From fce1593e32c3ee6acaa295b9363cb5a69beac040 Mon Sep 17 00:00:00 2001
From: Verox <verox@cimeyclust.com>
Date: Thu, 14 Mar 2024 19:50:50 +0100
Subject: [PATCH 1/2] Fixed user ownership check if habit_lists

---
 db/SQLiteClient.py | 2 +-
 models/User.py     | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/db/SQLiteClient.py b/db/SQLiteClient.py
index 7fe4070..7b8c7e2 100644
--- a/db/SQLiteClient.py
+++ b/db/SQLiteClient.py
@@ -324,7 +324,7 @@ def habitList_update_slot(id: int, slot: int):
 
 
 def get_habitLists(user_id: int):
-    query = (f"SELECT habit_lists.*, habit_users.user_id, habit_users.accepted FROM habit_lists JOIN habit_users ON habit_lists.id = habit_users.list_id "
+    query = (f"SELECT habit_lists.*, habit_users.accepted FROM habit_lists JOIN habit_users ON habit_lists.id = habit_users.list_id "
              f"WHERE habit_users.user_id = {user_id};")
     conn = con3()
     cursor = conn.cursor()
diff --git a/models/User.py b/models/User.py
index cb7530c..980043b 100644
--- a/models/User.py
+++ b/models/User.py
@@ -54,10 +54,9 @@ class User(UserMixin):
         raw_habitLists = get_habitLists(self.id)
         habitLists = []
         for habitList in raw_habitLists:
-            user_id = habitList[5]
             accepted = habitList[6]
             habitList = HabitList(habitList[0], habitList[1], habitList[2], habitList[3])
-            if accepted == 1 or habitList.get_users()[0].id == user_id:
+            if accepted == 1:
                 habitLists.append(habitList)
 
         return habitLists

From ff670abc1dbfab3963fcf5ddd133f64bf2c22687 Mon Sep 17 00:00:00 2001
From: Verox <verox@cimeyclust.com>
Date: Thu, 14 Mar 2024 20:09:29 +0100
Subject: [PATCH 2/2] Fixed redirect after use removal from habit list

---
 app.py | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/app.py b/app.py
index aae3ec7..56502ff 100644
--- a/app.py
+++ b/app.py
@@ -645,13 +645,7 @@ def delete_user_from_list():
     id = int(habit_user_id)
     habit_list.delete(id)
 
-    return render_template(
-        'users-edit.html',
-        title='Teilnehmer bearbeiten',
-        habit_list=habit_list,
-        users=users,
-        errors={},
-    )
+    return redirect(url_for('index', habit_list=habit_list.id))
 
 @app.route('/users-leave')
 @login_required