2 files changed, 16 insertions, 5 deletions

diff --git a/ishtar/furnitures/menus.py b/ishtar/furnitures/menus.py
index 7ed0a2408..f96ff9280 100644
--- a/ishtar/furnitures/menus.py
+++ b/ishtar/furnitures/menus.py
@@ -38,12 +38,16 @@ class MenuItem:
         self.available = False
 
     def can_be_available(self, user):
+        if not self.access_controls:
+            return True
         for access_control in self.access_controls:
             if user.has_perm('furnitures.' + access_control):
                 return True
         return False
 
     def is_available(self, user, obj=None):
+        if not self.access_controls:
+            return True
         for access_control in self.access_controls:
             if user.has_perm('furnitures.' + access_control, obj):
                 return True
diff --git a/ishtar/furnitures/views.py b/ishtar/furnitures/views.py
index 5f1c032a5..29c6e11be 100644
--- a/ishtar/furnitures/views.py
+++ b/ishtar/furnitures/views.py
@@ -21,8 +21,10 @@
 Furnitures views
 """
 
+from django.http import HttpResponse
 from django.template import RequestContext
 from django.shortcuts import render_to_response
+from django.utils.translation import ugettext, ugettext_lazy as _
 
 from ishtar import settings
 from menus import menu
@@ -34,16 +36,21 @@ def index(request):
     dct = {}
     return render_to_response('index.html', dct,
                               context_instance=RequestContext(request))
-def action(request, action):
+def action(request, action, obj=None, step=None):
     """
-    Main page
+    Action management
     """
-
+    if obj and not menu.items[action].is_available(request.user, obj) or \
+       not menu.items[action].can_be_available(request.user):
+        not_permitted_msg = ugettext(u"Operation not permitted.")
+        return HttpResponse(not_permitted_msg)
     dct = {'current_action':action}
+    globals_dct = globals()
+    if action in globals_dct:
+        return globals_dct[action](request, dct, obj, step)
     return render_to_response('index.html', dct,
                               context_instance=RequestContext(request))
 
-def file_creation(request):
-    dct = {'current_action':'file_creation'}
+def file_creation(request, dct, obj, step):
     return render_to_response('index.html', dct,
                               context_instance=RequestContext(request))