Phase 0: Fix ModuleEnableSettings permissions - allow read access to all authenticated users

- Changed permission_classes to get_permissions() method
- Read operations (list, retrieve) now accessible to all authenticated users
- Write operations (update, partial_update) still restricted to admins/owners
- Fixes 403 Forbidden errors when loading module settings in sidebar

backend/igny8_core/modules/system/settings_views.py

@@ -287,14 +287,26 @@ class ModuleEnableSettingsViewSet(AccountModelViewSet):
     ViewSet for managing module enable/disable settings
     Unified API Standard v1.0 compliant
     One record per account
+    Read access: All authenticated users
+    Write access: Admins/Owners only
     """
     queryset = ModuleEnableSettings.objects.all()
     serializer_class = ModuleEnableSettingsSerializer
-    permission_classes = [IsAuthenticatedAndActive, HasTenantAccess, IsAdminOrOwner]
     authentication_classes = [JWTAuthentication, CSRFExemptSessionAuthentication]
     throttle_scope = 'system'
     throttle_classes = [DebugScopedRateThrottle]
     
+    def get_permissions(self):
+        """
+        Allow read access to all authenticated users,
+        but restrict write access to admins/owners
+        """
+        if self.action in ['list', 'retrieve']:
+            permission_classes = [IsAuthenticatedAndActive, HasTenantAccess]
+        else:
+            permission_classes = [IsAuthenticatedAndActive, HasTenantAccess, IsAdminOrOwner]
+        return [permission() for permission in permission_classes]
+    
     def get_queryset(self):
         """Get module enable settings for current account"""
         queryset = super().get_queryset()