fix: open reports endpoints to all roles, only billing restricted

backend/internal/router/router.go

@@ -215,10 +215,10 @@ func New(db *sqlx.DB, authMW *auth.Middleware, cfg *config.Config, calDAVSvc *se
 		scoped.HandleFunc("GET /api/caldav/status", calDAVH.GetStatus)
 	}
 
-	// Reports — billing permission (partners + owners)
+	// Reports — cases/deadlines/workload open to all, billing restricted
-	scoped.HandleFunc("GET /api/reports/cases", perm(auth.PermManageBilling, reportH.Cases))
+	scoped.HandleFunc("GET /api/reports/cases", reportH.Cases)
-	scoped.HandleFunc("GET /api/reports/deadlines", perm(auth.PermManageBilling, reportH.Deadlines))
+	scoped.HandleFunc("GET /api/reports/deadlines", reportH.Deadlines)
-	scoped.HandleFunc("GET /api/reports/workload", perm(auth.PermManageBilling, reportH.Workload))
+	scoped.HandleFunc("GET /api/reports/workload", reportH.Workload)
 	scoped.HandleFunc("GET /api/reports/billing", perm(auth.PermManageBilling, reportH.Billing))
 
 	// Time entries — all can view/create, tied to cases