[2.5, RBAC] Non-superuser can't edit their devices

This is with MAAS 2.5.1-7489-g2f25a2cc0-0ubuntu1~18.04.1 and RBAC enabled.

I log in as a user that has only roles on resource pools, but not on MAAS
globally.

I can add a device successfully, but if I then try to add a new network
interface to the device, the "Save interface" button doesn't work.

I also can't edit the name of the device, nor adding tags, nor delete the device.

This is true for both the UI and the API.

Looking at the logs, I see this:

2019-01-14 11:07:03 maasserver.websockets.protocol: [critical] Error on request
(797) device.create_physical:
        Traceback (most recent call last):
          File "/usr/lib/python3.6/threading.py", line 864, in run
            self._target(*self._args, **self._kwargs)
          File "/usr/lib/python3/dist-packages/provisioningserver/utils/twisted.
py", line 852, in worker
            return target()
          File "/usr/lib/python3/dist-packages/twisted/_threads/_threadworker.py
", line 46, in work
            task()
          File "/usr/lib/python3/dist-packages/twisted/_threads/_team.py", line 190, in doWork
            task()
        --- <exception caught here> ---
          File "/usr/lib/python3/dist-packages/twisted/python/threadpool.py", line 250, in inContext
            result = inContext.theWork()
          File "/usr/lib/python3/dist-packages/twisted/python/threadpool.py", line 266, in <lambda>
            inContext.theWork = lambda: context.call(ctx, func, *args, **kw)
          File "/usr/lib/python3/dist-packages/twisted/python/context.py", line 122, in callWithContext
            return self.currentContext().callWithContext(ctx, func, *args, **kw)
          File "/usr/lib/python3/dist-packages/twisted/python/context.py", line 85, in callWithContext
            return func(*args,**kw)
          File "/usr/lib/python3/dist-packages/provisioningserver/utils/twisted.py", line 885, in callInContext
            return func(*args, **kwargs)
          File "/usr/lib/python3/dist-packages/provisioningserver/utils/twisted.py", line 234, in wrapper
            result = func(*args, **kwargs)
          File "/usr/lib/python3/dist-packages/maasserver/utils/orm.py", line 756, in call_within_transaction
            return func_outside_txn(*args, **kwargs)
          File "/usr/lib/python3/dist-packages/maasserver/utils/orm.py", line 563, in retrier
            return func(*args, **kwargs)
          File "/usr/lib/python3.6/contextlib.py", line 52, in inner
            return func(*args, **kwds)
          File "/usr/lib/python3/dist-packages/maasserver/websockets/base.py", line 386, in prep_user_execute
            return method(params)
          File "/usr/lib/python3/dist-packages/maasserver/websockets/handlers/device.py", line 322, in create_physical
            return self.create_interface(params)
          File "/usr/lib/python3/dist-packages/maasserver/websockets/handlers/device.py", line 311, in create_interface
            device = self.get_object(params, permission=self._meta.edit_permission)
          File "/usr/lib/python3/dist-packages/maasserver/websockets/base.py", line 322, in get_object
            raise HandlerPermissionError()
        maasserver.websockets.base.HandlerPermissionError: