From 9d89b97ad5732c18ec869b4ac8a82741fa951547 Mon Sep 17 00:00:00 2001
From: m <paragraphenreiter@gmail.com>
Date: Mon, 30 Mar 2026 13:44:04 +0200
Subject: [PATCH] fix: open reports endpoints to all roles, only billing
 restricted

---
 backend/internal/router/router.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/backend/internal/router/router.go b/backend/internal/router/router.go
index 375f204..f1e5b7f 100644
--- a/backend/internal/router/router.go
+++ b/backend/internal/router/router.go
@@ -215,10 +215,10 @@ func New(db *sqlx.DB, authMW *auth.Middleware, cfg *config.Config, calDAVSvc *se
 		scoped.HandleFunc("GET /api/caldav/status", calDAVH.GetStatus)
 	}
 
-	// Reports — billing permission (partners + owners)
-	scoped.HandleFunc("GET /api/reports/cases", perm(auth.PermManageBilling, reportH.Cases))
-	scoped.HandleFunc("GET /api/reports/deadlines", perm(auth.PermManageBilling, reportH.Deadlines))
-	scoped.HandleFunc("GET /api/reports/workload", perm(auth.PermManageBilling, reportH.Workload))
+	// Reports — cases/deadlines/workload open to all, billing restricted
+	scoped.HandleFunc("GET /api/reports/cases", reportH.Cases)
+	scoped.HandleFunc("GET /api/reports/deadlines", reportH.Deadlines)
+	scoped.HandleFunc("GET /api/reports/workload", reportH.Workload)
 	scoped.HandleFunc("GET /api/reports/billing", perm(auth.PermManageBilling, reportH.Billing))
 
 	// Time entries — all can view/create, tied to cases