From 54d4ff8c48d908e722150ae9c0d80bc03dd93efa Mon Sep 17 00:00:00 2001
From: Anand Doshi <anand@erpnext.com>
Date: Wed, 5 Mar 2014 18:48:48 +0530
Subject: [PATCH] Fixed Event Permission checking

---
 frappe/core/doctype/event/event.py | 5 +++--
 frappe/permissions.py              | 7 ++++++-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/frappe/core/doctype/event/event.py b/frappe/core/doctype/event/event.py
index bc4e13f827..8b19043f9a 100644
--- a/frappe/core/doctype/event/event.py
+++ b/frappe/core/doctype/event/event.py
@@ -28,12 +28,13 @@ def get_permission_query_conditions():
 			"roles": "', '".join(frappe.get_roles(frappe.session.user))
 		}
 
-def has_permission(doc):
+def has_permission(doc, bean=None):
 	if doc.event_type=="Public" or doc.owner==frappe.session.user:
 		return True
 		
 	# need full doclist to check roles and users
-	bean = frappe.bean("Event", doc.name)
+	if not bean:
+		bean = frappe.bean("Event", doc.name)
 		
 	if len(bean.doclist)==1:
 		return False
diff --git a/frappe/permissions.py b/frappe/permissions.py
index 19513aa79f..d0a8c6a132 100644
--- a/frappe/permissions.py
+++ b/frappe/permissions.py
@@ -101,9 +101,14 @@ def has_unrestricted_access(meta, refdoc, verbose=True):
 	return False if has_restricted_data else True
 	
 def has_additional_permission(doc):
+	if doc.fields.get("__islocal"):
+		bean = frappe.bean(doc)
+	else:
+		bean = frappe.bean(doc.doctype, doc.name)
+	
 	condition_methods = frappe.get_hooks("has_permission:" + doc.doctype)
 	for method in frappe.get_hooks("has_permission:" + doc.doctype):
-		if not frappe.get_attr(method)(doc):
+		if not frappe.call(frappe.get_attr(method), doc=doc, bean=bean):
 			return False
 		
 	return True