(CCing to the mailing list)
It's really very simple, there's an `accepted_roles` method that you can call on an object which will return all the `Role`s for a given object. The returned collection will contain the `collaborator` role, the `viewer` role, etc. PLUS you can call `users` on each of those role objects to get the collection of users for each role.
So, to get the above output in your view, you could basically iterate like this (using haml):
- @document.accepted_roles.each do |role|
%h2= role.name.titelize
%ul
- role.users.each do |user|
Hope that helps.
Re your other question about limiting someone to just a single role, it has never come up because acl9 just combines the permissions of both in a sensible way, and the access_control block tends to make sense even when one of the roles is a deny role.
Re contributing, I've made the CONTRIBUTING doc, and laid things out as well as possible with issues for all the things that I know need doing, and I promise to review any Pull Request you might submit.