Index: trunk/kernel/units/reviews/reviews_event_handler.php
===================================================================
diff -u -N -r4689 -r5219
--- trunk/kernel/units/reviews/reviews_event_handler.php	(.../reviews_event_handler.php)	(revision 4689)
+++ trunk/kernel/units/reviews/reviews_event_handler.php	(.../reviews_event_handler.php)	(revision 5219)
@@ -1,6 +1,6 @@
 <?php
 
-	class ReviewsEventHandler extends InpDBEventHandler 
+	class ReviewsEventHandler extends InpDBEventHandler
 	{
 		/**
 		 * Checks permissions of user
@@ -11,12 +11,16 @@
 		{
 			if ($event->Name == 'OnAddReview') {
 				$item_prefix = $this->getPermPrefix($event);
-				return $this->Application->CheckPermission($item_prefix.'.REVIEW.PENDING', 0) || $this->Application->CheckPermission($item_prefix.'.REVIEW', 0);
+				$res = $this->Application->CheckPermission($item_prefix.'.REVIEW.PENDING', 0) || $this->Application->CheckPermission($item_prefix.'.REVIEW', 0);
+				if (!$res) {
+					$event->status = erPERM_FAIL;
+				}
+				return $res;
 			}
-			
+
 			return parent::CheckPermission($event);
 		}
-		
+
 		/**
 		 * Returns prefix for permissions
 		 *
@@ -27,11 +31,11 @@
 			$main_prefix = $this->Application->GetTopmostPrefix($event->Prefix);
 			// this will return LINK for l, ARTICLE for n, TOPIC for bb, PRODUCT for p
 			$item_prefix = $this->Application->getUnitOption($main_prefix, 'PermItemPrefix');
-			
+
 			return $item_prefix;
 		}
-		
-		
+
+
 		/**
 		 * Apply any custom changes to list's sql query
 		 *
@@ -47,17 +51,26 @@
 				case 'showall':
 					$object->clearFilters();
 					break;
-				
+
 				case 'products':
 					$object->removeFilter('parent_filter');	// this is important
 					$object->addFilter('product_reviews', '%1$s.ItemId = pr.ResourceId');
 				//	$object->addFilter('active', '%1$s.Status = 1');
-					
+
 					/*$this->Application->setUnitOption('p', 'AutoLoad', true);
 					$product =& $this->Application->recallObject('p');
 					$object->addFilter('current_product', 'pr.ResourceId = '.$product->GetDBField('ResourceId'));*/
 					break;
-					
+
+				case 'item':
+					$object->clearFilters();
+					$info = $object->getLinkedInfo();
+					$this->Application->setUnitOption($info['ParentPrefix'], 'AutoLoad', true);
+					$parent =& $this->Application->recallObject($info['ParentPrefix']);
+					$object->addFilter('item_reviews', '%1$s.ItemId = '.$parent->GetDBField('ResourceId'));
+					$object->addFilter('active', '%1$s.Status = 1');
+					break;
+
 				case 'product':
 					$object->clearFilters();
 					$object->addFilter('product_reviews', '%1$s.ItemId = pr.ResourceId');
@@ -68,7 +81,7 @@
 
 					break;
 			}
-			
+
 			if($event->getEventParam('type') == 'current_user')
 			{
 				$user_id = $this->Application->GetVar('u_id') ? $this->Application->GetVar('u_id') : -2;
@@ -79,10 +92,10 @@
 				$object->addFilter('current_item', '%1$s.ItemId = '.$product_info['ParentId']);
 				$object->addFilter('current_user', '%1$s.CreatedById = '.$user_id);
 				$object->addFilter('current_ip', '%1$s.IPAddress = "'.$ip.'"');
-				
+
 			}
 		}
-		
+
 		/**
 		 * Adds review from front in case if user is logged in
 		 *
@@ -95,79 +108,82 @@
 
