Resolved gh-364 to allow greater depth and ensure that all custom code placeholders are always update/replaced at any depth layer. Tweaked the editURL method to also handle access control permissions.

admin/helpers/compiler/a_Get.php

@@ -4915,7 +4915,7 @@ class Get
 			// when the custom code is loaded
 			if ($loaded === true)
 			{
-				$string = $this->insertCustomCode($string, $debug);
+				$string = $this->insertCustomCode($bucket, $string, $debug);
 			}
 			// if debug
 			if ($debug)
@@ -4936,19 +4936,13 @@ class Get
 	 * @return  string on success
 	 * 
 	 */
-	protected function insertCustomCode($string, $debug = 0)
+	protected function insertCustomCode($ids, $string, $debug = 0)
 	{
 		$code = array();
-		// if debug
-		if ($debug)
-		{
-			echo '$this->customCode:';
-			var_dump($this->customCode);
-		}
 		// load the code
-		foreach ($this->customCode as $item)
+		foreach ($ids as $id)
 		{
-			$this->buildCustomCodePlaceholders($item, $code, $debug);
+			$this->buildCustomCodePlaceholders($this->customCodeMemory[$id], $code, $debug);
 		}
 		// if debug
 		if ($debug)

admin/helpers/componentbuilder.php

@@ -3895,8 +3895,13 @@ abstract class ComponentbuilderHelper
 	* @return  string    On success the edit url
 	* 
 	*/
-	public static function  getEditURL(&$item, $view, $views, $ref = '', $component = 'com_componentbuilder', $jRoute = true)
+	public static function getEditURL(&$item, $view, $views, $ref = '', $component = 'com_componentbuilder', $jRoute = true)
 	{
+		// make sure the user has access to view
+		if (!JFactory::getUser()->authorise($view. '.access', $component))
+		{
+			return false;
+		}
 		// build record
 		$record = new stdClass();
 		// check that we have the ID