Add role control

API/ROLAC.API/DTOs/Auth/LoginResponse.cs

@@ -1,3 +1,5 @@
+using ROLAC.API.DTOs.Permissions;
+
 namespace ROLAC.API.DTOs.Auth;
 
 public class LoginResponse
@@ -17,4 +19,10 @@ public class UserInfo
     public string Email              { get; set; } = null!;
     public IList<string> Roles       { get; set; } = [];
     public string LanguagePreference { get; set; } = "en";
+
+    /// <summary>
+    /// Effective permissions (union across the user's roles), keyed by module name.
+    /// Lets the SPA hide nav/buttons. Authoritative enforcement is server-side.
+    /// </summary>
+    public Dictionary<string, ModuleActions> Permissions { get; set; } = [];
 }