From 93119f52c3d51fbf7dad0a7941dbe360fa412d7c Mon Sep 17 00:00:00 2001
From: Jeremy Stretch <jstretch@netboxlabs.com>
Date: Tue, 23 Dec 2025 09:41:58 -0500
Subject: [PATCH] Fixes #21032: Avoid subquery in RestrictedQuerySet where
 unnecessary

---
 netbox/utilities/querysets.py | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/netbox/utilities/querysets.py b/netbox/utilities/querysets.py
index 0a9389b1f..f3c838d27 100644
--- a/netbox/utilities/querysets.py
+++ b/netbox/utilities/querysets.py
@@ -50,21 +50,21 @@ class RestrictedQuerySet(QuerySet):
 
         # Bypass restriction for superusers and exempt views
         if user and user.is_superuser or permission_is_exempt(permission_required):
-            qs = self
+            return self
 
         # User is anonymous or has not been granted the requisite permission
-        elif user is None or not user.is_authenticated or permission_required not in user.get_all_permissions():
-            qs = self.none()
+        if user is None or not user.is_authenticated or permission_required not in user.get_all_permissions():
+            return self.none()
 
         # Filter the queryset to include only objects with allowed attributes
-        else:
-            tokens = {
-                CONSTRAINT_TOKEN_USER: user,
-            }
-            attrs = qs_filter_from_constraints(user._object_perm_cache[permission_required], tokens)
+        constraints = user._object_perm_cache[permission_required]
+        tokens = {
+            CONSTRAINT_TOKEN_USER: user,
+        }
+        if attrs := qs_filter_from_constraints(constraints, tokens):
             # #8715: Avoid duplicates when JOIN on many-to-many fields without using DISTINCT.
             # DISTINCT acts globally on the entire request, which may not be desirable.
             allowed_objects = self.model.objects.filter(attrs)
-            qs = self.filter(pk__in=allowed_objects)
+            return self.filter(pk__in=allowed_objects)
 
-        return qs
+        return self