- Remove placeholder _defaultPermissions (same 5 toggles for every role)
- Add GetPermissionsForRole() mapping each role to its actual backend
authorization capabilities:
- SuperAdmin: full platform access (6 permissions)
- Admin: user/shop/report/audit management (5 permissions)
- Merchant: full shop owner access (6 permissions)
- MerchantAdmin: shop admin without settings (6 permissions)
- MerchantStaff: POS + payment only (6 permissions, 4 disabled)
- Support: read-only system access (5 permissions)
- PremiumUser/User: customer-level access (4-5 permissions)
- Toggles are now read-only (disabled) reflecting enforced policies
- No conflict between system roles and shop roles confirmed
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
52f77c0878