--- sites/all/modules/cmf/cmf.module.orig	Wed Dec 01 04:04:46 2010
+++ sites/all/modules/cmf/cmf.module	Tue Aug 23 18:47:51 2011
@@ -645,6 +645,33 @@
     . drupal_render($form);
 }
 
+
+function getContentTypePermission($where,$join,$args)
+{
+$query=' ( ';
+$result = db_query("SELECT *
+FROM node_type ");
+
+while ($row = db_fetch_object($result)) {
+if (user_access('edit any '.strtolower($row->type).' content'))
+{
+$query = $query . ($query == ' ( ' ? ' ' : ' or ' ) . ' n.type = "%s"';
+$args[] = $row->type;
+}
+}
+$query = $query . ' ) ';
+
+if ($where == '')
+$where = ' WHERE ' . $query;
+else
+$where = $where  . ' and ' . $query;
+
+//drupal_set_message($where);
+
+return array('where' => $where, 'join' => $join, 'args' => $args);
+}
+
+
 /**
  *  QUERIES
  */
@@ -689,7 +716,10 @@
     $args[] = $value;
   }
   $where = count($where) ? 'WHERE '. implode(' AND ', $where) : '';
-  return array('where' => $where, 'join' => $join, 'args' => $args);
+  
+
+  
+  return getContentTypePermission($where,$join,$args);
 }
 
 /**
@@ -805,6 +835,7 @@
   }
   $cwhere = str_replace(array('n.title', 'n.uid', 'r.body'), array('c.subject', 'c.uid', 'c.comment'), $where);
 
+  
   switch ($kind) {
     case 'node':
       return pager_query('SELECT n.nid, n.title, n.type, n.status, n.created, '