Index: trunk/core/units/config_search/config_search_event_handler.php
===================================================================
diff -u -N -r4380 -r4625
--- trunk/core/units/config_search/config_search_event_handler.php	(.../config_search_event_handler.php)	(revision 4380)
+++ trunk/core/units/config_search/config_search_event_handler.php	(.../config_search_event_handler.php)	(revision 4625)
@@ -28,7 +28,7 @@
 		 */
 		function OnUpdate(&$event)
 		{
-			if (!$this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 0)) {
+			if (!$this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
 				parent::OnUpdate($event);
 			
 				$conf_update = new kEvent('conf:OnUpdate');
Index: trunk/kernel/units/configuration/configuration_event_handler.php
===================================================================
diff -u -N -r4216 -r4625
--- trunk/kernel/units/configuration/configuration_event_handler.php	(.../configuration_event_handler.php)	(revision 4216)
+++ trunk/kernel/units/configuration/configuration_event_handler.php	(.../configuration_event_handler.php)	(revision 4625)
@@ -100,7 +100,7 @@
 		 */
 		function OnUpdate(&$event)
 		{
-			if (!$this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 0)) {
+			if (!$this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
 				parent::OnUpdate($event);
 			}
 			
Index: trunk/core/units/configuration/configuration_event_handler.php
===================================================================
diff -u -N -r4216 -r4625
--- trunk/core/units/configuration/configuration_event_handler.php	(.../configuration_event_handler.php)	(revision 4216)
+++ trunk/core/units/configuration/configuration_event_handler.php	(.../configuration_event_handler.php)	(revision 4625)
@@ -100,7 +100,7 @@
 		 */
 		function OnUpdate(&$event)
 		{
-			if (!$this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 0)) {
+			if (!$this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
 				parent::OnUpdate($event);
 			}
 			
Index: trunk/kernel/units/modules/modules_event_handler.php
===================================================================
diff -u -N -r4578 -r4625
--- trunk/kernel/units/modules/modules_event_handler.php	(.../modules_event_handler.php)	(revision 4578)
+++ trunk/kernel/units/modules/modules_event_handler.php	(.../modules_event_handler.php)	(revision 4625)
@@ -41,7 +41,7 @@
 		 */
 		function moduleAction(&$event)
 		{
-			if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 0)) {
+			if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
 				return;
 			}
 			
Index: trunk/core/units/modules/modules_event_handler.php
===================================================================
diff -u -N -r4578 -r4625
--- trunk/core/units/modules/modules_event_handler.php	(.../modules_event_handler.php)	(revision 4578)
+++ trunk/core/units/modules/modules_event_handler.php	(.../modules_event_handler.php)	(revision 4625)
@@ -41,7 +41,7 @@
 		 */
 		function moduleAction(&$event)
 		{
-			if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 0)) {
+			if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
 				return;
 			}
 			
Index: trunk/kernel/units/users/users_event_handler.php
===================================================================
diff -u -N -r4524 -r4625
--- trunk/kernel/units/users/users_event_handler.php	(.../users_event_handler.php)	(revision 4524)
+++ trunk/kernel/units/users/users_event_handler.php	(.../users_event_handler.php)	(revision 4625)
@@ -2,7 +2,21 @@
 
 	class UsersEventHandler extends InpDBEventHandler
 	{
-
+		/**
+		 * Checks permissions of user
+		 *
+		 * @param kEvent $event
+		 */
+		function CheckPermission(&$event)
+		{
+			if ($event->Name == 'OnLogin' || $event->Name == 'OnLogout') {
+				// permission is checked in OnLogin event directly
+				return true;
+			}
+			
+			return parent::CheckPermission($event);
+		}
+		
 		function OnSessionExpire()
 		{
 			if( $this->Application->IsAdmin() ) {
@@ -127,12 +141,12 @@
 				$modules_helper =& $this->Application->recallObject('ModulesHelper');
 				if ($user_name != 'root') {
 					// root is virtual user, so allow him to login to admin in any case
-					$ret = $this->Application->CheckPermission('ADMIN', 0);
+					$ret = $this->Application->CheckPermission('ADMIN', 1);
 				}
 				$ret = $ret && $modules_helper->checkLogin();
 			}
 			else {
-				$ret = $this->Application->CheckPermission('LOGIN', 0);
+				$ret = $this->Application->CheckPermission('LOGIN', 1);
 			}
 			return $ret;
 		}
Index: trunk/core/units/users/users_event_handler.php
===================================================================
diff -u -N -r4524 -r4625
--- trunk/core/units/users/users_event_handler.php	(.../users_event_handler.php)	(revision 4524)
+++ trunk/core/units/users/users_event_handler.php	(.../users_event_handler.php)	(revision 4625)
@@ -2,7 +2,21 @@
 
