diff --git a/backend/server/adventures/managers.py b/backend/server/adventures/managers.py
index fdbb151..525bf3b 100644
--- a/backend/server/adventures/managers.py
+++ b/backend/server/adventures/managers.py
@@ -9,7 +9,7 @@ class LocationManager(models.Manager):
             query |= Q(user=user)
 
         if include_shared:
-            query |= Q(collections__shared_with=user)
+            query |= Q(collections__shared_with=user) | Q(collections__user=user)
 
         if include_public:
             query |= Q(is_public=True)
diff --git a/backend/server/adventures/permissions.py b/backend/server/adventures/permissions.py
index 0e057ed..497a311 100644
--- a/backend/server/adventures/permissions.py
+++ b/backend/server/adventures/permissions.py
@@ -81,8 +81,13 @@ class IsOwnerOrSharedWithFullAccess(permissions.BasePermission):
             # If user in shared_with of any collection related to obj
             if hasattr(obj, 'collections') and obj.collections.filter(shared_with=user).exists():
                 return True
+            # **FIX: Check if user OWNS any collection that contains this object**
+            if hasattr(obj, 'collections') and obj.collections.filter(user=user).exists():
+                return True
             if hasattr(obj, 'collection') and obj.collection and obj.collection.shared_with.filter(id=user.id).exists():
                 return True
+            if hasattr(obj, 'collection') and obj.collection and obj.collection.user == user:
+                return True
             if hasattr(obj, 'shared_with') and obj.shared_with.filter(id=user.id).exists():
                 return True
             return False
@@ -92,9 +97,14 @@ class IsOwnerOrSharedWithFullAccess(permissions.BasePermission):
             return True
         if hasattr(obj, 'collections') and obj.collections.filter(shared_with=user).exists():
             return True
+        # **FIX: Allow write access if user owns any collection containing this object**
+        if hasattr(obj, 'collections') and obj.collections.filter(user=user).exists():
+            return True
         if hasattr(obj, 'collection') and obj.collection and obj.collection.shared_with.filter(id=user.id).exists():
             return True
+        if hasattr(obj, 'collection') and obj.collection and obj.collection.user == user:
+            return True
         if hasattr(obj, 'shared_with') and obj.shared_with.filter(id=user.id).exists():
             return True
 
-        return False
+        return False
\ No newline at end of file
diff --git a/backend/server/adventures/serializers.py b/backend/server/adventures/serializers.py
index bd560e9..c4f13e2 100644
--- a/backend/server/adventures/serializers.py
+++ b/backend/server/adventures/serializers.py
@@ -12,7 +12,7 @@ from integrations.models import ImmichIntegration
 class ContentImageSerializer(CustomModelSerializer):
     class Meta:
         model = ContentImage
-        fields = ['id', 'image', 'location', 'is_primary', 'user', 'immich_id']
+        fields = ['id', 'image', 'is_primary', 'user', 'immich_id']
         read_only_fields = ['id', 'user']
 
     def to_representation(self, instance):
@@ -42,7 +42,7 @@ class AttachmentSerializer(CustomModelSerializer):
     extension = serializers.SerializerMethodField()
     class Meta:
         model = ContentAttachment
-        fields = ['id', 'file', 'location', 'extension', 'name', 'user']
+        fields = ['id', 'file', 'extension', 'name', 'user']
         read_only_fields = ['id', 'user']
 
     def get_extension(self, obj):
@@ -127,16 +127,28 @@ class LocationSerializer(CustomModelSerializer):
         return [image for image in serializer.data if image is not None]
 
     def validate_collections(self, collections):
-        """Validate that collections belong to the same user"""
+        """Validate that collections are compatible with the location being created/updated"""
         if not collections:
             return collections
             
         user = self.context['request'].user
+        
+        # Get the location being updated (if this is an update operation)
+        location_owner = getattr(self.instance, 'user', None) if self.instance else user
+        
         for collection in collections:
+            # Check if user has permission to use this collection
             if collection.user != user and not collection.shared_with.filter(id=user.id).exists():
                 raise serializers.ValidationError(
                     f"Collection '{collection.name}' does not belong to the current user."
                 )
+            
+            # Check if the location owner is compatible with the collection
+            if collection.user != location_owner and not collection.shared_with.filter(id=location_owner.id).exists():
+                raise serializers.ValidationError(
+                    f"Location owned by '{location_owner.username}' cannot be added to collection '{collection.name}' owned by '{collection.user.username}' unless the location owner has shared access to the collection."
+                )
+        
         return collections
 
     def validate_category(self, category_data):
diff --git a/backend/server/adventures/signals.py b/backend/server/adventures/signals.py
index bf309c9..6e62b88 100644
--- a/backend/server/adventures/signals.py
+++ b/backend/server/adventures/signals.py
@@ -6,7 +6,10 @@ from adventures.models import Location
 def update_adventure_publicity(sender, instance, action, **kwargs):
     """
     Signal handler to update adventure publicity when collections are added/removed
+    This function checks if the adventure's collections contain any public collection.
     """
+    if not isinstance(instance, Location):
+        return
     # Only process when collections are added or removed
     if action in ('post_add', 'post_remove', 'post_clear'):
         collections = instance.collections.all()
diff --git a/backend/server/adventures/urls.py b/backend/server/adventures/urls.py
index 7d165d4..241db16 100644
--- a/backend/server/adventures/urls.py
+++ b/backend/server/adventures/urls.py
@@ -11,7 +11,7 @@ router.register(r'tags', ActivityTypesView, basename='tags')
 router.register(r'transportations', TransportationViewSet, basename='transportations')
 router.register(r'notes', NoteViewSet, basename='notes')
 router.register(r'checklists', ChecklistViewSet, basename='checklists')
-router.register(r'images', AdventureImageViewSet, basename='images')
+router.register(r'images', ContentImageViewSet, basename='images')
 router.register(r'reverse-geocode', ReverseGeocodeViewSet, basename='reverse-geocode')
 router.register(r'categories', CategoryViewSet, basename='categories')
 router.register(r'ics-calendar', IcsCalendarGeneratorViewSet, basename='ics-calendar')
diff --git a/backend/server/adventures/utils/file_permissions.py b/backend/server/adventures/utils/file_permissions.py
index 5d6d470..657ee06 100644
--- a/backend/server/adventures/utils/file_permissions.py
+++ b/backend/server/adventures/utils/file_permissions.py
@@ -27,12 +27,12 @@ def checkFilePermission(fileId, user, mediaType):
             if hasattr(content_object, 'collections') and content_object.collections.exists():
                 # For objects with multiple collections (like Location)
                 for collection in content_object.collections.all():
-                    if collection.shared_with.filter(id=user.id).exists():
+                    if collection.user == user or collection.shared_with.filter(id=user.id).exists():
                         return True
                 return False
             elif hasattr(content_object, 'collection') and content_object.collection:
                 # For objects with single collection (like Transportation, Note, etc.)
-                if content_object.collection.shared_with.filter(id=user.id).exists():
+                if content_object.collection.user == user or content_object.collection.shared_with.filter(id=user.id).exists():
                     return True
                 return False
             else:
@@ -62,12 +62,12 @@ def checkFilePermission(fileId, user, mediaType):
             if hasattr(content_object, 'collections') and content_object.collections.exists():
                 # For objects with multiple collections (like Location)
                 for collection in content_object.collections.all():
-                    if collection.shared_with.filter(id=user.id).exists():
+                    if collection.user == user or collection.shared_with.filter(id=user.id).exists():
                         return True
                 return False
             elif hasattr(content_object, 'collection') and content_object.collection:
                 # For objects with single collection (like Transportation, Note, etc.)
-                if content_object.collection.shared_with.filter(id=user.id).exists():
+                if content_object.collection.user == user or content_object.collection.shared_with.filter(id=user.id).exists():
                     return True
                 return False
             else:
diff --git a/backend/server/adventures/views/attachment_view.py b/backend/server/adventures/views/attachment_view.py
index 9f75211..10149c2 100644
--- a/backend/server/adventures/views/attachment_view.py
+++ b/backend/server/adventures/views/attachment_view.py
@@ -2,51 +2,97 @@ from rest_framework import viewsets, status
 from rest_framework.decorators import action
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
+from django.contrib.contenttypes.models import ContentType
 from adventures.models import Location, ContentAttachment
 from adventures.serializers import AttachmentSerializer
+from adventures.permissions import IsOwnerOrSharedWithFullAccess
+
 
