WS-3: Recht & Compliance – Rechts-Kern (DSGVO/Persönlichkeitsrecht/Melden + Queue)
Launch-pflichtiger Compliance-Slice: öffentliche Anfrage zu einer PM speist eine
manuelle Admin-Queue (keine KI).
- Migration legal_requests + Model + Enums (Type: dsgvo/personal_rights/report,
Status: open/in_progress/resolved/rejected) + Factory.
- Öffentliches Formular /release/{slug}/rechtliches (LegalRequestController +
web/legal-request.blade.php): typ-abhängiger Hinweistext (Alpine), E-Mail bei
DSGVO/Persönlichkeitsrecht erforderlich, zwei versteckte Honeypot-Felder,
Rate-Limit + Bremse "1 offene Anfrage pro PM/Typ". Regeltexte als Entwurf mit
TODO für rechtliche Finalisierung markiert.
- Routen bewusst in eigener routes/legal.php (entkoppelt vom laufenden Web-Umbau),
host-agnostisch via domains.php eingebunden.
- Admin-Bereich "Recht & Compliance": Sidebar-Nav mit Offen-Zähler, Volt-Queue
index/show (in Bearbeitung/erledigt/abgelehnt/wieder öffnen + interne Notiz).
- Tests: je Typ, Honeypots (Dataset), Bremse, Admin-Queue + Status-Übergänge.
- Doku: Detailplan WS-3-Status + Deployment-Migrationsreihenfolge ergänzt.
Hinweis: Der "Melden"-/E&F-Button auf der PM-Detailseite (release-detail.blade.php)
wird mit dem separaten Web-Frontend-Commit verdrahtet; Ziel ist legal-request.create.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
parent
2a622044f3
commit
95007da826
16 changed files with 1139 additions and 0 deletions
45
database/factories/LegalRequestFactory.php
Normal file
45
database/factories/LegalRequestFactory.php
Normal file
|
|
@ -0,0 +1,45 @@
|
|||
<?php
|
||||
|
||||
namespace Database\Factories;
|
||||
|
||||
use App\Enums\LegalRequestStatus;
|
||||
use App\Enums\LegalRequestType;
|
||||
use App\Models\LegalRequest;
|
||||
use App\Models\PressRelease;
|
||||
use Illuminate\Database\Eloquent\Factories\Factory;
|
||||
|
||||
/**
|
||||
* @extends Factory<LegalRequest>
|
||||
*/
|
||||
class LegalRequestFactory extends Factory
|
||||
{
|
||||
/**
|
||||
* @return array<string, mixed>
|
||||
*/
|
||||
public function definition(): array
|
||||
{
|
||||
return [
|
||||
'press_release_id' => PressRelease::factory(),
|
||||
'portal' => 'presseecho',
|
||||
'type' => fake()->randomElement(LegalRequestType::cases()),
|
||||
'status' => LegalRequestStatus::Open,
|
||||
'requester_email' => fake()->safeEmail(),
|
||||
'message' => fake()->sentence(),
|
||||
'payload' => null,
|
||||
'requester_ip' => fake()->ipv4(),
|
||||
];
|
||||
}
|
||||
|
||||
public function type(LegalRequestType $type): static
|
||||
{
|
||||
return $this->state(['type' => $type]);
|
||||
}
|
||||
|
||||
public function resolved(): static
|
||||
{
|
||||
return $this->state([
|
||||
'status' => LegalRequestStatus::Resolved,
|
||||
'resolved_at' => now(),
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,46 @@
|
|||
<?php
|
||||
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
use Illuminate\Database\Schema\Blueprint;
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
|
||||
/**
|
||||
* Rechts-/Compliance-Anfragen (WS-3): DSGVO-Anonymisierung, Persönlichkeitsrecht
|
||||
* und öffentliche Meldungen laufen in eine gemeinsame Admin-Queue. Keine KI –
|
||||
* jede Anfrage wird manuell bearbeitet.
|
||||
*/
|
||||
return new class extends Migration
|
||||
{
|
||||
public function up(): void
|
||||
{
|
||||
Schema::create('legal_requests', function (Blueprint $table) {
|
||||
$table->id();
|
||||
|
||||
// Bezug zur PM; bleibt erhalten (Audit), wenn die PM gelöscht wird.
|
||||
$table->foreignId('press_release_id')->nullable()->constrained()->nullOnDelete();
|
||||
$table->string('portal', 40)->nullable();
|
||||
|
||||
$table->string('type', 40); // dsgvo | personal_rights | report
|
||||
$table->string('status', 40)->default('open');
|
||||
|
||||
$table->string('requester_email')->nullable();
|
||||
$table->text('message')->nullable();
|
||||
$table->json('payload')->nullable(); // strukturierte Zusatzfelder
|
||||
$table->string('requester_ip', 45)->nullable();
|
||||
|
||||
$table->foreignId('resolved_by_user_id')->nullable()->constrained('users')->nullOnDelete();
|
||||
$table->text('admin_note')->nullable();
|
||||
$table->timestamp('resolved_at')->nullable();
|
||||
|
||||
$table->timestamps();
|
||||
|
||||
$table->index(['status', 'type']);
|
||||
$table->index(['press_release_id', 'type', 'status']);
|
||||
});
|
||||
}
|
||||
|
||||
public function down(): void
|
||||
{
|
||||
Schema::dropIfExists('legal_requests');
|
||||
}
|
||||
};
|
||||
Loading…
Add table
Add a link
Reference in a new issue