From 5ae047c82f4d3190477f6793e4fcc0f70c7b9f63 Mon Sep 17 00:00:00 2001
From: Anand Doshi <anand@erpnext.com>
Date: Mon, 16 Mar 2015 15:53:41 +0530
Subject: [PATCH] [fix] user permission doctypes should be collated per perm
 type

---
 frappe/permissions.py | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/frappe/permissions.py b/frappe/permissions.py
index 30cdbee603..beb96087b5 100644
--- a/frappe/permissions.py
+++ b/frappe/permissions.py
@@ -43,7 +43,7 @@ def has_permission(doctype, ptype="read", doc=None, verbose=True, user=None):
 
 		if role_permissions["apply_user_permissions"].get(ptype):
 			if not user_has_permission(doc, verbose=verbose, user=user,
-				user_permission_doctypes=role_permissions.get("user_permission_doctypes")):
+				user_permission_doctypes=role_permissions.get("user_permission_doctypes", {}).get(ptype) or []):
 				return False
 
 		if not has_controller_permissions(doc, ptype, user=user):
@@ -67,11 +67,11 @@ def get_doc_permissions(doc, verbose=False, user=None):
 	if not cint(meta.allow_import):
 		role_permissions["import"] = 0
 
-	if role_permissions.get("apply_user_permissions") and not user_has_permission(doc, verbose=verbose, user=user,
-		user_permission_doctypes=role_permissions.get("user_permission_doctypes")):
+	if role_permissions.get("apply_user_permissions"):
 		# no user permissions, switch off all user-level permissions
 		for ptype in role_permissions:
-			if role_permissions["apply_user_permissions"].get(ptype):
+			if role_permissions["apply_user_permissions"].get(ptype) and not user_has_permission(doc, verbose=verbose, user=user,
+		user_permission_doctypes=role_permissions.get("user_permission_doctypes", {}).get(ptype) or []):
 				role_permissions[ptype] = 0
 
 	return role_permissions
@@ -81,7 +81,7 @@ def get_role_permissions(meta, user=None):
 	cache_key = (meta.name, user)
 
 	if not frappe.local.role_permissions.get(cache_key):
-		perms = frappe._dict({ "apply_user_permissions": {} })
+		perms = frappe._dict({ "apply_user_permissions": {}, "user_permission_doctypes": {} })
 		user_roles = frappe.get_roles(user)
 
 		for p in meta.permissions:
@@ -98,9 +98,11 @@ def get_role_permissions(meta, user=None):
 					user_permission_doctypes = (json.loads(p.user_permission_doctypes)
 							if p.user_permission_doctypes else None)
 
-					if user_permission_doctypes and user_permission_doctypes not in perms.get("user_permission_doctypes", []):
-						# perms["user_permission_doctypes"] would be a list of list like [["User", "Blog Post"], ["User"]]
-						perms.setdefault("user_permission_doctypes", []).append(user_permission_doctypes)
+					if user_permission_doctypes:
+						# perms["user_permission_doctypes"][ptype] would be a list of list like [["User", "Blog Post"], ["User"]]
+						for ptype in rights:
+							if p.get(ptype):
+								perms["user_permission_doctypes"].setdefault(ptype, []).append(user_permission_doctypes)
 
 		for key, value in perms.get("apply_user_permissions").items():
 			if not value:
@@ -229,7 +231,6 @@ def get_user_permission_doctypes(user_permission_doctypes, user_permissions):
 	else:
 		user_permission_doctypes = [user_permissions.keys()]
 
-
 	if len(user_permission_doctypes) > 1:
 		# OPTIMIZATION
 		# if intersection exists, use that to reduce the amount of querying