not behave as expected.  Permissions granted to Anonymous didn't
necessarily get granted to other roles, for one thing.  This is an
issue especially for the CMF.  User.allowed()
is practically the same thing with the parameters reversed, so I changed
checkPermission() to call User.allowed() instead.  We should be able to
deprecate User.has_role() now.  I also implemented a minor (micro?)
optimization by calling the aq_base module function instead of using getattr().