Added checked_permission support to all category accessors.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@16518 20353a03-c40f-0410-a6d1-a30d3c3de9de

Added checked_permission support to all category accessors.
git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@16518 20353a03-c40f-0410-a6d1-a30d3c3de9de
4baef747 · Jean-Paul Smets · a300098d · 4baef747 · 4baef747 · 4baef747
Commit 4baef747 authored Sep 20, 2007 by Jean-Paul Smets
5 changed files
--- a/product/CMFCategory/CategoryTool.py
+++ b/product/CMFCategory/CategoryTool.py
@@ -714,7 +714,7 @@ class CategoryTool( UniqueObject, Folder, Base ):
    security.declareProtected( Permissions.AccessContentsInformation,
                                                        'getSingleCategoryMembershipList' )
    def getSingleCategoryMembershipList(self, context, base_category, base=0,
-                                          spec=(), filter=None, **kw):
+                                          spec=(), filter=None, checked_permission=None, **kw):
      """
        Returns the local membership of the context for a single base category
        represented as a list of relative URLs
@@ -733,15 +733,28 @@ class CategoryTool( UniqueObject, Folder, Base ):
      portal_type = kw.get('portal_type', ())
      if spec is (): spec = portal_type
+      # Build the ckecked_permission filter
+      if checked_permission is None:
+        permissionFilter = lambda x: x
+      else:
+        def permissionFilter(category_list):
+          filtered_category_list = []
+          checkPermission = self.portal_membership.checkPermission
+          for category in category_list:
+            object = self.unrestrictedTraverse(category)
+            if object is not None and checkPermission(checked_permission, object):
+              filtered_category_list.append(category)
+          return filtered_category_list
      # We must treat parent in a different way
      #LOG('getSingleCategoryMembershipList', 0, 'base_category = %s, spec = %s, base = %s, context = %s, context.aq_inner.aq_parent = %s' % (repr(base_category), repr(spec), repr(base), repr(context), repr(context.aq_inner.aq_parent)))
      if base_category == 'parent':
        parent = context.aq_inner.aq_parent # aq_inner is required to make sure we use containment
        if parent.portal_type in spec:
          if base:
-            return ['parent/' + parent.getRelativeUrl()]
+            return permissionFilter(['parent/' + parent.getRelativeUrl()])
          else:
-            return [parent.getRelativeUrl()]
+            return permissionFilter([parent.getRelativeUrl()])
        #LOG('getSingleCategoryMembershipList', 0, 'not in spec: parent.portal_type = %s, spec = %s' % (repr(parent.portal_type), repr(spec)))
        return []
@@ -777,7 +790,7 @@ class CategoryTool( UniqueObject, Folder, Base ):
                    append(category_url)
                  else:
                    append(category_url[len(my_base_category)+1:])
-      return result
+      return permissionFilter(result)
    security.declareProtected( Permissions.AccessContentsInformation,
                                      'getSingleCategoryAcquiredMembershipList' )
@@ -820,6 +833,9 @@ class CategoryTool( UniqueObject, Folder, Base ):
        base          --    if set to 1, returns relative URLs to portal_categories
                            if set to 0, returns relative URLs to the base category
+        checked_permission        --    a string which defined the permission 
+                                        to filter the object on
        acquired_object_dict      --    this is the list of object used by acquisition, so
                                        we can check if we already have used this object

--- a/product/ERP5Type/Accessor/AcquiredProperty.py
+++ b/product/ERP5Type/Accessor/AcquiredProperty.py
@@ -94,6 +94,7 @@ class Getter(Method):
            alt_accessor_id=self._alt_accessor_id,
            is_list_type=self._is_list_type,
            is_tales_type=self._is_tales_type,
+            checked_permission=kw.get('checked_permission', None)
            )
      if value is not None:
        return value.getProperty(self._acquired_property, default, **kw)

--- a/product/ERP5Type/Accessor/Category.py
+++ b/product/ERP5Type/Accessor/Category.py
@@ -57,7 +57,8 @@ class ListSetter(Method):
                                      filter=kw.get('filter', None),
                                      portal_type=kw.get('portal_type',()),
                                      base=kw.get('base', 0),
-                                      keep_default=0)
+                                      keep_default=0,
+                                      checked_permission=kw.get('checked_permission', None))
      if self._reindex:
        warnings.warn("The reindexing accessors are deprecated.\n"
                      "Please use Alias.Reindex instead.",
@@ -90,7 +91,8 @@ class DefaultSetter(Method):
                                                 spec=kw.get('spec',()),
                                                 filter=kw.get('filter', None),
