From 40e5536300e3947688948d471391ba008c50f30c Mon Sep 17 00:00:00 2001
From: Oliver <oliver.henry.walters@gmail.com>
Date: Mon, 11 Oct 2021 21:39:34 +1100
Subject: [PATCH 1/2] Handle rare case where user instance has no name assigned

---
 InvenTree/users/models.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/InvenTree/users/models.py b/InvenTree/users/models.py
index 8a417a050d..73a7561153 100644
--- a/InvenTree/users/models.py
+++ b/InvenTree/users/models.py
@@ -216,7 +216,10 @@ class RuleSet(models.Model):
                     return True
 
         # Print message instead of throwing an error
-        logger.info(f"User '{user.name}' failed permission check for {table}.{permission}")
+        name = getattr(user, 'name', user.pk)
+
+        logger.info(f"User '{name}' failed permission check for {table}.{permission}")
+
         return False
 
     @staticmethod

From 75bfdd615e0e76927943ecf53cc973f1d9d35a23 Mon Sep 17 00:00:00 2001
From: Oliver <oliver.henry.walters@gmail.com>
Date: Tue, 12 Oct 2021 11:38:25 +1100
Subject: [PATCH 2/2] Fixes for unit tests

---
 InvenTree/InvenTree/metadata.py | 5 ++++-
 InvenTree/InvenTree/test_api.py | 4 ++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/InvenTree/InvenTree/metadata.py b/InvenTree/InvenTree/metadata.py
index 613983fe94..e7f78554f9 100644
--- a/InvenTree/InvenTree/metadata.py
+++ b/InvenTree/InvenTree/metadata.py
@@ -72,7 +72,10 @@ class InvenTreeMetadata(SimpleMetadata):
 
                 # Remove any HTTP methods that the user does not have permission for
                 for method, permission in rolemap.items():
-                    if method in actions and not check(user, table, permission):
+
+                    result = check(user, table, permission)
+
+                    if method in actions and not result:
                         del actions[method]
 
                 # Add a 'DELETE' action if we are allowed to delete
diff --git a/InvenTree/InvenTree/test_api.py b/InvenTree/InvenTree/test_api.py
index 791f98025b..dfe94c034e 100644
--- a/InvenTree/InvenTree/test_api.py
+++ b/InvenTree/InvenTree/test_api.py
@@ -296,9 +296,9 @@ class APITests(InvenTreeAPITestCase):
 
         actions = self.getActions(url)
 
-        # 'add' permission does not apply here!
-        self.assertEqual(len(actions), 1)
+        self.assertEqual(len(actions), 2)
         self.assertIn('PUT', actions.keys())
+        self.assertIn('GET', actions.keys())
 
         # Add some other permissions
         self.assignRole('part.change')