diff --git a/product/CMFCategory/CategoryTool.py b/product/CMFCategory/CategoryTool.py
index 2ce63b43a651028511f7cb2dc1b4c2f032c6bf35..ec1799bf5529f757cbbd276566f161ee00144e8e 100644
--- a/product/CMFCategory/CategoryTool.py
+++ b/product/CMFCategory/CategoryTool.py
@@ -714,7 +714,7 @@ class CategoryTool( UniqueObject, Folder, Base ):
     security.declareProtected( Permissions.AccessContentsInformation,
                                                         'getSingleCategoryMembershipList' )
     def getSingleCategoryMembershipList(self, context, base_category, base=0,
-                                          spec=(), filter=None, **kw):
+                                          spec=(), filter=None, checked_permission=None, **kw):
       """
         Returns the local membership of the context for a single base category
         represented as a list of relative URLs
@@ -733,15 +733,28 @@ class CategoryTool( UniqueObject, Folder, Base ):
       portal_type = kw.get('portal_type', ())
       if spec is (): spec = portal_type
 
+      # Build the ckecked_permission filter
+      if checked_permission is None:
+        permissionFilter = lambda x: x
+      else:
+        def permissionFilter(category_list):
+          filtered_category_list = []
+          checkPermission = self.portal_membership.checkPermission
+          for category in category_list:
+            object = self.unrestrictedTraverse(category)
+            if object is not None and checkPermission(checked_permission, object):
+              filtered_category_list.append(category)
+          return filtered_category_list
+
       # We must treat parent in a different way
       #LOG('getSingleCategoryMembershipList', 0, 'base_category = %s, spec = %s, base = %s, context = %s, context.aq_inner.aq_parent = %s' % (repr(base_category), repr(spec), repr(base), repr(context), repr(context.aq_inner.aq_parent)))
       if base_category == 'parent':
         parent = context.aq_inner.aq_parent # aq_inner is required to make sure we use containment
         if parent.portal_type in spec:
           if base:
-            return ['parent/' + parent.getRelativeUrl()]
+            return permissionFilter(['parent/' + parent.getRelativeUrl()])
           else:
-            return [parent.getRelativeUrl()]
+            return permissionFilter([parent.getRelativeUrl()])
         #LOG('getSingleCategoryMembershipList', 0, 'not in spec: parent.portal_type = %s, spec = %s' % (repr(parent.portal_type), repr(spec)))
         return []
 
@@ -777,7 +790,7 @@ class CategoryTool( UniqueObject, Folder, Base ):
                     append(category_url)
                   else:
                     append(category_url[len(my_base_category)+1:])
-      return result
+      return permissionFilter(result)
 
     security.declareProtected( Permissions.AccessContentsInformation,
                                       'getSingleCategoryAcquiredMembershipList' )
@@ -820,6 +833,9 @@ class CategoryTool( UniqueObject, Folder, Base ):
         base          --    if set to 1, returns relative URLs to portal_categories
                             if set to 0, returns relative URLs to the base category
 
+        checked_permission        --    a string which defined the permission 
+                                        to filter the object on
+
         acquired_object_dict      --    this is the list of object used by acquisition, so
                                         we can check if we already have used this object
 