                                                 portal_type=kw.get('portal_type',()),
-                                                 base=kw.get('base', 0))
+                                                 base=kw.get('base', 0),
+                                                 checked_permission=kw.get('checked_permission', None))
      if self._reindex:
        warnings.warn("The reindexing accessors are deprecated.\n"
                      "Please use Alias.Reindex instead.",
@@ -133,7 +135,8 @@ class SetSetter(Method):
                                      filter=kw.get('filter', None),
                                      portal_type=kw.get('portal_type',()),
                                      base=kw.get('base', 0),
-                                      keep_default=1)
+                                      keep_default=1,
+                                      checked_permission=kw.get('checked_permission', None))
      if self._reindex:
        warnings.warn("The reindexing accessors are deprecated.\n"
                      "Please use Alias.Reindex instead.",
@@ -168,7 +171,8 @@ class DefaultGetter(Method):
                                                      spec=kw.get('spec',()),
                                                      filter=kw.get('filter', None),
                                                      portal_type=kw.get('portal_type',()),
-                                                      base=kw.get('base',0), default=default)
+                                                      base=kw.get('base',0), default=default,
+                                                      checked_permission=kw.get('checked_permission', None))
    psyco.bind(__call__)
 class ListGetter(Method):

--- a/product/ERP5Type/Accessor/Value.py
+++ b/product/ERP5Type/Accessor/Value.py
@@ -54,7 +54,8 @@ class SetSetter(Method):
                                                spec=kw.get('spec',()),
                                                filter=kw.get('filter', None),
                                                portal_type=kw.get('portal_type',()),
-                                                 keep_default=1)
+                                                keep_default=1,
+                                                checked_permission=kw.get('checked_permission', None))
      if self._reindex:
        warnings.warn("The reindexing accessors are deprecated.\n"
                      "Please use Alias.Reindex instead.",
@@ -76,7 +77,8 @@ class ListSetter(SetSetter):
                                                 spec=kw.get('spec',()),
                                                 filter=kw.get('filter', None),
                                                 portal_type=kw.get('portal_type',()),
-                                                 keep_default=0)
+                                                 keep_default=0,
+                                                 checked_permission=kw.get('checked_permission', None))
      if self._reindex:
        warnings.warn("The reindexing accessors are deprecated.\n"
                      "Please use Alias.Reindex instead.",
@@ -99,7 +101,8 @@ class DefaultSetter(SetSetter):
      instance._setDefaultValue(self._key, args[0],
                                                 spec=kw.get('spec',()),
                                                 filter=kw.get('filter', None),
-                                                 portal_type=kw.get('portal_type',()))
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
      if self._reindex:
        warnings.warn("The reindexing accessors are deprecated.\n"
                      "Please use Alias.Reindex instead.",
@@ -256,7 +259,8 @@ class DefaultTranslatedTitleGetter(Method):
      o = instance._getDefaultAcquiredValue(self._key,
                                                 spec=kw.get('spec',()),
                                                 filter=kw.get('filter', None),
-                                                 portal_type=kw.get('portal_type',()))
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
      if o is None:
        return None
      return o.getTranslatedTitle()
@@ -285,7 +289,8 @@ class TranslatedTitleListGetter(Method):
      return [x.getTranslatedTitle() for x in instance._getAcquiredValueList(self._key,
                                                    spec=kw.get('spec',()),
                                                    filter=kw.get('filter', None),
-                                                    portal_type=kw.get('portal_type',()))
+                                                    portal_type=kw.get('portal_type',()),
+                                                    checked_permission=kw.get('checked_permission', None))
                                                  ]
    psyco.bind(__call__)
@@ -323,7 +328,8 @@ class DefaultReferenceGetter(Method):
      o = instance._getDefaultAcquiredValue(self._key,
                                                 spec=kw.get('spec',()),
                                                 filter=kw.get('filter', None),
