Added view-all / control-permissions auth model. New admin pages auto-populate in User Management from real /admin/*.php files. Users can open all admin pages, but only pages ticked in User Management are editable.