def doActionFor(self, ob, action, comment=''):
        '''
        Allows the user to request a workflow action.  This method
        must perform its own security checks.
        '''
        allow_review = _checkPermission('Review portal content', ob)
        allow_request = _checkPermission('Request review', ob)
        review_state = self.getReviewStateOf(ob)
        tool = aq_parent(aq_inner(self))

        if action == 'submit':
            if not allow_request or review_state != 'private':
                raise 'Unauthorized'
            self.setReviewStateOf(ob, 'pending', action, comment)

        elif action == 'retract':
            if not allow_request or review_state == 'private':
                raise 'Unauthorized'
            content_creator = ob.Creator()
            pm = getToolByName(self, 'portal_membership')
            current_user = pm.getAuthenticatedMember().getUserName()
            if content_creator != current_user:
                raise 'Unauthorized'
            self.setReviewStateOf(ob, 'private', action, comment)

        elif action == 'publish':
            if not allow_review:
                raise 'Unauthorized'
            self.setReviewStateOf(ob, 'published', action, comment)

        elif action == 'reject':
            if not allow_review:
                raise 'Unauthorized'
            self.setReviewStateOf(ob, 'private', action, comment)

    def listUndoableTransactionsFor(self, object,
                                    first_transaction=None,
                                    last_transaction=None,
                                    PrincipiaUndoBatchSize=None):
        '''Lists all transaction IDs the user is allowed to undo.
        '''
        # arg list for undoable_transactions() changed in Zope 2.2.
        portal = queryUtility(ISiteRoot)
        if site is None:
            # fallback
            portal = self.aq_inner.aq_parent

        transactions = portal.undoable_transactions(
            first_transaction=first_transaction,
            last_transaction=last_transaction,
            PrincipiaUndoBatchSize=PrincipiaUndoBatchSize)
        for t in transactions:
            # Ensure transaction ids don't have embedded LF.
            t['id'] = t['id'].replace('\n', '')
        if not _checkPermission(ManagePortal, portal):
            # Filter out transactions done by other members of the portal.
            user_id = _getAuthenticatedUser(self).getId()
            transactions = filter(
                lambda record, user_id=user_id:
                record['user_name'].split()[-1] == user_id,
                transactions
                )
        return transactions

    def listGlobalActions(self, info):
        '''
        Allows this workflow to
        include actions to be displayed in the actions box.
        Called on every request.
        Returns the actions to be displayed to the user.
        '''
        if (info.isAnonymous or not _checkPermission(
            'Review portal content', info.portal)):
            return None

        actions = []
        catalog = getToolByName(self, 'portal_catalog', None)
        if catalog is not None:
            pending = len(catalog.searchResults(
                review_state='pending'))
            if pending > 0:
                actions.append(
                    {'name': 'Pending review (%d)' % pending,
                     'url': info.portal_url +
                     '/search?review_state=pending',
                     'permissions': (),
                     'category': 'global'}
                    )
        return actions

 def checkPermission(self, permissionName, object, subobjectName=None):
     '''
     Checks whether the current user has the given permission on
     the given object or subobject.
     '''
     if subobjectName is not None:
         object = getattr(object, subobjectName)
     return _checkPermission(permissionName, object)

 def listDAVObjects(self):
     # List sub-objects for PROPFIND requests.
     # (method is without docstring to disable publishing)
     #
     if _checkPermission(ManagePortal, self):
         return self.objectValues()
     else:
         return self.listFolderContents()

 def _verifyActionPermissions(self, action):
     pp = action.get('permissions', ())
     if not pp:
         return 1
     for p in pp:
         if _checkPermission(p, self):
             return 1
     return 0

    def _verifyObjectPaste(self, object, validate_src=1):
        # This assists the version in OFS.CopySupport.
        # It enables the clipboard to function correctly
        # with objects created by a multi-factory.
        if (hasattr(object, '__factory_meta_type__') and
            hasattr(self, 'all_meta_types')):
            mt = object.__factory_meta_type__
            method_name=None
            permission_name = None
            meta_types = self.all_meta_types
            if callable(meta_types): meta_types = meta_types()
            for d in meta_types:
                if d['name']==mt:
                    method_name=d['action']
                    permission_name = d.get('permission', None)
                    break

