check that logs are associated with the current user #178
Description
Currently to display logs we check the cookie for a campaignId and do a find on the db for all logs with that campaignId.
To set the campaignId you must login, which redirects to the campaigns page. The campaigns page checks req.user to populate campaigns thus limiting possible campaigns to those owned by the user.
However if someone were logged into the system as a legit user they could edit the campaignId cookie and view any campaign history in the system provided they knew it's id.
This is a bug that can be fixed by checking that req.user is associated with campaignId.