diff --git a/browser/common.py b/browser/common.py
index 6cc1acd..d353609 100644
--- a/browser/common.py
+++ b/browser/common.py
@@ -239,18 +239,19 @@ class BaseView(GenericView):
 
     def openEditWindow(self, viewName='edit.html'):
         if self.editable:
-            return "openEditWindow('%s/@@%s')" % (self.url, viewName)
+            #if self.request.principal.id == 'rootadmin'
+                return "openEditWindow('%s/@@%s')" % (self.url, viewName)
         return ''
 
     @Lazy
     def xeditable(self):
-        return self.request.principal.id == 'rootadmin'
-        #return getattr(self.context, 'contentType', '').startswith('text/')
+        ct = getattr(self.context, 'contentType', '')
+        if ct.startswith('text/'):
+            return self.request.principal.id == 'rootadmin'
+        return canWrite(self.context, 'title')
 
     @Lazy
     def inlineEditingActive(self):
-        #return False
-        #return self.request.principal.id == 'rootadmin'
         # this may depend on system and user settings...
         return True
 
diff --git a/browser/concept.py b/browser/concept.py
index 7a5eacb..b3e114f 100644
--- a/browser/concept.py
+++ b/browser/concept.py
@@ -30,6 +30,7 @@ from zope.app.container.contained import ObjectRemovedEvent
 from zope.app.form.browser.interfaces import ITerms
 from zope.app.form.interfaces import IDisplayWidget
 from zope.app.pagetemplate import ViewPageTemplateFile
+from zope.app.security.interfaces import IUnauthenticatedPrincipal
 from zope.cachedescriptors.property import Lazy
 from zope.dottedname.resolve import resolve
 from zope.event import notify
@@ -80,7 +81,8 @@ class ConceptView(BaseView):
     def __init__(self, context, request):
         super(ConceptView, self).__init__(context, request)
         cont = self.controller
-        if cont is not None:
+        if (cont is not None and not IUnauthenticatedPrincipal.providedBy(
+                                                    self.request.principal)):
             cont.macros.register('portlet_right', 'parents', title='Parents',
                          subMacro=self.template.macros['parents'],
                          position=0, info=self)
diff --git a/browser/node.py b/browser/node.py
index 8ad8b81..164018a 100644
--- a/browser/node.py
+++ b/browser/node.py
@@ -76,7 +76,8 @@ class NodeView(BaseView):
         cm.register('js', 'loops.js', resourceName='loops.js')
         cm.register('portlet_left', 'navigation', title='Navigation',
                     subMacro=self.template.macros['menu'])
-        if not IUnauthenticatedPrincipal.providedBy(self.request.principal):
+        #if not IUnauthenticatedPrincipal.providedBy(self.request.principal):
+        if canWrite(self.context, 'title'):
             #cm.register('portlet_right', 'clipboard', title='Clipboard',
             #            subMacro=self.template.macros['clipboard'])
             # this belongs to loops.organize; how to register portlets
diff --git a/browser/node_macros.pt b/browser/node_macros.pt
index f3d0817..46b1d5b 100644
--- a/browser/node_macros.pt
+++ b/browser/node_macros.pt
@@ -30,7 +30,7 @@
                      style="float: right; border: 1px solid #ccc;
                             margin-top: 1em">
                   <span id="xedit_icon"
-                       tal:condition="item/xeditable | nothing">
+                       tal:condition="target/xeditable | nothing">
                     <a href="#" title="Edit" style="padding: 5px"
                        tal:attributes="href string:${item/realTargetUrl}/external_edit;
                                        title string:Edit '${target/title}' with External Editor"><img
diff --git a/browser/resource_macros.pt b/browser/resource_macros.pt
index 76cc4ef..a33beef 100644
--- a/browser/resource_macros.pt
+++ b/browser/resource_macros.pt
@@ -32,10 +32,10 @@
 
 <metal:block define-macro="image">
   <div tal:attributes="ondblclick python: item.openEditWindow('edit.html')">
-    <h3 tal:content="item/title">Title</h3>
-    <p><i tal:content="item/description">Description</i></p>
+    <h3 tal:content="item/title">Title</h3><br />
     <img src="#"
          tal:attributes="src string:${view/url}/.target${view/targetId}/view" />
+    <p><i tal:content="item/description">Description</i></p>
   </div>
 </metal:block>
 
diff --git a/helpers.txt b/helpers.txt
index 3887e5d..05fce3a 100755
--- a/helpers.txt
+++ b/helpers.txt
@@ -386,7 +386,14 @@ Now we are ready to set up a view on our page node:
 
 The elements responsible for presentation are controlled by a controller
 object; note that we have to provide a named template 'loops.node_macros' that
-is used to retrieve a macro used by NodeView:
+is used to retrieve a macro used by NodeView.
+
+As the display of the standard macros is controlled by permissions we have
+to install a checker first.
+
+  >>> from zope.security.checker import NamesChecker, defineChecker
+  >>> nodeChecker = NamesChecker(('body', 'title',))
+  >>> defineChecker(Node, nodeChecker)
 
   >>> from cybertools.browser.controller import Controller
   >>> from loops.browser.util import node_macros