Frappe Cloud Support Partners Foundation Frappe School

Custom Docperm overriding default permissions

I have an app that uses the following docperm for role ‘Field Manager’. When I deploy a new site, the corresponding permissions are created for doctype ‘Role’ but the default permissions for ‘System Manager’ disappear. Is this expected behavior?

I could just add the System Manager permissions back in through another statement but the documentation indicates that Custom DocPerm is supposed to be additive. This is v13.15.1 code.

“amend”: 0,
“cancel”: 0,
“create”: 0,
“delete”: 0,
“docstatus”: 0,
“doctype”: “Custom DocPerm”,
“email”: 0,
“export”: 1,
“if_owner”: 0,
“import”: 0,
“modified”: “2021-11-14 17:07:11.036903”,
“name”: “9e22108aa1”,
“parent”: “Role”,
“parentfield”: “permissions”,
“parenttype”: “DocType”,
“permlevel”: 0,
“print”: 0,
“read”: 1,
“report”: 0,
“role”: “Field Manager”,
“select”: 1,
“set_user_permissions”: 0,
“share”: 0,
“submit”: 0,
“write”: 0

Here’s the relevant code

def get_all_perms(role):
'''Returns valid permissions for a given role'''
perms = frappe.get_all('DocPerm', fields='*', filters=dict(role=role))
custom_perms = frappe.get_all('Custom DocPerm', fields='*', filters=dict(role=role))
doctypes_with_custom_perms = frappe.db.sql_list("""select distinct parent
	from `tabCustom DocPerm`""")

for p in perms:
	if p.parent not in doctypes_with_custom_perms:
return custom_perms

This doesn’t appear to tack the original (non-custom) permissions onto custom_perms but I’m open to interpretation.