Role and permission setup

Frappe Framework Permissions
1

I have assigned the necessary roles for a sales user via the Role Permissions Manager and assigned the group to the user sales4@gmail.com. I then created a script that returns the specific permissions and roles that the user should have. However, the results from the script do not match the permissions set in the Role Permissions Manager.

For example, I granted the sales user true for the permissions "read", "write", "create", "delete", "submit", and "cancel". But when I run the script to fetch the permissions, I get the following result:

{
   "Sales Order": {
      "read": true,
      "write": false,
      "create": true,
      "delete": false,
      "submit": false,
      "cancel": false,
      "amend": false,
      "report": false,
      "import": false,
      "export": false
   },
   "Sales Invoice": {
      "read": true,
      "write": false,
      "create": true,
      "delete": false,
      "submit": false,
      "cancel": false,
      "amend": false,
      "report": false,
      "import": false,
      "export": false
   },
   "Delivery Note": {
      "read": true,
      "write": false,
      "create": true,
      "delete": false,
      "submit": false,
      "cancel": false,
      "amend": false,
      "report": false,
      "import": false,
      "export": false
   },
   "Payment Entry": {
      "read": true,
      "write": false,
      "create": true,
      "delete": false,
      "submit": false,
      "cancel": false,
      "amend": false,
      "report": false,
      "import": false,
      "export": false
   },
   "Customer": {
      "read": true,
      "write": false,
      "create": true,
      "delete": false,
      "submit": false,
      "cancel": false,
      "amend": false,
      "report": false,
      "import": false,
      "export": false
   }
}

I created an API that accepts permissions for actions like creating, reading, canceling, and deleting. But when attempting to perform these actions, I receive a “permission denied” user.

Could someone help me understand why the permissions from the Role Permissions Manager are not aligning with the results from the script, and how I can resolve this “permission denied” issue?

 def get_specific_user_permissions(user):
    ...:     """
    ...:     Check all permissions the user has for specific doctypes.
    ...:     """
    ...:     try:
    ...:         # Define the specific doctypes you want to check
    ...:         specific_doctypes = [
    ...:             "Sales Order",
    ...:             "Sales Invoice",
    ...:             "Delivery Note",
    ...:             "Payment Entry",
    ...:             "Customer"
    ...:         ]
    ...:
    ...:         # Define the permission types
    ...:         permissions = ["read", "write", "create", "delete", "submit", "cancel", "amend", "report", "import", "export"]
    ...:
    ...:         user_permissions = {}
    ...:
    ...:         # Iterate through each specific doctype
    ...:         for doctype in specific_doctypes:
    ...:             doc_permissions = {}
    ...:             for perm in permissions:
    ...:                 has_permission = frappe.has_permission(doctype=doctype, user=user, ptype=perm)
    ...:                 doc_permissions[perm] = has_permission
    ...:             user_permissions[doctype] = doc_permissions
    ...:
    ...:         return user_permissions
    ...:     except Exception as e:
    ...:         return str(e)
    ...:
2

Screenshot 2025-01-12 143749
Screenshot 2025-01-12 1437491383×668 35.9 KB

from the Role Permissions Manager
i assigned Sales Order, Sales Invoice Payment Entry, to “Sales User”
however if I run this sql statement
the “Sales Invoice” and “Payment Entry” are missing for Sales User

 SELECT ROLE, parent FROM tabDocPerm WHERE parent IN (
  "Sales Order", 
   "Sales Invoice", 
   "Delivery Note", 
    "Payment Entry", 
    "Customer"
	 )
	  AND ROLE = "Sales User";

Screenshot 2025-01-12 144349
Screenshot 2025-01-12 144349803×504 13.9 KB