Permissions "By object type" filter offers incorrect choices #5922
Description
Environment
- Python version: 2.10.5
- NetBox version: 3.8.5
Steps to Reproduce
- Begin with no permission objects defined in the admin panel.
- Create a new permission object with the name "test 1".
- Select the "can view" action.
- Select "dcim > device" as the only object type.
- Save the permission object.
- Create a second, new permission object with the name "test 2".
- Select the "can view" action.
- Select "dcim > cable" as the only object type.
- Save the permission object.
- From the permissions list view in the admin panel note the options for the "By object type" filter on the right.
- Attempt to filter the list of objects using one of the options in the filter list, other than the "All" option.
This first image shows the two permission objects defined:
This second image shows the options in the "By object type" filter:
Expected Behavior
The options in the "By object type" should reflect the set of object types for defined permission objects, "dcim | device" and "dcim | cable" in this case. Filtering by one of these valid options should return permission objects matching that selection.
Observed Behavior
The available filter options do not reflect the object types of available permission objects. Instead, other content types are displayed (this will vary per installation, due to the nature of the ID assignment of the content type framework).
This occurs due to a bug in the queryset used to filter these content types:
Lines 225 to 230 in fa8e70f
The content_type query is filtering for PKs of ObjectPermission instances, which is incorrect, but because of the overlapping namespace of integer PKs, the filter returns valid but incorrect content type objects. The object_types query should use object_types__pk instead of id in the values_list() argument.
I am happy to submit the fix for this.