Index: branches/5.0.x/core/install/upgrades.php
===================================================================
diff -u -N -r12877 -r13346
--- branches/5.0.x/core/install/upgrades.php	(.../upgrades.php)	(revision 12877)
+++ branches/5.0.x/core/install/upgrades.php	(.../upgrades.php)	(revision 13346)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: upgrades.php 12877 2009-11-03 20:10:32Z alex $
+* @version	$Id: upgrades.php 13346 2010-04-06 08:21:04Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -1318,4 +1318,91 @@
 				}
 			}
 		}
+
+		/**
+		 * Update to 5.0.3-B2; Moves CATEGORY.* permission from module root categories to Content category
+		 *
+		 * @param string $mode when called mode {before, after)
+		 */
+		function Upgrade_5_0_3_B2($mode)
+		{
+			if ($mode == 'before') {
+				// get permissions
+				$sql = 'SELECT PermissionName
+						FROM ' . TABLE_PREFIX . 'PermissionConfig
+						WHERE PermissionName LIKE "CATEGORY.%"';
+				$permission_names = $this->Conn->GetCol($sql);
+
+				// get groups
+				$sql = 'SELECT GroupId
+						FROM ' . TABLE_PREFIX . 'PortalGroup';
+				$user_groups = $this->Conn->GetCol($sql);
+				$user_group_count = count($user_groups);
+
+				// get module root categories
+				$sql = 'SELECT RootCat
+						FROM ' . TABLE_PREFIX . 'Modules';
+				$module_categories = $this->Conn->GetCol($sql);
+
+				$module_categories[] = 0;
+				$module_categories = implode(',', array_unique($module_categories));
+
+				$permissions = $delete_permission_ids = Array ();
+
+				foreach ($permission_names as $permission_name) {
+					foreach ($user_groups as $group_id) {
+						$sql = 'SELECT PermissionId
+								FROM ' . TABLE_PREFIX . 'Permissions
+								WHERE (Permission = ' . $this->Conn->qstr($permission_name) . ') AND (PermissionValue = 1) AND (GroupId = ' . $group_id . ') AND (`Type` = 0) AND (CatId IN (' . $module_categories . '))';
+						$permission_ids = $this->Conn->GetCol($sql);
+
+						if ($permission_ids) {
+							if (!array_key_exists($permission_name, $permissions)) {
+								$permissions[$permission_name] = Array ();
+							}
+
+							$permissions[$permission_name][] = $group_id;
+							$delete_permission_ids = array_merge($delete_permission_ids, $permission_ids);
+						}
+					}
+				}
+
+				if ($delete_permission_ids) {
+					// here we can delete some of permissions that will be added later
+					$sql = 'DELETE FROM ' . TABLE_PREFIX . 'Permissions
+							WHERE PermissionId IN (' . implode(',', $delete_permission_ids) . ')';
+					$this->Conn->Query($sql);
+				}
+
+				$home_category = $this->Application->findModule('Name', 'Core', 'RootCat');
+
+				foreach ($permissions as $permission_name => $permission_groups) {
+					// optimize a bit
+					$has_everyone = in_array(15, $permission_groups);
+
+					if ($has_everyone || (!$has_everyone && count($permission_groups) == $user_group_count - 1)) {
+						// has permission for "Everyone" group OR allowed in all groups except "Everyone" group
+						// so remove all other explicitly allowed permissions
+						$permission_groups = Array (15);
+					}
+
+					foreach ($permission_groups as $group_id) {
+						$fields_hash = Array (
+							'Permission' => $permission_name,
+							'GroupId' => $group_id,
+							'PermissionValue' => 1,
+							'Type' => 0, // category-based permission,
+							'CatId' => $home_category,
+						);
+
+						$this->Conn->doInsert($fields_hash, TABLE_PREFIX . 'Permissions');
+					}
+				}
+
+				$updater =& $this->Application->recallObject('kPermCacheUpdater');
+				/* @var $updater kPermCacheUpdater */
+
+				$updater->OneStepRun();
+			}
+		}
 	}
\ No newline at end of file