 class AttachmentViewSet(viewsets.ModelViewSet):
     serializer_class = AttachmentSerializer
-    permission_classes = [IsAuthenticated]
+    permission_classes = [IsOwnerOrSharedWithFullAccess]
 
     def get_queryset(self):
         return ContentAttachment.objects.filter(user=self.request.user)
-    
+
     def create(self, request, *args, **kwargs):
         if not request.user.is_authenticated:
             return Response({"error": "User is not authenticated"}, status=status.HTTP_401_UNAUTHORIZED)
-        location_id = request.data.get('location')
-        try:
-            location = Location.objects.get(id=location_id)
-        except Location.DoesNotExist:
-            return Response({"error": "Location not found"}, status=status.HTTP_404_NOT_FOUND)
-
-        if location.user != request.user:
-            # Check if the location has any collections
-            if location.collections.exists():
-                # Check if the user is in the shared_with list of any of the location's collections
-                user_has_access = False
-                for collection in location.collections.all():
-                    if collection.shared_with.filter(id=request.user.id).exists():
-                        user_has_access = True
-                        break
-                
-                if not user_has_access:
-                    return Response({"error": "User does not have permission to access this location"}, status=status.HTTP_403_FORBIDDEN)
-            else:
-                return Response({"error": "User does not own this location"}, status=status.HTTP_403_FORBIDDEN)
         
-        return super().create(request, *args, **kwargs)
-    
-    def perform_create(self, serializer):
-        location_id = self.request.data.get('location')
-        location = Location.objects.get(id=location_id)
+        # Get the content object details
+        content_type_id = request.data.get('content_type')
+        object_id = request.data.get('object_id')
+        
+        # For backward compatibility, also check for 'location' parameter
+        location_id = request.data.get('location')
+        
+        if location_id and not (content_type_id and object_id):
+            # Handle legacy location-specific requests
+            try:
+                location = Location.objects.get(id=location_id)
+                content_type = ContentType.objects.get_for_model(Location)
+                content_type_id = content_type.id
+                object_id = location_id
+            except Location.DoesNotExist:
+                return Response({"error": "Location not found"}, status=status.HTTP_404_NOT_FOUND)
+        
+        if not (content_type_id and object_id):
+            return Response({"error": "content_type and object_id are required"}, status=status.HTTP_400_BAD_REQUEST)
 
-        # If the location belongs to collections, set the owner to the collection owner
-        if location.collections.exists():
-            # Get the first collection's owner (assuming all collections have the same owner)
-            collection = location.collections.first()
-            serializer.save(user=collection.user)
-        else:
-            # Otherwise, set the owner to the request user
-            serializer.save(user=self.request.user)
\ No newline at end of file
+        try:
+            content_type = ContentType.objects.get(id=content_type_id)
+            model_class = content_type.model_class()
+            content_object = model_class.objects.get(id=object_id)
+        except (ContentType.DoesNotExist, model_class.DoesNotExist):
+            return Response({"error": "Content object not found"}, status=status.HTTP_404_NOT_FOUND)
+
+        return super().create(request, *args, **kwargs)
+
+    def perform_create(self, serializer):
+        content_type_id = self.request.data.get('content_type')
+        object_id = self.request.data.get('object_id')
+        
+        # Handle legacy location parameter
+        location_id = self.request.data.get('location')
+        if location_id and not (content_type_id and object_id):
+            content_type = ContentType.objects.get_for_model(Location)
+            content_type_id = content_type.id
+            object_id = location_id
+
+        content_type = ContentType.objects.get(id=content_type_id)
+        model_class = content_type.model_class()
+        content_object = model_class.objects.get(id=object_id)
+
+        # Determine the appropriate user to assign
+        attachment_user = self._get_attachment_user(content_object)
+        
+        serializer.save(
+            user=attachment_user,
+            content_type=content_type,
+            object_id=object_id
+        )
+
+    def _get_attachment_user(self, content_object):
+        """
+        Determine which user should own the attachment based on the content object.
+        This preserves the original logic for shared collections.
+        """
+        # Handle Location objects
+        if isinstance(content_object, Location):
+            if content_object.collections.exists():
+                # Get the first collection's owner (assuming all collections have the same owner)
+                collection = content_object.collections.first()
+                return collection.user
+            else:
+                return self.request.user
+        
+        # Handle other content types with collections
+        elif hasattr(content_object, 'collection') and content_object.collection:
+            return content_object.collection.user
+        
+        # Handle content objects with a user field
+        elif hasattr(content_object, 'user'):
+            return content_object.user
+        
+        # Default to request user
+        return self.request.user
\ No newline at end of file
diff --git a/backend/server/adventures/views/collection_view.py b/backend/server/adventures/views/collection_view.py
index 8c42525..d5b19d9 100644
--- a/backend/server/adventures/views/collection_view.py
+++ b/backend/server/adventures/views/collection_view.py
@@ -183,9 +183,12 @@ class CollectionViewSet(viewsets.ModelViewSet):
     def unshare(self, request, pk=None, uuid=None):
         if not request.user.is_authenticated:
             return Response({"error": "User is not authenticated"}, status=400)
+        
         collection = self.get_object()
+        
         if not uuid:
             return Response({"error": "User UUID is required"}, status=400)
+        
         try:
             user = User.objects.get(uuid=uuid, public_profile=True)
         except User.DoesNotExist:
@@ -197,9 +200,25 @@ class CollectionViewSet(viewsets.ModelViewSet):
         if not collection.shared_with.filter(id=user.id).exists():
             return Response({"error": "Collection is not shared with this user"}, status=400)
         
