diff --git a/app/controllers/roles_controller.rb b/app/controllers/roles_controller.rb
index 8b2b71c..d9d539a 100644
--- a/app/controllers/roles_controller.rb
+++ b/app/controllers/roles_controller.rb
@@ -2,60 +2,60 @@
   respond_to :html
   after_action :verify_authorized
 
-	def create
-		@role = Role.new(params[:role])
+  def create
+    @role = Role.new(role_params)
     authorize @role
-		@role.access_level = params[:role][:access_level].to_i
-		if params[:role][:email].present?
-			message = _('User added to project')
-			if @role.save
-				if @role.user.nil? then
-					if User.find_by_email(params[:role][:email]).nil? then
-						User.invite!(email: params[:role][:email])
-						message = _('Invitation issued successfully.')
-						@role.user = User.find_by_email(params[:role][:email])
-						@role.save
-					else
-						@role.user = User.find_by_email(params[:role][:email])
-						@role.save
-						UserMailer.sharing_notification(@role).deliver
-					end
-				else
-					UserMailer.sharing_notification(@role).deliver
-				end
-				flash[:notice] = message
-				redirect_to controller: 'plans', action: 'share', id: @role.plan.slug
-			else
-				render action: "new"
-			end
-		else
-			flash[:notice] = _('Please enter an email address')
-			redirect_to controller: 'plans', action: 'share', id: @role.plan.slug
-		end
-	end
+    @role.access_level = params[:role][:access_level].to_i
+    if params[:user].present?
+      message = _('User added to project')
+      user = User.find_by(email: params[:user])
+      if user.nil?
+        User.invite!(email: params[:user])
+        message = _('Invitation issued successfully.')
+        user = User.find_by(email: params[:user])
+      end
+      @role.user = user
+      if @role.save
+        UserMailer.sharing_notification(@role).deliver
+        flash[:notice] = message
+      else
+        flash[:notice] = @role.errors
+      end
+    else
+      flash[:notice] = _('Please enter an email address')
+    end
+    redirect_to controller: 'plans', action: 'share', id: @role.plan.id
+  end
 
-	def update
-  	@role = Role.find(params[:id])
+
+  def update
+    @role = Role.find(params[:id])
     authorize @role
-  	@role.access_level = params[:role][:access_level].to_i
-		if @role.update_attributes(params[:role])
-			flash[:notice] = _('Sharing details successfully updated.')
-			UserMailer.permissions_change_notification(@role).deliver
-			redirect_to controller: 'plans', action: 'share', id: @role.plan.slug
-		else
-			render action: "edit"
-		end
-	end
+    @role.access_level = params[:role][:access_level].to_i
+    if @role.update_attributes(role_params)
+      flash[:notice] = _('Sharing details successfully updated.')
+      UserMailer.permissions_change_notification(@role).deliver
+      redirect_to controller: 'plans', action: 'share', id: @role.plan.id
+    else
+      render action: "edit"
+    end
+  end
 
-	def destroy
-		@role = Role.find(params[:id])
+  def destroy
+    @role = Role.find(params[:id])
     authorize @role
-		user = @role.user
-		plan = @role.plan
-		@role.destroy
+    user = @role.user
+    plan = @role.plan
+    @role.destroy
 
-		flash[:notice] = _('Access removed')
-		UserMailer.project_access_removed_notification(user, plan).deliver
-	  redirect_to controller: 'plans', action: 'share', id: @role.plan.slug
-	end
+    flash[:notice] = _('Access removed')
+    UserMailer.project_access_removed_notification(user, plan).deliver
+    redirect_to controller: 'plans', action: 'share', id: @role.plan.slug
+  end
+
+  private
+
+  def role_params
+    params.require(:role).permit(:plan_id, :access_level)
+  end
 end
\ No newline at end of file
diff --git a/app/policies/role_policy.rb b/app/policies/role_policy.rb
index 7aebf02..cf2b691 100644
--- a/app/policies/role_policy.rb
+++ b/app/policies/role_policy.rb
@@ -9,14 +9,14 @@
   end
 
   def create?
-    @role.plan.administerable_by(@user.id)
+    @role.plan.administerable_by?(@user.id)
   end
 
   def update?
-    @role.plan.administerable_by(@user.id)
+    @role.plan.administerable_by?(@user.id)
   end
 
   def destroy?
-    @role.plan.administerable_by(@user.id)
+    @role.plan.administerable_by?(@user.id)
   end
 end
\ No newline at end of file
diff --git a/app/views/plans/share.html.erb b/app/views/plans/share.html.erb
index 6f666b4..6852681 100644
--- a/app/views/plans/share.html.erb
+++ b/app/views/plans/share.html.erb
@@ -8,7 +8,7 @@
 <div class="dmp_details_body">
 
