From 914406d31bba60e0a03e73cd7f31c1fd51de4fc7 Mon Sep 17 00:00:00 2001
From: Ankush Menat <ankush@frappe.io>
Date: Wed, 10 Jan 2024 14:53:32 +0530
Subject: [PATCH] feat: extend perm debugging to popular controllers

- [x] File
- [x] Communication
---
 frappe/__init__.py                                 | 2 ++
 frappe/core/doctype/communication/communication.py | 7 ++++---
 frappe/core/doctype/file/file.py                   | 8 ++++----
 frappe/core/doctype/file/file_list.js              | 0
 frappe/model/document.py                           | 4 ++--
 frappe/permissions.py                              | 2 +-
 6 files changed, 13 insertions(+), 10 deletions(-)
 delete mode 100644 frappe/core/doctype/file/file_list.js

diff --git a/frappe/__init__.py b/frappe/__init__.py
index 3c83ed335f..1568aa9f20 100644
--- a/frappe/__init__.py
+++ b/frappe/__init__.py
@@ -975,6 +975,7 @@ def has_permission(
 	throw=False,
 	*,
 	parent_doctype=None,
+	debug=False,
 ):
 	"""
 	Return True if the user has permission `ptype` for given `doctype` or `doc`.
@@ -999,6 +1000,7 @@ def has_permission(
 		user=user,
 		raise_exception=throw,
 		parent_doctype=parent_doctype,
+		debug=debug,
 	)
 
 	if throw and not out:
diff --git a/frappe/core/doctype/communication/communication.py b/frappe/core/doctype/communication/communication.py
index 48c8d3cd12..516356308e 100644
--- a/frappe/core/doctype/communication/communication.py
+++ b/frappe/core/doctype/communication/communication.py
@@ -501,14 +501,15 @@ def on_doctype_update():
 	frappe.db.add_index("Communication", ["message_id(140)"])
 
 
-def has_permission(doc, ptype, user):
+def has_permission(doc, ptype, user=None, debug=False):
 	if ptype == "read":
 		if doc.reference_doctype == "Communication" and doc.reference_name == doc.name:
 			return
 
 		if doc.reference_doctype and doc.reference_name:
-			if frappe.has_permission(doc.reference_doctype, ptype="read", doc=doc.reference_name):
-				return True
+			return frappe.has_permission(
+				doc.reference_doctype, ptype="read", doc=doc.reference_name, user=user, debug=debug
+			)
 
 
 def get_permission_query_conditions_for_communication(user):
diff --git a/frappe/core/doctype/file/file.py b/frappe/core/doctype/file/file.py
index f6c0b1defa..de4375ae6c 100755
--- a/frappe/core/doctype/file/file.py
+++ b/frappe/core/doctype/file/file.py
@@ -778,11 +778,11 @@ def on_doctype_update():
 	frappe.db.add_index("File", ["attached_to_doctype", "attached_to_name"])
 
 
-def has_permission(doc, ptype=None, user=None):
+def has_permission(doc, ptype=None, user=None, debug=False):
 	user = user or frappe.session.user
 
 	if ptype == "create":
-		return frappe.has_permission("File", "create", user=user)
+		return frappe.has_permission("File", "create", user=user, debug=debug)
 
 	if not doc.is_private or (user != "Guest" and doc.owner == user) or user == "Administrator":
 		return True
@@ -798,9 +798,9 @@ def has_permission(doc, ptype=None, user=None):
 			return False
 
 		if ptype in ["write", "create", "delete"]:
-			return ref_doc.has_permission("write")
+			return ref_doc.has_permission("write", debug=debug, user=user)
 		else:
-			return ref_doc.has_permission("read")
+			return ref_doc.has_permission("read", debug=debug, user=user)
 
 	return False
 
diff --git a/frappe/core/doctype/file/file_list.js b/frappe/core/doctype/file/file_list.js
deleted file mode 100644
index e69de29bb2..0000000000
diff --git a/frappe/model/document.py b/frappe/model/document.py
index ec0799e99f..8ba9b0efd4 100644
--- a/frappe/model/document.py
+++ b/frappe/model/document.py
@@ -214,7 +214,7 @@ class Document(BaseDocument):
 		if not self.has_permission(permtype):
 			self.raise_no_permission_to(permtype)
 
-	def has_permission(self, permtype="read") -> bool:
+	def has_permission(self, permtype="read", *, debug=False, user=None) -> bool:
 		"""
 		Call `frappe.permissions.has_permission` if `ignore_permissions` flag isn't truthy
 
@@ -226,7 +226,7 @@ class Document(BaseDocument):
 
 		import frappe.permissions
 
-		return frappe.permissions.has_permission(self.doctype, permtype, self)
+		return frappe.permissions.has_permission(self.doctype, permtype, self, debug=debug, user=user)
 
 	def raise_no_permission_to(self, perm_type):
 		"""Raise `frappe.PermissionError`."""
diff --git a/frappe/permissions.py b/frappe/permissions.py
index 27190d597e..f10e6b5e2b 100644
--- a/frappe/permissions.py
+++ b/frappe/permissions.py
@@ -447,7 +447,7 @@ def has_controller_permissions(doc, ptype, user=None, debug=False):
 		return None
 
 	for method in reversed(methods):
-		controller_permission = frappe.call(frappe.get_attr(method), doc=doc, ptype=ptype, user=user)
+		controller_permission = frappe.call(method, doc=doc, ptype=ptype, user=user, debug=debug)
 		debug and _debug_log(f"Controller permission check from {method}: {controller_permission}")
 		if controller_permission is not None:
 			return controller_permission