diff --git a/bookwyrm/tests/views/lists/test_list.py b/bookwyrm/tests/views/lists/test_list.py
index 5469b233..a999d4cd 100644
--- a/bookwyrm/tests/views/lists/test_list.py
+++ b/bookwyrm/tests/views/lists/test_list.py
@@ -95,6 +95,19 @@ class ListViews(TestCase):
         validate_html(result.render())
         self.assertEqual(result.status_code, 200)
 
+    def test_list_page_with_query(self):
+        """searching for a book to add"""
+        view = views.List.as_view()
+        request = self.factory.get("", {"q": "Example Edition"})
+        request.user = self.local_user
+
+        with patch("bookwyrm.views.list.list.is_api_request") as is_api:
+            is_api.return_value = False
+            result = view(request, self.list.id)
+        self.assertIsInstance(result, TemplateResponse)
+        validate_html(result.render())
+        self.assertEqual(result.status_code, 200)
+
     def test_list_page_sorted(self):
         """there are so many views, this just makes sure it LOADS"""
         view = views.List.as_view()
@@ -669,6 +682,23 @@ class ListViews(TestCase):
         self.assertEqual(item.user, self.local_user)
         self.assertTrue(item.approved)
 
+    def test_add_book_permission_denied(self):
+        """you can't add to that list"""
+        self.list.curation = "closed"
+        self.list.save(broadcast=False)
+        request = self.factory.post(
+            "",
+            {
+                "book": self.book.id,
+                "book_list": self.list.id,
+                "user": self.rat.id,
+            },
+        )
+        request.user = self.rat
+
+        with self.assertRaises(PermissionDenied):
+            views.add_book(request)
+
     def test_remove_book(self):
         """take an item off a list"""
 
diff --git a/bookwyrm/tests/views/lists/test_list_item.py b/bookwyrm/tests/views/lists/test_list_item.py
new file mode 100644
index 00000000..0d6f66ab
--- /dev/null
+++ b/bookwyrm/tests/views/lists/test_list_item.py
@@ -0,0 +1,70 @@
+""" test for app action functionality """
+from unittest.mock import patch
+
+from django.test import TestCase
+from django.test.client import RequestFactory
+
+from bookwyrm import models, views
+
+
+# pylint: disable=unused-argument
+# pylint: disable=too-many-public-methods
+class ListItemViews(TestCase):
+    """list view"""
+
+    def setUp(self):
+        """we need basic test data and mocks"""
+        self.factory = RequestFactory()
+        with patch("bookwyrm.suggested_users.rerank_suggestions_task.delay"), patch(
+            "bookwyrm.activitystreams.populate_stream_task.delay"
+        ), patch("bookwyrm.lists_stream.populate_lists_task.delay"):
+            self.local_user = models.User.objects.create_user(
+                "mouse@local.com",
+                "mouse@mouse.com",
+                "mouseword",
+                local=True,
+                localname="mouse",
+                remote_id="https://example.com/users/mouse",
+            )
+        work = models.Work.objects.create(title="Work")
+        self.book = models.Edition.objects.create(
+            title="Example Edition",
+            remote_id="https://example.com/book/1",
+            parent_work=work,
+        )
+        with patch("bookwyrm.models.activitypub_mixin.broadcast_task.apply_async"):
+            self.list = models.List.objects.create(
+                name="Test List", user=self.local_user
+            )
+
+        models.SiteSettings.objects.create()
+
+    def test_add_list_item_notes(self):
+        """there are so many views, this just makes sure it LOADS"""
+        view = views.ListItem.as_view()
+        with patch("bookwyrm.models.activitypub_mixin.broadcast_task.apply_async"):
+            item = models.ListItem.objects.create(
+                book_list=self.list,
+                user=self.local_user,
+                book=self.book,
+                approved=True,
+                order=1,
+            )
+        request = self.factory.post(
+            "",
+            {
+                "book_list": self.list.id,
+                "book": self.book.id,
+                "user": self.local_user.id,
+                "notes": "beep boop",
+            },
+        )
+        request.user = self.local_user
+        with patch(
+            "bookwyrm.models.activitypub_mixin.broadcast_task.apply_async"
+        ) as mock:
+            view(request, self.list.id, item.id)
+        self.assertEqual(mock.call_count, 1)
+
+        item.refresh_from_db()
+        self.assertEqual(item.notes, "beep boop")
diff --git a/bookwyrm/views/list/list.py b/bookwyrm/views/list/list.py
index 4c740924..fbbbee9f 100644
--- a/bookwyrm/views/list/list.py
+++ b/bookwyrm/views/list/list.py
@@ -121,7 +121,8 @@ class List(View):
 
         form = forms.ListForm(request.POST, instance=book_list)
         if not form.is_valid():
-            return redirect("list", book_list.id)
+            # this shouldn't happen
+            raise Exception(form.errors)
         book_list = form.save()
         if not book_list.curation == "group":
             book_list.group = None
@@ -169,9 +170,9 @@ def add_book(request):
     book_list = get_object_or_404(models.List, id=request.POST.get("book_list"))
     # make sure the user is allowed to submit to this list
     book_list.raise_visible_to_user(request.user)
-
     if request.user != book_list.user and book_list.curation == "closed":
         raise PermissionDenied()
+
     is_group_member = models.GroupMember.objects.filter(
         group=book_list.group, user=request.user
     ).exists()