 	class UsersEventHandler extends InpDBEventHandler
 	{
-
+		/**
+		 * Checks permissions of user
+		 *
+		 * @param kEvent $event
+		 */
+		function CheckPermission(&$event)
+		{
+			if ($event->Name == 'OnLogin' || $event->Name == 'OnLogout') {
+				// permission is checked in OnLogin event directly
+				return true;
+			}
+			
+			return parent::CheckPermission($event);
+		}
+		
 		function OnSessionExpire()
 		{
 			if( $this->Application->IsAdmin() ) {
@@ -127,12 +141,12 @@
 				$modules_helper =& $this->Application->recallObject('ModulesHelper');
 				if ($user_name != 'root') {
 					// root is virtual user, so allow him to login to admin in any case
-					$ret = $this->Application->CheckPermission('ADMIN', 0);
+					$ret = $this->Application->CheckPermission('ADMIN', 1);
 				}
 				$ret = $ret && $modules_helper->checkLogin();
 			}
 			else {
-				$ret = $this->Application->CheckPermission('LOGIN', 0);
+				$ret = $this->Application->CheckPermission('LOGIN', 1);
 			}
 			return $ret;
 		}
Index: trunk/core/units/groups/groups_config.php
===================================================================
diff -u -N -r4610 -r4625
--- trunk/core/units/groups/groups_config.php	(.../groups_config.php)	(revision 4610)
+++ trunk/core/units/groups/groups_config.php	(.../groups_config.php)	(revision 4625)
@@ -42,6 +42,7 @@
 												'groups_select'		=>	Array('prefixes' => Array('g_List'), 'format' => "!la_title_Groups! (#g_recordcount#) - !la_title_SelectGroup!"),
 											),
 					
+					'Section'			=>	'in-portal:user_groups',
 											
 					'Sections'			=>	Array(
 													'in-portal:user_groups'	=>	Array(
Index: trunk/core/units/admin/admin_config.php
===================================================================
diff -u -N -r4620 -r4625
--- trunk/core/units/admin/admin_config.php	(.../admin_config.php)	(revision 4620)
+++ trunk/core/units/admin/admin_config.php	(.../admin_config.php)	(revision 4625)
@@ -16,6 +16,8 @@
 													'tree_tools'	=>	Array('format' => '!la_section_overview!'),
 													
 													'tree_modules'	=>	Array('format' => '!la_section_overview!'),
+													
+													'no_permissions'	=>	Array('format' => '!la_title_NoPermissions!'),
 											),
 					
 					'Sections'			=>	Array(
@@ -24,7 +26,7 @@
 																						'icon'			=>	'site',
 																						'label'			=>	$this->Application->ConfigValue('Site_Name'),
 																						'url'			=>	Array('t' => 'sections_list', 'index_file' => 'index4.php', 'pass' => 'm', 'pass_section' => true, 'no_amp' => 1),
-																						'permissions'	=>	Array('view', 'advanced:admin', 'advanced:login'),
+																						'permissions'	=>	Array('view', 'advanced:admin_login', 'advanced:front_login'),
 																						'priority'		=>	0,
 																						'type'			=>	stTREE,
 																				),
Index: trunk/core/kernel/event_handler.php
===================================================================
diff -u -N -r4622 -r4625
--- trunk/core/kernel/event_handler.php	(.../event_handler.php)	(revision 4622)
+++ trunk/core/kernel/event_handler.php	(.../event_handler.php)	(revision 4625)
@@ -35,9 +35,16 @@
 		 * @var Array
 		 * @access protected
 		 */
-		var $eventMethods=Array();
+		var $eventMethods = Array();
 		
 		/**
+		 * Defines mapping vs event names and permission names
+		 *
+		 * @var Array
+		 */
+		var $permMapping = Array();
+		
+		/**
 		 * Define alternative event processing method names
 		 * 
 		 * @see $eventMethods
@@ -48,6 +55,29 @@
 			
