--- view_own.module.b4mypatch	2011-05-23 13:01:37.000000000 -0700
+++ view_own.module	2011-05-23 13:01:18.000000000 -0700
@@ -103,6 +103,8 @@ function view_own_node_access_records($n
         'grant_delete' => $delete_perm,
         'priority' => 0,
       );
+    }
+  }
       // -- access via selected field reference
 	    if (module_exists('content')) {
 	      $fields = content_fields();
@@ -113,6 +115,11 @@ function view_own_node_access_records($n
 		        $edit_via_ref_content = "edit $node->type content via $field_name";
 		        $delete_via_ref_content = "delete $node->type content via $field_name";
 
+		        $roles_view = array_keys(user_roles(FALSE, $view_via_ref_content));
+		        $roles_edit = array_keys(user_roles(FALSE, $edit_via_ref_content));
+		        $roles_delete = array_keys(user_roles(FALSE, $delete_via_ref_content));
+
+/*
 		        if ($field['module'] == 'nodereference') {
 		            $nid = $node->{$field_name}[0]['nid'];
 		            $uid = $node->uid;
@@ -132,29 +139,35 @@ function view_own_node_access_records($n
 			            'priority' => 0,
 		            );
 		        }
+*/
 		        if ($field['module'] == 'userreference') {
-		            $uid = $node->{$field_name}[0]['uid'];
-		            $type = $field['type_name'];
-		            $permission = $edit_via_ref_content;
-		            $edit_perm = in_array($permission, $default_permissions[$rid])  ? 1 : 0;
-		            $permission = $delete_via_ref_content;
-		            $delete_perm = in_array($permission, $default_permissions[$rid])  ? 1 : 0;
-		            $view_any_content = $view_via_ref_content;
-		            $view_perm = (($edit_perm || $delete_perm) ? 1 : in_array($view_any_content, $default_permissions[$rid]));
-		            $grants[] = array(
+		            if($uid = $node->{$field_name}[0]['uid']) {
+		              if($user_referenced = user_load($uid)) {
+		                if($user_referenced->roles) {
+		                  $rids_referenced_user = array_keys($user_referenced->roles);
+		                  $type = $field['type_name'];
+		                  $edit_intersect = array_intersect($rids_referenced_user, $roles_edit);
+		                  $edit_perm = (empty($edit_intersect) ? 0 : 1);
+		                  $delete_intersect = array_intersect($rids_referenced_user, $roles_delete);
+		                  $delete_perm = (empty($delete_intersect) ? 0 : 1);
+		                  $view_intersect = array_intersect($rids_referenced_user, $roles_view);
+		                  $view_perm = (empty($view_intersect) ? 0 : 1);
+		                  $view_perm = (($edit_perm || $delete_perm || $view_perm) ? 1 : 0);
+		                  $grants[] = array(
 			            'realm' => 'view_own_owner',
 			            'gid' => $uid,
 			            'grant_view' => $view_perm,
 			            'grant_update' => $edit_perm,
 			            'grant_delete' => $delete_perm,
 			            'priority' => 0,
-		            );
+		                  );
+		                }
+		              }
+		            }
 		        }
 	        }
 	      }
 	    }
-    }
-  }
   // only 1 entry per gid per realm makes sense.
   // so, we combine this big grants array to grants with maximum rights
   $combined_grants = array();