+        # Remove user from shared_with
         collection.shared_with.remove(user)
+        
+        # Handle locations owned by the unshared user that are in this collection
+        # These locations should be removed from the collection since they lose access
+        locations_to_remove = collection.locations.filter(user=user)
+        removed_count = locations_to_remove.count()
+        
+        if locations_to_remove.exists():
+            # Remove these locations from the collection
+            collection.locations.remove(*locations_to_remove)
+        
         collection.save()
-        return Response({"success": f"Unshared with {user.username}"})
+        
+        success_message = f"Unshared with {user.username}"
+        if removed_count > 0:
+            success_message += f" and removed {removed_count} location(s) they owned from the collection"
+        
+        return Response({"success": success_message})
 
     def get_queryset(self):
         if self.action == 'destroy':
diff --git a/backend/server/adventures/views/location_image_view.py b/backend/server/adventures/views/location_image_view.py
index 5e7151b..807a090 100644
--- a/backend/server/adventures/views/location_image_view.py
+++ b/backend/server/adventures/views/location_image_view.py
@@ -4,13 +4,14 @@ from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 from django.db.models import Q
 from django.core.files.base import ContentFile
-from adventures.models import Location, ContentImage
+from django.contrib.contenttypes.models import ContentType
+from adventures.models import Location, Transportation, Note, Lodging, Visit, ContentImage
 from adventures.serializers import ContentImageSerializer
 from integrations.models import ImmichIntegration
 import uuid
 import requests
 
-class AdventureImageViewSet(viewsets.ModelViewSet):
+class ContentImageViewSet(viewsets.ModelViewSet):
     serializer_class = ContentImageSerializer
     permission_classes = [IsAuthenticated]
 
@@ -20,23 +21,28 @@ class AdventureImageViewSet(viewsets.ModelViewSet):
     
     @action(detail=True, methods=['post'])
     def toggle_primary(self, request, *args, **kwargs):
-        # Makes the image the primary image for the location, if there is already a primary image linked to the location, it is set to false and the new image is set to true. make sure that the permission is set to the owner of the location
         if not request.user.is_authenticated:
             return Response({"error": "User is not authenticated"}, status=status.HTTP_401_UNAUTHORIZED)
         
         instance = self.get_object()
-        location = instance.location
-        if location.user != request.user:
-            return Response({"error": "User does not own this location"}, status=status.HTTP_403_FORBIDDEN)
+        content_object = instance.content_object
+        
+        # Check ownership based on content type
+        if hasattr(content_object, 'user') and content_object.user != request.user:
+            return Response({"error": "User does not own this content"}, status=status.HTTP_403_FORBIDDEN)
         
         # Check if the image is already the primary image
         if instance.is_primary:
             return Response({"error": "Image is already the primary image"}, status=status.HTTP_400_BAD_REQUEST)
         
-        # Set the current primary image to false
-        ContentImage.objects.filter(location=location, is_primary=True).update(is_primary=False)
+        # Set other images of the same content object to not primary
+        ContentImage.objects.filter(
+            content_type=instance.content_type,
+            object_id=instance.object_id,
+            is_primary=True
+        ).update(is_primary=False)
 
-        # Set the new image to true
+        # Set the new image to primary
         instance.is_primary = True
         instance.save()
         return Response({"success": "Image set as primary image"})
@@ -44,29 +50,67 @@ class AdventureImageViewSet(viewsets.ModelViewSet):
     def create(self, request, *args, **kwargs):
         if not request.user.is_authenticated:
             return Response({"error": "User is not authenticated"}, status=status.HTTP_401_UNAUTHORIZED)
-        location_id = request.data.get('location')
-        try:
-            location = Location.objects.get(id=location_id)
-        except Location.DoesNotExist:
-            return Response({"error": "location not found"}, status=status.HTTP_404_NOT_FOUND)
         
-        if location.user != request.user:
-            # Check if the location has any collections
-            if location.collections.exists():
-                # Check if the user is in the shared_with list of any of the location's collections
-                user_has_access = False
-                for collection in location.collections.all():
-                    if collection.shared_with.filter(id=request.user.id).exists():
-                        user_has_access = True
-                        break
-                
-                if not user_has_access:
-                    return Response({"error": "User does not have permission to access this location"}, status=status.HTTP_403_FORBIDDEN)
-            else:
-                return Response({"error": "User does not own this location"}, status=status.HTTP_403_FORBIDDEN)
+        # Get content type and object ID from request
+        content_type_name = request.data.get('content_type')
+        object_id = request.data.get('object_id')
+        
+        if not content_type_name or not object_id:
+            return Response({
+                "error": "content_type and object_id are required"
+            }, status=status.HTTP_400_BAD_REQUEST)
+        
+        # Map content type names to model classes
+        content_type_map = {
+            'location': Location,
+            'transportation': Transportation,
+            'note': Note,
+            'lodging': Lodging,
+            'visit': Visit,
+        }
+        
+        if content_type_name not in content_type_map:
+            return Response({
+                "error": f"Invalid content_type. Must be one of: {', '.join(content_type_map.keys())}"
+            }, status=status.HTTP_400_BAD_REQUEST)
+        
+        # Get the content type and object
+        try:
+            content_type = ContentType.objects.get_for_model(content_type_map[content_type_name])
+            content_object = content_type_map[content_type_name].objects.get(id=object_id)
+        except (ValueError, content_type_map[content_type_name].DoesNotExist):
+            return Response({
+                "error": f"{content_type_name} not found"
+            }, status=status.HTTP_404_NOT_FOUND)
+        
+        # Check permissions based on content type
+        if hasattr(content_object, 'user'):
+            if content_object.user != request.user:
+                # For Location, check if user has shared access
+                if content_type_name == 'location':
+                    if content_object.collections.exists():
+                        user_has_access = False
+                        for collection in content_object.collections.all():
+                            if collection.shared_with.filter(id=request.user.id).exists() or collection.user == request.user:
+                                user_has_access = True
+                                break
+                        
+                        if not user_has_access:
+                            return Response({
+                                "error": "User does not have permission to access this content"
+                            }, status=status.HTTP_403_FORBIDDEN)
+                    else:
+                        return Response({
+                            "error": "User does not own this content"
+                        }, status=status.HTTP_403_FORBIDDEN)
+                else:
+                    return Response({
+                        "error": "User does not own this content"
+                    }, status=status.HTTP_403_FORBIDDEN)
         
         # Handle Immich ID for shared users by downloading the image
-        if (request.user != location.user and 
+        if (hasattr(content_object, 'user') and 
+            request.user != content_object.user and 
             'immich_id' in request.data and 
             request.data.get('immich_id')):
             
@@ -91,8 +135,8 @@ class AdventureImageViewSet(viewsets.ModelViewSet):
                 immich_response.raise_for_status()
                 
                 # Create a temporary file with the downloaded content
-                content_type = immich_response.headers.get('Content-Type', 'image/jpeg')
-                if not content_type.startswith('image/'):
+                content_type_header = immich_response.headers.get('Content-Type', 'image/jpeg')
+                if not content_type_header.startswith('image/'):
                     return Response({
                         "error": "Invalid content type returned from Immich server.",
                         "code": "invalid_content_type"
@@ -105,7 +149,7 @@ class AdventureImageViewSet(viewsets.ModelViewSet):
                     'image/webp': '.webp',
                     'image/gif': '.gif'
                 }
-                file_ext = ext_map.get(content_type, '.jpg')
+                file_ext = ext_map.get(content_type_header, '.jpg')
                 filename = f"immich_{immich_id}{file_ext}"
                 
                 # Create a Django ContentFile from the downloaded image
@@ -115,14 +159,20 @@ class AdventureImageViewSet(viewsets.ModelViewSet):
                 request_data = request.data.copy()
                 request_data.pop('immich_id', None)  # Remove immich_id
                 request_data['image'] = image_file  # Add the image file
+                request_data['content_type'] = content_type.id
+                request_data['object_id'] = object_id
                 
                 # Create the serializer with the modified data
                 serializer = self.get_serializer(data=request_data)
                 serializer.is_valid(raise_exception=True)
                 
                 # Save with the downloaded image
-                location = serializer.validated_data['location']
-                serializer.save(user=location.user, image=image_file)
+                serializer.save(
+                    user=content_object.user if hasattr(content_object, 'user') else request.user,
+                    image=image_file,
+                    content_type=content_type,
+                    object_id=object_id
+                )
                 
                 return Response(serializer.data, status=status.HTTP_201_CREATED)
                 
@@ -137,34 +187,47 @@ class AdventureImageViewSet(viewsets.ModelViewSet):
                     "code": "immich_processing_error"
                 }, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
         
-        return super().create(request, *args, **kwargs)
+        # Add content type and object ID to request data
+        request_data = request.data.copy()
+        request_data['content_type'] = content_type.id
+        request_data['object_id'] = object_id
+        
+        # Create serializer with modified data
+        serializer = self.get_serializer(data=request_data)
+        serializer.is_valid(raise_exception=True)
+        
+        # Save the image
+        serializer.save(
+            user=content_object.user if hasattr(content_object, 'user') else request.user,
+            content_type=content_type,
+            object_id=object_id
+        )
+        
+        return Response(serializer.data, status=status.HTTP_201_CREATED)
     
     def update(self, request, *args, **kwargs):
         if not request.user.is_authenticated:
             return Response({"error": "User is not authenticated"}, status=status.HTTP_401_UNAUTHORIZED)
         
-        location_id = request.data.get('location')
-        try:
-            location = Location.objects.get(id=location_id)
-        except Location.DoesNotExist:
-            return Response({"error": "location not found"}, status=status.HTTP_404_NOT_FOUND)
+        instance = self.get_object()
+        content_object = instance.content_object
         
-        if location.user != request.user:
-            return Response({"error": "User does not own this location"}, status=status.HTTP_403_FORBIDDEN)
+        # Check ownership
+        if hasattr(content_object, 'user') and content_object.user != request.user:
+            return Response({"error": "User does not own this content"}, status=status.HTTP_403_FORBIDDEN)
         
         return super().update(request, *args, **kwargs)
     
-    def perform_destroy(self, instance):
-        return super().perform_destroy(instance)
-
     def destroy(self, request, *args, **kwargs):
         if not request.user.is_authenticated:
             return Response({"error": "User is not authenticated"}, status=status.HTTP_401_UNAUTHORIZED)
         
         instance = self.get_object()
-        location = instance.location
-        if location.user != request.user:
-            return Response({"error": "User does not own this location"}, status=status.HTTP_403_FORBIDDEN)
+        content_object = instance.content_object
+        
+        # Check ownership
+        if hasattr(content_object, 'user') and content_object.user != request.user:
+            return Response({"error": "User does not own this content"}, status=status.HTTP_403_FORBIDDEN)
         
         return super().destroy(request, *args, **kwargs)
     
@@ -173,41 +236,33 @@ class AdventureImageViewSet(viewsets.ModelViewSet):
             return Response({"error": "User is not authenticated"}, status=status.HTTP_401_UNAUTHORIZED)
         
         instance = self.get_object()
-        location = instance.location
-        if location.user != request.user:
-            return Response({"error": "User does not own this location"}, status=status.HTTP_403_FORBIDDEN)
+        content_object = instance.content_object
+        
+        # Check ownership
+        if hasattr(content_object, 'user') and content_object.user != request.user:
+            return Response({"error": "User does not own this content"}, status=status.HTTP_403_FORBIDDEN)
         
         return super().partial_update(request, *args, **kwargs)
     
-    @action(detail=False, methods=['GET'], url_path='(?P<location_id>[0-9a-f-]+)')
-    def location_images(self, request, location_id=None, *args, **kwargs):
-        if not request.user.is_authenticated:
-            return Response({"error": "User is not authenticated"}, status=status.HTTP_401_UNAUTHORIZED)
-        
-        try:
-            location_uuid = uuid.UUID(location_id)
-        except ValueError:
-            return Response({"error": "Invalid location ID"}, status=status.HTTP_400_BAD_REQUEST)
-        
-        # Updated queryset to include images from locations the user owns OR has shared access to
-        queryset = ContentImage.objects.filter(
-            Q(location__id=location_uuid) & (
-                Q(location__user=request.user) |  # User owns the location
-                Q(location__collections__shared_with=request.user)  # User has shared access via collection
-            )
-        ).distinct()
-        
-        serializer = self.get_serializer(queryset, many=True, context={'request': request})
-        return Response(serializer.data)
+
 
     def get_queryset(self):
-        # Updated to include images from locations the user owns OR has shared access to
-        return ContentImage.objects.filter(
-            Q(location__user=self.request.user) |  # User owns the location
-            Q(location__collections__shared_with=self.request.user)  # User has shared access via collection
+        """Get all images the user has access to"""
+        if not self.request.user.is_authenticated:
+            return ContentImage.objects.none()
+        
+        # Get content type for Location to handle shared access
+        location_content_type = ContentType.objects.get_for_model(Location)
+        
+        # Build queryset with proper permissions
+        queryset = ContentImage.objects.filter(
+            Q(content_object__user=self.request.user) |  # User owns the content
+            Q(content_type=location_content_type, content_object__collections__shared_with=self.request.user)  # Shared locations
         ).distinct()
+        
+        return queryset
 
     def perform_create(self, serializer):
-        # Always set the image owner to the location owner, not the current user
-        location = serializer.validated_data['location']
-        serializer.save(user=location.user)
\ No newline at end of file
+        # The content_type and object_id are already set in the create method
+        # Just ensure the user is set correctly
+        pass
\ No newline at end of file
diff --git a/backend/server/adventures/views/location_view.py b/backend/server/adventures/views/location_view.py
index a30291e..52beb54 100644
--- a/backend/server/adventures/views/location_view.py
+++ b/backend/server/adventures/views/location_view.py
@@ -141,6 +141,16 @@ class LocationViewSet(viewsets.ModelViewSet):
 
         self.perform_update(serializer)
         return Response(serializer.data)
+    
+    def destroy(self, request, *args, **kwargs):
+        """Only allow the owner to delete a location."""
+        instance = self.get_object()
+        
+        # Check if the user is the owner
+        if instance.user != request.user:
+            raise PermissionDenied("Only the owner can delete this location.")
+        
+        return super().destroy(request, *args, **kwargs)
 
     # ==================== CUSTOM ACTIONS ====================
 
@@ -221,37 +231,50 @@ class LocationViewSet(viewsets.ModelViewSet):
 
     # ==================== HELPER METHODS ====================
 
-    def _validate_collection_permissions(self, collections):
-        """Validate user has permission to use all provided collections. Only the owner or shared users can use collections."""
-        for collection in collections:
-            if not (collection.user == self.request.user or 
-                   collection.shared_with.filter(uuid=self.request.user.uuid).exists()):
-                raise PermissionDenied(
-                    f"You do not have permission to use collection '{collection.name}'."
-                )
-
     def _validate_collection_update_permissions(self, instance, new_collections):
-        """Validate permissions for collection updates (add/remove)."""
-        # Check permissions for new collections being added
-        for collection in new_collections:
-            if (collection.user != self.request.user and 
-                not collection.shared_with.filter(uuid=self.request.user.uuid).exists()):
-                raise PermissionDenied(
-                    f"You do not have permission to use collection '{collection.name}'."
-                )
-
-        # Check permissions for collections being removed
+        """Validate collection permissions for updates, allowing collection owners to unlink locations."""
         current_collections = set(instance.collections.all())
         new_collections_set = set(new_collections)
+        
+        # Collections being added
+        collections_to_add = new_collections_set - current_collections
+        
+        # Collections being removed
         collections_to_remove = current_collections - new_collections_set
-
+        
+        # Validate permissions for collections being added
+        for collection in collections_to_add:
+            # Standard validation for adding collections
+            if collection.user != self.request.user:
+                # Check if user has shared access to the collection
+                if not collection.shared_with.filter(uuid=self.request.user.uuid).exists():
+                    raise PermissionDenied(
+                        f"You don't have permission to add location to collection '{collection.name}'"
+                    )
+        
+        # For collections being removed, allow if:
+        # 1. User owns the location, OR
+        # 2. User owns the collection (even if they don't own the location)
         for collection in collections_to_remove:
-            if (collection.user != self.request.user and 
-                not collection.shared_with.filter(uuid=self.request.user.uuid).exists()):
-                raise PermissionDenied(
-                    f"You cannot remove the adventure from collection '{collection.name}' "
-                    f"as you don't have permission."
-                )
+            user_owns_location = instance.user == self.request.user
+            user_owns_collection = collection.user == self.request.user
+            
+            if not (user_owns_location or user_owns_collection):
+                # Check if user has shared access to the collection
+                if not collection.shared_with.filter(uuid=self.request.user.uuid).exists():
+                    raise PermissionDenied(
+                        f"You don't have permission to remove location from collection '{collection.name}'"
+                    )
+
+    def _validate_collection_permissions(self, collections):
+        """Validate permissions for all collections (used in create)."""
+        for collection in collections:
+            if collection.user != self.request.user:
+                # Check if user has shared access to the collection
+                if not collection.shared_with.filter(uuid=self.request.user.uuid).exists():
+                    raise PermissionDenied(
+                        f"You don't have permission to add location to collection '{collection.name}'"
+                    )
 
     def _apply_visit_filtering(self, queryset, request):
         """Apply visit status filtering to queryset."""
@@ -289,7 +312,7 @@ class LocationViewSet(viewsets.ModelViewSet):
         # Check shared collection access
         if user.is_authenticated:
             for collection in adventure.collections.all():
-                if collection.shared_with.filter(uuid=user.uuid).exists():
+                if collection.shared_with.filter(uuid=user.uuid).exists() or collection.user == user:
                     return True
 
         return False
diff --git a/backend/server/integrations/views.py b/backend/server/integrations/views.py
index e6d35bc..c10cc2c 100644
--- a/backend/server/integrations/views.py
+++ b/backend/server/integrations/views.py
@@ -270,48 +270,93 @@ class ImmichIntegrationView(viewsets.ViewSet):
         integration = get_object_or_404(ImmichIntegration, id=integration_id)
         owner_id = integration.user
 
-        # Try to find the image entry with collections and sharing information
-        image_entry = (
+        # Get all images for this immich_id and user
+        image_entries = list(
             ContentImage.objects
             .filter(immich_id=imageid, user=owner_id)
-            .select_related('location')
-            .prefetch_related('location__collections', 'location__collections__shared_with')
-            .order_by('-location__is_public')  # Public locations first
-            .first()
+            .select_related('content_type')
         )
 
+        # Sort by access level priority and find the best match
+        def get_access_priority(image_entry):
+            """Return priority score for access control (lower = higher priority)"""
+            content_obj = image_entry.content_object
+            
+            # Only handle Location objects for now (can be extended for other types)
+            if not hasattr(content_obj, 'is_public'):
+                return 999  # Low priority for non-location objects
+            
+            # For Location objects, check access levels
+            if content_obj.is_public:
+                return 0  # Highest priority - public location
+            
+            # Check if location is in any public collection
+            if hasattr(content_obj, 'collections'):
+                collections = content_obj.collections.all()
+                if any(collection.is_public for collection in collections):
+                    return 1  # Second priority - private location in public collection
+                    
+                # Check for shared collections (if user is authenticated)
+                if (request.user.is_authenticated and 
+                    any(collection.shared_with.filter(id=request.user.id).exists() 
+                        for collection in collections)):
+                    return 2  # Third priority - shared collection access
+            
+            return 3  # Lowest priority - private location, owner access only
+
+        # Sort image entries by access priority
+        image_entries.sort(key=get_access_priority)
+        image_entry = image_entries[0] if image_entries else None
+
         # Access control
         if image_entry:
-            location = image_entry.location
-            collections = location.collections.all()
-
-            # Determine access level
-            is_authorized = False
-
-            # Level 1: Public location (highest priority)
-            if location.is_public:
-                is_authorized = True
-
-            # Level 2: Private location in any public collection
-            elif any(collection.is_public for collection in collections):
-                is_authorized = True
-                
-            # Level 3: Owner access
-            elif request.user.is_authenticated and request.user == owner_id:
-                is_authorized = True
-                
-            # Level 4: Shared collection access - check if user has access to any collection
-            elif (request.user.is_authenticated and 
-                any(collection.shared_with.filter(id=request.user.id).exists() 
-                    for collection in collections)):
-                is_authorized = True
+            content_obj = image_entry.content_object
             
