Some routes don't check for permissions

`/nodes`, `/subscribers`, `/rubrics` and some other routes don't seem to check permissions. If a request that is not authenticated is made they will crash and return `500 Internal server error` instead of the correct `401 Unauthorized`