Fixes: #16973 - Resolve $user token to User.id for use in permissions based on custom fields (#17268)

* Resolve $user token to User.id for use in permissions based on custom fields

* Cleaner type check

* Simplify User object check by updating tokens instead of resolved values

netbox/utilities/permissions.py

@@ -1,7 +1,10 @@
 from django.conf import settings
+from django.apps import apps
 from django.db.models import Q
 from django.utils.translation import gettext_lazy as _
 
+from users.constants import CONSTRAINT_TOKEN_USER
+
 __all__ = (
     'get_permission_for_model',
     'permission_is_exempt',
@@ -90,6 +93,11 @@ def qs_filter_from_constraints(constraints, tokens=None):
     if tokens is None:
         tokens = {}
 
+    User = apps.get_model('users.User')
+    for token, value in tokens.items():
+        if token == CONSTRAINT_TOKEN_USER and isinstance(value, User):
+            tokens[token] = value.id
+
     def _replace_tokens(value, tokens):
         if type(value) is list:
             return list(map(lambda v: tokens.get(v, v), value))