Add role-based visibility and management features for products

- Introduced a role-based visibility system for products, ensuring that only users with approved roles can view specific products. - Added new database tables for roles, user roles, and product role visibility to manage access control. - Implemented utility functions for role management, including fetching approved roles, checking product visibility, and assigning roles to users and products. - Updated API endpoints to filter products based on user roles, enhancing security and user experience. - Prepared the database schema for future role request and approval workflows in upcoming phases.
2025-11-02 10:17:40 +01:00
parent 6e4f858883
commit ff9960edef
10 changed files with 1865 additions and 26 deletions
--- a/docs/ARCHITECTURE.md
+++ b/docs/ARCHITECTURE.md
@@ -1505,8 +1505,49 @@ try {


 ┌─────────────────────┐
+│       Role          │
+├─────────────────────┤
+│ id (PK)             │
+│ code (UQ)           │  ('private', 'educator', 'company')
+│ display_name        │
+│ description         │
+│ requires_approval   │
+│ sort_order          │
+│ active              │
+│ created_at          │
+│ updated_at          │
+└──────────┬──────────┘
+           │
+           │ M:N
+           │
+┌──────────▼──────────┐         ┌─────────────────────┐
+│     UserRole        │         │ ProductRoleVis...   │
+├─────────────────────┤         ├─────────────────────┤
+│ id (PK)             │         │ id (PK)             │
+│ user_id (FK) ───────┼────>    │ product_id (FK) ────┼────> Product
+│ role_id (FK) ───────┼────>    │ role_id (FK) ───────┼────> Role
+│ status              │         │ created_at          │
+│ organization_name   │         └─────────────────────┘
+│ admin_notes         │
+│ status_history      │  (JSONB)
+│ created_at          │
+│ updated_at          │
+└─────────────────────┘
+```
+
+**Rollen-System (MVP - Datenbankstruktur):**

 - **roles**: Rollen-Definitionen (private, educator, company)
+- **user_roles**: Many-to-Many User ↔ Rollen mit Antrags-Workflow (vorbereitet für Phase 2/3)
+- **product_role_visibility**: Many-to-Many Produkt ↔ Rollen (Sichtbarkeitssteuerung)
+
+**Opt-in Sichtbarkeit:**
+- Produkte OHNE `product_role_visibility` Einträge sind für NIEMANDEN sichtbar
+- Produkte MIT Einträgen sind nur für User mit passender `approved` Rolle sichtbar
+
+### 4.2 Drizzle Schema Definition
+
+```typescript
 // server/database/schema.ts
 import {
  pgTable,