TaskProvider::buildAccessSql

private function buildAccessSql(): self
{
	$userModel = UserModel::createFromId($this->executorId);

	// admin can see all tasks
	if ($userModel->isAdmin())
	{
		return $this;
	}

	$this->joinTaskMembers();

	$query = [];
	$permissions = $this->getPermissions();

	// user in tasks
	$query[] = 'TMACCESS.USER_ID = '. $this->executorId;

	// user can view subordinate tasks
	$subordinate = $userModel->getAllSubordinates();
	if (!empty($subordinate))
	{
		$query[] = 'TMACCESS.user_id IN ('. implode(',', $subordinate) .')';
	}

	// user can view all department tasks
	if (in_array(PermissionDictionary::TASK_DEPARTMENT_VIEW, $permissions))
	{
		$departmentMembers = $this->getDepartmentMembers();
		if (!empty($departmentMembers))
		{
			$query[] = '
				TMACCESS.type IN ("'. RoleDictionary::ROLE_RESPONSIBLE .'", "'. RoleDictionary::ROLE_DIRECTOR .'", "'. RoleDictionary::ROLE_ACCOMPLICE .'")
				AND TMACCESS.user_id IN ('. implode(',', $departmentMembers) .')
			';
		}
	}

	// user can view all non department tasks
	if (in_array(PermissionDictionary::TASK_NON_DEPARTMENT_VIEW, $permissions))
	{
		$departmentMembers = $this->getDepartmentMembers();
		$query[] = '
			TMACCESS.type IN ("'. RoleDictionary::ROLE_RESPONSIBLE .'", "'. RoleDictionary::ROLE_DIRECTOR .'", "'. RoleDictionary::ROLE_ACCOMPLICE .'")
			AND TMACCESS.user_id NOT IN ('. (!empty($departmentMembers) ? implode(',', $departmentMembers) : 0) .')
		';
	}

	// user can view group tasks
	$userGroups = IntegrationSocialNetworkGroup::getIdsByAllowedAction('view_all', true, $this->executorId);
	if (!empty($userGroups))
	{
		$query[] = '
			T.GROUP_ID IN ('. implode(',', $userGroups) .')
		';
	}

	if (!empty($query))
	{
		$this->arSqlSearch[] = '((' . implode(') OR (', $query) . '))';
	}

	return $this;
}