_date')
     return render(request, 'post_draft_list.html', {'posts': posts})
 
 @login_required
+@staff_member_required
 def post_publish(request, pk):
     post = get_object_or_404(Post, pk=pk)
     post.publish()
     return redirect('post_detail', pk=pk)
 
 @login_required
+@staff_member_required
 def post_remove(request, pk):
     post = get_object_or_404(Post, pk=pk)
     post.delete()