Index: trunk/grails-app/controllers/PersonController.groovy
===================================================================
--- trunk/grails-app/controllers/PersonController.groovy	(revision 294)
+++ trunk/grails-app/controllers/PersonController.groovy	(revision 295)
@@ -42,12 +42,6 @@
             return
         }
-        List roleNames = []
-        for (role in person.authorities) {
-            roleNames << role.authority
-        }
-        roleNames.sort { n1, n2 ->
-            n1 <=> n2
-        }
-        [person: person, roleNames: roleNames]
+        def authorityList = person.authorities.sort { p1, p2 -> p1.id <=> p2.id }
+        [person: person, authorityList: authorityList]
     }
 
@@ -138,5 +132,5 @@
 
             if (!person.hasErrors() && person.save(flush: true)) {
-                addRemoveRoles(person)
+                addRemoveAuthorities(person)
                 flash.message = "Person '$params.id - $params.loginName' updated."
                 redirect action: show, id: person.id
@@ -165,5 +159,5 @@
             person.setPersonGroupsFromCheckBoxList(params.personGroups)
             if (person.save(flush: true)) {
-                addRemoveRoles(person)
+                addRemoveAuthorities(person)
                 redirect action: show, id: person.id
             }
@@ -175,10 +169,26 @@
     }
 
-    private void addRemoveRoles(person) {
+    /**
+    * Add or remove authorities from person as indicated in params.
+    */
+    private void addRemoveAuthorities(person) {
+        def authMap = [:]
+
+        // Build authMap from params.
         for (key in params.keySet()) {
-            if(key.startsWith("ROLE"))
-                Authority.findByAuthority(key).addToPersons(person)
-            else if(key.startsWith("_ROLE"))
-                Authority.findByAuthority(key.substring(1)).removeFromPersons(person)
+            if(key.startsWith("ROLE")) {
+                authMap.(key.toString()) = "add"
+            }
+            else if(key.startsWith("_ROLE")) {
+                if( !authMap.(key.substring(1)) ) authMap.(key.substring(1)) = "remove"
+            }
+        }
+
+        // Add or remove authorities.
+        for(a in authMap) {
+            if(a.value == "add")
+                Authority.findByAuthority(a.key.toString()).addToPersons(person)
+            else
+                Authority.findByAuthority(a.key.toString()).removeFromPersons(person)
         }
     }
@@ -187,7 +197,4 @@
 
         List roles = getLimitedAuthorityList()
-        roles.sort { r1, r2 ->
-            r1.authority <=> r2.authority
-        }
         Set userRoleNames = []
         for (role in person.authorities) {
@@ -205,12 +212,12 @@
     * Get the full authorityList if current user is an App Admin else leave that authority off the list.
     */
-    def getLimitedAuthorityList = {
+    private List getLimitedAuthorityList() {
         def authorityList = []
         if(authenticateService.ifAnyGranted('ROLE_AppAdmin'))
-            authorityList = Authority.list().sort { p1, p2 -> p1.authority.compareToIgnoreCase(p2.authority) }
+            authorityList = Authority.list().sort { p1, p2 -> p1.id <=> p2.id }
         else
-            authorityList = Authority.withCriteria { gt("id", 1L) }.sort { p1, p2 -> p1.authority.compareToIgnoreCase(p2.authority) }
+            authorityList = Authority.withCriteria { gt("id", 1L) }.sort { p1, p2 -> p1.id <=> p2.id }
 
         return authorityList
     }
-}
+} // end class