Index: kernel/classes/ezcontentobject.php
===================================================================
--- kernel/classes/ezcontentobject.php	(revision 25026)
+++ kernel/classes/ezcontentobject.php	(working copy)
@@ -522,24 +522,24 @@
     /**
      * Generates a map with all the content object attributes where the keys are
      * the attribute identifiers grouped by class attribute category.
-     * 
+     *
      * @note Result is not cached, so make sure you don't call this over and over.
-     * 
-     * @return array 
+     *
+     * @return array
      */
     public function groupedDataMap()
     {
         return self::createGroupedDataMap( $this->fetchDataMap() );
     }
-    
+
     /**
      * Generates a map with all the content object attributes where the keys are
      * the attribute identifiers grouped by class attribute category.
-     * 
+     *
      * @note Result is not cached, so make sure you don't call this over and over.
-     * 
+     *
      * @param array $contentObjectAttributes Array of eZContentObjectAttribute objects
-     * @return array 
+     * @return array
      */
     public static function createGroupedDataMap( $contentObjectAttributes )
     {
@@ -559,7 +559,7 @@
                 $groupedDataMap[ $attributeCategory ] = array();
 
             $groupedDataMap[ $attributeCategory ][$attributeIdentifier] = $attribute;
-            
+
         }
         return $groupedDataMap;
     }
@@ -5895,7 +5895,7 @@
         $sql = 'SELECT ezcobj_state.id
                 FROM   ezcobj_state, ezcobj_state_group
                 WHERE  ezcobj_state.group_id = ezcobj_state_group.id
-                    AND ezcobj_state_group.identifier NOT LIKE \'ez%\'';
+                       AND ezcobj_state_group.identifier NOT LIKE \'ez%\'';
         if ( $access['accessWord'] == 'yes' )
         {
             $allowedStateIDList = $db->arrayQuery( $sql, array( 'column' => 'id' ) );
@@ -5938,6 +5938,27 @@
                             $allowed = in_array( $sectionID, $values );
                         } break;
 
+                        case 'User_Subtree':
+                        {
+                            $assignedNodes = $this->attribute( 'assigned_nodes' );
+                            foreach ( $assignedNodes as $assignedNode )
+                            {
+                                $path = $assignedNode->attribute( 'path_string' );
+                                foreach ( $policy['User_Subtree'] as $subtreeString )
+                                {
+                                    if ( strstr( $path, $subtreeString ) )
+                                    {
+                                        $allowed = true;
+                                        break;
+                                    }
+                                }
+                            }
+                            if( !$allowed )
+                            {
+                                $allowed = false;
+                            }
+                        } break;
+
                         default:
                         {
                             if ( strncmp( $ident, 'StateGroup_', 11 ) === 0 )