-                                                 portal_type=kw.get('portal_type',()))
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
      if o is None:
        return None
      return o.getReference()
@@ -352,7 +358,8 @@ class ReferenceListGetter(Method):
      return [x.getReference() for x in instance._getAcquiredValueList(self._key,
                                                    spec=kw.get('spec',()),
                                                    filter=kw.get('filter', None),
-                                                    portal_type=kw.get('portal_type',()))
+                                                    portal_type=kw.get('portal_type',()),
+                                                    checked_permission=kw.get('checked_permission', None))
                                                  ]
    psyco.bind(__call__)
@@ -390,7 +397,8 @@ class DefaultUidGetter(Method):
      value = instance._getDefaultAcquiredValue(self._key,
                                                 spec=kw.get('spec',()),
                                                 filter=kw.get('filter', None),
-                                                 portal_type=kw.get('portal_type',()))
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
      if value is not None:
        return value.getUid()
      else:
@@ -422,7 +430,8 @@ class UidListGetter(Method):
      return [x.getUid() for x in instance._getAcquiredValueList(self._key,
                                                    spec=kw.get('spec',()),
                                                    filter=kw.get('filter', None),
-                                                    portal_type=kw.get('portal_type',()))
+                                                    portal_type=kw.get('portal_type',()),
+                                                    checked_permission=kw.get('checked_permission', None))
                                                  ]
    psyco.bind(__call__)
@@ -460,7 +469,8 @@ class UidSetSetter(Method):
                                                 spec=kw.get('spec',()),
                                                 filter=kw.get('filter', None),
                                                 portal_type=kw.get('portal_type',()),
-                                                 keep_default=1)
+                                                 keep_default=1,
+                                                 checked_permission=kw.get('checked_permission', None))
      if self._reindex:
        warnings.warn("The reindexing accessors are deprecated.\n"
                      "Please use Alias.Reindex instead.",
@@ -480,7 +490,8 @@ class UidListSetter(UidSetSetter):
                                                 spec=kw.get('spec',()),
                                                 filter=kw.get('filter', None),
                                                 portal_type=kw.get('portal_type',()),
-                                                 keep_default=0)
+                                                 keep_default=0,
+                                                 checked_permission=kw.get('checked_permission', None))
      if self._reindex:
        warnings.warn("The reindexing accessors are deprecated.\n"
                      "Please use Alias.Reindex instead.",
@@ -501,7 +512,8 @@ class UidDefaultSetter(UidSetSetter):
      instance._setDefaultValueUid(self._key, args[0],
                                                 spec=kw.get('spec',()),
                                                 filter=kw.get('filter', None),
-                                                 portal_type=kw.get('portal_type',()))
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
      if self._reindex:
        warnings.warn("The reindexing accessors are deprecated.\n"
                      "Please use Alias.Reindex instead.",
@@ -527,7 +539,10 @@ class DefaultIdGetter(Method):
      self._key = key
    def __call__(self, instance, *args, **kw):
-      value = instance._getDefaultAcquiredValue(self._key, spec=kw.get('spec',()))
+      value = instance._getDefaultAcquiredValue(self._key, spec=kw.get('spec',()),
+                                                 filter=kw.get('filter', None),
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
      if value is not None:
        return value.getId()
      else:
@@ -556,7 +571,10 @@ class DefaultTitleOrIdGetter(Method):
      self._key = key
    def __call__(self, instance, *args, **kw):
-      value = instance._getDefaultAcquiredValue(self._key, spec=kw.get('spec',()))
+      value = instance._getDefaultAcquiredValue(self._key, spec=kw.get('spec',()),
+                                                 filter=kw.get('filter', None),
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
      if value is not None:
        return value.getTitleOrId()
      else:
@@ -585,7 +603,10 @@ class DefaultLogicalPathGetter(Method):
      self._key = key
    def __call__(self, instance, *args, **kw):
-      value = instance._getDefaultAcquiredValue(self._key, spec=kw.get('spec',()))
