Ruolo supervisor

backend/app/api/v1/mailboxes.py

@@ -77,15 +77,15 @@ async def list_mailboxes(
     """
     svc = _svc(db)
 
-    if current_user.is_admin:
-        # Admin: tutte le caselle del tenant
+    if current_user.is_supervisor_or_admin:
+        # Admin e supervisor: tutte le caselle del tenant
         items, total = await svc.list_mailboxes(
             tenant_id=current_user.tenant_id,
             page=page,
             page_size=page_size,
         )
     else:
-        # Operatori: caselle con permesso
+        # Operator e readonly: caselle con permesso esplicito
         from app.services.permission_service import PermissionService
         perm_svc = PermissionService(db)
         visible_ids = await perm_svc.get_visible_mailboxes(current_user)
@@ -140,7 +140,9 @@ async def get_unread_counts(
     from app.models.message import Message
 
     # Determina le caselle visibili
-    if current_user.is_admin:
+    # Admin e supervisor: nessun filtro (accesso a tutto il tenant)
+    # Operator e readonly: solo caselle con permesso esplicito can_read
+    if current_user.is_supervisor_or_admin:
         visible_ids = None  # nessun filtro
     else:
         from app.services.permission_service import PermissionService