# Tasks: Add Permission Enhancements

## 1. Manager Workload Access
- [x] 1.1 Add role-based check in workload router for department managers
- [x] 1.2 Allow managers to query workload for users in their department
- [x] 1.3 Add `is_department_manager` flag or role to user model if not exists
- [x] 1.4 Update workload API documentation

## 2. Cross-Department Project Access
- [x] 2.1 Create ProjectMember model for explicit project membership
- [x] 2.2 Add database migration for project_members table
- [x] 2.3 Update check_project_access() to include project membership check
- [x] 2.4 Add API endpoints to manage project members
- [x] 2.5 Update frontend to display and manage project members

## 3. Testing
- [x] 3.1 Add tests for manager viewing subordinate workload
- [x] 3.2 Add tests for cross-department project member access
- [x] 3.3 Test access denied for non-members and non-managers