Index: branches/5.3.x/core/kernel/db/cat_event_handler.php
===================================================================
diff -u -N -r15810 -r15902
--- branches/5.3.x/core/kernel/db/cat_event_handler.php	(.../cat_event_handler.php)	(revision 15810)
+++ branches/5.3.x/core/kernel/db/cat_event_handler.php	(.../cat_event_handler.php)	(revision 15902)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: cat_event_handler.php 15810 2013-06-25 14:19:21Z alex $
+* @version	$Id: cat_event_handler.php 15902 2013-07-12 15:37:15Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -601,7 +601,7 @@
 		parent::SetCustomQuery($event);
 
 		$object = $event->getObject();
-		/* @var $object kDBList */
+		/* @var $object kCatDBList */
 
 		// add category filter if needed
 		if ($event->Special != 'showall' && $event->Special != 'user') {
@@ -655,22 +655,8 @@
 			$object->addFilter('owner_filter', '%1$s.'.$this->getOwnerField($event->Prefix).' = '.$editable_user);
 		}
 
-		// add permission filter
-		if ($this->Application->RecallVar('user_id') == USER_ROOT) {
-			// for "root" CATEGORY.VIEW permission is checked for items lists too
-			$view_perm = 1;
-		}
-		else {
-			// for any real user itemlist view permission is checked instead of CATEGORY.VIEW
-			$count_helper = $this->Application->recallObject('CountHelper');
-			/* @var $count_helper kCountHelper */
+		$this->applyViewPermissionFilter($object);
 
-			list ($view_perm, $view_filter) = $count_helper->GetPermissionClause($event->Prefix, 'perm');
-			$object->addFilter('perm_filter2', $view_filter);
-		}
-
-		$object->addFilter('perm_filter', 'perm.PermId = '.$view_perm);
-
 		$types = $event->getEventParam('types');
 		$this->applyItemStatusFilter($object, $types);
 
@@ -684,6 +670,36 @@
 	}
 
 	/**
+	 * Adds filter, that uses *.VIEW permissions to determine if an item should be shown to a user.
+	 *
+	 * @param kCatDBList $object Object.
+	 *
+	 * @return void
+	 * @access protected
+	 */
+	protected function applyViewPermissionFilter(kCatDBList $object)
+	{
+		if ( !$this->Application->ConfigValue('CheckViewPermissionsInCatalog') ) {
+			return;
+		}
+
+		if ( $this->Application->RecallVar('user_id') == USER_ROOT ) {
+			// for "root" CATEGORY.VIEW permission is checked for items lists too
+			$view_perm = 1;
+		}
+		else {
+			// for any real user item list view permission is checked instead of CATEGORY.VIEW
+			$count_helper = $this->Application->recallObject('CountHelper');
+			/* @var $count_helper kCountHelper */
+
+			list ($view_perm, $view_filter) = $count_helper->GetPermissionClause($object->Prefix, 'perm');
+			$object->addFilter('perm_filter2', $view_filter);
+		}
+
+		$object->addFilter('perm_filter', 'perm.PermId = ' . $view_perm);
+	}
+
+	/**
 	 * Adds filter that filters out items with non-required statuses
 	 *
 	 * @param kDBList $object
@@ -2521,6 +2537,7 @@
 
 						$object->Load($cloned_ids[0]);
 						$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+						$event->setEventParam('form_data', $field_values);
 
 						// 1a. delete record from CategoryItems (about cloned item) that was automatically created during call of Create method of kCatDBItem
 						$ci_table = $this->Application->getUnitConfig('ci')->getTableName();
@@ -2542,6 +2559,7 @@
 					else {
 						// 2. user has pending copy of live item -> just update field values
 						$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+						$event->setEventParam('form_data', $field_values);
 					}
 
 					// update id in request (used for redirect in mod-rewrite mode)
@@ -2550,6 +2568,7 @@
 				else {
 					// 3. already editing pending copy -> just update field values
 					$object->SetFieldsFromHash($field_values, $this->getRequestProtectedFields($field_values));
+					$event->setEventParam('form_data', $field_values);
 				}
 
 				if ($object->Update()) {
@@ -2832,6 +2851,8 @@
 		parent::OnAfterConfigRead($event);
 
 		if (defined('IS_INSTALL') && IS_INSTALL) {
+			$this->addViewPermissionJoin($event);
+
 			return ;
 		}
 
@@ -2843,7 +2864,7 @@
 			$file_helper->createItemFiles($event->Prefix, false); // create file fields
 		}
 
-		$this->changeSortings($event);
+		$this->changeSortings($event)->addViewPermissionJoin($event);
 
 		// add grids for advanced view (with primary category column)
 		$config = $event->getUnitConfig();
@@ -2864,7 +2885,15 @@
 		$config->setVirtualFields($virtual_fields);
 	}
 
-	function changeSortings(kEvent $event)
+	/**
+	 * Changes default sorting according to system settings.
+	 *
+	 * @param kEvent $event Event.
+	 *
+	 * @return self
+	 * @access protected
+	 */
+	protected function changeSortings(kEvent $event)
 	{
 		$remove_sortings = Array ();
 		$config = $event->getUnitConfig();
@@ -2883,7 +2912,7 @@
 		}
 
 		if ( !$remove_sortings ) {
-			return;
+			return $this;
 		}
 
 		foreach ($config->getListSortingSpecials() as $special) {
@@ -2895,9 +2924,38 @@
 
 			$config->setListSortingsBySpecial('', $list_sortings);
 		}
+
+		return $this;
 	}
 
 	/**
+	 * Adds permission table table JOIN clause only, when advanced catalog view permissions enabled.
+	 *
+	 * @param kEvent $event Event.
+	 *
+	 * @return self
+	 * @access protected
+	 */
+	protected function addViewPermissionJoin(kEvent $event)
+	{
+		if ( $this->Application->ConfigValue('CheckViewPermissionsInCatalog') ) {
+			$join_clause = 'LEFT JOIN ' . TABLE_PREFIX . 'CategoryPermissionsCache perm ON perm.CategoryId = ' . TABLE_PREFIX . '%3$sCategoryItems.CategoryId';
+		}
+		else {
+			$join_clause = '';
+		}
+
+		$config = $event->getUnitConfig();
+
+		foreach ( $config->getListSQLSpecials() as $special ) {
+			$list_sql = str_replace('{PERM_JOIN}', $join_clause, $config->getListSQLsBySpecial($special));
+			$config->setListSQLsBySpecial($special, $list_sql);
+		}
+
+		return $this;
+	}
+
+	/**
 	 * Returns file contents associated with item
 	 *
 	 * @param kEvent $event