Index: branches/RC/core/units/general/helpers/permissions_helper.php
===================================================================
diff -u -N -r11693 -r11724
--- branches/RC/core/units/general/helpers/permissions_helper.php	(.../permissions_helper.php)	(revision 11693)
+++ branches/RC/core/units/general/helpers/permissions_helper.php	(.../permissions_helper.php)	(revision 11724)
@@ -102,33 +102,25 @@
 					// main item, add permission allowed, but ID is > 0, then deny permission
 					// how to get id here
 				}
+
 				if ($perm_status) {
 					return $perm_status;
 				}
 			}
 
-			if (!$perm_status) {
-				if ($this->Application->isDebugMode()) {
-					// for debugging purposes
-					$event->SetRedirectParam('section', $section);
-					$event->SetRedirectParam('main_prefix', $top_prefix);
-					$event->SetRedirectParam('event_name', $event->Name);
-					$event->SetRedirectParam('next_template', $this->Application->GetVar('t'));
-				}
-				$event->status = erPERM_FAIL;
-			}
-			return $perm_status;
+			return $this->finalizePermissionCheck($event, $perm_status);
 		}
 
 		/**
 		 * Returns owner + primary category for each item (used for permission checking)
 		 *
 		 * @param string $prefix
 		 * @param string $ids
+		 * @param bool $temp_mode
 		 * @return Array
 		 * @author Alex
 		 */
-		function GetCategoryItemData($prefix, $ids)
+		function GetCategoryItemData($prefix, $ids, $temp_mode = false)
 		{
 			if (is_array($ids)) {
 				$ids = implode(',', $ids);
@@ -137,6 +129,11 @@
 			$table_name = $this->Application->getUnitOption($prefix, 'TableName');
 			$ci_table = $this->Application->getUnitOption('ci', 'TableName');
 
+			if ($temp_mode) {
+				$table_name = $this->Application->GetTempName($table_name, 'prefix:' . $prefix);
+				$ci_table = $this->Application->GetTempName($ci_table, 'prefix:' . $prefix);
+			}
+
 			$owner_field = $this->Application->getUnitOption($prefix, 'OwnerField');
 			if (!$owner_field) {
 				$owner_field = 'CreatedById';
@@ -150,97 +147,113 @@
 		}
 
 		/**
-		 * Checks non-system permission on event per category basis
+		 * Check category-based permissions for category items
 		 *
 		 * @param kEvent $event
 		 */
-		function CheckEventCategoryPermission(&$event, $event_perm_mapping)
-		{
-			// mapping between specific permissions and common permissions
-			$perm_mapping = Array('add' => 'ADD', 'add.pending' => 'ADD.PENDING', 'edit' => 'MODIFY', 'edit.pending' => 'MODIFY.PENDING', 'delete' => 'DELETE', 'view' => 'VIEW');
+//		function CheckEventCategoryPermission_OLD(&$event, $event_perm_mapping)
+//		{
+//			// mapping between specific permissions and common permissions
+//			static $perm_mapping = Array(
+//				'add' => 'ADD', 'add.pending' => 'ADD.PENDING', 'edit' => 'MODIFY',
+//				'edit.pending' => 'MODIFY.PENDING', 'delete' => 'DELETE', 'view' => 'VIEW'
+//			);
+//
+//			$top_prefix = $event->getEventParam('top_prefix');
+//			$event_handler =& $this->Application->recallObject($event->Prefix.'_EventHandler');
+//			/* @var $event_handler kCatDBEventHandler */
+//
+//			$raise_warnings = $event->getEventParam('raise_warnings');
+//			$event->setEventParam('raise_warnings', 0);
+//			if ($event->Prefix != $top_prefix) {
+//				$top_event = new kEvent($top_prefix.':'.$event->Name);
+//				$id = $event_handler->getPassedID($top_event);
+//			}
+//			else {
+//				$id = $event_handler->getPassedID($event);
+//			}
+//			$event->setEventParam('raise_warnings', $raise_warnings);
+//
+//			$owner_id = -1; // owner is root if not detected
+//			if (!$id) {
+//				// item being created -> check by current (before editing started, saved in OnPreCreate event) category permissions
+//				// note: category in session is placed on catalog data import start
+//				$category_id = $this->Application->IsAdmin() ? $this->Application->RecallVar('m_cat_id') : $this->Application->GetVar('m_cat_id');
+//			}
+//			elseif ($top_prefix == 'c' || $top_prefix == 'st') {
+//				$category_id = $id;
+//			}
+//			else {
+//				// item being edited -> check by it's primary category permissions
+//				$items_info = $this->GetCategoryItemData($top_prefix, $id);
+//				$category_id = $items_info[$id]['CategoryId'];
+//				$owner_id = $items_info[$id]['CreatedById'];
+//			}
+//
+//			// specific permission check for pending & owner permissions: begin
+//			$uploader_events = Array ('OnUploadFile', 'OnDeleteFile', 'OnViewFile');
+//			if (in_array($event->Name, $uploader_events)) {
+//				// don't recall target object during uploader-related, because OnItemLoad will use incorrect
+//				// $user_id in Firefox (during Flash problems session will be used from Internet Exploere)
+//				$new_item = false;
+//			}
+//			else {
+//				$new_item = $this->Application->IsAdmin() && $event_handler->isNewItemCreate($event) ? true : false;
+//				$check_status = $this->checkCombinedPermissions($event, $owner_id, (int)$category_id, $new_item);
+//			}
+//
+//			if (isset($check_status)) {
+//				return $this->finalizePermissionCheck($event, $check_status);
+//			}
+//			// specific permission check for pending & owner permissions: end
+//
+//			$perm_status = false;
+//			$check_perms = $this->getPermissionByEvent($event, $event_perm_mapping);
+//
+//			if ($check_perms === true) {
+//				// event is defined in mapping but is not checked by permissions
+//				return true;
+//			}
+//
+//			$item_prefix = $this->Application->getUnitOption($top_prefix, 'PermItemPrefix');
+//			foreach ($check_perms as $perm_name) {
+//				// check if at least one of required permissions is set
+//				if (!isset($perm_mapping[$perm_name])) {
+//					// not mapped permission (e.g. advanced:approve) -> skip
+//					continue;
+//				}
+//				$perm_name = $item_prefix.'.'.$perm_mapping[$perm_name];
+//				$perm_status = $this->CheckPermission($perm_name, 0, (int)$category_id);
+//
+//				if ($perm_status) {
+//					return $perm_status;
+//				}
+//			}
+//
+//			return $this->finalizePermissionCheck($event, $perm_status);
+//		}
 