            if permission_name is not None:
                if _checkPermission(permission_name,self):
                    if not validate_src:
                        # We don't want to check the object on the clipboard
                        return
                    try: parent = aq_parent(aq_inner(object))
                    except: parent = None
                    if getSecurityManager().validate(None, parent,
                                                     None, object):
                        # validation succeeded
                        return
                    raise 'Unauthorized', object.getId()
                else:
                    raise 'Unauthorized', permission_name
            #
            # Old validation for objects that may not have registered 
            # themselves in the proper fashion.
            #
            elif method_name is not None:
                meth=self.unrestrictedTraverse(method_name)
                if hasattr(meth, 'im_self'):
                    parent = meth.im_self
                else:
                    try:    parent = aq_parent(aq_inner(meth))
                    except: parent = None
                if getSecurityManager().validate(None, parent, None, meth):
                    # Ensure the user is allowed to access the object on the
                    # clipboard.
                    if not validate_src:
                        return
                    try: parent = aq_parent(aq_inner(object))
                    except: parent = None
                    if getSecurityManager().validate(None, parent,
                                                     None, object):
                        return
                    id = object.getId()
                    raise 'Unauthorized', id
                else:
                    raise 'Unauthorized', method_name
        PortalFolder.inheritedAttribute(
            '_verifyObjectPaste')(self, object, validate_src)

    def searchResults(self, REQUEST=None, **kw):
        """
            Calls ZCatalog.searchResults with extra arguments that
            limit the results to what the user is allowed to see.
        """
        user = _getAuthenticatedUser(self)
        kw[ 'allowedRolesAndUsers' ] = self._listAllowedRolesAndUsers( user )

        if not _checkPermission( AccessInactivePortalContent, self ):
            base = aq_base( self )
            now = DateTime()

            self._convertQuery(kw)

            # Intersect query restrictions with those implicit to the tool
            for k in 'effective', 'expires':
                if kw.has_key(k):
                    range = kw[k]['range'] or ''
                    query = kw[k]['query']
                    if (not isinstance(query, TupleType) and
                        not isinstance(query, ListType)):
                        query = (query,)
                else:
                    range = ''
                    query = None
                if range.find('min') > -1:
                    lo = min(query)
                else:
                    lo = None
                if range.find('max') > -1:
                    hi = max(query)
                else:
                    hi = None
                if k == 'effective':
                    if hi is None or hi > now:
                        hi = now
                    if lo is not None and hi < lo:
                        return ()
                else: # 'expires':
                    if lo is None or lo < now:
                        lo = now
                    if hi is not None and hi < lo:
                        return ()
                # Rebuild a query
                if lo is None:
                    query = hi
                    range = 'max'
                elif hi is None:
                    query = lo
                    range = 'min'
                else:
                    query = (lo, hi)
                    range = 'min:max'
                kw[k] = {'query': query, 'range': range}

        return ZCatalog.searchResults(self, REQUEST, **kw)

    def getInfoFor(self, ob, name, default):
        '''
        Allows the user to request information provided by the
        workflow.  This method must perform its own security checks.
        '''
        # Treat this as public.
        if name == 'review_state':
            return self.getReviewStateOf(ob)

        allow_review = _checkPermission('Review portal content', ob)
        allow_request = _checkPermission('Request review', ob)
        if not allow_review and not allow_request:
            return default

        elif name == 'review_history':
            tool = aq_parent(aq_inner(self))
            history = tool.getHistoryOf(self.id, ob)
            # Make copies for security.
            return tuple(map(lambda dict: dict.copy(), history))

 def getCandidateLocalRoles(self, obj):
     """ What local roles can I assign?
     """
     member = self.getAuthenticatedMember()
     member_roles = member.getRolesInContext(obj)
     if _checkPermission(ManageUsers, obj):
         local_roles = self.getPortalRoles()
         if "Manager" not in member_roles:
             local_roles.remove("Manager")
     else:
         local_roles = [role for role in member_roles if role not in ("Member", "Authenticated")]
     local_roles.sort()
     return tuple(local_roles)

    def searchResults(self, REQUEST=None, **kw):
        """
            Calls ZCatalog.searchResults with extra arguments that
            limit the results to what the user is allowed to see.
        """
        user = _getAuthenticatedUser(self)
        kw[ 'allowedRolesAndUsers' ] = self._listAllowedRolesAndUsers( user )

