RoleManager::getUserPermissions

static function getUserPermissions($userId)
{
	//administrators should have full access despite everything
	if(Helper::isAdmin($userId))
	{
		return self::getAdminPermissions();
	}

	//everybody else's permissions are defined by their role
	$result = [];

	$userRoles = static::getUserRoles($userId);
	foreach ($userRoles as $roleId)
	{
		foreach (static::$permissions[$roleId] as $entity => $actions)
		{
			foreach ($actions as $action => $permission)
			{
				if (   !isset($result[$entity][$action])
					|| $result[$entity][$action] < $permission)
				{
					$result[$entity][$action] = $permission;
				}
			}
		}
	}

	return $result;
}