Should prevent to set note permission by anonymous user

Currently anonymous user can do something in note permission setting page.

e.g. the anonymous user can type "admin" / "user1" to the permission setting fields since we don't check the user's principal for this.

It doesn't make sense actually. At least we should disallow the non-authenticated users by deactivating those permission related features i think.