You could also try decorating: @auth.requires_membership('admin') @auth.requires_login() def edit():
I don't know if requires_login is necessary since requires_membership may imply a login. I'm also not sure what exactly happens on the front-end if the user does not have membership.