fix: clarify operator precedence, add warning for add-only prefill, add permission tests

- Add parentheses around or-condition in _rules_to_yaml_data for clarity
- Warn add-only users when rule_id prefill is skipped due to missing
  view permission
- Add comment explaining why duplicate detection is skipped without
  view permission
- Add tests for add-only user: blank form with warning on prefill,
  and save_rule skipping duplicate check

Author: marcinpsk

netbox_interface_name_rules/tests/test_views.py

@@ -402,6 +402,53 @@ def test_post_no_permission_raises_403(self):
         self.assertEqual(response.status_code, 403)
 
 
+class RuleTestViewAddOnlyPermissionTest(ViewTestBase2):
+    """Test RuleTestView behaviour for users with add but not view permission."""
+
+    def _url(self):
+        return reverse("plugins:netbox_interface_name_rules:interfacenamerule_test")
+
+    def _create_add_only_user(self):
+        from django.contrib.auth.models import Permission
+        from django.contrib.contenttypes.models import ContentType
+
+        user = User.objects.create_user(username="add_only_tester", password=TEST_PASSWORD)
+        ct = ContentType.objects.get_for_model(InterfaceNameRule)
+        perm = Permission.objects.get(content_type=ct, codename="add_interfacenamerule")
+        user.user_permissions.add(perm)
+        return user
+
+    def test_get_with_rule_id_add_only_shows_blank_form_with_warning(self):
+        """GET with ?rule_id= when user has add but not view permission returns blank form."""
+        user = self._create_add_only_user()
+        self.client.force_login(user)
+        response = self.client.get(self._url() + f"?rule_id={self.rule.pk}")
+        self.assertEqual(response.status_code, 200)
+        form = response.context["form"]
+        self.assertFalse(form.initial, "Form should have no initial data for add-only user")
+        self.assertIsNone(response.context.get("loaded_rule"))
+        from django.contrib.messages import get_messages
+
+        msgs = [str(m) for m in get_messages(response.wsgi_request)]
+        self.assertTrue(any("permission" in m.lower() for m in msgs))
+
+    def test_save_rule_add_only_skips_duplicate_check(self):
+        """POST save_rule with add-only permission skips duplicate detection, redirects to add."""
+        user = self._create_add_only_user()
+        self.client.force_login(user)
+        add_url = reverse("plugins:netbox_interface_name_rules:interfacenamerule_add")
+        data = {
+            "name_template": "ge-0/0/{bay_position}",
+            "channel_count": "0",
+            "channel_start": "0",
+            "module_type": str(self.module_type.pk),
+            "action": "save_rule",
+        }
+        response = self.client.post(self._url(), data)
+        self.assertEqual(response.status_code, 302)
+        self.assertIn(add_url, response["Location"])
+
+
 class RuleApplyDetailViewGetPermissionTest(ViewTestBase2):
     """Test RuleApplyDetailView.get() permission check for unprivileged users."""
 

netbox_interface_name_rules/views.py

@@ -132,7 +132,7 @@ def _rules_to_yaml_data(self, queryset):
         for rule in queryset.select_related("module_type", "parent_module_type", "device_type", "platform"):
             entry = {}
             for header, value in zip(InterfaceNameRule.csv_headers, rule.to_csv()):
-                if value != "" and value is not None or header in {"name_template"}:
+                if (value != "" and value is not None) or header in {"name_template"}:
                     entry[header] = value
             records.append(entry)
         return records
@@ -179,6 +179,8 @@ def get(self, request):
         loaded_rule = None
         rule_id = request.GET.get("rule_id")
         can_view = request.user.has_perm("netbox_interface_name_rules.view_interfacenamerule")
+        if rule_id and not can_view:
+            messages.warning(request, "You do not have permission to load an existing rule.")
         if rule_id and can_view:
             try:
                 loaded_rule = InterfaceNameRule.objects.select_related(
@@ -240,6 +242,9 @@ def _handle_save_rule(self, request, cd):
         module_type = cd.get("module_type")
         module_type_pattern = cd.get("module_type_pattern", "")
 
+        # Skip duplicate detection when the user lacks view permission — we cannot
+        # query existing rules without it, so add-only users always land on the
+        # create form (potentially allowing duplicates).
         if request.user.has_perm("netbox_interface_name_rules.view_interfacenamerule"):
             qs = InterfaceNameRule.objects.all()
             if module_type_is_regex: