Set default can_edit and can_move_page permissions to user.is_staff t…

…o prevent unnecessary leakage of sensitive data to non-staff users

fiber/permissions.py

@@ -33,13 +33,13 @@ def can_edit(self, user, obj):
         """
         Should return :const:`True` if user is allowed to edit `obj`.
         """
-        return True
+        return user.is_staff
 
     def can_move_page(self, user, page):
         """
         Should return :const:`True` if user is allowed to move page.
         """
-        return True
+        return user.is_staff
 
     def object_created(self, user, obj):
         """