Update unpublished post viewing permissions

- Now require that staff specifically have the `blog.view_blogpost` permission
- Updated unpublished post header message

backend/blog/views.py

@@ -24,7 +24,7 @@ def blog_post(request, slug):
     if posts and (
         posts[0].published
         or request.user == posts[0].author
-        or request.user.is_staff
+        or request.user.has_perm('blog.view_blogpost')
         or request.user.is_superuser
     ):
         tags = posts[0].tags.names()

backend/templates/blog/post.html

@@ -4,7 +4,8 @@
         {% if not post.published %}
             <h5 style="white-space: pre-wrap">
                 This page is only a preview of the post and is only visible to the author and site admin.
-                To make it visible to anyone, click "published" in the admin panel.
+                To make it visible to anyone, the author or a user with blog edit access must click
+                "published" in the admin panel.
             </h5>
         {% endif %}
         <div class="container mt-3">