Merge pull request 'inputs_fix' (#13 ) from inputs_fix into master

Reviewed-on: #13
fix logiczny
2026-03-31 15:21:23 +02:00 · 2026-03-31 15:16:27 +02:00 · 2026-03-31 15:02:20 +02:00 · 2026-03-31 15:02:12 +02:00 · 2026-03-31 14:23:22 +02:00 · 2026-03-31 13:23:56 +02:00
21 changed files with 955 additions and 545 deletions
--- a/.env.example
+++ b/.env.example
@@ -1,3 +1,8 @@
+# UWAGA:
+# Po zmianie pliku .env samo `docker compose restart` może nie wystarczyć.
+# Aby nowe wartości zostały na pewno wczytane do kontenerów, użyj:
+# docker compose up -d --force-recreate
+
 # APP_PORT:
 # Domyślny port, na którym uruchamiana jest aplikacja Flask
 # Domyślnie: 8000
@@ -6,27 +11,30 @@ APP_PORT=8000
 # SECRET_KEY:
 # Klucz używany przez Flask do zabezpieczenia sesji, tokenów i formularzy
 # Powinien być długi i trudny do odgadnięcia
-SECRET_KEY=supersekretnyklucz123
+# Może zawierać znaki specjalne
+SECRET_KEY="supersekretnyklucz123"

 # SYSTEM_PASSWORD:
 # Hasło główne administratora systemowego, używane np. przy inicjalizacji
 # Domyślnie: admin
-SYSTEM_PASSWORD=admin
+# Może zawierać znaki specjalne
+SYSTEM_PASSWORD="admin"

 # DEFAULT_ADMIN_USERNAME:
 # Domyślna nazwa użytkownika administratora (tworzona przy starcie)
 # Domyślnie: admin
-DEFAULT_ADMIN_USERNAME=admin
+DEFAULT_ADMIN_USERNAME="admin"

 # DEFAULT_ADMIN_PASSWORD:
 # Domyślne hasło administratora
 # Domyślnie: admin123
-DEFAULT_ADMIN_PASSWORD=admin123
+# Może zawierać znaki specjalne
+DEFAULT_ADMIN_PASSWORD="admin123"

 # UPLOAD_FOLDER:
 # Ścieżka (względna) do katalogu, gdzie zapisywane są wgrywane pliki
 # Domyślnie: uploads
-UPLOAD_FOLDER=uploads
+UPLOAD_FOLDER="uploads"

 # SESSION_TIMEOUT_MINUTES:
 # Czas bezczynności użytkownika (w minutach), po którym sesja wygasa
@@ -41,8 +49,12 @@ AUTH_COOKIE_MAX_AGE=86400
 # AUTHORIZED_COOKIE_VALUE:
 # Wartość ciasteczka uprawniającego do dostępu (np. do zasobów zabezpieczonych)
 # Powinna być trudna do przewidzenia
-# Chodzi to o zabezpieczenie strony "hasłęm głównym czyli endpointem /system-auth"
-AUTHORIZED_COOKIE_VALUE=twoj_wlasny_hash
+# Chodzi o zabezpieczenie strony "hasłem głównym", czyli endpointem /system-auth
+# Może zawierać znaki specjalne
+# UWAGA: zmiana SYSTEM_PASSWORD nie unieważnia automatycznie wcześniej wydanych ciasteczek.
+# Aby wymusić ponowną autoryzację, zmień także AUTHORIZED_COOKIE_VALUE
+# lub wyczyść ciasteczka w przeglądarce.
+AUTHORIZED_COOKIE_VALUE="twoj_wlasny_hash"

 # SESSION_COOKIE_SECURE:
 # Określa, czy ciasteczko sesyjne (Flask session) ma mieć ustawiony atrybut "Secure".
@@ -54,39 +66,54 @@ SESSION_COOKIE_SECURE=0
 # BCRYPT_PEPPER:
 # Dodatkowy „sekretny klucz” (pepper) dodawany do hasła przed zahashowaniem
 # Zwiększa bezpieczeństwo przechowywanych haseł
-BCRYPT_PEPPER=sekretnyKluczbcrypt
+# Może zawierać znaki specjalne
+BCRYPT_PEPPER="sekretnyKluczbcrypt"

 # HEALTHCHECK_TOKEN:
 # Token wykorzystywany do sprawdzania stanu aplikacji (np. w Docker Compose)
 # Domyślnie: alamapsaikota123
-HEALTHCHECK_TOKEN=alamapsaikota123
+# Może zawierać znaki specjalne
+HEALTHCHECK_TOKEN="alamapsaikota123"

 # Rodzaj bazy: sqlite, pgsql, mysql
-# Mozliwe wartosci: sqlite / pgsql / mysql
-DB_ENGINE=sqlite
+# Możliwe wartości: sqlite / pgsql / mysql
+DB_ENGINE="sqlite"

 # --- Konfiguracja dla sqlite ---
-# Plik bazy bedzie utworzony automatycznie w katalogu ./instance
-# Pozostale zmienne sa ignorowane przy DB_ENGINE=sqlite
+# Plik bazy będzie utworzony automatycznie w katalogu ./instance
+# Pozostałe zmienne są ignorowane przy DB_ENGINE=sqlite

 # --- Konfiguracja dla pgsql ---
 # Ustaw DB_ENGINE=pgsql
-# Domyslny port PostgreSQL to 5432
-# Wymaga dzialajacego serwera PostgreSQL (np. kontener `postgres`)
+# Domyślny port PostgreSQL to 5432
+# Wymaga działającego serwera PostgreSQL (np. kontener `postgres`)

 # --- Konfiguracja dla mysql ---
 # Ustaw DB_ENGINE=mysql
-# Domyslny port MySQL to 3306
-# Wymaga kontenera z MySQL i uzytkownika z dostepem do bazy
+# Domyślny port MySQL to 3306
+# Wymaga kontenera z MySQL i użytkownika z dostępem do bazy

-# Wspolne zmienne (dla pgsql, mysql)
+# Wspólne zmienne (dla pgsql, mysql)
 # DB_HOST = pgsql lub mysql zgodnie z deployem (profil w docker-compose.yml)

-DB_HOST=pgsql 
+DB_HOST="pgsql"
 DB_PORT=5432
-DB_NAME=myapp
-DB_USER=user
-DB_PASSWORD=pass
+
+# DB_NAME:
+# Nazwa bazy danych
+# Może zawierać znaki specjalne, ale zalecane są proste nazwy
+DB_NAME="myapp"
+
+# DB_USER:
+# Użytkownik bazy danych
+# Może zawierać znaki specjalne
+DB_USER="user"
+
+# DB_PASSWORD:
+# Hasło do bazy danych
+# Może zawierać znaki specjalne
+# Zalecane jest używanie wartości w cudzysłowach
+DB_PASSWORD="pass"

 # ========================
 # Nagłówki bezpieczeństwa
@@ -164,8 +191,8 @@ UPLOADS_CACHE_CONTROL="max-age=3600, immutable"
 # Lista domyślnych kategorii tworzonych automatycznie przy starcie aplikacji,
 # jeśli nie istnieją w bazie danych.
 # Podaj w formacie CSV (oddzielone przecinkami) – kolejność zostanie zachowana.
-# Możesz dodać własne kategorie
-# UWAGA: Wielkość liter w nazwach jest zachowywana, ale porównywanie odbywa się
+# Możesz dodać własne kategorie.
+# UWAGA: wielkość liter w nazwach jest zachowywana, ale porównywanie odbywa się
 # bez rozróżniania wielkości liter (case-insensitive).
 # Domyślnie: poniższa lista
-DEFAULT_CATEGORIES="Spożywcze,Budowlane,Zabawki,Chemia,Inne,Elektronika,Odzież i obuwie,Artykuły biurowe,Kosmetyki i higiena,Motoryzacja,Ogród i rośliny,Zwierzęta,Sprzęt sportowy,Książki i prasa,Narzędzia i majsterkowanie,RTV / AGD,Apteka i suplementy,Artykuły dekoracyjne,Gry i hobby,Usługi,Pieczywo"
+DEFAULT_CATEGORIES="Spożywcze,Budowlane,Zabawki,Chemia,Inne,Elektronika,Odzież i obuwie,Artykuły biurowe,Kosmetyki i higiena,Motoryzacja,Ogród i rośliny,Zwierzęta,Sprzęt sportowy,Książki i prasa,Narzędzia i majsterkowanie,RTV / AGD,Apteka i suplementy,Artykuły dekoracyjne,Gry i hobby,Usługi,Pieczywo"
--- a/CLI_OPIS.txt
+++ b/CLI_OPIS.txt
@@ -9,22 +9,53 @@ flask admins promote <username|id>
 flask admins demote <username|id>
 flask admins set-password <username|id> <password>

+Opis:
+- list: pokazuje wszystkich uzytkownikow wraz z ID i rola
+- create: tworzy konto admina lub zwyklego uzytkownika
+- promote: nadaje uprawnienia administratora
+- demote: odbiera uprawnienia administratora
+- set-password: ustawia nowe haslo dla wskazanego konta
+
 Listy
 -----
 flask lists copy-schedule --source-list-id 12 --when "2026-03-20 18:30"
 flask lists copy-schedule --source-list-id 12 --when "2026-03-20 18:30" --owner admin
 flask lists copy-schedule --source-list-id 12 --when "2026-03-20 18:30" --title "Zakupy piatkowe"
+flask lists move --list-id 12 --when "2026-03-21 09:00"
+flask lists move --list-id 12 --when "2026-03-21 09:00" --keep-item-times --keep-expiry
+flask lists archive --list-id 12
+flask lists unarchive --list-id 12
+flask lists assign-owner --list-id 12 --owner admin
+flask lists create-from-template --template-id 5 --owner admin --when "2026-03-22 08:00"
+flask lists create-from-template --template-id 5 --owner admin --title "Weekend"
+flask lists delete --list-id 12
+flask lists rename --list-id 12 --title "Nowa nazwa listy"
+flask lists duplicate-many --source-list-id 12 --when-list "2026-03-23 08:00,2026-03-24 08:00,2026-03-25 08:00"
+flask lists duplicate-many --source-list-id 12 --when-list "2026-03-23 08:00,2026-03-24 08:00" --owner admin --title-prefix "Sklep"

 Zasady dzialania
 ----------------
 - copy-schedule tworzy nowa liste na podstawie istniejacej
- kopiuje pozycje i przypisane kategorie
- ustawia nowy created_at na wartosc z parametru --when
+- copy-schedule kopiuje pozycje i przypisane kategorie
+- copy-schedule ustawia nowy created_at na wartosc z parametru --when
 - gdy lista byla tymczasowa i miala expires_at, termin wygasniecia jest przesuwany o ten sam odstep czasu
 - wydatki i paragony nie sa kopiowane
-
+- move przenosi istniejaca liste na wskazany dzien/godzine
+- move domyslnie przesuwa rowniez czasy pozycji i expires_at o ten sam offset czasu
+- move z opcja --keep-item-times zostawia added_at i purchased_at bez zmian
+- move z opcja --keep-expiry zostawia expires_at bez zmian
+- archive oznacza liste jako archiwalna
+- unarchive przywraca liste z archiwum
+- assign-owner zmienia wlasciciela listy
+- create-from-template tworzy nowa liste z szablonu dla wskazanego wlasciciela
+- create-from-template bez --when ustawia biezacy czas UTC
+- delete usuwa liste wraz z powiazanymi pozycjami, historią i paragonami zaleznymi od relacji bazy
+- rename zmienia tytul listy
+- duplicate-many tworzy wiele kopii tej samej listy dla wielu terminow przekazanych w --when-list
+- duplicate-many opcjonalnie pozwala zmienic wlasciciela i nadac prefiks nazwy nowym listom

 SZABLONY I HISTORIA:
- Historia zmian listy jest widoczna w widoku listy właściciela.
- Szablon można utworzyć z panelu admina lub z poziomu listy właściciela.
- Admin może szybko utworzyć listę z szablonu i zduplikować listę jednym kliknięciem.
+- Historia zmian listy jest widoczna w widoku listy wlasciciela.
+- Szablon mozna utworzyc z panelu admina lub z poziomu listy wlasciciela.
+- Admin moze szybko utworzyc liste z szablonu i zduplikowac liste jednym kliknieciem.
+- Operacje CLI takie jak copy-schedule, move, archive, unarchive, assign-owner, rename i create-from-template sa zapisywane w historii listy.
--- a/README.md
+++ b/README.md
@@ -1,51 +1,21 @@
 # Aplikacja List Zakupów

-Prosta aplikacja webowa do zarządzania listami zakupów z obsługą użytkowników, OCR paragonów, statystykami i trybem współdzielenia.
-
-## Główne funkcje
-
- Logowanie i zarządzanie użytkownikami (admin/user)
- Tworzenie list zakupów z pozycjami i ilością
- Wgrywanie paragonów (podstawowa obsługa OCR)
- Archiwizacja i udostępnianie list (publiczne/prywatne)
- Statystyki wydatków z podziałem na okresy, statystyki dla użytkowników
- Panel administracyjny (statystyki, produkty, paragony, zarządzanie, użytkowmicy)
- Tokeny API administratora i endpoint do pobierania ostatnich wydatków
- Ujednolicony UI formularzy, tabel i przycisków oraz drobne usprawnienia UX
+Aplikacja webowa do zarządzania listami zakupów z obsługą użytkowników, OCR paragonów, statystykami i trybem współdzielenia.