diff --git a/product/ERP5Type/Accessor/AcquiredProperty.py b/product/ERP5Type/Accessor/AcquiredProperty.py
index 826a79dcdeb1f92bdce7cf575cadf77b6e3b3973..6171ee5769790f72335cee154f91bc566c941db6 100644
--- a/product/ERP5Type/Accessor/AcquiredProperty.py
+++ b/product/ERP5Type/Accessor/AcquiredProperty.py
@@ -94,6 +94,7 @@ class Getter(Method):
             alt_accessor_id=self._alt_accessor_id,
             is_list_type=self._is_list_type,
             is_tales_type=self._is_tales_type,
+            checked_permission=kw.get('checked_permission', None)
             )
       if value is not None:
         return value.getProperty(self._acquired_property, default, **kw)
diff --git a/product/ERP5Type/Accessor/Category.py b/product/ERP5Type/Accessor/Category.py
index a5e06bb9e054f016d7a4d088db45a51007be185e..bb1025b202b7f10a096393ae6536972b3371a89a 100644
--- a/product/ERP5Type/Accessor/Category.py
+++ b/product/ERP5Type/Accessor/Category.py
@@ -57,7 +57,8 @@ class ListSetter(Method):
                                       filter=kw.get('filter', None),
                                       portal_type=kw.get('portal_type',()),
                                       base=kw.get('base', 0),
-                                      keep_default=0)
+                                      keep_default=0,
+                                      checked_permission=kw.get('checked_permission', None))
       if self._reindex:
         warnings.warn("The reindexing accessors are deprecated.\n"
                       "Please use Alias.Reindex instead.",
@@ -90,7 +91,8 @@ class DefaultSetter(Method):
                                                  spec=kw.get('spec',()),
                                                  filter=kw.get('filter', None),
                                                  portal_type=kw.get('portal_type',()),
-                                                 base=kw.get('base', 0))
+                                                 base=kw.get('base', 0),
+                                                 checked_permission=kw.get('checked_permission', None))
       if self._reindex:
         warnings.warn("The reindexing accessors are deprecated.\n"
                       "Please use Alias.Reindex instead.",
@@ -133,7 +135,8 @@ class SetSetter(Method):
                                       filter=kw.get('filter', None),
                                       portal_type=kw.get('portal_type',()),
                                       base=kw.get('base', 0),
-                                      keep_default=1)
+                                      keep_default=1,
+                                      checked_permission=kw.get('checked_permission', None))
       if self._reindex:
         warnings.warn("The reindexing accessors are deprecated.\n"
                       "Please use Alias.Reindex instead.",
@@ -168,7 +171,8 @@ class DefaultGetter(Method):
                                                       spec=kw.get('spec',()),
                                                       filter=kw.get('filter', None),
                                                       portal_type=kw.get('portal_type',()),
-                                                      base=kw.get('base',0), default=default)
+                                                      base=kw.get('base',0), default=default,
+                                                      checked_permission=kw.get('checked_permission', None))
     psyco.bind(__call__)
 
 class ListGetter(Method):
diff --git a/product/ERP5Type/Accessor/Value.py b/product/ERP5Type/Accessor/Value.py
index ce46ff272e2485e7438b7592416c28f4882e0bc2..a49abdad56ffc3029f1037722f6c58ba0c234ee5 100644
--- a/product/ERP5Type/Accessor/Value.py
+++ b/product/ERP5Type/Accessor/Value.py
@@ -51,10 +51,11 @@ class SetSetter(Method):
       if self._warning:
         LOG("ERP5Type Deprecated Getter Id:",0, self._id)
       instance._setValue(self._key, args[0],
-                                                 spec=kw.get('spec',()),
-                                                 filter=kw.get('filter', None),
-                                                 portal_type=kw.get('portal_type',()),
-                                                 keep_default=1)
+                                                spec=kw.get('spec',()),
+                                                filter=kw.get('filter', None),
+                                                portal_type=kw.get('portal_type',()),
+                                                keep_default=1,
+                                                checked_permission=kw.get('checked_permission', None))
       if self._reindex:
         warnings.warn("The reindexing accessors are deprecated.\n"
                       "Please use Alias.Reindex instead.",
@@ -76,7 +77,8 @@ class ListSetter(SetSetter):
                                                  spec=kw.get('spec',()),
                                                  filter=kw.get('filter', None),
                                                  portal_type=kw.get('portal_type',()),
-                                                 keep_default=0)
+                                                 keep_default=0,
+                                                 checked_permission=kw.get('checked_permission', None))
       if self._reindex:
         warnings.warn("The reindexing accessors are deprecated.\n"
                       "Please use Alias.Reindex instead.",
@@ -99,7 +101,8 @@ class DefaultSetter(SetSetter):
       instance._setDefaultValue(self._key, args[0],
                                                  spec=kw.get('spec',()),
                                                  filter=kw.get('filter', None),
-                                                 portal_type=kw.get('portal_type',()))
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
       if self._reindex:
         warnings.warn("The reindexing accessors are deprecated.\n"
                       "Please use Alias.Reindex instead.",
@@ -256,7 +259,8 @@ class DefaultTranslatedTitleGetter(Method):
       o = instance._getDefaultAcquiredValue(self._key,
                                                  spec=kw.get('spec',()),
                                                  filter=kw.get('filter', None),
-                                                 portal_type=kw.get('portal_type',()))
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
       if o is None:
         return None
       return o.getTranslatedTitle()
@@ -285,7 +289,8 @@ class TranslatedTitleListGetter(Method):
       return [x.getTranslatedTitle() for x in instance._getAcquiredValueList(self._key,
                                                     spec=kw.get('spec',()),
                                                     filter=kw.get('filter', None),
-                                                    portal_type=kw.get('portal_type',()))
+                                                    portal_type=kw.get('portal_type',()),
+                                                    checked_permission=kw.get('checked_permission', None))
                                                   ]
 