 		}
 		
+		/**
+		 * Allows to override standart permission mapping
+		 *
+		 */
+		function mapPermissions()
+		{
+			$this->permMapping = Array(
+										'OnCreate'				=>	Array('self' => 'add', 'subitem' => 'add|edit'),
+										'OnDelete'				=>	Array('self' => 'delete', 'subitem' => 'edit|add'),
+										
+										'OnEdit'				=>	Array('self' => 'add|edit'),
+										'OnPreCreate'			=>	Array('self' => 'add'),
+										
+										'OnPreSaveAndGoToTab'	=>	Array('self' => 'add|edit'),
+										
+										// theese event do not harm, but just in case check them too :)
+										'OnCancelEdit'			=>	Array('self' => 'add|edit'),
+										'OnCancel'				=>	Array('self' => 'add|edit', 'subitem' => 'add|edit'),
+										
+										'OnSetSorting'			=>	Array('self' => 'view', 'subitem' => 'view'),
+								);
+		}
+		
 		function getPrefixSpecial()
 		{
 			trigger_error('Usage of getPrefixSpecial() this method is forbidden in kEventHandler class children. Use $event->getPrefixSpecial(true); instead', E_USER_ERROR);
@@ -64,6 +94,7 @@
 		{
 			parent::Init($prefix,$special);
 			$this->mapEvents();
+			$this->mapPermissions();
 		}
 		
 		/**
@@ -289,14 +320,58 @@
 		 *
 		 * @param kEvent $event
 		 */
-		function checkPermissions(&$event)
+		function CheckPermission(&$event)
 		{
 			if ($this->Application->GetVar('u_id') == -1) {
 				// "root" has all permissions
 				return true;
 			}
 			
-			return true;
+			$main_prefix = $this->Application->GetTopmostPrefix($event->Prefix);
+			$section = $this->Application->getUnitOption($main_prefix, 'Section');
+							
+			if (!$section) {
+				trigger_error('Permission <b>section</b> not specified for prefix <b>'.$main_prefix.'</b>', E_USER_ERROR);
+			}
+			
+			$pefix_type = ($main_prefix == $event->Prefix) ? 'self' : 'subitem';
+			$perm_mapping = getArrayValue($this->permMapping, $event->Name);
+			
+			if (!$perm_mapping[$pefix_type]) {
+				trigger_error('Permission mappings not defined for event <b>'.$main_prefix.':'.$event->Name.'</b>', E_USER_ERROR);
+			}
+			
+			$perm_status = false;
+			if ($perm_mapping[$pefix_type] === true) {
+				// event is defined in mapping but is not checked by permissions
+				return true;
+			}
+			
+			$check_perms = explode('|', $perm_mapping[$pefix_type]);
+			
+			foreach ($check_perms as $perm_name) {
+				// check if at least one of required permissions is set
+				$perm_name = $section.'.'.$perm_name;
+				$perm_status = $this->Application->CheckPermission($perm_name, 1);
+				if (($perm_name == $section.'.add') && $perm_status && ($main_prefix == $event->Prefix)) {
+					// main item, add permission allowed, but ID is > 0, then deny permission
+					// how to get id here
+				}
+				if ($perm_status) {
+					return $perm_status;
+				}
+			}
+			
+			if (!$perm_status) {
+				// permission not found -> redirect to "no permissions" template
+				$event->setEventParam('no_permissions_template', 'no_permissions');
+				
+				// for debugging purposes
+				$event->SetRedirectParam('section', $section);
+				$event->SetRedirectParam('main_prefix', $main_prefix);
+				$event->SetRedirectParam('event_name', $event->Name);
+			}
+			return $perm_status;
 		}
 	}
 
Index: trunk/kernel/units/groups/groups_config.php
===================================================================
diff -u -N -r4610 -r4625
--- trunk/kernel/units/groups/groups_config.php	(.../groups_config.php)	(revision 4610)
+++ trunk/kernel/units/groups/groups_config.php	(.../groups_config.php)	(revision 4625)
@@ -42,6 +42,7 @@
 												'groups_select'		=>	Array('prefixes' => Array('g_List'), 'format' => "!la_title_Groups! (#g_recordcount#) - !la_title_SelectGroup!"),
 											),
 					
+					'Section'			=>	'in-portal:user_groups',
 											
 					'Sections'			=>	Array(
 													'in-portal:user_groups'	=>	Array(
Index: trunk/kernel/units/admin/admin_config.php
===================================================================
diff -u -N -r4620 -r4625
--- trunk/kernel/units/admin/admin_config.php	(.../admin_config.php)	(revision 4620)
+++ trunk/kernel/units/admin/admin_config.php	(.../admin_config.php)	(revision 4625)
@@ -16,6 +16,8 @@
 													'tree_tools'	=>	Array('format' => '!la_section_overview!'),
 													
 													'tree_modules'	=>	Array('format' => '!la_section_overview!'),
+													
+													'no_permissions'	=>	Array('format' => '!la_title_NoPermissions!'),
 											),
 					
 					'Sections'			=>	Array(
@@ -24,7 +26,7 @@
 																						'icon'			=>	'site',
 																						'label'			=>	$this->Application->ConfigValue('Site_Name'),
 																						'url'			=>	Array('t' => 'sections_list', 'index_file' => 'index4.php', 'pass' => 'm', 'pass_section' => true, 'no_amp' => 1),
-																						'permissions'	=>	Array('view', 'advanced:admin', 'advanced:login'),
+																						'permissions'	=>	Array('view', 'advanced:admin_login', 'advanced:front_login'),
 																						'priority'		=>	0,
 																						'type'			=>	stTREE,
 																				),
Index: trunk/kernel/units/languages/languages_event_handler.php
===================================================================
diff -u -N -r4169 -r4625
--- trunk/kernel/units/languages/languages_event_handler.php	(.../languages_event_handler.php)	(revision 4169)
+++ trunk/kernel/units/languages/languages_event_handler.php	(.../languages_event_handler.php)	(revision 4625)
@@ -2,7 +2,13 @@
 
 	class LanguagesEventHandler extends InpDBEventHandler
 	{
-
+		function mapPermissions()
+		{
+			parent::mapPermissions();
+			$this->permMapping['OnChangeLanguage'] = Array('self' => 'view');
+		}
+		
+		
 		/**
 		 * Updates table structure on new language adding/removing language
 		 *
Index: trunk/core/kernel/event_manager.php
===================================================================
diff -u -N -r4622 -r4625
--- trunk/core/kernel/event_manager.php	(.../event_manager.php)	(revision 4622)
+++ trunk/core/kernel/event_manager.php	(.../event_manager.php)	(revision 4625)
@@ -265,9 +265,12 @@
 				$event->redirect = true;
 				
 				$event_handler =& $this->Application->recallObject($event->Prefix.'_EventHandler');
-				if ($event_handler->checkPermissions($event)) {
+				if ($event_handler->CheckPermission($event)) {
 					$this->HandleEvent($event);
 				}
+				else {
+					$event->redirect = $event->getEventParam('no_permissions_template');
+				}
 				
 				if($event->status==erSUCCESS && ($event->redirect === true || strlen($event->redirect) > 0) )
 				{
Index: trunk/core/units/languages/languages_event_handler.php
===================================================================
diff -u -N -r4169 -r4625
--- trunk/core/units/languages/languages_event_handler.php	(.../languages_event_handler.php)	(revision 4169)
+++ trunk/core/units/languages/languages_event_handler.php	(.../languages_event_handler.php)	(revision 4625)
@@ -2,7 +2,13 @@
 
 	class LanguagesEventHandler extends InpDBEventHandler
 	{
-
+		function mapPermissions()
+		{
+			parent::mapPermissions();
+			$this->permMapping['OnChangeLanguage'] = Array('self' => 'view');
+		}
+		
+		
 		/**
 		 * Updates table structure on new language adding/removing language
 		 *
Index: trunk/core/units/languages/languages_config.php
===================================================================
diff -u -N -r4607 -r4625
--- trunk/core/units/languages/languages_config.php	(.../languages_config.php)	(revision 4607)
+++ trunk/core/units/languages/languages_config.php	(.../languages_config.php)	(revision 4625)
@@ -87,6 +87,8 @@
 																						'new_titlefield'	=>	Array('emailmessages' => '!la_NoSubject!'),
 																						'format'	=>	"#lang_status# '#lang_titlefield#' - !la_title_EditingEmailEvent! '#emailmessages_titlefield#'"),
 											),
+					
+					'Section'			=>	'in-portal:configure_lang',
 											
