public static function GetAccess() { global $USER; // simplest caching. is it enough? maybe... static $access = null; if (!is_array($access)) { $access = array('READ' => array(), 'WRITE' => array()); $arAccessSettings = null; if ($USER->CanDoOperation('tm_read')) { $access['READ'][] = '*'; } elseif ($USER->CanDoOperation('tm_read_subordinate')) { $arAccessSettings = self::GetAccessSettings(); if ($arAccessSettings['READ']['EMPLOYEE'] >= 2) { $access['READ'][] = '*'; } else { // everybody can read his own entries $access['READ'][] = $USER->GetID(); if ($arAccessSettings['READ']['EMPLOYEE'] >= 1) { $dbUsers = CIntranetUtils::GetDepartmentColleagues(); while ($arRes = $dbUsers->Fetch()) { $access['READ'][] = $arRes['ID']; } } $dbUsers = CIntranetUtils::GetSubordinateEmployees($USER->GetID(), $arAccessSettings['READ']['HEAD'] == 1); while ($arRes = $dbUsers->Fetch()) { if ($arAccessSettings['READ']['HEAD'] == 2) { $access['READ'] = array('*'); break; } $access['READ'][] = $arRes['ID']; } $access['READ'] = array_values(array_unique($access['READ'])); } } if ($USER->CanDoOperation('tm_write')) { $access['WRITE'][] = '*'; } elseif ($USER->CanDoOperation('tm_write_subordinate')) { if ($arAccessSettings['WRITE']['EMPLOYEE'] >= 2) { $access['WRITE'][] = '*'; } else { // check if current user is The Boss. $arManagers = self::GetUserManagers($USER->GetID()); if (count($arManagers) == 1 && $arManagers[0] == $USER->GetID()) { $access['WRITE'][] = $USER->GetID(); } if (!is_array($arAccessSettings)) { $arAccessSettings = self::GetAccessSettings(); } $dbUsers = CIntranetUtils::GetSubordinateEmployees($USER->GetID(), $arAccessSettings['WRITE']['HEAD'] == 1); while ($arRes = $dbUsers->Fetch()) { $access['WRITE'][] = $arRes['ID']; } $access['WRITE'] = array_values(array_unique($access['WRITE'])); } } } return $access; }