CTasks::__GetSearchPermissions

static function __GetSearchPermissions($arTask)
{
	$arPermissions = [];

	// check task members
	if (!isset($arTask['ACCOMPLICES']) || !isset($arTask['AUDITORS']))
	{
		if (!isset($arTask['ACCOMPLICES']))
		{
			$arTask['ACCOMPLICES'] = [];
		}
		if (!isset($arTask['AUDITORS']))
		{
			$arTask['AUDITORS'] = [];
		}

		$members = self::getMembers($arTask['ID']);
		$arTask['ACCOMPLICES'] = array_merge($arTask['ACCOMPLICES'], $members[MemberTable::MEMBER_TYPE_ACCOMPLICE]);
		$arTask['AUDITORS'] = array_merge($arTask['AUDITORS'], $members[MemberTable::MEMBER_TYPE_AUDITOR]);
	}

	// group id is set, then take permissions from socialnetwork settings
	if ($arTask["GROUP_ID"] > 0 && CModule::IncludeModule("socialnetwork"))
	{
		$prefix = "SG" . $arTask["GROUP_ID"] . "_";
		$letter = CSocNetFeaturesPerms::GetOperationPerm(SONET_ENTITY_GROUP, $arTask["GROUP_ID"], "tasks",
			"view_all");
		switch ($letter)
		{
			case "N"://All
				$arPermissions[] = 'G2';
				break;
			case "L"://Authorized
				$arPermissions[] = 'AU';
				break;
			case "K"://Group members includes moderators and admins
				$arPermissions[] = $prefix . 'K';
			case "E"://Moderators includes admins
				$arPermissions[] = $prefix . 'E';
			case "A"://Admins
				$arPermissions[] = $prefix . 'A';
				break;
		}
	}

	// if neither "all users" nor "authorized user" enabled, turn permissions on at least for task members
	if (!in_array("G2", $arPermissions) && !in_array("AU", $arPermissions))
	{
		if (!$arTask["ACCOMPLICES"])
		{
			$arTask["ACCOMPLICES"] = [];
		}

		if (!$arTask["AUDITORS"])
		{
			$arTask["AUDITORS"] = [];
		}

		$arParticipants = array_unique(array_merge([$arTask["CREATED_BY"], $arTask["RESPONSIBLE_ID"]],
			$arTask["ACCOMPLICES"], $arTask["AUDITORS"]));
		foreach ($arParticipants as $userId)
		{
			$arPermissions[] = "U" . $userId;
		}

		$arDepartments = [];

		$arSubUsers = array_unique([$arTask['RESPONSIBLE_ID'], $arTask['CREATED_BY']]);

		foreach ($arSubUsers as $subUserId)
		{
			$arUserDepartments = CTasks::GetUserDepartments($subUserId);

			if (is_array($arUserDepartments) && count($arUserDepartments))
			{
				$arDepartments = array_merge($arDepartments, $arUserDepartments);
			}
		}

		$arDepartments = array_unique($arDepartments);
		$arManagersTmp = CTasks::GetDepartmentManagers($arDepartments);

		if (is_array($arManagersTmp))
		{
			$arManagers = array_keys($arManagersTmp);

			// Remove $arSubUsers from $arManagers
			$arManagers = array_diff($arManagers, $arSubUsers);

			foreach ($arManagers as $userId)
			{
				if (!in_array("U" . $userId, $arPermissions))
				{
					$arPermissions[] = "U" . $userId;
				}
			}
		}
	}

	// adimins always allowed to view search result
	$arPermissions[] = 'G1';

	return $arPermissions;
}