Rebuild as InnungsApp project: replace stadtwerke analysis with full documentation

- PRD: vollständige Produktspezifikation (5 Module, Scope, Akzeptanzkriterien)
- ARCHITECTURE: Tech Stack, Ordnerstruktur, Multi-Tenancy, Push, Kosten
- DATABASE_SCHEMA: Vollständiges SQL-Schema mit RLS Policies und Views
- USER_STORIES: 40+ Stories nach Rolle (Admin, Mitglied, Azubi, Obermeister)
- PERSONAS: 5 detaillierte Nutzerprofile mit Alltag, Zitaten und Erwartungen
- BUSINESS_MODEL: Preistabellen, Unit Economics, Revenue-Projektionen, Distribution
- ROADMAP: 6 Phasen, Sprint-Planung, Meilensteine und KPIs
- COMPETITIVE_ANALYSIS: Wettbewerbsmatrix, USPs, Preispositionierung
- API_DESIGN: Supabase Query Patterns, Edge Functions, Realtime Subscriptions
- ONBOARDING_FLOWS: 7 User Flows von Setup bis Fehlerfall
- GTM_STRATEGY: 3-Phasen-Vertrieb, Outreach-Sequenz, Einwandbehandlung
- AZUBI_MODULE: Video-Feed, 1-Click-Apply, Chat, Berichtsheft, Quiz
- DSGVO_KONZEPT: Rechtsgrundlagen, TOMs, AVV, Minderjährige, Incident Response
- FEATURES_BACKLOG: 72 Features nach MoSCoW + Technische Schulden

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

innungsapp/apps/admin/server/context.ts

@@ -0,0 +1,14 @@
+import { type FetchCreateContextFnOptions } from '@trpc/server/adapters/fetch'
+import { auth } from '@/lib/auth'
+import { prisma } from '@innungsapp/shared'
+
+export async function createContext({ req }: FetchCreateContextFnOptions) {
+  const session = await auth.api.getSession({ headers: req.headers })
+  return {
+    req,
+    session,
+    prisma,
+  }
+}
+
+export type Context = Awaited<ReturnType<typeof createContext>>

innungsapp/apps/admin/server/routers/index.ts

@@ -0,0 +1,16 @@
+import { router } from '../trpc'
+import { membersRouter } from './members'
+import { newsRouter } from './news'
+import { termineRouter } from './termine'
+import { stellenRouter } from './stellen'
+import { organizationsRouter } from './organizations'
+
+export const appRouter = router({
+  members: membersRouter,
+  news: newsRouter,
+  termine: termineRouter,
+  stellen: stellenRouter,
+  organizations: organizationsRouter,
+})
+
+export type AppRouter = typeof appRouter

