Index: branches/RC/core/units/admin/admin_events_handler.php
===================================================================
diff -u -r9542 -r9639
--- branches/RC/core/units/admin/admin_events_handler.php	(.../admin_events_handler.php)	(revision 9542)
+++ branches/RC/core/units/admin/admin_events_handler.php	(.../admin_events_handler.php)	(revision 9639)
@@ -9,6 +9,12 @@
 			'OnSaveColumns'		=>	array('self' => true),
 			'OnClosePopup'		=>	array('self' => true),
 			'OnSaveSetting'		=>	array('self' => true),
+			// export/import permissions is checked within events
+			'OnExportCSV'		=>	Array('self' => true),
+			'OnGetCSV'			=>	Array('self' => true),
+			'OnCSVImportBegin'	=>	Array('self' => true),
+			'OnCSVImportStep'	=>	Array('self' => true),
+			'OnDropTempTablesByWID'		=>	array('self' => true),
 		);
 		$this->permMapping = array_merge($this->permMapping, $permissions);
 	}
@@ -240,6 +246,14 @@
 	}
 
 	/**
+	 * Occurs right before echoing the output, in Done method of application, used mainly as hook-to event
+	 *
+	 * @param kEvent $event
+	 */
+	function OnBeforeShutdown(&$event)
+	{
+	}
+	/**
 	 * Is called after tree was build (when not from cache)
 	 *
 	 * @param kEvent $event
@@ -249,6 +263,116 @@
 
 	}
 
+	/**
+	 * Called by AJAX to perform CSV export
+	 *
+	 * @param kEvent $event
+	 */
+	function OnExportCSV(&$event)
+	{
+		$export_helper =& $this->Application->recallObject('CSVHelper');
+		/* @var $export_helper kCSVHelper */
+		
+		$prefix_special = $this->Application->GetVar('PrefixSpecial');
+		if(!$prefix_special) {
+			$prefix_special = $export_helper->ExportData('prefix');
+		}
+		$prefix_elems = split('\.|_', $prefix_special, 2);
+		$perm_sections = $this->Application->getUnitOption($prefix_elems[0], 'PermSection');
+		if(!$this->Application->CheckPermission($perm_sections['main'].'.view')) {
+			$this->Application->Redirect('no_permission');
+		}
+		
+		$export_helper->PrefixSpecial = $prefix_special;
+		$export_helper->grid = $this->Application->GetVar('grid');
+		$export_helper->ExportStep();
+		$event->status = erSTOP;
+	}
+
+	/**
+	 * Returning created by AJAX CSV file
+	 *
+	 * @param kEvent $event
+	 */
+	function OnGetCSV(&$event)
+	{
+		$export_helper =& $this->Application->recallObject('CSVHelper');
+		/* @var $export_helper kCSVHelper */
+		
+		$prefix_special = $export_helper->ExportData('prefix');
+		$prefix_elems = split('\.|_', $prefix_special, 2);
+		$perm_sections = $this->Application->getUnitOption($prefix_elems[0], 'PermSection');
+		
+		if(!$this->Application->CheckPermission($perm_sections['main'].'.view')) {
+			$this->Application->Redirect('no_permission');
+		}
+		
+		$export_helper->GetCSV();
+	}
+
+	/**
+	 * Enter description here...
+	 *
+	 * @param kEvent $event
+	 */
+	function OnCSVImportBegin(&$event)
+	{
+		$prefix_special = $this->Application->GetVar('PrefixSpecial');
+		$prefix_elems = split('\.|_', $prefix_special, 2);
+		$perm_sections = $this->Application->getUnitOption($prefix_elems[0], 'PermSection');
+		
+		if(!$this->Application->CheckPermission($perm_sections['main'].'.add') && !$this->Application->CheckPermission($perm_sections['main'].'.edit')) {
+			$this->Application->Redirect('no_permission');
+		}
+		
+		$object =& $event->getObject( Array('skip_autoload' => true) );
+		/* @var $object kDBItem */
+		$items_info = $this->Application->GetVar( $event->getPrefixSpecial(true) );
+		$field_values = array_shift($items_info);
+		$object->SetFieldsFromHash($field_values);
+
+		$event->redirect = false;
+		$result = 'required';
+		if($object->GetDBField('ImportFile')) {
+			$import_helper =& $this->Application->recallObject('CSVHelper');
+			/* @var $import_helper kCSVHelper */
+			$import_helper->PrefixSpecial = $this->Application->GetVar('PrefixSpecial');
+			$import_helper->grid = $this->Application->GetVar('grid');
+			$result = $import_helper->ImportStart( $object->GetField('ImportFile', 'file_paths') );
+			if($result === true) {
+				$event->redirect = $this->Application->GetVar('next_template');
+				$event->SetRedirectParam('PrefixSpecial', $this->Application->GetVar('PrefixSpecial'));
+				$event->SetRedirectParam('grid', $this->Application->GetVar('grid'));
+			}
+		}
+
+		if($event->redirect === false) {
+			$object->SetError('ImportFile', $result);
+			$event->status = erFAIL;
+		}
+	}
+
+	/**
+	 * Enter description here...
+	 *
+	 * @param kEvent $event
+	 */
+	function OnCSVImportStep(&$event)
+	{
+		$import_helper =& $this->Application->recallObject('CSVHelper');
+		/* @var $export_helper kCSVHelper */
+		
+		$prefix_special = $import_helper->ImportData('prefix');
+		$prefix_elems = split('\.|_', $prefix_special, 2);
+		$perm_sections = $this->Application->getUnitOption($prefix_elems[0], 'PermSection');
+		if(!$this->Application->CheckPermission($perm_sections['main'].'.add') && !$this->Application->CheckPermission($perm_sections['main'].'.edit')) {
+			$this->Application->Redirect('no_permission');
+		}
+		
+		$import_helper->ImportStep();
+		$event->status = erSTOP;
+	}  
+
 	function OnCheckPrefixConfig(&$event)
 	{
 		$prefix = $this->Application->GetVar('config_prefix');
@@ -258,4 +382,69 @@
 		$event->redirect = false;
 	}
 
+	function OnUploadFile(&$event)
+	{
+		// Flash uploader does NOT send correct cookies, so we need to make our own check
+		$cookie_name = 'adm_'.$this->Application->ConfigValue('SessionCookieName');
+		$this->Application->HttpQuery->Cookie['cookies_on'] = 1;
+		$this->Application->HttpQuery->Cookie[$cookie_name] = $this->Application->GetVar('flashsid');
+
+		$admin_ses =& $this->Application->recallObject('Session.admin');
+		/* @var $admin_ses Session */
+		$user = $admin_ses->RecallVar('user_id');
+		$perm_helper =& $this->Application->recallObject('PermissionsHelper');
+		/* @var $perm_helper kPermissionsHelper */
+
+		/*if() {
+			$prefix_special = $this->Application->GetVar('PrefixSpecial');
+			$prefix_elems = split('\.|_', $prefix_special, 2);
+			$perm_sections = $this->Application->getUnitOption($prefix_elems[0], 'PermSection');
+			$section = $perm_sections['main'];
+		}
+		else {*/
+			$section = $event->getSection();
+		/*}*/
+		
+		if ($this->Application->GetVar('t') != 'import/import_start' && !$perm_helper->CheckUserPermission($user, $section.'.add') && !$perm_helper->CheckUserPermission($user, $section.'.edit')) {
+			$event->status = erPERM_FAIL;
+			header('HTTP/1.0 403 You don\'t have permissions to upload');
+			exit;
+			return;
+		}
+
+		if (!$cookie_name) $cookie_name = 'sid';
+
+		$value = $this->Application->GetVar('Filedata');
+		if (!$value) return ;
+		$tmp_path = WRITEABLE.'/tmp/';
+		$fname = $value['name'];
+		$id = $this->Application->GetVar('id');
+		if ($id) $fname = $id.'_'.$fname;
+
+		if (!is_writable($tmp_path)) {
+			header('HTTP/1.0 500 Write permissions not set on the server');
+			exit;
+		}
+
+		move_uploaded_file($value['tmp_name'], $tmp_path.$fname);
+		exit;
+	}
+
+	function OnDropTempTablesByWID(&$event)
+	{
+		$sid = $this->Application->GetSID();
+		$wid = $this->Application->GetVar('m_wid');
+		$tables = $this->Conn->GetCol('SHOW TABLES');
+		$mask_edit_table = '/'.TABLE_PREFIX.'ses_'.$sid.'_'.$wid.'_edit_(.*)$/';
+		foreach($tables as $table)
+		{
+			if( preg_match($mask_edit_table,$table,$rets) )
+			{
+				$this->Conn->Query('DROP TABLE IF EXISTS '.$table);
+			}
+		}
+		echo 'OK';
+		$event->status = erSTOP;
+		return ;
+	}
 }
\ No newline at end of file