 ## Wymagania

- Python 3.9+
- Docker (opcjonalnie dla produkcji)
+- Docker

-## Instalacja lokalna (deweloperska)
+## Instalacja

 1. Sklonuj repozytorium:

   ```bash
-   git https://git.linuxiarz.pl/gru/lista_zakupowa_live.git
+   git pull https://git.linuxiarz.pl/gru/lista_zakupowa_live.git
   cd lista_zakupowa_live
   ```

-2. Utwórz i uzupełnij plik `.env` (zobacz `.env example`).
-
-3. Utwórz środowisko i zainstaluj zależności:
-
-   ```bash
-   python -m venv venv
-   source venv/bin/activate
-   pip install -r requirements.txt
-   ```
-
-4. Uruchom aplikację:
-
-   ```bash
-   flask --app app.py run
-   ```
-
-## Deploy z Docker Compose - stack (zalecana)
-
-1. Skonfiguruj `.env`.
+1. Skonfiguruj `.env` z pliku `.env.example` 

 2.1 Uruchom: (pgsql)

@@ -65,9 +35,16 @@ Prosta aplikacja webowa do zarządzania listami zakupów z obsługą użytkownik
   bash deploy_docker.sh sqlite
   ```

+2.3 Restart: 
+   ```bash
+   bash deploy_docker.sh pgsql restart
+   lub
+   bash deploy_docker.sh sqlite restart
+   ```
+
 Aplikacja będzie dostępna pod `http://localhost:8000`.

-## Domyślne dane logowania
+## Domyślne dane logowania - konfigurowane z pliku `.env`

 - Główne hasło systemowe: `admin`
 - Admin: `admin` / `admin123`
@@ -80,15 +57,35 @@ Ustaw `DB_ENGINE` oraz odpowiednie zmienne w `.env`:

 Przykład dla PostgreSQL:

-```env
-DB_ENGINE=pgsql
-DB_HOST=db
-DB_PORT=5432
-DB_NAME=myapp
-DB_USER=user
-DB_PASSWORD=pass
-```
+   ```bash
+   DB_ENGINE=pgsql
+   DB_HOST=db
+   DB_PORT=5432
+   DB_NAME=myapp
+   DB_USER=user
+   DB_PASSWORD=pass
+   ```

 ## CLI

-Opis komend administracyjnych znajduje sie w pliku `CLI_OPIS.txt`.
+Opis komend administracyjnych znajduje sie w pliku `KOMENDY_CLI.txt`.
+
+Komendy CLI uruchamiamy wewnatrz kontenera aplikacji. Najwygodniej wejsc do katalogu projektu i wykonac polecenie przez `docker compose exec app`.
+
+Przykladowe:
+
+   ```bash
+   cd /opt/lista_zakupowa_live
+   docker compose -f docker/compose.yml exec app sh -c 'flask lists copy-schedule --source-list-id 393 --when "2026-03-22 11:30" --owner admin'
+   ```
+
+Dodatkowe przyklady:
+
+   ```bash
+   docker compose -f docker/compose.yml exec app sh -c 'flask lists move --list-id 393 --when "2026-03-23 08:00"'
+
+   docker compose -f docker/compose.yml exec app sh -c 'flask lists rename --list-id 393 --title "Zakupy na poniedzialek"'
+
+   docker compose -f docker/compose.yml exec app sh -c 'flask lists create-from-template --template-id 7 --owner admin --when "2026-03-24 09:15" --title "Poranna lista"'
+   ```
+
--- a/config.py
+++ b/config.py
@@ -1,85 +1,113 @@
 import os
+from urllib.parse import quote_plus

 basedir = os.path.abspath(os.path.dirname(__file__))


+def env_str(name, default=None):
+    value = os.environ.get(name)
+    return default if value is None else value
+
+
+def env_int(name, default):
+    value = os.environ.get(name)
+    if value is None or value == "":
+        return default
+    try:
+        return int(value)
+    except (TypeError, ValueError):
+        return default
+
+
+def env_bool(name, default=False):
+    value = os.environ.get(name)
+    if value is None:
+        return default
+    return str(value).strip().lower() in ("1", "true", "yes", "on")
+
+
 class Config:
-
    SESSION_COOKIE_HTTPONLY = True
-    SESSION_COOKIE_SAMESITE = "Lax"  # działa w HTTP i HTTPS
-    
-    SECRET_KEY = os.environ.get("SECRET_KEY", "D8pceNZ8q%YR7^7F&9wAC2")
+    SESSION_COOKIE_SAMESITE = "Lax"

-    APP_PORT = int(os.environ.get("APP_PORT", "8000") or "8000")
+    SECRET_KEY = env_str("SECRET_KEY", "D8pceNZ8q%YR7^7F&9wAC2")
+
+    APP_PORT = env_int("APP_PORT", 8000)
+
+    DB_ENGINE = env_str("DB_ENGINE", "sqlite").lower()

-    DB_ENGINE = os.environ.get("DB_ENGINE", "sqlite").lower()
    if DB_ENGINE == "sqlite":
        SQLALCHEMY_DATABASE_URI = (
            f"sqlite:///{os.path.join(basedir, 'db', 'shopping.db')}"
        )
+
    elif DB_ENGINE == "pgsql":
-        SQLALCHEMY_DATABASE_URI = f"postgresql://{os.environ['DB_USER']}:{os.environ['DB_PASSWORD']}@{os.environ['DB_HOST']}:{os.environ.get('DB_PORT', 5432)}/{os.environ['DB_NAME']}"
+        db_user = quote_plus(env_str("DB_USER", "user"))
+        db_password = quote_plus(env_str("DB_PASSWORD", "pass"))
+        db_host = env_str("DB_HOST", "pgsql")
+        db_port = env_str("DB_PORT", "5432")
+        db_name = quote_plus(env_str("DB_NAME", "myapp"))
+
+        SQLALCHEMY_DATABASE_URI = (
+            f"postgresql://{db_user}:{db_password}@{db_host}:{db_port}/{db_name}"
+        )
+
    elif DB_ENGINE == "mysql":
-        SQLALCHEMY_DATABASE_URI = f"mysql+pymysql://{os.environ['DB_USER']}:{os.environ['DB_PASSWORD']}@{os.environ['DB_HOST']}:{os.environ.get('DB_PORT', 3306)}/{os.environ['DB_NAME']}"
+        db_user = quote_plus(env_str("DB_USER", "user"))
+        db_password = quote_plus(env_str("DB_PASSWORD", "pass"))
+        db_host = env_str("DB_HOST", "mysql")
+        db_port = env_str("DB_PORT", "3306")
+        db_name = quote_plus(env_str("DB_NAME", "myapp"))
+
+        SQLALCHEMY_DATABASE_URI = (
+            f"mysql+pymysql://{db_user}:{db_password}@{db_host}:{db_port}/{db_name}"
+        )
+
    else:
        raise ValueError("Nieobsługiwany typ bazy danych.")

    SQLALCHEMY_TRACK_MODIFICATIONS = False
-    SYSTEM_PASSWORD = os.environ.get("SYSTEM_PASSWORD", "admin")
-    DEFAULT_ADMIN_USERNAME = os.environ.get("DEFAULT_ADMIN_USERNAME", "admin")
-    DEFAULT_ADMIN_PASSWORD = os.environ.get("DEFAULT_ADMIN_PASSWORD", "admin123")
-    UPLOAD_FOLDER = os.environ.get("UPLOAD_FOLDER", "uploads")
-    AUTHORIZED_COOKIE_VALUE = os.environ.get("AUTHORIZED_COOKIE_VALUE", "cookievalue")
-    BCRYPT_PEPPER = os.environ.get("BCRYPT_PEPPER", "sekretnyKluczBcrypt")
-    SESSION_COOKIE_SECURE = os.environ.get("SESSION_COOKIE_SECURE", "0") == "1"
-    HEALTHCHECK_TOKEN = os.environ.get("HEALTHCHECK_TOKEN", "alamapsaikota1234")

-    try:
-        AUTH_COOKIE_MAX_AGE = int(
-            os.environ.get("AUTH_COOKIE_MAX_AGE", "86400") or "86400"
-        )
-    except ValueError:
-        AUTH_COOKIE_MAX_AGE = 86400
+    SYSTEM_PASSWORD = env_str("SYSTEM_PASSWORD", "admin")
+    DEFAULT_ADMIN_USERNAME = env_str("DEFAULT_ADMIN_USERNAME", "admin")
+    DEFAULT_ADMIN_PASSWORD = env_str("DEFAULT_ADMIN_PASSWORD", "admin123")
+    UPLOAD_FOLDER = env_str("UPLOAD_FOLDER", "uploads")
+    AUTHORIZED_COOKIE_VALUE = env_str("AUTHORIZED_COOKIE_VALUE", "cookievalue")
+    BCRYPT_PEPPER = env_str("BCRYPT_PEPPER", "sekretnyKluczBcrypt")
+    SESSION_COOKIE_SECURE = env_bool("SESSION_COOKIE_SECURE", False)
+    HEALTHCHECK_TOKEN = env_str("HEALTHCHECK_TOKEN", "alamapsaikota1234")

-    try:
-        SESSION_TIMEOUT_MINUTES = int(
-            os.environ.get("SESSION_TIMEOUT_MINUTES", "10080") or "10080"
-        )
-    except ValueError:
-        SESSION_TIMEOUT_MINUTES = 10080
+    AUTH_COOKIE_MAX_AGE = env_int("AUTH_COOKIE_MAX_AGE", 86400)
+    SESSION_TIMEOUT_MINUTES = env_int("SESSION_TIMEOUT_MINUTES", 10080)

-    ENABLE_HSTS = os.environ.get("ENABLE_HSTS", "0") == "1"
-    ENABLE_XFO = os.environ.get("ENABLE_XFO", "0") == "1"
-    ENABLE_XCTO = os.environ.get("ENABLE_XCTO", "0") == "1"
-    ENABLE_CSP = os.environ.get("ENABLE_CSP", "0") == "1"
-    ENABLE_PP = os.environ.get("ENABLE_PP", "0") == "1"
-    REFERRER_POLICY = os.environ.get("REFERRER_POLICY") or None
+    ENABLE_HSTS = env_bool("ENABLE_HSTS", False)
+    ENABLE_XFO = env_bool("ENABLE_XFO", False)
+    ENABLE_XCTO = env_bool("ENABLE_XCTO", False)
+    ENABLE_CSP = env_bool("ENABLE_CSP", False)
+    ENABLE_PP = env_bool("ENABLE_PP", False)

-    DEBUG_MODE = os.environ.get("DEBUG_MODE", "1") == "1"
-    DISABLE_ROBOTS = os.environ.get("DISABLE_ROBOTS", "0") == "1"
+    REFERRER_POLICY = env_str("REFERRER_POLICY") or None

-    JS_CACHE_CONTROL = os.environ.get(
-        "JS_CACHE_CONTROL", "no-cache"
-    )
-    CSS_CACHE_CONTROL = os.environ.get(
-        "CSS_CACHE_CONTROL", "no-cache"
-    )
-    LIB_JS_CACHE_CONTROL = os.environ.get(
-        "LIB_JS_CACHE_CONTROL", "max-age=604800"
-    )
-    LIB_CSS_CACHE_CONTROL = os.environ.get(
-        "LIB_CSS_CACHE_CONTROL", "max-age=604800"
-    )
-    UPLOADS_CACHE_CONTROL = os.environ.get(
-        "UPLOADS_CACHE_CONTROL", "public, max-age=2592000, immutable"
+    DEBUG_MODE = env_bool("DEBUG_MODE", True)
+    DISABLE_ROBOTS = env_bool("DISABLE_ROBOTS", False)
+
+    JS_CACHE_CONTROL = env_str("JS_CACHE_CONTROL", "no-cache")
+    CSS_CACHE_CONTROL = env_str("CSS_CACHE_CONTROL", "no-cache")
+    LIB_JS_CACHE_CONTROL = env_str("LIB_JS_CACHE_CONTROL", "max-age=604800")
+    LIB_CSS_CACHE_CONTROL = env_str("LIB_CSS_CACHE_CONTROL", "max-age=604800")
+    UPLOADS_CACHE_CONTROL = env_str(
+        "UPLOADS_CACHE_CONTROL",
+        "public, max-age=2592000, immutable",
    )

    DEFAULT_CATEGORIES = [
-        c.strip() for c in os.environ.get(
+        c.strip()
+        for c in env_str(
            "DEFAULT_CATEGORIES",
            "Spożywcze,Budowlane,Zabawki,Chemia,Inne,Elektronika,Odzież i obuwie,Jedzenie poza domem,"
            "Artykuły biurowe,Kosmetyki i higiena,Motoryzacja,Ogród i rośliny,"
            "Zwierzęta,Sprzęt sportowy,Książki i prasa,Narzędzia i majsterkowanie,"
-            "RTV / AGD,Apteka i suplementy,Artykuły dekoracyjne,Gry i hobby,Usługi,Pieczywo,Różne,Chiny,Dom,Leki,Odzież,Samochód,Dzieci"
-        ).split(",") if c.strip()
-    ]
+            "RTV / AGD,Apteka i suplementy,Artykuły dekoracyjne,Gry i hobby,Usługi,Pieczywo,Różne,Chiny,Dom,Leki,Odzież,Samochód,Dzieci",
+        ).split(",")
+        if c.strip()
+    ]
--- a/deploy_docker.sh
+++ b/deploy_docker.sh
@@ -1,5 +1,7 @@
 #!/bin/bash
-set -e
+set -euo pipefail
+
+COMPOSE_FILE="docker/compose.yml"

 if [[ -f .env ]]; then
  set -a
@@ -8,23 +10,63 @@ if [[ -f .env ]]; then
 fi

 APP_PORT="${APP_PORT:-8080}"
-PROFILE=$1
-COMPOSE_FILE="docker/compose.yml"
+DEFAULT_ENGINE="${DB_ENGINE:-sqlite}"

-if [[ -z "$PROFILE" ]]; then
-  echo "Użycie: $0 {pgsql|mysql|sqlite}"
-  exit 1
+print_usage() {
+  echo "Użycie:"
+  echo "  $0 [sqlite|pgsql|mysql] [deploy|restart]"
+  echo
+  echo "Przykłady:"
+  echo "  $0 pgsql deploy"
+  echo "  $0 mysql restart"
+  echo "  $0 sqlite"
+  echo
+  echo "Domyślnie:"
+  echo "  silnik: z DB_ENGINE z .env albo sqlite"
+  echo "  akcja: deploy"
+}
+
+validate_engine() {
+  local engine="$1"
+  case "$engine" in
+    sqlite|pgsql|mysql)
+      return 0
+      ;;
+    *)
+      echo "Błąd: nieobsługiwany silnik bazy: '$engine'"
+      echo "Dozwolone wartości: sqlite, pgsql, mysql"
+      exit 1
+      ;;
+  esac
+}
+
+validate_action() {
+  local action="$1"
+  case "$action" in
+    deploy|restart)
+      return 0
+      ;;
+    *)
+      echo "Błąd: nieobsługiwana akcja: '$action'"
+      echo "Dozwolone wartości: deploy, restart"
