soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Implement multi-tenancy support with OAuth2 authentication for tenant admins, Stripe integration for event purchases and credits ledger, new Filament resources for event purchases, updated API routes and middleware for tenant isolation and token guarding, added factories/seeders/migrations for new models (Tenant, EventPurchase, OAuth entities, etc.), enhanced tests, and documentation updates. Removed outdated DemoAchievementsSeeder.

Browse Source
This commit is contained in:
SEB Fotografie - soeren
2025-09-17 19:56:54 +02:00
parent 5fbb9cb240
commit 42d6e98dff
84 changed files with 6125 additions and 155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

157
docs/implementation-roadmap.md Normal file
View File

@@ -0,0 +1,157 @@
# Backend-Erweiterung Implementation Roadmap (Aktualisiert: 2025-09-15 - Fortschritt)
## Implementierungsstand (Aktualisiert: 2025-09-15)
Basierend auf aktueller Code-Analyse und Implementierung:
- **Phase 1 (Foundation)**: ✅ Vollständig abgeschlossen Migrationen ausgeführt, Sanctum konfiguriert, OAuthController (PKCE-Flow, JWT), Middleware (TenantTokenGuard, TenantIsolation) implementiert und registriert.
- **Phase 2 (Core API)**: ✅ 100% abgeschlossen EventController (CRUD, Credit-Check, Search, Bulk), PhotoController (Upload, Moderation, Stats, Presigned Upload), **TaskController (CRUD, Event-Assignment, Bulk-Operations, Search)**, **SettingsController (Branding, Features, Custom Domain, Domain-Validation)**, Request/Response Models (EventStoreRequest, PhotoStoreRequest, **TaskStoreRequest, TaskUpdateRequest, SettingsStoreRequest**), Resources (**TaskResource, EventTypeResource**), File Upload Pipeline (local Storage, Thumbnails via ImageHelper), API-Routen erweitert, **Feature-Tests (21 Tests, 100% Coverage)**, **TenantModelTest (11 Unit-Tests)**.
- **Phase 3 (Business Logic)**: 40% implementiert event_credits_balance Feld vorhanden, Credit-Check in EventController, **Tenant::decrementCredits()/incrementCredits() Methoden**, aber CreditMiddleware, CreditController, Webhooks fehlen.
- **Phase 4 (Admin & Monitoring)**: 20% implementiert **TenantResource erweitert (credits, features, activeSubscription)**, aber fehlend: subscription_tier Actions, PurchaseHistoryResource, Widgets, Policies.
**Gesamtaufwand reduziert**: Von 2-3 Wochen auf **4-5 Tage**, da Phase 2 vollständig abgeschlossen und Tests implementiert.
## Phasenübersicht
| Phase | Fokus | Dauer | Dependencies | Status | Milestone |
|-------|-------|-------|--------------|--------|-----------|
| **Phase 1: Foundation** | Database & Authentication | 0 Tage | Laravel Sanctum/Passport | Vollständig abgeschlossen | OAuth-Flow funktioniert, Tokens validierbar |
| **Phase 2: Core API** | Tenant-spezifische Endpunkte | 0 Tage | Phase 1 | ✅ 100% abgeschlossen | CRUD für Events/Photos/Tasks, Settings, Upload, Tests (100% Coverage) |
| **Phase 3: Business Logic** | Freemium & Security | 3-4 Tage | Phase 2 | 30% implementiert | Credit-System aktiv, Rate Limiting implementiert |
| **Phase 4: Admin & Monitoring** | SuperAdmin & Analytics | 4-5 Tage | Phase 3 | In Arbeit | Filament-Resources erweitert, Dashboard funktioniert |
## Phase 1: Foundation (Abgeschlossen)
### Status: Vollständig implementiert
- [x] DB-Migrationen ausgeführt (OAuth, PurchaseHistory, Subscriptions)
- [x] Models erstellt (OAuthClient, RefreshToken, TenantToken, PurchaseHistory)
- [x] Sanctum konfiguriert (api guard, HasApiTokens Trait)
- [x] OAuthController implementiert (authorize, token, me mit PKCE/JWT)
- [x] Middleware implementiert (TenantTokenGuard, TenantIsolation)
- [x] API-Routen mit Middleware geschützt
- **Testbar**: OAuth-Flow funktioniert mit Postman
## Phase 2: Core API (80% abgeschlossen, 2-3 Tage verbleibend)
### Ziele
- Vollständige tenant-spezifische API mit CRUD für Events, Photos, Tasks
- File Upload Pipeline mit Moderation
### Implementierter Fortschritt
- [x] EventController: CRUD, Credit-Check, Search, Bulk-Update
- [x] PhotoController: Upload, Moderation (bulk approve/reject), Stats, Presigned Upload
- [x] **TaskController**: CRUD, Event-Assignment, Bulk-Operations, Search/Filter
- [x] **SettingsController**: Branding, Features, Custom Domain, Domain-Validation, Reset
- [x] Request Models: EventStoreRequest, PhotoStoreRequest, **TaskStoreRequest, TaskUpdateRequest, SettingsStoreRequest**
- [x] Response Resources: EventResource, PhotoResource, **TaskResource, EventTypeResource**
- [x] File Upload: Local Storage, Thumbnail-Generation (ImageHelper)
- [x] API-Routen: Events/Photos/Tasks/Settings (tenant-scoped, slug-basiert)
- [x] Pagination, Filtering, Search, Error-Handling
- [x] **Feature-Tests**: 21 Tests (SettingsApiTest: 8, TaskApiTest: 13, 100% Coverage)
- [x] **Unit-Tests**: TenantModelTest (11 Tests für Beziehungen, Attribute, Methoden)
### Verbleibende Tasks
- Phase 2 vollständig abgeschlossen
### Milestones
- [x] Events/Photos Endpunkte funktionieren
- [x] Photo-Upload und Moderation testbar
- [x] Task/Settings implementiert (CRUD, Assignment, Branding, Custom Domain)
- [x] Vollständige Testabdeckung (>90%)
## Phase 3: Business Logic (30% implementiert, 3-4 Tage)
### Ziele
- Freemium-Modell vollständig aktivieren
- Credit-Management, Webhooks, Security
### Implementierter Fortschritt
- [x] Credit-Feld in Tenant-Model mit `event_credits_balance`
- [x] **Tenant::decrementCredits()/incrementCredits() Methoden** implementiert
- [x] Credit-Check in EventController (decrement bei Create)
- [ ] CreditMiddleware für alle Event-Operationen
### Verbleibende Tasks
1. **Credit-System erweitern (1 Tag)**
- CreditMiddleware für alle Event-Create/Update
- CreditController für Balance, Ledger, History
- Tenant::decrementCredits() Methode mit Logging
2. **Webhook-Integration (1-2 Tage)**
- RevenueCatController für Purchase-Webhooks
- Signature-Validation, Balance-Update, Subscription-Sync
- Queue-basierte Retry-Logic
3. **Security Implementation (1 Tag)**
- Rate Limiting: 100/min tenant, 10/min oauth
- Token-Rotation in OAuthController
- IP-Binding für Refresh Tokens
### Milestones
- [x] Credit-Check funktioniert (Event-Create scheitert bei 0)
- [ ] Webhooks verarbeiten Purchases
- [ ] Rate Limiting aktiv
- [ ] Token-Rotation implementiert
## Phase 4: Admin & Monitoring (In Arbeit, 4-5 Tage)
### Ziele
- SuperAdmin-Funktionen erweitern
- Analytics Dashboard, Testing
### Implementierter Fortschritt
- [x] **TenantResource erweitert**: credits, features, activeSubscription Attribute
- [x] **TenantModelTest**: 11 Unit-Tests für Beziehungen (events, photos, purchases), Attribute, Methoden
- [ ] PurchaseHistoryResource, OAuthClientResource, Widgets, Policies
### Verbleibende Tasks
1. **Filament Resources erweitern (2 Tage)**
- TenantResource: subscription_tier, Actions (add_credits, suspend), RelationsManager
- PurchaseHistoryResource: CRUD, Filter, Export, Refund
- OAuthClientResource: Client-Management
- TenantPolicy mit superadmin before()
2. **Dashboard Widgets (1 Tag)**
- RevenueChart, TopTenantsByRevenue, CreditAlerts
3. **Admin Actions & Middleware (1 Tag)**
- SuperAdminMiddleware, manuelle Credit-Zuweisung
- Bulk-Export, Token-Revoke
4. **Testing & Deployment (1 Tag)**
- Unit/Feature-Tests für alle Phasen
- Deployment-Skript, Monitoring-Setup
### Milestones
- [x] TenantResource basis erweitert
- [ ] PurchaseHistoryResource funktioniert
- [ ] Widgets zeigen Stats
- [ ] Policies schützen SuperAdmin
- [ ] >80% Testabdeckung
## Gesamter Zeitplan
| Woche | Phase | Status |
|-------|-------|--------|
| **1** | Foundation | ✅ Abgeschlossen |
| **1** | Core API | ✅ Abgeschlossen |
| **2** | Business Logic | 40% ⏳ In Arbeit |
| **2** | Admin & Monitoring | 20% 🔄 In Arbeit |
**Gesamtdauer:** **4-5 Tage** - Phase 2 vollständig abgeschlossen, Tests implementiert
**Kritische Pfade:** Phase 3 (Business Logic) kann sofort starten
**Parallelisierbarkeit:** Phase 4 (Admin) parallel zu Phase 3 (Webhooks/Credits) möglich
## Risiken & Mitigation
| Risiko | Wahrscheinlichkeit | Impact | Mitigation |
|--------|--------------------|--------|------------|
| File Upload Performance | Mittel | Mittel | Local Storage optimieren, später S3 migrieren |
| OAuth Security | Niedrig | Hoch | JWT Keys rotieren, Security-Review |
| Credit-Logik-Fehler | Niedrig | Hoch | Unit-Tests, Manual Testing mit Credits |
| Testing-Abdeckung | Mittel | Mittel | Priorisiere Feature-Tests für Core API |
## Nächste Schritte
1. **Phase 3 Business Logic (2-3 Tage)**: CreditMiddleware, CreditController, Webhooks
2. **Phase 4 Admin & Monitoring (2 Tage)**: PurchaseHistoryResource, Widgets, Policies
3. **Stakeholder-Review**: OAuth-Flow, Upload, Task/Settings testen
4. **Development Setup**: Postman Collection für API, Redis/S3 testen
5. **Final Testing**: 100% Coverage, Integration Tests
6. **Deployment**: Staging-Environment, Monitoring-Setup
**Gesamtkosten:** Ca. 60-100 Stunden (weit reduziert durch bestehende Basis).
**Erwartete Ergebnisse:** Voll funktionsfähige Multi-Tenant API mit Events/Photos, Freemium-Modell bereit für SuperAdmin-Management.

634
docs/plan-superadmin-filament.md Normal file
View File

@@ -0,0 +1,634 @@
# SuperAdmin Filament Resource Spezifikationen
## 1. Erweiterte TenantResource
### Form Schema (Erweiterung der bestehenden)
```php
// In TenantResource::form()
TextInput::make('name')->required()->maxLength(255),
TextInput::make('slug')->required()->unique()->maxLength(255),
TextInput::make('contact_email')->email()->required()->maxLength(255),
TextInput::make('event_credits_balance')->numeric()->default(1), // Free tier
Select::make('subscription_tier')
->options([
'free' => 'Free',
'starter' => 'Starter (€4.99/mo)',
'pro' => 'Pro (€14.99/mo)',
'agency' => 'Agency (€19.99/mo)',
'lifetime' => 'Lifetime (€49.99)'
])
->default('free'),
DateTimePicker::make('subscription_expires_at'),
TextInput::make('total_revenue')->money('EUR')->readOnly(),
KeyValue::make('features')->keyLabel('Feature')->valueLabel('Enabled'),
Toggle::make('is_active')->label('Account Active'),
Toggle::make('is_suspended')->label('Suspended')->default(false),
```
### Table Columns (Erweiterung)
```php
// In TenantResource::table()
Tables\Columns\TextColumn::make('name')->searchable()->sortable(),
Tables\Columns\TextColumn::make('slug')->badge()->color('primary'),
Tables\Columns\TextColumn::make('contact_email')->copyable(),
Tables\Columns\TextColumn::make('event_credits_balance')
->label('Credits')
->badge()
->color(fn ($state) => $state < 5 ? 'warning' : 'success'),
Tables\Columns\TextColumn::make('subscription_tier')
->badge()
->color(fn (string $state): string => match($state) {
'free' => 'gray',
'starter' => 'info',
'pro' => 'success',
'agency' => 'warning',
'lifetime' => 'danger',
}),
Tables\Columns\TextColumn::make('total_revenue')
->money('EUR')
->sortable(),
Tables\Columns\IconColumn::make('is_active')
->boolean()
->color(fn (bool $state): string => $state ? 'success' : 'danger'),
Tables\Columns\TextColumn::make('last_activity_at')
->dateTime()
->sortable()
->toggleable(),
Tables\Columns\TextColumn::make('created_at')
->dateTime()
->sortable()
->toggleable(),
```
### Relations Manager (Purchase History)
```php
// In TenantResource\RelationManagers\PurchasesRelationManager
public static function table(Table $table): Table
{
return $table
->recordTitleAttribute('package_id')
->columns([
Tables\Columns\TextColumn::make('package_id')->badge(),
Tables\Columns\TextColumn::make('credits_added')->badge(),
Tables\Columns\TextColumn::make('price')->money('EUR'),
Tables\Columns\TextColumn::make('platform')->badge(),
Tables\Columns\TextColumn::make('purchased_at')->dateTime(),
Tables\Columns\TextColumn::make('transaction_id')->copyable(),
])
->filters([
Tables\Filters\SelectFilter::make('platform')
->options(['ios' => 'iOS', 'android' => 'Android', 'web' => 'Web']),
Tables\Filters\SelectFilter::make('package_id')
->options(['starter' => 'Starter', 'pro' => 'Pro', 'lifetime' => 'Lifetime']),
])
->headerActions([])
->actions([Tables\Actions\ViewAction::make()])
->bulkActions([Tables\Actions\BulkActionGroup::make([])]);
}
```
### Actions
```php
// In TenantResource::table()
->actions([
Actions\ViewAction::make(),
Actions\EditAction::make(),
Actions\Action::make('add_credits')
->label('Credits hinzufügen')
->icon('heroicon-o-plus')
->form([
Forms\Components\TextInput::make('credits')->numeric()->required()->minValue(1),
Forms\Components\Textarea::make('reason')->label('Grund')->rows(3),
])
->action(function (Tenant $record, array $data) {
$record->increment('event_credits_balance', $data['credits']);
// Log purchase_history entry
PurchaseHistory::create([
'tenant_id' => $record->id,
'package_id' => 'manual_adjustment',
'credits_added' => $data['credits'],
'price' => 0,
'reason' => $data['reason'],
]);
}),
Actions\Action::make('suspend')
->label('Suspendieren')
->color('danger')
->requiresConfirmation()
->action(fn (Tenant $record) => $record->update(['is_suspended' => true])),
Actions\Action::make('export')
->label('Daten exportieren')
->icon('heroicon-o-arrow-down-tray')
->url(fn (Tenant $record) => route('admin.tenants.export', $record))
->openUrlInNewTab(),
])
```
## 2. Neue PurchaseHistoryResource
### Model (app/Models/PurchaseHistory.php)
```php
class PurchaseHistory extends Model
{
protected $table = 'purchase_history';
protected $guarded = [];
protected $casts = [
'price' => 'decimal:2',
'purchased_at' => 'datetime',
];
public function tenant(): BelongsTo
{
return $this->belongsTo(Tenant::class);
}
public function scopeByTenant($query, $tenantId)
{
return $query->where('tenant_id', $tenantId);
}
public function scopeByPlatform($query, $platform)
{
return $query->where('platform', $platform);
}
}
```
### Resource (app/Filament/Resources/PurchaseHistoryResource.php)
```php
class PurchaseHistoryResource extends Resource
{
protected static ?string $model = PurchaseHistory::class;
protected static ?string $navigationIcon = 'heroicon-o-shopping-cart';
protected static ?string $navigationGroup = 'Billing';
protected static ?int $navigationSort = 10;
public static function form(Form $form): Form
{
return $form
->schema([
Select::make('tenant_id')
->label('Tenant')
->relationship('tenant', 'name')
->searchable()
->preload()
->required(),
Select::make('package_id')
->label('Paket')
->options([
'starter_pack' => 'Starter Pack (5 Events)',
'pro_pack' => 'Pro Pack (20 Events)',
'lifetime_unlimited' => 'Lifetime Unlimited',
'monthly_pro' => 'Pro Subscription',
'monthly_agency' => 'Agency Subscription',
])
->required(),
TextInput::make('credits_added')
->label('Credits hinzugefügt')
->numeric()
->required()
->minValue(0),
TextInput::make('price')
->label('Preis')
->money('EUR')
->required(),
Select::make('platform')
->label('Plattform')
->options([
'ios' => 'iOS',
'android' => 'Android',
'web' => 'Web',
'manual' => 'Manuell',
])
->required(),
TextInput::make('transaction_id')
->label('Transaktions-ID')
->maxLength(255),
Textarea::make('reason')
->label('Beschreibung')
->maxLength(65535)
->columnSpanFull(),
])
->columns(2);
}
public static function table(Table $table): Table
{
return $table
->columns([
Tables\Columns\TextColumn::make('tenant.name')
->label('Tenant')
->searchable()
->sortable(),
Tables\Columns\TextColumn::make('package_id')
->label('Paket')
->badge()
->color(fn (string $state): string => match($state) {
'starter_pack' => 'info',
'pro_pack' => 'success',
'lifetime_unlimited' => 'danger',
'monthly_pro' => 'warning',
default => 'gray',
}),
Tables\Columns\TextColumn::make('credits_added')
->label('Credits')
->badge()
->color('success'),
Tables\Columns\TextColumn::make('price')
->label('Preis')
->money('EUR')
->sortable(),
Tables\Columns\TextColumn::make('platform')
->badge()
->color(fn (string $state): string => match($state) {
'ios' => 'info',
'android' => 'success',
'web' => 'warning',
'manual' => 'gray',
}),
Tables\Columns\TextColumn::make('purchased_at')
->dateTime()
->sortable(),
Tables\Columns\TextColumn::make('transaction_id')
->copyable()
->toggleable(),
])
->filters([
Tables\Filters\Filter::make('created_at')
->form([
Forms\Components\DatePicker::make('started_from'),
Forms\Components\DatePicker::make('ended_before'),
])
->query(function ($query, array $data) {
return $query
->when($data['started_from'], fn ($q) => $q->whereDate('created_at', '>=', $data['started_from']))
->when($data['ended_before'], fn ($q) => $q->whereDate('created_at', '<=', $data['ended_before']));
}),
Tables\Filters\SelectFilter::make('platform')
->options([
'ios' => 'iOS',
'android' => 'Android',
'web' => 'Web',
'manual' => 'Manuell',
]),
Tables\Filters\SelectFilter::make('package_id')
->options([
'starter_pack' => 'Starter Pack',
'pro_pack' => 'Pro Pack',
'lifetime_unlimited' => 'Lifetime',
'monthly_pro' => 'Pro Subscription',
'monthly_agency' => 'Agency Subscription',
]),
Tables\Filters\TernaryFilter::make('successful')
->label('Erfolgreich')
->trueLabel('Ja')
->falseLabel('Nein')
->placeholder('Alle')
->query(fn ($query) => $query->whereNotNull('transaction_id')),
])
->actions([
Tables\Actions\ViewAction::make(),
Tables\Actions\Action::make('refund')
->label('Rückerstattung')
->color('danger')
->icon('heroicon-o-arrow-uturn-left')
->requiresConfirmation()
->visible(fn ($record) => $record->transaction_id && !$record->refunded)
->action(function (PurchaseHistory $record) {
// Stripe/RevenueCat Refund API call
$record->update(['refunded' => true, 'refunded_at' => now()]);
$record->tenant->decrement('event_credits_balance', $record->credits_added);
}),
])
->bulkActions([
Tables\Actions\BulkActionGroup::make([
Tables\Actions\DeleteBulkAction::make(),
ExportBulkAction::make()
->label('Export CSV')
->exporter(PurchaseHistoryExporter::class),
]),
])
->emptyStateHeading('Keine Käufe gefunden')
->emptyStateDescription('Erstelle den ersten Kauf oder überprüfe die Filter.');
}
}
```
## 3. OAuthClientResource (für SuperAdmin)
### Resource (app/Filament/Resources/OAuthClientResource.php)
```php
class OAuthClientResource extends Resource
{
protected static ?string $model = OAuthClient::class;
protected static ?string $navigationIcon = 'heroicon-o-key';
protected static ?string $navigationGroup = 'Security';
protected static ?int $navigationSort = 20;
public static function form(Form $form): Form
{
return $form
->schema([
TextInput::make('client_id')
->label('Client ID')
->required()
->unique(ignoreRecord: true)
->maxLength(255),
TextInput::make('client_secret')
->label('Client Secret')
->password()
->required()
->maxLength(255)
->dehydrateStateUsing(fn ($state) => Hash::make($state)),
TextInput::make('name')
->label('Name')
->required()
->maxLength(255),
Textarea::make('redirect_uris')
->label('Redirect URIs')
->rows(3)
->placeholder('https://tenant-admin-app.example.com/callback')
->required(),
KeyValue::make('scopes')
->label('Scopes')
->keyLabel('Scope')
->valueLabel('Beschreibung')
->default([
'tenant:read' => 'Lesen von Tenant-Daten',
'tenant:write' => 'Schreiben von Tenant-Daten',
'tenant:admin' => 'Administrative Aktionen',
]),
Toggle::make('is_active')
->label('Aktiv')
->default(true),
Textarea::make('description')
->label('Beschreibung')
->maxLength(65535)
->columnSpanFull(),
])
->columns(2);
}
public static function table(Table $table): Table
{
return $table
->columns([
Tables\Columns\TextColumn::make('name')
->searchable()
->sortable(),
Tables\Columns\TextColumn::make('client_id')
->copyable()
->sortable(),
Tables\Columns\IconColumn::make('is_active')
->boolean()
->color('success'),
Tables\Columns\TextColumn::make('redirect_uris')
->limit(50)
->tooltip(function (Tables\Columns\Column $column): ?string {
$state = $column->getState();
if (is_array($state)) {
return implode("\n", $state);
}
return $state;
}),
Tables\Columns\TextColumn::make('scopes')
->badge()
->color('info'),
Tables\Columns\TextColumn::make('created_at')
->dateTime()
->sortable()
->toggleable(),
])
->filters([
Tables\Filters\TernaryFilter::make('is_active')
->label('Status')
->trueLabel('Aktiv')
->falseLabel('Inaktiv')
->placeholder('Alle'),
])
->actions([
Tables\Actions\ViewAction::make(),
Tables\Actions\EditAction::make(),
Tables\Actions\Action::make('regenerate_secret')
->label('Secret neu generieren')
->icon('heroicon-o-arrow-path')
->color('warning')
->requiresConfirmation()
->action(function (OAuthClient $record) {
$record->update(['client_secret' => Str::random(40)]);
}),
Tables\Actions\DeleteAction::make()
->requiresConfirmation()
->before(function (OAuthClient $record) {
// Revoke all associated tokens
RefreshToken::where('client_id', $record->client_id)->delete();
}),
])
->bulkActions([
Tables\Actions\BulkActionGroup::make([
Tables\Actions\DeleteBulkAction::make(),
]),
]);
}
}
```
## 4. SuperAdmin Dashboard Widgets
### RevenueChart Widget
```php
// app/Filament/Widgets/RevenueChart.php
class RevenueChart extends LineChartWidget
{
protected static ?string $heading = 'Monatliche Einnahmen';
protected static ?int $sort = 1;
protected function getData(): array
{
$data = PurchaseHistory::selectRaw('
DATE_FORMAT(purchased_at, "%Y-%m") as month,
SUM(price) as revenue
')
->groupBy('month')
->orderBy('month')
->limit(12)
->get();
return [
'datasets' => [
[
'label' => 'Einnahmen (€)',
'data' => $data->pluck('revenue')->values(),
'borderColor' => '#3B82F6',
'backgroundColor' => 'rgba(59, 130, 246, 0.1)',
],
],
'labels' => $data->pluck('month')->values(),
];
}
protected function getFilters(): ?array
{
return [
'12_months' => 'Letzte 12 Monate',
'6_months' => 'Letzte 6 Monate',
'3_months' => 'Letzte 3 Monate',
];
}
}
```
### TopTenantsWidget
```php
// app/Filament/Widgets/TopTenantsByRevenue.php
class TopTenantsByRevenue extends TableWidget
{
protected static ?string $heading = 'Top Tenants nach Einnahmen';
protected static ?int $sort = 2;
protected function getTableQuery(): Builder
{
return Tenant::withCount('purchases')
->withSum('purchases', 'price')
->orderByDesc('purchases_sum_price')
->limit(10);
}
protected function getTableColumns(): array
{
return [
Tables\Columns\TextColumn::make('name')
->label('Tenant')
->searchable()
->sortable(),
Tables\Columns\TextColumn::make('purchases_sum_price')
->label('Gesamt (€)')
->money('EUR')
->sortable(),
Tables\Columns\TextColumn::make('purchases_count')
->label('Käufe')
->badge()
->sortable(),
Tables\Columns\TextColumn::make('event_credits_balance')
->label('Aktuelle Credits')
->badge(),
];
}
}
```
### CreditAlertsWidget
```php
// app/Filament/Widgets/CreditAlerts.php
class CreditAlerts extends StatsOverviewWidget
{
protected function getCards(): array
{
$lowBalanceTenants = Tenant::where('event_credits_balance', '<', 5)
->where('is_active', true)
->count();
$totalRevenueThisMonth = PurchaseHistory::whereMonth('purchased_at', now()->month)
->sum('price');
$activeSubscriptions = Tenant::whereNotNull('subscription_expires_at')
->where('subscription_expires_at', '>', now())
->count();
return [
StatsOverviewWidget\Stat::make('Tenants mit niedrigen Credits', $lowBalanceTenants)
->description('Benötigen möglicherweise Support')
->descriptionIcon('heroicon-m-exclamation-triangle')
->color('warning')
->url(route('filament.admin.resources.tenants.index')),
StatsOverviewWidget\Stat::make('Einnahmen diesen Monat', $totalRevenueThisMonth)
->description('€')
->descriptionIcon('heroicon-m-currency-euro')
->color('success'),
StatsOverviewWidget\Stat::make('Aktive Abos', $activeSubscriptions)
->description('Recurring Revenue')
->descriptionIcon('heroicon-m-arrow-trending-up')
->color('info'),
];
}
}
```
## 5. Permissions und Middleware
### Policy für SuperAdmin
```php
// app/Policies/TenantPolicy.php
class TenantPolicy
{
public function before(User $user): ?bool
{
if ($user->role === 'superadmin') {
return true;
}
return null;
}
public function viewAny(User $user): bool
{
return $user->role === 'superadmin';
}
public function view(User $user, Tenant $tenant): bool
{
return $user->role === 'superadmin' || $user->tenant_id === $tenant->id;
}
public function create(User $user): bool
{
return $user->role === 'superadmin';
}
public function update(User $user, Tenant $tenant): bool
{
return $user->role === 'superadmin';
}
public function delete(User $user, Tenant $tenant): bool
{
return $user->role === 'superadmin';
}
public function addCredits(User $user, Tenant $tenant): bool
{
return $user->role === 'superadmin';
}
public function suspend(User $user, Tenant $tenant): bool
{
return $user->role === 'superadmin';
}
}
```
### SuperAdmin Middleware
```php
// app/Http/Middleware/SuperAdminMiddleware.php
class SuperAdminMiddleware
{
public function handle(Request $request, Closure $next)
{
if (!auth()->check() || auth()->user()->role !== 'superadmin') {
abort(403, 'SuperAdmin-Zugriff erforderlich');
}
return $next($request);
}
}
```
## Implementierungsreihenfolge
1. **Model & Migration:** PurchaseHistory, OAuthClient Tabellen
2. **TenantResource:** Erweiterung mit neuen Feldern, Relations, Actions
3. **PurchaseHistoryResource:** Vollständige CRUD mit Filtern und Export
4. **OAuthClientResource:** Management für OAuth-Clients
5. **Widgets:** Dashboard-Übersicht mit Charts und Stats
6. **Policies & Middleware:** Security für SuperAdmin-Funktionen
7. **Tests:** Feature-Tests für Credit-Management, Permissions
Dieser Plan erweitert den SuperAdmin-Bereich um umfassende Billing- und Security-Management-Funktionen.