diff --git a/inc/ui/collection-edit.php b/inc/ui/collection-edit.php
index f04af8df..1348407c 100644
--- a/inc/ui/collection-edit.php
+++ b/inc/ui/collection-edit.php
@@ -17,8 +17,10 @@ $privilege_names = array( 'read', 'write-properties', 'write-content', 'unlock',
                          'bind', 'unbind', 'write-acl', 'read-free-busy', 'schedule-deliver-invite', 'schedule-deliver-reply',
                          'schedule-query-freebusy', 'schedule-send-invite', 'schedule-send-reply', 'schedule-send-freebusy' );
 
+$can_write_collection = ($session->AllowedTo('Admin') || $session->principal_id == $id );
+
 $pwstars = '@@@@@@@@@@';
-if ( $editor->IsSubmit() ) {
+if ( $can_write_collection && $editor->IsSubmit() ) {
   $editor->WhereNewRecord( "collection_id=(SELECT CURRVAL('dav_id_seq'))" );
   if ( isset($_POST['default_privileges']) ) {
     $privilege_bitpos = array_flip($privilege_names);
@@ -65,7 +67,7 @@ $default_privileges = bindec($editor->Value('default_privileges'));
 $privileges_set = '<div id="privileges">';
 for( $i=0; $i<count($privilege_names); $i++ ) {
   $privilege_set = ( (1 << $i) & $default_privileges ? ' CHECKED' : '');
-  $privileges_set .= '<label class="privilege"><input name="default_privileges['.$privilege_names[$i].']" id="priv_checkbox_'.$privilege_names[$i].'" type="checkbox"'.$privilege_set.'>'.$privilege_xlate[$privilege_names[$i]].'</label>'."\n";
+  $privileges_set .= '<label class="privilege"><input name="default_privileges['.$privilege_names[$i].']" id="default_privileges_'.$privilege_names[$i].'" type="checkbox"'.$privilege_set.'>'.$privilege_xlate[$privilege_names[$i]].'</label>'."\n";
 }
 $privileges_set .= '</div>';
 
@@ -88,26 +90,29 @@ function toggle_privileges() {
   var argv = toggle_privileges.arguments;
   var argc = argv.length;
 
-  if ( argc < 1 ) {
+  if ( argc < 2 ) {
     return;
   }
+  var match_me = argv[0];
 
   var set_to = -1;
-  if ( argv[0] == 'all' ) {
-    var fieldcount = document.forms[0].elements.length;
+  if ( argv[1] == 'all' ) {
+    var form = document.getElementById(argv[2]);
+    var fieldcount = form.elements.length;
+    var matching = '/^' + match_me + '/';
     for (var i = 0; i < fieldcount; i++) {
-      var fieldname = document.forms[0].elements[i].name;
-      if ( fieldname.match( /^default_privileges/ ) ) {
+      var fieldname = form.elements[i].name;
+      if ( fieldname.match( match_me ) ) {
         if ( set_to == -1 ) {
-          set_to = ( document.forms[0].elements[i].checked ? 0 : 1 );
+          set_to = ( form.elements[i].checked ? 0 : 1 );
         }
-        document.forms[0].elements[i].checked = set_to;
+        form.elements[i].checked = set_to;
       }
     }
   }
   else {
-    for (var i = 0; i < argc; i++) {
-      var f = document.getElementById( 'priv_checkbox_' + argv[i]);
+    for (var i = 1; i < argc; i++) {
+      var f = document.getElementById( match_me + '_' + argv[i]);
       if ( set_to == -1 ) {
         set_to = ( f.checked ? 0 : 1 );
       }
@@ -148,19 +153,19 @@ label.privilege {
  <tr> <th class="right">$prompt_calendar:</th>         <td class="left">##is_calendar.checkbox##</td> </tr>
  <tr> <th class="right">$prompt_addressbook:</th>      <td class="left">##is_addressbook.checkbox##</td> </tr>
  <tr> <th class="right">$prompt_privileges:</th><td class="left">
-<input type="button" value="All" class="submit" title="Toggle all privileges" onclick="toggle_privileges('all');">
+<input type="button" value="All" class="submit" title="Toggle all privileges" onclick="toggle_privileges('default_privileges', 'all', 'editor_1');">
 <input type="button" value="Read/Write" class="submit" title="Set read+write privileges"
- onclick="toggle_privileges('read', 'write-properties', 'write-content', 'bind', 'unbind', 'read-free-busy',
+ onclick="toggle_privileges('default_privileges', 'read', 'write-properties', 'write-content', 'bind', 'unbind', 'read-free-busy',
                             'read-current-user-privilege-set', 'schedule-deliver-invite', 'schedule-deliver-reply', 'schedule-query-freebusy',
                             'schedule-send-invite', 'schedule-send-reply', 'schedule-send-freebusy' );">
 <input type="button" value="Read" class="submit" title="Set read privileges"
- onclick="toggle_privileges('read', 'read-free-busy', 'schedule-query-freebusy', 'read-current-user-privilege-set' );">
+ onclick="toggle_privileges('default_privileges', 'read', 'read-free-busy', 'schedule-query-freebusy', 'read-current-user-privilege-set' );">
 <input type="button" value="Free/Busy" class="submit" title="Set free/busy privileges"
- onclick="toggle_privileges('read-free-busy', 'schedule-query-freebusy' );">
+ onclick="toggle_privileges('default_privileges', 'read-free-busy', 'schedule-query-freebusy' );">
 <input type="button" value="Schedule Deliver" class="submit" title="Set schedule-deliver privileges"
- onclick="toggle_privileges('schedule-deliver-invite', 'schedule-deliver-reply', 'schedule-query-freebusy' );">
+ onclick="toggle_privileges('default_privileges', 'schedule-deliver-invite', 'schedule-deliver-reply', 'schedule-query-freebusy' );">
 <input type="button" value="Schedule Send" class="submit" title="Set schedule-deliver privileges"
- onclick="toggle_privileges('schedule-send-invite', 'schedule-send-reply', 'schedule-send-freebusy' );">
+ onclick="toggle_privileges('default_privileges', 'schedule-send-invite', 'schedule-send-reply', 'schedule-send-freebusy' );">
 <br>$privileges_set</td> </tr>
  <tr> <th class="right">$prompt_timezone:</th>         <td class="left">##timezone.select##</td> </tr>
  <tr> <th class="right">$prompt_schedule_transp:</th>  <td class="left">##schedule_transp.select##</td> </tr>
@@ -177,15 +182,97 @@ $page_elements[] = $editor;
 $c->stylesheets[] = 'css/browse.css';
 $c->scripts[] = 'js/browse.js';
 
