Index: trunk/kernel/units/reviews/reviews_event_handler.php
===================================================================
diff -u -N -r8369 -r8441
--- trunk/kernel/units/reviews/reviews_event_handler.php	(.../reviews_event_handler.php)	(revision 8369)
+++ trunk/kernel/units/reviews/reviews_event_handler.php	(.../reviews_event_handler.php)	(revision 8441)
@@ -3,15 +3,24 @@
 	class ReviewsEventHandler extends kDBEventHandler
 	{
 		/**
-		 * Checks permissions of user
+		 * Checks REVIEW/REVIEW.PENDING permission by main object primary category (not current category)
 		 *
 		 * @param kEvent $event
 		 */
 		function CheckPermission(&$event)
 		{
-			if ($event->Name == 'OnAddReview') {
-				$item_prefix = $this->getPermPrefix($event);
-				$res = $this->Application->CheckPermission($item_prefix.'.REVIEW.PENDING', 0) || $this->Application->CheckPermission($item_prefix.'.REVIEW', 0);
+			if ($event->Name == 'OnAddReview' || $event->Name == 'OnCreate') {
+				$perm_helper =& $this->Application->recallObject('PermissionsHelper');
+				/* @var $perm_helper kPermissionsHelper */
+
+				$parent_prefix = $this->Application->getUnitOption($event->Prefix, 'ParentPrefix');
+				$main_object =& $this->Application->recallObject($parent_prefix);
+				/* @var $main_object kCatDBItem */
+
+				$perm_name = $this->getPermPrefix($event).'.REVIEW';
+				$res = 	$this->Application->CheckPermission($perm_name, 0, $main_object->GetDBField('CategoryId')) ||
+						$this->Application->CheckPermission($perm_name.'.PENDING', 0, $main_object->GetDBField('CategoryId'));
+
 				if (!$res) {
 					$event->status = erPERM_FAIL;
 				}
@@ -35,7 +44,6 @@
 			return $item_prefix;
 		}
 
-
 		/**
 		 * Apply any custom changes to list's sql query
 		 *
@@ -46,11 +54,11 @@
 		function SetCustomQuery(&$event)
 		{
 			$object =& $event->getObject();
-			
+
 			if (!$this->Application->IsAdmin()) {
 				$object->addFilter('active', '%1$s.Status = '.STATUS_ACTIVE);
 			}
-			
+
 			switch ($event->Special)
 			{
 				case 'showall':
@@ -69,7 +77,7 @@
 					$object->removeFilter('parent_filter');	// this is important
 					$object->addFilter('product_reviews', '%1$s.ItemId = pr.ResourceId');
 					break;
-					
+
 				case 'product':
 					$object->clearFilters();
 					$object->addFilter('product_reviews', '%1$s.ItemId = pr.ResourceId');
@@ -180,17 +188,148 @@
 		}
 
