added some minor security

app/routes.py

@@ -145,6 +145,20 @@ def addMCQ():
 
 @routes_bp.route('/reviewResults', methods = ['GET', 'POST'])
 def reviewResults():
+    if not session.get("user_id"):
+        flash("Please login first.", "warning")
+        return redirect(url_for('routes.login'))
+    
+    role = session["role"]
+
+    if not role:
+        flash("Please login first.", "warning")
+        return redirect(url_for('routes.login'))
+
+    if role != "teacher":
+        flash("Access Denied.", "danger")
+        return redirect(url_for('routes.login'))
+
     # SELECT MODULE - displays modules for that teacher
     modules = teachers.getModules(session.get("user_id"), db)