Index: branches/RC/core/units/general/helpers/permissions_helper.php
===================================================================
diff -u -N -r11724 -r11823
--- branches/RC/core/units/general/helpers/permissions_helper.php	(.../permissions_helper.php)	(revision 11724)
+++ branches/RC/core/units/general/helpers/permissions_helper.php	(.../permissions_helper.php)	(revision 11823)
@@ -151,88 +151,88 @@
 		 *
 		 * @param kEvent $event
 		 */
-//		function CheckEventCategoryPermission_OLD(&$event, $event_perm_mapping)
-//		{
-//			// mapping between specific permissions and common permissions
-//			static $perm_mapping = Array(
-//				'add' => 'ADD', 'add.pending' => 'ADD.PENDING', 'edit' => 'MODIFY',
-//				'edit.pending' => 'MODIFY.PENDING', 'delete' => 'DELETE', 'view' => 'VIEW'
-//			);
-//
-//			$top_prefix = $event->getEventParam('top_prefix');
-//			$event_handler =& $this->Application->recallObject($event->Prefix.'_EventHandler');
-//			/* @var $event_handler kCatDBEventHandler */
-//
-//			$raise_warnings = $event->getEventParam('raise_warnings');
-//			$event->setEventParam('raise_warnings', 0);
-//			if ($event->Prefix != $top_prefix) {
-//				$top_event = new kEvent($top_prefix.':'.$event->Name);
-//				$id = $event_handler->getPassedID($top_event);
-//			}
-//			else {
-//				$id = $event_handler->getPassedID($event);
-//			}
-//			$event->setEventParam('raise_warnings', $raise_warnings);
-//
-//			$owner_id = -1; // owner is root if not detected
-//			if (!$id) {
-//				// item being created -> check by current (before editing started, saved in OnPreCreate event) category permissions
-//				// note: category in session is placed on catalog data import start
-//				$category_id = $this->Application->IsAdmin() ? $this->Application->RecallVar('m_cat_id') : $this->Application->GetVar('m_cat_id');
-//			}
-//			elseif ($top_prefix == 'c' || $top_prefix == 'st') {
-//				$category_id = $id;
-//			}
-//			else {
-//				// item being edited -> check by it's primary category permissions
-//				$items_info = $this->GetCategoryItemData($top_prefix, $id);
-//				$category_id = $items_info[$id]['CategoryId'];
-//				$owner_id = $items_info[$id]['CreatedById'];
-//			}
-//
-//			// specific permission check for pending & owner permissions: begin
-//			$uploader_events = Array ('OnUploadFile', 'OnDeleteFile', 'OnViewFile');
-//			if (in_array($event->Name, $uploader_events)) {
-//				// don't recall target object during uploader-related, because OnItemLoad will use incorrect
-//				// $user_id in Firefox (during Flash problems session will be used from Internet Exploere)
-//				$new_item = false;
-//			}
-//			else {
-//				$new_item = $this->Application->IsAdmin() && $event_handler->isNewItemCreate($event) ? true : false;
-//				$check_status = $this->checkCombinedPermissions($event, $owner_id, (int)$category_id, $new_item);
-//			}
-//
-//			if (isset($check_status)) {
-//				return $this->finalizePermissionCheck($event, $check_status);
-//			}
-//			// specific permission check for pending & owner permissions: end
-//
-//			$perm_status = false;
-//			$check_perms = $this->getPermissionByEvent($event, $event_perm_mapping);
-//
-//			if ($check_perms === true) {
-//				// event is defined in mapping but is not checked by permissions
-//				return true;
-//			}
-//
-//			$item_prefix = $this->Application->getUnitOption($top_prefix, 'PermItemPrefix');
-//			foreach ($check_perms as $perm_name) {
-//				// check if at least one of required permissions is set
-//				if (!isset($perm_mapping[$perm_name])) {
-//					// not mapped permission (e.g. advanced:approve) -> skip
-//					continue;
-//				}
-//				$perm_name = $item_prefix.'.'.$perm_mapping[$perm_name];
-//				$perm_status = $this->CheckPermission($perm_name, 0, (int)$category_id);
-//
-//				if ($perm_status) {
-//					return $perm_status;
-//				}
-//			}
-//
-//			return $this->finalizePermissionCheck($event, $perm_status);
