1294caa7fa
Complete rebuild of 22-year-old PHP CMS as modern SaaS: Database (15 migrations, 42+ tables): - Foundation: account_settings, audit_log, GDPR register, cms_files - Module Engine: modules, fields, records, permissions, relations + RPC - Members: 45+ field member profiles, departments, roles, honors, SEPA mandates - Courses: courses, sessions, categories, instructors, locations, attendance - Bookings: rooms, guests, bookings with availability - Events: events, registrations, holiday passes - Finance: SEPA batches/items (pain.008/001 XML), invoices - Newsletter: campaigns, templates, recipients, subscriptions - Site Builder: site_pages (Puck JSON), site_settings, cms_posts - Portal Auth: member_portal_invitations, user linking Feature Packages (9): - @kit/module-builder — dynamic low-code CRUD engine - @kit/member-management — 31 API methods, 21 actions, 8 components - @kit/course-management, @kit/booking-management, @kit/event-management - @kit/finance — SEPA XML generator + IBAN validator - @kit/newsletter — campaigns + dispatch - @kit/document-generator — PDF/Excel/Word - @kit/site-builder — Puck visual editor, 15 blocks, public rendering Pages (60+): - Dashboard with real stats from all APIs - Full CRUD for all 8 domains with react-hook-form + Zod - Recharts statistics - German i18n throughout - Member portal with auth + invitation system - Public club websites via Puck at /club/[slug] Infrastructure: - Dockerfile (multi-stage, standalone output) - docker-compose.yml (Supabase self-hosted + Next.js) - Kong API gateway config - .env.production.example
177 lines
6.7 KiB
SQL
177 lines
6.7 KiB
SQL
/*
|
|
* Site Builder Migration
|
|
* Tables: site_pages, site_settings, cms_posts, newsletter_subscriptions
|
|
* Public read via anon + RLS
|
|
*/
|
|
|
|
-- =====================================================
|
|
-- 1. site_pages — Puck JSON per page
|
|
-- =====================================================
|
|
CREATE TABLE IF NOT EXISTS public.site_pages (
|
|
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
|
|
account_id uuid NOT NULL REFERENCES public.accounts(id) ON DELETE CASCADE,
|
|
slug text NOT NULL,
|
|
title text NOT NULL,
|
|
puck_data jsonb NOT NULL DEFAULT '{}'::jsonb,
|
|
is_published boolean NOT NULL DEFAULT false,
|
|
is_homepage boolean NOT NULL DEFAULT false,
|
|
sort_order integer NOT NULL DEFAULT 0,
|
|
meta_description text,
|
|
meta_image text,
|
|
created_by uuid REFERENCES auth.users(id),
|
|
updated_by uuid REFERENCES auth.users(id),
|
|
created_at timestamptz NOT NULL DEFAULT now(),
|
|
updated_at timestamptz NOT NULL DEFAULT now(),
|
|
published_at timestamptz,
|
|
UNIQUE(account_id, slug)
|
|
);
|
|
|
|
CREATE INDEX idx_site_pages_account ON public.site_pages(account_id);
|
|
CREATE INDEX idx_site_pages_published ON public.site_pages(account_id, is_published);
|
|
|
|
ALTER TABLE public.site_pages ENABLE ROW LEVEL SECURITY;
|
|
REVOKE ALL ON public.site_pages FROM authenticated, service_role;
|
|
GRANT SELECT, INSERT, UPDATE, DELETE ON public.site_pages TO authenticated;
|
|
GRANT SELECT ON public.site_pages TO anon;
|
|
GRANT ALL ON public.site_pages TO service_role;
|
|
|
|
CREATE POLICY site_pages_public_read ON public.site_pages
|
|
FOR SELECT TO anon USING (is_published = true);
|
|
|
|
CREATE POLICY site_pages_auth_read ON public.site_pages
|
|
FOR SELECT TO authenticated USING (
|
|
is_published = true OR public.has_role_on_account(account_id)
|
|
);
|
|
|
|
CREATE POLICY site_pages_admin_write ON public.site_pages
|
|
FOR ALL TO authenticated USING (
|
|
public.has_permission(auth.uid(), account_id, 'settings.manage'::public.app_permissions)
|
|
);
|
|
|
|
CREATE TRIGGER trg_site_pages_updated
|
|
BEFORE UPDATE ON public.site_pages
|
|
FOR EACH ROW EXECUTE FUNCTION public.update_account_settings_timestamp();
|
|
|
|
-- =====================================================
|
|
-- 2. site_settings — Per-club branding
|
|
-- =====================================================
|
|
CREATE TABLE IF NOT EXISTS public.site_settings (
|
|
account_id uuid PRIMARY KEY REFERENCES public.accounts(id) ON DELETE CASCADE,
|
|
site_name text,
|
|
site_logo text,
|
|
primary_color text DEFAULT '#2563eb',
|
|
secondary_color text DEFAULT '#64748b',
|
|
font_family text DEFAULT 'Inter',
|
|
custom_css text,
|
|
navigation jsonb NOT NULL DEFAULT '[]'::jsonb,
|
|
footer_text text,
|
|
contact_email text,
|
|
contact_phone text,
|
|
contact_address text,
|
|
social_links jsonb DEFAULT '{}'::jsonb,
|
|
