This method will in most instances return 1 if the specified user can view a particular object. You have to give it a string path of the object relative to the current context. It will handle url type paths as well ie <!--#if "canView('folder/index_html', AUTHENTICATED_USER)"--> and <!--#if "canView('folder.index_html', AUTHENTICATED_USER)"--> will both work. I think this will give the correct result in most cases. However I stil think it should be an built in method as I think the code below is quite slow and if the real user validation code is done at the C level then it would be better to use that. from AccessControl.Permission import Permission import string def canViewObj(SomeObject, userRoles): if hasattr(SomeObject,'_View_Permission'): Roles = getattr(SomeObject,'_View_Permission') if 'Anonymous' in Roles: return 1 else: for i in userRoles: if i in Roles: return 1 # ok, try parents if SomeObject.acquiredRolesAreUsedBy('View') != '': return canViewObj(SomeObject.aq_parent, userRoles) else: return 0 elif hasattr(SomeObject, 'aq_parent'): return canViewObj(SomeObject.aq_parent, userRoles) else: return 1 # Not sure about this case. def canView(self, objName, AUTHENTICATED_USER): objName = 'self.'+string.replace(objName,'/','.') objName = string.replace(objName,'..','.') try: SomeObject = eval(objName) except: return 0 return canViewObj(SomeObject, AUTHENTICATED_USER.getRoles())