Kevin Adametz
95007da826
Launch-pflichtiger Compliance-Slice: öffentliche Anfrage zu einer PM speist eine
manuelle Admin-Queue (keine KI).
- Migration legal_requests + Model + Enums (Type: dsgvo/personal_rights/report,
Status: open/in_progress/resolved/rejected) + Factory.
- Öffentliches Formular /release/{slug}/rechtliches (LegalRequestController +
web/legal-request.blade.php): typ-abhängiger Hinweistext (Alpine), E-Mail bei
DSGVO/Persönlichkeitsrecht erforderlich, zwei versteckte Honeypot-Felder,
Rate-Limit + Bremse "1 offene Anfrage pro PM/Typ". Regeltexte als Entwurf mit
TODO für rechtliche Finalisierung markiert.
- Routen bewusst in eigener routes/legal.php (entkoppelt vom laufenden Web-Umbau),
host-agnostisch via domains.php eingebunden.
- Admin-Bereich "Recht & Compliance": Sidebar-Nav mit Offen-Zähler, Volt-Queue
index/show (in Bearbeitung/erledigt/abgelehnt/wieder öffnen + interne Notiz).
- Tests: je Typ, Honeypots (Dataset), Bremse, Admin-Queue + Status-Übergänge.
- Doku: Detailplan WS-3-Status + Deployment-Migrationsreihenfolge ergänzt.
Hinweis: Der "Melden"-/E&F-Button auf der PM-Detailseite (release-detail.blade.php)
wird mit dem separaten Web-Frontend-Commit verdrahtet; Ziel ist legal-request.create.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
92 lines
5.5 KiB
PHP
92 lines
5.5 KiB
PHP
<?php
|
|
|
|
use App\Http\Controllers\Admin\DashboardController;
|
|
use App\Http\Controllers\Admin\LeaveImpersonationController;
|
|
use App\Http\Controllers\LegacyInvoicePdfController;
|
|
use App\Http\Middleware\EnsureUserIsAdmin;
|
|
use App\Http\Middleware\LogSlowAdminRequests;
|
|
use Illuminate\Support\Facades\Route;
|
|
use Livewire\Volt\Volt;
|
|
|
|
// Hinweis: Die Root-Route (`/`) auf der Portal-Domain rendert seit dem
|
|
// Hub-Launch die öffentliche Publisher-Landing (web/pressekonto.blade.php).
|
|
// Eingeloggte Admins werden über die Auth-Pipeline direkt nach /dashboard
|
|
// geleitet (siehe FORTIFY_HOME / LoginResponseContract).
|
|
Route::get('dashboard', DashboardController::class)
|
|
->middleware(['auth', 'verified', EnsureUserIsAdmin::class, LogSlowAdminRequests::class])
|
|
->name('dashboard');
|
|
|
|
// ========================================
|
|
// Nutzer-eigene Einstellungen (kein Admin erforderlich)
|
|
// ========================================
|
|
Route::middleware(['auth', 'verified'])->group(function () {
|
|
Route::redirect('settings', '/admin/me/profile');
|
|
Route::redirect('settings/profile', '/admin/me/profile')->name('settings.profile');
|
|
Volt::route('settings/password', 'settings.password')->name('settings.password');
|
|
Volt::route('settings/appearance', 'settings.appearance')->name('settings.appearance');
|
|
});
|
|
|
|
Route::post('admin/impersonate/leave', LeaveImpersonationController::class)
|
|
->middleware(['auth', 'throttle:10,1'])
|
|
->name('admin.impersonate.leave');
|
|
|
|
// ========================================
|
|
// Admin-Bereich (nur Rollen admin/editor)
|
|
// ========================================
|
|
Route::middleware(['auth', 'verified', EnsureUserIsAdmin::class, LogSlowAdminRequests::class])->group(function () {
|
|
|
|
// Content Management
|
|
Volt::route('admin/press-releases', 'admin.press-releases.index')->name('admin.press-releases.index');
|
|
Volt::route('admin/press-releases/create', 'admin.press-releases.create')->name('admin.press-releases.create');
|
|
Volt::route('admin/press-releases/{id}', 'admin.press-releases.show')->name('admin.press-releases.show');
|
|