-            if not is_authorized:
-                return Response({
-                    'message': 'This image belongs to a private location and you are not authorized.',
-                    'error': True,
-                    'code': 'immich.permission_denied'
-                }, status=status.HTTP_403_FORBIDDEN)
+            # Only apply access control to Location objects
+            if hasattr(content_obj, 'is_public'):
+                location = content_obj
+                
+                # Determine access level
+                is_authorized = False
+
+                # Level 1: Public location (highest priority)
+                if location.is_public:
+                    is_authorized = True
+
+                # Level 2: Private location in any public collection
+                elif hasattr(location, 'collections'):
+                    collections = location.collections.all()
+                    if any(collection.is_public for collection in collections):
+                        is_authorized = True
+                    
+                    # Level 3: Owner access
+                    elif request.user.is_authenticated and request.user == owner_id:
+                        is_authorized = True
+                        
+                    # Level 4: Shared collection access
+                    elif (request.user.is_authenticated and 
+                        any(collection.shared_with.filter(id=request.user.id).exists() 
+                            for collection in collections)):
+                        is_authorized = True
+                else:
+                    # Location without collections - owner access only
+                    if request.user.is_authenticated and request.user == owner_id:
+                        is_authorized = True
+                
+                if not is_authorized:
+                    return Response({
+                        'message': 'This image belongs to a private location and you are not authorized.',
+                        'error': True,
+                        'code': 'immich.permission_denied'
+                    }, status=status.HTTP_403_FORBIDDEN)
+            else:
+                # For non-Location objects, allow only owner access for now
+                if not request.user.is_authenticated or request.user != owner_id:
+                    return Response({
+                        'message': 'This image is not publicly accessible and you are not the owner.',
+                        'error': True,
+                        'code': 'immich.permission_denied'
+                    }, status=status.HTTP_403_FORBIDDEN)
         else:
             # No ContentImage exists; allow only the integration owner
             if not request.user.is_authenticated or request.user != owner_id:
diff --git a/frontend/src/lib/components/CollectionLink.svelte b/frontend/src/lib/components/CollectionLink.svelte
index 0f54d44..4d3ea98 100644
--- a/frontend/src/lib/components/CollectionLink.svelte
+++ b/frontend/src/lib/components/CollectionLink.svelte
@@ -12,19 +12,23 @@
 	import Search from '~icons/mdi/magnify';
 	import Clear from '~icons/mdi/close';
 	import Link from '~icons/mdi/link-variant';
+	import Share from '~icons/mdi/share-variant';
 
 	let collections: Collection[] = [];
+	let sharedCollections: Collection[] = [];
+	let allCollections: Collection[] = [];
 	let filteredCollections: Collection[] = [];
 	let searchQuery: string = '';
+	let loading = true;
 
 	export let linkedCollectionList: string[] | null = null;
 
 	// Search functionality following worldtravel pattern
 	$: {
 		if (searchQuery === '') {
-			filteredCollections = collections;
+			filteredCollections = allCollections;
 		} else {
-			filteredCollections = collections.filter((collection) =>
+			filteredCollections = allCollections.filter((collection) =>
 				collection.name.toLowerCase().includes(searchQuery.toLowerCase())
 			);
 		}
@@ -36,28 +40,57 @@
 			modal.showModal();
 		}
 
-		let res = await fetch(`/api/collections/all/`, {
-			method: 'GET'
-		});
+		try {
+			// Fetch both own collections and shared collections
+			const [ownRes, sharedRes] = await Promise.all([
+				fetch(`/api/collections/all/`, { method: 'GET' }),
+				fetch(`/api/collections/shared`, { method: 'GET' })
+			]);
 
-		let result = await res.json();
+			const ownResult = await ownRes.json();
+			const sharedResult = await sharedRes.json();
 
-		if (result.type === 'success' && result.data) {
-			collections = result.data.adventures as Collection[];
-		} else {
-			collections = result as Collection[];
+			// Process own collections
+			if (ownResult.type === 'success' && ownResult.data) {
+				collections = ownResult.data.adventures as Collection[];
+			} else {
+				collections = ownResult as Collection[];
+			}
+
+			// Process shared collections
+			if (sharedResult.type === 'success' && sharedResult.data) {
+				sharedCollections = sharedResult.data.adventures as Collection[];
+			} else {
+				sharedCollections = sharedResult as Collection[];
+			}
+
+			// Don't combine collections - keep them separate
+			allCollections = collections;
+
+			// Move linked collections to the front for each collection type
+			if (linkedCollectionList) {
+				collections.sort((a, b) => {
+					const aLinked = linkedCollectionList?.includes(a.id);
+					const bLinked = linkedCollectionList?.includes(b.id);
+					return aLinked === bLinked ? 0 : aLinked ? -1 : 1;
+				});
+
+				sharedCollections.sort((a, b) => {
+					const aLinked = linkedCollectionList?.includes(a.id);
+					const bLinked = linkedCollectionList?.includes(b.id);
+					return aLinked === bLinked ? 0 : aLinked ? -1 : 1;
+				});
+			}
+		} catch (error) {
+			console.error('Error fetching collections:', error);
+			// Fallback to empty arrays
+			collections = [];
+			sharedCollections = [];
+			allCollections = [];
+			filteredCollections = [];
+		} finally {
+			loading = false;
 		}
-
-		// Move linked collections to the front
-		if (linkedCollectionList) {
-			collections.sort((a, b) => {
-				const aLinked = linkedCollectionList?.includes(a.id);
-				const bLinked = linkedCollectionList?.includes(b.id);
-				return aLinked === bLinked ? 0 : aLinked ? -1 : 1;
-			});
-		}
-
-		filteredCollections = collections;
 	});
 
 	function close() {
@@ -80,7 +113,23 @@
 
 	// Statistics following worldtravel pattern
 	$: linkedCount = linkedCollectionList ? linkedCollectionList.length : 0;
-	$: totalCollections = collections.length;
+	$: totalCollections = collections.length + sharedCollections.length;
+	$: ownCollectionsCount = collections.length;
+	$: sharedCollectionsCount = sharedCollections.length;
+
+	// Filtered collections for display
+	$: filteredOwnCollections =
+		searchQuery === ''
+			? collections
+			: collections.filter((collection) =>
+					collection.name.toLowerCase().includes(searchQuery.toLowerCase())
+				);
+	$: filteredSharedCollections =
+		searchQuery === ''
+			? sharedCollections
+			: sharedCollections.filter((collection) =>
+					collection.name.toLowerCase().includes(searchQuery.toLowerCase())
+				);
 </script>
 
 <dialog id="my_modal_1" class="modal backdrop-blur-sm">
@@ -106,7 +155,7 @@
 							{$t('adventures.my_collections')}
 						</h1>
 						<p class="text-sm text-base-content/60">
-							{filteredCollections.length}
+							{filteredOwnCollections.length + filteredSharedCollections.length}
 							{$t('worldtravel.of')}
 							{totalCollections}
 							{$t('navbar.collections')}
@@ -122,8 +171,15 @@
 							<div class="stat-value text-lg text-success">{linkedCount}</div>
 						</div>
 						<div class="stat py-2 px-4">
-							<div class="stat-title text-xs">{$t('collection.available')}</div>
-							<div class="stat-value text-lg text-info">{totalCollections}</div>
+							<div class="stat-title text-xs">{$t('navbar.collections')}</div>
+							<div class="stat-value text-lg text-info">{ownCollectionsCount}</div>
+						</div>
+						<div class="stat py-2 px-4">
+							<div class="stat-title text-xs flex items-center gap-1">
+								<Share class="w-3 h-3" />
+								{$t('collection.shared')}
+							</div>
+							<div class="stat-value text-lg text-warning">{sharedCollectionsCount}</div>
 						</div>
 					</div>
 				</div>
@@ -164,8 +220,13 @@
 		</div>
 
 		<!-- Main Content -->
-		<div class="px-2">
-			{#if filteredCollections.length === 0}
+		<div class="px-6">
+			{#if loading}
+				<div class="flex flex-col items-center justify-center py-16">
+					<div class="loading loading-spinner loading-lg text-primary mb-4"></div>
+					<p class="text-base-content/60">{$t('loading.collections')}</p>
+				</div>
+			{:else if filteredOwnCollections.length === 0 && filteredSharedCollections.length === 0}
 				<div class="flex flex-col items-center justify-center py-16">
 					<div class="p-6 bg-base-200/50 rounded-2xl mb-6">
 						<Collections class="w-16 h-16 text-base-content/30" />
@@ -192,17 +253,69 @@
 				</div>
 			{:else}
 				<!-- Collections Grid -->
-				<div class="grid grid-cols-1 sm:grid-cols-2 lg:grid-cols-3 gap-6 mb-6 p-4">
-					{#each filteredCollections as collection}
-						<CollectionCard
-							{collection}
-							type="link"
-							on:link={link}
-							bind:linkedCollectionList
-							on:unlink={unlink}
-							user={null}
-						/>
-					{/each}
+				<div class="space-y-8">
+					<!-- Own Collections Section -->
+					{#if filteredOwnCollections.length > 0}
+						<div>
+							<div class="flex items-center gap-2 mb-4">
+								<Collections class="w-5 h-5 text-primary" />
+								<h2 class="text-lg font-semibold text-base-content">
+									{$t('collection.my_collections')}
+								</h2>
+								<div class="badge badge-primary badge-sm">
+									{filteredOwnCollections.length}
+								</div>
+							</div>
+							<div class="grid grid-cols-1 sm:grid-cols-2 lg:grid-cols-3 gap-4">
+								{#each filteredOwnCollections as collection}
+									<CollectionCard
+										{collection}
+										type="link"
+										on:link={link}
+										bind:linkedCollectionList
+										on:unlink={unlink}
+										user={null}
+									/>
+								{/each}
+							</div>
+						</div>
+					{/if}
+
+					<!-- Shared Collections Section -->
+					{#if filteredSharedCollections.length > 0}
+						<div>
+							<div class="flex items-center gap-2 mb-4">
+								<Share class="w-5 h-5 text-warning" />
+								<h2 class="text-lg font-semibold text-base-content">
+									{$t('collection.shared_with_me')}
+								</h2>
+								<div class="badge badge-warning badge-sm">
+									{filteredSharedCollections.length}
+								</div>
+							</div>
+							<div class="grid grid-cols-1 sm:grid-cols-2 lg:grid-cols-3 gap-4">
+								{#each filteredSharedCollections as collection}
+									<div class="relative">
+										<CollectionCard
+											{collection}
+											type="link"
+											on:link={link}
+											bind:linkedCollectionList
+											on:unlink={unlink}
+											user={null}
+										/>
+										<!-- Shared badge overlay -->
+										<div class="absolute -top-2 -right-2 z-10">
+											<div class="badge badge-warning badge-sm gap-1 shadow-lg">
+												<Share class="w-3 h-3" />
+												{$t('collection.shared')}
+											</div>
+										</div>
+									</div>
+								{/each}
+							</div>
+						</div>
+					{/if}
 				</div>
 			{/if}
 		</div>
diff --git a/frontend/src/lib/components/ImmichSelect.svelte b/frontend/src/lib/components/ImmichSelect.svelte
index 3f79964..5cd41c8 100644
--- a/frontend/src/lib/components/ImmichSelect.svelte
+++ b/frontend/src/lib/components/ImmichSelect.svelte
@@ -68,7 +68,8 @@
 			},
 			body: JSON.stringify({
 				immich_id: imageId,
-				location: location.id
+				object_id: location.id,
+				content_type: 'location'
 			})
 		});
 		if (res.ok) {
diff --git a/frontend/src/lib/components/LocationCard.svelte b/frontend/src/lib/components/LocationCard.svelte
index a9cc59e..01feb8b 100644
--- a/frontend/src/lib/components/LocationCard.svelte
+++ b/frontend/src/lib/components/LocationCard.svelte
@@ -62,6 +62,16 @@
 		}
 	}
 
+	// Creator avatar helpers
+	$: creatorInitials =
+		adventure.user?.first_name && adventure.user?.last_name
+			? `${adventure.user.first_name[0]}${adventure.user.last_name[0]}`
+			: adventure.user?.first_name?.[0] || adventure.user?.username?.[0] || '?';
+
+	$: creatorDisplayName = adventure.user?.first_name
+		? `${adventure.user.first_name} ${adventure.user.last_name || ''}`.trim()
+		: adventure.user?.username || 'Unknown User';
+
 	// Helper functions for display
 	function formatVisitCount() {
 		const count = adventure.visits.length;
@@ -221,6 +231,31 @@
 				</div>
 			</div>
 		{/if}
+
+		<!-- Creator Avatar -->
+		{#if adventure.user}
+			<div class="absolute bottom-4 right-4">
+				<div class="tooltip tooltip-left" data-tip={creatorDisplayName}>
+					<div class="avatar">
+						<div class="w-8 h-8 rounded-full ring-2 ring-white/50 shadow-lg">
+							{#if adventure.user.profile_pic}
+								<img
+									src={adventure.user.profile_pic}
+									alt={creatorDisplayName}
+									class="rounded-full object-cover"
+								/>
+							{:else}
+								<div
+									class="w-8 h-8 bg-gradient-to-br from-primary to-secondary rounded-full flex items-center justify-center text-primary-content font-semibold text-xs shadow-lg"
+								>
+									{creatorInitials.toUpperCase()}
+								</div>
+							{/if}
+						</div>
+					</div>
+				</div>
+			</div>
+		{/if}
 	</div>
 
 	<!-- Content Section -->
@@ -280,7 +315,7 @@
 							{$t('adventures.open_details')}
 						</button>
 