+
+$grantrow = new Editor("Grants", "grants");
+$grantrow->SetSubmitName( 'savegrantrow' );
+$grantrow->SetLookup( 'to_principal', 'SELECT principal_id, displayname FROM dav_principal WHERE principal_id NOT IN (SELECT member_id FROM group_member WHERE group_id = '.$id.')' );
+if ( $can_write_collection ) {
+  if ( $grantrow->IsSubmit() ) {
+    $_POST['by_collection'] = $id;
+    $to_principal = intval($_POST['to_principal']);
+    $orig_to_id =  intval($_POST['orig_to_id']);
+    $grantrow->SetWhere( "by_collection=".qpg($id)." AND to_principal=$orig_to_id");
+    if ( isset($_POST['grant_privileges']) ) {
+      $privilege_bitpos = array_flip($privilege_names);
+      $priv_names = array_keys($_POST['grant_privileges']);
+      $privs = privilege_to_bits($priv_names);
+      $_POST['privileges'] = sprintf('%024s',decbin($privs));
+      $grantrow->Assign('privileges', $privs_dec);
+    }
+    $grantrow->Write( );
+    unset($_GET['to_principal']);
+  }
+  elseif ( isset($_GET['delete_grant']) ) {        
+    $qry = new AwlQuery("DELETE FROM grants WHERE by_collection=:grantor_id AND to_principal = :to_principal",
+                          array( ':grantor_id' => $id, ':to_principal' => intval($_GET['delete_grant']) ));
+    $qry->Exec('collection-edit');
+  }
+}
+
+function edit_grant_row( $row_data ) {
+  global $grantrow, $id, $privilege_xlate, $privilege_names;
+  
+  if ( $row_data->to_principal > -1 ) {
+    $grantrow->SetRecord( $row_data );
+  }
+
+  $grant_privileges = bindec($grantrow->Value('grant_privileges'));
+  $privileges_set = '<div id="privileges">';
+  for( $i=0; $i < count($privilege_names); $i++ ) {
+    $privilege_set = ( (1 << $i) & $grant_privileges ? ' CHECKED' : '');
+    $privileges_set .= '<label class="privilege"><input name="grant_privileges['.$privilege_names[$i].']" id="grant_privileges_'.$privilege_names[$i].'" type="checkbox"'.$privilege_set.'>'.$privilege_xlate[$privilege_names[$i]].'</label>'."\n";
+  }
+  $privileges_set .= '</div>';
+
+  $orig_to_id = $row_data->to_principal;
+  $form_id = $grantrow->Id();
+  $form_url = preg_replace( '#&(edit|delete)_grant=\d+#', '', $_SERVER['REQUEST_URI'] );
+
+  $template = <<<EOTEMPLATE
+<form method="POST" enctype="multipart/form-data" id="form_$form_id" action="$form_url">
+  <td class="left" colspan="2"><input type="hidden" name="id" value="$id"><input type="hidden" name="orig_to_id" value="$orig_to_id">##to_principal.select##</td>
+  <td class="left" colspan="2">
+<input type="button" value="All" class="submit" title="Toggle all privileges" onclick="toggle_privileges('grant_privileges', 'all', 'form_$form_id');">
+<input type="button" value="Read/Write" class="submit" title="Set read+write privileges"
+ onclick="toggle_privileges('grant_privileges', 'read', 'write-properties', 'write-content', 'bind', 'unbind', 'read-free-busy',
+                            'read-current-user-privilege-set', 'schedule-deliver-invite', 'schedule-deliver-reply', 'schedule-query-freebusy',
+                            'schedule-send-invite', 'schedule-send-reply', 'schedule-send-freebusy' );">
+<input type="button" value="Read" class="submit" title="Set read privileges"
+ onclick="toggle_privileges('grant_privileges', 'read', 'read-free-busy', 'schedule-query-freebusy', 'read-current-user-privilege-set' );">
+<input type="button" value="Free/Busy" class="submit" title="Set free/busy privileges"
+ onclick="toggle_privileges('grant_privileges', 'read-free-busy', 'schedule-query-freebusy' );">
+<input type="button" value="Schedule Deliver" class="submit" title="Set schedule-deliver privileges"
+ onclick="toggle_privileges('grant_privileges', 'schedule-deliver-invite', 'schedule-deliver-reply', 'schedule-query-freebusy' );">
+<input type="button" value="Schedule Send" class="submit" title="Set schedule-deliver privileges"
+ onclick="toggle_privileges('grant_privileges', 'schedule-send-invite', 'schedule-send-reply', 'schedule-send-freebusy' );">
+<br>$privileges_set
+  <td class="center">##submit##</td>
+</form>
+
+EOTEMPLATE;
+
+  $grantrow->SetTemplate( $template );
+  $grantrow->Title("");
+
+  return $grantrow->Render();
+}
+
 $browser = new Browser(translate('Collection Grants'));
 
