Previously, any staff member (superuser or non-superuser) could change

any of the site settings. We now prevent all non-superuser staff members

from accessing site settings views so that they cannot. A new decorator

(similar to Django's staff_member_required) has been added to

accomplish this.

Manually verified that superusers can still change settings.
Manually verified that non-superusers are shown a permission denied

  page.
Manually verified that unauthenticated users are shown a login form.