diff --git a/SeedDMS_Core/Core/inc.ClassDMS.php b/SeedDMS_Core/Core/inc.ClassDMS.php
index 92b57866c..d7f59a120 100644
--- a/SeedDMS_Core/Core/inc.ClassDMS.php
+++ b/SeedDMS_Core/Core/inc.ClassDMS.php
@@ -146,6 +146,13 @@ class SeedDMS_Core_DMS {
 	 */
 	public $viewOnlineFileTypes;
 
+	/**
+	 * @var array $noReadForStatus list of status without read right
+	 *      online
+	 * @access public
+	 */
+	public $noReadForStatus;
+
 	/**
 	 * @var string $version version of pear package
 	 * @access public
@@ -231,6 +238,12 @@ class SeedDMS_Core_DMS {
 	/**
 	 * Filter objects out which are not accessible in a given mode by a user.
 	 *
+	 * This function can be used for documents and folders and calls
+	 * {@link SeedDMS_Core_Folder::getAccessMode()} or
+	 * {@link SeedDMS_Core_Document::getAccessMode()}. A document is also
+	 * filtered out if it has no latest content, which can happen if access
+	 * on documents in a certain state has been restricted.
+	 *
 	 * @param array $objArr list of objects (either documents or folders)
 	 * @param object $user user for which access is checked
 	 * @param integer $minMode minimum access mode required
@@ -242,8 +255,15 @@ class SeedDMS_Core_DMS {
 		}
 		$newArr = array();
 		foreach ($objArr as $obj) {
-			if ($obj->getAccessMode($user) >= $minMode)
-				array_push($newArr, $obj);
+			if ($obj->getAccessMode($user) >= $minMode) {
+				$dms = $obj->_dms;
+				if(get_class($obj) == $dms->getClassname('document')) {
+					if($obj->getLatestContent())
+						array_push($newArr, $obj);
+				} else {
+					array_push($newArr, $obj);
+				}
+			}
 		}
 		return $newArr;
 	} /* }}} */
@@ -358,6 +378,7 @@ class SeedDMS_Core_DMS {
 		$this->forceRename = false;
 		$this->enableConverting = false;
 		$this->convertFileTypes = array();
+		$this->noReadForStatus = array();
 		$this->classnames = array();
 		$this->classnames['folder'] = 'SeedDMS_Core_Folder';
 		$this->classnames['document'] = 'SeedDMS_Core_Document';
@@ -563,6 +584,19 @@ class SeedDMS_Core_DMS {
 		$this->user = $user;
 	} /* }}} */
 
+	/**
+	 * Get the logged in user
+	 *
+	 * If user authentication was done externally, this function can
+	 * be used to tell the dms who is currently logged in.
+	 *
+	 * @return object $user
+	 *
+	 */
+	function getLoggedInUser() { /* {{{ */
+		return $this->user;
+	} /* }}} */
+
 	/**
 	 * Return a document by its id
 	 *
diff --git a/SeedDMS_Core/Core/inc.ClassDocument.php b/SeedDMS_Core/Core/inc.ClassDocument.php
index 8e876d928..349b911a3 100644
--- a/SeedDMS_Core/Core/inc.ClassDocument.php
+++ b/SeedDMS_Core/Core/inc.ClassDocument.php
@@ -199,6 +199,16 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
 	 */
 	protected $_sequence;
 
+	/**
+	 * @var object temp. storage for latestcontent
+	 */
+	protected $_latestContent;
+
+	/**
+	 * @var array temp. storage for content
+	 */
+	protected $_content;
+
 	function __construct($id, $name, $comment, $date, $expires, $ownerID, $folderID, $inheritAccess, $defaultAccess, $locked, $keywords, $sequence) { /* {{{ */
 		parent::__construct($id);
 		$this->_name = $name;
@@ -214,6 +224,8 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
 		$this->_sequence = $sequence;
 		$this->_categories = array();
 		$this->_notifyList = array();
+		$this->_latestContent = null;
+		$this->_content = null;
 	} /* }}} */
 
 	public static function getInstance($id, $dms) { /* {{{ */
@@ -1560,8 +1572,8 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
 			return false;
 		}
 
-		unset($this->_content);
-		unset($this->_latestContent);
+		$this->_content = null;
+		$this->_latestContent = null;
 		$content = $this->getLatestContent($contentID);
 //		$content = new SeedDMS_Core_DocumentContent($contentID, $this, $version, $comment, $date, $user->getID(), $dir, $orgFileName, $fileType, $mimeType, $filesize, $checksum);
 		if($workflow)
@@ -1736,8 +1748,8 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
 			return false;
 		}
 
-		unset($this->_content);
-		unset($this->_latestContent);
+		$this->_content = null;
+		$this->_latestContent = null;
 		$db->commitTransaction();
 
 		return true;
@@ -1746,7 +1758,9 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
 	/**
 	 * Return all content elements of a document
 	 *
-	 * This functions returns an array of content elements ordered by version
+	 * This functions returns an array of content elements ordered by version.
+	 * Version which are not accessible because of its status, will be filtered
+	 * out.
 	 *
 	 * @return array list of objects of class SeedDMS_Core_DocumentContent
 	 */
@@ -1760,8 +1774,17 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
 				return false;
 