     psyco.bind(__call__)
@@ -323,7 +328,8 @@ class DefaultReferenceGetter(Method):
       o = instance._getDefaultAcquiredValue(self._key,
                                                  spec=kw.get('spec',()),
                                                  filter=kw.get('filter', None),
-                                                 portal_type=kw.get('portal_type',()))
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
       if o is None:
         return None
       return o.getReference()
@@ -352,7 +358,8 @@ class ReferenceListGetter(Method):
       return [x.getReference() for x in instance._getAcquiredValueList(self._key,
                                                     spec=kw.get('spec',()),
                                                     filter=kw.get('filter', None),
-                                                    portal_type=kw.get('portal_type',()))
+                                                    portal_type=kw.get('portal_type',()),
+                                                    checked_permission=kw.get('checked_permission', None))
                                                   ]
 
     psyco.bind(__call__)
@@ -390,7 +397,8 @@ class DefaultUidGetter(Method):
       value = instance._getDefaultAcquiredValue(self._key,
                                                  spec=kw.get('spec',()),
                                                  filter=kw.get('filter', None),
-                                                 portal_type=kw.get('portal_type',()))
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
       if value is not None:
         return value.getUid()
       else:
@@ -422,7 +430,8 @@ class UidListGetter(Method):
       return [x.getUid() for x in instance._getAcquiredValueList(self._key,
                                                     spec=kw.get('spec',()),
                                                     filter=kw.get('filter', None),
-                                                    portal_type=kw.get('portal_type',()))
+                                                    portal_type=kw.get('portal_type',()),
+                                                    checked_permission=kw.get('checked_permission', None))
                                                   ]
 
     psyco.bind(__call__)
@@ -460,7 +469,8 @@ class UidSetSetter(Method):
                                                  spec=kw.get('spec',()),
                                                  filter=kw.get('filter', None),
                                                  portal_type=kw.get('portal_type',()),
-                                                 keep_default=1)
+                                                 keep_default=1,
+                                                 checked_permission=kw.get('checked_permission', None))
       if self._reindex:
         warnings.warn("The reindexing accessors are deprecated.\n"
                       "Please use Alias.Reindex instead.",
@@ -480,7 +490,8 @@ class UidListSetter(UidSetSetter):
                                                  spec=kw.get('spec',()),
                                                  filter=kw.get('filter', None),
                                                  portal_type=kw.get('portal_type',()),
-                                                 keep_default=0)
+                                                 keep_default=0,
+                                                 checked_permission=kw.get('checked_permission', None))
       if self._reindex:
         warnings.warn("The reindexing accessors are deprecated.\n"
                       "Please use Alias.Reindex instead.",
@@ -501,7 +512,8 @@ class UidDefaultSetter(UidSetSetter):
       instance._setDefaultValueUid(self._key, args[0],
                                                  spec=kw.get('spec',()),
                                                  filter=kw.get('filter', None),
-                                                 portal_type=kw.get('portal_type',()))
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
       if self._reindex:
         warnings.warn("The reindexing accessors are deprecated.\n"
                       "Please use Alias.Reindex instead.",
@@ -527,7 +539,10 @@ class DefaultIdGetter(Method):
       self._key = key
 
     def __call__(self, instance, *args, **kw):
-      value = instance._getDefaultAcquiredValue(self._key, spec=kw.get('spec',()))
+      value = instance._getDefaultAcquiredValue(self._key, spec=kw.get('spec',()),
+                                                 filter=kw.get('filter', None),
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
       if value is not None:
         return value.getId()
       else:
@@ -556,7 +571,10 @@ class DefaultTitleOrIdGetter(Method):
       self._key = key
 
     def __call__(self, instance, *args, **kw):
-      value = instance._getDefaultAcquiredValue(self._key, spec=kw.get('spec',()))
+      value = instance._getDefaultAcquiredValue(self._key, spec=kw.get('spec',()),
+                                                 filter=kw.get('filter', None),
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
       if value is not None:
         return value.getTitleOrId()
       else:
@@ -585,7 +603,10 @@ class DefaultLogicalPathGetter(Method):
       self._key = key
 
