diff --git a/public/shell.php b/public/shell.php
index 3f551a7..9e0755a 100644
--- a/public/shell.php
+++ b/public/shell.php
@@ -45,23 +45,24 @@
             <h1 class="text-2xl font-black text-white">مُصادَق</h1>
         </div>
 
-        <nav class="flex-1 space-y-2">
+        <nav class="flex-1 space-y-2 overflow-y-auto pr-2 custom-scrollbar">
             <a href="#" onclick="navigateTo('dashboard')" id="nav-dashboard" class="nav-link active">لوحة التحكم</a>
             <a href="#" onclick="navigateTo('companies')" id="nav-companies" class="nav-link">الشركات</a>
             <a href="#" onclick="navigateTo('invoices')" id="nav-invoices" class="nav-link">الفواتير</a>
-            <a href="#" onclick="navigateTo('risk-monitor')" id="nav-risk-monitor" class="nav-link">المخاطر</a>
-            <a href="#" onclick="navigateTo('users')" id="nav-users" class="nav-link">المستخدمين</a>
+            <a href="#" onclick="showAddInvoiceModal()" id="nav-upload-invoice" class="nav-link">رفع فاتورة</a>
+            <a href="#" onclick="navigateTo('users')" id="nav-users" class="nav-link">الموظفين والمستخدمين</a>
+            <a href="#" onclick="navigateTo('risk-monitor')" id="nav-risk-monitor" class="nav-link">مراقبة المخاطر</a>
             <a href="#" onclick="navigateTo('admin')" id="nav-admin" class="nav-link hidden text-secondary">الإدارة</a>
         </nav>
 
-        <div class="pt-6 border-t border-white/5 space-y-2">
+        <div class="pt-6 border-t border-white/5 space-y-2 mt-auto">
             <a href="#" onclick="navigateTo('settings')" id="nav-settings" class="nav-link">الإعدادات</a>
-            <button onclick="logout()" class="w-full nav-link text-red-400 hover:bg-red-500/10">تسجيل الخروج</button>
+            <button onclick="logout()" class="w-full nav-link text-red-400 hover:bg-red-500/10 text-right">تسجيل الخروج</button>
         </div>
     </aside>
 
     <!-- Main Content -->
-    <main id="main-content" class="mr-0 transition-all duration-500 min-h-screen opacity-0">
+    <main id="main-content" class="md:mr-80 transition-all duration-500 min-h-screen opacity-0">
         <header class="h-24 glass border-b border-white/5 flex items-center justify-between px-12 sticky top-0 z-40">
             <h2 id="page-title" class="text-2xl font-bold">لوحة التحكم</h2>
             <div class="flex items-center gap-6">
@@ -372,10 +373,24 @@
         }
 
         function initApp() {
+            const role = localStorage.getItem('user_role');
             if (localStorage.getItem('access_token')) {
                 document.getElementById('sidebar').classList.remove('translate-x-full');
                 document.getElementById('main-content').classList.replace('opacity-0', 'opacity-100');
-                if (localStorage.getItem('user_role') === 'super_admin') document.getElementById('nav-admin').classList.remove('hidden');
+                
+                // RBAC UI Logic
+                if (role !== 'super_admin' && role !== 'admin') {
+                    document.getElementById('nav-companies')?.classList.add('hidden');
+                    document.getElementById('nav-users')?.classList.add('hidden');
+                    document.getElementById('nav-risk-monitor')?.classList.add('hidden');
+                }
+                if (role === 'viewer') {
+                    document.getElementById('nav-upload-invoice')?.classList.add('hidden');
+                }
+                if (role === 'super_admin') {
+                    document.getElementById('nav-admin')?.classList.remove('hidden');
+                }
+                
                 navigateTo('dashboard');
             } else { renderLogin(); }
         }