        if not _checkPermission( AccessInactivePortalContent, self ):
            now = DateTime()
            kw['effective'] = {'query': now, 'range': 'max'}
            kw['expires'] = {'query': now, 'range': 'min'}

        return ZCatalog.searchResults(self, REQUEST, **kw)

    def listActionInfos(self, action_chain=None, object=None,
                        check_visibility=1, check_permissions=1,
                        check_condition=1, max=-1):
        # List Action info mappings.
        # (method is without docstring to disable publishing)
        #
        ec = getExprContext(self, object)
        actions = self.listActions(object=object)

        if action_chain:
            filtered_actions = []
            if isinstance(action_chain, StringType):
                action_chain = (action_chain,)
            for action_ident in action_chain:
                sep = action_ident.rfind('/')
                category, id = action_ident[:sep], action_ident[sep+1:]
                for ai in actions:
                    if id == ai.getId() and category == ai.getCategory():
                        filtered_actions.append(ai)
            actions = filtered_actions

        action_infos = []
        for ai in actions:
            if check_visibility and not ai.getVisibility():
                continue
            if check_permissions:
                permissions = ai.getPermissions()
                if permissions:
                    category = ai.getCategory()
                    if (object is not None and
                        (category.startswith('object') or
                         category.startswith('workflow'))):
                        context = object
                    elif (ec.contexts['folder'] is not None and
                          category.startswith('folder')):
                        context = ec.contexts['folder']
                    else:
                        context = ec.contexts['portal']
                    for permission in permissions:
                        allowed = _checkPermission(permission, context)
                        if allowed:
                            break
                    if not allowed:
                        continue
            if check_condition and not ai.testCondition(ec):
                continue
            action_infos.append( ai.getAction(ec) )
            if max + 1 and len(action_infos) >= max:
                break
        return action_infos

    def _checkId(self, id, allow_dup=0):
        PortalFolder.inheritedAttribute('_checkId')(self, id, allow_dup)

        # This method prevents people other than the portal manager
        # from overriding skinned names.
        if not allow_dup:
            if not _checkPermission(ManagePortal, self):
                ob = self
                while ob is not None and not getattr(ob, '_isPortalRoot', 0):
                    ob = aq_parent(aq_inner(ob))
                if ob is not None:
                    # If the portal root has an object by this name,
                    # don't allow an override.
                    # FIXME: needed to allow index_html for join code
                    if hasattr(ob, id) and id != 'index_html':
                        raise BadRequest('The id "%s" is reserved.' % id)

    def setLocalRoles(self, obj, member_ids, member_role, reindex=1, REQUEST=None):
        """ Add local roles on an item.
        """
        if _checkPermission(ChangeLocalRoles, obj) and member_role in self.getCandidateLocalRoles(obj):
            for member_id in member_ids:
                roles = list(obj.get_local_roles_for_userid(userid=member_id))

                if member_role not in roles:
                    roles.append(member_role)
                    obj.manage_setLocalRoles(member_id, roles)

        if reindex:
            # It is assumed that all objects have the method
            # reindexObjectSecurity, which is in CMFCatalogAware and
            # thus PortalContent and PortalFolder.
            obj.reindexObjectSecurity()

    def deleteLocalRoles(self, obj, member_ids, reindex=1, recursive=0):
        """ Delete local roles of specified members.
        """
        if _checkPermission(ChangeLocalRoles, obj):
            for member_id in member_ids:
                if obj.get_local_roles_for_userid(userid=member_id):
                    obj.manage_delLocalRoles(userids=member_ids)
                    break

        if recursive and hasattr( aq_base(obj), 'contentValues' ):
            for subobj in obj.contentValues():
                self.deleteLocalRoles(subobj, member_ids, 0, 1)

        if reindex:
            # reindexObjectSecurity is always recursive
            obj.reindexObjectSecurity()

    def createMemberArea(self, member_id=''):
        """ Create a member area for 'member_id' or authenticated user.
        """
        if not self.getMemberareaCreationFlag():
            return None
        members = self.getMembersFolder()
        if not members:
            return None
        if self.isAnonymousUser():
            return None
        # Note: We can't use getAuthenticatedMember() and getMemberById()
        # because they might be wrapped by MemberDataTool.
        user = _getAuthenticatedUser(self)
        user_id = user.getId()
        if member_id in ('', user_id):
            member = user
            member_id = user_id
        else:
            if _checkPermission(ManageUsers, self):
                member = self.acl_users.getUserById(member_id, None)
                if member:
                    member = member.__of__(self.acl_users)
                else:
                    raise ValueError('Member %s does not exist' % member_id)
            else:
                return None
        if hasattr( aq_base(members), member_id ):
            return None
        else:
            f_title = "%s's Home" % member_id
            members.manage_addPortalFolder( id=member_id, title=f_title )
            f=getattr(members, member_id)

            f.manage_permission(View,
                                ['Owner','Manager','Reviewer'], 0)
            f.manage_permission(AccessContentsInformation,
                                ['Owner','Manager','Reviewer'], 0)

