Hi,
Deny takes precedence, so user1 will be denied access.
The reason is, Deny entries are always ordered before Allow entries in the Discretionary Access Control List (DACL) on the object (file). When the system checks each Access Control Entry (ACE) and finds a trustee (user/group/etc.) that is part of the access token (this contains SIDs of trustees), it denies or allows access and stops checking any more of the ACEs in the DACL.
If the above is helpful please click Accept Answer.
Thanks.
-TP