+      exit 1
+      ;;
+  esac
+}
+
+PROFILE="${1:-$DEFAULT_ENGINE}"
+ACTION="${2:-deploy}"
+
+validate_engine "$PROFILE"
+validate_action "$ACTION"
+
+if [[ -n "${DB_ENGINE:-}" && "$DB_ENGINE" != "$PROFILE" ]]; then
+  echo "Uwaga: DB_ENGINE w .env ma wartość '$DB_ENGINE', a uruchamiasz profil '$PROFILE'."
+  echo "Kontynuuję z profilem z argumentu: '$PROFILE'"
 fi

-echo "Zatrzymuję kontenery aplikacji i bazy..."
-if [[ "$PROFILE" == "sqlite" ]]; then
-  docker compose -f "$COMPOSE_FILE" stop
-else
-  docker compose -f "$COMPOSE_FILE" --profile "$PROFILE" stop
-fi
-
-echo "Pobieram najnowszy kod z repozytorium..."
-git pull
+echo "Wybrany silnik bazy: $PROFILE"
+echo "Wybrana akcja: $ACTION"

 echo "Generowanie default.vcl z APP_PORT=$APP_PORT"
 envsubst < deploy/varnish/default.vcl.template > deploy/varnish/default.vcl
@@ -32,7 +74,30 @@ envsubst < deploy/varnish/default.vcl.template > deploy/varnish/default.vcl
 echo "Zapisuję hash commita do version.txt..."
 git rev-parse --short HEAD > version.txt

-echo "Buduję i uruchamiam kontenery..."
+if [[ "$ACTION" == "restart" ]]; then
+  echo "Odtwarzam kontenery bez przebudowy obrazu..."
+
+  if [[ "$PROFILE" == "sqlite" ]]; then
+    docker compose -f "$COMPOSE_FILE" up -d --force-recreate
+  else
+    DB_ENGINE="$PROFILE" docker compose -f "$COMPOSE_FILE" --profile "$PROFILE" up -d --force-recreate
+  fi
+
+  echo "Gotowe! Wersja aplikacji: $(cat version.txt)"
+  exit 0
+fi
+
+echo "Zatrzymuję kontenery aplikacji i bazy..."
+if [[ "$PROFILE" == "sqlite" ]]; then
+  docker compose -f "$COMPOSE_FILE" stop
+else
+  DB_ENGINE="$PROFILE" docker compose -f "$COMPOSE_FILE" --profile "$PROFILE" stop
+fi
+
+echo "Pobieram najnowszy kod z repozytorium..."
+git pull
+
+echo "Uruchamiam kontenery z przebudową obrazu..."
 if [[ "$PROFILE" == "sqlite" ]]; then
  docker compose -f "$COMPOSE_FILE" up -d --build
 else
--- a/shopping_app/helpers.py
+++ b/shopping_app/helpers.py
@@ -243,6 +243,118 @@ def duplicate_list_for_schedule(source_list: ShoppingList, scheduled_for: dateti
    db.session.commit()
    return new_list

+
+
+def shift_datetime_preserving_timezone(value: datetime | None, delta: timedelta) -> datetime | None:
+    if not value:
+        return None
+    if value.tzinfo is None:
+        value = value.replace(tzinfo=timezone.utc)
+    return value + delta
+
+
+def move_list_schedule(shopping_list: ShoppingList, new_when: datetime, keep_item_times: bool = False, keep_expiry: bool = False):
+    if shopping_list is None:
+        raise ValueError('Lista nie istnieje.')
+    if new_when.tzinfo is None:
+        new_when = new_when.replace(tzinfo=timezone.utc)
+
+    original_created = shopping_list.created_at or new_when
+    if original_created.tzinfo is None:
+        original_created = original_created.replace(tzinfo=timezone.utc)
+
+    delta = new_when - original_created
+    shopping_list.created_at = new_when
+
+    if not keep_expiry and shopping_list.expires_at:
+        shopping_list.expires_at = shift_datetime_preserving_timezone(shopping_list.expires_at, delta)
+
+    if not keep_item_times:
+        for item in shopping_list.items:
+            if item.added_at:
+                item.added_at = shift_datetime_preserving_timezone(item.added_at, delta)
+            if item.purchased_at:
+                item.purchased_at = shift_datetime_preserving_timezone(item.purchased_at, delta)
+
+    return shopping_list, delta
+
+
+def rename_list(shopping_list: ShoppingList, new_title: str):
+    normalized = (new_title or '').strip()
+    if not normalized:
+        raise ValueError('Podaj nowy tytul listy.')
+    shopping_list.title = normalized
+    return shopping_list
+
+
+def set_list_archived(shopping_list: ShoppingList, archived: bool = True):
+    if shopping_list is None:
+        raise ValueError('Lista nie istnieje.')
+    shopping_list.is_archived = bool(archived)
+    return shopping_list
+
+
+def assign_list_owner(shopping_list: ShoppingList, owner: User):
+    if shopping_list is None:
+        raise ValueError('Lista nie istnieje.')
+    if owner is None:
+        raise ValueError('Nie znaleziono docelowego wlasciciela.')
+    shopping_list.owner_id = owner.id
+    return shopping_list
+
+
+def delete_list_with_relations(shopping_list: ShoppingList):
+    if shopping_list is None:
+        raise ValueError('Lista nie istnieje.')
+    shopping_list.categories.clear()
+    ListPermission.query.filter_by(list_id=shopping_list.id).delete(synchronize_session=False)
+    ListActivityLog.query.filter_by(list_id=shopping_list.id).delete(synchronize_session=False)
+    Expense.query.filter_by(list_id=shopping_list.id).delete(synchronize_session=False)
+    Receipt.query.filter_by(list_id=shopping_list.id).delete(synchronize_session=False)
+    Item.query.filter_by(list_id=shopping_list.id).delete(synchronize_session=False)
+    db.session.delete(shopping_list)
+
+
+def duplicate_list_many(source_list: ShoppingList, schedule_values: list[datetime], owner: User | None = None, title_prefix: str | None = None):
+    created_lists = []
+    base_prefix = (title_prefix or '').strip()
+    for idx, scheduled_for in enumerate(schedule_values, start=1):
+        title = None
+        if base_prefix:
+            title = f'{base_prefix} #{idx}'
+        created_lists.append(duplicate_list_for_schedule(source_list, scheduled_for=scheduled_for, owner=owner, title=title))
+    return created_lists
+
+
+def create_list_from_template_at_schedule(template: ListTemplate, owner: User, scheduled_for: datetime, title: str | None = None):
+    if scheduled_for.tzinfo is None:
+        scheduled_for = scheduled_for.replace(tzinfo=timezone.utc)
+
+    new_list = ShoppingList(
+        title=(title or template.name).strip(),
+        owner_id=owner.id,
+        share_token=generate_share_token(8),
+        is_temporary=False,
+        expires_at=None,
+        created_at=scheduled_for,
+    )
+    db.session.add(new_list)
+    db.session.flush()
+
+    for idx, item in enumerate(template.items, start=1):
+        db.session.add(Item(
+            list_id=new_list.id,
+            name=item.name,
+            quantity=item.quantity or 1,
+            note=item.note,
+            position=item.position or idx,
+            added_by=owner.id,
+            added_at=scheduled_for,
+        ))
+
+    db.session.commit()
+    return new_list
+
 def hash_api_token(token: str) -> str:
    return hashlib.sha256((token or '').encode('utf-8')).hexdigest()

@@ -387,6 +499,11 @@ def action_label(action: str) -> str:
        'item_unmarked_not_purchased': 'przywrócił produkt',
        'expense_added': 'dodał wydatek',
        'list_duplicated': 'zduplikował listę',
+        'list_moved': 'przeniósł listę',
+        'list_archived': 'zarchiwizował listę',
+        'list_unarchived': 'przywrócił listę z archiwum',
+        'list_owner_changed': 'zmienił właściciela listy',
+        'list_renamed': 'zmienił nazwę listy',
        'template_created': 'utworzył szablon',
    }.get(action, action)

--- a/shopping_app/routes_main.py
+++ b/shopping_app/routes_main.py
@@ -207,11 +207,9 @@ def main_page():

@app.route("/system-auth", methods=["GET", "POST"])
 def system_auth():
-    if (
-        current_user.is_authenticated
-        or request.cookies.get("authorized") == AUTHORIZED_COOKIE_VALUE
-    ):
-        flash("Jesteś już zalogowany lub autoryzowany.", "info")
+    
+    if request.cookies.get("authorized") == AUTHORIZED_COOKIE_VALUE:
+        flash("Jesteś już autoryzowany.", "info")
        return redirect(url_for("main_page"))

    ip = request.access_route[0]
--- a/shopping_app/sockets.py
+++ b/shopping_app/sockets.py
@@ -594,6 +594,22 @@ def lists_cli():
    """Operacje CLI na listach zakupowych."""


+def _load_list_for_cli(list_id: int):
+    return ShoppingList.query.options(joinedload(ShoppingList.items), joinedload(ShoppingList.categories), joinedload(ShoppingList.owner)).get(list_id)
+
+
+def _parse_many_when_values(raw_values: str):
+    values = []
+    for part in (raw_values or '').split(','):
+        normalized = part.strip()
+        if not normalized:
+            continue
+        values.append(parse_cli_datetime(normalized))
+    if not values:
+        raise ValueError('Podaj co najmniej jedna date w --when-list.')
+    return values
+
+
@lists_cli.command("copy-schedule")
@click.option("--source-list-id", required=True, type=int, help="ID listy zrodlowej.")
@click.option("--when", "when_value", required=True, help="Nowa data utworzenia listy: YYYY-MM-DD lub YYYY-MM-DD HH:MM")
@@ -601,7 +617,7 @@ def lists_cli():
@click.option("--title", default=None, help="Nowy tytul listy. Domyslnie taki sam jak w oryginale.")
 def lists_copy_schedule_command(source_list_id, when_value, owner_value, title):
    with app.app_context():
-        source_list = ShoppingList.query.options(joinedload(ShoppingList.items), joinedload(ShoppingList.categories)).get(source_list_id)
+        source_list = _load_list_for_cli(source_list_id)
        if not source_list:
            raise click.ClickException('Nie znaleziono listy zrodlowej.')

@@ -617,6 +633,153 @@ def lists_copy_schedule_command(source_list_id, when_value, owner_value, title):
                raise click.ClickException('Nie znaleziono docelowego wlasciciela.')

        new_list = duplicate_list_for_schedule(source_list, scheduled_for=scheduled_for, owner=owner, title=title)
+        log_list_activity(new_list.id, 'list_duplicated', actor_name='CLI', details=f'copy-schedule ze zrodla #{source_list.id}')
+        db.session.commit()
        click.echo(
            f"Utworzono kopie listy: nowa_id={new_list.id}, tytul={new_list.title}, created_at={new_list.created_at.isoformat()}"
        )
+
+
+@lists_cli.command("move")
+@click.option("--list-id", required=True, type=int, help="ID listy.")
+@click.option("--when", "when_value", required=True, help="Nowy termin listy: YYYY-MM-DD lub YYYY-MM-DD HH:MM")
+@click.option("--keep-item-times", is_flag=True, help="Nie przesuwaj added_at/purchased_at pozycji.")
+@click.option("--keep-expiry", is_flag=True, help="Nie przesuwaj expires_at.")
+def lists_move_command(list_id, when_value, keep_item_times, keep_expiry):
+    with app.app_context():
+        shopping_list = _load_list_for_cli(list_id)
+        if not shopping_list:
+            raise click.ClickException('Nie znaleziono listy.')
+        try:
+            new_when = parse_cli_datetime(when_value)
+        except ValueError as exc:
+            raise click.ClickException(str(exc))
+        old_created = shopping_list.created_at
+        move_list_schedule(shopping_list, new_when, keep_item_times=keep_item_times, keep_expiry=keep_expiry)
+        log_list_activity(shopping_list.id, 'list_moved', actor_name='CLI', details=f'Z {old_created} na {shopping_list.created_at}')
+        db.session.commit()
+        click.echo(f'Przeniesiono liste #{shopping_list.id} na {shopping_list.created_at.isoformat()}')
+
+
+@lists_cli.command("archive")
+@click.option("--list-id", required=True, type=int, help="ID listy.")
+def lists_archive_command(list_id):
+    with app.app_context():
+        shopping_list = _load_list_for_cli(list_id)
+        if not shopping_list:
+            raise click.ClickException('Nie znaleziono listy.')
+        set_list_archived(shopping_list, archived=True)
+        log_list_activity(shopping_list.id, 'list_archived', actor_name='CLI')
+        db.session.commit()
+        click.echo(f'Zarchiwizowano liste #{shopping_list.id}.')
+
+
+@lists_cli.command("unarchive")
+@click.option("--list-id", required=True, type=int, help="ID listy.")
+def lists_unarchive_command(list_id):
+    with app.app_context():
+        shopping_list = _load_list_for_cli(list_id)
+        if not shopping_list:
+            raise click.ClickException('Nie znaleziono listy.')
+        set_list_archived(shopping_list, archived=False)
+        log_list_activity(shopping_list.id, 'list_unarchived', actor_name='CLI')
+        db.session.commit()
+        click.echo(f'Przywrocono liste #{shopping_list.id} z archiwum.')
+
+
+@lists_cli.command("assign-owner")
+@click.option("--list-id", required=True, type=int, help="ID listy.")
+@click.option("--owner", "owner_value", required=True, help="Nowy wlasciciel: username albo ID.")
+def lists_assign_owner_command(list_id, owner_value):
+    with app.app_context():
+        shopping_list = _load_list_for_cli(list_id)
+        if not shopping_list:
+            raise click.ClickException('Nie znaleziono listy.')
+        owner = resolve_user_identifier(owner_value)
+        if not owner:
+            raise click.ClickException('Nie znaleziono docelowego wlasciciela.')
+        previous_owner = shopping_list.owner.username if shopping_list.owner else shopping_list.owner_id
+        assign_list_owner(shopping_list, owner)
+        log_list_activity(shopping_list.id, 'list_owner_changed', actor_name='CLI', details=f'{previous_owner} -> {owner.username}')
+        db.session.commit()
+        click.echo(f'Zmieniono wlasciciela listy #{shopping_list.id} na {owner.username}.')
+
+
+@lists_cli.command("create-from-template")
+@click.option("--template-id", required=True, type=int, help="ID szablonu.")
+@click.option("--owner", "owner_value", required=True, help="Wlasciciel nowej listy: username albo ID.")
+@click.option("--when", "when_value", default=None, help="Termin utworzenia: YYYY-MM-DD lub YYYY-MM-DD HH:MM")
+@click.option("--title", default=None, help="Tytul nowej listy.")
+def lists_create_from_template_command(template_id, owner_value, when_value, title):
+    with app.app_context():
+        template = ListTemplate.query.options(joinedload(ListTemplate.items)).get(template_id)
+        if not template:
+            raise click.ClickException('Nie znaleziono szablonu.')
+        owner = resolve_user_identifier(owner_value)
+        if not owner:
+            raise click.ClickException('Nie znaleziono docelowego wlasciciela.')
+        try:
+            scheduled_for = parse_cli_datetime(when_value) if when_value else datetime.now(timezone.utc)
+        except ValueError as exc:
+            raise click.ClickException(str(exc))
+        new_list = create_list_from_template_at_schedule(template, owner=owner, scheduled_for=scheduled_for, title=title)
+        log_list_activity(new_list.id, 'template_created', actor_name='CLI', details=f'create-from-template z szablonu #{template.id}')
+        db.session.commit()
+        click.echo(f'Utworzono liste z szablonu: nowa_id={new_list.id}, tytul={new_list.title}, created_at={new_list.created_at.isoformat()}')
+
+
+@lists_cli.command("delete")
+@click.option("--list-id", required=True, type=int, help="ID listy.")
+def lists_delete_command(list_id):
+    with app.app_context():
+        shopping_list = _load_list_for_cli(list_id)
+        if not shopping_list:
+            raise click.ClickException('Nie znaleziono listy.')
+        title = shopping_list.title
+        delete_list_with_relations(shopping_list)
+        db.session.commit()
+        click.echo(f'Usunieto liste #{list_id}: {title}')
+
+
+@lists_cli.command("rename")
+@click.option("--list-id", required=True, type=int, help="ID listy.")
+@click.option("--title", "new_title", required=True, help="Nowy tytul listy.")
+def lists_rename_command(list_id, new_title):
+    with app.app_context():
+        shopping_list = _load_list_for_cli(list_id)
+        if not shopping_list:
+            raise click.ClickException('Nie znaleziono listy.')
+        old_title = shopping_list.title
+        try:
+            rename_list(shopping_list, new_title)
+        except ValueError as exc:
+            raise click.ClickException(str(exc))
+        log_list_activity(shopping_list.id, 'list_renamed', actor_name='CLI', details=f'{old_title} -> {shopping_list.title}')
+        db.session.commit()
+        click.echo(f'Zmieniono tytul listy #{shopping_list.id} na: {shopping_list.title}')
+
+
+@lists_cli.command("duplicate-many")
+@click.option("--source-list-id", required=True, type=int, help="ID listy zrodlowej.")
+@click.option("--when-list", required=True, help="Lista terminow rozdzielona przecinkami.")
+@click.option("--owner", "owner_value", default=None, help="Nowy wlasciciel: username albo ID.")
+@click.option("--title-prefix", default=None, help="Prefiks tytulu dla nowych list.")
+def lists_duplicate_many_command(source_list_id, when_list, owner_value, title_prefix):
+    with app.app_context():
+        source_list = _load_list_for_cli(source_list_id)
+        if not source_list:
+            raise click.ClickException('Nie znaleziono listy zrodlowej.')
+        owner = None
+        if owner_value:
+            owner = resolve_user_identifier(owner_value)
+            if not owner:
+                raise click.ClickException('Nie znaleziono docelowego wlasciciela.')
+        try:
+            schedule_values = _parse_many_when_values(when_list)
+        except ValueError as exc:
+            raise click.ClickException(str(exc))
+        created_lists = duplicate_list_many(source_list, schedule_values=schedule_values, owner=owner, title_prefix=title_prefix)
+        for new_list in created_lists:
+            log_list_activity(new_list.id, 'list_duplicated', actor_name='CLI', details=f'duplicate-many ze zrodla #{source_list.id}')
+        db.session.commit()
+        click.echo('Utworzono listy: ' + ', '.join([f'#{row.id}@{row.created_at.isoformat()}' for row in created_lists]))
--- a/shopping_app/static/css/style.css
+++ b/shopping_app/static/css/style.css
@@ -1571,15 +1571,15 @@ hr {
    min-height: 46px;
  }

-  .input-group {
+  .input-group:not(.ui-password-group) {
    flex-wrap: wrap;
    gap: 0.55rem;
  }

-  .input-group > .form-control,
-  .input-group > .form-select,
-  .input-group > .btn,
-  .input-group > .input-group-text {
+  .input-group:not(.ui-password-group) > .form-control,
+  .input-group:not(.ui-password-group) > .form-select,
+  .input-group:not(.ui-password-group) > .btn,
+  .input-group:not(.ui-password-group) > .input-group-text {
    width: 100% !important;
    flex: 1 1 100% !important;
    border-radius: 14px !important;
@@ -2215,9 +2215,6 @@ form[data-unsaved-warning="true"].is-dirty::after {
  font-weight: 700;
 }

-.ui-password-toggle {
-  min-width: 52px;
-}

 .ui-password-toggle.is-active {
  background: rgba(255,255,255,0.1);
@@ -2362,7 +2359,7 @@ form[data-unsaved-warning="true"].is-dirty::after {
 .list-action-block .input-group .btn,
 .list-action-block .btn,
 .endpoint-shared_list .input-group .btn,
-.endpoint-shared_list .btn {
+.endpoint-shared_list .list-share-page .btn {
  min-height: 44px;
 }

@@ -3492,19 +3489,6 @@ input[type="checkbox"].form-check-input,
  white-space: nowrap;
 }

-.ui-password-group {
-  flex-wrap: nowrap;
-}
-
-.ui-password-group > .form-control {
-  min-width: 0;
-}
-
-.ui-password-group > .ui-password-toggle {
-  flex: 0 0 auto;
-  width: auto;
-  min-width: 3rem;
-}

@media (max-width: 991.98px) {
  .app-navbar__actions {
@@ -4399,7 +4383,9 @@ body.sorting-active .shopping-item-row .large-checkbox {
 }

 .endpoint-list_share .shopping-item-main,
-.endpoint-shared_list .shopping-item-main {
+.endpoint-shared_list .shopping-item-main,
+.endpoint-view_list .shopping-item-main,
+.endpoint-list .shopping-item-main {
  display: flex;
  align-items: center;
  gap: .75rem;
@@ -4407,14 +4393,18 @@ body.sorting-active .shopping-item-row .large-checkbox {
 }

 .endpoint-list_share .shopping-item-content,
-.endpoint-shared_list .shopping-item-content {
+.endpoint-shared_list .shopping-item-content,
+.endpoint-view_list .shopping-item-content,
+.endpoint-list .shopping-item-content {
  flex: 1 1 auto;
  min-width: 0;
  width: auto;
 }

 .endpoint-list_share .shopping-item-head,
-.endpoint-shared_list .shopping-item-head {
+.endpoint-shared_list .shopping-item-head,
+.endpoint-view_list .shopping-item-head,
+.endpoint-list .shopping-item-head {
  display: flex;
  align-items: center;
  justify-content: space-between;
@@ -4422,7 +4412,9 @@ body.sorting-active .shopping-item-row .large-checkbox {
 }

 .endpoint-list_share .shopping-item-text,
-.endpoint-shared_list .shopping-item-text {
+.endpoint-shared_list .shopping-item-text,
+.endpoint-view_list .shopping-item-text,
+.endpoint-list .shopping-item-text {
  flex: 1 1 auto;
  min-width: 0;
  display: flex;
@@ -4433,7 +4425,9 @@ body.sorting-active .shopping-item-row .large-checkbox {
 }

 .endpoint-list_share .shopping-item-name,
-.endpoint-shared_list .shopping-item-name {
+.endpoint-shared_list .shopping-item-name,
+.endpoint-view_list .shopping-item-name,
+.endpoint-list .shopping-item-name {
  display: inline;
  min-width: 0;
  max-width: 100%;
@@ -4444,13 +4438,19 @@ body.sorting-active .shopping-item-row .large-checkbox {

 .endpoint-list_share .shopping-item-text .badge,
 .endpoint-shared_list .shopping-item-text .badge,
+.endpoint-view_list .shopping-item-text .badge,
+.endpoint-list .shopping-item-text .badge,
 .endpoint-list_share .shopping-item-text .info-line,
-.endpoint-shared_list .shopping-item-text .info-line {
+.endpoint-shared_list .shopping-item-text .info-line,
+.endpoint-view_list .shopping-item-text .info-line,
+.endpoint-list .shopping-item-text .info-line {
  align-self: center;
 }

 .endpoint-list_share .shopping-item-text .info-line,
-.endpoint-shared_list .shopping-item-text .info-line {
+.endpoint-shared_list .shopping-item-text .info-line,
+.endpoint-view_list .shopping-item-text .info-line,
+.endpoint-list .shopping-item-text .info-line {
