Index: trunk/core/units/general/cat_event_handler.php =================================================================== diff -u -N -r8402 -r8407 --- trunk/core/units/general/cat_event_handler.php (.../cat_event_handler.php) (revision 8402) +++ trunk/core/units/general/cat_event_handler.php (.../cat_event_handler.php) (revision 8407) @@ -25,6 +25,29 @@ } /** + * Load item if id is available + * + * @param kEvent $event + */ + function LoadItem(&$event) + { + $object =& $event->getObject(); + $id = $this->getPassedID($event); + if ($object->Load($id)) { + $actions =& $this->Application->recallObject('kActions'); + $actions->Set($event->Prefix_Special.'_id', $object->GetID() ); + + $use_pending_editing = $this->Application->getUnitOption($event->Prefix, 'UsePendingEditing'); + if ($use_pending_editing && $event->Special != 'original') { + $this->Application->SetVar($event->Prefix.'.original_id', $object->GetDBField('OrgId')); + } + } + else { + $object->setID($id); + } + } + + /** * Checks permissions of user * * @param kEvent $event @@ -1835,6 +1858,25 @@ $event->SetRedirectParam('m_cat_id', 0); } } + + /** + * Checks, that currently loaded item is allowed for viewing (non permission-based) + * + * @param kEvent $event + * @return bool + */ + function checkItemStatus(&$event) + { + $object =& $event->getObject(); + $status = $object->GetDBField('Status'); + + $user_id = $this->Application->RecallVar('user_id'); + if (($status == -2 || $status == STATUS_PENDING) && ($object->GetDBField('CreatedById') == $user_id)) { + return true; + } + + return $status == STATUS_ACTIVE; + } } ?> \ No newline at end of file Index: trunk/core/kernel/db/db_event_handler.php =================================================================== diff -u -N -r8402 -r8407 --- trunk/core/kernel/db/db_event_handler.php (.../db_event_handler.php) (revision 8402) +++ trunk/core/kernel/db/db_event_handler.php (.../db_event_handler.php) (revision 8407) @@ -364,6 +364,22 @@ } /** + * Checks, that currently loaded item is allowed for viewing (non permission-based) + * + * @param kEvent $event + * @return bool + */ + function checkItemStatus(&$event) + { + $status_field = array_shift( $this->Application->getUnitOption($event->Prefix,'StatusField') ); + if ($status_field == 'Status' || $status_field == 'Enabled') { + $object =& $event->getObject(); + return $object->GetDBField($status_field) == STATUS_ACTIVE; + } + return true; + } + + /** * Builds item (loads if needed) * * @param kEvent $event @@ -383,12 +399,21 @@ $skip_autload = $event->getEventParam('skip_autoload'); if ($auto_load && !$skip_autload) { + $perm_status = true; $event->setEventParam('top_prefix', $this->Application->GetTopmostPrefix($event->Prefix, true)); - if (($this->Application->RecallVar('user_id') == -1) || $this->CheckPermission($event)) { + if ($this->Application->RecallVar('user_id') == -1 || $this->CheckPermission($event)) { // don't autoload item, when user doesn't have view permission $this->LoadItem($event); + + if (!$this->checkItemStatus($event)) { + $perm_status = false; + } } else { + $perm_status = false; + } + + if (!$perm_status) { // when no permission to view item -> redirect to no pemrission template trigger_error('ItemLoad Permission Failed for prefix ['.$event->getPrefixSpecial().']', E_USER_WARNING); $next_template = $this->Application->IsAdmin() ? 'no_permission' : $this->Application->ConfigValue('NoPermissionTemplate'); @@ -466,18 +491,11 @@ { $object =& $event->getObject(); $id = $this->getPassedID($event); - if ($object->Load($id) ) - { + if ($object->Load($id)) { $actions =& $this->Application->recallObject('kActions'); $actions->Set($event->Prefix_Special.'_id', $object->GetID() ); - - $use_pending_editing = $this->Application->getUnitOption($event->Prefix, 'UsePendingEditing'); - if ($use_pending_editing && $event->Special != 'original') { - $this->Application->SetVar($event->Prefix.'.original_id', $object->GetDBField('OrgId')); - } } - else - { + else { $object->setID($id); } }