--- a/src/ldt/ldt/security/manager.py	Tue Nov 15 12:47:13 2011 +0100
+++ b/src/ldt/ldt/security/manager.py	Wed Nov 16 12:34:49 2011 +0100
@@ -1,6 +1,6 @@
 from django.db.models import Manager
-from guardian.core import ObjectPermissionChecker
 from guardian.shortcuts import get_objects_for_user
+from utils import get_current_user
 
 class SafeManager(Manager):
     
@@ -9,22 +9,25 @@
         if user:
             self.check_perm_for(user)
         else:
-            self.user = None   
+            self.user = get_current_user()
     
     def check_perm_for(self, user):
         self.user = user
-        self.checker = ObjectPermissionChecker(self.user)
         
     def stop_checking(self):
         self.user = None
       
     def has_user(self):
         return self.user != None
-    
+            
     def get_query_set(self):        
         if not self.has_user():
-            raise AttributeError("A user has to be chosen to check permissions.")
+            return super(SafeManager, self).get_query_set()
+        #    raise AttributeError("A user has to be chosen to check permissions.")
+        
+        perm_name = 'ldt_utils.view_%s' % self.model.__name__.lower() 
         
-        user_objects = get_objects_for_user(self.user, 'ldt_utils.view_%s' % self.model_name)
+        # call parent query_set below
+        user_objects = get_objects_for_user(self.user, perm_name) 
             
-        return user_objects 
\ No newline at end of file
+        return user_objects

--- a/src/ldt/ldt/security/middleware.py	Tue Nov 15 12:47:13 2011 +0100
+++ b/src/ldt/ldt/security/middleware.py	Wed Nov 16 12:34:49 2011 +0100
@@ -1,24 +1,19 @@
 from django.conf import settings
 from django.core.exceptions import MiddlewareNotUsed
-from ldt.security.utils import protect_models, unprotect_models
+from ldt.security.utils import protect_models, unprotect_models, _thread_locals
 
-try:
-    from threading import local
-except ImportError:
-    from django.utils._threading_local import local
-    
-_thread_locals = local()
-    
 class SecurityMiddleware(object):
     
     def __init__(self):
         if not hasattr(settings, 'USE_GROUP_PERMISSIONS') or not settings.USE_GROUP_PERMISSIONS:
             raise MiddlewareNotUsed()
 
-    def process_request(self, request):    
-        protect_models(request.user)      
+    def process_request(self, request):
+        _thread_locals.user = request.user 
+        protect_models()      
     
     def process_response(self, request, response):
         unprotect_models()
-        
+        del _thread_locals.user
+                
         return response
\ No newline at end of file

--- a/src/ldt/ldt/security/utils.py	Tue Nov 15 12:47:13 2011 +0100
+++ b/src/ldt/ldt/security/utils.py	Wed Nov 16 12:34:49 2011 +0100
@@ -3,45 +3,64 @@
 from django.contrib.auth.models import Group
 from guardian.shortcuts import assign, remove_perm
 
-def protect_models(user):
-    for cls in get_models_to_protect():
+try:
+    from threading import local
+except ImportError:
+    from django.utils._threading_local import local
+    
+_thread_locals = local()
+
+def get_current_user():
+    return getattr(_thread_locals, 'user', None)
+
+def protect_models():
+    user = get_current_user()
+    for cls in ToProtect.get_models():
             protect_model(cls, user)
     
 def unprotect_models():
-    for cls in get_models_to_protect():
+    for cls in ToProtect.get_models():
             unprotect_model(cls)
 
-def get_models_to_protect():        
-    to_protect = []
+class ToProtect(object):
+    
+    @staticmethod
+    def get_models():
+        if hasattr(ToProtect, 'cls_list'):
+            return ToProtect.cls_list
         
-    for cls_name in settings.USE_GROUP_PERMISSIONS:
-        cls_type = ContentType.objects.get(app_label="ldt_utils", model=cls_name.lower())
-        to_protect.append(cls_type.model_class())
-    return to_protect
+        cls_list = []
+        for cls_name in settings.USE_GROUP_PERMISSIONS:
+            cls_type = ContentType.objects.get(app_label='ldt_utils', model=cls_name.lower())
+            cls_list.append(cls_type.model_class())
+        ToProtect.cls_list = cls_list
+        
+        return cls_list
 
 def protect_model(cls, user):   
     cls.safe_objects.check_perm_for(user)
-     
-    cls.base_save = cls.save
-    cls.base_delete = cls.delete
+    
+    cls.old_save = cls.save
+    cls.old_delete = cls.delete
     class_name = cls.__name__.lower()
-    cls.save = change_security(user, class_name)(cls.save)
-    cls.delete = change_security(user, class_name)(cls.delete)    
+    cls.save = change_security(class_name)(cls.save)
+    cls.delete = change_security(class_name)(cls.delete)    
     
 def unprotect_model(cls):    
-    if hasattr(cls, 'base_save'):
-        cls.save = cls.base_save 
-        cls.delete = cls.base_delete
-        del cls.base_save    
-        del cls.base_delete
+    if hasattr(cls, 'old_save'):
+        cls.save = cls.old_save 
+        cls.delete = cls.old_delete 
+        del cls.old_save    
+        del cls.old_delete 
         
-def change_security(user, cls_name):
+def change_security(cls_name):
     def wrapper(func):
         def wrapped(self, *args, **kwargs):
-            
+            user = get_current_user()                        
+                        
             if self.pk and not user.has_perm('change_%s' % cls_name, self):
                 raise AttributeError('User %s is not allowed to change object %s' % (user, self))
-            
+      
             return func(self, *args, **kwargs)
         return wrapped    
     return wrapper
@@ -55,4 +74,5 @@
                 assign('change_project', group, project)
         else:
             remove_perm('view_project', group, project)
-            remove_perm('change_project', group, project) 
\ No newline at end of file
+            remove_perm('change_project', group, project) 
+            
\ No newline at end of file