diff --git a/welco/kb/views.py b/welco/kb/views.py
index 8bcd27a..c44e472 100644
--- a/welco/kb/views.py
+++ b/welco/kb/views.py
@@ -18,7 +18,7 @@ import json
 
 from django import template
 from django.conf import settings
-from django.contrib.auth.decorators import login_required
+from django.contrib.auth.decorators import login_required, user_passes_test
 from django.core.exceptions import PermissionDenied
 from django.core.urlresolvers import reverse_lazy
 from django.db.models import Count
@@ -38,11 +38,14 @@ from taggit.models import Tag
 from .models import Page
 from .forms import PageForm
 
-def check_user_perms(request):
+def check_user_perms(user):
     if not settings.KB_ROLE:
-        raise PermissionDenied()
-    user_groups = set([x.name for x in request.user.groups.all()])
-    if not settings.KB_ROLE in user_groups:
+        return False
+    user_groups = set([x.name for x in user.groups.all()])
+    return settings.KB_ROLE in user_groups
+
+def check_request_perms(request):
+    if not check_user_perms(request.user):
         raise PermissionDenied()
 
 
@@ -50,7 +53,7 @@ class PageListView(ListView):
     model = Page
 
     def dispatch(self, request, *args, **kwargs):
-        check_user_perms(request)
+        check_request_perms(request)
         return super(PageListView, self).dispatch(request, *args, **kwargs)
 
     def get_context_data(self, **kwargs):
@@ -66,7 +69,7 @@ class PageAddView(CreateView):
     form_class = PageForm
 
     def dispatch(self, request, *args, **kwargs):
-        check_user_perms(request)
+        check_request_perms(request)
         return super(PageAddView, self).dispatch(request, *args, **kwargs)
 
 page_add = login_required(PageAddView.as_view())
@@ -77,7 +80,7 @@ class PageEditView(UpdateView):
     form_class = PageForm
 
     def dispatch(self, request, *args, **kwargs):
-        check_user_perms(request)
+        check_request_perms(request)
         return super(PageEditView, self).dispatch(request, *args, **kwargs)
 
 page_edit = login_required(PageEditView.as_view())
@@ -87,7 +90,7 @@ class PageDetailView(DetailView):
     model = Page
 
     def dispatch(self, request, *args, **kwargs):
-        check_user_perms(request)
+        check_request_perms(request)
         return super(PageDetailView, self).dispatch(request, *args, **kwargs)
 
 page_detail = login_required(PageDetailView.as_view())
@@ -105,7 +108,7 @@ class PageDeleteView(DeleteView):
     success_url = reverse_lazy('kb-home')
 
     def dispatch(self, request, *args, **kwargs):
-        check_user_perms(request)
+        check_request_perms(request)
         return super(PageDeleteView, self).dispatch(request, *args, **kwargs)
 
 page_delete = login_required(PageDeleteView.as_view())
@@ -116,7 +119,7 @@ class PageSearchView(SearchView):
     form_class = SearchForm
 
     def dispatch(self, request, *args, **kwargs):
-        check_user_perms(request)
+        check_request_perms(request)
         return super(PageSearchView, self).dispatch(request, *args, **kwargs)
 
 page_search = login_required(PageSearchView.as_view())
@@ -127,7 +130,7 @@ class PageHistoryView(DetailView):
     template_name = 'kb/page_history.html'
 
     def dispatch(self, request, *args, **kwargs):
-        check_user_perms(request)
+        check_request_perms(request)
         return super(PageHistoryView, self).dispatch(request, *args, **kwargs)
 
     def get_context_data(self, **kwargs):
@@ -143,7 +146,7 @@ class PageVersionView(DetailView):
     template_name = 'kb/page_version.html'
 
     def dispatch(self, request, *args, **kwargs):
-        check_user_perms(request)
+        check_request_perms(request)
         return super(PageVersionView, self).dispatch(request, *args, **kwargs)
 
     def get_context_data(self, **kwargs):
@@ -216,3 +219,7 @@ class HomeZone(object):
         context = RequestContext(self.request)
         tmpl = template.loader.get_template('kb/zone.html')
         return tmpl.render(context)
+
+
+def kb_manager_required(view_func):
+    return user_passes_test(check_user_perms)(view_func)
diff --git a/welco/urls.py b/welco/urls.py
index f72da40..56d5d77 100644
--- a/welco/urls.py
+++ b/welco/urls.py
@@ -17,9 +17,12 @@
 from django.conf.urls import patterns, include, url
 from django.conf import settings
 from django.contrib import admin
+from django.views.decorators.cache import never_cache
 
+from ckeditor import views as ckeditor_views
 
 from . import apps
+from .kb.views import kb_manager_required
 
 urlpatterns = patterns('',
     url(r'^$', 'welco.views.home', name='home'),
@@ -61,7 +64,8 @@ urlpatterns = patterns('',
     url(r'^login/$', 'welco.views.login', name='auth_login'),
     url(r'^menu.json$', 'welco.views.menu_json', name='menu_json'),
 
-    (r'^ckeditor/', include('ckeditor.urls')),
+    url(r'^ckeditor/upload/', kb_manager_required(ckeditor_views.upload), name='ckeditor_upload'),
+    url(r'^ckeditor/browse/', never_cache(kb_manager_required(ckeditor_views.browse)), name='ckeditor_browse'),
 )
 
 if 'mellon' in settings.INSTALLED_APPS: