From 59ce50299a8a7f34f48cf159245d974792d7bf22 Mon Sep 17 00:00:00 2001
From: Herculino Trotta <netotrotta@gmail.com>
Date: Sun, 27 Apr 2025 15:57:55 -0300
Subject: [PATCH 1/2] fix(transactions): duplicate totals when account is
 shared with owner or owner-less and shared

#247
---
 app/apps/transactions/models.py | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/app/apps/transactions/models.py b/app/apps/transactions/models.py
index 2b45b86..6fd6d36 100644
--- a/app/apps/transactions/models.py
+++ b/app/apps/transactions/models.py
@@ -118,13 +118,20 @@ class SoftDeleteManager(models.Manager):
         qs = SoftDeleteQuerySet(self.model, using=self._db)
         user = get_current_user()
         if user and not user.is_anonymous:
-            return qs.filter(
-                Q(account__visibility="public")
-                | Q(account__owner=user)
-                | Q(account__shared_with=user)
-                | Q(account__visibility="private", account__owner=None),
-                deleted=False,
-            ).distinct()
+            account_ids = (
+                qs.filter(
+                    Q(account__visibility="public")
+                    | Q(account__owner=user)
+                    | Q(account__shared_with=user)
+                    | Q(account__visibility="private", account__owner=None),
+                    deleted=False,
+                )
+                .values_list("account__id", flat=True)
+                .distinct()
+            )
+
+            return qs.filter(account_id__in=account_ids, deleted=False)
+
         else:
             return qs.filter(
                 deleted=False,

From 281a0fccda46b261133039fc80e7e2c1379dd60d Mon Sep 17 00:00:00 2001
From: Herculino Trotta <netotrotta@gmail.com>
Date: Sun, 27 Apr 2025 16:07:54 -0300
Subject: [PATCH 2/2] fix: prevent SharedObjects from being shared with their
 owner

#247
---
 app/apps/common/forms.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/app/apps/common/forms.py b/app/apps/common/forms.py
index dd81c28..ccde74b 100644
--- a/app/apps/common/forms.py
+++ b/app/apps/common/forms.py
@@ -2,6 +2,7 @@ from crispy_forms.bootstrap import FormActions
 from django import forms
 from django.contrib.auth import get_user_model
 from django.utils.translation import gettext_lazy as _
+from django.core.exceptions import ValidationError
 from crispy_forms.helper import FormHelper
 from crispy_forms.layout import Layout, Field, Submit, Div, HTML
 
@@ -81,6 +82,23 @@ class SharedObjectForm(forms.Form):
             ),
         )
 
+    def clean(self):
+        cleaned_data = super().clean()
+        owner = cleaned_data.get("owner")
+        shared_with_users = cleaned_data.get("shared_with_users", [])
+
+        # Raise validation error if owner is in shared_with_users
+        if owner and owner in shared_with_users:
+            self.add_error(
+                "shared_with_users",
+                ValidationError(
+                    _("You cannot share this item with its owner."),
+                    code="invalid_share",
+                ),
+            )
+
+        return cleaned_data
+
     def save(self):
         instance = self.instance