 			$this->_content = array();
-			foreach ($resArr as $row)
-				array_push($this->_content, new SeedDMS_Core_DocumentContent($row["id"], $this, $row["version"], $row["comment"], $row["date"], $row["createdBy"], $row["dir"], $row["orgFileName"], $row["fileType"], $row["mimeType"], $row['fileSize'], $row['checksum'], $row['revisiondate']));
+			$classname = $this->_dms->getClassname('documentcontent');
+			$user = $this->_dms->getLoggedInUser();
+			foreach ($resArr as $row) {
+				$content = new $classname($row["id"], $this, $row["version"], $row["comment"], $row["date"], $row["createdBy"], $row["dir"], $row["orgFileName"], $row["fileType"], $row["mimeType"], $row['fileSize'], $row['checksum'], $row['revisiondate']);
+				if($user) {
+					if($content->getAccessMode($user) >= M_READ)
+						array_push($this->_content, $content);
+				} else {
+					array_push($this->_content, $content);
+				}
+			}
 		}
 
 		return $this->_content;
@@ -1770,8 +1793,12 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
 	/**
 	 * Return the content element of a document with a given version number
 	 *
+	 * This function will check if the version is accessible and return false
+	 * if not.
+	 *
 	 * @param integer $version version number of content element
-	 * @return object object of class SeedDMS_Core_DocumentContent
+	 * @return object/boolean object of class {@link SeedDMS_Core_DocumentContent}
+	 * or false
 	 */
 	function getContentByVersion($version) { /* {{{ */
 		if (!is_numeric($version)) return false;
@@ -1793,11 +1820,21 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
 			return false;
 
 		$resArr = $resArr[0];
-		return new SeedDMS_Core_DocumentContent($resArr["id"], $this, $resArr["version"], $resArr["comment"], $resArr["date"], $resArr["createdBy"], $resArr["dir"], $resArr["orgFileName"], $resArr["fileType"], $resArr["mimeType"], $resArr['fileSize'], $resArr['checksum'], $resArr['revisiondate']);
+		$classname = $this->_dms->getClassname('documentcontent');
+		if($content = new $classname($resArr["id"], $this, $resArr["version"], $resArr["comment"], $resArr["date"], $resArr["createdBy"], $resArr["dir"], $resArr["orgFileName"], $resArr["fileType"], $resArr["mimeType"], $resArr['fileSize'], $resArr['checksum'], $resArr['revisiondate'])) {
+			$user = $this->_dms->getLoggedInUser();
+			/* A user with write access on the document may always see the version */
+			if($user && $content->getAccessMode($user) == M_NONE)
+				return false;
+			else
+				return $content;
+		} else {
+			return false;
+		}
 	} /* }}} */
 
-	function getLatestContent() { /* {{{ */
-		if (!isset($this->_latestContent)) {
+	function __getLatestContent() { /* {{{ */
+		if (!$this->_latestContent) {
 			$db = $this->_dms->getDB();
 			$queryStr = "SELECT * FROM tblDocumentContent WHERE document = ".$this->_id." ORDER BY version DESC LIMIT 0,1";
 			$resArr = $db->getResultArray($queryStr);
@@ -1807,11 +1844,58 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
 				return false;
 
 			$resArr = $resArr[0];
-			$this->_latestContent = new SeedDMS_Core_DocumentContent($resArr["id"], $this, $resArr["version"], $resArr["comment"], $resArr["date"], $resArr["createdBy"], $resArr["dir"], $resArr["orgFileName"], $resArr["fileType"], $resArr["mimeType"], $resArr['fileSize'], $resArr['checksum'], $resArr['revisiondate']);
+			$classname = $this->_dms->getClassname('documentcontent');
+			$this->_latestContent = new $classname($resArr["id"], $this, $resArr["version"], $resArr["comment"], $resArr["date"], $resArr["createdBy"], $resArr["dir"], $resArr["orgFileName"], $resArr["fileType"], $resArr["mimeType"], $resArr['fileSize'], $resArr['checksum'], $resArr['revisiondate']);
 		}
 		return $this->_latestContent;
 	} /* }}} */
 
+	/**
+	 * Get the latest version of document
+	 *
+	 * This function returns the latest accessible version of a document.
+	 * If content access has been restricted by setting
+	 * {@link SeedDMS_Core_DMS::noReadForStatus} the function will go
+	 * backwards in history until an accessible version is found. If none
+	 * is found null will be returned.
+	 *
+	 * @return object object of class {@link SeedDMS_Core_DocumentContent}
+	 */
+	function getLatestContent() { /* {{{ */
+		if (!$this->_latestContent) {
+			$db = $this->_dms->getDB();
+			$queryStr = "SELECT * FROM tblDocumentContent WHERE document = ".$this->_id." ORDER BY version DESC";
+			$resArr = $db->getResultArray($queryStr);
+			if (is_bool($resArr) && !$res)
+				return false;
+
+			$classname = $this->_dms->getClassname('documentcontent');
+			$user = $this->_dms->getLoggedInUser();
+			foreach ($resArr as $row) {
+				if (!$this->_latestContent) {
+					$content = new $classname($row["id"], $this, $row["version"], $row["comment"], $row["date"], $row["createdBy"], $row["dir"], $row["orgFileName"], $row["fileType"], $row["mimeType"], $row['fileSize'], $row['checksum'], $row['revisiondate']);
+					if($user) {
+						/* If the user may even write the document, then also allow to see all content.
+						 * This is needed because the user could upload a new version
+						 */
+						if($content->getAccessMode($user) >= M_READ) {
+							$this->_latestContent = $content;
+						}
+					} else {
+						$this->_latestContent = $content;
+					}
+				}
+			}
+		}
+
+		return $this->_latestContent;
+	} /* }}} */
+
+	/**
+	 * Remove a certain version
+	 *
+	 * @param integer $version version number
+	 */
 	function removeContent($version) { /* {{{ */
 		$db = $this->_dms->getDB();
 