-			$top_prefix = $event->getEventParam('top_prefix');
-			$event_handler =& $this->Application->recallObject($event->Prefix.'_EventHandler');
-			/* @var $event_handler kCatDBEventHandler */
-
-			$raise_warnings = $event->getEventParam('raise_warnings');
-			$event->setEventParam('raise_warnings', 0);
-			if ($event->Prefix != $top_prefix) {
-				$top_event = new kEvent($top_prefix.':'.$event->Name);
-				$id = $event_handler->getPassedID($top_event);
-			}
-			else {
-				$id = $event_handler->getPassedID($event);
-			}
-			$event->setEventParam('raise_warnings', $raise_warnings);
-
-			$owner_id = -1; // owner is root if not detected
-			if (!$id) {
-				// item being created -> check by current (before editing started, saved in OnPreCreate event) category permissions
-				// note: category in session is placed on catalog data import start
-				$category_id = $this->Application->IsAdmin() ? $this->Application->RecallVar('m_cat_id') : $this->Application->GetVar('m_cat_id');
-			}
-			elseif ($top_prefix == 'c' || $top_prefix == 'st') {
-				$category_id = $id;
-			}
-			else {
-				// item being edited -> check by it's primary category permissions
-				$items_info = $this->GetCategoryItemData($top_prefix, $id);
-				$category_id = $items_info[$id]['CategoryId'];
-				$owner_id = $items_info[$id]['CreatedById'];
-			}
-
-			// specific permission check for pending & owner permissions: begin
-			$uploader_events = Array ('OnUploadFile', 'OnDeleteFile', 'OnViewFile');
-			if (in_array($event->Name, $uploader_events)) {
-				// don't recall target object during uploader-related, because OnItemLoad will use incorrect
-				// $user_id in Firefox (during Flash problems session will be used from Internet Exploere)
-				$new_item = false;
-			}
-			else {
-				$new_item = $this->Application->IsAdmin() && $event_handler->isNewItemCreate($event) ? true : false;
-				$check_status = $this->checkCombinedPermissions($event, $owner_id, (int)$category_id, $new_item);
-			}
-
-			if (isset($check_status)) {
-				return $check_status;
-			}
-			// specific permission check for pending & owner permissions: end
-
-			$perm_status = false;
-			$check_perms = $this->getPermissionByEvent($event, $event_perm_mapping);
-
-			if ($check_perms === true) {
-				// event is defined in mapping but is not checked by permissions
-				return true;
-			}
-
-			$item_prefix = $this->Application->getUnitOption($top_prefix, 'PermItemPrefix');
-			foreach ($check_perms as $perm_name) {
-				// check if at least one of required permissions is set
-				if (!isset($perm_mapping[$perm_name])) {
-					// not mapped permission (e.g. advanced:approve) -> skip
-					continue;
-				}
-				$perm_name = $item_prefix.'.'.$perm_mapping[$perm_name];
-				$perm_status = $this->CheckPermission($perm_name, 0, (int)$category_id);
-
-				if ($perm_status) {
-					return $perm_status;
-				}
-			}
-
+		/**
+		 * Finalizes permission checking (with additional debug output, when in debug mode)
+		 *
+		 * @param kEvent $event
+		 * @param bool $perm_status
+		 * @return bool
+		 */
+		function finalizePermissionCheck(&$event, $perm_status)
+		{
 			if (!$perm_status) {
-				$event->SetRedirectParam('index_file', 'index.php');	// because called from browse.php
 				if ($this->Application->isDebugMode()) {
 					// for debugging purposes
 					$event->SetRedirectParam('section', $event->getSection());
-					$event->SetRedirectParam('main_prefix', $top_prefix);
+					$event->SetRedirectParam('main_prefix', $event->getEventParam('top_prefix'));
 					$event->SetRedirectParam('event_name', $event->Name);
 					$event->SetRedirectParam('next_template', $this->Application->GetVar('t'));
 				}
+
 				$event->status = erPERM_FAIL;
 			}
+
 			return $perm_status;
 		}
 
@@ -294,6 +307,38 @@
 			return $ret;
 		}
 
+		/**
+		 * Simplified permission check for category items, when adding/editing them from advanced view.
+		 *
+		 * @param kEvent $event
+		 * @return mixed
+		 */
+		function CheckEventCategoryPermission(&$event, $event_perm_mapping)
+		{
+			if (substr($event->Name, 0, 9) == 'OnPreSave') {
+				// check separately, because permission mapping is not defined for OnPreSave* events
+				$check_perms = Array ('add', 'edit');
+			}
+			else {
+				$check_perms = $this->getPermissionByEvent($event, $event_perm_mapping);
+			}
+
+			if ($check_perms === true) {
+				// event is defined in mapping but is not checked by permissions
+				return true;
+			}
+
+			// 1. most of events does require admin login only
+			$perm_status = $this->Application->LoggedIn() && $this->Application->IsAdmin();
+
+			// 2. in case, when event require more, then "view" right, then restrict it to temporary tables only
+			if (!in_array('view', $check_perms)) {
+				$perm_status = $perm_status && $this->Application->IsTempMode($event->Prefix, $event->Special);
+			}
+
+			return $this->finalizePermissionCheck($event, $perm_status);
+		}
+
 		function TagPermissionCheck($params, $is_owner = false)
 		{
 			$perm_prefix = getArrayValue($params, 'perm_prefix');