Index: trunk/core/units/general/cat_tag_processor.php
===================================================================
diff -u -N -r8734 -r8757
--- trunk/core/units/general/cat_tag_processor.php	(.../cat_tag_processor.php)	(revision 8734)
+++ trunk/core/units/general/cat_tag_processor.php	(.../cat_tag_processor.php)	(revision 8757)
@@ -212,11 +212,19 @@
 
 			$params['raise_warnings'] = 0;
 			$object =& $this->getObject($params);
-			/* @var $object kDBItem */
+			/* @var $object kCatDBItem */
 
+			// 1. category restriction
 			$params['cat_id'] = $object->isLoaded() ? $object->GetDBField('ParentPath') : $this->Application->GetVar('m_cat_id');
 
-			return $perm_helper->TagPermissionCheck($params, $this->getPrefixSpecial().'_HasPermission');
+			// 2. owner restriction
+			$owner_field = $this->Application->getUnitOption($this->Prefix, 'OwnerField');
+			if (!$owner_field) {
+				$owner_field = 'CreatedById';
+			}
+			$is_owner = $object->GetDBField($owner_field) == $this->Application->RecallVar('user_id');
+
+			return $perm_helper->TagPermissionCheck($params, $is_owner);
 		}
 
 		/**
Index: trunk/core/units/categories/categories_tag_processor.php
===================================================================
diff -u -N -r8718 -r8757
--- trunk/core/units/categories/categories_tag_processor.php	(.../categories_tag_processor.php)	(revision 8718)
+++ trunk/core/units/categories/categories_tag_processor.php	(.../categories_tag_processor.php)	(revision 8757)
@@ -498,7 +498,7 @@
 		/* @var $object kDBItem */
 
 		$params['cat_id'] = $object->isLoaded() ? $object->GetDBField('ParentPath') : $this->Application->GetVar('m_cat_id');
-		return $perm_helper->TagPermissionCheck($params, $this->getPrefixSpecial().'_HasPermission');
+		return $perm_helper->TagPermissionCheck($params);
 	}
 
 	/**
Index: trunk/core/kernel/processors/main_processor.php
===================================================================
diff -u -N -r8605 -r8757
--- trunk/core/kernel/processors/main_processor.php	(.../main_processor.php)	(revision 8605)
+++ trunk/core/kernel/processors/main_processor.php	(.../main_processor.php)	(revision 8757)
@@ -842,7 +842,7 @@
 	function CheckPermission($params)
 	{
 		$perm_helper =& $this->Application->recallObject('PermissionsHelper');
-		return $perm_helper->TagPermissionCheck($params, 'm_CheckPermission');
+		return $perm_helper->TagPermissionCheck($params);
 	}
 
 	/**
@@ -865,7 +865,7 @@
 			$perm_helper =& $this->Application->recallObject('PermissionsHelper');
 			/* @var $perm_helper kPermissionsHelper */
 
-			$perm_status = $perm_helper->TagPermissionCheck($params, 'm_RequireLogin');
+			$perm_status = $perm_helper->TagPermissionCheck($params);
 			if (!$perm_status) {
 				list($redirect_template, $redirect_params) = $perm_helper->getPermissionTemplate($params);
 				$this->Application->Redirect($redirect_template, $redirect_params);
Index: trunk/core/units/users/users_tag_processor.php
===================================================================
diff -u -N -r8634 -r8757
--- trunk/core/units/users/users_tag_processor.php	(.../users_tag_processor.php)	(revision 8634)
+++ trunk/core/units/users/users_tag_processor.php	(.../users_tag_processor.php)	(revision 8757)
@@ -203,7 +203,7 @@
 			$perm_helper =& $this->Application->recallObject('PermissionsHelper');
 			/* @var $perm_helper kPermissionsHelper */
 
-			return $perm_helper->TagPermissionCheck($params, 'u_HasPermission');
+			return $perm_helper->TagPermissionCheck($params);
 		}
 
 		/**
Index: trunk/core/units/general/helpers/permissions_helper.php
===================================================================
diff -u -N -r8546 -r8757
--- trunk/core/units/general/helpers/permissions_helper.php	(.../permissions_helper.php)	(revision 8546)
+++ trunk/core/units/general/helpers/permissions_helper.php	(.../permissions_helper.php)	(revision 8757)
@@ -284,7 +284,7 @@
 			return $ret;
 		}
 
-		function TagPermissionCheck($params, $tag_name)
+		function TagPermissionCheck($params, $is_owner = false)
 		{
 			$perm_prefix = getArrayValue($params, 'perm_prefix');
 			$perm_event = getArrayValue($params, 'perm_event');
@@ -302,11 +302,13 @@
 					$perm_category = $this->getPrimaryCategory($perm_prefix);
 				}
 
+				$is_system = isset($params['system']) && $params['system'] ? 1 : 0;
 				foreach ($permission_groups as $permission_group) {
 					$permissions = explode(',', $permission_group);
 					$has_permission = true;
 					foreach ($permissions as $permission) {
-						$has_permission = $has_permission && $this->CheckPermission($permission, isset($params['system']) && $params['system'] ? 1 : 0, $perm_category);
+						$owner_checked = (strpos($permission, '.OWNER.') !== false) ? $is_owner : true;
+						$has_permission = $has_permission && $this->CheckPermission($permission, $is_system, $perm_category) && $owner_checked;
 					}
 					$group_has_permission = $group_has_permission || $has_permission;