@@ -3051,36 +3135,109 @@ class SeedDMS_Core_DocumentContent extends SeedDMS_Core_Object { /* {{{ */
 
 	/**
 	 * Returns the access mode similar to a document
-	 * There is no real access mode for document content, so this is more
-	 * like a virtual access mode, derived from the status or workflow
-	 * of the document content. The idea is to return an access mode
-	 * M_NONE if the user is still in a workflow or under review/approval.
-	 * In such a case only those user involved in the workflow/review/approval
-	 * process should be allowed to see the document. This method could
-	 * be called by any function that returns the content e.g. getLatestContent() 
-	 * It may as well be used by SeedDMS_Core_Document::getAccessMode() to
-	 * prevent access on the whole document if there is just one version.
-	 * The return value is planed to be either M_NONE or M_READ.
 	 *
-	 * @param object $user
-	 * @return integer mode
+	 * There is no real access mode for document content, so this is more
+	 * like a virtual access mode, derived from the status of the document 
+	 * content. The function checks if {@link SeedDMS_Core_DMS::noReadForStatus}
+	 * contains the status of the version and returns M_NONE if it exists and
+	 * the user is not involved in a workflow or review/approval.
+	 * This method is called by all functions that returns the content e.g.
+	 * {@link SeedDMS_Core_Document::getLatestContent()}
+	 * It is also used by {@link SeedDMS_Core_Document::getAccessMode()} to
+	 * prevent access on the whole document if there is no accessible version.
+	 *
+	 * @param object $u user
+	 * @return integer either M_NONE or M_READ
 	 */
 	function getAccessMode($u) { /* {{{ */
-		if(!$this->_workflow)
-			$this->getWorkflow();
+		$dms = $this->_document->_dms;
+		$db = $dms->getDB();
 
-		if($this->_workflow) {
-			if (!$this->_workflowState)
-				$this->getWorkflowState();
-			$transitions = $this->_workflow->getNextTransitions($this->_workflowState);
-			foreach($transitions as $transition) {
-				if($this->triggerWorkflowTransitionIsAllowed($u, $transition))
-					return M_READ;
+		/* If read access isn't further restricted by status, than grant read access */
+		if(!$dms->noReadForStatus)
+			return M_READ;
+
+		/* If the current status is not in list of status without read access, then grant read access */
+		if(!in_array($this->getStatus()['status'], $dms->noReadForStatus))
+			return M_READ;
+
+		/* Administrators have unrestricted access */
+		if ($u->isAdmin()) return M_READ;
+
+		/* The owner of the document has unrestricted access */
+		$owner = $this->_document->getOwner();
+		if ($u->getID() == $owner->getID()) return M_READ;
+
+		/* Read/Write access on the document will also grant access on the version */
+		if($this->_document->getAccessMode($user) >= M_READWRITE) return M_READ;
+
+		/* At this point the current status is in the list of status without read access.
+		 * The only way to still gain read access is, if the user is involved in the
+		 * process, e.g. is a reviewer, approver or an active person in the workflow.
+		 */
+		$s = $this->getStatus();
+		switch($s['status']) {
+		case S_DRAFT_REV:
+			$status = $this->getReviewStatus();
+			foreach ($status as $r) {
+				if($r['status'] != -2) // Check if reviewer was removed
+					switch ($r["type"]) {
+					case 0: // Reviewer is an individual.
+						if($u->getId() == $r["required"])
+							return M_READ;
+						break;
+					case 1: // Reviewer is a group.
+						$required = $dms->getGroup($r["required"]);
+						if (is_object($required) && $required->isMember($u))
+							return M_READ;
+						break;
+					}
 			}
-			return M_NONE;
+			break;
+		case S_DRAFT_APP:
+			$status = $this->getApprovalStatus();
+			foreach ($status as $r) {
+				if($r['status'] != -2) // Check if approver was removed
+					switch ($r["type"]) {
+					case 0: // Reviewer is an individual.
+						if($u->getId() == $r["required"])
+							return M_READ;
+						break;
+					case 1: // Reviewer is a group.
+						$required = $dms->getGroup($r["required"]);
+						if (is_object($required) && $required->isMember($u))
+							return M_READ;
+						break;
+					}
+			}
+			break;
+		case S_RELEASED:
+			break;
+		case S_IN_WORKFLOW:
+			if(!$this->_workflow)
+				$this->getWorkflow();
+
+			if($this->_workflow) {
+				if (!$this->_workflowState)
+					$this->getWorkflowState();
+				$transitions = $this->_workflow->getNextTransitions($this->_workflowState);
+				foreach($transitions as $transition) {
+					if($this->triggerWorkflowTransitionIsAllowed($u, $transition))
+						return M_READ;
+				}
+			}
+			break;
+		case S_IN_REVISION:
+			break;
+		case S_REJECTED:
+			break;
+		case S_OBSOLETE:
+			break;
+		case S_EXPIRED:
+			break;
 		}
 
