From e6393a960bf3ab45a64875af63dfd587a3a064d7 Mon Sep 17 00:00:00 2001
From: Burathar <Burathar@gmail.com>
Date: Sun, 26 Sep 2021 15:39:11 +0200
Subject: [PATCH] Add titles to pages, check user for project actions

---
 biscd/biscd/routes.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/biscd/biscd/routes.py b/biscd/biscd/routes.py
index 76e36fa..278ecf7 100644
--- a/biscd/biscd/routes.py
+++ b/biscd/biscd/routes.py
@@ -54,7 +54,7 @@ def register():
 @app.route('/project/public', methods=['GET'])
 def public_projects():
     projects = Project.get(access__public = True)
-    return render_template('projects.html', projects=projects)
+    return render_template('projects.html', title='Public Projects', projects=projects)
 
 @app.route('/project/add', methods=['GET', 'POST'])
 @login_required
@@ -69,7 +69,7 @@ def project_add():
         project.save()
         flash('Your project is created!', 'success')
         return redirect(url_for('project_dashboard', project_name=project.name))
-    return render_template('project_settings.html', form=form, project=project)
+    return render_template('project_settings.html', title='Add Project', form=form, project=project)
 
 @app.route('/project/<project_name>/settings', methods=['GET', 'POST'])
 @login_required
@@ -92,7 +92,7 @@ def project_change_settings(project_name):
         flash(f"{project.name} was updated!", 'success')
         return redirect(url_for('project_dashboard', project_name=project.name))
 
-    return render_template('project_settings.html', form=form, project=project)
+    return render_template('project_settings.html', title=f'{project.name}: Settings', form=form, project=project)
 
 @app.route('/project/<project_name>', methods=['GET'])
 def project_dashboard(project_name):
@@ -100,12 +100,14 @@ def project_dashboard(project_name):
     access = project.user_access(current_user)
     if access is None:
         abort(404)
-    return render_template('project.html', project=project, owner=(access == 'Owner'))
+    return render_template('project.html', title=f'{project.name}', project=project, owner=(access == 'Owner'))
 
 @app.route('/project/<project_name>/update', methods=['GET'])
 @login_required
 def project_update(project_name):
     project = Project.first_or_404(name=project_name)
+    if project.user_access(current_user) != 'Owner':
+        abort(401)
     result = project.update()
     flash_result(result)
     return redirect(url_for('project_dashboard', project_name=project.name))
@@ -114,6 +116,8 @@ def project_update(project_name):
 @login_required
 def project_delete_files(project_name):
     project = Project.first_or_404(name=project_name)
+    if project.user_access(current_user) != 'Owner':
+        abort(401)
     result = project.delete_files()
     flash_result(result)
     return redirect(url_for('project_dashboard', project_name=project.name))