Middleware Insecure

[vmitchell85]

The middleware merged in #66 only checks the user's current team not the team that is currently being loaded on the page.

Steps to replicate:

1. Create a user (user A) and a team
2. Create another user (user B)
3. Protect the members/{id} route with the teamowner middlware
4. Acting as user B try to access the members/1 route that is owned by user A