diff --git a/product/CMFCategory/CategoryTool.py b/product/CMFCategory/CategoryTool.py
index 830ac42a7ea876f56cc30dbf219f3edb42c14692..c2b8d46e0774e5302e19216dea29417baa602d58 100644
--- a/product/CMFCategory/CategoryTool.py
+++ b/product/CMFCategory/CategoryTool.py
@@ -1295,36 +1295,30 @@ class CategoryTool( UniqueObject, Folder, Base ):
         for base_category in base_category_list:
           category_list.append("%s/%s" % (base_category, context.getRelativeUrl()))
 
-      # XXX TODO Only 'View' permission filtering is implemented now
-      query = None
-      if checked_permission is not None:
-        if isinstance(checked_permission, str):
-          checked_permission = (checked_permission, )
-        if 'View' in checked_permission:
-          # Use catalog for checking the View permission
-          query = self.portal_catalog.getSecurityQuery()
-      if query is not None:
-        query = self.portal_catalog.buildSQLQuery(query=query)
-        # XXX Is Base_zSearchRelatedObjectsByCategoryList still usefull ?
-        # It may possible to call portal catalog directly
-        # Base_zSearchRelatedObjectsByCategoryList add a dependency to ERP5
-        brain_result = self.Base_zSearchRelatedObjectsByCategoryList(
-                             category_list=category_list,
-                             portal_type=portal_type,
-                             strict_membership=strict_membership,
-                             where_expression=query['where_expression'],
-                             order_by_expression=query['order_by_expression'],)
-      else:
-        brain_result = self.Base_zSearchRelatedObjectsByCategoryList(
-                             category_list=category_list,
-                             portal_type=portal_type,
-                             strict_membership=strict_membership)
+      brain_result = self.Base_zSearchRelatedObjectsByCategoryList(
+                           category_list=category_list,
+                           portal_type=portal_type,
+                           strict_membership=strict_membership)
 
       result = []
-      for b in brain_result:
-        o = b.getObject()
-        if o is not None:
-          result.append(o)
+      if checked_permission is None:
+        # No permission to check
+        for b in brain_result:
+          o = b.getObject()
+          if o is not None:
+            result.append(o)
+      else:
+        # Check permissions on object
+        if isinstance(checked_permission, str):
+          checked_permission = (checked_permission, )
+          checkPermission = self.portal_membership.checkPermission
+          for b in brain_result:
+            obj = b.getObject()
+            if obj is not None:
+              for permission in checked_permission:
+                if not checkPermission(permission, obj):
+                  break
+                result.append(obj)
 
       return result
       # XXX missing filter and **kw stuff