  display: block;
  flex: 0 0 100%;
  width: 100%;
@@ -4461,7 +4461,9 @@ body.sorting-active .shopping-item-row .large-checkbox {
 }

 .endpoint-list_share .shopping-item-actions,
-.endpoint-shared_list .shopping-item-actions {
+.endpoint-shared_list .shopping-item-actions,
+.endpoint-view_list .shopping-item-actions,
+.endpoint-list .shopping-item-actions {
  display: inline-flex;
  flex: 0 0 auto;
  flex-wrap: nowrap;
@@ -4491,12 +4493,16 @@ body.sorting-active .shopping-item-row .large-checkbox {

@media (max-width: 575.98px) {
  .endpoint-list_share .shopping-item-main,
-  .endpoint-shared_list .shopping-item-main {
+  .endpoint-shared_list .shopping-item-main,
+  .endpoint-view_list .shopping-item-main,
+  .endpoint-list .shopping-item-main {
    gap: .55rem;
  }

  .endpoint-list_share .shopping-item-head,
-  .endpoint-shared_list .shopping-item-head {
+  .endpoint-shared_list .shopping-item-head,
+  .endpoint-view_list .shopping-item-head,
+  .endpoint-list .shopping-item-head {
    display: flex;
    align-items: center;
    justify-content: space-between;
@@ -4504,14 +4510,18 @@ body.sorting-active .shopping-item-row .large-checkbox {
  }

  .endpoint-list_share .shopping-item-text,
-  .endpoint-shared_list .shopping-item-text {
+  .endpoint-shared_list .shopping-item-text,
+  .endpoint-view_list .shopping-item-text,
+  .endpoint-list .shopping-item-text {
    flex: 1 1 auto;
    min-width: 0;
    gap: .25rem;
  }

  .endpoint-list_share .shopping-item-actions,
-  .endpoint-shared_list .shopping-item-actions {
+  .endpoint-shared_list .shopping-item-actions,
+  .endpoint-view_list .shopping-item-actions,
+  .endpoint-list .shopping-item-actions {
    align-self: start;
    width: auto;
    margin-left: auto;
@@ -4655,263 +4665,6 @@ body.sorting-active .shopping-item-row .large-checkbox {
 }


-/* Login/auth password field fixes */
-.endpoint-login form .form-control,
-.endpoint-system_auth form .form-control {
-  min-height: 42px;
-  border-radius: 14px !important;
-}
-
-.endpoint-login .ui-password-group,
-.endpoint-system_auth .ui-password-group {
-  display: flex !important;
-  flex-wrap: nowrap !important;
-  align-items: stretch !important;
-  gap: 0 !important;
-}
-
-.endpoint-login .ui-password-group > .form-control,
-.endpoint-system_auth .ui-password-group > .form-control {
-  width: auto !important;
-  flex: 1 1 auto !important;
-  max-width: none !important;
-  border-radius: 14px 0 0 14px !important;
-  border-right: 0 !important;
-}
-
-.endpoint-login .ui-password-group > .ui-password-toggle,
-.endpoint-system_auth .ui-password-group > .ui-password-toggle {
-  appearance: none;
-  -webkit-appearance: none;
-  display: inline-flex !important;
-  align-items: center;
-  justify-content: center;
-  flex: 0 0 46px !important;
-  width: 46px !important;
-  min-width: 46px !important;
-  padding: 0 !important;
-  margin: 0 !important;
-  color: rgba(255,255,255,.78);
-  background: #1f2738 !important;
-  border: 1px solid var(--bs-border-color, #495057) !important;
-  border-left: 0 !important;
-  border-radius: 0 14px 14px 0 !important;
-  outline: none !important;
-  box-shadow: none !important;
-  line-height: 1;
-  font-size: 1rem;
-}
-
-.endpoint-login .ui-password-group > .ui-password-toggle:hover,
-.endpoint-login .ui-password-group > .ui-password-toggle:focus,
-.endpoint-system_auth .ui-password-group > .ui-password-toggle:hover,
-.endpoint-system_auth .ui-password-group > .ui-password-toggle:focus {
-  color: #fff;
-  background: #253047 !important;
-  outline: none !important;
-  box-shadow: none !important;
-}
-
-.endpoint-login .ui-password-group > .ui-password-toggle.is-active,
-.endpoint-system_auth .ui-password-group > .ui-password-toggle.is-active {
-  background: #2a3550 !important;
-}
-
-@media (max-width: 575.98px) {
-  .endpoint-login .ui-password-group,
-  .endpoint-system_auth .ui-password-group {
-    width: 100%;
-  }
-
-  .endpoint-login .ui-password-group > .form-control,
-  .endpoint-system_auth .ui-password-group > .form-control {
-    width: auto !important;
-    flex: 1 1 auto !important;
-  }
-
-  .endpoint-login .ui-password-group > .ui-password-toggle,
-  .endpoint-system_auth .ui-password-group > .ui-password-toggle {
-    flex: 0 0 44px !important;
-    width: 44px !important;
-    min-width: 44px !important;
-  }
-}
-
-/* final hotfix 2026-03-17: list/share parity, pending spinner, auth inputs */
-.shopping-item-row {
-  position: relative;
-}
-
-.shopping-item-spinner {
-  position: absolute;
-  top: .7rem;
-  right: .7rem;
-  z-index: 2;
-  pointer-events: none;
-}
-
-.shopping-item-row.is-pending .shopping-item-actions {
-  opacity: .72;
-}
-
-.shopping-item-actions {
-  display: inline-flex;
-  flex: 0 0 auto;
-  flex-wrap: nowrap;
-  align-items: center;
-  justify-content: flex-end;
-  gap: .35rem;
-  min-height: 2.35rem;
-}
-
-.shopping-action-btn {
-  display: inline-flex !important;
-  align-items: center;
-  justify-content: center;
-  width: 2.35rem;
-  height: 2.35rem;
-  min-width: 2.35rem;
-  padding: 0 !important;
-  line-height: 1;
-  border-radius: .7rem !important;
-  flex: 0 0 2.35rem;
-}
-
-.shopping-action-btn--wide {
-  width: auto;
-  min-width: 5.9rem;
-  padding: 0 .8rem !important;
-  flex: 0 0 auto;
-}
-.shopping-action-btn--countdown {
-  width: auto !important;
-  min-width: 3.2rem !important;
-  padding: 0 .65rem !important;
-  font-variant-numeric: tabular-nums;
-  opacity: 1 !important;
-}
-
-
-.endpoint-list_share .shopping-item-actions,
-.endpoint-shared_list .shopping-item-actions,
-.endpoint-list .shopping-item-actions {
-  min-height: 2.35rem;
-}
-
-.endpoint-list_share .shopping-action-btn,
-.endpoint-shared_list .shopping-action-btn,
-.endpoint-list .shopping-action-btn {
-  width: 2.35rem;
-  height: 2.35rem;
-  min-width: 2.35rem;
-  border-radius: .7rem !important;
-}
-
-.endpoint-list_share .shopping-action-btn--wide,
-.endpoint-shared_list .shopping-action-btn--wide,
-.endpoint-list .shopping-action-btn--wide {
-  width: auto;
-  min-width: 5.9rem;
-}
-.endpoint-list_share .shopping-action-btn--countdown,
-.endpoint-shared_list .shopping-action-btn--countdown,
-.endpoint-list .shopping-action-btn--countdown {
-  width: auto;
-  min-width: 3.2rem;
-}
-
-
-@media (max-width: 575.98px) {
-  .shopping-item-spinner {
-    top: .55rem;
-    right: .55rem;
-  }
-
-  .shopping-action-btn,
-  .endpoint-list_share .shopping-action-btn,
-  .endpoint-shared_list .shopping-action-btn,
-  .endpoint-list .shopping-action-btn {
-    width: 2.15rem;
-    height: 2.15rem;
-    min-width: 2.15rem;
-    border-radius: .65rem !important;
-  }
-
-  .shopping-action-btn--wide,
-  .endpoint-list_share .shopping-action-btn--wide,
-  .endpoint-shared_list .shopping-action-btn--wide,
-  .endpoint-list .shopping-action-btn--wide {
-    width: auto;
-    min-width: 5.4rem;
-    padding: 0 .72rem !important;
-  }
-
-  .shopping-action-btn--countdown,
-  .endpoint-list_share .shopping-action-btn--countdown,
-  .endpoint-shared_list .shopping-action-btn--countdown,
-  .endpoint-list .shopping-action-btn--countdown {
-    min-width: 3rem;
-    padding: 0 .55rem !important;
-  }
-}
-
-.endpoint-login .card .form-control,
-.endpoint-system_auth .card .form-control,
-.endpoint-user_management .ui-password-group > .form-control,
-.endpoint-user_management .modal .ui-password-group > .form-control {
-  min-height: 42px;
-  border-radius: 14px !important;
-}
-
-.endpoint-user_management .ui-password-group,
-.endpoint-user_management .modal .ui-password-group {
-  display: flex !important;
-  flex-wrap: nowrap !important;
-  align-items: stretch !important;
-  gap: 0 !important;
-}
-
-.endpoint-user_management .ui-password-group > .form-control,
-.endpoint-user_management .modal .ui-password-group > .form-control {
-  flex: 1 1 auto !important;
-  width: auto !important;
-  max-width: none !important;
-  border-radius: 14px 0 0 14px !important;
-  border-right: 0 !important;
-}
-
-.endpoint-user_management .ui-password-group > .ui-password-toggle,
-.endpoint-user_management .modal .ui-password-group > .ui-password-toggle {
-  appearance: none;
-  -webkit-appearance: none;
-  display: inline-flex !important;
-  align-items: center;
-  justify-content: center;
-  flex: 0 0 46px !important;
-  width: 46px !important;
-  min-width: 46px !important;
-  padding: 0 !important;
-  margin: 0 !important;
-  color: rgba(255,255,255,.78);
-  background: #1f2738 !important;
-  border: 1px solid var(--bs-border-color, #495057) !important;
-  border-left: 0 !important;
-  border-radius: 0 14px 14px 0 !important;
-  outline: none !important;
-  box-shadow: none !important;
-  line-height: 1;
-  font-size: 1rem;
-}
-
-.endpoint-user_management .ui-password-group > .ui-password-toggle:hover,
-.endpoint-user_management .ui-password-group > .ui-password-toggle:focus,
-.endpoint-user_management .modal .ui-password-group > .ui-password-toggle:hover,
-.endpoint-user_management .modal .ui-password-group > .ui-password-toggle:focus {
-  color: #fff;
-  background: #253047 !important;
-  box-shadow: none !important;
-}
-
 .endpoint-list_share .shopping-item-actions,
 .endpoint-shared_list .shopping-item-actions,
 .endpoint-view_list .shopping-item-actions,
@@ -4996,23 +4749,56 @@ body:not(.sorting-active) .drag-handle {


 /* =========================================================
-   Password toggle group: shared final version for login/auth/admin
+   Consistent form controls + password toggle
 ========================================================= */
+:root {
+  --ui-control-height: 42px;
+  --ui-control-radius: 14px;
+  --ui-control-focus-ring: 0 0 0 .25rem rgba(24, 64, 118, .18);
+}
+
+.ui-consistent-input {
+  min-height: var(--ui-control-height) !important;
+  border-radius: var(--ui-control-radius) !important;
+}
+
 .ui-password-group {
  display: flex !important;
  flex-wrap: nowrap !important;
  align-items: stretch !important;
  width: 100% !important;
+  gap: 0 !important;
+  overflow: hidden !important;
+  border: 1px solid var(--ui-border-strong) !important;
+  border-radius: var(--ui-control-radius) !important;
+  background: rgba(255,255,255,0.04) !important;
+  background-image: none !important;
+  box-shadow: none !important;
+}
+
+.ui-password-group:focus-within {
+  border-color: rgba(25, 135, 84, 0.6) !important;
+  box-shadow: 0 0 0 0.2rem rgba(25, 135, 84, 0.16) !important;
 }

 .ui-password-group > .form-control {
  flex: 1 1 auto !important;
  width: 1% !important;
  min-width: 0 !important;
-  min-height: 42px !important;
-  border-top-right-radius: 0 !important;
-  border-bottom-right-radius: 0 !important;
-  border-right: 0 !important;
+  min-height: var(--ui-control-height) !important;
+  border: 0 !important;
+  border-radius: 0 !important;
