Fix: enforce object permissions for app config (#5516)

src-ui/src/app/app-routing.module.ts

@@ -186,8 +186,8 @@ export const routes: Routes = [
         canActivate: [PermissionsGuard],
         data: {
           requiredPermission: {
-            action: PermissionAction.View,
-            type: PermissionType.Admin,
+            action: PermissionAction.Change,
+            type: PermissionType.AppConfig,
           },
         },
       },

src-ui/src/app/components/app-frame/app-frame.component.html

@@ -235,7 +235,7 @@
               <i-bs class="me-1" name="gear"></i-bs><span>&nbsp;<ng-container i18n>Settings</ng-container></span>
             </a>
           </li>
-          <li class="nav-item" *pngxIfPermissions="{ action: PermissionAction.View, type: PermissionType.Admin }">
+          <li class="nav-item" *pngxIfPermissions="{ action: PermissionAction.Change, type: PermissionType.AppConfig }">
             <a class="nav-link" routerLink="config" routerLinkActive="active" (click)="closeMenu()"
               ngbPopover="Configuration" i18n-ngbPopover [disablePopover]="!slimSidebarEnabled" placement="end"
               container="body" triggers="mouseenter:mouseleave" popoverClass="popover-slim">

src-ui/src/app/services/permissions.service.spec.ts

@@ -260,6 +260,10 @@ describe('PermissionsService', () => {
         'view_customfield',
         'change_customfield',
         'delete_customfield',
+        'add_applicationconfiguration',
+        'change_applicationconfiguration',
+        'delete_applicationconfiguration',
+        'view_applicationconfiguration',
       ],
       {
         username: 'testuser',

src-ui/src/app/services/permissions.service.ts

@@ -17,6 +17,7 @@ export enum PermissionType {
   StoragePath = '%s_storagepath',
   SavedView = '%s_savedview',
   PaperlessTask = '%s_paperlesstask',
+  AppConfig = '%s_applicationconfiguration',
   UISettings = '%s_uisettings',
   Note = '%s_note',
   MailAccount = '%s_mailaccount',