diff --git a/api/permissions.py b/api/permissions.py
index 9f120bec..4061d7d7 100644
--- a/api/permissions.py
+++ b/api/permissions.py
@@ -213,7 +213,7 @@ class AutodetectACLPermission(permissions.BasePermission):
 
         return [perm(obj) for perm in self.perms_obj_map[method]]
 
-    @ staticmethod
+    @staticmethod
     def _queryset(view):
         return _get_param_in_view(view, "queryset")
 
@@ -240,7 +240,9 @@ class AutodetectACLPermission(permissions.BasePermission):
         if getattr(view, "_ignore_model_permissions", False):
             return True
 
-        if not getattr(view, "queryset", None):
+        # Bypass permission verifications if it is a functional view
+        # (permissions are handled by ACL)
+        if not hasattr(view, "queryset") and not hasattr(view, "get_queryset"):
             return True
 
         if not request.user or not request.user.is_authenticated:
@@ -277,8 +279,7 @@ class AutodetectACLPermission(permissions.BasePermission):
             # they have read permissions to see 403, or not, and simply see
             # a 404 response.
 
-            SAFE_METHODS = ("GET", "OPTIONS", "HEAD",
-                            "POST", "PUT", "PATCH", "DELETE")
+            SAFE_METHODS = ("GET", "OPTIONS", "HEAD", "POST", "PUT", "PATCH", "DELETE")
 
             if request.method in SAFE_METHODS:
                 # Read permissions already checked and failed, no need
diff --git a/freeradius_utils/auth.py b/freeradius_utils/auth.py
index f4201f44..d41e9a5a 100644
--- a/freeradius_utils/auth.py
+++ b/freeradius_utils/auth.py
@@ -34,12 +34,12 @@ https://github.com/FreeRADIUS/freeradius-server/blob/master/src/modules/rlm_pyth
 Inspired by Daniel Stan in Crans
 """
 
+import logging
 import os
 import sys
-import logging
 import traceback
-import radiusd  # Magic module freeradius (radiusd.py is dummy)
 
+import radiusd  # Magic module freeradius (radiusd.py is dummy)
 from django.core.wsgi import get_wsgi_application
 from django.db.models import Q
 
@@ -54,11 +54,10 @@ os.chdir(proj_path)
 # This is so models get loaded.
 application = get_wsgi_application()
 
-from machines.models import Interface, IpList, Nas, Domain
+from machines.models import Domain, Interface, IpList, Nas
+from preferences.models import RadiusOption
 from topologie.models import Port, Switch
 from users.models import User
-from preferences.models import RadiusOption
-
 
 
 # Logging
@@ -76,7 +75,7 @@ class RadiusdHandler(logging.Handler):
         radiusd.radlog(rad_sig, str(record.msg))
 
 
-# Init for logging 
+# Init for logging
 logger = logging.getLogger("auth.py")
 logger.setLevel(logging.DEBUG)
 formatter = logging.Formatter("%(name)s: [%(levelname)s] %(message)s")
@@ -97,7 +96,7 @@ def radius_event(fun):
     """
 
     def new_f(auth_data):
-        """ The function transforming the tuples as dict """
+        """The function transforming the tuples as dict """
         if isinstance(auth_data, dict):
             data = auth_data
         else:
@@ -132,10 +131,10 @@ def authorize(data):
     - If the nas is known, we apply the 802.1X if enabled,
     - It the nas is known AND nas auth is enabled with mac address, returns
     accept here"""
-    # For proxified request, split 
+    # For proxified request, split
     nas = data.get("NAS-IP-Address", data.get("NAS-Identifier", None))
     nas_instance = find_nas_from_request(nas)
-    # For none proxified requests 
+    # For none proxified requests
     nas_type = None
     if nas_instance:
         nas_type = Nas.objects.filter(nas_type=nas_instance.machine_type).first()
@@ -162,12 +161,11 @@ def authorize(data):
 
 @radius_event
 def post_auth(data):
-    """ Function called after the user is authenticated
-    """
+    """ Function called after the user is authenticated"""
 
     nas = data.get("NAS-IP-Address", data.get("NAS-Identifier", None))
     nas_instance = find_nas_from_request(nas)
-    # All non proxified requests 
+    # All non proxified requests
     if not nas_instance:
         logger.info("Proxified request, nas unknown")
         return radiusd.RLM_MODULE_OK
@@ -309,7 +307,7 @@ def decide_vlan_switch(nas_machine, nas_type, port_number, mac_address):
             - no room : Decision set in Re2o RadiusOption,
             - no user in this room : Reject,
             - user of this room is banned or disable : Reject,
-            - user of this room non-contributor and not whitelisted: 
+            - user of this room non-contributor and not whitelisted:
             Decision set in Re2o RadiusOption
         - mode common :
             - mac-address already registered:
@@ -336,7 +334,7 @@ def decide_vlan_switch(nas_machine, nas_type, port_number, mac_address):
     }
     # Get port from switch and port number
     extra_log = ""
-    # If NAS is unknown, go to default vlan 
+    # If NAS is unknown, go to default vlan
     if not nas_machine:
         return (
             "?",
@@ -366,7 +364,7 @@ def decide_vlan_switch(nas_machine, nas_type, port_number, mac_address):
             RadiusOption.get_cached_value("unknown_port") != RadiusOption.REJECT,
             RadiusOption.get_attributes("unknown_port_attributes", attributes_kwargs),
         )
- 
+
     # Retrieve port profile
     port_profile = port.get_port_profile