Three fixes to collection adding view, one of them a serious security bug

Three fixes to collection adding view, one of them a serious security bug

 - Don't let people who aren't the authors of a collection from adding
   things to it (handled by forcing the user check in the query)
 - request url in case invalid collection selected fixed
 - collection_item.author doesn't yet exist; removing the selection
   (we might want multiple people to be able to edit a collection in
   the future but that future does not yet exist; as Elrond said,
   remove this "false hope")

Thanks to Elrond to pointing out these issues.

And thanks to David Kindler for sponsoring this commit!