Index: branches/5.2.x/index.php
===================================================================
diff -u -N -r16413 -r16414
--- branches/5.2.x/index.php	(.../index.php)	(revision 16413)
+++ branches/5.2.x/index.php	(.../index.php)	(revision 16414)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: index.php 16413 2016-11-13 20:06:29Z alex $
+* @version	$Id: index.php 16414 2016-11-13 20:08:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
Index: branches/5.2.x/core/units/helpers/permissions_helper.php
===================================================================
diff -u -N -r16339 -r16414
--- branches/5.2.x/core/units/helpers/permissions_helper.php	(.../permissions_helper.php)	(revision 16339)
+++ branches/5.2.x/core/units/helpers/permissions_helper.php	(.../permissions_helper.php)	(revision 16414)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: permissions_helper.php 16339 2016-04-02 13:45:52Z alex $
+* @version	$Id: permissions_helper.php 16414 2016-11-13 20:08:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -117,6 +117,10 @@
 					// universal "debug" permission
 					return true;
 				}
+				elseif ( $perm_name == 'admin' && $this->Application->isAdminUser ) {
+					// any logged-in admin user will suffice
+					return true;
+				}
 
 				$perm_name = $section.'.'.$perm_name;
 				$perm_status = $this->CheckPermission($perm_name, 1);
@@ -181,7 +185,7 @@
 			static $perm_mapping = Array(
 				'add' => 'ADD', 'add.pending' => 'ADD.PENDING', 'edit' => 'MODIFY',
 				'edit.pending' => 'MODIFY.PENDING', 'delete' => 'DELETE', 'view' => 'VIEW',
-				'debug' => 'DEBUG'
+				'debug' => 'DEBUG', 'admin' => 'ADMIN',
 			);
 
 			$top_prefix = $event->getEventParam('top_prefix');
@@ -259,6 +263,10 @@
 					// universal "debug" permission
 					return true;
 				}
+				elseif ( $perm_name == 'admin' && $this->Application->isAdminUser ) {
+					// any logged-in admin user will suffice
+					return true;
+				}
 
 				$perm_name = $item_prefix . '.' . $perm_mapping[$perm_name];
 				$perm_status = $this->CheckPermission($perm_name, 0, (int)$category_id);
Index: branches/5.2.x/core/units/configuration/configuration_event_handler.php
===================================================================
diff -u -N -r16308 -r16414
--- branches/5.2.x/core/units/configuration/configuration_event_handler.php	(.../configuration_event_handler.php)	(revision 16308)
+++ branches/5.2.x/core/units/configuration/configuration_event_handler.php	(.../configuration_event_handler.php)	(revision 16414)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: configuration_event_handler.php 16308 2016-01-17 11:36:43Z alex $
+* @version	$Id: configuration_event_handler.php 16414 2016-11-13 20:08:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -479,12 +479,6 @@
 		 */
 		protected function OnSuggestValues(kEvent $event)
 		{
-			if ( !$this->Application->isAdminUser ) {
-				// very careful here, because this event allows to
-				// view every object field -> limit only to logged-in admins
-				return;
-			}
-
 			$event->status = kEvent::erSTOP;
 
 			$field = $this->Application->GetVar('field');
Index: branches/5.2.x/core/kernel/db/db_event_handler.php
===================================================================
diff -u -N -r16408 -r16414
--- branches/5.2.x/core/kernel/db/db_event_handler.php	(.../db_event_handler.php)	(revision 16408)
+++ branches/5.2.x/core/kernel/db/db_event_handler.php	(.../db_event_handler.php)	(revision 16414)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: db_event_handler.php 16408 2016-11-13 18:54:25Z alex $
+* @version	$Id: db_event_handler.php 16414 2016-11-13 20:08:52Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -83,10 +83,6 @@
 				$this->Application->LinkVar('m_cat_id');
 			}
 
-			if ( $event->Name == 'OnSaveWidths' ) {
-				return $this->Application->isAdminUser;
-			}
-
 			return parent::CheckPermission($event);
 		}
 
@@ -104,7 +100,7 @@
 			$permissions = Array (
 				'OnLoad' => Array ('self' => 'view', 'subitem' => 'view'),
 				'OnItemBuild' => Array ('self' => 'view', 'subitem' => 'view'),
-				'OnSuggestValues' => Array ('self' => 'view', 'subitem' => 'view'),
+				'OnSuggestValues' => Array ('self' => 'admin', 'subitem' => 'admin'),
 
 				'OnBuild' => Array ('self' => true),
 
@@ -168,7 +164,7 @@
 				'OnDeleteFile' => Array ('self' => true, 'subitem' => true),
 
 				'OnViewFile' => Array ('self' => true, 'subitem' => true),
-				'OnSaveWidths' => Array ('self' => true, 'subitem' => true),
+				'OnSaveWidths' => Array ('self' => 'admin', 'subitem' => 'admin'),
 
 				'OnValidateMInputFields' => Array ('self' => 'view'),
 				'OnValidateField' => Array ('self' => true, 'subitem' => true),
@@ -3474,12 +3470,6 @@
 		 */
 		protected function OnSuggestValues(kEvent $event)
 		{
-			if ( !$this->Application->isAdminUser ) {
-				// very careful here, because this event allows to
-				// view every object field -> limit only to logged-in admins
-				return;
-			}
-
 			$event->status = kEvent::erSTOP;
 
 			$field = $this->Application->GetVar('field');