diff --git a/product/ERP5Catalog/CatalogTool.py b/product/ERP5Catalog/CatalogTool.py
index 3567a629c44eec019cf79fb9ffc141c117c4d895..a0d1eadf61dfb1f06f5bd6eb9202a5eb1b967622 100755
--- a/product/ERP5Catalog/CatalogTool.py
+++ b/product/ERP5Catalog/CatalogTool.py
@@ -32,12 +32,12 @@ from Products.CMFCore import CMFCorePermissions
 from AccessControl import ClassSecurityInfo, getSecurityManager
 from Products.CMFCore.CatalogTool import IndexableObjectWrapper as CMFCoreIndexableObjectWrapper
 from Products.CMFCore.utils import UniqueObject, _checkPermission, _getAuthenticatedUser, getToolByName
+from Products.CMFCore.utils import _mergedLocalRoles
 from Globals import InitializeClass, DTMLFile, PersistentMapping
 from Acquisition import aq_base, aq_inner, aq_parent
 from DateTime.DateTime import DateTime
 
 from AccessControl.PermissionRole import rolesForPermissionOn
-from Products.CMFCore.utils import _mergedLocalRoles
 
 from Products.PageTemplates.Expressions import SecureModuleImporter
 from Products.CMFCore.Expression import Expression
@@ -59,19 +59,39 @@ class IndexableObjectWrapper(CMFCoreIndexableObjectWrapper):
         Return a list of roles and users with View permission.
         Used by PortalCatalog to filter out items you're not allowed to see.
         """
+        # Try to import CPS (import here to make sure no circular)
+        try:
+          from Products.NuxUserGroups.CatalogToolWithGroups import mergedLocalRoles
+          withgroups = 1
+        except ImportError:
+          withgroups = 0
+
         ob = self.__ob
         allowed = {}
         for r in rolesForPermissionOn('View', ob):
             allowed[r] = 1
-        localroles = _mergedLocalRoles(ob)
+        if withgroups:
+          localroles = mergedLocalRoles(ob, withgroups=1)
+          LOG("allowedRolesAndUsers",0,str(allowed.keys()))
+        else:
+          # CMF
+          localroles = _mergedLocalRoles(ob)
         for user, roles in localroles.items():
             for role in roles:
                 if allowed.has_key(role):
-                    allowed['user:' + user] = 1
+                    if withgroups:
+                      allowed[user] = 1
+                    else:
+                      allowed['user:' + user] = 1
                 # Added for ERP5 project by JP Smets
-                if role != 'Owner': allowed['user:' + user + ':' + role] = 1
+                if role != 'Owner':
+                  if withgroups:
+                    allowed[user + ':' + role] = 1
+                  else:
+                    allowed['user:' + user + ':' + role] = 1
         if allowed.has_key('Owner'):
             del allowed['Owner']
+        LOG("allowedRolesAndUsers",0,str(allowed.keys()))
         return list(allowed.keys())
 
 class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool):
@@ -93,7 +113,6 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool):
         ZCatalog.__init__(self, self.getId())
 
     # Explicite Inheritance
-    _listAllowedRolesAndUsers = CMFCoreCatalogTool._listAllowedRolesAndUsers
     __url = CMFCoreCatalogTool.__url
     manage_catalogFind = CMFCoreCatalogTool.manage_catalogFind
 
@@ -106,6 +125,10 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool):
     manage_schema = DTMLFile( 'dtml/manageSchema', globals() )
 
 
+    def _listAllowedRolesAndUsers(self, user):
+      from Products.NuxUserGroups.CatalogToolWithGroups import _getAllowedRolesAndUsers
+      return _getAllowedRolesAndUsers(user)
+
     # Schema Management
     def editColumn(self, column_id, sql_definition, method_id, default_value, REQUEST=None, RESPONSE=None):
       """
@@ -323,6 +346,7 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool):
             #kw[ 'effective' ] = { 'query' : now, 'range' : 'max' }
             #kw[ 'expires'   ] = { 'query' : now, 'range' : 'min' }
 
+        LOG("search allowedRolesAndUsers",0,str(kw[ 'allowedRolesAndUsers' ]))
         return apply(ZCatalog.searchResults, (self, REQUEST), kw)
 
     __call__ = searchResults
@@ -364,13 +388,15 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool):
 
         return apply(ZCatalog.countResults, (self, REQUEST), kw)
 
-    def catalog_object(self, object, uid, idxs=[], is_object_moved=0):
+    def catalog_object(self, object, uid, idxs=None, is_object_moved=0):
+        if idxs is None: idxs = []
         wf = getToolByName(self, 'portal_workflow')
         if wf is not None:
             vars = wf.getCatalogVariablesFor(object)
         else:
             vars = {}
         w = IndexableObjectWrapper(vars, object)
+        LOG("IndexableObjectWrapper", 0,str(w.allowedRolesAndUsers()))
         #try:
         ZCatalog.catalog_object(self, w, uid, idxs=idxs, is_object_moved=is_object_moved)
         #except:
@@ -382,11 +408,12 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool):
         #  pass
 
     security.declarePrivate('reindexObject')
-    def reindexObject(self, object, idxs=[]):
+    def reindexObject(self, object, idxs=None):
         '''Update catalog after object data has changed.
         The optional idxs argument is a list of specific indexes
         to update (all of them by default).
         '''
+        if idxs is None: idxs = []
         url = self.__url(object)
         self.catalog_object(object, url, idxs=idxs)
 
@@ -402,13 +429,14 @@ class CatalogTool (UniqueObject, ZCatalog, CMFCoreCatalogTool):
         self.uncatalog_object(url)
 
     security.declarePrivate('moveObject')
-    def moveObject(self, object, idxs=[]):
+    def moveObject(self, object, idxs=None):
         """
           Reindex in catalog, taking into account
           peculiarities of ERP5Catalog / ZSQLCatalog
 
           Useless ??? XXX
         """
+        if idxs is None: idxs = []
         url = self.__url(object)
         self.catalog_object(object, url, idxs=idxs, is_object_moved=1)