Index: branches/5.1.x/units/order_items/order_items_event_handler.php
===================================================================
diff -u -N -r13100 -r13549
--- branches/5.1.x/units/order_items/order_items_event_handler.php	(.../order_items_event_handler.php)	(revision 13100)
+++ branches/5.1.x/units/order_items/order_items_event_handler.php	(.../order_items_event_handler.php)	(revision 13549)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: order_items_event_handler.php 12739 2009-10-20 19:38:22Z alex $
+* @version	$Id: order_items_event_handler.php 13549 2010-05-11 21:03:39Z alex $
 * @package	In-Commerce
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license	Commercial License
@@ -24,9 +24,12 @@
 		function mapPermissions()
 		{
 			parent::mapPermissions();
-			$permissions = Array(
-									'OnSaveItems'	=>	Array('subitem' => 'add|edit'),
-							);
+
+			$permissions = Array (
+				'OnItemBuild' => Array ('subitem' => true),
+				'OnSaveItems' => Array ('subitem' => 'add|edit'),
+			);
+
 			$this->permMapping = array_merge($this->permMapping, $permissions);
 		}
 
@@ -200,4 +203,31 @@
 				$object->addFilter('product_type', 'p.Type ='.$type);
 			}
 		}
+
+		/**
+		 * Checks, that currently loaded item is allowed for viewing (non permission-based)
+		 *
+		 * @param kEvent $event
+		 * @return bool
+		 */
+		function checkItemStatus(&$event)
+		{
+			if ($this->Application->IsAdmin()) {
+				return true;
+			}
+
+			$object =& $event->getObject();
+			if (!$object->isLoaded()) {
+				return true;
+			}
+
+			$order =& $this->Application->recallObject('ord');
+			/* @var $order kDBItem */
+
+			if ($order->isLoaded() && ($order->GetID() == $object->GetDBField('OrderId'))) {
+				return $order->GetDBField('PortalUserId') == $this->Application->RecallVar('user_id');
+			}
+
+			return false;
+		}
 	}
\ No newline at end of file