+  box-shadow: none !important;
+  background: transparent !important;
+  background-color: transparent !important;
+  background-image: none !important;
+  background-clip: padding-box !important;
+}
+
+.ui-password-group > .form-control:focus {
+  box-shadow: none !important;
+  background: transparent !important;
+  background-color: transparent !important;
 }

 .ui-password-group > .ui-password-toggle {
@@ -5024,19 +4810,17 @@ body:not(.sorting-active) .drag-handle {
  flex: 0 0 46px !important;
  width: 46px !important;
  min-width: 46px !important;
-  min-height: 42px !important;
+  min-height: var(--ui-control-height) !important;
  padding: 0 !important;
  margin: 0 !important;
  cursor: pointer !important;
-  background-color: var(--dark-700) !important;
+  background: transparent !important;
+  background-color: transparent !important;
  background-image: none !important;
-  color: var(--text-strong) !important;
-  border: 1px solid var(--dark-300) !important;
-  border-left: 0 !important;
-  border-top-left-radius: 0 !important;
-  border-bottom-left-radius: 0 !important;
-  border-top-right-radius: 14px !important;
-  border-bottom-right-radius: 14px !important;
+  color: rgba(255,255,255,0.72) !important;
+  border: 0 !important;
+  border-left: 1px solid rgba(255, 255, 255, 0.10) !important;
+  border-radius: 0 !important;
  box-shadow: none !important;
  line-height: 1 !important;
 }
@@ -5044,15 +4828,17 @@ body:not(.sorting-active) .drag-handle {
 .ui-password-group > .ui-password-toggle:hover,
 .ui-password-group > .ui-password-toggle:focus,
 .ui-password-group > .ui-password-toggle:focus-visible {
-  background-color: var(--dark-800) !important;
+  background: rgba(255,255,255,0.03) !important;
+  background-color: rgba(255,255,255,0.03) !important;
  color: #fff !important;
-  border-color: var(--primary) !important;
-  box-shadow: 0 0 0 .25rem rgba(24, 64, 118, .18) !important;
+  border-left-color: rgba(255,255,255,0.16) !important;
+  box-shadow: none !important;
  outline: none !important;
 }

 .ui-password-group > .ui-password-toggle.is-active {
-  background-color: var(--dark-800) !important;
+  background: rgba(255,255,255,0.05) !important;
+  background-color: rgba(255,255,255,0.05) !important;
  color: #fff !important;
 }

@@ -5060,29 +4846,40 @@ body:not(.sorting-active) .drag-handle {
  pointer-events: none !important;
 }

-.endpoint-login .ui-password-group > .ui-password-toggle,
-.endpoint-system_auth .ui-password-group > .ui-password-toggle,
-.endpoint-user_management .ui-password-group > .ui-password-toggle,
-.endpoint-user_management .modal .ui-password-group > .ui-password-toggle {
-  background-color: var(--dark-700) !important;
-  color: var(--text-strong) !important;
-  border-color: var(--dark-300) !important;
+.endpoint-login form .form-control:not(.form-control-sm),
+.endpoint-system_auth form .form-control:not(.form-control-sm),
+.endpoint-edit_my_list form .form-control:not(.form-control-sm):not(.form-control-plaintext),
+.endpoint-edit_list form .form-control:not(.form-control-sm):not(.form-control-plaintext),
+.endpoint-user_management form .form-control:not(.form-control-sm),
+.endpoint-user_management .modal .form-control:not(.form-control-sm),
+.endpoint-edit_my_list form .form-select,
+.endpoint-edit_list form .form-select,
+.endpoint-user_management form .form-select,
+.endpoint-user_management .modal .form-select {
+  min-height: var(--ui-control-height) !important;
 }

-.endpoint-login .ui-password-group > .ui-password-toggle:hover,
-.endpoint-login .ui-password-group > .ui-password-toggle:focus,
-.endpoint-login .ui-password-group > .ui-password-toggle:focus-visible,
-.endpoint-system_auth .ui-password-group > .ui-password-toggle:hover,
-.endpoint-system_auth .ui-password-group > .ui-password-toggle:focus,
-.endpoint-system_auth .ui-password-group > .ui-password-toggle:focus-visible,
-.endpoint-user_management .ui-password-group > .ui-password-toggle:hover,
-.endpoint-user_management .ui-password-group > .ui-password-toggle:focus,
-.endpoint-user_management .ui-password-group > .ui-password-toggle:focus-visible,
-.endpoint-user_management .modal .ui-password-group > .ui-password-toggle:hover,
-.endpoint-user_management .modal .ui-password-group > .ui-password-toggle:focus,
-.endpoint-user_management .modal .ui-password-group > .ui-password-toggle:focus-visible {
-  background-color: var(--dark-800) !important;
-  border-color: var(--primary) !important;
+.endpoint-login form .form-control.ui-consistent-input,
+.endpoint-system_auth form .form-control.ui-consistent-input,
+.endpoint-edit_my_list form .ui-consistent-input,
+.endpoint-edit_list form .ui-consistent-input,
+.endpoint-user_management form .ui-consistent-input,
+.endpoint-user_management .modal .ui-consistent-input {
+  border-radius: var(--ui-control-radius) !important;
+}
+
+/*
+  Password fields use only the generic ui-password-group rules above.
+  Keep endpoint-specific overrides out of login/system_auth/admin screens,
+  otherwise future changes start fighting through selector specificity.
+*/
+.ui-password-group > .form-control.ui-consistent-input {
+  border-radius: 0 !important;
+}
+
+.endpoint-edit_my_list .access-editor .access-input,
+.endpoint-edit_list .input-group.input-group-sm .form-control {
+  min-height: var(--ui-control-height) !important;
 }

@media (max-width: 575.98px) {
@@ -5093,7 +4890,6 @@ body:not(.sorting-active) .drag-handle {
  }
 }

-
 /* wyróżnienie pola dodawania produktu */
 .endpoint-list .shopping-entry-card,
 .endpoint-list_share .shopping-entry-card,
@@ -5650,8 +5446,6 @@ body:not(.sorting-active) .drag-handle {
  }
 }

-
-/* mobile hotfix 2026-03-25: keep share-list item text top-aligned next to wide restore button */
@media (max-width: 575.98px) {
  .endpoint-list_share .shopping-item-head,
  .endpoint-shared_list .shopping-item-head {
@@ -5669,7 +5463,6 @@ body:not(.sorting-active) .drag-handle {
  }
 }

-/* v15 2026-03-27: /share mobile row text parity with /list */
@media (max-width: 575.98px) {
  .endpoint-list_share .shopping-item-main,
  .endpoint-shared_list .shopping-item-main {
@@ -5692,7 +5485,6 @@ body:not(.sorting-active) .drag-handle {
  }
 }

-/* hotfix 2026-03-30: first list item visual parity on /list and /share */
 .endpoint-list #items,
 .endpoint-view_list #items,
 .endpoint-list_share #items,
@@ -5786,3 +5578,139 @@ body:not(.sorting-active) .drag-handle {
  min-width: 2.5rem;
  border-radius: 10px;
 }
+
+
+/* =========================================================
+   Receipt disclosure (share view)
+========================================================= */
+.receipt-disclosure {
+  width: 100%;
+  cursor: pointer;
+  border: 1px solid rgba(255, 255, 255, 0.08);
+  border-radius: 20px;
+  background: linear-gradient(135deg, rgba(255, 255, 255, 0.04), rgba(255, 255, 255, 0.02));
+  box-shadow: 0 12px 32px rgba(0, 0, 0, 0.18);
+  transition: transform 0.2s ease, border-color 0.2s ease, box-shadow 0.2s ease, background 0.2s ease;
+}
+
+.receipt-disclosure:hover,
+.receipt-disclosure:focus-visible {
+  transform: translateY(-1px);
+  border-color: rgba(255, 255, 255, 0.18);
+  box-shadow: 0 16px 36px rgba(0, 0, 0, 0.24);
+  outline: none;
+}
+
+.receipt-disclosure.is-open {
+  border-color: rgba(24, 64, 118, 0.9);
+  background: linear-gradient(135deg, rgba(24, 64, 118, 0.22), rgba(255, 255, 255, 0.03));
+}
+
+.receipt-disclosure__content {
+  display: flex;
+  align-items: center;
+  gap: 14px;
+  padding: 16px 18px;
+}
+
+.receipt-disclosure__icon {
+  display: grid;
+  place-items: center;
+  width: 48px;
+  height: 48px;
+  border-radius: 14px;
+  background: rgba(255, 255, 255, 0.06);
+  font-size: 1.25rem;
+  flex-shrink: 0;
+}
+
+.receipt-disclosure__text {
+  min-width: 0;
+  flex: 1;
+}
+
+.receipt-disclosure__eyebrow {
+  font-size: 0.72rem;
+  letter-spacing: 0.08em;
+  text-transform: uppercase;
+  color: rgba(255, 255, 255, 0.52);
+  margin-bottom: 2px;
+}
+
+.receipt-disclosure__title {
+  font-size: 1rem;
+  font-weight: 600;
+  color: var(--text-strong);
+}
+
+.receipt-disclosure__meta {
+  display: flex;
+  align-items: center;
+  gap: 12px;
+  margin-left: auto;
+  flex-shrink: 0;
+}
+
+.receipt-disclosure__count {
+  min-width: 34px;
+  padding: 6px 10px;
+  border-radius: 999px;
+  background: rgba(255, 255, 255, 0.08);
+  color: var(--text-strong);
+  font-size: 0.875rem;
+  text-align: center;
+}
+
+.receipt-disclosure__chevron {
+  font-size: 1.15rem;
+  color: rgba(255, 255, 255, 0.7);
+  transition: transform 0.2s ease;
+}
+
+.receipt-disclosure.is-open .receipt-disclosure__chevron {
+  transform: rotate(180deg);
+}
+
+@media (max-width: 575.98px) {
+  .receipt-disclosure__content {
+    padding: 14px;
+    gap: 12px;
+  }
+
+  .receipt-disclosure__icon {
+    width: 42px;
+    height: 42px;
+    border-radius: 12px;
+  }
+
+  .receipt-disclosure__meta {
+    gap: 10px;
+  }
+
+  .receipt-disclosure__title {
+    font-size: 0.95rem;
+  }
+}
+
+
+/* =========================================================
+   Final form-control normalization for edit/admin screens
+========================================================= */
+.endpoint-edit_my_list .stack-form > .mb-3 > .ui-consistent-input,
+.endpoint-edit_my_list .stack-form > .mb-4 > .ui-consistent-input,
+.endpoint-edit_my_list .stack-form .row .ui-consistent-input,
+.endpoint-edit_list form > .mb-3 > .ui-consistent-input,
+.endpoint-edit_list form > .mb-4 > .ui-consistent-input,
+.endpoint-edit_list form .row .ui-consistent-input,
+.endpoint-user_management .row > [class*="col-"] > .ui-consistent-input,
+.endpoint-user_management .modal .ui-consistent-input {
+  border-radius: var(--ui-control-radius) !important;
+}
+
+.endpoint-edit_my_list .ts-wrapper.single .ts-control,
+.endpoint-edit_list .ts-wrapper.single .ts-control,
+.endpoint-edit_my_list .ts-wrapper.multi .ts-control,
+.endpoint-edit_list .ts-wrapper.multi .ts-control {
+  min-height: var(--ui-control-height) !important;
+  border-radius: var(--ui-control-radius) !important;
+}
--- a/shopping_app/static/js/functions.js
+++ b/shopping_app/static/js/functions.js
@@ -389,7 +389,7 @@ function renderItem(item, isShare = window.IS_SHARE, optionsOrShowEditOnly = fal
      <button type="button" class="${iconBtn} shopping-action-btn--countdown" disabled data-countdown-for="${item.id}">${countdownSeconds}s</button>
      <button type="button" class="${iconBtn}" ${isArchived ? 'disabled' : `onclick='openEditItemModal(event, ${item.id}, ${nameForEdit}, ${quantity})'`}>✏️</button>
      <button type="button" class="${iconBtn}" ${isArchived ? 'disabled' : `onclick="deleteItem(${item.id})"`}>🗑️</button>`;
-  } else if (canShowShareActions) {
+  } else if (canShowShareActions || (!isShare && isOwner)) {