     def __call__(self, instance, *args, **kw):
-      value = instance._getDefaultAcquiredValue(self._key, spec=kw.get('spec',()))
+      value = instance._getDefaultAcquiredValue(self._key, spec=kw.get('spec',()),
+                                                 filter=kw.get('filter', None),
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
       if value is not None:
         return value.getLogicalPath()
       else:
@@ -617,7 +638,8 @@ class IdListGetter(Method):
       return [x.getId() for x in instance._getAcquiredValueList(self._key,
                                                  spec=kw.get('spec',()),
                                                  filter=kw.get('filter', None),
-                                                 portal_type=kw.get('portal_type',()))
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
                                                   ]
 
     psyco.bind(__call__)
@@ -655,7 +677,8 @@ class LogicalPathListGetter(Method):
       return [x.getLogicalPath() for x in instance._getAcquiredValueList(self._key,
                                                  spec=kw.get('spec',()),
                                                  filter=kw.get('filter', None),
-                                                 portal_type=kw.get('portal_type',()))
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
                                                   ]
 
 class LogicalPathSetGetter(LogicalPathListGetter):
@@ -691,7 +714,8 @@ class DefaultPropertyGetter(Method):
       value = instance._getDefaultAcquiredValue(self._key,
                                                  spec=kw.get('spec',()),
                                                  filter=kw.get('filter', None),
-                                                 portal_type=kw.get('portal_type',()))
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
       if value is not None:
         return value.getProperty(key)
       else:
@@ -723,7 +747,8 @@ class PropertyListGetter(Method):
       return [x.getProperty(key) for x in instance._getAcquiredValueList(self._key,
                                                  spec=kw.get('spec',()),
                                                  filter=kw.get('filter', None),
-                                                 portal_type=kw.get('portal_type',()))
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
                                                   ]
 
     psyco.bind(__call__)
@@ -737,4 +762,3 @@ class PropertySetGetter(PropertyListGetter):
            self, instance, *args, **kw)
       result_set = dict([(x, 0) for x in result_list]).keys()
       return result_set
-
diff --git a/product/ERP5Type/Base.py b/product/ERP5Type/Base.py
index b177077ee614d0782ecc52f0ad1012c06c4be984..7fcbe8fe7d067001e446c1872ce94fae4c01bdca 100644
--- a/product/ERP5Type/Base.py
+++ b/product/ERP5Type/Base.py
@@ -902,7 +902,7 @@ class Base( CopyContainer,
   def _getDefaultAcquiredProperty(self, key, default_value, null_value,
         base_category=None, portal_type=None, copy_value=0, mask_value=0, sync_value=0,
         accessor_id=None, depends=None, storage_id=None, alt_accessor_id=None,
-        is_list_type=0, is_tales_type=0):
+        is_list_type=0, is_tales_type=0, checked_permission=None):
     """
       This method implements programmable acquisition of values in ERP5.
 
@@ -961,7 +961,8 @@ class Base( CopyContainer,
       portal_type = tuple(portal_type)
     acquisition_key = ('_getDefaultAcquiredProperty', self.getPath(), key, base_category,
                        portal_type, copy_value, mask_value, sync_value,
-                       accessor_id, depends, storage_id, alt_accessor_id, is_list_type, is_tales_type)
+                       accessor_id, depends, storage_id, alt_accessor_id, is_list_type, is_tales_type,
+                       checked_permission)
     if acquisition_key in tv:
       return null_value
 
@@ -992,7 +993,8 @@ class Base( CopyContainer,
       #LOG("Get Acquired Property portal_type",0,str(portal_type))
       #LOG("Get Acquired Property base_category",0,str(base_category))
       #super_list = self._getValueList(base_category, portal_type=portal_type) # We only do a single jump
-      super_list = self._getAcquiredValueList(base_category, portal_type=portal_type) # Full acquisition
+      super_list = self._getAcquiredValueList(base_category, portal_type=portal_type,
+                                              checked_permission=checked_permission) # Full acquisition
       super_list = filter(lambda o: o.getPhysicalPath() != self.getPhysicalPath(), super_list) # Make sure we do not create stupid loop here
       #LOG("Get Acquired Property super_list",0,str(super_list))
       #LOG("Get Acquired Property accessor_id",0,str(accessor_id))
@@ -1064,7 +1066,7 @@ class Base( CopyContainer,
   def _getAcquiredPropertyList(self, key, default_value, null_value,
      base_category, portal_type=None, copy_value=0, mask_value=0, sync_value=0, append_value=0,
      accessor_id=None, depends=None, storage_id=None, alt_accessor_id=None,
-     is_list_type=0, is_tales_type=0):
+     is_list_type=0, is_tales_type=0, checked_permission=None):
     """
       Default accessor. Implements the default
       attribute accessor.
@@ -1080,7 +1082,8 @@ class Base( CopyContainer,
       portal_type = tuple(portal_type)
     acquisition_key = ('_getAcquiredPropertyList', self.getPath(), key, base_category,
                        portal_type, copy_value, mask_value, sync_value,
-                       accessor_id, depends, storage_id, alt_accessor_id, is_list_type, is_tales_type)
+                       accessor_id, depends, storage_id, alt_accessor_id, is_list_type, is_tales_type,
+                       checked_permission)
     if acquisition_key in tv:
       return null_value
 
