Index: db_event_handler.php
===================================================================
--- db_event_handler.php	(revision 14234)
+++ db_event_handler.php	(working copy)
@@ -2720,16 +2720,22 @@
 				return true;
 			}
 
-			$backup_user_id = $this->Application->RecallVar('user_id'); // 1. backup user
-			$this->Application->StoreVar('user_id', $admin_ses->RecallVar('user_id')); // 2. fake user_id
+			// copy some data from given session to current session
+			$backup_user_id = $this->Application->RecallVar('user_id');
+			$this->Application->StoreVar('user_id', $admin_ses->RecallVar('user_id'));
 
-			$check_event = new kEvent($event->getPrefixSpecial() . ':OnProcessSelected'); // 3. event, that have "add|edit" rule
+			$backup_user_groups = $this->Application->RecallVar('UserGroups');
+			$this->Application->StoreVar('UserGroups', $admin_ses->RecallVar('UserGroups'));
+
+			// check permissions using event, that have "add|edit" rule
+			$check_event = new kEvent($event->getPrefixSpecial() . ':OnProcessSelected');
 			$check_event->setEventParam('top_prefix', $this->Application->GetTopmostPrefix($event->Prefix, true));
+			$allowed_to_upload = $this->CheckPermission($check_event);
 
-			$allowed_to_upload = $this->CheckPermission($check_event); // 4. check permission
+			// restore changed data, so nothing gets saved to database
+			$this->Application->StoreVar('user_id', $backup_user_id);
+			$this->Application->StoreVar('UserGroups', $backup_user_groups);
 
-			$this->Application->StoreVar('user_id', $backup_user_id); // 5. restore user id
-
 			return $allowed_to_upload;
 		}