From e78a5f4fc32b065350609ca844c0b2ee36a40a9c Mon Sep 17 00:00:00 2001
From: Helmut Merz <helmutm@cy55.de>
Date: Mon, 9 Dec 2013 08:46:59 +0100
Subject: [PATCH] allow hiding of object actions: restrict via permissions

---
 browser/common.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/browser/common.py b/browser/common.py
index 4c77cf5..32dee01 100644
--- a/browser/common.py
+++ b/browser/common.py
@@ -68,6 +68,7 @@ from loops.config.base import DummyOptions
 from loops.i18n.browser import I18NView
 from loops.interfaces import IResource, IView, INode, ITypeConcept
 from loops.organize.tracking import access
+from loops.organize.util import getRolesForPrincipal
 from loops.resource import Resource
 from loops.security.common import checkPermission
 from loops.security.common import canAccessObject, canListObject, canWriteObject
@@ -772,7 +773,16 @@ class BaseView(GenericView, I18NView):
 
     @Lazy
     def showObjectActions(self):
-        return not IUnauthenticatedPrincipal.providedBy(self.request.principal)
+        principal = self.request.principal
+        if IUnauthenticatedPrincipal.providedBy(principal):
+            return False
+        perms = self.globalOptions('action.object.permissions')
+        if perms:
+            for p in perms:
+                if checkPermission(p, self.context):
+                    return True
+            return False
+        return True
 
     def checkAction(self, name, category, target):
         if name in ('create_resource',):