+      value = instance._getDefaultAcquiredValue(self._key, spec=kw.get('spec',()),
+                                                 filter=kw.get('filter', None),
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
      if value is not None:
        return value.getLogicalPath()
      else:
@@ -617,7 +638,8 @@ class IdListGetter(Method):
      return [x.getId() for x in instance._getAcquiredValueList(self._key,
                                                 spec=kw.get('spec',()),
                                                 filter=kw.get('filter', None),
-                                                 portal_type=kw.get('portal_type',()))
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
                                                  ]
    psyco.bind(__call__)
@@ -655,7 +677,8 @@ class LogicalPathListGetter(Method):
      return [x.getLogicalPath() for x in instance._getAcquiredValueList(self._key,
                                                 spec=kw.get('spec',()),
                                                 filter=kw.get('filter', None),
-                                                 portal_type=kw.get('portal_type',()))
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
                                                  ]
 class LogicalPathSetGetter(LogicalPathListGetter):
@@ -691,7 +714,8 @@ class DefaultPropertyGetter(Method):
      value = instance._getDefaultAcquiredValue(self._key,
                                                 spec=kw.get('spec',()),
                                                 filter=kw.get('filter', None),
-                                                 portal_type=kw.get('portal_type',()))
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
      if value is not None:
        return value.getProperty(key)
      else:
@@ -723,7 +747,8 @@ class PropertyListGetter(Method):
      return [x.getProperty(key) for x in instance._getAcquiredValueList(self._key,
                                                 spec=kw.get('spec',()),
                                                 filter=kw.get('filter', None),
-                                                 portal_type=kw.get('portal_type',()))
+                                                 portal_type=kw.get('portal_type',()),
+                                                 checked_permission=kw.get('checked_permission', None))
                                                  ]
    psyco.bind(__call__)
@@ -737,4 +762,3 @@ class PropertySetGetter(PropertyListGetter):
           self, instance, *args, **kw)
      result_set = dict([(x, 0) for x in result_list]).keys()
      return result_set
--- a/product/ERP5Type/Base.py
+++ b/product/ERP5Type/Base.py
@@ -902,7 +902,7 @@ class Base( CopyContainer,
  def _getDefaultAcquiredProperty(self, key, default_value, null_value,
        base_category=None, portal_type=None, copy_value=0, mask_value=0, sync_value=0,
        accessor_id=None, depends=None, storage_id=None, alt_accessor_id=None,
-        is_list_type=0, is_tales_type=0):
+        is_list_type=0, is_tales_type=0, checked_permission=None):
    """
      This method implements programmable acquisition of values in ERP5.
@@ -961,7 +961,8 @@ class Base( CopyContainer,
      portal_type = tuple(portal_type)
    acquisition_key = ('_getDefaultAcquiredProperty', self.getPath(), key, base_category,
                       portal_type, copy_value, mask_value, sync_value,
-                       accessor_id, depends, storage_id, alt_accessor_id, is_list_type, is_tales_type)
+                       accessor_id, depends, storage_id, alt_accessor_id, is_list_type, is_tales_type,
+                       checked_permission)
    if acquisition_key in tv:
      return null_value
@@ -992,7 +993,8 @@ class Base( CopyContainer,
      #LOG("Get Acquired Property portal_type",0,str(portal_type))
      #LOG("Get Acquired Property base_category",0,str(base_category))
      #super_list = self._getValueList(base_category, portal_type=portal_type) # We only do a single jump
-      super_list = self._getAcquiredValueList(base_category, portal_type=portal_type) # Full acquisition
+      super_list = self._getAcquiredValueList(base_category, portal_type=portal_type,
+                                              checked_permission=checked_permission) # Full acquisition
      super_list = filter(lambda o: o.getPhysicalPath() != self.getPhysicalPath(), super_list) # Make sure we do not create stupid loop here
      #LOG("Get Acquired Property super_list",0,str(super_list))
      #LOG("Get Acquired Property accessor_id",0,str(accessor_id))
@@ -1064,7 +1066,7 @@ class Base( CopyContainer,
  def _getAcquiredPropertyList(self, key, default_value, null_value,
     base_category, portal_type=None, copy_value=0, mask_value=0, sync_value=0, append_value=0,
     accessor_id=None, depends=None, storage_id=None, alt_accessor_id=None,
-     is_list_type=0, is_tales_type=0):
+     is_list_type=0, is_tales_type=0, checked_permission=None):
    """
      Default accessor. Implements the default
      attribute accessor.