@@ -1096,7 +1099,8 @@ class Base( CopyContainer,
           return expression(econtext)
         else:
           return value
-      super_list = self._getAcquiredValueList(base_category, portal_type=portal_type) # Full acquisition
+      super_list = self._getAcquiredValueList(base_category, portal_type=portal_type,
+                                              checked_permission=checked_permission) # Full acquisition
       super_list = filter(lambda o: o.getPhysicalPath() != self.getPhysicalPath(), super_list) # Make sure we do not create stupid loop here
       if len(super_list) > 0:
         value = []
@@ -1720,7 +1724,8 @@ class Base( CopyContainer,
   # Private accessors for the implementation of relations based on
   # categories
   security.declareProtected( Permissions.ModifyPortalContent, '_setValue' )
-  def _setValue(self, id, target, spec=(), filter=None, portal_type=(), keep_default=1):
+  def _setValue(self, id, target, spec=(), filter=None, portal_type=(), keep_default=1,
+                                  checked_permission=None):
     start_string = "%s/" % id
     start_string_len = len(start_string)
     if target is None :
@@ -1746,21 +1751,23 @@ class Base( CopyContainer,
       path = target.getRelativeUrl()
       if path.startswith(start_string): path = path[start_string_len:] # Prevent duplicating base category
     self._setCategoryMembership(id, path, spec=spec, filter=filter, portal_type=portal_type,
-                                base=0, keep_default=keep_default)
+                                base=0, keep_default=keep_default,
+                                checked_permission=checked_permission)
 
   security.declareProtected( Permissions.ModifyPortalContent, '_setValueList' )
   _setValueList = _setValue
 
   security.declareProtected( Permissions.ModifyPortalContent, 'setValue' )
-  def setValue(self, id, target, spec=(), filter=None, portal_type=(), keep_default=1):
-    self._setValue(id, target, spec=spec, filter=filter, portal_type=portal_type, keep_default=keep_default)
+  def setValue(self, id, target, spec=(), filter=None, portal_type=(), keep_default=1, checked_permission=None):
+    self._setValue(id, target, spec=spec, filter=filter, portal_type=portal_type, keep_default=keep_default,
+                       checked_permission=checked_permission)
     self.reindexObject()
 
   security.declareProtected( Permissions.ModifyPortalContent, 'setValueList' )
   setValueList = setValue
 
   security.declareProtected( Permissions.ModifyPortalContent, '_setDefaultValue' )
-  def _setDefaultValue(self, id, target, spec=(), filter=None, portal_type=()):
+  def _setDefaultValue(self, id, target, spec=(), filter=None, portal_type=(), checked_permission=None):
     start_string = "%s/" % id
     start_string_len = len(start_string)
     if target is None :
@@ -1775,18 +1782,21 @@ class Base( CopyContainer,
       path = target.getRelativeUrl()
       if path.startswith(start_string): path = path[start_string_len:] # Prevent duplicating base category
     self._setDefaultCategoryMembership(id, path, spec=spec, filter=filter,
-                                       portal_type=portal_type, base=0)
+                                       portal_type=portal_type, base=0,
+                                       checked_permission=checked_permission)
 
   security.declareProtected(Permissions.ModifyPortalContent, 'setDefaultValue' )
   def setDefaultValue(self, id, target, spec=(), filter=None, portal_type=()):
-    self._setDefaultValue(id, target, spec=spec, filter=filter, portal_type=portal_type)
+    self._setDefaultValue(id, target, spec=spec, filter=filter, portal_type=portal_type,
+                              checked_permission=None)
     self.reindexObject()
 
