ACLs not respected when viewing custom data set on an activity when activity is viewed from Manage Case screen

Custom data set attached to an activity is given appropriate ACL permission settings so that a custom data set is viewable only by users with a specific role.

When activities are found via search, then viewed, the ACLs are respected, and only the appropriate users are able to see the custom data.

However, if the same user who is blocked from seeing the data when finding the activity through search attempts to view the activity by clicking on it by clicking the subject column link under Manage Case screen (list of activities in the case), all of the custom data is visible!

NOTE: (dgg) The problem is that CRM/Case/Form/ActivityView.tpl gets value to display by calling CRM/Case/XMLProcessor.php - and getCustomData() in that class does NOT check permissions on the custom data group. CRM/Activity/Form/Activity.tpl provides the 'view activity' page for the non-case activity selector - and it uses CustomDataView.tpl and CRM_Core_BAO_CustomGroup::getTree() to retrieve properly permissioned custom data groups.