CTimeMan::GetAccess

static function GetAccess()
{
	global $USER;

	// simplest caching. is it enough? maybe...
	static $access = null;

	if (!is_array($access))
	{
		$access = [
			'READ' => [],
			'WRITE' => [],
		];

		$arAccessSettings = null;
		$subordinateList = [];
		$userPermissionManager = DependencyManager::getInstance()->getUserPermissionsManager($USER);

		if ($userPermissionManager->canReadWorktimeAll())
		{
			$access['READ'][] = '*';
		}
		elseif ($userPermissionManager->canReadWorktimeSubordinate())
		{
			$arAccessSettings = self::GetAccessSettings();

			if ($arAccessSettings['READ']['EMPLOYEE'] >= 2)
			{
				$access['READ'][] = '*';
			}
			else
			{
				// everybody can read his own entries
				$access['READ'][] = $USER->GetID();

				if ($arAccessSettings['READ']['EMPLOYEE'] >= 1)
				{
					$dbUsers = CIntranetUtils::GetDepartmentColleagues(null, false, false, 'Y', ['ID']);
					while ($arRes = $dbUsers->Fetch())
					{
						$access['READ'][] = $arRes['ID'];
					}
				}

				$dbUsers = CIntranetUtils::GetSubordinateEmployees($USER->GetID(), $arAccessSettings['READ']['HEAD'] == 1, 'Y', ['ID']);
				while ($arRes = $dbUsers->Fetch())
				{
					if ($arAccessSettings['READ']['HEAD'] == 2)
					{
						$access['READ'] = ['*'];
						break;
					}

					if (!isset($subordinateList[intval($arAccessSettings['READ']['HEAD'])]))
					{
						$subordinateList[intval($arAccessSettings['READ']['HEAD'])] = [];
					}

					$subordinateList[intval($arAccessSettings['READ']['HEAD'])][] = $arRes;
					$access['READ'][] = $arRes['ID'];
				}

				$access['READ'] = array_values(array_unique($access['READ']));
			}
		}

		if ($userPermissionManager->canUpdateWorktimeAll())
		{
			$access['WRITE'][] = '*';
		}
		elseif ($userPermissionManager->canUpdateWorktimeSubordinate())
		{
			if (($arAccessSettings['WRITE']['EMPLOYEE'] ?? 0) >= 2)
			{
				$access['WRITE'][] = '*';
			}
			else
			{
				// check if current user is The Boss.
				$arManagers = self::GetUserManagers($USER->GetID());
				if (count($arManagers) == 1 && $arManagers[0] == $USER->GetID())
				{
					$access['WRITE'][] = $USER->GetID();
				}

				if (!is_array($arAccessSettings))
				{
					$arAccessSettings = self::GetAccessSettings();
				}

				if (isset($subordinateList[intval($arAccessSettings['WRITE']['HEAD'])]))
				{
					foreach ($subordinateList[intval($arAccessSettings['WRITE']['HEAD'])] as $arRes)
					{
						$access['WRITE'][] = $arRes['ID'];
					}
				}
				else
				{
					$dbUsers = CIntranetUtils::GetSubordinateEmployees($USER->GetID(), $arAccessSettings['WRITE']['HEAD'] == 1, 'Y', ['ID']);
					while ($arRes = $dbUsers->Fetch())
					{
						$access['WRITE'][] = $arRes['ID'];
					}
				}

				$access['WRITE'] = array_values(array_unique($access['WRITE']));
			}
		}
	}

	return $access;
}