bjoernpoettker/paperlessmanager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: scope barcode template permissions to specific endpoints instead of the entire controller
Build and Push Multi-Platform Images / build-and-push (push) Successful in 26s
Details

Browse Source
This commit is contained in:
Björn Pöttker
2026-05-09 10:50:48 +02:00
parent 01d9aec655
commit 195ebc793e
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
paperless-backend/src/barcode/barcode-templates.controller.ts
+4 -1
View File
@@ -72,7 +72,6 @@ function validate(dto: UpsertDto, partial = false): void {
} }
@Controller('api/barcode-templates') @Controller('api/barcode-templates')
@RequirePermissions(Permission.MANAGE_SETTINGS)
export class BarcodeTemplatesController { export class BarcodeTemplatesController {
private readonly logger = new Logger(BarcodeTemplatesController.name); private readonly logger = new Logger(BarcodeTemplatesController.name);
@@ -89,11 +88,13 @@ export class BarcodeTemplatesController {
} }
@Get() @Get()
@RequirePermissions(Permission.VIEW_INBOX)
async list() { async list() {
return this.repo.find({ order: { Id: 'ASC' } }); return this.repo.find({ order: { Id: 'ASC' } });
} }
@Post() @Post()
@RequirePermissions(Permission.MANAGE_SETTINGS)
async create(@Body() dto: UpsertDto) { async create(@Body() dto: UpsertDto) {
validate(dto); validate(dto);
const entity = this.repo.create({ const entity = this.repo.create({
@@ -118,6 +119,7 @@ export class BarcodeTemplatesController {
} }
@Put(':id') @Put(':id')
@RequirePermissions(Permission.MANAGE_SETTINGS)
async update(@Param('id', ParseIntPipe) id: number, @Body() dto: UpsertDto) { async update(@Param('id', ParseIntPipe) id: number, @Body() dto: UpsertDto) {
validate(dto, true); validate(dto, true);
const existing = await this.repo.findOneBy({ Id: id }); const existing = await this.repo.findOneBy({ Id: id });
@@ -149,6 +151,7 @@ export class BarcodeTemplatesController {
} }
@Delete(':id') @Delete(':id')
@RequirePermissions(Permission.MANAGE_SETTINGS)
async remove(@Param('id', ParseIntPipe) id: number) { async remove(@Param('id', ParseIntPipe) id: number) {
const res = await this.repo.delete(id); const res = await this.repo.delete(id);
if (!res.affected) throw new NotFoundException('Vorlage nicht gefunden'); if (!res.affected) throw new NotFoundException('Vorlage nicht gefunden');