Index: openacs-4/packages/xotcl-core/tcl/policy-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/xotcl-core/tcl/policy-procs.tcl,v
diff -u -r1.1 -r1.2
--- openacs-4/packages/xotcl-core/tcl/policy-procs.tcl	9 Mar 2007 11:02:56 -0000	1.1
+++ openacs-4/packages/xotcl-core/tcl/policy-procs.tcl	9 Mar 2007 16:32:00 -0000	1.2
@@ -62,9 +62,8 @@
       set condition [lindex $p 0]
       if {[llength $condition]>1} {
         # we have a condition
-        if {[eval $object condition $method $condition]} {
-          # the condition is true
-          #my log "--c check cond=$condition == TRUE"
+	foreach {cond value} $condition break
+        if {[$object condition=$cond $value]} {
           return [my get_privilege [lrange $p 1 end] $object $method]
         } 
       } else {
@@ -73,6 +72,18 @@
       }
     }
   }
+
+  Policy instproc get_permission {c object method} {
+    set key require_permission($method)
+    if {[$c exists $key]} {
+      set permission [$c set $key]
+    } elseif {[$c exists default_permission]} {
+      set permission [$c set default_permission]
+    } else {
+      set permission ""
+    }
+    return $permission
+  }
   
   Policy ad_instproc check_permissions {object method} {
 
@@ -89,10 +100,8 @@
     foreach class [concat [$object info class] [[$object info class] info heritage]] {
       set c [self]::[namespace tail $class]
       if {![my isclass $c]} continue
-      set key require_permission($method)
-      if {[$c exists $key]} {
-        set permission  [$c set $key]
-
+      set permission [my get_permission $c $object $method]
+      if {$permission ne ""} {
         foreach {kind p} [my get_privilege $permission $object $method] break
         switch $kind {
           primitive {return [my check_privilege -login false $p $object $method]}
@@ -124,10 +133,8 @@
     foreach class [concat [$object info class] [[$object info class] info heritage]] {
       set c [self]::[namespace tail $class]
       if {![my isclass $c]} continue
-      set key require_permission($method)
-      if {[$c exists $key]} {
-        set permission [$c set $key]
-
+      set permission [my get_permission $c $object $method]
+      if {$permission ne ""} {
         foreach {kind p} [my get_privilege $permission $object $method] break
         switch $kind {
           primitive {