diff --git a/controller/Files.py b/controller/Files.py
index 9a0fb2a..1a0c8d4 100644
--- a/controller/Files.py
+++ b/controller/Files.py
@@ -18,6 +18,7 @@ from Users import grab_user_id, Access_error
 from Expire import strongly_expire
 from model.File import File
 from model.User import User
+from model.Notebook import Notebook
 from model.Download_access import Download_access
 from view.Upload_page import Upload_page
 from view.Blank_page import Blank_page
@@ -531,7 +532,9 @@ class Files( object ):
     @return: rendered HTML page
     @raise Access_error: the current user doesn't have access to the given notebook
     """
-    if not self.__users.load_notebook( user_id, notebook_id, read_write = True, note_id = note_id ):
+    notebook = self.__users.load_notebook( user_id, notebook_id, read_write = True, note_id = note_id )
+
+    if not notebook or notebook.read_write == Notebook.READ_WRITE_FOR_OWN_NOTES:
       raise Access_error()
 
     file_id = self.__database.next_id( File )
@@ -565,7 +568,9 @@ class Files( object ):
     @return: rendered HTML page
     @raise Access_error: the current user doesn't have access to the given notebook
     """
-    if not self.__users.load_notebook( user_id, notebook_id, read_write = True ):
+    notebook = self.__users.load_notebook( user_id, notebook_id, read_write = True )
+
+    if not notebook or notebook.read_write == Notebook.READ_WRITE_FOR_OWN_NOTES:
       raise Access_error()
 
     file_id = self.__database.next_id( File )
@@ -622,7 +627,9 @@ class Files( object ):
       current_uploads_lock.release()
 
     user = self.__database.load( User, user_id )
-    if not user or not self.__users.load_notebook( user_id, notebook_id, read_write = True ):
+    notebook = self.__users.load_notebook( user_id, notebook_id, read_write = True )
+
+    if not user or not notebook or notebook.read_write == Notebook.READ_WRITE_FOR_OWN_NOTES:
       uploaded_file.delete()
       return dict( script = general_error_script % u"Sorry, you don't have access to do that. Please make sure you're logged in as the correct user." )
 
@@ -738,8 +745,11 @@ class Files( object ):
     @raise Access_error: the current user doesn't have access to the notebook that the file is in
     """
     db_file = self.__database.load( File, file_id )
+    if db_file is None:
+      raise Access_error()
 
-    if not db_file or not self.__users.load_notebook( user_id, db_file.notebook_id ):
+    db_notebook = self.__users.load_notebook( user_id, db_file.notebook_id )
+    if db_notebook is None or db_notebook.read_write == Notebook.READ_WRITE_FOR_OWN_NOTES:
       raise Access_error()
 
     user = self.__database.load( User, user_id )
@@ -777,8 +787,11 @@ class Files( object ):
     @raise Access_error: the current user doesn't have access to the notebook that the file is in
     """
     db_file = self.__database.load( File, file_id )
+    if db_file is None:
+      raise Access_error()
 
-    if not db_file or not self.__users.load_notebook( user_id, db_file.notebook_id, read_write = True ):
+    db_notebook = self.__users.load_notebook( user_id, db_file.notebook_id, read_write = True )
+    if db_notebook is None or db_notebook.read_write == Notebook.READ_WRITE_FOR_OWN_NOTES:
       raise Access_error()
 
     self.__database.execute( db_file.sql_delete(), commit = False )
@@ -816,8 +829,11 @@ class Files( object ):
     @raise Access_error: the current user doesn't have access to the notebook that the file is in
     """
     db_file = self.__database.load( File, file_id )
+    if db_file is None:
+      raise Access_error()
 
-    if not db_file or not self.__users.load_notebook( user_id, db_file.notebook_id, read_write = True ):
+    db_notebook = self.__users.load_notebook( user_id, db_file.notebook_id, read_write = True )
+    if db_notebook is None or db_notebook.read_write == Notebook.READ_WRITE_FOR_OWN_NOTES:
       raise Access_error()
 
     db_file.filename = filename
@@ -918,8 +934,11 @@ class Files( object ):
     MAX_ROW_ELEMENT_COUNT = 20
 
     db_file = self.__database.load( File, file_id )
+    if db_file is None:
+      raise Access_error()
 