@@ -1080,7 +1082,8 @@ class Base( CopyContainer,
      portal_type = tuple(portal_type)
    acquisition_key = ('_getAcquiredPropertyList', self.getPath(), key, base_category,
                       portal_type, copy_value, mask_value, sync_value,
-                       accessor_id, depends, storage_id, alt_accessor_id, is_list_type, is_tales_type)
+                       accessor_id, depends, storage_id, alt_accessor_id, is_list_type, is_tales_type,
+                       checked_permission)
    if acquisition_key in tv:
      return null_value
@@ -1096,7 +1099,8 @@ class Base( CopyContainer,
          return expression(econtext)
        else:
          return value
-      super_list = self._getAcquiredValueList(base_category, portal_type=portal_type) # Full acquisition
+      super_list = self._getAcquiredValueList(base_category, portal_type=portal_type,
+                                              checked_permission=checked_permission) # Full acquisition
      super_list = filter(lambda o: o.getPhysicalPath() != self.getPhysicalPath(), super_list) # Make sure we do not create stupid loop here
      if len(super_list) > 0:
        value = []
@@ -1720,7 +1724,8 @@ class Base( CopyContainer,
  # Private accessors for the implementation of relations based on
  # categories
  security.declareProtected( Permissions.ModifyPortalContent, '_setValue' )
-  def _setValue(self, id, target, spec=(), filter=None, portal_type=(), keep_default=1):
+  def _setValue(self, id, target, spec=(), filter=None, portal_type=(), keep_default=1,
+                                  checked_permission=None):
    start_string = "%s/" % id
    start_string_len = len(start_string)
    if target is None :
@@ -1746,21 +1751,23 @@ class Base( CopyContainer,
      path = target.getRelativeUrl()
      if path.startswith(start_string): path = path[start_string_len:] # Prevent duplicating base category
    self._setCategoryMembership(id, path, spec=spec, filter=filter, portal_type=portal_type,
-                                base=0, keep_default=keep_default)
+                                base=0, keep_default=keep_default,
+                                checked_permission=checked_permission)
  security.declareProtected( Permissions.ModifyPortalContent, '_setValueList' )
  _setValueList = _setValue
  security.declareProtected( Permissions.ModifyPortalContent, 'setValue' )
-  def setValue(self, id, target, spec=(), filter=None, portal_type=(), keep_default=1):
+  def setValue(self, id, target, spec=(), filter=None, portal_type=(), keep_default=1, checked_permission=None):
-    self._setValue(id, target, spec=spec, filter=filter, portal_type=portal_type, keep_default=keep_default)
+    self._setValue(id, target, spec=spec, filter=filter, portal_type=portal_type, keep_default=keep_default,
+                       checked_permission=checked_permission)
    self.reindexObject()
  security.declareProtected( Permissions.ModifyPortalContent, 'setValueList' )
  setValueList = setValue
  security.declareProtected( Permissions.ModifyPortalContent, '_setDefaultValue' )
-  def _setDefaultValue(self, id, target, spec=(), filter=None, portal_type=()):
+  def _setDefaultValue(self, id, target, spec=(), filter=None, portal_type=(), checked_permission=None):
    start_string = "%s/" % id
    start_string_len = len(start_string)
    if target is None :
@@ -1775,18 +1782,21 @@ class Base( CopyContainer,
      path = target.getRelativeUrl()
      if path.startswith(start_string): path = path[start_string_len:] # Prevent duplicating base category
    self._setDefaultCategoryMembership(id, path, spec=spec, filter=filter,
-                                       portal_type=portal_type, base=0)
+                                       portal_type=portal_type, base=0,
+                                       checked_permission=checked_permission)
  security.declareProtected(Permissions.ModifyPortalContent, 'setDefaultValue' )
  def setDefaultValue(self, id, target, spec=(), filter=None, portal_type=()):
-    self._setDefaultValue(id, target, spec=spec, filter=filter, portal_type=portal_type)
+    self._setDefaultValue(id, target, spec=spec, filter=filter, portal_type=portal_type,
+                              checked_permission=None)
    self.reindexObject()
  security.declareProtected(Permissions.AccessContentsInformation, 
                            '_getDefaultValue')
-  def _getDefaultValue(self, id, spec=(), filter=None, portal_type=()):
+  def _getDefaultValue(self, id, spec=(), filter=None, portal_type=(), checked_permission=None):
    path = self._getDefaultCategoryMembership(id, spec=spec, filter=filter,
-                                      portal_type=portal_type,base=1)
