prevents the deletion of vehicles of other users

app/rollerverbrauch/__init__.py

@@ -92,6 +92,11 @@ def edit_vehicle(vid):
 @login_required
 def delete_vehicle(vid):
     vehicle = Vehicle.query.filter(Vehicle.id == vid).first()
+
+    # prevent deletion of foreign vehicles
+    if not vehicle in current_user.vehicles:
+        return redirect(url_for('get_account_page'))
+
     form = DeleteVehicleForm()
 
     if form.validate_on_submit():