 $browser->AddColumn( 'to_principal', translate('To ID'), 'right', '##principal_link##' );
-$rowurl = $c->base_url . '/davical.php?action=edit&t=principal&id=';
+$rowurl = $c->base_url . '/davical.php?action=edit&t=collection&id=';
 $browser->AddHidden( 'principal_link', "'<a href=\"$rowurl' || to_principal || '\">' || to_principal || '</a>'" );
+$browser->AddHidden( 'grant_privileges', 'privileges' );
 $browser->AddColumn( 'displayname', translate('Display Name') );
 $browser->AddColumn( 'privs', translate('Privileges'), '', '', 'privileges_list(privileges)' );
 $browser->AddColumn( 'members', translate('Has Members'), '', '', 'has_members_list(principal_id)' );
 
+if ( $can_write_collection ) {
+  $del_link  = "<a href=\"/davical.php?action=edit&t=collection&id=$id&delete_grant=##to_principal##\" class=\"submit\">Delete</a>";
+  $edit_link  = "<a href=\"/davical.php?action=edit&t=collection&id=$id&edit_grant=##to_principal##\" class=\"submit\">Edit</a>";
+  $browser->AddColumn( 'action', 'Action', 'center', '', "'$edit_link&nbsp;$del_link'" );
+}
+
 $browser->SetOrdering( 'displayname', 'A' );
 
 $browser->SetJoins( "grants LEFT JOIN dav_principal ON (to_principal = principal_id) " );
@@ -200,5 +287,16 @@ else {
 $browser->DoQuery();
 $page_elements[] = $browser;
 
+if ( $can_write_collection ) {
+  if ( isset($_GET['edit_grant']) ) {
+    $browser->MatchedRow('to_principal', $_GET['edit_grant'], 'edit_grant_row');
+  }
+  else {        
+    $extra_row = array( 'to_principal' => -1 );
+    $browser->MatchedRow('to_principal', -1, 'edit_grant_row');
+    $extra_row = (object) $extra_row;
+    $browser->AddRow($extra_row);
+  }
+}