+                                      portal_type=portal_type,base=1,
+                                      checked_permission=checked_permission)
    if path is None:
      return None
    else:
@@ -1797,10 +1807,11 @@ class Base( CopyContainer,
  security.declareProtected(Permissions.AccessContentsInformation, 
                            '_getValueList')
-  def _getValueList(self, id, spec=(), filter=None, portal_type=()):
+  def _getValueList(self, id, spec=(), filter=None, portal_type=(), checked_permission=None):
    ref_list = []
    for path in self._getCategoryMembershipList(id, spec=spec, filter=filter,
-                                                  portal_type=portal_type, base=1):
+                                                  portal_type=portal_type, base=1,
+                                                  checked_permission=checked_permission):
      # LOG('_getValueList',0,str(path))
      try:
        value = self._getCategoryTool().resolveCategory(path)
@@ -1818,9 +1829,10 @@ class Base( CopyContainer,
  security.declareProtected(Permissions.AccessContentsInformation, 
                            '_getDefaultAcquiredValue')
  def _getDefaultAcquiredValue(self, id, spec=(), filter=None, portal_type=(),
-                               evaluate=1):
+                               evaluate=1, checked_permission=None):
    path = self._getDefaultAcquiredCategoryMembership(id, spec=spec, filter=filter,
-                                                  portal_type=portal_type, base=1)
+                                                  portal_type=portal_type, base=1, 
+                                                  checked_permission=checked_permission)
    # LOG("_getAcquiredDefaultValue",0,str(path))
    if path is None:
      return None
@@ -1924,9 +1936,10 @@ class Base( CopyContainer,
  getRelatedPropertyList = _getRelatedPropertyList
  security.declareProtected( Permissions.View, 'getValueUidList' )
-  def getValueUidList(self, id, spec=(), filter=None, portal_type=()):
+  def getValueUidList(self, id, spec=(), filter=None, portal_type=(), checked_permission=None):
    uid_list = []
-    for o in self._getValueList(id, spec=spec, filter=filter, portal_type=portal_type):
+    for o in self._getValueList(id, spec=spec, filter=filter, portal_type=portal_type,
+                                    checked_permission=checked_permission):
      uid_list.append(o.getUid())
    return uid_list
@@ -1934,7 +1947,8 @@ class Base( CopyContainer,
  getValueUids = getValueUidList # DEPRECATED
  security.declareProtected( Permissions.ModifyPortalContent, '_setValueUidList' )
-  def _setValueUidList(self, id, uids, spec=(), filter=None, portal_type=(), keep_default=1):
+  def _setValueUidList(self, id, uids, spec=(), filter=None, portal_type=(), keep_default=1,
+                                       checked_permission=None):
    # We must do an ordered list so we can not use the previous method
    # self._setValue(id, self.portal_catalog.getObjectList(uids), spec=spec)
    references = []
@@ -1942,67 +1956,80 @@ class Base( CopyContainer,
      uids = [uids]
    for uid in uids:
      references.append(self.portal_catalog.getObject(uid))
-    self._setValue(id, references, spec=spec, filter=filter, portal_type=portal_type, keep_default=keep_default)
+    self._setValue(id, references, spec=spec, filter=filter, portal_type=portal_type,
+                                   keep_default=keep_default, checked_permission=checked_permission)
  security.declareProtected( Permissions.ModifyPortalContent, '_setValueUidList' )
  _setValueUids = _setValueUidList # DEPRECATED
  security.declareProtected( Permissions.ModifyPortalContent, 'setValueUidList' )
-  def setValueUidList(self, id, uids, spec=(), filter=None, portal_type=(), keep_default=1):
+  def setValueUidList(self, id, uids, spec=(), filter=None, portal_type=(), keep_default=1, checked_permission=None):
-    self._setValueUids(id, uids, spec=spec, filter=filter, portal_type=portal_type, keep_default=keep_default)
+    self._setValueUids(id, uids, spec=spec, filter=filter, portal_type=portal_type, 
+                                 keep_default=keep_default, checked_permission=checked_permission)
    self.reindexObject()
  security.declareProtected( Permissions.ModifyPortalContent, 'setValueUidList' )
  setValueUids = setValueUidList # DEPRECATED
  security.declareProtected( Permissions.ModifyPortalContent, '_setDefaultValueUid' )
-  def _setDefaultValueUid(self, id, uid, spec=(), filter=None, portal_type=()):
+  def _setDefaultValueUid(self, id, uid, spec=(), filter=None, portal_type=(),
