Index: branches/unlabeled/unlabeled-1.17.2/kernel/units/general/helpers/permissions_helper.php
===================================================================
diff -u -r5858 -r5874
--- branches/unlabeled/unlabeled-1.17.2/kernel/units/general/helpers/permissions_helper.php	(.../permissions_helper.php)	(revision 5858)
+++ branches/unlabeled/unlabeled-1.17.2/kernel/units/general/helpers/permissions_helper.php	(.../permissions_helper.php)	(revision 5874)
@@ -222,18 +222,28 @@
 
 		function TagPermissionCheck($params, $tag_name)
 		{
+			$perm_prefix = getArrayValue($params, 'perm_prefix');
 			$perm_event = getArrayValue($params, 'perm_event');
 			$permission_groups = getArrayValue($params, 'permissions');
 
 			if ($permission_groups) {
+				// check permissions by permission names in current category
 				$this->showDebug('Tag <b>'.$tag_name.'</b> permission(-s): <b>'.$permission_groups.'</b>', $params);
 				$permission_groups = explode('|', $permission_groups);
 				$group_has_permission = false;
+				
+				$perm_category = $this->Application->GetVar('m_cat_id');
+				
+				if ($perm_prefix) {
+					// use primary category of item with id from {perm_prefix}_id as base for permission checking
+					$perm_category = $this->getPrimaryCategory($perm_prefix);
+				}
+				
 				foreach ($permission_groups as $permission_group) {
 					$permissions = explode(',', $permission_group);
 					$has_permission = true;
 					foreach ($permissions as $permission) {
-						$has_permission = $has_permission && $this->CheckPermission($permission, isset($params['system']) && $params['system'] ? 1 : 0);
+						$has_permission = $has_permission && $this->CheckPermission($permission, isset($params['system']) && $params['system'] ? 1 : 0, $perm_category);
 					}
 					$group_has_permission = $group_has_permission || $has_permission;
 
@@ -244,6 +254,7 @@
 				return false;
 			}
 			elseif ($perm_event) {
+				// check permission by event name
 				$this->showDebug('Tag <b>'.$tag_name.'</b> permission_event: <b>'.$perm_event.'</b>', $params);
 				list($prefix, $event) = explode(':', $perm_event);
 				$event_handler =& $this->Application->recallObject($prefix.'_EventHandler');
@@ -254,6 +265,29 @@
 		}
 
 		/**
+		 * Returns item's primary category (get item_id from request)
+		 *
+		 * @param string $prefix
+		 * @return int
+		 */
+		function getPrimaryCategory($prefix)
+		{
+			$id_field = $this->Application->getUnitOption($prefix, 'IDField');
+			$table_name = $this->Application->getUnitOption($prefix, 'TableName');
+			$id = $this->Application->GetVar($prefix.'_id');
+			
+			$sql = 'SELECT ResourceId
+					FROM '.$table_name.'
+					WHERE '.$id_field.' = '.$id;
+			$resource_id = $this->Conn->GetOne($sql);
+			
+			$sql = 'SELECT CategoryId
+					FROM '.$this->Application->getUnitOption('ci', 'TableName').'
+					WHERE ItemResourceId = '.$resource_id.' AND PrimaryCat = 1';
+			return $this->Conn->GetOne($sql);
+		}
+		
+		/**
 		 * Returns no permission template to redirect to
 		 *
 		 * @param Array $params