fix: scope barcode template permissions to specific endpoints instead of the entire controller

paperless-backend/src/barcode/barcode-templates.controller.ts

@@ -72,7 +72,6 @@ function validate(dto: UpsertDto, partial = false): void {
 }
 
 @Controller('api/barcode-templates')
-@RequirePermissions(Permission.MANAGE_SETTINGS)
 export class BarcodeTemplatesController {
   private readonly logger = new Logger(BarcodeTemplatesController.name);
 
@@ -89,11 +88,13 @@ export class BarcodeTemplatesController {
   }
 
   @Get()
+  @RequirePermissions(Permission.VIEW_INBOX)
   async list() {
     return this.repo.find({ order: { Id: 'ASC' } });
   }
 
   @Post()
+  @RequirePermissions(Permission.MANAGE_SETTINGS)
   async create(@Body() dto: UpsertDto) {
     validate(dto);
     const entity = this.repo.create({
@@ -118,6 +119,7 @@ export class BarcodeTemplatesController {
   }
 
   @Put(':id')
+  @RequirePermissions(Permission.MANAGE_SETTINGS)
   async update(@Param('id', ParseIntPipe) id: number, @Body() dto: UpsertDto) {
     validate(dto, true);
     const existing = await this.repo.findOneBy({ Id: id });
@@ -149,6 +151,7 @@ export class BarcodeTemplatesController {
   }
 
   @Delete(':id')
+  @RequirePermissions(Permission.MANAGE_SETTINGS)
   async remove(@Param('id', ParseIntPipe) id: number) {
     const res = await this.repo.delete(id);
     if (!res.affected) throw new NotFoundException('Vorlage nicht gefunden');