innungsapp/apps/admin/server/routers/members.ts

@@ -0,0 +1,161 @@
+import { z } from 'zod'
+import { router, memberProcedure, adminProcedure } from '../trpc'
+import { auth } from '@/lib/auth'
+import { sendInviteEmail } from '@/lib/email'
+
+const MemberInput = z.object({
+  name: z.string().min(2),
+  betrieb: z.string().min(2),
+  sparte: z.string().min(2),
+  ort: z.string().min(2),
+  telefon: z.string().optional(),
+  email: z.string().email(),
+  status: z.enum(['aktiv', 'ruhend', 'ausgetreten']).default('aktiv'),
+  istAusbildungsbetrieb: z.boolean().default(false),
+  seit: z.number().int().min(1900).max(2100).optional(),
+})
+
+export const membersRouter = router({
+  /**
+   * List all members in the user's org
+   */
+  list: memberProcedure
+    .input(
+      z.object({
+        search: z.string().optional(),
+        status: z.enum(['aktiv', 'ruhend', 'ausgetreten']).optional(),
+        ausbildungsbetrieb: z.boolean().optional(),
+      })
+    )
+    .query(async ({ ctx, input }) => {
+      const members = await ctx.prisma.member.findMany({
+        where: {
+          orgId: ctx.orgId,
+          ...(input.status && { status: input.status }),
+          ...(input.ausbildungsbetrieb !== undefined && {
+            istAusbildungsbetrieb: input.ausbildungsbetrieb,
+          }),
+          ...(input.search && {
+            OR: [
+              { name: { contains: input.search, mode: 'insensitive' } },
+              { betrieb: { contains: input.search, mode: 'insensitive' } },
+              { ort: { contains: input.search, mode: 'insensitive' } },
+              { sparte: { contains: input.search, mode: 'insensitive' } },
+            ],
+          }),
+        },
+        orderBy: { name: 'asc' },
+      })
+      return members
+    }),
+
+  /**
+   * Get a single member by ID
+   */
+  byId: memberProcedure
+    .input(z.object({ id: z.string() }))
+    .query(async ({ ctx, input }) => {
+      const member = await ctx.prisma.member.findFirst({
+        where: { id: input.id, orgId: ctx.orgId },
+      })
+      if (!member) throw new Error('Member not found')
+      return member
+    }),
+
+  /**
+   * Create a new member (admin only)
+   */
+  create: adminProcedure.input(MemberInput).mutation(async ({ ctx, input }) => {
+    const member = await ctx.prisma.member.create({
+      data: {
+        ...input,
+        orgId: ctx.orgId,
+      },
+    })
+    return member
+  }),
+
+  /**
+   * Create member + send invite email (admin only)
+   */
+  invite: adminProcedure
+    .input(MemberInput)
+    .mutation(async ({ ctx, input }) => {
+      // 1. Create member record
+      const member = await ctx.prisma.member.create({
+        data: { ...input, orgId: ctx.orgId },
+      })
+
+      // 2. Create/get User via better-auth admin
+      try {
+        await auth.api.createUser({
+          body: {
+            name: input.name,
+            email: input.email,
+            role: 'user',
+            password: undefined,
+          },
+        })
+      } catch {
+        // User may already exist — that's ok
+      }
+
+      // 3. Send magic link
+      const org = await ctx.prisma.organization.findUniqueOrThrow({
+        where: { id: ctx.orgId },
+      })
+      await sendInviteEmail({
+        to: input.email,
+        memberName: input.name,
+        orgName: org.name,
+        apiUrl: process.env.BETTER_AUTH_URL!,
+      })
+
+      return member
+    }),
+
+  /**
+   * Update member (admin only)
+   */
+  update: adminProcedure
+    .input(z.object({ id: z.string(), data: MemberInput.partial() }))
+    .mutation(async ({ ctx, input }) => {
+      const member = await ctx.prisma.member.updateMany({
+        where: { id: input.id, orgId: ctx.orgId },
+        data: input.data,
+      })
+      return member
+    }),
+
+  /**
+   * Send/resend invite to existing member (admin only)
+   */
+  resendInvite: adminProcedure
+    .input(z.object({ memberId: z.string() }))
+    .mutation(async ({ ctx, input }) => {
+      const member = await ctx.prisma.member.findFirstOrThrow({
+        where: { id: input.memberId, orgId: ctx.orgId },
+      })
+      const org = await ctx.prisma.organization.findUniqueOrThrow({
+        where: { id: ctx.orgId },
+      })
+      await sendInviteEmail({
+        to: member.email,
+        memberName: member.name,
+        orgName: org.name,
+        apiUrl: process.env.BETTER_AUTH_URL!,
+      })
+      return { success: true }
+    }),
+
+  /**
+   * Get own member profile
+   */
+  me: memberProcedure.query(async ({ ctx }) => {
+    const member = await ctx.prisma.member.findFirst({
+      where: { userId: ctx.session.user.id, orgId: ctx.orgId },
+      include: { org: true },
+    })
+    return member
+  }),
+})

