diff --git a/cps/templates/layout.html b/cps/templates/layout.html
index 9b07bdbd..f47d3ea1 100644
--- a/cps/templates/layout.html
+++ b/cps/templates/layout.html
@@ -63,13 +63,15 @@
           </ul>
           <ul class="nav navbar-nav navbar-right" id="main-nav">
             {% if g.user.is_authenticated() %}
-              <li>
-                <form id="form-upload" class="navbar-form" action="{{ url_for('upload') }}" method="post" enctype="multipart/form-data">
-                  <div class="form-group">
-                    <span class="btn btn-default btn-file">Upload <input id="btn-upload" name="btn-upload" type="file"></span>
-                  </div>
-                </form>
-              </li>
+              {% if g.user.role %}
+                  <li>
+                    <form id="form-upload" class="navbar-form" action="{{ url_for('upload') }}" method="post" enctype="multipart/form-data">
+                      <div class="form-group">
+                        <span class="btn btn-default btn-file">Upload <input id="btn-upload" name="btn-upload" type="file"></span>
+                      </div>
+                    </form>
+                  </li>
+              {% endif %}
               {% if g.user.role %}
                 <li><a href="{{url_for('user_list')}}"><span class="glyphicon glyphicon-dashboard"></span> Admin</a></li>
               {% endif %}
diff --git a/cps/web.py b/cps/web.py
index ea11bb7d..09e2a230 100755
--- a/cps/web.py
+++ b/cps/web.py
@@ -749,6 +749,7 @@ def edit_book(book_id):
 
 @app.route("/upload", methods = ["GET", "POST"])
 @login_required
+@admin_required
 def upload():
     ## create the function for sorting...
     db.session.connection().connection.connection.create_function("title_sort",1,db.title_sort)