feat: MyEasyCMS v2 — Full SaaS rebuild
Complete rebuild of 22-year-old PHP CMS as modern SaaS: Database (15 migrations, 42+ tables): - Foundation: account_settings, audit_log, GDPR register, cms_files - Module Engine: modules, fields, records, permissions, relations + RPC - Members: 45+ field member profiles, departments, roles, honors, SEPA mandates - Courses: courses, sessions, categories, instructors, locations, attendance - Bookings: rooms, guests, bookings with availability - Events: events, registrations, holiday passes - Finance: SEPA batches/items (pain.008/001 XML), invoices - Newsletter: campaigns, templates, recipients, subscriptions - Site Builder: site_pages (Puck JSON), site_settings, cms_posts - Portal Auth: member_portal_invitations, user linking Feature Packages (9): - @kit/module-builder — dynamic low-code CRUD engine - @kit/member-management — 31 API methods, 21 actions, 8 components - @kit/course-management, @kit/booking-management, @kit/event-management - @kit/finance — SEPA XML generator + IBAN validator - @kit/newsletter — campaigns + dispatch - @kit/document-generator — PDF/Excel/Word - @kit/site-builder — Puck visual editor, 15 blocks, public rendering Pages (60+): - Dashboard with real stats from all APIs - Full CRUD for all 8 domains with react-hook-form + Zod - Recharts statistics - German i18n throughout - Member portal with auth + invitation system - Public club websites via Puck at /club/[slug] Infrastructure: - Dockerfile (multi-stage, standalone output) - docker-compose.yml (Supabase self-hosted + Next.js) - Kong API gateway config - .env.production.example
This commit is contained in:
Zaid Marzguioui
176
apps/web/supabase/migrations/20260410000001_site_builder.sql
Normal file
176
apps/web/supabase/migrations/20260410000001_site_builder.sql
Normal file
@@ -0,0 +1,176 @@
|
||||
/*
|
||||
* Site Builder Migration
|
||||
* Tables: site_pages, site_settings, cms_posts, newsletter_subscriptions
|
||||
* Public read via anon + RLS
|
||||
*/
|
||||
|
||||
-- =====================================================
|
||||
-- 1. site_pages — Puck JSON per page
|
||||
-- =====================================================
|
||||
CREATE TABLE IF NOT EXISTS public.site_pages (
|
||||
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
|
||||
account_id uuid NOT NULL REFERENCES public.accounts(id) ON DELETE CASCADE,
|
||||
slug text NOT NULL,
|
||||
title text NOT NULL,
|
||||
puck_data jsonb NOT NULL DEFAULT '{}'::jsonb,
|
||||
is_published boolean NOT NULL DEFAULT false,
|
||||
is_homepage boolean NOT NULL DEFAULT false,
|
||||
sort_order integer NOT NULL DEFAULT 0,
|
||||
meta_description text,
|
||||
meta_image text,
|
||||
created_by uuid REFERENCES auth.users(id),
|
||||
updated_by uuid REFERENCES auth.users(id),
|
||||
created_at timestamptz NOT NULL DEFAULT now(),
|
||||
updated_at timestamptz NOT NULL DEFAULT now(),
|
||||
published_at timestamptz,
|
||||
UNIQUE(account_id, slug)
|
||||
);
|
||||
|
||||
CREATE INDEX idx_site_pages_account ON public.site_pages(account_id);
|
||||
CREATE INDEX idx_site_pages_published ON public.site_pages(account_id, is_published);
|
||||
|
||||
ALTER TABLE public.site_pages ENABLE ROW LEVEL SECURITY;
|
||||
REVOKE ALL ON public.site_pages FROM authenticated, service_role;