 					'Sections'			=>	Array(
 													'in-portal:configure_lang'	=>	Array(
Index: trunk/kernel/units/languages/languages_config.php
===================================================================
diff -u -N -r4607 -r4625
--- trunk/kernel/units/languages/languages_config.php	(.../languages_config.php)	(revision 4607)
+++ trunk/kernel/units/languages/languages_config.php	(.../languages_config.php)	(revision 4625)
@@ -87,6 +87,8 @@
 																						'new_titlefield'	=>	Array('emailmessages' => '!la_NoSubject!'),
 																						'format'	=>	"#lang_status# '#lang_titlefield#' - !la_title_EditingEmailEvent! '#emailmessages_titlefield#'"),
 											),
+					
+					'Section'			=>	'in-portal:configure_lang',
 											
 					'Sections'			=>	Array(
 													'in-portal:configure_lang'	=>	Array(
Index: trunk/core/admin_templates/groups/groups_edit_permissions.tpl
===================================================================
diff -u -N -r4610 -r4625
--- trunk/core/admin_templates/groups/groups_edit_permissions.tpl	(.../groups_edit_permissions.tpl)	(revision 4610)
+++ trunk/core/admin_templates/groups/groups_edit_permissions.tpl	(.../groups_edit_permissions.tpl)	(revision 4625)
@@ -64,7 +64,7 @@
 	<td>
 		<inp2:$prefix_HasPermission perm_name="$perm_name" section_name="$section_name">
 	 		<input type="hidden" id="<inp2:m_param name="prefix"/>[<inp2:m_param name="section_name"/>][<inp2:m_param name="perm_name"/>]" name="<inp2:m_param name="prefix"/>[<inp2:m_param name="section_name"/>][<inp2:m_param name="perm_name"/>]" value="<inp2:$prefix_PermissionValue section_name="$section_name" perm_name="$perm_name"/>">
-			<input type="checkbox" align="absmiddle" id="_cb_<inp2:m_param name="prefix"/>[<inp2:m_param name="section_name"/>][<inp2:m_param name="perm_name"/>]" name="_cb_<inp2:m_param name="prefix"/>[<inp2:m_param name="section_name"/>][<inp2:m_param name="perm_name"/>]" <inp2:m_if check="{$prefix}_PermissionValue" section_name="$section_name" perm_name="$perm_name" value="1">checked</inp2:m_if> onchange="update_checkbox(this, document.getElementById('<inp2:m_param name="prefix"/>[<inp2:m_param name="section_name"/>][<inp2:m_param name="perm_name"/>]'));">
+			<input type="checkbox" align="absmiddle" id="_cb_<inp2:m_param name="prefix"/>[<inp2:m_param name="section_name"/>][<inp2:m_param name="perm_name"/>]" name="_cb_<inp2:m_param name="prefix"/>[<inp2:m_param name="section_name"/>][<inp2:m_param name="perm_name"/>]" <inp2:m_if check="{$prefix}_PermissionValue" section_name="$section_name" perm_name="$perm_name" value="1">checked</inp2:m_if> onchange="update_checkbox(this, document.getElementById('<inp2:m_param name="prefix"/>[<inp2:m_param name="section_name"/>][<inp2:m_param name="perm_name"/>]'));" onclick="<inp2:m_param name="onclick"/>">
  		<inp2:m_else/>
  			&nbsp;
  		</inp2:m_if>
@@ -94,7 +94,7 @@
 	 		</inp2:m_if>
 	 	</td>
 	 
-		<inp2:m_RenderElement name="permission_element" section_name="$section_name" perm_name="view"/>
+		<inp2:m_RenderElement name="permission_element" section_name="$section_name" perm_name="view" onclick="update_perm_checkboxes(this);"/>
 		<inp2:m_RenderElement name="permission_element" section_name="$section_name" perm_name="add"/>
 		<inp2:m_RenderElement name="permission_element" section_name="$section_name" perm_name="edit"/>
 		<inp2:m_RenderElement name="permission_element" section_name="$section_name" perm_name="delete"/>
@@ -128,6 +128,21 @@
 
