diff --git a/group/templates/group/group_info.html b/group/templates/group/group_info.html
index 2fb9ff9b79..47eba6ad9e 100644
--- a/group/templates/group/group_info.html
+++ b/group/templates/group/group_info.html
@@ -5,22 +5,21 @@
 {% block left_panel %}
     <h3>管理员</h3>
     {% for member in members %}
-    {% if member.props.is_staff == 1 %}
-    <p>{{ member.props.user_name }}</p>
+    {% if member.is_staff == 1 %}
+    <p>{{ member.short_username }}</p>
     {% endif %}
     {% endfor %}
     <h3>成员</h3>
     {% for member in members %}
-    {% if member.props.is_staff == 0 %}
-    <p>{{ member.props.user_name }}</p>
+    {% if member.is_staff == 0 %}
+    <p>{{ member.short_username }}</p>
     {% endif %}
     {% endfor %}
     <h3>操作</h3>
 <ul>    
     {% if is_staff %}
     <li><a id="add-member" href="#">添加成员</a></li>
-    <li><a id="remove-member" href="#">删除成员</a></li>
-    <li><a id="remove-group" href="#">解散小组</a></li>
+    <li><a id="group-mgr" href="{{ SITE_ROOT }}group/manage/{{ group_id }}/">小组管理</a></li>
     {% else %}
     <li><a id="quit-group" href="#">退出小组</a></li>
     {% endif %}
@@ -45,7 +44,7 @@
         <td>{{ repo.props.desc }}</td>
         <td>{{ repo.share_from }}</td>
         <td>
-        <button data="{{ SITE_ROOT }}download/repo/?repo_id={{ repo.props.id }}" class="download-btn">下载</button>
+        <button data="{{ repo.props.id }}" class="download-btn">下载</button>
         {% if is_staff or repo.share_from_me  %}
         <button data="{{ SITE_ROOT }}shareadmin/removeshare/?repo_id={{ repo.props.id }}&gid={{ group_id }}" class="repo-delete-btn">删除</button>
         {% endif %}
@@ -70,12 +69,6 @@
     <input type="submit" value="提交" />
 </form>
 
-<div id="dialog-remove-confirm" class="center hide">
-  <p>确定要解散？</p>
-  <button id="rm-yes-btn">确定</button>
-  <button class="simplemodal-close">取消</button>
-</div>
-
 <div id="dialog-quit-confirm" class="center hide">
   <p>确定要退出？</p>
   <button id="quit-yes-btn">确定</button>
@@ -90,22 +83,10 @@ $("#add-member").click(function() {
     $("#member-add-form").modal({appendTo: "#main", containerCss:{padding:18}});
 });
 
-$("#remove-member").click(function() {
-    $("#member-remove-form").modal({appendTo: "#main", containerCss:{padding:18}});
-});
-
-$("#remove-group").click(function() {
-    $('#dialog-remove-confirm').modal({appendTo:'#main'});
-});
-
 $("#quit-group").click(function() {
     $('#dialog-quit-confirm').modal({appendTo:'#main'});
 });
         
-$('#rm-yes-btn').click(function() {
-    location.href = "{{ SITE_ROOT }}group/rm/?gid={{ group_id }}";
-});
-
 $('#quit-yes-btn').click(function() {
     location.href = "{{ SITE_ROOT }}group/quit/?gid={{ group_id }}";
 });
@@ -114,5 +95,8 @@ $('.repo-delete-btn').click(function() {
     location.href = $(this).attr('data');
 });
 