-    if not db_file or not self.__users.load_notebook( user_id, db_file.notebook_id ):
+    db_notebook = self.__users.load_notebook( user_id, db_file.notebook_id )
+    if db_notebook is None or db_notebook.read_write == Notebook.READ_WRITE_FOR_OWN_NOTES:
       raise Access_error()
 
     parser = self.parse_csv( file_id )
diff --git a/controller/Notebooks.py b/controller/Notebooks.py
index 4ab407f..efd1460 100644
--- a/controller/Notebooks.py
+++ b/controller/Notebooks.py
@@ -781,7 +781,7 @@ class Notebooks( object ):
       new_revision = new_revision,
       previous_revision = previous_revision,
       storage_bytes = user and user.storage_bytes or 0,
-      rank = float( note.rank ),
+      rank = note.rank and float( note.rank ) or None,
     )
 
   @expose( view = Json )
@@ -1350,7 +1350,8 @@ class Notebooks( object ):
     # special case to allow the creator of a READ_WRITE_FOR_OWN_NOTES notebook to rename it
     if notebook is None:
       notebook = self.__users.load_notebook( user_id, notebook_id, read_write = True )
-      if not ( notebook.read_write == Notebook.READ_WRITE_FOR_OWN_NOTES and notebook.user_id == user_id ):
+      if not notebook or not ( notebook.read_write == Notebook.READ_WRITE_FOR_OWN_NOTES and
+                              notebook.user_id == user_id ):
         raise Access_error()
 
     user = self.__database.load( User, user_id )
@@ -1812,7 +1813,11 @@ class Notebooks( object ):
       raise Access_error()
 
     db_file = self.__database.load( File, file_id )
-    if db_file is None or not self.__users.load_notebook( user_id, db_file.notebook_id ):
+    if db_file is None:
+      raise Access_error()
+
+    db_notebook = self.__users.load_notebook( user_id, db_file.notebook_id )
+    if db_notebook is None or db_notebook.read_write == Notebook.READ_WRITE_FOR_OWN_NOTES:
       raise Access_error()
 
     # if the file has a "note_id" header column, record its index
diff --git a/controller/test/Test_notebooks.py b/controller/test/Test_notebooks.py
index bb5161f..ec75444 100644
--- a/controller/test/Test_notebooks.py
+++ b/controller/test/Test_notebooks.py
@@ -1912,7 +1912,7 @@ class Test_notebooks( Test_controller ):
 
     # save over an existing note supplying new (too long) contents and a new title
     previous_revision = self.note.revision
-    new_note_contents = u"<h3>new title</h3>new blah" * 1923
+    new_note_contents = u"<h3>new title</h3>new blah" * 1924
     result = self.http_post( "/notebooks/save_note/", dict(
       notebook_id = self.notebook.object_id,
       note_id = self.note.object_id,
@@ -5385,7 +5385,7 @@ class Test_notebooks( Test_controller ):
     csv_data = '"label 1","label 2","label 3"\n5,"blah and stuff","3.<b>3 &nbsp;</b>"\n"8","whee","hmm\n<a href=""http://luminotes.com/"">foo</a>"\n3,4,5'
     expected_notes = [
       ( "blah and stuff", "3.<b>3 &nbsp;</b>" ), # ( title, contents )
-      ( "whee", 'hmm\n<a href="http://luminotes.com/" target="_new">foo</a>' ),
+      ( "whee", 'hmm\n<a href="http://luminotes.com/" target="_new" rel="nofollow">foo</a>' ),
       ( "4", "5" ),
     ]
 
@@ -5417,7 +5417,7 @@ class Test_notebooks( Test_controller ):
     csv_data = '"label 1","label 2","label 3"\n5,"blah and stuff","3.<b>3 &nbsp;</b>"\n"8","whee","hmm\n<a href=""http://luminotes.com/"" target=""something"">foo</a>"\n3,4,5'
     expected_notes = [
       ( "blah and stuff", "3.<b>3 &nbsp;</b>" ), # ( title, contents )
-      ( "whee", 'hmm\n<a href="http://luminotes.com/" target="something">foo</a>' ),
+      ( "whee", 'hmm\n<a href="http://luminotes.com/" target="something" rel="nofollow">foo</a>' ),
       ( "4", "5" ),
     ]