innungsapp/apps/admin/server/routers/news.ts

@@ -0,0 +1,170 @@
+import { z } from 'zod'
+import { router, memberProcedure, adminProcedure } from '../trpc'
+import { sendPushNotifications } from '@/lib/notifications'
+
+const NewsInput = z.object({
+  title: z.string().min(3),
+  body: z.string().min(10),
+  kategorie: z.enum(['Wichtig', 'Pruefung', 'Foerderung', 'Veranstaltung', 'Allgemein']),
+  publishedAt: z.string().datetime().optional().nullable(),
+})
+
+export const newsRouter = router({
+  /**
+   * List published news for org members
+   */
+  list: memberProcedure
+    .input(
+      z.object({
+        kategorie: z
+          .enum(['Wichtig', 'Pruefung', 'Foerderung', 'Veranstaltung', 'Allgemein'])
+          .optional(),
+        includeUnpublished: z.boolean().default(false),
+      })
+    )
+    .query(async ({ ctx, input }) => {
+      const news = await ctx.prisma.news.findMany({
+        where: {
+          orgId: ctx.orgId,
+          ...(input.kategorie && { kategorie: input.kategorie }),
+          ...(!input.includeUnpublished && { publishedAt: { not: null } }),
+          ...(input.includeUnpublished &&
+            ctx.role !== 'admin' && { publishedAt: { not: null } }),
+        },
+        include: {
+          author: { select: { name: true } },
+          attachments: true,
+          reads: {
+            where: { userId: ctx.session.user.id },
+            select: { id: true },
+          },
+        },
+        orderBy: [{ publishedAt: 'desc' }, { createdAt: 'desc' }],
+      })
+
+      return news.map((n) => ({
+        ...n,
+        isRead: n.reads.length > 0,
+        reads: undefined,
+      }))
+    }),
+
+  /**
+   * Get single news article
+   */
+  byId: memberProcedure
+    .input(z.object({ id: z.string() }))
+    .query(async ({ ctx, input }) => {
+      const news = await ctx.prisma.news.findFirstOrThrow({
+        where: {
+          id: input.id,
+          orgId: ctx.orgId,
+          ...(ctx.role !== 'admin' && { publishedAt: { not: null } }),
+        },
+        include: {
+          author: { select: { name: true, betrieb: true } },
+          attachments: true,
+        },
+      })
+      return news
+    }),
+
+  /**
+   * Mark news as read
+   */
+  markRead: memberProcedure
+    .input(z.object({ newsId: z.string() }))
+    .mutation(async ({ ctx, input }) => {
+      await ctx.prisma.newsRead.upsert({
+        where: {
+          newsId_userId: { newsId: input.newsId, userId: ctx.session.user.id },
+        },
+        update: {},
+        create: {
+          newsId: input.newsId,
+          userId: ctx.session.user.id,
+        },
+      })
+      return { success: true }
+    }),
+
+  /**
+   * Create news article (admin only)
+   */
+  create: adminProcedure.input(NewsInput).mutation(async ({ ctx, input }) => {
+    const member = await ctx.prisma.member.findFirst({
+      where: { userId: ctx.session.user.id, orgId: ctx.orgId },
+    })
+
+    const news = await ctx.prisma.news.create({
+      data: {
+        orgId: ctx.orgId,
+        authorId: member?.id,
+        title: input.title,
+        body: input.body,
+        kategorie: input.kategorie,
+        publishedAt: input.publishedAt ? new Date(input.publishedAt) : null,
+      },
+    })
+
+    // Trigger push notifications if publishing now
+    if (news.publishedAt) {
+      sendPushNotifications(ctx.orgId, news.title).catch(console.error)
+    }
+
+    return news
+  }),
+
+  /**
+   * Update news article (admin only)
+   */
+  update: adminProcedure
+    .input(z.object({ id: z.string(), data: NewsInput.partial() }))
+    .mutation(async ({ ctx, input }) => {
+      const wasUnpublished = await ctx.prisma.news.findFirst({
+        where: { id: input.id, orgId: ctx.orgId, publishedAt: null },
+      })
+
+      const news = await ctx.prisma.news.updateMany({
+        where: { id: input.id, orgId: ctx.orgId },
+        data: {
+          ...input.data,
+          publishedAt: input.data.publishedAt
+            ? new Date(input.data.publishedAt)
+            : undefined,
+        },
+      })
+
+      // Trigger push if just published
+      if (wasUnpublished && input.data.publishedAt && input.data.title) {
+        sendPushNotifications(ctx.orgId, input.data.title).catch(console.error)
+      }
+
+      return news
+    }),
+
+  /**
+   * Delete news article (admin only)
+   */
+  delete: adminProcedure
+    .input(z.object({ id: z.string() }))
+    .mutation(async ({ ctx, input }) => {
+      await ctx.prisma.news.deleteMany({
+        where: { id: input.id, orgId: ctx.orgId },
+      })
+      return { success: true }
+    }),
+
+  /**
+   * Get read stats for admin
+   */
+  readStats: adminProcedure
+    .input(z.object({ newsId: z.string() }))
+    .query(async ({ ctx, input }) => {
+      const [totalMembers, readers] = await Promise.all([
+        ctx.prisma.member.count({ where: { orgId: ctx.orgId, status: 'aktiv' } }),
+        ctx.prisma.newsRead.count({ where: { newsId: input.newsId } }),
+      ])
+      return { totalMembers, readers, readRate: totalMembers ? readers / totalMembers : 0 }
+    }),
+})

