Index: branches/5.2.x/core/kernel/db/cat_event_handler.php =================================================================== diff -u -N -r16266 -r16313 --- branches/5.2.x/core/kernel/db/cat_event_handler.php (.../cat_event_handler.php) (revision 16266) +++ branches/5.2.x/core/kernel/db/cat_event_handler.php (.../cat_event_handler.php) (revision 16313) @@ -1,6 +1,6 @@ getObject(); /* @var $object kCatDBItem */ - $is_admin = $this->Application->isAdminUser; $owner_field = $this->getOwnerField($event->Prefix); - if ( (!$object->IsTempTable() && !$is_admin) || ($is_admin && !$object->GetDBField($owner_field)) ) { - // Front-end OR owner not specified -> set to currently logged-in user + // Don't allow creating records on behalf of another user. + if ( !$this->Application->isAdminUser && !defined('CRON') ) { + $object->SetDBField($owner_field, $object->GetOriginalField($owner_field)); + } + + // Auto-assign records to currently logged-in user. + if ( !$object->GetDBField($owner_field) ) { $object->SetDBField($owner_field, $this->Application->RecallVar('user_id')); } Index: branches/5.2.x/core/units/categories/categories_event_handler.php =================================================================== diff -u -N -r16308 -r16313 --- branches/5.2.x/core/units/categories/categories_event_handler.php (.../categories_event_handler.php) (revision 16308) +++ branches/5.2.x/core/units/categories/categories_event_handler.php (.../categories_event_handler.php) (revision 16313) @@ -1,6 +1,6 @@ Application->isAdminUser; + // Don't allow creating records on behalf of another user. + if ( !$this->Application->isAdminUser && !defined('CRON') ) { + $object->SetDBField('CreatedById', $object->GetOriginalField('CreatedById')); + } - if ( (!$object->IsTempTable() && !$is_admin) || ($is_admin && !$object->GetDBField('CreatedById')) ) { + // Auto-assign records to currently logged-in user. + if ( !$object->GetDBField('CreatedById') ) { $object->SetDBField('CreatedById', $this->Application->RecallVar('user_id')); }