            # Grant Ownership and Owner role to Member
            f.changeOwnership(member)
            f.__ac_local_roles__ = None
            f.manage_setLocalRoles(member_id, ['Owner'])
        return f

    def _checkPermissions(self):
        """ Check permissions in the current context.
        """
        category = self['category']
        object = self._ec.contexts['object']
        if object is not None and ( category.startswith('object') or
                                    category.startswith('workflow') ):
            context = object
        else:
            folder = self._ec.contexts['folder']
            if folder is not None and category.startswith('folder'):
                context = folder
            else:
                context = self._ec.contexts['portal']

        for permission in self['permissions']:
            if _checkPermission(permission, context):
                return True
        return False

    def deleteMembers(self, member_ids, delete_memberareas=1,
                      delete_localroles=1, REQUEST=None):
        """ Delete members specified by member_ids.
        """
        # XXX: this method violates the rules for tools/utilities:
        # it depends on a non-utility tool

        # Delete members in acl_users.
        acl_users = self.acl_users
        if _checkPermission(ManageUsers, acl_users):
            if isinstance(member_ids, basestring):
                member_ids = (member_ids,)
            member_ids = list(member_ids)
            for member_id in member_ids[:]:
                if not acl_users.getUserById(member_id, None):
                    member_ids.remove(member_id)
            try:
                acl_users.userFolderDelUsers(member_ids)
            except (AttributeError, NotImplementedError, 'NotImplemented'):
                raise NotImplementedError('The underlying User Folder '
                                         'doesn\'t support deleting members.')
        else:
            raise AccessControl_Unauthorized('You need the \'Manage users\' '
                                 'permission for the underlying User Folder.')

        # Delete member data in portal_memberdata.
        mdtool = getToolByName(self, 'portal_memberdata', None)
        if mdtool is not None:
            for member_id in member_ids:
                mdtool.deleteMemberData(member_id)

        # Delete members' home folders including all content items.
        if delete_memberareas:
            for member_id in member_ids:
                 self.deleteMemberArea(member_id)

        # Delete members' local roles.
        if delete_localroles:
            self.deleteLocalRoles( getUtility(ISiteRoot), member_ids,
                                   reindex=1, recursive=1 )

        return tuple(member_ids)

    def _checkPermissions(self, ec):
        """ Check permissions in the current context.
        """
        category = self["category"]
        object = ec.contexts["object"]
        if object is not None and (
            category.startswith("object") or category.startswith("workflow") or category.startswith("document")
        ):
            context = object
        else:
            folder = ec.contexts["folder"]
            if folder is not None and category.startswith("folder"):
                context = folder
            else:
                context = ec.contexts["portal"]

        for permission in self._permissions:
            if _checkPermission(permission, context):
                return True
        return False

    def searchResults(self, REQUEST=None, **kw):
        """
            Calls ZCatalog.searchResults with extra arguments that
            limit the results to what the user is allowed to see.
        """
        user = _getAuthenticatedUser(self)
        kw[ 'allowedRolesAndUsers' ] = self._listAllowedRolesAndUsers( user )

        if not _checkPermission( AccessInactivePortalContent, self ):
            base = aq_base( self )
            now = DateTime()
            if hasattr( base, 'addIndex' ):   # Zope 2.4 and above
                kw[ 'effective' ] = { 'query' : now, 'range' : 'max' }
                kw[ 'expires'   ] = { 'query' : now, 'range' : 'min' }
            else:                             # Zope 2.3
                kw[ 'effective'      ] = kw[ 'expires' ] = now
                kw[ 'effective_usage'] = 'range:max'
                kw[ 'expires_usage'  ] = 'range:min'

        return apply(ZCatalog.searchResults, (self, REQUEST), kw)