innungsapp/apps/admin/server/routers/organizations.ts

@@ -0,0 +1,89 @@
+import { z } from 'zod'
+import { router, adminProcedure, publicProcedure } from '../trpc'
+
+export const organizationsRouter = router({
+  /**
+   * Get own organization details
+   */
+  me: adminProcedure.query(async ({ ctx }) => {
+    const org = await ctx.prisma.organization.findUniqueOrThrow({
+      where: { id: ctx.orgId },
+    })
+    return org
+  }),
+
+  /**
+   * Update org settings (admin only)
+   */
+  update: adminProcedure
+    .input(
+      z.object({
+        name: z.string().min(3).optional(),
+        contactEmail: z.string().email().optional(),
+        primaryColor: z.string().regex(/^#[0-9A-Fa-f]{6}$/).optional(),
+      })
+    )
+    .mutation(async ({ ctx, input }) => {
+      const org = await ctx.prisma.organization.update({
+        where: { id: ctx.orgId },
+        data: input,
+      })
+      return org
+    }),
+
+  /**
+   * Accept AVV (Auftragsverarbeitungsvertrag)
+   */
+  acceptAvv: adminProcedure.mutation(async ({ ctx }) => {
+    const org = await ctx.prisma.organization.update({
+      where: { id: ctx.orgId },
+      data: {
+        avvAccepted: true,
+        avvAcceptedAt: new Date(),
+      },
+    })
+    return org
+  }),
+
+  /**
+   * Dashboard stats
+   */
+  stats: adminProcedure.query(async ({ ctx }) => {
+    const now = new Date()
+    const weekAgo = new Date(now.getTime() - 7 * 24 * 60 * 60 * 1000)
+
+    const [activeMembers, newsThisWeek, upcomingTermine, activeStellen] =
+      await Promise.all([
+        ctx.prisma.member.count({
+          where: { orgId: ctx.orgId, status: 'aktiv' },
+        }),
+        ctx.prisma.news.count({
+          where: {
+            orgId: ctx.orgId,
+            publishedAt: { gte: weekAgo, not: null },
+          },
+        }),
+        ctx.prisma.termin.count({
+          where: { orgId: ctx.orgId, datum: { gte: now } },
+        }),
+        ctx.prisma.stelle.count({
+          where: { orgId: ctx.orgId, aktiv: true },
+        }),
+      ])
+
+    return { activeMembers, newsThisWeek, upcomingTermine, activeStellen }
+  }),
+
+  /**
+   * Public org info by slug (for mobile onboarding)
+   */
+  bySlug: publicProcedure
+    .input(z.object({ slug: z.string() }))
+    .query(async ({ ctx, input }) => {
+      const org = await ctx.prisma.organization.findUnique({
+        where: { slug: input.slug },
+        select: { id: true, name: true, slug: true, primaryColor: true, logoUrl: true },
+      })
+      return org
+    }),
+})

