Index: trunk/core/units/general/cat_event_handler.php
===================================================================
diff -u -N -r8012 -r8104
--- trunk/core/units/general/cat_event_handler.php	(.../cat_event_handler.php)	(revision 8012)
+++ trunk/core/units/general/cat_event_handler.php	(.../cat_event_handler.php)	(revision 8104)
@@ -61,27 +61,32 @@
 				}
 			}
 
-			$id_field = $this->Application->getUnitOption($event->Prefix, 'IDField');
-			$table_name = $this->Application->getUnitOption($event->Prefix, 'TableName');
-			$sql = 'SELECT '.$id_field.', CreatedById, ci.CategoryId
-					FROM '.$table_name.' item_table
-					LEFT JOIN '.$this->Application->getUnitOption('ci', 'TableName').' ci ON ci.ItemResourceId = item_table.ResourceId
-					WHERE '.$id_field.' IN ('.$selected_ids.') AND (ci.PrimaryCat = 1)';
-			$items = $this->Conn->Query($sql, $id_field);
-
 			$perm_value = true;
-			$perm_helper =& $this->Application->recallObject('PermissionsHelper');
-			foreach ($items as $item_id => $item_data) {
-				if ($perm_helper->ModifyCheckPermission($item_data['CreatedById'], $item_data['CategoryId'], $event->Prefix) == 0) {
-					// one of items selected has no permission
-					$perm_value = false;
-					break;
+			if (strlen($selected_ids)) {
+				$id_field = $this->Application->getUnitOption($event->Prefix, 'IDField');
+				$table_name = $this->Application->getUnitOption($event->Prefix, 'TableName');
+				$sql = 'SELECT '.$id_field.', CreatedById, ci.CategoryId
+						FROM '.$table_name.' item_table
+						LEFT JOIN '.$this->Application->getUnitOption('ci', 'TableName').' ci ON ci.ItemResourceId = item_table.ResourceId
+						WHERE '.$id_field.' IN ('.$selected_ids.') AND (ci.PrimaryCat = 1)';
+				$items = $this->Conn->Query($sql, $id_field);
+
+				$perm_helper =& $this->Application->recallObject('PermissionsHelper');
+				foreach ($items as $item_id => $item_data) {
+					if ($perm_helper->ModifyCheckPermission($item_data['CreatedById'], $item_data['CategoryId'], $event->Prefix) == 0) {
+						// one of items selected has no permission
+						$perm_value = false;
+						break;
+					}
 				}
-			}
 
-			if (!$perm_value) {
-				$event->status = erPERM_FAIL;
+				if (!$perm_value) {
+					$event->status = erPERM_FAIL;
+				}
 			}
+			else {
+				trigger_error('IDs not passed to '.$event->getPrefixSpecial().':CheckPermission', E_USER_WARNING);
+			}
 
 			return $perm_value;
 		}
@@ -595,6 +600,13 @@
 			}
 			$object->Fields['Status']['options'] = $new_options;
 		}
+		elseif (!$this->Application->IsAdmin() && $object->GetDBField('Status') != 1 && $object->Prefix != 'cms') {
+			header('HTTP/1.0 404 Not Found');
+			while (ob_get_level()) { ob_end_clean();	}
+			$this->Application->HTML = $this->Application->ParseBlock(array('name'=>$this->Application->ConfigValue('ErrorTemplate')));
+			$this->Application->Done();
+			exit();
+		}
 
 	}
 
@@ -1397,10 +1409,10 @@
 
 		$export_options = $export_object->loadOptions($event);
 		echo $export_options['start_from']  * 100 / $export_options['total_records'];
-		
+
 		$event->status = erSTOP;
 	}
-	
+
 	/**
 	 * Returns specific to each item type columns only
 	 *