-//		}
+		function _frontCheckEventCategoryPermission(&$event, $event_perm_mapping)
+		{
+			// mapping between specific permissions and common permissions
+			static $perm_mapping = Array(
+				'add' => 'ADD', 'add.pending' => 'ADD.PENDING', 'edit' => 'MODIFY',
+				'edit.pending' => 'MODIFY.PENDING', 'delete' => 'DELETE', 'view' => 'VIEW'
+			);
 
+			$top_prefix = $event->getEventParam('top_prefix');
+			$event_handler =& $this->Application->recallObject($event->Prefix.'_EventHandler');
+			/* @var $event_handler kCatDBEventHandler */
+
+			$raise_warnings = $event->getEventParam('raise_warnings');
+			$event->setEventParam('raise_warnings', 0);
+			if ($event->Prefix != $top_prefix) {
+				$top_event = new kEvent($top_prefix.':'.$event->Name);
+				$id = $event_handler->getPassedID($top_event);
+			}
+			else {
+				$id = $event_handler->getPassedID($event);
+			}
+			$event->setEventParam('raise_warnings', $raise_warnings);
+
+			$owner_id = -1; // owner is root if not detected
+			if (!$id) {
+				// item being created -> check by current (before editing started, saved in OnPreCreate event) category permissions
+				// note: category in session is placed on catalog data import start
+				$category_id = $this->Application->IsAdmin() ? $this->Application->RecallVar('m_cat_id') : $this->Application->GetVar('m_cat_id');
+			}
+			elseif ($top_prefix == 'c' || $top_prefix == 'st') {
+				$category_id = $id;
+			}
+			else {
+				// item being edited -> check by it's primary category permissions
+				$items_info = $this->GetCategoryItemData($top_prefix, $id);
+				$category_id = $items_info[$id]['CategoryId'];
+				$owner_id = $items_info[$id]['CreatedById'];
+			}
+
+			// specific permission check for pending & owner permissions: begin
+			$uploader_events = Array ('OnUploadFile', 'OnDeleteFile', 'OnViewFile');
+			if (in_array($event->Name, $uploader_events)) {
+				// don't recall target object during uploader-related, because OnItemLoad will use incorrect
+				// $user_id in Firefox (during Flash problems session will be used from Internet Exploere)
+				$new_item = false;
+			}
+			else {
+				$new_item = $this->Application->IsAdmin() && $event_handler->isNewItemCreate($event) ? true : false;
+				$check_status = $this->checkCombinedPermissions($event, $owner_id, (int)$category_id, $new_item);
+			}
+
+			if (isset($check_status)) {
+				return $this->finalizePermissionCheck($event, $check_status);
+			}
+			// specific permission check for pending & owner permissions: end
+
+			$perm_status = false;
+			$check_perms = $this->getPermissionByEvent($event, $event_perm_mapping);
+
+			if ($check_perms === true) {
+				// event is defined in mapping but is not checked by permissions
+				return true;
+			}
+
+			$item_prefix = $this->Application->getUnitOption($top_prefix, 'PermItemPrefix');
+			foreach ($check_perms as $perm_name) {
+				// check if at least one of required permissions is set
+				if (!isset($perm_mapping[$perm_name])) {
+					// not mapped permission (e.g. advanced:approve) -> skip
+					continue;
+				}
+				$perm_name = $item_prefix.'.'.$perm_mapping[$perm_name];
+				$perm_status = $this->CheckPermission($perm_name, 0, (int)$category_id);
+
+				if ($perm_status) {
+					return $perm_status;
+				}
+			}
+
+			return $this->finalizePermissionCheck($event, $perm_status);
+		}
+
 		/**
 		 * Finalizes permission checking (with additional debug output, when in debug mode)
 		 *
@@ -315,6 +315,11 @@
 		 */
 		function CheckEventCategoryPermission(&$event, $event_perm_mapping)
 		{
+			if (!$this->Application->IsAdmin()) {
+				// check front-end permission by old scheme
+				return $this->_frontCheckEventCategoryPermission($event, $event_perm_mapping);
+			}
+
 			if (substr($event->Name, 0, 9) == 'OnPreSave') {
 				// check separately, because permission mapping is not defined for OnPreSave* events
 				$check_perms = Array ('add', 'edit');