Permission mapping per role #63
Description
Acceptance Criteria
System roles (Admin, HR, Employee, Vendor) are clearly defined
Permissions are explicitly listed and documented
Each role has a mapped set of allowed permissions
No role has implicit or undefined access
Permission checks are enforceable via middleware
Authorization logic is centralized (RBAC layer)
Role & permission model is extensible for future roles