Steps to reproduce:
1. Provision a subset of geo-enabled nodes into a surveillance category "Test" that is visible to a group "testing" that a non-admin user exclusively belongs to. Omit at least one geo-enabled node from this category.
2. Log in as the non-admin user verify that only the subset of nodes in the "Test" category are visible in the node list
3. Still logged in as the non-admin user, navigate to the geographical map.
Expected result: Nodes displayed in geo-map are restricted as in the node list
Actual result: All nodes with geo-data are displayed
Beyond the geo-maps issue, it now appears (at least for a develop snapshot built on 16 Jan 2015) that ACLs are no longer being enforced at the DAO level. For instance, a non-admin user can now see a node that should be off-limits simply by changing the value of the "node" URL query parameter to element/node.jsp.