-						{#if (adventure.user && adventure.user.uuid == user?.uuid) || (collection && user && collection.shared_with?.includes(user.uuid))}
+						{#if (adventure.user && adventure.user.uuid == user?.uuid) || (collection && user && collection.shared_with?.includes(user.uuid)) || (collection && user && collection.user == user.uuid)}
 							<div class="dropdown dropdown-end">
 								<div tabindex="0" role="button" class="btn btn-square btn-sm btn-base-300">
 									<DotsHorizontal class="w-5 h-5" />
@@ -307,20 +342,34 @@
 												{$t('collection.manage_collections')}
 											</button>
 										</li>
+									{:else if collection && user && collection.user == user.uuid}
+										<li>
+											<button
+												on:click={() =>
+													removeFromCollection(
+														new CustomEvent('unlink', { detail: collection.id })
+													)}
+												class="flex items-center gap-2"
+											>
+												<LinkVariantRemove class="w-4 h-4" />
+												{$t('adventures.remove_from_collection')}
+											</button>
+										</li>
+									{/if}
+									{#if user.uuid == adventure.user?.uuid}
+										<div class="divider my-1"></div>
+										<li>
+											<button
+												id="delete_adventure"
+												data-umami-event="Delete Adventure"
+												class="text-error flex items-center gap-2"
+												on:click={() => (isWarningModalOpen = true)}
+											>
+												<TrashCan class="w-4 h-4" />
+												{$t('adventures.delete')}
+											</button>
+										</li>
 									{/if}
-
-									<div class="divider my-1"></div>
-									<li>
-										<button
-											id="delete_adventure"
-											data-umami-event="Delete Adventure"
-											class="text-error flex items-center gap-2"
-											on:click={() => (isWarningModalOpen = true)}
-										>
-											<TrashCan class="w-4 h-4" />
-											{$t('adventures.delete')}
-										</button>
-									</li>
 								</ul>
 							</div>
 						{/if}
diff --git a/frontend/src/lib/components/LocationModal.svelte b/frontend/src/lib/components/LocationModal.svelte
index e2e5d71..3d4a054 100644
--- a/frontend/src/lib/components/LocationModal.svelte
+++ b/frontend/src/lib/components/LocationModal.svelte
@@ -1,10 +1,11 @@
 <script lang="ts">
 	import { createEventDispatcher, onMount } from 'svelte';
-	import type { Location, Attachment, Category, Collection } from '$lib/types';
+	import type { Location, Attachment, Category, Collection, User } from '$lib/types';
 	import { addToast } from '$lib/toasts';
 	import { deserialize } from '$app/forms';
 	import { t } from 'svelte-i18n';
 	export let collection: Collection | null = null;
+	export let user: User | null = null;
 
 	let fullStartDate: string = '';
 	let fullEndDate: string = '';
@@ -92,6 +93,7 @@
 	import AttachmentCard from './AttachmentCard.svelte';
 	import LocationDropdown from './LocationDropdown.svelte';
 	import DateRangeCollapse from './DateRangeCollapse.svelte';
+	import UserCard from './UserCard.svelte';
 	let modal: HTMLDialogElement;
 
 	let wikiError: string = '';
@@ -325,7 +327,8 @@
 	async function uploadImage(file: File) {
 		let formData = new FormData();
 		formData.append('image', file);
-		formData.append('location', location.id);
+		formData.append('object_id', location.id);
+		formData.append('content_type', 'location');
 
 		let res = await fetch(`/locations?/image`, {
 			method: 'POST',
@@ -537,8 +540,21 @@
 								<label for="link"
 									>{$t('adventures.category')}<span class="text-red-500">*</span></label
 								><br />
-
-								<CategoryDropdown bind:categories bind:selected_category={location.category} />
+								{#if (user && user.uuid == location.user?.uuid) || !locationToEdit}
+									<CategoryDropdown bind:categories bind:selected_category={location.category} />
+								{:else}
+									<!-- read only view of category info name and icon -->
+									<div
+										class="flex items-center space-x-3 p-3 bg-base-100 border border-base-300 rounded-lg"
+									>
+										{#if location.category?.icon}
+											<span class="text-2xl flex-shrink-0">{location.category.icon}</span>
+										{/if}
+										<span class="text-base font-medium text-base-content">
+											{location.category?.display_name || location.category?.name}
+										</span>
+									</div>
+								{/if}
 							</div>
 							<div>
 								<label for="rating">{$t('adventures.rating')}</label><br />
diff --git a/frontend/src/routes/collections/[id]/+page.svelte b/frontend/src/routes/collections/[id]/+page.svelte
index 4582993..65cb0b4 100644
--- a/frontend/src/routes/collections/[id]/+page.svelte
+++ b/frontend/src/routes/collections/[id]/+page.svelte
@@ -694,6 +694,7 @@
 		on:close={() => (isLocationModalOpen = false)}
 		on:save={saveOrCreateAdventure}
 		{collection}
+		user={data.user}
 	/>
 {/if}
 
@@ -760,7 +761,7 @@
 						tabindex="0"
 						class="dropdown-content z-[1] menu p-4 shadow bg-base-300 text-base-content rounded-box w-52 gap-4"
 					>
-						{#if collection.user === data.user.uuid}
+						{#if collection.user === data.user.uuid || (collection.shared_with && collection.shared_with.includes(data.user.uuid))}
 							<p class="text-center font-bold text-lg">{$t('adventures.link_new')}</p>
 							<button
 								class="btn btn-primary"
diff --git a/frontend/src/routes/locations/+page.svelte b/frontend/src/routes/locations/+page.svelte
index 78bfc18..c0cf344 100644
--- a/frontend/src/routes/locations/+page.svelte
+++ b/frontend/src/routes/locations/+page.svelte
@@ -172,6 +172,7 @@
 		locationToEdit={adventureToEdit}
 		on:close={() => (isLocationModalOpen = false)}
 		on:save={saveOrCreate}
+		user={data.user}
 	/>
 {/if}
 
diff --git a/frontend/src/routes/locations/[id]/+page.svelte b/frontend/src/routes/locations/[id]/+page.svelte
index 97e4716..f7f0178 100644
--- a/frontend/src/routes/locations/[id]/+page.svelte
+++ b/frontend/src/routes/locations/[id]/+page.svelte
@@ -122,7 +122,7 @@
 	}
 
 	function openImageModal(imageIndex: number) {
-		adventure_images = adventure.images.map(img => ({
+		adventure_images = adventure.images.map((img) => ({
 			image: img.image,
 			adventure: adventure
 		}));
@@ -151,6 +151,7 @@
 		locationToEdit={adventure}
 		on:close={() => (isEditModalOpen = false)}
 		on:save={saveEdit}
+		user={data.user}
 	/>
 {/if}
 
diff --git a/frontend/src/routes/map/+page.svelte b/frontend/src/routes/map/+page.svelte
index c2a2229..15defc8 100644
--- a/frontend/src/routes/map/+page.svelte
+++ b/frontend/src/routes/map/+page.svelte
@@ -461,6 +461,7 @@
 		on:close={() => (createModalOpen = false)}
 		on:save={createNewAdventure}
 		{initialLatLng}
+		user={data.user}
 	/>
 {/if}