Volt::route('admin/press-releases/{id}/edit', 'admin.press-releases.edit')->name('admin.press-releases.edit');
|
|
|
|
Volt::route('admin/categories', 'admin.categories.index')->name('admin.categories.index');
|
|
Volt::route('admin/categories/create', 'admin.categories.create')->name('admin.categories.create');
|
|
Volt::route('admin/categories/{id}/edit', 'admin.categories.edit')->name('admin.categories.edit');
|
|
|
|
Volt::route('admin/footer-codes', 'admin.footer-codes.index')->name('admin.footer-codes.index');
|
|
Volt::route('admin/footer-codes/create', 'admin.footer-codes.create')->name('admin.footer-codes.create');
|
|
Volt::route('admin/footer-codes/{id}/edit', 'admin.footer-codes.edit')->name('admin.footer-codes.edit');
|
|
|
|
// CRM
|
|
Volt::route('admin/companies', 'admin.companies.index')->name('admin.companies.index');
|
|
Volt::route('admin/companies/create', 'admin.companies.create')->name('admin.companies.create');
|
|
Volt::route('admin/companies/{id}', 'admin.companies.show')->name('admin.companies.show');
|
|
Volt::route('admin/companies/{id}/edit', 'admin.companies.edit')->name('admin.companies.edit');
|
|
Volt::route('admin/companies/{companyId}/contacts/create', 'admin.contacts.create')->name('admin.companies.contacts.create');
|
|
|
|
Volt::route('admin/contacts', 'admin.contacts.index')->name('admin.contacts.index');
|
|
Volt::route('admin/contacts/create', 'admin.contacts.create')->name('admin.contacts.create');
|
|
Volt::route('admin/contacts/{id}/edit', 'admin.contacts.edit')->name('admin.contacts.edit');
|
|
|
|
// Recht & Compliance (WS-3): Queue für DSGVO-/Persönlichkeitsrechts-/Meldungen
|
|
Volt::route('admin/legal-requests', 'admin.legal-requests.index')->name('admin.legal-requests.index');
|
|
Volt::route('admin/legal-requests/{id}', 'admin.legal-requests.show')->name('admin.legal-requests.show');
|
|
|
|
// Billing
|
|
Volt::route('admin/invoices', 'admin.invoices.index')->name('admin.invoices.index');
|
|
Route::get('admin/legacy-invoices/{legacyInvoice}/pdf', LegacyInvoicePdfController::class)->name('admin.legacy-invoices.pdf');
|
|
Volt::route('admin/payments', 'admin.payments.index')->name('admin.payments.index');
|
|
Volt::route('admin/payments/plans', 'admin.payments.plans')->name('admin.payments.plans');
|
|
Volt::route('admin/coupons', 'admin.coupons.index')->name('admin.coupons.index');
|
|
Volt::route('admin/newsletter-sync', 'admin.newsletter.sync')->name('admin.newsletter.sync');
|
|
|
|
// Administration
|
|
Volt::route('admin/presets', 'admin.presets.index')->name('admin.presets.index');
|
|
Volt::route('admin/presets/create', 'admin.presets.create')->name('admin.presets.create');
|
|
Volt::route('admin/presets/{id}/edit', 'admin.presets.edit')->name('admin.presets.edit');
|
|
|
|
Volt::route('admin/users', 'admin.users')->name('admin.users.index');
|
|
Volt::route('admin/users/create', 'admin.users.create')->name('admin.users.create');
|
|
Volt::route('admin/users/{id}', 'admin.users.show')->name('admin.users.show');
|
|
Volt::route('admin/users/{id}/edit', 'admin.users.edit')->name('admin.users.edit');
|
|
Volt::route('admin/users/table', 'admin.users.table')->name('admin.users.table');
|
|
|
|
Volt::route('admin/roles', 'admin.roles.index')->name('admin.roles.index');
|
|
Volt::route('admin/roles/create', 'admin.roles.create')->name('admin.roles.create');
|
|
Volt::route('admin/roles/{id}/edit', 'admin.roles.edit')->name('admin.roles.edit');
|
|
|
|
// Reports
|
|
Volt::route('admin/reports/slow-requests', 'admin.reports.slow-requests')->name('admin.reports.slow-requests');
|
|
});
|