   security.declareProtected(Permissions.AccessContentsInformation, 
                             '_getDefaultValue')
-  def _getDefaultValue(self, id, spec=(), filter=None, portal_type=()):
+  def _getDefaultValue(self, id, spec=(), filter=None, portal_type=(), checked_permission=None):
     path = self._getDefaultCategoryMembership(id, spec=spec, filter=filter,
-                                      portal_type=portal_type,base=1)
+                                      portal_type=portal_type,base=1,
+                                      checked_permission=checked_permission)
     if path is None:
       return None
     else:
@@ -1797,10 +1807,11 @@ class Base( CopyContainer,
 
   security.declareProtected(Permissions.AccessContentsInformation, 
                             '_getValueList')
-  def _getValueList(self, id, spec=(), filter=None, portal_type=()):
+  def _getValueList(self, id, spec=(), filter=None, portal_type=(), checked_permission=None):
     ref_list = []
     for path in self._getCategoryMembershipList(id, spec=spec, filter=filter,
-                                                  portal_type=portal_type, base=1):
+                                                  portal_type=portal_type, base=1,
+                                                  checked_permission=checked_permission):
       # LOG('_getValueList',0,str(path))
       try:
         value = self._getCategoryTool().resolveCategory(path)
@@ -1818,9 +1829,10 @@ class Base( CopyContainer,
   security.declareProtected(Permissions.AccessContentsInformation, 
                             '_getDefaultAcquiredValue')
   def _getDefaultAcquiredValue(self, id, spec=(), filter=None, portal_type=(),
-                               evaluate=1):
+                               evaluate=1, checked_permission=None):
     path = self._getDefaultAcquiredCategoryMembership(id, spec=spec, filter=filter,
-                                                  portal_type=portal_type, base=1)
+                                                  portal_type=portal_type, base=1, 
+                                                  checked_permission=checked_permission)
     # LOG("_getAcquiredDefaultValue",0,str(path))
     if path is None:
       return None
@@ -1924,9 +1936,10 @@ class Base( CopyContainer,
   getRelatedPropertyList = _getRelatedPropertyList
 
   security.declareProtected( Permissions.View, 'getValueUidList' )
-  def getValueUidList(self, id, spec=(), filter=None, portal_type=()):
+  def getValueUidList(self, id, spec=(), filter=None, portal_type=(), checked_permission=None):
     uid_list = []
-    for o in self._getValueList(id, spec=spec, filter=filter, portal_type=portal_type):
+    for o in self._getValueList(id, spec=spec, filter=filter, portal_type=portal_type,
+                                    checked_permission=checked_permission):
       uid_list.append(o.getUid())
     return uid_list
 
@@ -1934,7 +1947,8 @@ class Base( CopyContainer,
   getValueUids = getValueUidList # DEPRECATED
 
   security.declareProtected( Permissions.ModifyPortalContent, '_setValueUidList' )
-  def _setValueUidList(self, id, uids, spec=(), filter=None, portal_type=(), keep_default=1):
+  def _setValueUidList(self, id, uids, spec=(), filter=None, portal_type=(), keep_default=1,
+                                       checked_permission=None):
     # We must do an ordered list so we can not use the previous method
     # self._setValue(id, self.portal_catalog.getObjectList(uids), spec=spec)
     references = []
@@ -1942,67 +1956,80 @@ class Base( CopyContainer,
       uids = [uids]
     for uid in uids:
       references.append(self.portal_catalog.getObject(uid))
-    self._setValue(id, references, spec=spec, filter=filter, portal_type=portal_type, keep_default=keep_default)
+    self._setValue(id, references, spec=spec, filter=filter, portal_type=portal_type,
+                                   keep_default=keep_default, checked_permission=checked_permission)
 
   security.declareProtected( Permissions.ModifyPortalContent, '_setValueUidList' )
   _setValueUids = _setValueUidList # DEPRECATED
 
   security.declareProtected( Permissions.ModifyPortalContent, 'setValueUidList' )
-  def setValueUidList(self, id, uids, spec=(), filter=None, portal_type=(), keep_default=1):
-    self._setValueUids(id, uids, spec=spec, filter=filter, portal_type=portal_type, keep_default=keep_default)
+  def setValueUidList(self, id, uids, spec=(), filter=None, portal_type=(), keep_default=1, checked_permission=None):
+    self._setValueUids(id, uids, spec=spec, filter=filter, portal_type=portal_type, 
+                                 keep_default=keep_default, checked_permission=checked_permission)
     self.reindexObject()
 
