From 38786748b7012f61b16277bf6f66d1a98aa2d64e Mon Sep 17 00:00:00 2001
From: Daniel Sheppard <dans@dansheps.com>
Date: Tue, 18 Jun 2024 09:59:34 -0500
Subject: [PATCH] Add override for read_only tokens to be used with an
 overriden permission set

---
 netbox/netbox/api/authentication.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/netbox/netbox/api/authentication.py b/netbox/netbox/api/authentication.py
index ef307775b..fbdd7e0ff 100644
--- a/netbox/netbox/api/authentication.py
+++ b/netbox/netbox/api/authentication.py
@@ -103,9 +103,14 @@ class TokenPermissions(DjangoObjectPermissions):
         super().__init__()
 
     def _verify_write_permission(self, request):
+        # Determine if this permission set allows read-only tokens
+        allow_readonly_token = getattr(self, 'allow_readonly_token', False)
 
         # If token authentication is in use, verify that the token allows write operations (for unsafe methods).
-        if request.method in SAFE_METHODS or request.auth.write_enabled:
+        # If this permission set allows read-only tokens, also permit access
+        if request.method in SAFE_METHODS or request.auth.write_enabled or (
+                not request.auth.write_enabled and allow_readonly_token
+        ):
             return True
 
     def has_permission(self, request, view):
@@ -150,6 +155,8 @@ class RequireViewOnlyPermissions(TokenPermissions):
         'DELETE': ['%(app_label)s.view_%(model_name)s'],
     }
 
+    allow_readonly_token = True
+
 
 class IsAuthenticatedOrLoginNotRequired(BasePermission):
     """