bcad377f92
API now only returns data sections the user has permission to see: - my_shift: attendance.record - attendance: attendance.admin - offers: offers.view - projects: projects.view - invoices: invoices.view - orders: orders.view - leave_pending: attendance.approve - recent_activity: settings.audit Frontend hides KPI cards, activity feed, and attendance sections for users without the matching permissions. Regular employees now only see their shift status, quick actions, profile, and sessions — not company KPIs or admin data. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>