|
||||
GRANT SELECT, INSERT, UPDATE, DELETE ON public.site_pages TO authenticated;
|
||||
GRANT SELECT ON public.site_pages TO anon;
|
||||
GRANT ALL ON public.site_pages TO service_role;
|
||||
|
||||
CREATE POLICY site_pages_public_read ON public.site_pages
|
||||
FOR SELECT TO anon USING (is_published = true);
|
||||
|
||||
CREATE POLICY site_pages_auth_read ON public.site_pages
|
||||
FOR SELECT TO authenticated USING (
|
||||
is_published = true OR public.has_role_on_account(account_id)
|
||||
);
|
||||
|
||||
CREATE POLICY site_pages_admin_write ON public.site_pages
|
||||
FOR ALL TO authenticated USING (
|
||||
public.has_permission(auth.uid(), account_id, 'settings.manage'::public.app_permissions)
|
||||
);
|
||||
|
||||
CREATE TRIGGER trg_site_pages_updated
|
||||
BEFORE UPDATE ON public.site_pages
|
||||
FOR EACH ROW EXECUTE FUNCTION public.update_account_settings_timestamp();
|
||||
|
||||
-- =====================================================
|
||||
-- 2. site_settings — Per-club branding
|
||||
-- =====================================================
|
||||
CREATE TABLE IF NOT EXISTS public.site_settings (
|
||||
account_id uuid PRIMARY KEY REFERENCES public.accounts(id) ON DELETE CASCADE,
|
||||
site_name text,
|
||||
site_logo text,
|
||||
primary_color text DEFAULT '#2563eb',
|
||||
secondary_color text DEFAULT '#64748b',
|
||||
font_family text DEFAULT 'Inter',
|
||||
custom_css text,
|
||||
navigation jsonb NOT NULL DEFAULT '[]'::jsonb,
|
||||
footer_text text,
|
||||
contact_email text,
|
||||
contact_phone text,
|
||||
contact_address text,
|
||||
social_links jsonb DEFAULT '{}'::jsonb,
|
||||
impressum text,
|
||||
datenschutz text,
|
||||
custom_domain text,
|
||||
is_public boolean NOT NULL DEFAULT false,
|
||||
created_at timestamptz NOT NULL DEFAULT now(),
|
||||
updated_at timestamptz NOT NULL DEFAULT now()
|
||||
);
|
||||
|
||||
ALTER TABLE public.site_settings ENABLE ROW LEVEL SECURITY;
|
||||
REVOKE ALL ON public.site_settings FROM authenticated, service_role;
|
||||
GRANT SELECT, INSERT, UPDATE ON public.site_settings TO authenticated;
|
||||
GRANT SELECT ON public.site_settings TO anon;
|
||||
GRANT ALL ON public.site_settings TO service_role;
|
||||
|
||||
CREATE POLICY site_settings_public_read ON public.site_settings
|
||||
FOR SELECT TO anon USING (is_public = true);
|
||||
|
||||
CREATE POLICY site_settings_auth_read ON public.site_settings
|
||||
FOR SELECT TO authenticated USING (
|
||||
is_public = true OR public.has_role_on_account(account_id)
|
||||
);
|
||||
|
||||
CREATE POLICY site_settings_admin_write ON public.site_settings
|
||||
FOR ALL TO authenticated USING (
|
||||
public.has_permission(auth.uid(), account_id, 'settings.manage'::public.app_permissions)
|
||||
);
|
||||
|
||||
CREATE TRIGGER trg_site_settings_updated
|
||||
BEFORE UPDATE ON public.site_settings
|
||||
FOR EACH ROW EXECUTE FUNCTION public.update_account_settings_timestamp();
|
||||
|
||||
-- =====================================================
|
||||
-- 3. cms_posts — News/blog per club
|
||||
-- =====================================================
|
||||
CREATE TABLE IF NOT EXISTS public.cms_posts (
|
||||
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
|
||||
