User Panel: Phase-8-Abschluss, Titelbild/Lizenzen/Zeitzonen und KI-Pruef-Pipeline

Phase 8 (Rest) + Umbauten vom 10./11.06.:
- Ein Titelbild pro PM (Cover 1280x580), SVG-Platzhalter-Set + Picker,
  PressReleaseCoverImage-Resolver
- Lizenz-/Rechteformular nach "Lizenztyp Bildupload" (7 Lizenztypen,
  Personen-/Sachrechte-Status, bedingte Pflichtfelder, Risikohinweise)
- Veroeffentlichungs-Box vereinfacht (Embargo aus der Form-UI entfernt),
  geplante Termine in Europe/Berlin (Speicherung UTC, DISPLAY_TIMEZONE)
- Quota-Stub (users.press_release_quota) + monatlicher Reset-Command
- Einreichungs-Modal einheitlich in Show/Create/Edit; Ghost-Buttons auf
  filled; PM-Editor-Layout responsive entkoppelt (.pr-editor-layout)

KI-Pruef-Pipeline (Phasen 1-5 des Entwicklungsplans):
- API-Haertung: status nicht mehr per API setzbar, eigene Submit-Route
  durch denselben Funnel (Blacklist, Quota, Status-Log)
- Klassifikation Rot/Gelb/Gruen asynchron (Queue classification,
  OpenAI-Treiber + deterministischer Fallback), ki_audits-Audit-Log
- Routing: Rot -> rejected + Mail, Gelb -> Review-Queue, Gruen ->
  Auto-Publish; Scheduler publiziert nur gruene faellige PMs
- Content-Score 0-100 -> Stufe (Standard/Geprueft/Hochwertig) inkl.
  Editor-Panel und Badges; Re-Klassifikation/-Score bei Aenderung
- Admin: KI-Badge + Filter, On-Demand-Pruefung mit Anbieter-Override

Suite: 442 passed, 4 skipped.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

tests/Feature/Api/V1/PressReleaseImageApiTest.php

@@ -27,12 +27,15 @@ test('api user can upload list and delete own press release images', function ()
         'is_preview' => true,
     ]);
 
+    // Pressebilder werden auf das Hero-/Cover-Format normalisiert (harte
+    // Obergrenze 1280x580, siehe ImageService::PRESS_RELEASE_IMAGE_VARIANTS).
+    // Gespeichert werden daher die Cover-Maße, nicht die Originalgröße.
     $uploadResponse
         ->assertCreated()
         ->assertJsonPath('data.title', 'Pressefoto')
         ->assertJsonPath('data.is_preview', true)
-        ->assertJsonPath('data.width', 1200)
-        ->assertJsonPath('data.height', 800)
+        ->assertJsonPath('data.width', 1280)
+        ->assertJsonPath('data.height', 580)
         ->assertJsonStructure(['data' => ['variants', 'urls']]);
 
     $image = PressReleaseImage::query()->firstOrFail();

tests/Feature/Api/V1/PressReleaseSubmitApiTest.php

@@ -0,0 +1,119 @@
+<?php
+
+use App\Enums\PressReleaseStatus;
+use App\Models\Category;
+use App\Models\Company;
+use App\Models\PressRelease;
+use App\Models\PressReleaseStatusLog;
+use App\Models\User;
+use Illuminate\Support\Facades\Queue;
+use Laravel\Sanctum\Sanctum;
+use Tests\TestCase;
+
+test('api create always produces a draft and ignores any status input', function () {
+    /** @var TestCase $this */
+    $user = User::factory()->create();
+    $company = Company::factory()->presseecho()->create();
+    $category = Category::factory()->withTranslations()->create();
+    $user->companies()->attach($company->id, ['role' => 'owner']);
+
+    Sanctum::actingAs($user, ['press-releases:write']);
+
+    $this->postJson('/api/v1/press-releases', [
+        'company_id' => $company->id,
+        'category_id' => $category->id,
+        'language' => 'de',
+        'title' => 'API Entwurf',
+        'text' => 'Inhalt',
+        'status' => 'review', // soll ignoriert werden
+    ])
+        ->assertCreated()
+        ->assertJsonPath('data.status', PressReleaseStatus::Draft->value);
+});
+
+test('api submit route raises a draft to review and counts quota and writes a log', function () {
+    /** @var TestCase $this */
+    Queue::fake(); // Klassifikations-Routing separat getestet; hier nur der Submit-Übergang.
+
+    $user = User::factory()->create(['press_release_quota_used_this_month' => 0]);
+    $pressRelease = PressRelease::factory()->create([
+        'user_id' => $user->id,
+        'status' => PressReleaseStatus::Draft->value,
+        'title' => 'Saubere Pressemitteilung',
+        'text' => 'Vollkommen unauffälliger Inhalt.',
+    ]);
+
+    Sanctum::actingAs($user, ['press-releases:write']);
+
+    $this->postJson("/api/v1/press-releases/{$pressRelease->id}/submit")
+        ->assertOk()
+        ->assertJsonPath('data.status', PressReleaseStatus::Review->value);
+
+    expect($pressRelease->fresh()->status)->toBe(PressReleaseStatus::Review);
+    expect($user->fresh()->press_release_quota_used_this_month)->toBe(1);
+    expect(PressReleaseStatusLog::where('press_release_id', $pressRelease->id)
+        ->where('to_status', PressReleaseStatus::Review->value)
+        ->exists())->toBeTrue();
+});
+
+test('api submit auto-rejects a press release containing a banned word', function () {
+    /** @var TestCase $this */
+    config()->set('blacklist.words', ['penis']);
+
+    $user = User::factory()->create();
+    $pressRelease = PressRelease::factory()->create([
+        'user_id' => $user->id,
+        'status' => PressReleaseStatus::Draft->value,
+        'title' => 'Unzulässiger Titel penis',
+        'text' => 'Inhalt',
+    ]);
+
+    Sanctum::actingAs($user, ['press-releases:write']);
+
+    $this->postJson("/api/v1/press-releases/{$pressRelease->id}/submit")
+        ->assertStatus(422);
+
+    expect($pressRelease->fresh()->status)->toBe(PressReleaseStatus::Rejected);
+});
+
+test('api submit requires the write ability', function () {
+    /** @var TestCase $this */
+    $user = User::factory()->create();
+    $pressRelease = PressRelease::factory()->create([
+        'user_id' => $user->id,
+        'status' => PressReleaseStatus::Draft->value,
+    ]);
+
+    Sanctum::actingAs($user, ['press-releases:read']);
+
+    $this->postJson("/api/v1/press-releases/{$pressRelease->id}/submit")
+        ->assertForbidden();
+});
+
+test('api submit rejects a press release already in review', function () {
+    /** @var TestCase $this */
+    $user = User::factory()->create();
+    $pressRelease = PressRelease::factory()->inReview()->create([
+        'user_id' => $user->id,
+    ]);
+
+    Sanctum::actingAs($user, ['press-releases:write']);
+
+    $this->postJson("/api/v1/press-releases/{$pressRelease->id}/submit")
+        ->assertStatus(409);
+});
+
+test('api user cannot submit another users press release', function () {
+    /** @var TestCase $this */
+    $owner = User::factory()->create();
+    $otherUser = User::factory()->create();
+    $pressRelease = PressRelease::factory()->create([
+        'user_id' => $owner->id,
+        'status' => PressReleaseStatus::Draft->value,
+    ]);
+
+    Sanctum::actingAs($otherUser, ['press-releases:write']);
+
+    $this->postJson("/api/v1/press-releases/{$pressRelease->id}/submit")
+        ->assertForbidden();
+});