diff --git a/product/ERP5Catalog/CatalogTool.py b/product/ERP5Catalog/CatalogTool.py
index af94c773836275cb650dc7ed010f86b684f07f1a..0a174522ccac588e2b8cb0abb57375c325242491 100644
--- a/product/ERP5Catalog/CatalogTool.py
+++ b/product/ERP5Catalog/CatalogTool.py
@@ -93,9 +93,14 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
 
     def allowedRolesAndUsers(self):
         """
-        Return a list of roles and users with
-        View permission.
-        Used by PortalCatalog to filter out items you're not allowed to see.
+        Return a list of roles and users with View permission.
+        Used by Portal Catalog to filter out items you're not allowed to see.
+
+        WARNING (XXX): some user base local role association is currently
+        being stored (ex. to be determined). This should be prevented or it will
+        make the table explode. To analyse the symptoms, look at the
+        user_and_roles table. You will find some user:foo values
+        which are not necessary.
         """
         ob = self.__ob
         security_product = getSecurityProduct(ob.acl_users)
@@ -301,7 +306,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
         try:
           # check for proxy role in stack
           eo = getSecurityManager()._context.stack[-1]
-          proxy_roles = getattr(eo,'_proxy_roles',None)
+          proxy_roles = getattr(eo, '_proxy_roles',None)
         except IndexError:
           proxy_roles = None
         if proxy_roles:
@@ -446,6 +451,9 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool, ActiveObject):
         if self.getSQLCatalog().getColumnMap().has_key('owner'):
           if user != SUPER_USER:
             role_column_dict['owner'] = str(user)
+            # XXX this is inconsistent withe "check for proxy role in stack"
+            # in _listAllowedRolesAndUsers. We should use the proxy user
+            # to be consistent
 
       return allowedRolesAndUsers, role_column_dict