As far as I can see this code is in the critical path for every page view, and in my case returns False (cms_pagepermission is empty.) Neither the CMS_PERMISSION setting nor the CMS_PUBLIC_FOR setting appears to control whether or not has_view_permission is called, so there's no way to disable this. I also tried fiddling with CMS_CACHE_DURATIONS, but I think this only caches for logged in users, not anonymous sessions.
Any suggestions on how I can avoid this query? Can is_restricted be cached per page based on CMS_CACHE_DURATIONS['permissions']?