diff --git a/base/context_processors.py b/base/context_processors.py
index 0f88069765..4546ad231d 100644
--- a/base/context_processors.py
+++ b/base/context_processors.py
@@ -7,7 +7,7 @@ These are referenced from the setting TEMPLATE_CONTEXT_PROCESSORS and used by
 RequestContext.
 """
 from settings import SEAFILE_VERSION, SITE_TITLE, SITE_NAME, SITE_BASE, \
-    ENABLE_SIGNUP
+    ENABLE_SIGNUP, MAX_FILE_NAME
 try:
     from settings import BUSINESS_MODE
 except ImportError:
@@ -36,5 +36,6 @@ def base(request):
         'base_template': base_template,
         'site_name': SITE_NAME,
         'enable_signup': ENABLE_SIGNUP,
+        'max_file_name': MAX_FILE_NAME,
         }
 
diff --git a/forms.py b/forms.py
index e69562ec91..0dde6ad12c 100644
--- a/forms.py
+++ b/forms.py
@@ -52,9 +52,10 @@ class RepoCreateForm(forms.Form):
     """
     Form for creating repo and org repo.
     """
-    repo_name = forms.CharField(max_length=50, error_messages={
+    repo_name = forms.CharField(max_length=settings.MAX_FILE_NAME,
+                                error_messages={
             'required': _(u'Name can\'t be empty'),
-            'max_length': _(u'Name is too long (maximum is 50 characters)')
+            'max_length': _(u'Name is too long (maximum is 255 characters)')
             })
     repo_desc = forms.CharField(max_length=100, error_messages={
             'required': _(u'Description can\'t be empty'),
@@ -112,7 +113,7 @@ class RepoNewFileForm(forms.Form):
     """
     repo_id = forms.CharField(error_messages={'required': _('Repo id is required')})
     parent_dir = forms.CharField(error_messages={'required': _('Parent dir is required')})
-    new_file_name = forms.CharField(max_length=settings.MAX_UPLOAD_FILE_NAME_LEN,
+    new_file_name = forms.CharField(max_length=settings.MAX_FILE_NAME,
                                 error_messages={
                                     'max_length': _('File name is too long'),
                                     'required': _('File name can\'t be empty'),
@@ -136,7 +137,7 @@ class RepoRenameFileForm(forms.Form):
     repo_id = forms.CharField(error_messages={'required': _("Repo id is required")})
     parent_dir = forms.CharField(error_messages={'required': _("Parent dir is required")})
     oldname = forms.CharField(error_messages={'required': _("Oldname is required")})
-    newname = forms.CharField(max_length=settings.MAX_UPLOAD_FILE_NAME_LEN,
+    newname = forms.CharField(max_length=settings.MAX_FILE_NAME,
                                 error_messages={
                                     'max_length': _('File name is too long'),
                                     'required': _('File name can\'t be empty'),
@@ -159,7 +160,7 @@ class RepoNewDirForm(forms.Form):
     """
     repo_id = forms.CharField(error_messages={'required': _("Repo id is required")})
     parent_dir = forms.CharField(error_messages={'required': _("Parent dir is required")})
-    new_dir_name = forms.CharField(max_length=settings.MAX_UPLOAD_FILE_NAME_LEN,
+    new_dir_name = forms.CharField(max_length=settings.MAX_FILE_NAME,
                                 error_messages={
                                     'max_length': _('Directory name is too long'),
                                     'required': _('Directory name can\'t be empty'),
diff --git a/settings.py b/settings.py
index 56e10b19f4..0ea8ce6e4b 100644
--- a/settings.py
+++ b/settings.py
@@ -164,14 +164,14 @@ CACHES = {
 }
 
 MAX_UPLOAD_FILE_SIZE        = 100 * 1024 * 1024 # 100 MB
-MAX_UPLOAD_FILE_NAME_LEN    = 256
+MAX_UPLOAD_FILE_NAME_LEN    = 255
+MAX_FILE_NAME 		    = MAX_UPLOAD_FILE_NAME_LEN
+MAX_PATH 		    = 4096
 
 # Set to True when user will be activaed after registration,
 # and no email sending
 ACTIVATE_AFTER_REGISTRATION = True
-
-# In order to use email sending,
-# ACTIVATE_AFTER_REGISTRATION MUST set to False
+# In order to use email sending, `ACTIVATE_AFTER_REGISTRATION` must set to False
 REGISTRATION_SEND_MAIL = False
 