-		return M_READ;
+		return M_NONE;
 	} /* }}} */
 
 	/**
diff --git a/SeedDMS_Core/package.xml b/SeedDMS_Core/package.xml
index 0572758a0..1d88f7e88 100644
--- a/SeedDMS_Core/package.xml
+++ b/SeedDMS_Core/package.xml
@@ -25,6 +25,8 @@
  <license uri="http://opensource.org/licenses/gpl-license">GPL License</license>
  <notes>
 - add roles
+- use classname from SeedDMS_Core_DMS::_classnames for SeedDMS_Core_DocumentContent
+- all changes from 4.3.26 merged
  </notes>
  <contents>
   <dir baseinstalldir="SeedDMS" name="/">
diff --git a/inc/inc.ClassAccessOperation.php b/inc/inc.ClassAccessOperation.php
index 0e350a951..0eb6f48ab 100644
--- a/inc/inc.ClassAccessOperation.php
+++ b/inc/inc.ClassAccessOperation.php
@@ -64,11 +64,12 @@ class SeedDMS_AccessOperation {
 	 */
 	function mayEditVersion($document) { /* {{{ */
 		if(get_class($document) == $this->dms->getClassname('document')) {
-			$version = $document->getLatestContent();
-			if (!isset($this->settings->_editOnlineFileTypes) || !is_array($this->settings->_editOnlineFileTypes) || !in_array(strtolower($version->getFileType()), $this->settings->_editOnlineFileTypes))
-				return false;
-			if ($document->getAccessMode($this->user) == M_ALL || $this->user->isAdmin()) {
-				return true;
+			if($latestContent = $document->getLatestContent()) {
+				if (!isset($this->settings->_editOnlineFileTypes) || !is_array($this->settings->_editOnlineFileTypes) || !in_array(strtolower($latestContent->getFileType()), $this->settings->_editOnlineFileTypes))
+					return false;
+				if ($document->getAccessMode($this->user) == M_ALL || $this->user->isAdmin()) {
+					return true;
+				}
 			}
 		}
 		return false;
@@ -105,10 +106,11 @@ class SeedDMS_AccessOperation {
 	 */
 	function mayOverrideStatus($document) { /* {{{ */
 		if(get_class($document) == $this->dms->getClassname('document')) {
-			$latestContent = $document->getLatestContent();
-			$status = $latestContent->getStatus();
-			if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin()) && ($status["status"]==S_DRAFT || $status["status"]==S_RELEASED || $status["status"]==S_OBSOLETE)) {
-				return true;
+			if($latestContent = $document->getLatestContent()) {
+				$status = $latestContent->getStatus();
+				if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin()) && ($status["status"]==S_DRAFT || $status["status"]==S_RELEASED || $status["status"]==S_OBSOLETE)) {
+					return true;
+				}
 			}
 		}
 		return false;
@@ -125,10 +127,11 @@ class SeedDMS_AccessOperation {
 	 */
 	function maySetReviewersApprovers($document) { /* {{{ */
 		if(get_class($document) == $this->dms->getClassname('document')) {
-			$latestContent = $document->getLatestContent();
-			$status = $latestContent->getStatus();
-			if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin()) && ($status['status']==S_DRAFT || $status["status"]==S_DRAFT_REV || $status["status"]==S_DRAFT_APP && $this->settings->_workflowMode == 'traditional_only_approval')) {
-				return true;
+			if($latestContent = $document->getLatestContent()) {
+				$status = $latestContent->getStatus();
+				if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin()) && ($status['status']==S_DRAFT || $status["status"]==S_DRAFT_REV || $status["status"]==S_DRAFT_APP && $this->settings->_workflowMode == 'traditional_only_approval')) {
+					return true;
+				}
 			}
 		}
 		return false;
@@ -145,10 +148,11 @@ class SeedDMS_AccessOperation {
 	 */
 	function maySetRecipients($document) { /* {{{ */
 		if(get_class($document) == $this->dms->getClassname('document')) {
-			$latestContent = $document->getLatestContent();
-			$status = $latestContent->getStatus();
-			if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin()) && ($status["status"]==S_RELEASED)) {
-				return true;
+			if($latestContent = $document->getLatestContent()) {
+				$status = $latestContent->getStatus();
+				if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin()) && ($status["status"]==S_RELEASED)) {
+					return true;
+				}
 			}
 		}
 		return false;
@@ -165,10 +169,11 @@ class SeedDMS_AccessOperation {
 	 */
 	function maySetRevisors($document) { /* {{{ */
 		if(get_class($document) == $this->dms->getClassname('document')) {
-			$latestContent = $document->getLatestContent();
-			$status = $latestContent->getStatus();
-			if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin()) && ($status["status"]==S_RELEASED || $status["status"]==S_IN_REVISION)) {
-				return true;
+			if($latestContent = $document->getLatestContent()) {
+				$status = $latestContent->getStatus();
+				if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin()) && ($status["status"]==S_RELEASED || $status["status"]==S_IN_REVISION)) {
+					return true;
+				}
 			}
 		}
 		return false;
@@ -185,10 +190,11 @@ class SeedDMS_AccessOperation {
 	 */
 	function maySetWorkflow($document) { /* {{{ */
 		if(get_class($document) == $this->dms->getClassname('document')) {
-			$latestContent = $document->getLatestContent();
-			$workflow = $latestContent->getWorkflow();
-			if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin()) && (!$workflow || ($workflow->getInitState()->getID() == $latestContent->getWorkflowState()->getID()))) {
-				return true;
+			if($latestContent = $document->getLatestContent()) {
+				$workflow = $latestContent->getWorkflow();
+				if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin()) && (!$workflow || ($workflow->getInitState()->getID() == $latestContent->getWorkflowState()->getID()))) {
+					return true;
+				}
 			}
 		}
 		return false;
@@ -202,10 +208,11 @@ class SeedDMS_AccessOperation {
 	 */
 	function maySetExpires($document) { /* {{{ */
 		if(get_class($document) == $this->dms->getClassname('document')) {
-			$latestContent = $document->getLatestContent();
-			$status = $latestContent->getStatus();
-			if ((($document->getAccessMode($this->user) == M_ALL) || $this->user->isAdmin()) && ($status["status"]!=S_OBSOLETE)) {
-				return true;
+			if($latestContent = $document->getLatestContent()) {
+				$status = $latestContent->getStatus();
+				if ((($document->getAccessMode($this->user) == M_ALL) || $this->user->isAdmin()) && ($status["status"]!=S_OBSOLETE)) {
+					return true;
+				}
 			}
 		}
 		return false;
@@ -228,10 +235,11 @@ class SeedDMS_AccessOperation {
 					return false;
 				}
 			}
-			$latestContent = $document->getLatestContent();
-			$status = $latestContent->getStatus();
-			if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) >= M_READWRITE)) || $this->user->isAdmin()) && ($status["status"]!=S_OBSOLETE)) {
-				return true;
+			if($latestContent = $document->getLatestContent()) {
+				$status = $latestContent->getStatus();
+				if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) >= M_READWRITE)) || $this->user->isAdmin()) && ($status["status"]!=S_OBSOLETE)) {
+					return true;
+				}
 			}
 		}
 		return false;
@@ -248,11 +256,12 @@ class SeedDMS_AccessOperation {
 	 */
 	function mayEditAttributes($document) { /* {{{ */
 		if(get_class($document) == $this->dms->getClassname('document')) {
-			$latestContent = $document->getLatestContent();
-			$status = $latestContent->getStatus();
-			$workflow = $latestContent->getWorkflow();
-			if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) >= M_READWRITE)) || $this->user->isAdmin()) && ($status["status"]==S_DRAFT_REV || ($workflow && $workflow->getInitState()->getID() == $latestContent->getWorkflowState()->getID()))) {
-				return true;
+			if($latestContent = $document->getLatestContent()) {
+				$status = $latestContent->getStatus();
+				$workflow = $latestContent->getWorkflow();
+				if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) >= M_READWRITE)) || $this->user->isAdmin()) && ($status["status"]==S_DRAFT_REV || ($workflow && $workflow->getInitState()->getID() == $latestContent->getWorkflowState()->getID()))) {
+					return true;
+				}
 			}
 		}
 		return false;
@@ -267,10 +276,11 @@ class SeedDMS_AccessOperation {
 	 */
 	function mayReview($document) { /* {{{ */
 		if(get_class($document) == $this->dms->getClassname('document')) {
-			$latestContent = $document->getLatestContent();
-			$status = $latestContent->getStatus();
-			if ($status["status"]!=S_OBSOLETE) {
-				return true;
+			if($latestContent = $document->getLatestContent()) {
+				$status = $latestContent->getStatus();
+				if ($status["status"]!=S_OBSOLETE) {
+					return true;
+				}
 			}
 		}
 		return false;
@@ -286,10 +296,11 @@ class SeedDMS_AccessOperation {
 	 */
 	function mayApprove($document) { /* {{{ */
 		if(get_class($document) == $this->dms->getClassname('document')) {
-			$latestContent = $document->getLatestContent();
-			$status = $latestContent->getStatus();
-			if ($status["status"]!=S_OBSOLETE && $status["status"]!=S_DRAFT_REV && $status["status"]!=S_REJECTED) {
-				return true;
+			if($latestContent = $document->getLatestContent()) {
+				$status = $latestContent->getStatus();
+				if ($status["status"]!=S_OBSOLETE && $status["status"]!=S_DRAFT_REV && $status["status"]!=S_REJECTED) {
+					return true;
+				}
 			}
 		}
 		return false;
@@ -304,10 +315,11 @@ class SeedDMS_AccessOperation {
 	 */
 	function mayReceipt($document) { /* {{{ */
 		if(get_class($document) == $this->dms->getClassname('document')) {
-			$latestContent = $document->getLatestContent();
-			$status = $latestContent->getStatus();
-			if ($status["status"]!=S_OBSOLETE) {
-				return true;
+			if($latestContent = $document->getLatestContent()) {
+				$status = $latestContent->getStatus();
+				if ($status["status"]!=S_OBSOLETE) {
+					return true;
+				}
 			}
 		}
 		return false;
@@ -322,10 +334,11 @@ class SeedDMS_AccessOperation {
 	 */
 	function mayRevise($document) { /* {{{ */
 		if(get_class($document) == $this->dms->getClassname('document')) {
-			$latestContent = $document->getLatestContent();
-			$status = $latestContent->getStatus();
-			if ($status["status"]!=S_OBSOLETE) {
-				return true;
+			if($latestContent = $document->getLatestContent()) {
+				$status = $latestContent->getStatus();
+				if ($status["status"]!=S_OBSOLETE) {
+					return true;
+				}
 			}
 		}
 		return false;
diff --git a/inc/inc.DBInit.php b/inc/inc.DBInit.php
index 1519dd4e0..ad458f90f 100644
--- a/inc/inc.DBInit.php
+++ b/inc/inc.DBInit.php
@@ -56,6 +56,7 @@ $dms->setRootFolderID($settings->_rootFolderID);
 $dms->setMaxDirID($settings->_maxDirID);
 $dms->setEnableConverting($settings->_enableConverting);
 $dms->setViewOnlineFileTypes($settings->_viewOnlineFileTypes);
+//$dms->noReadForStatus = array(S_DRAFT, S_DRAFT_REV/*, S_DRAFT_APP*/);
 
 if(isset($GLOBALS['SEEDDMS_HOOKS']['initDMS'])) {
 	foreach($GLOBALS['SEEDDMS_HOOKS']['initDMS'] as $hookObj) {
diff --git a/languages/ar_EG/lang.inc b/languages/ar_EG/lang.inc
index 48ddc7e85..156043ef8 100644
--- a/languages/ar_EG/lang.inc
+++ b/languages/ar_EG/lang.inc
@@ -859,6 +859,7 @@ URL: [url]',
 'role_info' => '',
 'role_management' => '',
 'role_name' => '',
+'role_type' => '',
 'role_user' => 'مستخدم',
 'ro_RO' => 'ﺭﻮﻣﺎﻨﻳﺓ',
 'run_subworkflow' => 'تشغيل مسار عمل فرعي',
diff --git a/languages/bg_BG/lang.inc b/languages/bg_BG/lang.inc
index 6102f9ff0..ad5c97ade 100644
--- a/languages/bg_BG/lang.inc
+++ b/languages/bg_BG/lang.inc
@@ -731,6 +731,7 @@ $text = array(
 'role_info' => '',
 'role_management' => '',
 'role_name' => '',
+'role_type' => '',
 'role_user' => 'Потребител',
 'ro_RO' => '',
 'run_subworkflow' => 'Пусни под-процес',
diff --git a/languages/ca_ES/lang.inc b/languages/ca_ES/lang.inc
index 4e62eed16..4fc0358fb 100644
--- a/languages/ca_ES/lang.inc
+++ b/languages/ca_ES/lang.inc
@@ -736,6 +736,7 @@ URL: [url]',
 'role_info' => '',
 'role_management' => '',
 'role_name' => '',
+'role_type' => '',
 'role_user' => 'User',
 'ro_RO' => '',
 'run_subworkflow' => '',
diff --git a/languages/cs_CZ/lang.inc b/languages/cs_CZ/lang.inc
index 4a701b5a8..aba3f06f8 100644
--- a/languages/cs_CZ/lang.inc
+++ b/languages/cs_CZ/lang.inc
@@ -868,6 +868,7 @@ URL: [url]',
 'role_info' => '',
 'role_management' => '',
 'role_name' => '',
+'role_type' => '',
 'role_user' => 'Uživatel',
 'ro_RO' => 'Rumunština',
 'run_subworkflow' => 'Spustit vedlejší pracovní postup',
diff --git a/languages/de_DE/lang.inc b/languages/de_DE/lang.inc
index d4904c1ff..8533cbec4 100644
--- a/languages/de_DE/lang.inc
+++ b/languages/de_DE/lang.inc
@@ -19,7 +19,7 @@
 //    along with this program; if not, write to the Free Software
 //    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 //
-//    Translators: Admin (2219), dgrutsch (21)
+//    Translators: Admin (2220), dgrutsch (21)
 
