diff --git a/apps/assets/models/asset.py b/apps/assets/models/asset.py
index 95ba28d21..b02e6a8d6 100644
--- a/apps/assets/models/asset.py
+++ b/apps/assets/models/asset.py
@@ -118,7 +118,7 @@ class NodesRelationMixin:
             _nodes = node.get_ancestors(with_self=True)
             nodes.extend(list(_nodes))
         if flat:
-            nodes = list(reduce(lambda x, y: set(x) | set(y), nodes))
+            nodes = list(set([node.id for node in nodes]))
         return nodes
 
 
diff --git a/apps/rbac/permissions.py b/apps/rbac/permissions.py
index 3538246b7..1992db90d 100644
--- a/apps/rbac/permissions.py
+++ b/apps/rbac/permissions.py
@@ -121,8 +121,8 @@ class RBACPermission(permissions.DjangoModelPermissions):
         if request.user.is_anonymous and self.authenticated_users_only:
             return False
 
-        raw_action = getattr(view, 'raw_action', None)
-        if raw_action == 'metadata':
+        raw_action = getattr(view, 'raw_action', request.method)
+        if raw_action in ['metadata', 'OPTIONS']:
             return True
 
         perms = self.get_require_perms(request, view)