+                                         checked_permission=None):
    # We must do an ordered list so we can not use the previous method
    # self._setValue(id, self.portal_catalog.getObjectList(uids), spec=spec)
    references = self.portal_catalog.getObject(uid)
-    self._setDefaultValue(id, references, spec=spec, filter=filter, portal_type=portal_type)
+    self._setDefaultValue(id, references, spec=spec, filter=filter, portal_type=portal_type,
+                                          checked_permission=checked_permission)
  security.declareProtected( Permissions.ModifyPortalContent, 'setDefaultValueUid' )
-  def setDefaultValueUid(self, id, uid, spec=(), filter=None, portal_type=()):
+  def setDefaultValueUid(self, id, uid, spec=(), filter=None, portal_type=(), checked_permission=None):
-    self._setDefaultValueUid(id, uid, spec=spec, filter=filter, portal_type=portal_type)
+    self._setDefaultValueUid(id, uid, spec=spec, filter=filter, portal_type=portal_type,
+                                      checked_permission=checked_permission)
    self.reindexObject()
  # Private accessors for the implementation of categories
  security.declareProtected( Permissions.ModifyPortalContent, '_setCategoryMembership' )
  def _setCategoryMembership(self, category, node_list, spec=(),
-                                             filter=None, portal_type=(), base=0, keep_default=1):
+                                             filter=None, portal_type=(), base=0, keep_default=1,
+                                             checked_permission=None):
    self._getCategoryTool().setCategoryMembership(self, category, node_list,
-                       spec=spec, filter=filter, portal_type=portal_type, base=base, keep_default=keep_default)
+                       spec=spec, filter=filter, portal_type=portal_type, base=base, 
+                       keep_default=keep_default, checked_permission=checked_permission)
    #self.activate().edit() # Do nothing except call workflow method
    # XXX This is a problem - it is used to circumvent a lack of edit
  security.declareProtected( Permissions.ModifyPortalContent, 'setCategoryMembership' )
-  def setCategoryMembership(self, category, node_list, spec=(), portal_type=(), base=0, keep_default=1):
+  def setCategoryMembership(self, category, node_list, spec=(), portal_type=(), base=0, keep_default=1,
+                                                       checked_permission=None):
    self._setCategoryMembership(category,
-                      node_list, spec=spec, filter=filter, portal_type=portal_type, base=base, keep_default=keep_default)
+                      node_list, spec=spec, filter=filter, portal_type=portal_type, base=base, keep_default=keep_default, checked_permission=checked_permission)
    self.reindexObject()
  security.declareProtected( Permissions.ModifyPortalContent, '_setDefaultCategoryMembership' )
  def _setDefaultCategoryMembership(self, category, node_list,
-                                    spec=(), filter=None, portal_type=(), base=0):
+                                    spec=(), filter=None, portal_type=(), base=0,
+                                    checked_permission=None):
    self._getCategoryTool().setDefaultCategoryMembership(self, category,
-                     node_list, spec=spec, filter=filter, portal_type=portal_type, base=base)
+                     node_list, spec=spec, filter=filter, portal_type=portal_type, base=base,
+                                checked_permission=checked_permission)
  security.declareProtected( Permissions.ModifyPortalContent, 'setDefaultCategoryMembership' )
  def setDefaultCategoryMembership(self, category, node_list,
-                                           spec=(), filter=None, portal_type=(), base=0):
+                                           spec=(), filter=None, portal_type=(), base=0,
+                                           checked_permission=None):
    self._setDefaultCategoryMembership(category, node_list, spec=spec, filter=filter,
-                                       portal_type=portal_type, base=base)
+                                       portal_type=portal_type, base=base,
+                                       checked_permission=checked_permission)
    self.reindexObject()
  security.declareProtected( Permissions.AccessContentsInformation, '_getCategoryMembershipList' )
-  def _getCategoryMembershipList(self, category, spec=(), filter=None, portal_type=(), base=0, keep_default=1):
+  def _getCategoryMembershipList(self, category, spec=(), filter=None, portal_type=(), base=0, 
+                                                 keep_default=1, checked_permission=None):
    """
      This returns the list of categories for an object
    """
    return self._getCategoryTool().getCategoryMembershipList(self, category, spec=spec,
                                                   filter=filter, portal_type=portal_type, base=base,
-                                                   keep_default=keep_default)
+                                                   keep_default=keep_default, checked_permission=checked_permission)
  security.declareProtected( Permissions.AccessContentsInformation, 'getCategoryMembershipList' )
  getCategoryMembershipList = _getCategoryMembershipList
@@ -2022,26 +2049,31 @@ class Base( CopyContainer,
  getAcquiredCategoryMembershipList = _getAcquiredCategoryMembershipList
  security.declareProtected( Permissions.AccessContentsInformation, '_getCategoryMembershipItemList' )
-  def _getCategoryMembershipItemList(self, category, spec=(), filter=None, portal_type=(), base=0):
+  def _getCategoryMembershipItemList(self, category, spec=(), filter=None, portal_type=(), base=0,
+                                                     checked_permission=None):
    membership_list = self._getCategoryMembershipList(category,
-                            spec = spec, filter=filter, portal_type=portal_type, base=base)
+                            spec=spec, filter=filter, portal_type=portal_type, base=base,
+                            checked_permission=checked_permission)
    return [(x, x) for x in membership_list]
  security.declareProtected( Permissions.AccessContentsInformation,
                                          '_getAcquiredCategoryMembershipItemList' )
  def _getAcquiredCategoryMembershipItemList(self, category, spec=(),
-             filter=None, portal_type=(), base=0, method_id=None, sort_id='default'):
+             filter=None, portal_type=(), base=0, method_id=None, sort_id='default',
+             checked_permission=None):
    # Standard behaviour - should be OK
    # sort_id should be None for not sort - default behaviour in other methods
    if method_id is None and sort_id in (None, 'default'):
      membership_list = self._getAcquiredCategoryMembershipList(category,
-                           spec = spec, filter=filter, portal_type=portal_type, base=base)
+                           spec = spec, filter=filter, portal_type=portal_type, base=base,
+                           checked_permission=checked_permission)
      if sort_id == 'default':
        membership_list.sort()
      return [(x, x) for x in membership_list]
    # Advanced behaviour XXX This is new and needs to be checked
    membership_list = self._getAcquiredCategoryMembershipList(category,
-                           spec = spec, filter=filter, portal_type=portal_type, base=1)
+                           spec = spec, filter=filter, portal_type=portal_type, base=1,
+                           checked_permission=checked_permission)
    result = []
    for path in membership_list:
      value = self._getCategoryTool().resolveCategory(path)
@@ -2053,9 +2085,11 @@ class Base( CopyContainer,
    return map(lambda x: (x,getattr(x, method_id)()), membership_list)
  security.declareProtected( Permissions.View, '_getDefaultCategoryMembership' )
-  def _getDefaultCategoryMembership(self, category, spec = (), filter=None, portal_type=(), base = 0 ):
+  def _getDefaultCategoryMembership(self, category, spec=(), filter=None, portal_type=(), base=0,
+                                                    checked_permission=None ):
    membership = self._getCategoryTool().getCategoryMembershipList(self,
-                     category, spec = spec, filter=filter, portal_type=portal_type, base = base)
+                     category, spec=spec, filter=filter, portal_type=portal_type, base=base,
+                               checked_permission=checked_permission)
    if len(membership) > 0:
      return membership[0]
    else:
@@ -2063,9 +2097,11 @@ class Base( CopyContainer,
  security.declareProtected( Permissions.View, '_getDefaultAcquiredCategoryMembership' )
  def _getDefaultAcquiredCategoryMembership(self, category,
-                                        spec=(), filter=None, portal_type=(), base=0, default=None):
+                                        spec=(), filter=None, portal_type=(), base=0, default=None,
+                                        checked_permission=None):
    membership = self._getAcquiredCategoryMembershipList(category,
-                spec=spec, filter=filter, portal_type=portal_type, base=base)
+                spec=spec, filter=filter, portal_type=portal_type, base=base,
+                checked_permission=checked_permission)
    if len(membership) > 0:
      return membership[0]
    else: