poprawki

app.py

@@ -3559,28 +3559,34 @@ def admin_lists_access(list_id=None):
         action = request.form.get("action")
         target_list_id = request.form.get("target_list_id", type=int)
 
-        if action == "grant" and target_list_id:
-            login = (request.form.get("grant_username") or "").strip().lower()
-            l = db.session.get(ShoppingList, target_list_id)
-            if not l:
-                flash("Lista nie istnieje.", "danger")
-                return redirect(request.url)
-            u = User.query.filter(func.lower(User.username) == login).first()
+        if action == "grant":
+            grant_username = (request.form.get("grant_username") or "").strip().lower()
+            if not grant_username:
+                flash("Podaj nazwę użytkownika do nadania dostępu.", "danger")
+                return redirect(next_page or request.url)
+            u = User.query.filter(func.lower(User.username) == grant_username).first()
             if not u:
                 flash("Użytkownik nie istnieje.", "danger")
-                return redirect(request.url)
+                return redirect(next_page or request.url)
+            if u.id == current_user.id:
+                flash("Jesteś właścicielem tej listy.", "info")
+                return redirect(next_page or request.url)
+
             exists = (
                 db.session.query(ListPermission.id)
-                .filter(ListPermission.list_id == l.id, ListPermission.user_id == u.id)
+                .filter(
+                    ListPermission.list_id == shopping_list.id,
+                    ListPermission.user_id == u.id,
+                )
                 .first()
             )
             if not exists:
-                db.session.add(ListPermission(list_id=l.id, user_id=u.id))
+                db.session.add(ListPermission(list_id=shopping_list.id, user_id=u.id))
                 db.session.commit()
-                flash(f"Nadano dostęp „{u.username}” do listy #{l.id}.", "success")
+                flash(f"Nadano dostęp użytkownikowi „{u.username}”.", "success")
             else:
                 flash("Ten użytkownik już ma dostęp.", "info")
-            return redirect(request.url)
+            return redirect(next_page or request.url)
 
         if action == "revoke" and target_list_id:
             uid = request.form.get("revoke_user_id", type=int)
@@ -3590,7 +3596,7 @@ def admin_lists_access(list_id=None):
                 ).delete()
                 db.session.commit()
                 flash("Odebrano dostęp użytkownikowi.", "success")
-            return redirect(request.url)
+            return redirect(next_page or request.url)
 
         if action == "save_changes":
             ids = request.form.getlist("visible_ids", type=int)
@@ -3603,7 +3609,7 @@ def admin_lists_access(list_id=None):
                     l.is_archived = posted.get(f"is_archived_{l.id}") is not None
                 db.session.commit()
                 flash("Zapisano zmiany statusów.", "success")
-            return redirect(request.url)
+            return redirect(next_page or request.url)
 
     perms = (
         db.session.query(