+$('.download-btn').click(function() {
+    window.open('{{ SITE_ROOT }}seafile_access_check/?repo_id=' + $(this).attr('data'));
+});        
 </script>
 {% endblock %}
diff --git a/group/templates/group/group_manage.html b/group/templates/group/group_manage.html
new file mode 100644
index 0000000000..1b5a2df5b4
--- /dev/null
+++ b/group/templates/group/group_manage.html
@@ -0,0 +1,59 @@
+{% extends "myhome_base.html" %}
+{% load seahub_tags %}
+
+{% block nav_group_class %}class="cur"{% endblock %}
+{% block left_panel %}
+<ul>
+    <li><a id="group-info" href="{{ SITE_ROOT }}group/{{ group_id }}/">返回小组</a></li>
+    <li><a id="group-remove" href="#">解散小组</a></li>
+</ul>
+{% endblock %}
+
+{% block right_panel %}
+
+<h3>小组管理</h3>
+{% if members %}
+<table class="member-list">
+    <tr>
+        <th width="70%">邮箱</th>
+        <th width="30%">操作</th>
+    </tr>
+
+    {% for member in members %}
+    <tr>
+        <td>{{ member.user_name }}</td>
+        {% if not member.is_staff %}
+        <td><button data="{{ member.user_name }}" class="member-remove-btn">删除</button></td>
+        {% else %}
+        <td></td>
+        {% endif %}
+        
+    </tr>
+    {% endfor %}
+</table>
+{% else %}
+<p>暂无</p>
+{% endif %}
+
+<form id="member-remove-form" action="{{ SITE_ROOT }}group/memberrm/" method="post" name="member-remove-form" class="hide">
+    <label>邮箱</label><br />
+    <input id="user_name" name="user_name" value="" />
+    <input type="hidden" id="group_id" name="group_id" value="{{ group_id }}" />
+    <input type="submit" value="提交" />
+</form>
+
+{% endblock %}
+
+{% block extra_script %}
+<script type="text/javascript">
+$("#group-remove").click(function() {
+    location.href = "{{ SITE_ROOT }}group/rm?gid={{ group_id }}";
+});
+
+$('.member-remove-btn').click(function() {
+    username = $(this).attr('data');
+    $("#user_name").val(username);
+    $("#member-remove-form").submit();
+});        
+</script>
+{% endblock %}
diff --git a/group/urls.py b/group/urls.py
index d6645bc236..607cc44fdc 100644
--- a/group/urls.py
+++ b/group/urls.py
@@ -2,7 +2,7 @@ from django.conf.urls.defaults import *
 
 from views import group_list, group_add, group_info, \
     group_add_member, group_remove_member, \
-    group_quit, group_remove
+    group_quit, group_remove, group_manage
 
 urlpatterns = patterns('',
     url(r'^$', group_list, name='group_list'),
@@ -10,6 +10,7 @@ urlpatterns = patterns('',
     (r'^rm/$', group_remove),
     (r'^memberadd/$', group_add_member),
     (r'^memberrm/$', group_remove_member),
-    (r'^quit/$', group_quit),                       
+    (r'^quit/$', group_quit),
+    url(r'^manage/(?P<group_id>[^/]+)/$', group_manage, name='group_manage'),
     url(r'^(?P<group_id>[^/]+)/$', group_info, name='group_info'),
 )
diff --git a/group/views.py b/group/views.py
index cf2c6d63d0..9c7f37c864 100644
--- a/group/views.py
+++ b/group/views.py
@@ -10,7 +10,7 @@ from seaserv import ccnet_rpc, seafserv_threaded_rpc, get_repo, \
     get_group_repoids
 
 from seahub.views import validate_emailuser
-from seahub.utils import go_error, go_permission_error
+from seahub.utils import go_error, go_permission_error, validate_group_name
 
 from pysearpc import SearpcError
 
@@ -27,9 +27,9 @@ def group_add(request):
     error_msg = None
     if request.method == 'POST':
         group_name = request.POST.get('group_name')
-        if group_name.find('@') >= 0:
-            return go_error(request, u'小组名称不能包含@')
-            
+        if not validate_group_name(group_name):
+            return go_error(request, u'小组名称只能包含中英文字符，数字及下划线')
+        
         try:
             ccnet_rpc.create_group(group_name.encode('utf-8'), request.user.username)
         except SearpcError, e:
@@ -47,6 +47,10 @@ def group_remove(request):
     except ValueError:
         return HttpResponseRedirect(reverse('group_list', args=[]))
 
+    # check whether use is the group staff
+    if not ccnet_rpc.check_group_staff(group_id_int, request.user.username):
+        return go_permission_error(request, u'只有小组管理员有权解散小组')
+    
     try:
         ccnet_rpc.remove_group(group_id_int, request.user.username)
         seafserv_threaded_rpc.remove_repo_group(group_id_int, None)
@@ -61,6 +65,15 @@ def group_info(request, group_id):
         group_id_int = int(group_id)
     except ValueError:
         return HttpResponseRedirect(reverse('group_list', args=[]))
+
+    # check whether user belong to the group
+    joined = False
+    groups = ccnet_rpc.get_groups(request.user.username)
+    for group in groups:
+        if group.id == group_id_int:
+            joined = True
+    if not joined:
+        return go_error(request, u'未加入该小组')
     
     group = ccnet_rpc.get_group(group_id_int)
     if not group:
@@ -72,6 +85,8 @@ def group_info(request, group_id):
         is_staff = False
         
     members = ccnet_rpc.get_group_members(group_id_int)
+    for member in members:
+        member.short_username = member.user_name.split('@')[0]
     
     repos = []
     repo_ids = get_group_repoids(group_id=group_id_int)
@@ -136,7 +151,7 @@ def group_remove_member(request):
             except SearpcError, e:
                 return go_error(request, e.msg)
 
