diff --git a/src/routes/modules.ts b/src/routes/modules.ts
index 7fc04ec..86486c7 100644
--- a/src/routes/modules.ts
+++ b/src/routes/modules.ts
@@ -131,6 +131,76 @@ modulesRouter.get("/check/:moduleName", authMiddleware, async (ctx) => {
   };
 });
 
+// ============ MODULE VISIBILITY ENDPOINTS ============
+
+// Get module visibility settings for org
+modulesRouter.get("/visibility", authMiddleware, async (ctx) => {
+  const { org_id: orgId, role } = ctx.state.auth.user;
+  
+  const visibility = await query<{
+    module_key: string;
+    role_disponent: boolean;
+    role_mitarbeiter: boolean;
+    role_subunternehmer: boolean;
+  }>(
+    `SELECT module_key, role_disponent, role_mitarbeiter, role_subunternehmer
+     FROM module_visibility
+     WHERE org_id = $1`,
+    [orgId]
+  );
+  
+  // For non-chef users, filter to only their visible modules
+  if (role !== 'chef') {
+    const roleColumn = role === 'disponent' ? 'role_disponent' : 
+                       role === 'mitarbeiter' ? 'role_mitarbeiter' : 
+                       'role_subunternehmer';
+    
+    const visibleModules = await query<{ module_key: string }>(
+      `SELECT module_key FROM module_visibility
+       WHERE org_id = $1 AND ${roleColumn} = true`,
+      [orgId]
+    );
+    
+    ctx.response.body = { 
+      visibility: visibleModules.map(m => m.module_key),
+      role
+    };
+    return;
+  }
+  
+  ctx.response.body = { visibility };
+});
+
+// Update module visibility (Chef only)
+modulesRouter.put("/visibility", requireChef, async (ctx) => {
+  const { org_id: orgId } = ctx.state.auth.user;
+  const body = await ctx.request.body.json();
+  const { settings } = body;
+  
+  if (!settings || !Array.isArray(settings)) {
+    throw new AppError("settings array required", 400);
+  }
+  
+  // Update each module visibility setting
+  for (const setting of settings) {
+    const { module_key, role_disponent, role_mitarbeiter, role_subunternehmer } = setting;
+    
+    await execute(
+      `INSERT INTO module_visibility (org_id, module_key, role_disponent, role_mitarbeiter, role_subunternehmer)
+       VALUES ($1, $2, $3, $4, $5)
+       ON CONFLICT (org_id, module_key)
+       DO UPDATE SET 
+         role_disponent = $3,
+         role_mitarbeiter = $4,
+         role_subunternehmer = $5,
+         updated_at = NOW()`,
+      [orgId, module_key, role_disponent ?? true, role_mitarbeiter ?? true, role_subunternehmer ?? false]
+    );
+  }
+  
+  ctx.response.body = { message: "Module visibility updated" };
+});
+
 // ============ DEVELOPER PANEL ENDPOINTS ============
 // These require the 'developer' module to be enabled and special permissions