From f102a57ddc799b77dab16f0baf7ca8f762aef60a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Fri, 21 Mar 2014 13:05:27 +0100
Subject: [PATCH] check for permissions when listing parent folders (#4509)

---
 src/pfwbged/folder/folder.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/pfwbged/folder/folder.py b/src/pfwbged/folder/folder.py
index ee6d007..95ae960 100644
--- a/src/pfwbged/folder/folder.py
+++ b/src/pfwbged/folder/folder.py
@@ -96,10 +96,13 @@ class Folder(Container):
 
     def parent_folders(self):
         parents = []
+        sm = getSecurityManager()
         for id, item in self.contentItems():
             if not ILink.providedBy(item):
                 continue
             if item.folder.to_object:
+                if not sm.checkPermission('View', item.folder.to_object):
+                    continue
                 parents.append(item.folder.to_object)
         return parents