 $text = array(
 'accept' => 'Übernehmen',
@@ -905,6 +905,7 @@ URL: [url]',
 'role_info' => 'Information',
 'role_management' => 'Rollenverwaltung',
 'role_name' => 'Name',
+'role_type' => 'Typ der Rolle',
 'role_user' => 'Benutzer',
 'ro_RO' => 'Rumänisch',
 'run_subworkflow' => 'Sub-Workflow starten',
diff --git a/languages/en_GB/lang.inc b/languages/en_GB/lang.inc
index f1ff2669d..84ee3ee12 100644
--- a/languages/en_GB/lang.inc
+++ b/languages/en_GB/lang.inc
@@ -19,7 +19,7 @@
 //    along with this program; if not, write to the Free Software
 //    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 //
-//    Translators: Admin (1365), dgrutsch (7), netixw (14)
+//    Translators: Admin (1366), dgrutsch (7), netixw (14)
 
 $text = array(
 'accept' => 'Accept',
@@ -906,6 +906,7 @@ URL: [url]',
 'role_info' => 'Information',
 'role_management' => 'Role management',
 'role_name' => 'Name',
+'role_type' => 'Typ of role',
 'role_user' => 'User',
 'ro_RO' => 'Romanian',
 'run_subworkflow' => 'Run sub workflow',
diff --git a/languages/es_ES/lang.inc b/languages/es_ES/lang.inc
index 193bdfe65..39382aca9 100644
--- a/languages/es_ES/lang.inc
+++ b/languages/es_ES/lang.inc
@@ -874,6 +874,7 @@ URL: [url]',
 'role_info' => '',
 'role_management' => '',
 'role_name' => '',
+'role_type' => '',
 'role_user' => 'Usuario',
 'ro_RO' => 'Rumano',
 'run_subworkflow' => 'Ejecutar sub flujo de trabajo',
diff --git a/languages/fr_FR/lang.inc b/languages/fr_FR/lang.inc
index 07c4a9e53..f9560aaed 100644
--- a/languages/fr_FR/lang.inc
+++ b/languages/fr_FR/lang.inc
@@ -857,6 +857,7 @@ URL: [url]',
 'role_info' => '',
 'role_management' => '',
 'role_name' => '',
+'role_type' => '',
 'role_user' => 'Utilisateur',
 'ro_RO' => 'Roumain',
 'run_subworkflow' => 'Lancer le sous-workflow',
diff --git a/languages/hr_HR/lang.inc b/languages/hr_HR/lang.inc
index fcaea7fe9..cc6c40edd 100644
--- a/languages/hr_HR/lang.inc
+++ b/languages/hr_HR/lang.inc
@@ -895,6 +895,7 @@ Internet poveznica: [url]',
 'role_info' => '',
 'role_management' => '',
 'role_name' => '',
+'role_type' => '',
 'role_user' => 'Korisnik',
 'ro_RO' => 'Rumunjski',
 'run_subworkflow' => 'Pokreni poslovni pod-tok',
diff --git a/languages/hu_HU/lang.inc b/languages/hu_HU/lang.inc
index efa2fef1d..c92da8883 100644
--- a/languages/hu_HU/lang.inc
+++ b/languages/hu_HU/lang.inc
@@ -874,6 +874,7 @@ URL: [url]',
 'role_info' => '',
 'role_management' => '',
 'role_name' => '',
+'role_type' => '',
 'role_user' => 'Felhasználó',
 'ro_RO' => 'Román',
 'run_subworkflow' => 'Segéd munkafolyamat futtatása',
diff --git a/languages/it_IT/lang.inc b/languages/it_IT/lang.inc
index 6b76c5f7b..497a48f66 100644
--- a/languages/it_IT/lang.inc
+++ b/languages/it_IT/lang.inc
@@ -897,6 +897,7 @@ URL: [url]',
 'role_info' => '',
 'role_management' => '',
 'role_name' => '',
+'role_type' => '',
 'role_user' => 'Utente',
 'ro_RO' => 'Rumeno',
 'run_subworkflow' => 'Inizia un sotto-flusso di lavoro',
diff --git a/languages/ko_KR/lang.inc b/languages/ko_KR/lang.inc
index af625865d..c738c17e8 100644
--- a/languages/ko_KR/lang.inc
+++ b/languages/ko_KR/lang.inc
@@ -888,6 +888,7 @@ URL: [url]',
 'role_info' => '',
 'role_management' => '',
 'role_name' => '',
+'role_type' => '',
 'role_user' => '사용자',
 'ro_RO' => '루마니아어',
 'run_subworkflow' => '서브 워크플로우 실행',
diff --git a/languages/nl_NL/lang.inc b/languages/nl_NL/lang.inc
index 6b0ab5824..f1311133e 100644
--- a/languages/nl_NL/lang.inc
+++ b/languages/nl_NL/lang.inc
@@ -897,6 +897,7 @@ URL: [url]',
 'role_info' => 'Informtie over de rol',
 'role_management' => 'Rol-management',
 'role_name' => 'Naam vd Rol',
+'role_type' => '',
 'role_user' => 'Gebruiker',
 'ro_RO' => 'Roemeens',
 'run_subworkflow' => 'Voer sub workflow uit',
diff --git a/languages/pl_PL/lang.inc b/languages/pl_PL/lang.inc
index 71db94f38..989102470 100644
--- a/languages/pl_PL/lang.inc
+++ b/languages/pl_PL/lang.inc
@@ -853,6 +853,7 @@ URL: [url]',
 'role_info' => '',
 'role_management' => '',
 'role_name' => '',
+'role_type' => '',
 'role_user' => 'Użytkownik',
 'ro_RO' => 'Rumuński',
 'run_subworkflow' => 'Uruchom podproces',
diff --git a/languages/pt_BR/lang.inc b/languages/pt_BR/lang.inc
index c0ce47019..0ad74508a 100644
--- a/languages/pt_BR/lang.inc
+++ b/languages/pt_BR/lang.inc
@@ -871,6 +871,7 @@ URL: [url]',
 'role_info' => '',
 'role_management' => '',
 'role_name' => '',
+'role_type' => '',
