From 821f3f58845db91a574d36d8d0c43b0b8c12f962 Mon Sep 17 00:00:00 2001
From: "mergify[bot]" <37929162+mergify[bot]@users.noreply.github.com>
Date: Mon, 1 Dec 2025 12:49:37 +0100
Subject: [PATCH] fix(Employee): add/delete user permission (backport #47016)
 (#50761)

Co-authored-by: barredterra <14891507+barredterra@users.noreply.github.com>
---
 erpnext/hooks.py                           | 5 +----
 erpnext/setup/doctype/employee/employee.py | 7 +++----
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/erpnext/hooks.py b/erpnext/hooks.py
index a4df5628497..4514249824b 100644
--- a/erpnext/hooks.py
+++ b/erpnext/hooks.py
@@ -340,10 +340,7 @@ doc_events = {
 	"User": {
 		"after_insert": "frappe.contacts.doctype.contact.contact.update_contact",
 		"validate": "erpnext.setup.doctype.employee.employee.validate_employee_role",
-		"on_update": [
-			"erpnext.setup.doctype.employee.employee.update_user_permissions",
-			"erpnext.portal.utils.set_default_role",
-		],
+		"on_update": "erpnext.portal.utils.set_default_role",
 	},
 	"Communication": {
 		"on_update": [
diff --git a/erpnext/setup/doctype/employee/employee.py b/erpnext/setup/doctype/employee/employee.py
index eb5284019da..85f9e712fe0 100755
--- a/erpnext/setup/doctype/employee/employee.py
+++ b/erpnext/setup/doctype/employee/employee.py
@@ -10,6 +10,7 @@ from frappe.permissions import (
 	remove_user_permission,
 )
 from frappe.utils import cstr, getdate, today, validate_email_address
+from frappe.utils.deprecations import deprecated
 from frappe.utils.nestedset import NestedSet
 
 from erpnext.utilities.transaction_base import delete_events
@@ -88,9 +89,6 @@ class Employee(NestedSet):
 		if not self.has_value_changed("user_id") and not self.has_value_changed("create_user_permission"):
 			return
 
-		if not has_permission("User Permission", ptype="write", raise_exception=False):
-			return
-
 		employee_user_permission_exists = frappe.db.exists(
 			"User Permission", {"allow": "Employee", "for_value": self.name, "user": self.user_id}
 		)
@@ -251,8 +249,9 @@ def validate_employee_role(doc, method=None, ignore_emp_check=False):
 		doc.get("roles").remove(doc.get("roles", {"role": "Employee Self Service"})[0])
 
 
+@deprecated
 def update_user_permissions(doc, method):
-	# called via User hook
+	# formerly called via User hook
 	if "Employee" in [d.role for d in doc.get("roles")]:
 		if not has_permission("User Permission", ptype="write", raise_exception=False):
 			return