   security.declareProtected( Permissions.ModifyPortalContent, 'setValueUidList' )
   setValueUids = setValueUidList # DEPRECATED
 
   security.declareProtected( Permissions.ModifyPortalContent, '_setDefaultValueUid' )
-  def _setDefaultValueUid(self, id, uid, spec=(), filter=None, portal_type=()):
+  def _setDefaultValueUid(self, id, uid, spec=(), filter=None, portal_type=(),
+                                         checked_permission=None):
     # We must do an ordered list so we can not use the previous method
     # self._setValue(id, self.portal_catalog.getObjectList(uids), spec=spec)
     references = self.portal_catalog.getObject(uid)
-    self._setDefaultValue(id, references, spec=spec, filter=filter, portal_type=portal_type)
+    self._setDefaultValue(id, references, spec=spec, filter=filter, portal_type=portal_type,
+                                          checked_permission=checked_permission)
 
   security.declareProtected( Permissions.ModifyPortalContent, 'setDefaultValueUid' )
-  def setDefaultValueUid(self, id, uid, spec=(), filter=None, portal_type=()):
-    self._setDefaultValueUid(id, uid, spec=spec, filter=filter, portal_type=portal_type)
+  def setDefaultValueUid(self, id, uid, spec=(), filter=None, portal_type=(), checked_permission=None):
+    self._setDefaultValueUid(id, uid, spec=spec, filter=filter, portal_type=portal_type,
+                                      checked_permission=checked_permission)
     self.reindexObject()
 
   # Private accessors for the implementation of categories
   security.declareProtected( Permissions.ModifyPortalContent, '_setCategoryMembership' )
   def _setCategoryMembership(self, category, node_list, spec=(),
-                                             filter=None, portal_type=(), base=0, keep_default=1):
+                                             filter=None, portal_type=(), base=0, keep_default=1,
+                                             checked_permission=None):
     self._getCategoryTool().setCategoryMembership(self, category, node_list,
-                       spec=spec, filter=filter, portal_type=portal_type, base=base, keep_default=keep_default)
+                       spec=spec, filter=filter, portal_type=portal_type, base=base, 
+                       keep_default=keep_default, checked_permission=checked_permission)
     #self.activate().edit() # Do nothing except call workflow method
     # XXX This is a problem - it is used to circumvent a lack of edit
 
   security.declareProtected( Permissions.ModifyPortalContent, 'setCategoryMembership' )
-  def setCategoryMembership(self, category, node_list, spec=(), portal_type=(), base=0, keep_default=1):
+  def setCategoryMembership(self, category, node_list, spec=(), portal_type=(), base=0, keep_default=1,
+                                                       checked_permission=None):
     self._setCategoryMembership(category,
-                      node_list, spec=spec, filter=filter, portal_type=portal_type, base=base, keep_default=keep_default)
+                      node_list, spec=spec, filter=filter, portal_type=portal_type, base=base, keep_default=keep_default, checked_permission=checked_permission)
     self.reindexObject()
 
   security.declareProtected( Permissions.ModifyPortalContent, '_setDefaultCategoryMembership' )
   def _setDefaultCategoryMembership(self, category, node_list,
-                                    spec=(), filter=None, portal_type=(), base=0):
+                                    spec=(), filter=None, portal_type=(), base=0,
+                                    checked_permission=None):
     self._getCategoryTool().setDefaultCategoryMembership(self, category,
-                     node_list, spec=spec, filter=filter, portal_type=portal_type, base=base)
+                     node_list, spec=spec, filter=filter, portal_type=portal_type, base=base,
+                                checked_permission=checked_permission)
 
   security.declareProtected( Permissions.ModifyPortalContent, 'setDefaultCategoryMembership' )
   def setDefaultCategoryMembership(self, category, node_list,
-                                           spec=(), filter=None, portal_type=(), base=0):
+                                           spec=(), filter=None, portal_type=(), base=0,
+                                           checked_permission=None):
     self._setDefaultCategoryMembership(category, node_list, spec=spec, filter=filter,
-                                       portal_type=portal_type, base=base)
+                                       portal_type=portal_type, base=base,
+                                       checked_permission=checked_permission)
     self.reindexObject()
 
