Index: branches/5.2.x/core/units/helpers/permissions_helper.php
===================================================================
diff -u -N -r14731 -r14856
--- branches/5.2.x/core/units/helpers/permissions_helper.php	(.../permissions_helper.php)	(revision 14731)
+++ branches/5.2.x/core/units/helpers/permissions_helper.php	(.../permissions_helper.php)	(revision 14856)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: permissions_helper.php 14731 2011-11-03 11:34:47Z alex $
+* @version	$Id: permissions_helper.php 14856 2011-12-08 17:01:53Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -395,6 +395,7 @@
 			$perm_prefix = getArrayValue($params, 'perm_prefix');
 			$perm_event = getArrayValue($params, 'perm_event');
 			$permission_groups = getArrayValue($params, 'permissions');
+			$check_admin = isset($params['admin']) && $params['admin'];
 
 			if ($permission_groups && !$perm_event) {
 				// check permissions by permission names in current category
@@ -410,12 +411,22 @@
 
 				$is_system = isset($params['system']) && $params['system'] ? 1 : 0;
 				foreach ($permission_groups as $permission_group) {
-					$permissions = explode(',', $permission_group);
 					$has_permission = true;
-					foreach ($permissions as $permission) {
-						$owner_checked = (strpos($permission, '.OWNER.') !== false) ? $is_owner : true;
-						$has_permission = $has_permission && $this->CheckPermission($permission, $is_system, $perm_category) && $owner_checked;
+					$permissions = explode(',', $permission_group);
+
+					if ( $check_admin ) {
+						foreach ($permissions as $permission) {
+							$owner_checked = (strpos($permission, '.OWNER.') !== false) ? $is_owner : true;
+							$has_permission = $has_permission && $this->CheckAdminPermission($permission, $is_system, $perm_category) && $owner_checked;
+						}
 					}
+					else {
+						foreach ($permissions as $permission) {
+							$owner_checked = (strpos($permission, '.OWNER.') !== false) ? $is_owner : true;
+							$has_permission = $has_permission && $this->CheckPermission($permission, $is_system, $perm_category) && $owner_checked;
+						}
+					}
+
 					$group_has_permission = $group_has_permission || $has_permission;
 
 					if ($group_has_permission) {
@@ -543,8 +554,28 @@
 			return $this->CheckUserPermission($user_id, $name, $type, $cat_id);
 		}
 
+		/**
+		 * Check current admin permissions (when called from Front-End) based on it's group permissions in specified category (for non-system permissions) or just checks if system permission is set
+		 *
+		 * @param string $name permission name
+		 * @param int $cat_id category id, current used if not specified
+		 * @param int $type permission type {1 - system, 0 - per category}
+		 * @return int
+		 */
+		function CheckAdminPermission($name, $type = 1, $cat_id = null)
+		{
+			if ( $this->Application->isAdmin ) {
+				return $this->CheckPermission($name, $type, $cat_id);
+			}
+
+			$user_id = $this->Application->RecallVar('admin_user_id');
+			return $this->CheckUserPermission($user_id, $name, $type, $cat_id);
+		}
+
 		function CheckUserPermission($user_id, $name, $type = 1, $cat_id = null)
 		{
+			$user_id = (int)$user_id;
+
 			if ( $user_id == USER_ROOT ) {
 				// "root" is allowed anywhere
 				return substr($name, -5) == '.deny' || $name == 'SYSTEM_ACCESS.READONLY' ? 0 : 1;
@@ -565,18 +596,28 @@
 			// perm cache is build only based on records in db, that's why if permission is not explicitly denied, then
 			// that (perm cache creator) code thinks that it is allowed & adds corresponding record and code below will
 			// return incorrect results
-
 			if ( $user_id == $this->Application->RecallVar('user_id') ) {
-				$groups = explode(',', $this->Application->RecallVar('UserGroups'));
+				$groups = $this->Application->RecallVar('UserGroups');
 			}
-			else { // checking not current user
-				$sql = 'SELECT GroupId
-						FROM ' . TABLE_PREFIX . 'UserGroup
-						WHERE (PortalUserId = ' . $user_id . ') AND ( (MembershipExpires IS NULL) OR ( MembershipExpires >= UNIX_TIMESTAMP() ) )';
-				$groups = $this->Conn->GetCol($sql);
-				array_push($groups, $this->Application->ConfigValue('User_LoggedInGroup'));
+			else {
+				// checking not current user
+				$groups = $this->Application->RecallVar('UserGroups:' . $user_id);
+
+				if ( $groups === false ) {
+//					die('me');
+					$sql = 'SELECT GroupId
+							FROM '.TABLE_PREFIX.'UserGroup
+							WHERE (PortalUserId = '.$user_id.') AND ( (MembershipExpires IS NULL) OR ( MembershipExpires >= UNIX_TIMESTAMP() ) )';
+					$groups = $this->Conn->GetCol($sql);
+
+					array_push($groups, $this->Application->ConfigValue('User_LoggedInGroup') );
+					$groups = implode(',', $groups);
+
+					$this->Application->StoreVar('UserGroups:' . $user_id, $groups);
+				}
 			}
 
+			$groups = explode(',', $groups);
 			$cache_key = $name . '|' . $type . '|' . $cat_id . '|' . implode(',', $groups);
 			$perm_value = $this->Application->getCache('permissions[%' . ($type == 1 ? 'G' : 'C') . 'PermSerial%]:' . $cache_key);