• Модуль: tasks
  • Путь к файлу: ~/bitrix/modules/tasks/lib/provider/taskquerybuilder.php
  • Класс: BitrixTasksProviderTaskQueryBuilder
  • Вызов: TaskQueryBuilder::addAccessCheck
private function addAccessCheck(): self
{
	if (!$this->taskQuery->needAccessCheck())
	{
		return $this;
	}

	$permissions = $this->getPermissions();

	$accessFilter = Query::filter()
		->logic('or');

	// user in tasks
	$accessFilter->where(self::ALIAS_TASK_ACCESS.'.USER_ID', $this->taskQuery->getUserId());

	// user can view all non department tasks
	if (in_array(PermissionDictionary::TASK_NON_DEPARTMENT_VIEW, $permissions))
	{
		$departmentMembers = $this->getDepartmentMembers();
		if (empty($departmentMembers))
		{
			// view all tasks
			return $this;
		}

		$accessFilter->where(
			Query::filter()
				->whereIn(self::ALIAS_TASK_ACCESS.'.TYPE', [RoleDictionary::ROLE_RESPONSIBLE, RoleDictionary::ROLE_DIRECTOR, RoleDictionary::ROLE_ACCOMPLICE])
				->whereNotIn(self::ALIAS_TASK_ACCESS.'.USER_ID', $departmentMembers)
		);
	}

	// user can view all department tasks
	if (in_array(PermissionDictionary::TASK_DEPARTMENT_VIEW, $permissions))
	{
		$departmentMembers = $this->getDepartmentMembers();
		if (!empty($departmentMembers))
		{
			$accessFilter->where(
				Query::filter()
					->whereIn(self::ALIAS_TASK_ACCESS.'.TYPE', [RoleDictionary::ROLE_RESPONSIBLE, RoleDictionary::ROLE_DIRECTOR, RoleDictionary::ROLE_ACCOMPLICE])
					->whereIn(self::ALIAS_TASK_ACCESS.'.USER_ID', $departmentMembers)
			);
		}
	}

	$subordinate = $this->getUser()->getAllSubordinates();
	// user can view subordinate tasks
	if (!empty($subordinate))
	{
		$accessFilter->whereIn(self::ALIAS_TASK_ACCESS.'.USER_ID', $subordinate);
	}

	// user can view group tasks
	$userGroups = Group::getIdsByAllowedAction('view_all', true, $this->taskQuery->getUserId());
	if (!empty($userGroups))
	{
		$accessFilter->whereIn('GROUP_ID', $userGroups);
	}

	$this->query->registerRuntimeField(self::ALIAS_TASK_ACCESS,
		(new ReferenceField(
			self::ALIAS_TASK_ACCESS,
			MemberTable::getEntity(),
			Join::on('this.ID', 'ref.TASK_ID')
		))->configureJoinType('inner')
	);
	$this->query->where($accessFilter);

	return $this;
}