From 84d4b2db7712bbe610e47c33886a8bad6254968f Mon Sep 17 00:00:00 2001
From: Jeremy Stretch <stretch@packetlife.net>
Date: Thu, 23 Jul 2020 13:53:36 -0400
Subject: [PATCH] Clean up resolution of HTTP verbs to permission actions

---
 netbox/utilities/api.py | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/netbox/utilities/api.py b/netbox/utilities/api.py
index 7c413890b..1a0f912ba 100644
--- a/netbox/utilities/api.py
+++ b/netbox/utilities/api.py
@@ -17,6 +17,16 @@ from rest_framework.viewsets import ModelViewSet as _ModelViewSet
 
 from .utils import dict_to_filter_params, dynamic_import
 
+HTTP_ACTIONS = {
+    'GET': 'view',
+    'OPTIONS': None,
+    'HEAD': 'view',
+    'POST': 'add',
+    'PUT': 'change',
+    'PATCH': 'change',
+    'DELETE': 'delete',
+}
+
 
 class ServiceUnavailable(APIException):
     status_code = 503
@@ -321,18 +331,8 @@ class ModelViewSet(_ModelViewSet):
         if not request.user.is_authenticated:
             return
 
-        # TODO: Reconcile this with TokenPermissions.perms_map
-        action = {
-            'GET': 'view',
-            'OPTIONS': None,
-            'HEAD': 'view',
-            'POST': 'add',
-            'PUT': 'change',
-            'PATCH': 'change',
-            'DELETE': 'delete',
-        }[request.method]
-
         # Restrict the view's QuerySet to allow only the permitted objects
+        action = HTTP_ACTIONS[request.method]
         if action:
             self.queryset = self.queryset.restrict(request.user, action)