   security.declareProtected( Permissions.AccessContentsInformation, '_getCategoryMembershipList' )
-  def _getCategoryMembershipList(self, category, spec=(), filter=None, portal_type=(), base=0, keep_default=1):
+  def _getCategoryMembershipList(self, category, spec=(), filter=None, portal_type=(), base=0, 
+                                                 keep_default=1, checked_permission=None):
     """
       This returns the list of categories for an object
     """
     return self._getCategoryTool().getCategoryMembershipList(self, category, spec=spec,
                                                    filter=filter, portal_type=portal_type, base=base,
-                                                   keep_default=keep_default)
+                                                   keep_default=keep_default, checked_permission=checked_permission)
 
   security.declareProtected( Permissions.AccessContentsInformation, 'getCategoryMembershipList' )
   getCategoryMembershipList = _getCategoryMembershipList
@@ -2022,26 +2049,31 @@ class Base( CopyContainer,
   getAcquiredCategoryMembershipList = _getAcquiredCategoryMembershipList
 
   security.declareProtected( Permissions.AccessContentsInformation, '_getCategoryMembershipItemList' )
-  def _getCategoryMembershipItemList(self, category, spec=(), filter=None, portal_type=(), base=0):
+  def _getCategoryMembershipItemList(self, category, spec=(), filter=None, portal_type=(), base=0,
+                                                     checked_permission=None):
     membership_list = self._getCategoryMembershipList(category,
-                            spec = spec, filter=filter, portal_type=portal_type, base=base)
+                            spec=spec, filter=filter, portal_type=portal_type, base=base,
+                            checked_permission=checked_permission)
     return [(x, x) for x in membership_list]
 
   security.declareProtected( Permissions.AccessContentsInformation,
                                           '_getAcquiredCategoryMembershipItemList' )
   def _getAcquiredCategoryMembershipItemList(self, category, spec=(),
-             filter=None, portal_type=(), base=0, method_id=None, sort_id='default'):
+             filter=None, portal_type=(), base=0, method_id=None, sort_id='default',
+             checked_permission=None):
     # Standard behaviour - should be OK
     # sort_id should be None for not sort - default behaviour in other methods
     if method_id is None and sort_id in (None, 'default'):
       membership_list = self._getAcquiredCategoryMembershipList(category,
-                           spec = spec, filter=filter, portal_type=portal_type, base=base)
+                           spec = spec, filter=filter, portal_type=portal_type, base=base,
+                           checked_permission=checked_permission)
       if sort_id == 'default':
         membership_list.sort()
       return [(x, x) for x in membership_list]
     # Advanced behaviour XXX This is new and needs to be checked
     membership_list = self._getAcquiredCategoryMembershipList(category,
-                           spec = spec, filter=filter, portal_type=portal_type, base=1)
+                           spec = spec, filter=filter, portal_type=portal_type, base=1,
+                           checked_permission=checked_permission)
     result = []
     for path in membership_list:
       value = self._getCategoryTool().resolveCategory(path)
@@ -2053,9 +2085,11 @@ class Base( CopyContainer,
     return map(lambda x: (x,getattr(x, method_id)()), membership_list)
 
   security.declareProtected( Permissions.View, '_getDefaultCategoryMembership' )
-  def _getDefaultCategoryMembership(self, category, spec = (), filter=None, portal_type=(), base = 0 ):
+  def _getDefaultCategoryMembership(self, category, spec=(), filter=None, portal_type=(), base=0,
+                                                    checked_permission=None ):
     membership = self._getCategoryTool().getCategoryMembershipList(self,
-                     category, spec = spec, filter=filter, portal_type=portal_type, base = base)
+                     category, spec=spec, filter=filter, portal_type=portal_type, base=base,
+                               checked_permission=checked_permission)
     if len(membership) > 0:
       return membership[0]
     else:
@@ -2063,9 +2097,11 @@ class Base( CopyContainer,
 
   security.declareProtected( Permissions.View, '_getDefaultAcquiredCategoryMembership' )
   def _getDefaultAcquiredCategoryMembership(self, category,
-                                        spec=(), filter=None, portal_type=(), base=0, default=None):
+                                        spec=(), filter=None, portal_type=(), base=0, default=None,
+                                        checked_permission=None):
     membership = self._getAcquiredCategoryMembershipList(category,
-                spec=spec, filter=filter, portal_type=portal_type, base=base)
+                spec=spec, filter=filter, portal_type=portal_type, base=base,
+                checked_permission=checked_permission)
     if len(membership) > 0:
       return membership[0]
     else: