From b282159a8e6c0feef7d4334fa9a8984bbbef3042 Mon Sep 17 00:00:00 2001
From: helmutm <helmutm@fd906abe-77d9-0310-91a1-e0d9ade77398>
Date: Sun, 26 Oct 2008 15:14:00 +0000
Subject: [PATCH] check view permission when listing menu items

git-svn-id: svn://svn.cy55.de/Zope3/src/loops/trunk@2946 fd906abe-77d9-0310-91a1-e0d9ade77398
---
 view.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/view.py b/view.py
index 1020cb8..5d36991 100644
--- a/view.py
+++ b/view.py
@@ -33,6 +33,7 @@ from zope.interface import implements
 from zope.interface import alsoProvides, directlyProvides, directlyProvidedBy
 from zope.publisher.browser import applySkin
 from zope import schema
+from zope.security import canAccess
 from zope.security.proxy import removeSecurityProxy
 from zope.traversing.api import getName, getParent
 from persistent import Persistent
@@ -147,6 +148,8 @@ class Node(View, OrderedContainer):
 
     def getChildNodes(self, nodeTypes=None):
         for item in self.values():
+            if not canAccess(item, 'title'):
+                continue
             if INode.providedBy(item) \
                     and (not nodeTypes or item.nodeType in nodeTypes):
                 yield item