From 3709eddabbd19c03dbfb81a686d1b5b89b0b85f2 Mon Sep 17 00:00:00 2001 From: Joachim Lusiardi Date: Sun, 24 Apr 2016 12:42:07 +0200 Subject: [PATCH] prevents the deletion of vehicles of other users --- app/rollerverbrauch/__init__.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/app/rollerverbrauch/__init__.py b/app/rollerverbrauch/__init__.py index 6811f1c..e2ddb9f 100644 --- a/app/rollerverbrauch/__init__.py +++ b/app/rollerverbrauch/__init__.py @@ -92,6 +92,11 @@ def edit_vehicle(vid): @login_required def delete_vehicle(vid): vehicle = Vehicle.query.filter(Vehicle.id == vid).first() + + # prevent deletion of foreign vehicles + if not vehicle in current_user.vehicles: + return redirect(url_for('get_account_page')) + form = DeleteVehicleForm() if form.validate_on_submit(): @@ -216,4 +221,4 @@ def prepare_pit_stops(pss): curr_date = curr['date'] curr['days'] = (curr_date - last_date).days pitstops.reverse() - return pitstops \ No newline at end of file + return pitstops