Catalog security is based on the permission on 'View' and not on 'Access Content Permission', which was a major error.
Catalog is designed to be used with the user interface, and every object returned by portal_catalog should be viewable.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@10394 20353a03-c40f-0410-a6d1-a30d3c3de9de