    actionButtons += `
      <button type="button" class="${iconBtn}" ${isArchived ? 'disabled' : `onclick="openNoteModal(event, ${item.id})"`}>📝</button>`;
  }
--- a/shopping_app/static/js/notes.js
+++ b/shopping_app/static/js/notes.js
@@ -3,9 +3,9 @@ window.currentItemId = window.currentItemId ?? null;
 window.openNoteModal = function (event, itemId) {
  event.stopPropagation();
  window.currentItemId = itemId;
-  const noteEl = document.querySelector(`#item-${itemId} small.text-danger`);
+  const noteEl = document.querySelector(`#info-${itemId} .text-danger b`);
  document.getElementById('noteText').value = noteEl
-    ? noteEl.innerText.replace(/\[|\]|Powód:/g, "").trim()
+    ? noteEl.innerText.trim()
    : "";
  const modal = new bootstrap.Modal(document.getElementById('noteModal'));
  modal.show();
--- a/shopping_app/static/js/receipt_section.js
+++ b/shopping_app/static/js/receipt_section.js
@@ -1,39 +1,55 @@
 document.addEventListener("DOMContentLoaded", function () {
  const receiptSection = document.getElementById("receiptSection");
-  const toggleBtn = document.querySelector('[data-bs-target="#receiptSection"]');
+  const toggleEl = document.querySelector('[data-bs-target="#receiptSection"]');

-  if (!receiptSection || !toggleBtn) return;
+  if (!receiptSection || !toggleEl) return;
+
+  const collapse = bootstrap.Collapse.getOrCreateInstance(receiptSection, { toggle: false });

  if (localStorage.getItem("receiptSectionOpen") === "true") {
-    new bootstrap.Collapse(receiptSection, { toggle: true });
+    collapse.show();
  }

-  receiptSection.addEventListener('shown.bs.collapse', function () {
-    localStorage.setItem("receiptSectionOpen", "true");
-  });
-
-  receiptSection.addEventListener('hidden.bs.collapse', function () {
-    localStorage.setItem("receiptSectionOpen", "false");
-  });
-});
-
-document.addEventListener("DOMContentLoaded", function () {
-  const btn = document.getElementById("toggleReceiptBtn");
-  const target = document.querySelector(btn.getAttribute("data-bs-target"));
+  const titleEl = toggleEl.querySelector(".receipt-disclosure__title");

  function updateUI() {
-    const isShown = target.classList.contains("show");
-    btn.innerHTML = isShown
-      ? "📄 Ukryj sekcję paragonów"
-      : "📄 Pokaż sekcję paragonów";
+    const isShown = receiptSection.classList.contains("show");

-    btn.classList.toggle("active", isShown);
-    btn.classList.toggle("btn-outline-light", !isShown);
-    btn.classList.toggle("btn-secondary", isShown);
+    toggleEl.classList.toggle("is-open", isShown);
+    toggleEl.setAttribute("aria-expanded", isShown ? "true" : "false");
+
+    if (titleEl) {
+      titleEl.textContent = isShown
+        ? "Ukryj sekcję paragonów"
+        : "Pokaż sekcję paragonów";
+    }
  }

-  target.addEventListener("shown.bs.collapse", updateUI);
-  target.addEventListener("hidden.bs.collapse", updateUI);
+  function toggleSection() {
+    collapse.toggle();
+  }
+
+  toggleEl.addEventListener("click", function (event) {
+    event.preventDefault();
+    toggleSection();
+  });
+
+  toggleEl.addEventListener("keydown", function (event) {
+    if (event.key === "Enter" || event.key === " ") {
+      event.preventDefault();
+      toggleSection();
+    }
+  });
+
+  receiptSection.addEventListener("shown.bs.collapse", function () {
+    localStorage.setItem("receiptSectionOpen", "true");
+    updateUI();
+  });
+
+  receiptSection.addEventListener("hidden.bs.collapse", function () {
+    localStorage.setItem("receiptSectionOpen", "false");
+    updateUI();
+  });

  updateUI();
-});
+});
--- a/shopping_app/templates/admin/edit_list.html
+++ b/shopping_app/templates/admin/edit_list.html
@@ -18,7 +18,7 @@
      <!-- Nazwa listy -->
      <div class="mb-3">
        <label for="title" class="form-label">📝 Nazwa listy</label>
-        <input type="text" class="form-control bg-dark text-white border-secondary rounded" id="title" name="title"
+        <input type="text" class="form-control bg-dark text-white border-secondary ui-consistent-input" id="title" name="title"
          value="{{ list.title }}" required>
      </div>

@@ -26,13 +26,13 @@
      <div class="row mb-3">
        <div class="col-md-6">
          <label for="amount" class="form-label">💰 Całkowity wydatek (PLN)</label>
-          <input type="number" step="0.01" min="0" class="form-control bg-dark text-white border-secondary rounded"
+          <input type="number" step="0.01" min="0" class="form-control bg-dark text-white border-secondary ui-consistent-input"
            id="amount" name="amount" value="{{ '%.2f'|format(total_expense) }}">
        </div>

        <div class="col-md-6">
          <label for="owner_id" class="form-label">👤 Właściciel</label>
-          <select class="form-select bg-dark text-white border-secondary" id="owner_id" name="owner_id">
+          <select class="form-select bg-dark text-white border-secondary ui-consistent-input" id="owner_id" name="owner_id">
            {% for user in users %}
            <option value="{{ user.id }}" {% if list.owner_id==user.id %}selected{% endif %}>
              {{ user.username }}
@@ -71,12 +71,12 @@
      <div class="row mb-4">
        <div class="col-md-6">
          <label for="expires_date" class="form-label">📅 Data wygaśnięcia</label>
-          <input type="date" class="form-control bg-dark text-white border-secondary rounded" id="expires_date"
+          <input type="date" class="form-control bg-dark text-white border-secondary ui-consistent-input" id="expires_date"
            name="expires_date" value="{{ list.expires_at.strftime('%Y-%m-%d') if list.expires_at else '' }}">
        </div>
        <div class="col-md-6">
          <label for="expires_time" class="form-label">⏰ Godzina wygaśnięcia</label>
-          <input type="time" class="form-control bg-dark text-white border-secondary rounded" id="expires_time"
+          <input type="time" class="form-control bg-dark text-white border-secondary ui-consistent-input" id="expires_time"
            name="expires_time" value="{{ list.expires_at.strftime('%H:%M') if list.expires_at else '' }}">
        </div>
      </div>
@@ -94,7 +94,7 @@
        <div class="col-md-6">
          <label class="form-label">📁 Przenieś do miesiąca (format: rok-miesiąc np 2026-01)</label>
          <input type="month" id="created_month" name="created_month"
-            class="form-control bg-dark text-white border-secondary rounded">
+            class="form-control bg-dark text-white border-secondary ui-consistent-input">
        </div>
      </div>

@@ -102,7 +102,7 @@
      <div class="mb-4">
        <label for="categories" class="form-label">🏷️ Kategorie</label>
        <select id="categories" name="categories"
-          class="form-select tom-dark bg-dark text-white border-secondary rounded">
+          class="form-select tom-dark bg-dark text-white border-secondary ui-consistent-input">
          <option value="">– brak –</option>
          {% for cat in categories %}
          <option value="{{ cat.id }}" {% if cat.id in selected_categories %}selected{% endif %}>
@@ -115,7 +115,7 @@
      <!-- Link udostępnienia -->
      <div class="mb-4">
        <label class="form-label">🔗 Link do udostępnienia</label>
-        <input type="text" class="form-control bg-dark text-white border-secondary rounded" readonly
+        <input type="text" class="form-control bg-dark text-white border-secondary ui-consistent-input" readonly
          value="{{ request.url_root }}share/{{ list.share_token }}">
      </div>

@@ -157,11 +157,11 @@
    <form method="post" class="row g-2 mb-3">
      <input type="hidden" name="action" value="add_item">
      <div class="col-md-8">
-        <input type="text" class="form-control bg-dark text-white border-secondary rounded" name="item_name"
+        <input type="text" class="form-control bg-dark text-white border-secondary ui-consistent-input" name="item_name"
          placeholder="Nazwa produktu" required>
      </div>
      <div class="col-md-1">
-        <input type="number" class="form-control bg-dark text-white border-secondary rounded" name="quantity" min="1"
+        <input type="number" class="form-control bg-dark text-white border-secondary ui-consistent-input" name="quantity" min="1"
          value="1">
      </div>
      <div class="col-md-3 d-grid">
--- a/shopping_app/templates/admin/user_management.html
+++ b/shopping_app/templates/admin/user_management.html
@@ -18,13 +18,13 @@
        <div class="col-md-4">
          <label for="username" class="form-label text-white-50">Nazwa użytkownika</label>
          <input type="text" id="username" name="username"
-            class="form-control bg-dark text-white border-secondary rounded" placeholder="np. jan" required>
+            class="form-control bg-dark text-white border-secondary ui-consistent-input" placeholder="np. jan" required>
        </div>
        <div class="col-md-4">
          <label for="password" class="form-label text-white-50">Hasło</label>
          <div class="input-group ui-password-group">
            <input type="password" id="password" name="password"
-              class="form-control bg-dark text-white border-secondary rounded" placeholder="min. 6 znaków" required>
+              class="form-control bg-dark text-white border-secondary ui-consistent-input" placeholder="min. 6 znaków" required>
          </div>
        </div>
        <div class="col-md-4 d-grid">
@@ -109,7 +109,7 @@
          <p id="resetUsernameLabel">Dla użytkownika: <strong></strong></p>
          <div class="input-group ui-password-group">
            <input type="password" name="password" placeholder="Nowe hasło"
-              class="form-control bg-dark text-white border-secondary rounded" required>
+              class="form-control bg-dark text-white border-secondary ui-consistent-input" required>
          </div>
        </div>
        <div class="modal-footer border-0">
--- a/shopping_app/templates/base.html
+++ b/shopping_app/templates/base.html
@@ -12,6 +12,8 @@
  <link href="{{ static_asset_url('static_bp.serve_css_lib', 'bootstrap.min.css') }}" rel="stylesheet">
  <link href="{{ static_asset_url('static_bp.serve_css', 'style.css') }}" rel="stylesheet">

+  {% set hide_login_ui = request.path == '/system-auth' %}
+
  {% set exclude_paths = ['/system-auth'] %}
  {% if (exclude_paths | select("in", request.path) | list | length == 0)
  and has_authorized_cookie
@@ -82,7 +84,7 @@
            <span class="navbar-toggler-icon"></span>
          </button>
          <div class="dropdown-menu dropdown-menu-end app-mobile-menu__panel">
-            {% if not is_blocked and request.endpoint and request.endpoint != 'system_auth' %}
+            {% if not is_blocked and not hide_login_ui %}
