Comment 6 for bug 1236704

one thing i am not clear that the code comments has FIXME, which means we have to fix/address this issue. This means the author has intention to improve it. Reference code below.

 # FIXME(salvatore-orlando): obj_getter might return references to
            # other resources. Must check authZ on them too.
            # Omit items from list that should not be visible
            obj_list = [obj for obj in obj_list
                        if policy.check(request.context,
                                        self._plugin_handlers[self.SHOW],
                                        obj,
                                        plugin=self._plugin)]