impressum text,
|
|
datenschutz text,
|
|
custom_domain text,
|
|
is_public boolean NOT NULL DEFAULT false,
|
|
created_at timestamptz NOT NULL DEFAULT now(),
|
|
updated_at timestamptz NOT NULL DEFAULT now()
|
|
);
|
|
|
|
ALTER TABLE public.site_settings ENABLE ROW LEVEL SECURITY;
|
|
REVOKE ALL ON public.site_settings FROM authenticated, service_role;
|
|
GRANT SELECT, INSERT, UPDATE ON public.site_settings TO authenticated;
|
|
GRANT SELECT ON public.site_settings TO anon;
|
|
GRANT ALL ON public.site_settings TO service_role;
|
|
|
|
CREATE POLICY site_settings_public_read ON public.site_settings
|
|
FOR SELECT TO anon USING (is_public = true);
|
|
|
|
CREATE POLICY site_settings_auth_read ON public.site_settings
|
|
FOR SELECT TO authenticated USING (
|
|
is_public = true OR public.has_role_on_account(account_id)
|
|
);
|
|
|
|
CREATE POLICY site_settings_admin_write ON public.site_settings
|
|
FOR ALL TO authenticated USING (
|
|
public.has_permission(auth.uid(), account_id, 'settings.manage'::public.app_permissions)
|
|
);
|
|
|
|
CREATE TRIGGER trg_site_settings_updated
|
|
BEFORE UPDATE ON public.site_settings
|
|
FOR EACH ROW EXECUTE FUNCTION public.update_account_settings_timestamp();
|
|
|
|
-- =====================================================
|
|
-- 3. cms_posts — News/blog per club
|
|
-- =====================================================
|
|
CREATE TABLE IF NOT EXISTS public.cms_posts (
|
|
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
|
|
account_id uuid NOT NULL REFERENCES public.accounts(id) ON DELETE CASCADE,
|
|
title text NOT NULL,
|
|
slug text NOT NULL,
|
|
content text,
|
|
excerpt text,
|
|
cover_image text,
|
|
author_id uuid REFERENCES auth.users(id),
|
|
status text NOT NULL DEFAULT 'draft' CHECK (status IN ('draft','published','archived')),
|
|
published_at timestamptz,
|
|
created_at timestamptz NOT NULL DEFAULT now(),
|
|
updated_at timestamptz NOT NULL DEFAULT now(),
|
|
UNIQUE(account_id, slug)
|
|
);
|
|
|
|
CREATE INDEX idx_cms_posts_account ON public.cms_posts(account_id);
|
|
CREATE INDEX idx_cms_posts_published ON public.cms_posts(account_id, status);
|
|
|
|
ALTER TABLE public.cms_posts ENABLE ROW LEVEL SECURITY;
|
|
REVOKE ALL ON public.cms_posts FROM authenticated, service_role;
|
|
GRANT SELECT, INSERT, UPDATE, DELETE ON public.cms_posts TO authenticated;
|
|
GRANT SELECT ON public.cms_posts TO anon;
|
|
GRANT ALL ON public.cms_posts TO service_role;
|
|
|
|
CREATE POLICY cms_posts_public_read ON public.cms_posts
|
|
FOR SELECT TO anon USING (status = 'published');
|
|
|
|
CREATE POLICY cms_posts_auth_read ON public.cms_posts
|
|
FOR SELECT TO authenticated USING (
|
|
status = 'published' OR public.has_role_on_account(account_id)
|
|
);
|
|
|
|
CREATE POLICY cms_posts_admin_write ON public.cms_posts
|
|
FOR ALL TO authenticated USING (
|
|
public.has_permission(auth.uid(), account_id, 'settings.manage'::public.app_permissions)
|
|
);
|
|
|
|
CREATE TRIGGER trg_cms_posts_updated
|
|
BEFORE UPDATE ON public.cms_posts
|
|
FOR EACH ROW EXECUTE FUNCTION public.update_account_settings_timestamp();
|
|
|
|
-- =====================================================
|
|
-- 4. newsletter_subscriptions — Public signup
|
|
-- =====================================================
|
|
CREATE TABLE IF NOT EXISTS public.newsletter_subscriptions (
|
|
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
|
|
account_id uuid NOT NULL REFERENCES public.accounts(id) ON DELETE CASCADE,
|
|
email text NOT NULL,
|
|
name text,
|
|
subscribed_at timestamptz NOT NULL DEFAULT now(),
|
|
unsubscribed_at timestamptz,
|
|
is_active boolean NOT NULL DEFAULT true,
|
|
confirmation_token text,
|
|
confirmed_at timestamptz,
|
|
UNIQUE(account_id, email)
|
|
);
|
|
|
|
CREATE INDEX idx_newsletter_subs_account ON public.newsletter_subscriptions(account_id);
|
|
|
|
ALTER TABLE public.newsletter_subscriptions ENABLE ROW LEVEL SECURITY;
|
|
REVOKE ALL ON public.newsletter_subscriptions FROM authenticated, service_role;
|
|
GRANT SELECT, INSERT, UPDATE, DELETE ON public.newsletter_subscriptions TO authenticated;
|
|
GRANT INSERT ON public.newsletter_subscriptions TO anon;
|
|
GRANT ALL ON public.newsletter_subscriptions TO service_role;
|
|
|
|
CREATE POLICY newsletter_sub_public_insert ON public.newsletter_subscriptions
|
|
FOR INSERT TO anon WITH CHECK (true);
|
|
|
|
CREATE POLICY newsletter_sub_admin ON public.newsletter_subscriptions
|
|
FOR ALL TO authenticated USING (public.has_role_on_account(account_id));
|