From 67b68577450590844640acbab68bde26ee663cd9 Mon Sep 17 00:00:00 2001
From: Daniel Sheppard <dans@dansheps.com>
Date: Mon, 17 Jun 2024 10:49:07 -0500
Subject: [PATCH] Fix issue with tests.  Reverted to overriding the permissions
 map as the only viable option

---
 netbox/netbox/api/authentication.py | 21 ++++++++++++++-------
 netbox/utilities/permissions.py     |  6 +++++-
 2 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/netbox/netbox/api/authentication.py b/netbox/netbox/api/authentication.py
index 6c8cf49b7..90119931b 100644
--- a/netbox/netbox/api/authentication.py
+++ b/netbox/netbox/api/authentication.py
@@ -141,18 +141,25 @@ class TokenPermissions(DjangoObjectPermissions):
         permission = self.perms_map.get(method)[0] if len(self.perms_map.get(method)) > 0 else None
         if permission:
             # Remove app and model label
-            action = resolve_permission(permission)
+            app_label, action, model_name = resolve_permission(permission)
             return action
         return None
 
 
 class RequireViewOnlyPermissions(TokenPermissions):
-
-    # Only return view as the action
-    def get_action(self, method):
-        if method != 'OPTIONS':
-            return 'view'
-        return None
+    """
+    Overrides permission map to return only view permissions as required
+    """
+    # Override the stock perm_map to enforce view permissions
+    perms_map = {
+        'GET': ['%(app_label)s.view_%(model_name)s'],
+        'OPTIONS': [],
+        'HEAD': ['%(app_label)s.view_%(model_name)s'],
+        'POST': ['%(app_label)s.view_%(model_name)s'],
+        'PUT': ['%(app_label)s.view_%(model_name)s'],
+        'PATCH': ['%(app_label)s.view_%(model_name)s'],
+        'DELETE': ['%(app_label)s.view_%(model_name)s'],
+    }
 
 
 class IsAuthenticatedOrLoginNotRequired(BasePermission):
diff --git a/netbox/utilities/permissions.py b/netbox/utilities/permissions.py
index 893cc619e..747697c41 100644
--- a/netbox/utilities/permissions.py
+++ b/netbox/utilities/permissions.py
@@ -33,7 +33,11 @@ def resolve_permission(name):
     """
     try:
         app_label, codename = name.split('.')
-        action, model_name = codename.rsplit('_', 1)
+        if '%' in codename:
+            action, model_name = codename.split('_%')
+            model_name = '%' + model_name
+        else:
+            action, model_name = codename.rsplit('_', 1)
     except ValueError:
         raise ValueError(
             _("Invalid permission name: {name}. Must be in the format <app_label>.<action>_<model>").format(name=name)