 			
 <script type="text/javascript">
-
+	function update_perm_checkboxes($source_perm)
+	{
+		var $permissions = ['add', 'edit', 'delete'];
+		var $rets = $source_perm.id.match(/_cb_g-perm\[(.*)\]\[(.*)\]/);
+		var $test_perm = '';
+		var $i = 0;
+		while($i < $permissions.length) {
+			$test_perm = '_cb_g-perm[' + $rets[1] + '][' + $permissions[$i] + ']';
+			$test_perm = document.getElementById($test_perm);
+			if ($test_perm) {
+				$test_perm.checked = $source_perm.checked;
+				update_checkbox($test_perm, document.getElementById('g-perm[' + $rets[1] + '][' + $permissions[$i] + ']'));
+			}
+			$i++;
+		}
+	}
 </script>
 <inp2:m_include t="incs/footer"/>
\ No newline at end of file
Index: trunk/core/kernel/application.php
===================================================================
diff -u -N -r4594 -r4625
--- trunk/core/kernel/application.php	(.../application.php)	(revision 4594)
+++ trunk/core/kernel/application.php	(.../application.php)	(revision 4625)
@@ -1764,15 +1764,30 @@
 		return $ret;
 	}
 
-	function CheckPermission($name, $cat_id = null)
+	/**
+	 * Check current user permissions based on it's group permissions in specified category
+	 *
+	 * @param string $name permission name
+	 * @param int $cat_id category id, current used if not specified
+	 * @param int $type permission type {1 - system, 0 - per category}
+	 * @return int
+	 */
+	function CheckPermission($name, $type, $cat_id = null)
 	{
 		if ($this->GetVar('u_id') == -1 && ($name == 'ADMIN' || $name == 'LOGIN')) {
+			// "root" is permitted to login in any case
             return 1;
         }
 		
+        if ($type == 1) {
+        	// "system" permission are always checked per "Home" category (ID = 0)
+        	$cat_id = 0;
+        }
+        
 		if (!isset($cat_id)) {
 			$cat_id = $this->GetVar('m_cat_id');
 		}
+		
 		if ($cat_id == 0) {
 			$cat_hierarchy = Array(0);
 		}
@@ -1792,7 +1807,8 @@
 			$sql = 'SELECT PermissionValue FROM '.TABLE_PREFIX.'Permissions
 					WHERE Permission = "'.$name.'"
 					AND CatId = '.$category_id.'
-					AND GroupId IN ('.$groups.')';
+					AND GroupId IN ('.$groups.')
+					AND Type = '.$type;
 			$res = $this->Conn->GetOne($sql);
 			if ($res !== false) {
 				return $res;
Index: trunk/kernel/admin_templates/groups/groups_edit_permissions.tpl
===================================================================
diff -u -N -r4610 -r4625
--- trunk/kernel/admin_templates/groups/groups_edit_permissions.tpl	(.../groups_edit_permissions.tpl)	(revision 4610)
+++ trunk/kernel/admin_templates/groups/groups_edit_permissions.tpl	(.../groups_edit_permissions.tpl)	(revision 4625)
@@ -64,7 +64,7 @@
 	<td>
 		<inp2:$prefix_HasPermission perm_name="$perm_name" section_name="$section_name">
 	 		<input type="hidden" id="<inp2:m_param name="prefix"/>[<inp2:m_param name="section_name"/>][<inp2:m_param name="perm_name"/>]" name="<inp2:m_param name="prefix"/>[<inp2:m_param name="section_name"/>][<inp2:m_param name="perm_name"/>]" value="<inp2:$prefix_PermissionValue section_name="$section_name" perm_name="$perm_name"/>">
-			<input type="checkbox" align="absmiddle" id="_cb_<inp2:m_param name="prefix"/>[<inp2:m_param name="section_name"/>][<inp2:m_param name="perm_name"/>]" name="_cb_<inp2:m_param name="prefix"/>[<inp2:m_param name="section_name"/>][<inp2:m_param name="perm_name"/>]" <inp2:m_if check="{$prefix}_PermissionValue" section_name="$section_name" perm_name="$perm_name" value="1">checked</inp2:m_if> onchange="update_checkbox(this, document.getElementById('<inp2:m_param name="prefix"/>[<inp2:m_param name="section_name"/>][<inp2:m_param name="perm_name"/>]'));">
+			<input type="checkbox" align="absmiddle" id="_cb_<inp2:m_param name="prefix"/>[<inp2:m_param name="section_name"/>][<inp2:m_param name="perm_name"/>]" name="_cb_<inp2:m_param name="prefix"/>[<inp2:m_param name="section_name"/>][<inp2:m_param name="perm_name"/>]" <inp2:m_if check="{$prefix}_PermissionValue" section_name="$section_name" perm_name="$perm_name" value="1">checked</inp2:m_if> onchange="update_checkbox(this, document.getElementById('<inp2:m_param name="prefix"/>[<inp2:m_param name="section_name"/>][<inp2:m_param name="perm_name"/>]'));" onclick="<inp2:m_param name="onclick"/>">
  		<inp2:m_else/>
  			&nbsp;
  		</inp2:m_if>
@@ -94,7 +94,7 @@
 	 		</inp2:m_if>
 	 	</td>
 	 