 'role_user' => 'Usuário',
 'ro_RO' => 'Romeno',
 'run_subworkflow' => 'Executar sub fluxo de trabalho',
diff --git a/languages/ro_RO/lang.inc b/languages/ro_RO/lang.inc
index 059903c7e..e2876b183 100644
--- a/languages/ro_RO/lang.inc
+++ b/languages/ro_RO/lang.inc
@@ -896,6 +896,7 @@ URL: [url]',
 'role_info' => '',
 'role_management' => '',
 'role_name' => '',
+'role_type' => '',
 'role_user' => 'Utilizator',
 'ro_RO' => 'Romană (RO)',
 'run_subworkflow' => 'Rulați subworkflow-ul',
diff --git a/languages/ru_RU/lang.inc b/languages/ru_RU/lang.inc
index bc56096a0..7b1fb97c5 100644
--- a/languages/ru_RU/lang.inc
+++ b/languages/ru_RU/lang.inc
@@ -903,6 +903,7 @@ URL: [url]',
 'role_info' => '',
 'role_management' => '',
 'role_name' => '',
+'role_type' => '',
 'role_user' => 'Пользователь',
 'ro_RO' => 'Румынский',
 'run_subworkflow' => 'Запустить подпроцесс',
diff --git a/languages/sk_SK/lang.inc b/languages/sk_SK/lang.inc
index 49f88fa71..3c0321961 100644
--- a/languages/sk_SK/lang.inc
+++ b/languages/sk_SK/lang.inc
@@ -735,6 +735,7 @@ URL: [url]',
 'role_info' => '',
 'role_management' => '',
 'role_name' => '',
+'role_type' => '',
 'role_user' => '',
 'ro_RO' => 'Rumunština',
 'run_subworkflow' => '',
diff --git a/languages/sv_SE/lang.inc b/languages/sv_SE/lang.inc
index 281aa3692..d3c4e734f 100644
--- a/languages/sv_SE/lang.inc
+++ b/languages/sv_SE/lang.inc
@@ -859,6 +859,7 @@ URL: [url]',
 'role_info' => '',
 'role_management' => '',
 'role_name' => '',
+'role_type' => '',
 'role_user' => 'Användare',
 'ro_RO' => 'Rumänska',
 'run_subworkflow' => 'Utför under-arbetsflöde',
diff --git a/languages/tr_TR/lang.inc b/languages/tr_TR/lang.inc
index 1f7472bb6..8eda7450e 100644
--- a/languages/tr_TR/lang.inc
+++ b/languages/tr_TR/lang.inc
@@ -875,6 +875,7 @@ URL: [url]',
 'role_info' => '',
 'role_management' => '',
 'role_name' => '',
+'role_type' => '',
 'role_user' => 'Kullanıcı',
 'ro_RO' => 'Romence',
 'run_subworkflow' => 'Alt iş akışını başlat',
diff --git a/languages/uk_UA/lang.inc b/languages/uk_UA/lang.inc
index 89abf1b89..c0842da69 100644
--- a/languages/uk_UA/lang.inc
+++ b/languages/uk_UA/lang.inc
@@ -896,6 +896,7 @@ URL: [url]',
 'role_info' => '',
 'role_management' => '',
 'role_name' => '',
+'role_type' => '',
 'role_user' => 'Користувач',
 'ro_RO' => 'Romanian',
 'run_subworkflow' => 'Запустити підпроцес',
diff --git a/languages/zh_CN/lang.inc b/languages/zh_CN/lang.inc
index 858c1fb80..4c86a30d3 100644
--- a/languages/zh_CN/lang.inc
+++ b/languages/zh_CN/lang.inc
@@ -737,6 +737,7 @@ URL: [url]',
 'role_info' => '',
 'role_management' => '',
 'role_name' => '',
+'role_type' => '',
 'role_user' => '用户',
 'ro_RO' => '罗马尼亚语',
 'run_subworkflow' => '',
diff --git a/languages/zh_TW/lang.inc b/languages/zh_TW/lang.inc
index fe7b58284..16c6240c9 100644
--- a/languages/zh_TW/lang.inc
+++ b/languages/zh_TW/lang.inc
@@ -735,6 +735,7 @@ URL: [url]',
 'role_info' => '',
 'role_management' => '',
 'role_name' => '',
+'role_type' => '',
 'role_user' => '用戶',
 'ro_RO' => '羅馬尼亞文',
 'run_subworkflow' => '',
diff --git a/views/bootstrap/class.Bootstrap.php b/views/bootstrap/class.Bootstrap.php
index 0c0a3da42..02c42c3f0 100644
--- a/views/bootstrap/class.Bootstrap.php
+++ b/views/bootstrap/class.Bootstrap.php
@@ -1605,6 +1605,7 @@ $(function() {
 	 */
 	function mainClipboard($clipboard, $previewer){ /* {{{ */
 		$dms = $this->params['dms'];
+		$user = $this->params['user'];
 		$content = '';
 		$foldercount = $doccount = 0;
 		if($clipboard['folders']) {
diff --git a/views/bootstrap/class.DocumentVersionDetail.php b/views/bootstrap/class.DocumentVersionDetail.php
index 18bc02757..3babb05a5 100644
--- a/views/bootstrap/class.DocumentVersionDetail.php
+++ b/views/bootstrap/class.DocumentVersionDetail.php
@@ -53,9 +53,12 @@ class SeedDMS_View_DocumentVersionDetail extends SeedDMS_Bootstrap_Style {
 		$this->globalNavigation($folder);
 		$this->contentStart();
 		$this->pageNavigation($this->getFolderPathHTML($folder, true, $document), "view_document", $document);
+?>
+<div class="row-fluid">
+<div class="span3">
+<?php
 		$this->contentHeading(getMLText("document_infos"));
 		$this->contentContainerStart();
-
 ?>
 <table class="table-condensed">
 <tr>
@@ -131,6 +134,10 @@ class SeedDMS_View_DocumentVersionDetail extends SeedDMS_Bootstrap_Style {
 </table>
 <?php
 		$this->contentContainerEnd();
+?>
+</div>
+<div class="span9">
+<?php
 