              {% if current_user.is_authenticated %}
                {% if current_user.is_admin %}
                <a href="{{ url_for('admin_panel') }}" class="dropdown-item app-mobile-menu__item">⚙️ <span>Panel</span></a>
@@ -99,7 +101,7 @@

        <div class="d-none d-lg-flex justify-content-end order-lg-3" id="appNavbarMenu">
          <div class="app-navbar__actions">
-            {% if not is_blocked and request.endpoint and request.endpoint != 'system_auth' %}
+            {% if not is_blocked and not hide_login_ui %}
              {% if current_user.is_authenticated %}
                {% if current_user.is_admin %}
                <a href="{{ url_for('admin_panel') }}" class="btn btn-outline-light btn-sm app-nav-action">⚙️ <span>Panel</span></a>
@@ -194,4 +196,4 @@

  {% block scripts %}{% endblock %}
 </body>
-</html>
+</html>
--- a/shopping_app/templates/edit_my_list.html
+++ b/shopping_app/templates/edit_my_list.html
@@ -16,7 +16,7 @@
      <!-- Nazwa listy -->
      <div class="mb-3">
        <label for="title" class="form-label">📝 Nazwa listy</label>
-        <input type="text" class="form-control bg-dark text-white border-secondary rounded" id="title" name="title"
+        <input type="text" class="form-control bg-dark text-white border-secondary ui-consistent-input" id="title" name="title"
          value="{{ list.title }}" required>
      </div>

@@ -48,12 +48,12 @@
      <div class="row mb-4">
        <div class="col-md-6">
          <label for="expires_date" class="form-label">📅 Data wygaśnięcia</label>
-          <input type="date" class="form-control bg-dark text-white border-secondary rounded" id="expires_date"
+          <input type="date" class="form-control bg-dark text-white border-secondary ui-consistent-input" id="expires_date"
            name="expires_date" value="{{ list.expires_at.strftime('%Y-%m-%d') if list.expires_at else '' }}">
        </div>
        <div class="col-md-6">
          <label for="expires_time" class="form-label">⏰ Godzina wygaśnięcia</label>
-          <input type="time" class="form-control bg-dark text-white border-secondary rounded" id="expires_time"
+          <input type="time" class="form-control bg-dark text-white border-secondary ui-consistent-input" id="expires_time"
            name="expires_time" value="{{ list.expires_at.strftime('%H:%M') if list.expires_at else '' }}">
        </div>
      </div>
@@ -71,7 +71,7 @@
        <div class="col-md-6">
          <label class="form-label">📁 Przenieś do miesiąca (format: rok-miesiąc np 2026-01)</label>
          <input type="month" id="move_to_month" name="move_to_month"
-            class="form-control bg-dark text-white border-secondary rounded">
+            class="form-control bg-dark text-white border-secondary ui-consistent-input">
        </div>
      </div>

@@ -79,7 +79,7 @@
      <div class="mb-4">
        <label for="categories" class="form-label">🏷️ Kategorie</label>
        <select id="categories" name="categories"
-          class="form-select tom-dark bg-dark text-white border-secondary rounded">
+          class="form-select tom-dark bg-dark text-white border-secondary ui-consistent-input">
          <option value="">– brak –</option>
          {% for cat in categories %}
          <option value="{{ cat.id }}" {% if cat.id in selected_categories %}selected{% endif %}>
@@ -209,7 +209,7 @@
      </div>
      <div class="modal-body">
        <p>Aby usunąć listę <strong>{{ list.title }}</strong>, wpisz <code>usuń</code> i poczekaj 2 sekundy:</p>
-        <input type="text" id="confirm-delete-input" class="form-control bg-dark text-white border-warning rounded"
+        <input type="text" id="confirm-delete-input" class="form-control bg-dark text-white border-warning ui-consistent-input"
          placeholder="">
      </div>
      <div class="modal-footer justify-content-between">
--- a/shopping_app/templates/list.html
+++ b/shopping_app/templates/list.html
@@ -141,6 +141,9 @@
      <button type="button" class="btn btn-outline-light btn-sm shopping-action-btn" {% if list.is_archived %}disabled{% else
        %}onclick="markNotPurchasedModal(event, {{ item.id }})" {% endif %}>⚠️</button>
      {% endif %}
+
+      <button type="button" class="btn btn-outline-light btn-sm shopping-action-btn" {% if list.is_archived %}disabled{% else
+        %}onclick="openNoteModal(event, {{ item.id }})" {% endif %}>📝</button>
          </div>
        </div>
      </div>
@@ -451,6 +454,29 @@
  </div>
 </div>

+<div class="modal fade" id="noteModal" tabindex="-1" aria-hidden="true">
+  <div class="modal-dialog modal-lg modal-dialog-scrollable">
+    <div class="modal-content bg-dark text-white">
+      <div class="modal-header">
+        <h5 class="modal-title">Dodaj notatkę</h5>
+        <button type="button" class="btn-close btn-close-white" data-bs-dismiss="modal" aria-label="Zamknij"></button>
+      </div>
+      <form id="noteForm" onsubmit="submitNote(event)">
+        <div class="modal-body">
+          <textarea id="noteText" class="form-control" rows="4" placeholder="Np. 'Jak nie kupisz to po Tobie!'"></textarea>
+        </div>
+        <div class="modal-footer">
+          <div class="btn-group" role="group">
+            <button type="button" class="btn btn-outline-light btn-sm" data-bs-dismiss="modal">❌ Anuluj</button>
+            <button type="submit" class="btn btn-outline-light btn-sm"><span class="shopping-btn-icon" aria-hidden="true">💾</span>
+            <span class="shopping-btn-label">Zapisz</span></button>
+          </div>
+        </div>
+      </form>
+    </div>
+  </div>
+</div>
+
 {% block scripts %}
 <script src="{{ static_asset_url('static_bp.serve_js_lib', 'Sortable.min.js') }}"></script>
 <script>
@@ -465,6 +491,7 @@
 <script src="{{ static_asset_url('static_bp.serve_js', 'sort_mode.js') }}"></script>
 <script src="{{ static_asset_url('static_bp.serve_js', 'access_users.js') }}"></script>
 <script src="{{ static_asset_url('static_bp.serve_js', 'category_modal.js') }}"></script>
+<script src="{{ static_asset_url('static_bp.serve_js', 'notes.js') }}"></script>
 <script>
  setupList({{ list.id }}, '{{ current_user.username if current_user.is_authenticated else 'Gość' }}');

--- a/shopping_app/templates/list_share.html
+++ b/shopping_app/templates/list_share.html
@@ -138,10 +138,20 @@
  <b>💸 Łącznie wydano:</b> {{ '%.2f'|format(total_expense) }} PLN
 </p>

-<button id="toggleReceiptBtn" class="btn btn-outline-light mb-3 w-100 w-md-auto d-block mx-auto" type="button"
+<div id="toggleReceiptBtn" class="receipt-disclosure mb-3" role="button" tabindex="0"
  data-bs-toggle="collapse" data-bs-target="#receiptSection" aria-expanded="false" aria-controls="receiptSection">
-  📄 Pokaż sekcję paragonów
-</button>
+  <div class="receipt-disclosure__content">
+    <div class="receipt-disclosure__icon" aria-hidden="true">🧾</div>
+    <div class="receipt-disclosure__text">
+      <div class="receipt-disclosure__eyebrow">Strefa paragonów</div>
+      <div class="receipt-disclosure__title">Pokaż sekcję paragonów</div>
+    </div>
+    <div class="receipt-disclosure__meta">
+      <span class="receipt-disclosure__count">{{ receipts|length }}</span>
+      <span class="receipt-disclosure__chevron" aria-hidden="true">⌄</span>
+    </div>
+  </div>
+</div>

 <div class="collapse px-2 px-md-4" id="receiptSection">
  {% set receipt_pattern = 'list_' ~ list.id %}
@@ -301,7 +311,8 @@
        <div class="modal-footer">
          <div class="btn-group" role="group">
            <button type="button" class="btn btn-outline-light btn-sm" data-bs-dismiss="modal">❌ Anuluj</button>
-            <button type="submit" class="btn btn-outline-light btn-sm"><span class="shopping-btn-icon" aria-hidden="true">💾</span><span class="shopping-btn-label">Zapisz</span></button>
+            <button type="submit" class="btn btn-outline-light btn-sm"><span class="shopping-btn-icon" aria-hidden="true">💾</span>
+            <span class="shopping-btn-label">Zapisz</span></button>
          </div>

        </div>
--- a/shopping_app/templates/login.html
+++ b/shopping_app/templates/login.html
@@ -11,12 +11,12 @@
    <form method="post">
      <div class="mb-3">
        <input type="text" name="username" placeholder="Login"
-          class="form-control bg-dark text-white border-secondary rounded" required>
+          class="form-control bg-dark text-white border-secondary ui-consistent-input" required>
      </div>
      <div class="mb-3">
        <div class="input-group ui-password-group">
          <input type="password" name="password" placeholder="Hasło"
-            class="form-control bg-dark text-white border-secondary rounded" required>
+            class="form-control bg-dark text-white border-secondary ui-consistent-input" required>
        </div>
      </div>
      <button type="submit" class="btn btn-success w-100">🔑 Zaloguj</button>
--- a/shopping_app/templates/system_auth.html
+++ b/shopping_app/templates/system_auth.html
@@ -13,7 +13,7 @@
      <div class="mb-3">
        <div class="input-group ui-password-group">
          <input type="password" name="password" placeholder="Hasło"
-            class="form-control bg-dark text-white border-secondary rounded" required>
+            class="form-control bg-dark text-white border-secondary ui-consistent-input" required>
        </div>
      </div>
      <button type="submit" class="btn btn-success w-100">🔓 Wejdź</button>
--- a/shopping_app/web.py
+++ b/shopping_app/web.py
@@ -71,7 +71,7 @@ def require_system_password():
    if is_ip_blocked(ip):
        abort(403)

-    if "authorized" not in request.cookies and not endpoint.startswith("login"):
+    if "authorized" not in request.cookies:
        if request.path == "/":
            return redirect(url_for("system_auth"))
Author	SHA1	Message	Date
gru	e8031858cd	Merge pull request 'inputs_fix' (#13 ) from inputs_fix into master Reviewed-on: #13	2026-03-31 15:21:23 +02:00
Mateusz Gruszczyński	80ed950aed	fix logiczny	2026-03-31 15:16:27 +02:00
Mateusz Gruszczyński	77e0c2b5bb	fix inputs	2026-03-31 15:02:20 +02:00
Mateusz Gruszczyński	ad75e2f958	fix inputs	2026-03-31 15:02:12 +02:00
Mateusz Gruszczyński	b9b37daf01	zmiany ux	2026-03-31 14:23:22 +02:00
Mateusz Gruszczyński	40ffbb7de7	fix with .env/password	2026-03-31 13:23:56 +02:00
Mateusz Gruszczyński	edd0a3767f	sekcja paragonów przebudowana	2026-03-31 12:14:27 +02:00
Mateusz Gruszczyński	2b4a1f551a	zmian yux i komendy cli nowe	2026-03-31 11:19:06 +02:00
Mateusz Gruszczyński	edabd2ff80	zmian yux i komendy cli nowe	2026-03-31 11:18:56 +02:00
Mateusz Gruszczyński	3d4444bde4	zmian yux i komendy cli nowe	2026-03-31 11:07:38 +02:00
Mateusz Gruszczyński	115933284f	new funtions	2026-03-31 10:34:57 +02:00
Mateusz Gruszczyński	222be68db2	new funtions	2026-03-31 10:34:29 +02:00