--- a/src/ldt/ldt/ldt_utils/views.py	Mon Dec 12 12:57:38 2011 +0100
+++ b/src/ldt/ldt/ldt_utils/views.py	Mon Dec 12 14:48:57 2011 +0100
@@ -1326,7 +1326,7 @@
     checker = ObjectPermissionChecker(request.user)
     
     if not checker.has_perm('change_group', group):
-        form_status = 'saved'
+        form_status = 'none'
         return render_to_response("ldt/ldt_utils/create_group.html", {'form_status' : form_status}, context_instance=RequestContext(request))
 
     query = Q(id=settings.ANONYMOUS_USER_ID) | Q(id=request.user.id) | Q(is_superuser=True)
@@ -1368,8 +1368,7 @@
                         remove_perm('change_group', user, group)
                                         
                 group.save()
-                form_status = 'saved'       
-                    
+                form_status = 'saved'                   
     else:
         form = GroupAddForm(initial={'name':unicode(group.name)})    
 
@@ -1377,4 +1376,3 @@
     return render_to_response("ldt/ldt_utils/create_group.html", {'group_id' : group_id, 'form' : form, 'form_status' : form_status,
                                                                   'elem_list' : user_list, 'member_list': member_list, 'admin_list': admin_list,
                                                                   'is_owner_group': is_owner_group}, context_instance=RequestContext(request))
-

--- a/src/ldt/ldt/security/middleware.py	Mon Dec 12 12:57:38 2011 +0100
+++ b/src/ldt/ldt/security/middleware.py	Mon Dec 12 14:48:57 2011 +0100
@@ -1,17 +1,17 @@
-from ldt.security.utils import protect_models, unprotect_models, _thread_locals
+from ldt.security.utils import protect_models, unprotect_models, _thread_locals, set_current_user, del_current_user
 
 class SecurityMiddleware(object):
     
     def process_request(self, request):
         if not hasattr(_thread_locals, 'user'):
-            _thread_locals.user = request.user
+            set_current_user(request.user)
             protect_models()
     
     def process_response(self, request, response):
         
         if hasattr(_thread_locals, 'user'):            
             unprotect_models()
-            del _thread_locals.user
+            del_current_user()
                 
         return response
     
\ No newline at end of file

--- a/src/ldt/ldt/security/utils.py	Mon Dec 12 12:57:38 2011 +0100
+++ b/src/ldt/ldt/security/utils.py	Mon Dec 12 14:48:57 2011 +0100
@@ -3,6 +3,7 @@
 from guardian.core import ObjectPermissionChecker
 from guardian.shortcuts import assign, remove_perm, get_users_with_perms, get_groups_with_perms
 
+
 try:
     from threading import local
 except ImportError:
@@ -13,6 +14,12 @@
 def get_current_user():
     return getattr(_thread_locals, 'user', None)
 
+def set_current_user(user):
+    _thread_locals.user = user
+    
+def del_current_user():
+    del _thread_locals.user
+    
 def protect_models():
     cls_list = ToProtect.get_models()
     if cls_list:
@@ -104,7 +111,7 @@
     perm_name = "%s.change_%s" % (cls._meta.app_label, model_name)
         
     for obj in obj_list:
-        if not checker or checker.has_perm(perm_name, obj):
+        if checker and checker.has_perm(perm_name, obj):
             obj.change = True
         else:
             obj.change = False
@@ -176,11 +183,11 @@
     for u in members:
         if u == user:
             continue
-        u_dict = {'name': u.username, 'id': u.id, 'type': 'user'}
+        u_dict = {'name': u.username, 'id': u.id, 'type': 'user', 'change': False}
         if u in admin:
             u_dict['change'] = True
         member_list.append(u_dict)
         
-    admin_list = [{'name': e.username, 'id': e.id, 'type': 'user'} for e in admin]
+    admin_list = [{'name': e.username, 'id': e.id, 'type': 'user', 'change': False} for e in admin]
     
     return [member_list, admin_list]