diff --git a/app/controllers/dmsf_controller.rb b/app/controllers/dmsf_controller.rb
index c07d4430..d92a574f 100644
--- a/app/controllers/dmsf_controller.rb
+++ b/app/controllers/dmsf_controller.rb
@@ -245,8 +245,7 @@ class DmsfController < ApplicationController
     @parent = @folder.dmsf_folder
     @pathfolder = copy_folder(@folder)
     @force_file_unlock_allowed = User.current.allowed_to?(:force_file_unlock, @project)
-    @users = User.find(@folder.dmsf_folder_permissions.users.map{ |p| p.object_id })
-    @users.delete_if{ |u| !u.active? }
+    @users = Principal.active.where(:id => @folder.dmsf_folder_permissions.users.map{ |p| p.object_id })
   end
 
   def save
diff --git a/app/controllers/dmsf_folder_permissions_controller.rb b/app/controllers/dmsf_folder_permissions_controller.rb
index f2410fb8..f400b2bd 100644
--- a/app/controllers/dmsf_folder_permissions_controller.rb
+++ b/app/controllers/dmsf_folder_permissions_controller.rb
@@ -32,16 +32,17 @@ class DmsfFolderPermissionsController < ApplicationController
   end
 
   def new
-    @users = users_for_new_users
+    @principals = users_for_new_users
   end
 
   def append
-    @users = User.active.visible.where(:id => params[:user_ids]).to_a
-    render :nothing => true if @users.blank?
+    #@principals = User.active.visible.where(:id => params[:user_ids]).to_a
+    @principals = Principal.where(:id => params[:user_ids]).to_a
+    render :nothing => true if @principals.blank?
   end
 
   def autocomplete_for_user
-    @users = users_for_new_users
+    @principals = users_for_new_users
     respond_to do |format|
       format.js
     end
@@ -50,12 +51,13 @@ class DmsfFolderPermissionsController < ApplicationController
   private
 
   def users_for_new_users
-    if params[:q].blank? && @project.present?
-      scope = @project.users
-    else
-      scope = User.all.limit(100)
-    end
-    scope.active.visible.sorted.like(params[:q]).to_a
+    #if params[:q].blank? && @project.present?
+    #  scope = @project.users
+    #else
+    #  scope = User.all.limit(100)
+    #end
+    #scope.active.visible.sorted.like(params[:q]).to_a
+    Principal.active.visible.member_of(@project).like(params[:q]).order(:type, :lastname).to_a
   end
 