 		/**
-		 * Enter description here...
+		 * Get new review status on user review permission
 		 *
 		 * @param kEvent $event
+		 * @return int
 		 */
+		function getReviewStatus(&$event)
+		{
+			$parent_prefix = $this->Application->getUnitOption($event->Prefix, 'ParentPrefix');
+			$main_object =& $this->Application->recallObject($parent_prefix);
+			/* @var $main_object kCatDBItem */
+
+			$ret = STATUS_DISABLED;
+			$perm_name = $this->getPermPrefix($event).'.REVIEW';
+			if ($this->Application->CheckPermission($perm_name, 0, $main_object->GetDBField('CategoryId'))) {
+				$ret = STATUS_ACTIVE;
+			}
+			else if ($this->Application->CheckPermission($perm_name.'.PENDING', 0, $main_object->GetDBField('CategoryId'))) {
+				$ret = STATUS_PENDING;
+			}
+
+			return $ret;
+		}
+
+		/**
+		 * Prefills all fields on front-end
+		 *
+		 * @param kEvent $event
+		 */
 		function OnBeforeItemCreate(&$event)
 		{
+			if ($this->Application->IsAdmin()) {
+				return ;
+			}
+
 			$object =& $event->getObject();
-			$object->SetDBField('Module', $this->Application->findModule('Var',$this->Application->getUnitOption($this->Prefix, 'ParentPrefix'), 'Name'));
+			/* @var $object kDBItem */
+
+			$parent_info = $object->getLinkedInfo();
+
+			$spam_helper =& $this->Application->recallObject('SpamHelper');
+			/* @var $spam_helper SpamHelper */
+
+			$spam_helper->InitHelper($parent_info['ParentId'], 'Review', 0);
+
+			if ($spam_helper->InSpamControl()) {
+				$event->status = erFAIL;
+				$object->SetError('ReviewText', 'too_frequent', 'lu_ferror_review_duplicate');
+				return ;
+			}
+
+			$item_type = $this->Application->getUnitOption($parent_info['ParentPrefix'], 'ItemType');
+
+			$object->SetDBField('IPAddress', $_SERVER['REMOTE_ADDR']);
+			$object->SetDBField('ItemId', $parent_info['ParentId']); // ResourceId
+			$object->SetDBField('CreatedById', $this->Application->RecallVar('user_id'));
+			$object->SetDBField('ItemType', $item_type);
+			$object->SetDBField('Status', $this->getReviewStatus($event));
+			$object->SetDBField('TextFormat', 0); // set plain text format directly
+			$object->SetDBField('Module', $this->Application->findModule('Var', $parent_info['ParentPrefix'], 'Name'));
 		}
 
 		/**
+		 * Updates item review counter
+		 *
+		 * @param kEvent $event
+		 */
+		function OnAfterItemCreate(&$event)
+		{
+			$this->updateReviewsCounter($event);
+
+			if (!$this->Application->IsAdmin()) {
+				$spam_helper =& $this->Application->recallObject('SpamHelper');
+				/* @var $spam_helper SpamHelper */
+
+				$object =& $event->getObject();
+				$parent_info = $object->getLinkedInfo($event->Special);
+
+				$config_mapping = $this->Application->getUnitOption($event->Prefix, 'ConfigMapping');
+				$review_settings = $config_mapping['ReviewDelayValue'].':'.$config_mapping['ReviewDelayInterval'];
+				$spam_helper->InitHelper($parent_info['ParentId'], 'Review', $review_settings);
+
+				$spam_helper->AddToSpamControl();
+			}
+		}
+
+		/**
+		 * Updates total review counter
+		 *
+		 * @param kEvent $event
+		 */
+		function updateReviewsCounter(&$event)
+		{
+			$parent_prefix = $this->Application->getUnitOption($event->Prefix, 'ParentPrefix');
+			$main_object =& $this->Application->recallObject($parent_prefix, null, Array ('raise_warnings' => 0));
+			/* @var $main_object kCatDBItem */
+
+			if (!$main_object->isLoaded()) {
+				// deleting main item / cloning main item
+				return ;
+			}
+
+			$object =& $event->getObject(); // for temp tables
+
+			$sql = 'SELECT COUNT(ReviewId)
+					FROM '.$object->TableName.'
+					WHERE ItemId = '.$main_object->GetDBField('ResourceId');
+			$review_count = $this->Conn->GetOne($sql);
+			$main_object->SetDBField('CachedReviewsQty', $review_count);
+			$main_object->Update();
+		}
+
+
+		/**
+		 * Updates main item cached review counter
+		 *
+		 * @param kEvent $event
+		 */
+		function OnAfterItemDelete(&$event)
+		{
+			$this->updateReviewsCounter($event);
+		}
+
+		/**
+		 * Creates review & redirect to confirmation template
+		 *
+		 * @param kEvent $event
+		 */
+		function OnCreate(&$event)
+		{
+			parent::OnCreate($event);
+
+			if ($event->status != erSUCCESS || $this->Application->IsAdmin()) {
+				return ;
+			}
+
+			$object =& $event->getObject();
+			$next_template = $object->GetDBField('Status') == STATUS_ACTIVE ? 'success_template' : 'success_pending_template';
+			$event->redirect = $this->Application->GetVar($next_template);
+			$event->SetRedirectParam('opener', 's');
+		}
+
+		/**
 		 * Returns current user id for reviews, for logic ask Kostja T.
 		 *
 		 * @return int