-		<inp2:m_RenderElement name="permission_element" section_name="$section_name" perm_name="view"/>
+		<inp2:m_RenderElement name="permission_element" section_name="$section_name" perm_name="view" onclick="update_perm_checkboxes(this);"/>
 		<inp2:m_RenderElement name="permission_element" section_name="$section_name" perm_name="add"/>
 		<inp2:m_RenderElement name="permission_element" section_name="$section_name" perm_name="edit"/>
 		<inp2:m_RenderElement name="permission_element" section_name="$section_name" perm_name="delete"/>
@@ -128,6 +128,21 @@
 
 			
 <script type="text/javascript">
-
+	function update_perm_checkboxes($source_perm)
+	{
+		var $permissions = ['add', 'edit', 'delete'];
+		var $rets = $source_perm.id.match(/_cb_g-perm\[(.*)\]\[(.*)\]/);
+		var $test_perm = '';
+		var $i = 0;
+		while($i < $permissions.length) {
+			$test_perm = '_cb_g-perm[' + $rets[1] + '][' + $permissions[$i] + ']';
+			$test_perm = document.getElementById($test_perm);
+			if ($test_perm) {
+				$test_perm.checked = $source_perm.checked;
+				update_checkbox($test_perm, document.getElementById('g-perm[' + $rets[1] + '][' + $permissions[$i] + ']'));
+			}
+			$i++;
+		}
+	}
 </script>
 <inp2:m_include t="incs/footer"/>
\ No newline at end of file
Index: trunk/core/units/general/inp_db_event_handler.php
===================================================================
diff -u -N -r4358 -r4625
--- trunk/core/units/general/inp_db_event_handler.php	(.../inp_db_event_handler.php)	(revision 4358)
+++ trunk/core/units/general/inp_db_event_handler.php	(.../inp_db_event_handler.php)	(revision 4625)
@@ -23,7 +23,7 @@
 		 */
 		function iterateItems(&$event)
 		{
-			if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 0)) {
+			if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
 				return;
 			}
 
@@ -81,7 +81,7 @@
 		 */
 		function OnMassClone(&$event)
 		{
-			if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 0)) {
+			if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
 				return;
 			}
 
Index: trunk/core/units/users/users_config.php
===================================================================
diff -u -N -r4620 -r4625
--- trunk/core/units/users/users_config.php	(.../users_config.php)	(revision 4620)
+++ trunk/core/units/users/users_config.php	(.../users_config.php)	(revision 4625)
@@ -80,7 +80,9 @@
 												'tree_users'		=>	Array('format' => '!la_section_overview!'),
 											),
 					
-											
+
+					'Section'			=>	'in-portal:user_list',
+					
 					'Sections'			=>	Array(
 													'in-portal:users'		=>	Array(
 																						'parent'		=>	'in-portal:root',
Index: trunk/kernel/units/general/inp_db_event_handler.php
===================================================================
diff -u -N -r4358 -r4625
--- trunk/kernel/units/general/inp_db_event_handler.php	(.../inp_db_event_handler.php)	(revision 4358)
+++ trunk/kernel/units/general/inp_db_event_handler.php	(.../inp_db_event_handler.php)	(revision 4625)
@@ -23,7 +23,7 @@
 		 */
 		function iterateItems(&$event)
 		{
-			if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 0)) {
+			if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
 				return;
 			}
 
