Permissions for device adding is not working

[Atoms]

Issue type:

**Python version: 3.4
**NetBox version: 2.0.5

When User Group has only can add permission in menu you can see link to add device, but clicking on it it asks for login (you already are logged in)

When you add permission to change object then you can add and change object without the problems.

[jeremystretch]

This is because we're using one view to handle both creates and edits:

class DeviceEditView(PermissionRequiredMixin, ObjectEditView):
    permission_required = 'dcim.change_device'
    model = Device
    form_class = forms.DeviceForm
    template_name = 'dcim/device_edit.html'
    default_return_url = 'dcim:device_list'

(This is a common pattern for most objects in NetBox, not just devices.)

We could add a second view named DeviceAddView which inherits from the view above and merely modifies the required permission to be "add" instead of "change," but that does call into question the practicality of separating the two functions. Is there a reasonable use case where we would want to allow a user to create objects but not edit them?

[Atoms]

I cannot see now use case where we would like to use it, this was just like big confusion and you probably labeled correctly. As we are starting to use netbox, we are trying different scenariosm and one of them was to add user which can only add devices.

Maybe this is somehow connected to API permissions (we didn't checked that) ?

If it not affects API part, then as a fix i would say remove Add permision and rename Change to Add/Change
this would be less confusing :)

[jeremystretch]

Even if it's a rare use case, I think it makes sense to enforce the "add" and "change" permissions separately to ensure they do exactly what they sound like. It should be easy enough to tweak the ObjectEditView to apply one or the other appropriately.

Maybe this is somehow connected to API permissions

Just FYI the API utilizes the same permissions as the web UI.