Index: roundup/security.py
===================================================================
RCS file: /cvsroot/roundup/roundup/roundup/security.py,v
retrieving revision 1.14
diff -u -r1.14 security.py
--- roundup/security.py	7 Oct 2004 23:10:07 -0000	1.14
+++ roundup/security.py	12 Oct 2004 12:12:31 -0000
@@ -174,6 +174,19 @@
                     return 0
         return 1
 
+    def filterByPermission(self, id_set, permission, userid, classname):
+        """Return a list of the ids in search_matches for which the
+	user has the required permission.
+
+        "id_set" is [nodeid, ...]
+	
+	"""
+	ids_ok = []
+        for itemid in id_set:
+	    if self.hasPermission(permission, userid, classname, itemid=itemid):
+                ids_ok.append(itemid)
+        return ids_ok
+
     def addPermission(self, **propspec):
         ''' Create a new Permission with the properties defined in
             'propspec'
Index: roundup/cgi/templating.py
===================================================================
RCS file: /cvsroot/roundup/roundup/roundup/cgi/templating.py,v
retrieving revision 1.177
diff -u -r1.177 templating.py
--- roundup/cgi/templating.py	16 Sep 2004 07:07:01 -0000	1.177
+++ roundup/cgi/templating.py	12 Oct 2004 12:12:32 -0000
@@ -2100,6 +2100,8 @@
         else:
             matches = None
         l = klass.filter(matches, filterspec, sort, group)
+        l = self.client.db.security.filterByPermission(l, "View", 
+                self.client.userid, self.classname)
 
         # return the batch object, using IDs only
         return Batch(self.client, l, self.pagesize, self.startwith,