diff --git a/InvenTree/InvenTree/metadata.py b/InvenTree/InvenTree/metadata.py
index 613983fe94..e7f78554f9 100644
--- a/InvenTree/InvenTree/metadata.py
+++ b/InvenTree/InvenTree/metadata.py
@@ -72,7 +72,10 @@ class InvenTreeMetadata(SimpleMetadata):
 
                 # Remove any HTTP methods that the user does not have permission for
                 for method, permission in rolemap.items():
-                    if method in actions and not check(user, table, permission):
+
+                    result = check(user, table, permission)
+
+                    if method in actions and not result:
                         del actions[method]
 
                 # Add a 'DELETE' action if we are allowed to delete
diff --git a/InvenTree/InvenTree/test_api.py b/InvenTree/InvenTree/test_api.py
index 791f98025b..dfe94c034e 100644
--- a/InvenTree/InvenTree/test_api.py
+++ b/InvenTree/InvenTree/test_api.py
@@ -296,9 +296,9 @@ class APITests(InvenTreeAPITestCase):
 
         actions = self.getActions(url)
 
-        # 'add' permission does not apply here!
-        self.assertEqual(len(actions), 1)
+        self.assertEqual(len(actions), 2)
         self.assertIn('PUT', actions.keys())
+        self.assertIn('GET', actions.keys())
 
         # Add some other permissions
         self.assignRole('part.change')