# This patch file was generated by NetBeans IDE
# This patch can be applied using context Tools: Apply Diff Patch action on respective folder.
# It uses platform neutral UTF-8 encoding.
# Above lines and this line are ignored by the patching process.
--- administrator/components/com_comprofiler/library/cb/cb.acl.php
+++ administrator/components/com_comprofiler/library/cb/cb.acl.php
@@ -301,18 +301,22 @@
 		return $return;
 	}
 
-	function get_allowed_access( $access_gid, $recurse, $user_gid ) {
-		if ( ( $access_gid == -2 ) || ( ( $access_gid == -1 ) && ( $user_gid && ( $user_gid != $this->mapGroupNamesToValues( 'Public' ) ) ) ) ) {
+	function get_allowed_access( $access_gid, $recurse, $user_gids ) {
+		if ( ! is_array( $user_gids ) ) {
+			$user_gids				=	array( $user_gids );
+		}
+
+		if ( ( $access_gid == -2 ) || ( ( $access_gid == -1 ) && ( $user_gids && ( ! in_array( $this->mapGroupNamesToValues( 'Public' ), $user_gids ) ) ) ) ) {
 			return true;
 		} else {
-			if ( $user_gid == $access_gid ) {
+			if ( in_array( $access_gid, $user_gids ) ) {
 				return true;
 			} else {
 				if ( $recurse == 'RECURSE' ) {
 					$group_children	=	$this->get_group_parent_ids( $access_gid );
 
 					if ( is_array( $group_children ) && ( count( $group_children ) > 0 ) ) {
-						if ( in_array( $user_gid, $group_children ) ) {
+						if ( array_intersect( $user_gids, $group_children ) ) {
 							return true;
 						}
 					}
@@ -494,7 +498,7 @@
 				$id			=	(int) $grp->id;
 				$parent		=	(int) $grp->parent_id;
 				$grps		=	array( $parent, $id );
-	
+
 				// Go no further if group has no parent:
 				if ( $parent ) {
 					// Determine Joomla version:
@@ -513,7 +517,7 @@
 							return 2; // Public Backend
 						}
 					}
-	
+
 					// Loop through for deep groups:
 					return $this->get_parent_container( $groups[$parent], $groups );
 				} else {
@@ -525,12 +529,16 @@
 		return null; // Unknown
 	}
 
-	function get_groups_below_me() {
+	function get_groups_below_me( $myId = null, $raw = false ) {
 		global $_CB_framework;
 
 		static $gids			=	array();
 
-		$myId					=	$_CB_framework->myId();
+		if ( $myId === null ) {
+			$myId				=	$_CB_framework->myId();
+		} else {
+			$myId				=	(int) $myId;
+		}
 
 		if ( ! isset( $gids[$myId] ) ) {
 			if ( checkJversion() == 2 ) {
@@ -567,9 +575,31 @@
 					}
 				}
 			}
+
 			$gids[$myId]		=	array_values( $groups );
 		}
-		return $gids[$myId];
+
+		$rows					=	$gids[$myId];
+
+		if ( $rows ) {
+			if ( $raw ) {
+				$grps			=	array( -2 );
+
+				if ( $myId ) {
+					$grps[]		=	-1;
+				}
+
+				foreach ( $rows as $row ) {
+					$grps[]		=	(int) $row->value;
+				}
+
+				$rows			=	$grps;
+			}
+		} else {
+			$rows				=	array();
+		}
+
+		return $rows;
 	}
 
 	/**
@@ -673,15 +703,16 @@
 				} else {
 					$this_group			=	'Registered';
 					$obj->gid 			=	$this->get_group_id( $this_group, 'ARO' );
+					$obj->gids			=	$this->get_groups_below_me( $user_id, true );
 				}
 
 				if ( ( ! $allow_myself ) && ( $user_id == $_CB_framework->myId() ) ){
 	 				$msg				.=	"You cannot $action Yourself! ";
 	 			} else {
-	 				$myGid				=	$this->get_user_group_id( $_CB_framework->myId() );
+					$myGids				=	$this->get_groups_below_me( $_CB_framework->myId(), true );
 
-	 				if ( $myGid != $cms_super_admin ) {
-		 				if ( ( ( $obj->gid == $myGid ) && ! in_array( $myGid, $cms_admins ) ) || ( $user_id && $obj->gid && ! in_array( $obj->gid, $this->get_group_children_ids( $myGid ) ) ) ) {
+	 				if ( ! in_array( $cms_super_admin, $myGids ) ) {
+						if ( ( ( ! array_intersect( $myGids, $obj->gids ) ) && ( ! array_intersect( $myGids, $cms_admins ) ) ) || ( $user_id && $obj->gids && ( ! array_intersect( $obj->gids, $myGids ) ) ) ) {
 							$msg		.=	"You cannot $action a `$this_group`. Only higher-level users have this power. ";
 		 				}
 	 				}
@@ -690,9 +721,10 @@
 		} else {
 			$this_group 				=	'Registered';
 			$gid 						=	$this->get_group_id( $this_group, 'ARO' );
-			$myGid						=	$this->get_user_group_id( $_CB_framework->myId() );
+			$myGids						=	$this->get_groups_below_me( $_CB_framework->myId(), true );
 
-			if ( ( ( $gid == $myGid ) && ! in_array( $myGid, $cms_admins ) ) || ( $gid && ! in_array( $gid, $this->get_group_children_ids( $myGid ) ) ) ) {				$msg					.=	"You cannot $action a `$this_group`. Only higher-level users have this power. ";
+			if ( ( ! array_intersect( $myGids, array( $gid ) ) && ( ! array_intersect( $myGids, $cms_admins ) ) ) || ( $gid && ( ! array_intersect( array( $gid ), $myGids ) ) ) ) {
+				$msg					.=	"You cannot $action a `$this_group`. Only higher-level users have this power. ";
 			}
 		}
 
@@ -728,7 +760,7 @@
 					}
 				}
 			} elseif ( $ueConfig[$action] > 1 ) {
-				if ( in_array( $this->get_user_group_id( $_CB_framework->myId() ), $this->get_group_parent_ids( $ueConfig[$action] ) ) ) {
+				if ( in_array( $ueConfig[$action], $this->get_groups_below_me( $_CB_framework->myId(), true ) ) ) {
 					$ret				=	null;
 				} else {
 					$ret				=	false;
@@ -757,7 +789,7 @@
 		$user_id			=	(int) $user_id;
 
 		if ( ! isset( $uid[$user_id] ) ) {
-			$uid[$user_id]	=	( $user_id && in_array( $this->get_user_group_id( $user_id ), $this->get_group_parent_ids( $ueConfig['imageApproverGid'] ) ) );
\ No newline at end of file
+			$uid[$user_id]	=	( $user_id && in_array( $ueConfig['imageApproverGid'], $this->get_groups_below_me( $user_id, true ) ) );
\ No newline at end of file
 		}
 
 		return $uid[$user_id];