add login_required for result page

Author: HadronCollider

app/routes/results.py

@@ -2,7 +2,8 @@
 from bson import ObjectId
 from time import time
 
-from flask import Blueprint, Response, render_template
+from flask import abort, Blueprint, Response, render_template
+from flask_login import current_user, login_required
 from wsgiref.handlers import format_date_time as format_date
 
 from app.db import db_methods
@@ -16,23 +17,29 @@
 
 
 @results_bp.route("/<string:_id>", methods=["GET"])
+@login_required
 def results_main(_id):
     try:
         oid = ObjectId(_id)
     except bson.errors.InvalidId:
         logger.error('_id exception:', exc_info=True)
-        return render_template("./404.html")
+        return abort(404)
     check = db_methods.get_check(oid)
     if check is not None:
-        # show processing time for user
-        avg_process_time = None if check.is_ended else db_methods.get_average_processing_time()
-        return render_template("./results.html", navi_upload=True, results=check,
-                               columns=TABLE_COLUMNS, avg_process_time=avg_process_time,
-                               stats=format_check(check.pack()))
+        # show check only for author or admin
+        if current_user.is_admin or current_user.username == check.user:
+            # show processing time for user
+            avg_process_time = None if check.is_ended else db_methods.get_average_processing_time()
+            return render_template("./results.html", navi_upload=True, results=check,
+                                columns=TABLE_COLUMNS, avg_process_time=avg_process_time,
+                                stats=format_check(check.pack()))
+        else:
+            return abort(403)
     else:
         logger.info("Запрошенная проверка не найдена: " + _id)
-        return render_template("./404.html")
-    
+        return abort(404)
+
+
 @results_bp.route("/svg/<string:_id>", methods=["GET"])
 def results_svg(_id):
     try: