br-office-suite/database/migrations/025_kummerkasten.sql

CREATE TABLE IF NOT EXISTS kummerkasten_setting (
  id SMALLINT PRIMARY KEY DEFAULT 1 CHECK (id = 1),
  enabled BOOLEAN NOT NULL DEFAULT FALSE,
  access_password_hash TEXT,
  intro_text TEXT NOT NULL DEFAULT 'Reichen Sie hier vertraulich einen Vorschlag oder ein Anliegen für die Tagesordnung ein.',
  target_committee_id BIGINT REFERENCES committee(id) ON DELETE SET NULL,
  created_by BIGINT REFERENCES app_user(id),
  updated_by BIGINT REFERENCES app_user(id),
  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
  updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);

INSERT INTO kummerkasten_setting(id)
VALUES (1)
ON CONFLICT (id) DO NOTHING;

CREATE TABLE IF NOT EXISTS kummerkasten_submission (
  id BIGSERIAL PRIMARY KEY,
  agenda_item_id BIGINT REFERENCES meeting_agenda_item(id) ON DELETE SET NULL,
  title VARCHAR(255) NOT NULL,
  description TEXT,
  submitter_name VARCHAR(255),
  submitter_contact VARCHAR(255),
  target_committee_id BIGINT REFERENCES committee(id) ON DELETE SET NULL,
  status VARCHAR(40) NOT NULL DEFAULT 'converted_to_agenda',
  created_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
);

CREATE INDEX IF NOT EXISTS idx_kummerkasten_submission_created_at ON kummerkasten_submission(created_at DESC);
CREATE INDEX IF NOT EXISTS idx_kummerkasten_submission_agenda_item ON kummerkasten_submission(agenda_item_id);

DO $$
BEGIN
  IF NOT EXISTS (SELECT 1 FROM pg_trigger WHERE tgname = 'trg_kummerkasten_setting_updated_at') THEN
    CREATE TRIGGER trg_kummerkasten_setting_updated_at
      BEFORE UPDATE ON kummerkasten_setting
      FOR EACH ROW EXECUTE FUNCTION set_updated_at();
  END IF;
END $$;

INSERT INTO app_page(page_key, path, label, nav_group, sort_order, description)
VALUES
  ('kummerkasten-admin', '/kummerkasten-admin', 'Kummerkasten', 'admin', 245, 'Öffentliche Kummerkasten-Seite konfigurieren')
ON CONFLICT (page_key) DO UPDATE
  SET path = EXCLUDED.path,
      label = EXCLUDED.label,
      nav_group = EXCLUDED.nav_group,
      sort_order = EXCLUDED.sort_order,
      description = EXCLUDED.description;

INSERT INTO app_permission(permission_key, label, category, description)
VALUES
  ('kummerkasten.configure', 'Kummerkasten konfigurieren', 'Kummerkasten', 'Öffentliche Kummerkasten-Seite einschalten und Kennwort verwalten')
ON CONFLICT (permission_key) DO UPDATE
  SET label = EXCLUDED.label,
      category = EXCLUDED.category,
      description = EXCLUDED.description;

INSERT INTO app_role_page(role_profile_id, page_key, can_view)
SELECT id, 'kummerkasten-admin', TRUE
  FROM app_role_profile
 WHERE code = 'admin'
ON CONFLICT (role_profile_id, page_key) DO UPDATE SET can_view = TRUE;

INSERT INTO app_role_permission(role_profile_id, permission_key, granted)
SELECT id, 'kummerkasten.configure', TRUE
  FROM app_role_profile
 WHERE code = 'admin'
ON CONFLICT (role_profile_id, permission_key) DO UPDATE SET granted = TRUE;

ALTER TABLE kummerkasten_setting ENABLE ROW LEVEL SECURITY;
ALTER TABLE kummerkasten_submission ENABLE ROW LEVEL SECURITY;

DROP POLICY IF EXISTS kummerkasten_setting_select ON kummerkasten_setting;
DROP POLICY IF EXISTS kummerkasten_setting_modify ON kummerkasten_setting;
CREATE POLICY kummerkasten_setting_select ON kummerkasten_setting FOR SELECT USING (app_has_permission('kummerkasten.configure'));
CREATE POLICY kummerkasten_setting_modify ON kummerkasten_setting FOR ALL USING (app_has_permission('kummerkasten.configure')) WITH CHECK (app_has_permission('kummerkasten.configure'));

DROP POLICY IF EXISTS kummerkasten_submission_select ON kummerkasten_submission;
DROP POLICY IF EXISTS kummerkasten_submission_modify ON kummerkasten_submission;
CREATE POLICY kummerkasten_submission_select ON kummerkasten_submission FOR SELECT USING (app_has_permission('kummerkasten.configure'));
CREATE POLICY kummerkasten_submission_modify ON kummerkasten_submission FOR ALL USING (app_has_permission('kummerkasten.configure')) WITH CHECK (app_has_permission('kummerkasten.configure'));