@@ -81,7 +81,7 @@
 		 */
 		function OnMassClone(&$event)
 		{
-			if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 0)) {
+			if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
 				return;
 			}
 
Index: trunk/kernel/units/users/users_config.php
===================================================================
diff -u -N -r4620 -r4625
--- trunk/kernel/units/users/users_config.php	(.../users_config.php)	(revision 4620)
+++ trunk/kernel/units/users/users_config.php	(.../users_config.php)	(revision 4625)
@@ -80,7 +80,9 @@
 												'tree_users'		=>	Array('format' => '!la_section_overview!'),
 											),
 					
-											
+
+					'Section'			=>	'in-portal:user_list',
+					
 					'Sections'			=>	Array(
 													'in-portal:users'		=>	Array(
 																						'parent'		=>	'in-portal:root',
Index: trunk/core/kernel/db/db_event_handler.php
===================================================================
diff -u -N -r4610 -r4625
--- trunk/core/kernel/db/db_event_handler.php	(.../db_event_handler.php)	(revision 4610)
+++ trunk/core/kernel/db/db_event_handler.php	(.../db_event_handler.php)	(revision 4625)
@@ -843,7 +843,7 @@
 		 */
 		function OnMassDelete(&$event)
 		{
-			if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 0)) {
+			if ($this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
 				return;
 			}
 
@@ -901,7 +901,7 @@
 					$skip_master = true;					//we've already copied master table to get the id
 				}*/
 
-				if (!$this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 0)) {
+				if (!$this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
 					$temp->SaveEdit($skip_master);
 				}
 				$this->clearSelectedIDs($event);
Index: trunk/kernel/admin_templates/no_permission.tpl
===================================================================
diff -u -N
--- trunk/kernel/admin_templates/no_permission.tpl	(revision 0)
+++ trunk/kernel/admin_templates/no_permission.tpl	(revision 4625)
@@ -0,0 +1,39 @@
+<inp2:m_set nobody="yes"/>
+<inp2:m_include t="incs/header"/>
+
+<body topmargin="0" leftmargin="8" marginheight="0" marginwidth="8" bgcolor="#FFFFFF">
+
+<inp2:m_ParseBlock name="section_header" icon="icon46_banlist" title="!la_title_NoPermissions!"/>
+
+<inp2:m_ParseBlock name="blue_bar" prefix="adm" title_preset="no_permissions" module="in-portal" icon="icon46_banlist"/>
+
+<!-- ToolBar --->
+<table class="toolbar" height="30" cellspacing="0" cellpadding="0" width="100%" border="0">
+<tbody>
+	<tr>
+  	<td>
+  		<script type="text/javascript">
+				a_toolbar = new ToolBar();
+	  			
+	  			a_toolbar.AddButton( new ToolBarButton('prev', '<inp2:m_phrase label="la_ToolTip_Back" escape="1"/>',
+						function() {
+							history.back();
+						} ) );
+				
+				a_toolbar.Render();
+			</script>
+			
+		</td>
+	</tr>
+</tbody>
+</table>
+
+<table width="100%" border="0" cellspacing="0" cellpadding="4" class="tableborder">
+	<tr class="<inp2:m_odd_even odd="table_color1" even="table_color2"/>">
+		<td height="400" valign="middle" align="center">
+			no permission for <b><inp2:m_get name="section"/></b> section for event <b><inp2:m_get name="main_prefix"/>:<inp2:m_get name="event_name"/></b>
+		</td>			
+	</tr>
+</table>
+
+<inp2:m_include t="incs/footer"/>
\ No newline at end of file
Index: trunk/kernel/units/config_search/config_search_event_handler.php
===================================================================
diff -u -N -r4380 -r4625
--- trunk/kernel/units/config_search/config_search_event_handler.php	(.../config_search_event_handler.php)	(revision 4380)
+++ trunk/kernel/units/config_search/config_search_event_handler.php	(.../config_search_event_handler.php)	(revision 4625)
@@ -28,7 +28,7 @@
 		 */
 		function OnUpdate(&$event)
 		{
-			if (!$this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 0)) {
+			if (!$this->Application->CheckPermission('SYSTEM_ACCESS.READONLY', 1)) {
 				parent::OnUpdate($event);
 			
 				$conf_update = new kEvent('conf:OnUpdate');