 	<!--Text describing page content-->
-	<%= raw _('<p>You can give other people access to your plan here. There are three permission levels.<ul><li>Users with "read only" access can only read the plan.</li><li>Editors can contribute to the plan.</li><li>Co-owners can also contribute to the plan, but additionally can edit the plan details and control access to the plan.</li></ul></p><p>Add each collaborator in turn by entering their email address below, choosing a permission level and clicking "Add collaborator".</p><p>Those you invite will receive an email notification that they have access to this plan, inviting them to register with %{application_name} if they don\'t already have an account. A notification is also issued when a user\'s permission level is changed.</p>') % { application_name: => Rails.configuration.branding[:application][:name] } %>
+	<%= raw _('<p>You can give other people access to your plan here. There are three permission levels.<ul><li>Users with "read only" access can only read the plan.</li><li>Editors can contribute to the plan.</li><li>Co-owners can also contribute to the plan, but additionally can edit the plan details and control access to the plan.</li></ul></p><p>Add each collaborator in turn by entering their email address below, choosing a permission level and clicking "Add collaborator".</p><p>Those you invite will receive an email notification that they have access to this plan, inviting them to register with %{application_name} if they don\'t already have an account. A notification is also issued when a user\'s permission level is changed.</p>') % { application_name: Rails.configuration.branding[:application][:name] } %>
 
 	<div class="dmp_details">
 		<h3><%= _('Collaborators')%></h3>
@@ -33,13 +33,13 @@
 									<%= _('Owner')%>
 								<% else %>
 									<%= form_for role, :url => {:controller => :roles, :action => :update, :id => role.id }, :html=>{:method=>:put} do |f| %>
-										<%= f.select :access_level, {_('Co-owner') => 3, _('Edit') => 2,  _('Read only') => 1}, {}, {:id => "#{group.id}-can-edit", :class => "toggle-existing-user-access has-tooltip", 'data-toggle' => "tooltip", 'title' => _('Editors can contribute to plans. Co-owners have additional rights to edit plan details and control access.') } %>
+										<%= f.select :access_level, {_('Co-owner') => 3, _('Edit') => 2,  _('Read only') => 1}, {}, {:id => "#{role.id}-can-edit", :class => "toggle-existing-user-access has-tooltip", 'data-toggle' => "tooltip", 'title' => _('Editors can contribute to plans. Co-owners have additional rights to edit plan details and control access.') } %>
 									<% end %>
 								<% end %>
 							</td>
 							<td class="dmp_td_border">
                 <% unless role.creator? || role.user == current_user then %>
-									<%= link_to _('Remove user access'), group, method: :delete, data: { confirm: _('Are you sure?') }, :class => "a-orange" %>
+									<%= link_to _('Remove user access'), role, method: :delete, data: { confirm: _('Are you sure?') }, :class => "a-orange" %>
 								<% end %>
 							</td>
 						</tr>
@@ -59,7 +59,7 @@
 				<%= f.inputs do %>
 					<%= f.input :plan_id, :as => :hidden %>
           <%= f.semantic_fields_for :user do |user| %>
-            <%= user.email_field :email, :for => :user, :name => "User", :label => false,  placeholder: _('Email') %> 
+            <%= user.email_field :email, :for => :user, :name => "user", :label => false,  placeholder: _('Email') %> 
           <% end %>
 					<p><%= _('Permissions')%>:</p>
 					<%= f.select :access_level, [[_('Co-owner'), 3], [ _('Edit') , 2], [ _('Read only'), 1]], {}, {:class => 'has-tooltip', 'data-toggle' => "tooltip", 'title' => _('Editors can contribute to plans. Co-owners have additional rights to edit plan details and control access.') } %>