 			$this->Application->setUnitOption($event->Prefix,'AutoLoad',false);
 			$object =& $event->getObject();
-			$item_info = $this->Application->GetVar('rev_product');
-			$product_info = $object->getLinkedInfo();
-			
+
+			$parent_info = $object->getLinkedInfo();
+			$review_fields = $this->Application->GetVar($event->getPrefixSpecial(true));
+
 			$sql = '	SELECT * FROM '.TABLE_PREFIX.'SpamControl
-						WHERE ItemResourceId='.$product_info['ParentId'].'
+						WHERE ItemResourceId='.$parent_info['ParentId'].'
 						AND IPaddress="'.$_SERVER['REMOTE_ADDR'].'"
 						AND PortalUserId='.$user_id.'
 						AND DataType="Review"';
 			$res = $this->Conn->GetRow($sql);
-			
+
 			if( $res && $res['Expire'] < adodb_mktime() )
 			{
 				$sql = '	DELETE FROM '.TABLE_PREFIX.'SpamControl
-							WHERE ItemResourceId='.$product_info['ParentId'].'
+							WHERE ItemResourceId='.$parent_info['ParentId'].'
 							AND IPaddress="'.$_SERVER['REMOTE_ADDR'].'"
 							AND PortalUserId='.$user_id.'
 							AND DataType="Review"';
 				$this->Conn->Query($sql);
 				unset($res);
 			}
-			
+
 			if(!$res)
 			{
-				$object->SetFieldsFromHash( array_shift($item_info) );
+				$object->SetFieldsFromHash( array_shift($review_fields) );
 				$object->SetDBField('CreatedById', $user_id);
 				$object->SetDBField('IPAddress', $_SERVER['REMOTE_ADDR']);
 				$object->SetDBField('CreatedOn', adodb_mktime());
-				
-				if( $this->Application->CheckPermission('PRODUCT.REVIEW.PENDING', 0) )
+
+				$module_info = $this->Application->findModule('Var',$parent_info['ParentPrefix']);
+				$object->SetDBField('Module', $module_info['Name']);
+				if( $this->Application->CheckPermission( $this->getPermPrefix($event).'REVIEW.PENDING', 0) )
 				{
 					$object->SetDBField('Status', 2);
 				}
-				elseif( $this->Application->CheckPermission('PRODUCT.REVIEW', 0) )
+				if( $this->Application->CheckPermission($this->getPermPrefix($event).'REVIEW', 0) )
 				{
 					$object->SetDBField('Status', 1);
 				}
-				
-				$object->SetDBField('ItemId', $product_info['ParentId']);
-				
+
+				$object->SetDBField('ItemId', $parent_info['ParentId']);
+
 				$event->CallSubEvent('OnCreate');
-				
+
 				if($event->status == erSUCCESS)
 				{
-					$product_object =& $this->Application->recallObject('p');
+					$parent =& $this->Application->recallObject($parent_info['ParentPrefix']);
 					$sql = '	SELECT COUNT(ReviewId)
 								FROM '.$object->TableName.'
-								WHERE ItemId='.$product_info['ParentId'];
+								WHERE ItemId='.$parent_info['ParentId'];
 					$review_qty = $this->Conn->GetOne($sql);
-					$product_object->SetDBField('CachedReviewsQty', $review_qty);
-					$product_object->Update();
+					$parent->SetDBField('CachedReviewsQty', $review_qty);
+					$parent->Update();
 					$expire = adodb_mktime() + $this->Application->ConfigValue('product_ReviewDelay_Value') * $this->Application->ConfigValue('product_ReviewDelay_Interval');
 					$sql = '	INSERT INTO '.TABLE_PREFIX.'SpamControl
 									(ItemResourceId, IPaddress, PortalUserId, DataType, Expire)
-								VALUES ('.$product_info['ParentId'].',
+								VALUES ('.$parent_info['ParentId'].',
 										"'.$_SERVER['REMOTE_ADDR'].'",
 										'.$user_id.',
 										"Review",
 										'.$expire.')';
 					$this->Conn->Query($sql);
-					
-					$event->redirect_params = Array('pass' => 'all,p');
+
+					$event->redirect_params = Array('pass' => 'all,'.$parent_info['ParentPrefix']);
 					$event->redirect = $this->Application->GetVar('success_template');
-				}					
+				}
 			}
-			else 
+			else
 			{
-				$this->Application->removeObject($event->getPrefixSpecial());
+//				$this->Application->removeObject($event->getPrefixSpecial());
 				$event->status == erFAIL;
 				$event->redirect=false;
 				$object->FieldErrors['ReviewText']['pseudo'] = 'too_frequent';
 				$object->ErrorMsgs['too_frequent'] = $this->Application->Phrase('lu_ferror_review_duplicate');
 			}
-		}		
+		}
 	}
 
 ?>
\ No newline at end of file