 # Seafile httpserver address and port
diff --git a/templates/repo.html b/templates/repo.html
index 9ea4f2a7eb..cd8aa38300 100644
--- a/templates/repo.html
+++ b/templates/repo.html
@@ -225,7 +225,7 @@
         <label>{% trans "Directory Name" %}</label>
         <input type="hidden" name="repo_id" value="{{ repo.id }}" />
         <input type="hidden" name="parent_dir" value="{{ path }}" />
-        <input type="text" name="new_dir_name" value="" class="long-input" /><br />
+        <input type="text" name="new_dir_name" value="" class="long-input" maxlength="{{max_file_name}}"/><br />
         <p class="error hide"></p>
         <input type="submit" value="{% trans "Submit" %}" class="submit" />
         <button class="simplemodal-close">{% trans "Cancel" %}</button>
@@ -241,7 +241,7 @@
         <label>{% trans "File Name" %}</label>
         <input type="hidden" name="repo_id" value="{{ repo.id }}" />
         <input type="hidden" name="parent_dir" value="{{ path }}" />
-        <input type="text" name="new_file_name" value="" class="long-input" />
+        <input type="text" name="new_file_name" value="" class="long-input" maxlength="{{max_file_name}}"/>
         <p class="error hide"></p>
         <input type="submit" value="{% trans "Submit"%}" class="submit" />
         <button class="simplemodal-close">{% trans "Cancel"%}</button>
@@ -274,7 +274,7 @@
         <input type="hidden" name="repo_id" value="{{ repo.id }}" />
         <input type="hidden" name="parent_dir" value="{{ path }}" />
         <input type="hidden" name="oldname" value="" />
-        <input type="text" name="newname" value="" class="long-input" /><br />
+        <input type="text" name="newname" value="" class="long-input" maxlength="{{max_file_name}}"/><br />
         <p class="error hide"></p>
         <input type="submit" value="{% trans "Submit"%}" class="submit" />
         <button class="simplemodal-close">{% trans "Cancel"%}</button>
diff --git a/templates/snippets/repo_create_form.html b/templates/snippets/repo_create_form.html
index f4a1d141d6..9bbd206854 100644
--- a/templates/snippets/repo_create_form.html
+++ b/templates/snippets/repo_create_form.html
@@ -2,7 +2,7 @@
 <form id="repo-create-form" action="" method="post" class="hide">
     <h3>{% trans "New Library"%}</h3>
     <label>{% trans "Name"%}</label><br/>
-    <input id="repo-name" type="text" name="repo_name" value="" /><br />
+    <input id="repo-name" type="text" name="repo_name" value="" maxlength="{{max_file_name}}"/><br />
     <label>{% trans "Description"%}</label><br/>
     <textarea id="repo-desc" name="repo_desc"></textarea>
     {% if create_shared_repo %}
diff --git a/utils.py b/utils.py
index 1e5e831f92..8e9f962f71 100644
--- a/utils.py
+++ b/utils.py
@@ -20,7 +20,7 @@ from seaserv import seafserv_rpc, ccnet_threaded_rpc, seafserv_threaded_rpc, \
     CCNET_SERVER_PORT, get_org_id_by_repo_id, get_org_by_id, is_org_staff, \
     get_org_id_by_group, list_personal_shared_repos, get_org_group_repos,\
     get_personal_groups_by_user, list_personal_repos_by_owner, get_group_repos, \
-    list_org_repos_by_owner, get_org_groups_by_user
+    list_org_repos_by_owner, get_org_groups_by_user, check_permission
 try:
     from settings import DOCUMENT_CONVERTOR_ROOT
 except ImportError:
@@ -236,7 +236,7 @@ def get_accessible_repos(request, repo):
         return False
 
     accessible_repos = []
-    for r in owned_repos + groups_repos:
+    for r in owned_repos:
         if not has_repo(accessible_repos, r) and not r.encrypted:
             r.has_subdir = check_has_subdir(r)
             accessible_repos.append(r)
@@ -249,8 +249,15 @@ def get_accessible_repos(request, repo):
         r.desc = r.repo_desc
 
         if not has_repo(accessible_repos, r) and not r.encrypted:
-            r.has_subdir = check_has_subdir(r)
-            accessible_repos.append(r)
+            if check_permission(r.id, request.user.username) == 'rw':
+                r.has_subdir = check_has_subdir(r)
+                accessible_repos.append(r)
+
+    for r in groups_repos:
+        if not has_repo(accessiable_repos, r) and not r.encrypted :
+            if check_permission(r.id, request.user.username) == 'rw':
+                r.has_subdir = check_has_subdir(r)
+                accessible_repos.append(r)
 
     return accessible_repos
 
diff --git a/views.py b/views.py
index db8f5fb367..da160c80c8 100644
--- a/views.py
+++ b/views.py
@@ -1668,6 +1668,18 @@ def file_move(request):
             and dst_path and obj_name and obj_type and op):
         return render_error(request)
 
+    # check file path
+    if len(dst_path+obj_name) > settings.MAX_PATH:
+        messages.error(request, _('Destination path is too long.'))
+        url = reverse('repo', args=[src_repo_id]) + ('?p=%s' % urllib2.quote(src_path.encode('utf-8')))
+        return HttpResponseRedirect(url)
+    
+    # check whether user has write permission to dest repo
+    if check_permission(dst_repo_id, request.user.username) != 'rw':
+        messages.error(request, _('You can not modify that library.'))
+        url = reverse('repo', args=[src_repo_id]) + ('?p=%s' % urllib2.quote(src_path.encode('utf-8')))
+        return HttpResponseRedirect(url)
+        
     # do nothing when dst is the same as src
     if src_repo_id == dst_repo_id and src_path == dst_path:
         url = reverse('repo', args=[src_repo_id]) + ('?p=%s' % urllib2.quote(src_path.encode('utf-8')))
@@ -1681,7 +1693,6 @@ def file_move(request):
                         % {'op': _(u"copy") if op == 'cp' else _(u"move"),
                            'src': src_dir,
                            'des': dst_path}
-            #return render_error(request, error_msg)
             messages.add_message(request, messages.ERROR, error_msg)
             url = reverse('repo', args=[src_repo_id]) + ('?p=%s' % urllib2.quote(src_path.encode('utf-8')))
             return HttpResponseRedirect(url)