   def find_project
diff --git a/app/models/dmsf_folder.rb b/app/models/dmsf_folder.rb
index 6fa2d1ec..79cdcc71 100644
--- a/app/models/dmsf_folder.rb
+++ b/app/models/dmsf_folder.rb
@@ -88,11 +88,16 @@ class DmsfFolder < ActiveRecord::Base
   def self.visible_condition(system=true)
     Project.allowed_to_condition(User.current, :view_dmsf_folders) do |role, user|
       if user.id && user.logged?
+        permissions = "#{DmsfFolderPermission.table_name}"
+        folders = "#{DmsfFolder.table_name}"
+        group_ids = user.groups.map{ |g| g.id }.join(',')
+        group_ids = -1 if group_ids.blank?
+        allowed = (system && role.allowed_to?(:display_system_folders)) ? 1 : 0
         %{
-          ((#{DmsfFolderPermission.table_name}.object_id IS NULL) OR
-          ((#{DmsfFolderPermission.table_name}.object_id = #{role.id} AND #{DmsfFolderPermission.table_name}.object_type = 'Role')) OR
-          ((#{DmsfFolderPermission.table_name}.object_id = #{user.id} AND #{DmsfFolderPermission.table_name}.object_type = 'User'))) AND
-          ((#{DmsfFolder.table_name}.system = 0 OR 1 = #{(system && role.allowed_to?(:display_system_folders)) ? 1 : 0}))
+          (#{permissions}.object_id IS NULL) OR
+          (#{permissions}.object_id = #{role.id} AND #{permissions}.object_type = 'Role') OR
+          ((#{permissions}.object_id = #{user.id} OR #{permissions}.object_id IN (#{group_ids})) AND #{permissions}.object_type = 'User') AND
+          (#{folders}.system = 0 OR 1 = #{allowed})
         }
       else
         '0 = 1'
@@ -113,7 +118,12 @@ class DmsfFolder < ActiveRecord::Base
       if folder.dmsf_folder_permissions.any?
         role_ids = User.current.roles_for_project(folder.project).map{ |r| r.id }
         role_permission_ids = folder.dmsf_folder_permissions.roles.map{ |p| p.object_id }
-        return (role_ids & role_permission_ids).any? || folder.dmsf_folder_permissions.users.map{ |p| p.object_id }.include?(User.current.id)
+        return true if (role_ids & role_permission_ids).any?
+        principal_ids = folder.dmsf_folder_permissions.users.map{ |p| p.object_id }
+        return true if principal_ids.include?(User.current.id)
+        user_group_ids = User.current.groups.map{ |g| g.id }
+        return true if (principal_ids & user_group_ids).any?
+        return false
       end
       true
     end
diff --git a/app/views/dmsf_folder_permissions/_new.html.erb b/app/views/dmsf_folder_permissions/_new.html.erb
index c3b9d617..76f68cf3 100644
--- a/app/views/dmsf_folder_permissions/_new.html.erb
+++ b/app/views/dmsf_folder_permissions/_new.html.erb
@@ -12,7 +12,7 @@
                  :project_id => @project) }')" %>
 
   <div id="users_for_watcher">
-    <%= render_principals_for_new_folder_permissions(@users) %>
+    <%= render_principals_for_new_folder_permissions(@principals) %>
   </div>
 
   <p class="buttons">
diff --git a/app/views/dmsf_folder_permissions/append.js.erb b/app/views/dmsf_folder_permissions/append.js.erb
index 187809ee..7496339a 100644
--- a/app/views/dmsf_folder_permissions/append.js.erb
+++ b/app/views/dmsf_folder_permissions/append.js.erb
@@ -1,4 +1,4 @@
-<% @users.each do |user| %>
-  $("#user_permission_ids_<%= user.id %>").remove();
+<% @principals.each do |principal| %>
+  $("#user_permission_ids_<%= principal.id %>").remove();
 <% end %>
-$('#user_permissions').append('<%= escape_javascript(users_checkboxes(@users)) %>');
+$('#user_permissions').append('<%= escape_javascript(users_checkboxes(@principals)) %>');
diff --git a/app/views/dmsf_folder_permissions/autocomplete_for_user.js.erb b/app/views/dmsf_folder_permissions/autocomplete_for_user.js.erb
index 9662f6af..c288b4e3 100644
--- a/app/views/dmsf_folder_permissions/autocomplete_for_user.js.erb
+++ b/app/views/dmsf_folder_permissions/autocomplete_for_user.js.erb
@@ -1,2 +1,2 @@
 $('#users_for_watcher').html('<%= escape_javascript(
-  render_principals_for_new_folder_permissions(@users)) %>');
+  render_principals_for_new_folder_permissions(@principals)) %>');
diff --git a/app/views/dmsf_folder_permissions/new.js.erb b/app/views/dmsf_folder_permissions/new.js.erb
index e35cbb80..abda4d5f 100644
--- a/app/views/dmsf_folder_permissions/new.js.erb
+++ b/app/views/dmsf_folder_permissions/new.js.erb
@@ -1,3 +1,3 @@
-$('#ajax-modal').html('<%= escape_javascript(render :partial => 'dmsf_folder_permissions/new', :locals => {:users => @users}) %>');
+$('#ajax-modal').html('<%= escape_javascript(render :partial => 'dmsf_folder_permissions/new') %>');
 showModal('ajax-modal', '400px');
 $('#ajax-modal').addClass('new-user');