-    return HttpResponseRedirect(reverse('group_info', args=[group_id]))
+    return HttpResponseRedirect(reverse('group_manage', args=[group_id]))
 
 @login_required
 def group_quit(request):
@@ -154,6 +169,24 @@ def group_quit(request):
         
     return HttpResponseRedirect(reverse('group_list', args=[]))
 
+@login_required
+def group_manage(request, group_id):
+    try:
+        group_id_int = int(group_id)
+    except ValueError:
+        return HttpResponseRedirect(reverse('group_list', args=[]))
+
+    # check whether user is the group staff
+    if not ccnet_rpc.check_group_staff(group_id_int, request.user.username):
+        return go_permission_error(request, u'只有小组管理员有权管理小组')
+
+    members = ccnet_rpc.get_group_members(group_id_int)
+    
+    return render_to_response('group/group_manage.html', {
+            'group_id': group_id_int,
+            'members': members,
+            }, context_instance=RequestContext(request))
+    
 def group_share_repo(request, repo_id, group_id, from_email):
     """
     share a repo to a group
@@ -173,7 +206,7 @@ def group_share_repo(request, repo_id, group_id, from_email):
     if not joined:
         return go_error(request, u'共享失败:未加入该小组')
     
-    if seafserv_threaded_rpc.group_share_repo(repo_id, group_id, from_email) != 0:
+    if seafserv_threaded_rpc.group_share_repo(repo_id, group_id, from_email, 'rw') != 0:
         return go_error(request, u'共享失败:内部错误')
 
 def group_unshare_repo(request, repo_id, group_id, from_email):
diff --git a/templates/myhome.html b/templates/myhome.html
index 6edf140790..b3e2ab24d3 100644
--- a/templates/myhome.html
+++ b/templates/myhome.html
@@ -160,7 +160,7 @@ $(function() {
     addConfirmTo($('.repo-delete-btn'));
 
     $(".download-btn").click(function() {
-            window.open('/seafile_access_check/?repo_id=' + $(this).attr('data'));
+            window.open('{{ SITE_ROOT }}seafile_access_check/?repo_id=' + $(this).attr('data'));
        });
 
 });
diff --git a/utils.py b/utils.py
index e0bca431ce..090bfc7d05 100644
--- a/utils.py
+++ b/utils.py
@@ -7,6 +7,7 @@ from django.template import RequestContext
 from django.utils.hashcompat import sha_constructor
 
 import time
+import re
 import settings
 
 def go_permission_error(request, msg=None):
@@ -71,3 +72,11 @@ def gen_token():
 
     token = sha_constructor(settings.SECRET_KEY + unicode(time.time())).hexdigest()[::8]
     return token
+
+def validate_group_name(group_name):
+    """
+    Check whether group name is valid.
+    A valid group name only contains alphanumeric character
+
+    """
+    return re.match('^\w+$', group_name, re.U)
diff --git a/views.py b/views.py
index fde7a9d8a2..b9e184ac29 100644
--- a/views.py
+++ b/views.py
@@ -381,9 +381,12 @@ def repo_add_share(request):
                 group_name = to_email.split(' ')[0]
                 group_creator = to_email.split(' ')[1]
                 if validate_owner(request, repo_id):
+                    # get all the groups the user joined
                     groups = ccnet_rpc.get_groups(request.user.username)
                     find = False
                     for group in groups:
+                        # for every group that user joined, if group name and
+                        # group creator matchs, then has find the group
                         if group.props.group_name == group_name and \
                                 group_creator.find(group.props.creator_name) >= 0:
                             from seahub.group.views import group_share_repo
@@ -423,8 +426,12 @@ def repo_list_share(request):
         if not repo_id:
             continue
         repo = get_repo(repo_id)
+        if not repo:
+            continue
         group_id = group_repo.props.group_id
         group = ccnet_rpc.get_group(int(group_id))
+        if not group:
+            continue
         repo.props.shared_email = group.props.group_name
         repo.gid = group_id