account_id uuid NOT NULL REFERENCES public.accounts(id) ON DELETE CASCADE,
|
||||
title text NOT NULL,
|
||||
slug text NOT NULL,
|
||||
content text,
|
||||
excerpt text,
|
||||
cover_image text,
|
||||
author_id uuid REFERENCES auth.users(id),
|
||||
status text NOT NULL DEFAULT 'draft' CHECK (status IN ('draft','published','archived')),
|
||||
published_at timestamptz,
|
||||
created_at timestamptz NOT NULL DEFAULT now(),
|
||||
updated_at timestamptz NOT NULL DEFAULT now(),
|
||||
UNIQUE(account_id, slug)
|
||||
);
|
||||
|
||||
CREATE INDEX idx_cms_posts_account ON public.cms_posts(account_id);
|
||||
CREATE INDEX idx_cms_posts_published ON public.cms_posts(account_id, status);
|
||||
|
||||
ALTER TABLE public.cms_posts ENABLE ROW LEVEL SECURITY;
|
||||
REVOKE ALL ON public.cms_posts FROM authenticated, service_role;
|
||||
GRANT SELECT, INSERT, UPDATE, DELETE ON public.cms_posts TO authenticated;
|
||||
GRANT SELECT ON public.cms_posts TO anon;
|
||||
GRANT ALL ON public.cms_posts TO service_role;
|
||||
|
||||
CREATE POLICY cms_posts_public_read ON public.cms_posts
|
||||
FOR SELECT TO anon USING (status = 'published');
|
||||
|
||||
CREATE POLICY cms_posts_auth_read ON public.cms_posts
|
||||
FOR SELECT TO authenticated USING (
|
||||
status = 'published' OR public.has_role_on_account(account_id)
|
||||
);
|
||||
|
||||
CREATE POLICY cms_posts_admin_write ON public.cms_posts
|
||||
FOR ALL TO authenticated USING (
|
||||
public.has_permission(auth.uid(), account_id, 'settings.manage'::public.app_permissions)
|
||||
);
|
||||
|
||||
CREATE TRIGGER trg_cms_posts_updated
|
||||
BEFORE UPDATE ON public.cms_posts
|
||||
FOR EACH ROW EXECUTE FUNCTION public.update_account_settings_timestamp();
|
||||
|
||||
-- =====================================================
|
||||
-- 4. newsletter_subscriptions — Public signup
|
||||
-- =====================================================
|
||||
CREATE TABLE IF NOT EXISTS public.newsletter_subscriptions (
|
||||
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
|
||||
account_id uuid NOT NULL REFERENCES public.accounts(id) ON DELETE CASCADE,
|
||||
email text NOT NULL,
|
||||
name text,
|
||||
subscribed_at timestamptz NOT NULL DEFAULT now(),
|
||||
unsubscribed_at timestamptz,
|
||||
is_active boolean NOT NULL DEFAULT true,
|
||||
confirmation_token text,
|
||||
confirmed_at timestamptz,
|
||||
UNIQUE(account_id, email)
|
||||
);
|
||||
|
||||
CREATE INDEX idx_newsletter_subs_account ON public.newsletter_subscriptions(account_id);
|
||||
|
||||
ALTER TABLE public.newsletter_subscriptions ENABLE ROW LEVEL SECURITY;
|
||||
REVOKE ALL ON public.newsletter_subscriptions FROM authenticated, service_role;
|
||||
GRANT SELECT, INSERT, UPDATE, DELETE ON public.newsletter_subscriptions TO authenticated;
|
||||
GRANT INSERT ON public.newsletter_subscriptions TO anon;
|
||||
GRANT ALL ON public.newsletter_subscriptions TO service_role;
|
||||
|
||||
CREATE POLICY newsletter_sub_public_insert ON public.newsletter_subscriptions
|
||||
FOR INSERT TO anon WITH CHECK (true);
|
||||
|
||||
CREATE POLICY newsletter_sub_admin ON public.newsletter_subscriptions
|
||||
FOR ALL TO authenticated USING (public.has_role_on_account(account_id));
|
||||
Reference in New Issue
Block a user