 		// verify if file exists
 		$file_exists=file_exists($dms->contentDir . $version->getPath());
@@ -348,6 +355,9 @@ class SeedDMS_View_DocumentVersionDetail extends SeedDMS_Bootstrap_Style {
 			</div>
 <?php
 		}
+?>
+</div>
+<?php
 		$this->contentEnd();
 		$this->htmlEndPage();
 	} /* }}} */
diff --git a/views/bootstrap/class.RoleMgr.php b/views/bootstrap/class.RoleMgr.php
index be2211a6c..f807f8435 100644
--- a/views/bootstrap/class.RoleMgr.php
+++ b/views/bootstrap/class.RoleMgr.php
@@ -146,7 +146,7 @@ $(document).ready( function() {
 			<td><input type="text" name="name" id="name" value="<?php print $currRole ? htmlspecialchars($currRole->getName()) : "";?>"></td>
 		</tr>
 		<tr>
-			<td><?php printMLText("role");?>:</td>
+			<td><?php printMLText("role_type");?>:</td>
 			<td><select name="role"><option value="<?php echo SeedDMS_Core_Role::role_user ?>"><?php printMLText("role_user"); ?></option><option value="<?php echo SeedDMS_Core_Role::role_admin ?>" <?php if($currRole && $currRole->getRole() == SeedDMS_Core_Role::role_admin) echo "selected"; ?>><?php printMLText("role_admin"); ?></option><option value="<?php echo SeedDMS_Core_Role::role_guest ?>" <?php if($currRole && $currRole->getRole() == SeedDMS_Core_Role::role_guest) echo "selected"; ?>><?php printMLText("role_guest"); ?></option></select></td>
 		</tr>
 		<tr>