innungsapp/apps/admin/server/routers/stellen.ts

@@ -0,0 +1,143 @@
+import { z } from 'zod'
+import { router, publicProcedure, memberProcedure, adminProcedure } from '../trpc'
+
+const StelleInput = z.object({
+  sparte: z.string().min(2),
+  stellenAnz: z.number().int().min(1).default(1),
+  verguetung: z.string().optional(),
+  lehrjahr: z.string().optional(),
+  beschreibung: z.string().optional(),
+  kontaktEmail: z.string().email(),
+  kontaktName: z.string().optional(),
+})
+
+export const stellenRouter = router({
+  /**
+   * Public list — no auth required (Lehrlingsbörse)
+   */
+  listPublic: publicProcedure
+    .input(
+      z.object({
+        sparte: z.string().optional(),
+        lehrjahr: z.string().optional(),
+        orgSlug: z.string().optional(),
+      })
+    )
+    .query(async ({ ctx, input }) => {
+      const stellen = await ctx.prisma.stelle.findMany({
+        where: {
+          aktiv: true,
+          ...(input.sparte && { sparte: input.sparte }),
+          ...(input.lehrjahr && { lehrjahr: input.lehrjahr }),
+          ...(input.orgSlug && {
+            org: { slug: input.orgSlug },
+          }),
+        },
+        include: {
+          member: { select: { betrieb: true, ort: true } },
+          org: { select: { name: true, slug: true } },
+        },
+        orderBy: { createdAt: 'desc' },
+      })
+      return stellen
+    }),
+
+  /**
+   * List stellen for org (authenticated members)
+   */
+  list: memberProcedure
+    .input(
+      z.object({
+        includeInaktiv: z.boolean().default(false),
+      })
+    )
+    .query(async ({ ctx, input }) => {
+      const stellen = await ctx.prisma.stelle.findMany({
+        where: {
+          orgId: ctx.orgId,
+          ...(ctx.role !== 'admin' && !input.includeInaktiv && { aktiv: true }),
+          ...(ctx.role === 'admin' && !input.includeInaktiv && { aktiv: true }),
+        },
+        include: {
+          member: { select: { name: true, betrieb: true, ort: true } },
+        },
+        orderBy: { createdAt: 'desc' },
+      })
+      return stellen
+    }),
+
+  /**
+   * Get single Stelle (public)
+   */
+  byId: publicProcedure
+    .input(z.object({ id: z.string() }))
+    .query(async ({ ctx, input }) => {
+      const stelle = await ctx.prisma.stelle.findFirstOrThrow({
+        where: { id: input.id, aktiv: true },
+        include: {
+          member: { select: { betrieb: true, ort: true } },
+          org: { select: { name: true } },
+        },
+      })
+      return stelle
+    }),
+
+  /**
+   * Create Stelle (own member only)
+   */
+  create: memberProcedure
+    .input(StelleInput)
+    .mutation(async ({ ctx, input }) => {
+      const member = await ctx.prisma.member.findFirstOrThrow({
+        where: { userId: ctx.session.user.id, orgId: ctx.orgId },
+      })
+      const stelle = await ctx.prisma.stelle.create({
+        data: {
+          orgId: ctx.orgId,
+          memberId: member.id,
+          ...input,
+        },
+      })
+      return stelle
+    }),
+
+  /**
+   * Update own Stelle or admin update any
+   */
+  update: memberProcedure
+    .input(
+      z.object({
+        id: z.string(),
+        data: StelleInput.partial().extend({ aktiv: z.boolean().optional() }),
+      })
+    )
+    .mutation(async ({ ctx, input }) => {
+      const member = await ctx.prisma.member.findFirst({
+        where: { userId: ctx.session.user.id, orgId: ctx.orgId },
+      })
+
+      await ctx.prisma.stelle.updateMany({
+        where: {
+          id: input.id,
+          orgId: ctx.orgId,
+          // Admin can update any, member only their own
+          ...(ctx.role !== 'admin' && member ? { memberId: member.id } : {}),
+        },
+        data: input.data,
+      })
+      return { success: true }
+    }),
+
+  /**
+   * Deactivate Stelle (admin moderation)
+   */
+  deactivate: adminProcedure
+    .input(z.object({ id: z.string() }))
+    .mutation(async ({ ctx, input }) => {
+      await ctx.prisma.stelle.updateMany({
+        where: { id: input.id, orgId: ctx.orgId },
+        data: { aktiv: false },
+      })
+      return { success: true }
+    }),
+})

innungsapp/apps/admin/server/routers/termine.ts

@@ -0,0 +1,180 @@
+import { z } from 'zod'
+import { router, memberProcedure, adminProcedure } from '../trpc'
+
+const TerminInput = z.object({
+  titel: z.string().min(3),
+  datum: z.string(), // ISO date string "YYYY-MM-DD"
+  uhrzeit: z.string().optional(),
+  endeDatum: z.string().optional().nullable(),
+  endeUhrzeit: z.string().optional().nullable(),
+  ort: z.string().optional(),
+  adresse: z.string().optional(),
+  typ: z.enum(['Pruefung', 'Versammlung', 'Kurs', 'Event', 'Sonstiges']),
+  beschreibung: z.string().optional(),
+  maxTeilnehmer: z.number().int().positive().optional().nullable(),
+})
+
+export const termineRouter = router({
+  /**
+   * List all termine for org
+   */
+  list: memberProcedure
+    .input(
+      z.object({
+        upcoming: z.boolean().optional(),
+        nurAngemeldet: z.boolean().optional(),
+      })
+    )
+    .query(async ({ ctx, input }) => {
+      const member = await ctx.prisma.member.findFirst({
+        where: { userId: ctx.session.user.id, orgId: ctx.orgId },
+      })
+
+      const today = new Date()
+      today.setHours(0, 0, 0, 0)
+
+      const termine = await ctx.prisma.termin.findMany({
+        where: {
+          orgId: ctx.orgId,
+          ...(input.upcoming && { datum: { gte: today } }),
+          ...(!input.upcoming &&
+            input.upcoming !== undefined && { datum: { lt: today } }),
+          ...(input.nurAngemeldet &&
+            member && {
+              anmeldungen: { some: { memberId: member.id } },
+            }),
+        },
+        include: {
+          anmeldungen: {
+            select: { memberId: true },
+          },
+        },
+        orderBy: { datum: input.upcoming ? 'asc' : 'desc' },
+      })
+
+      return termine.map((t) => ({
+        ...t,
+        isAngemeldet: member
+          ? t.anmeldungen.some((a) => a.memberId === member.id)
+          : false,
+        teilnehmerAnzahl: t.anmeldungen.length,
+        anmeldungen: undefined,
+      }))
+    }),
+
+  /**
+   * Get single Termin
+   */
+  byId: memberProcedure
+    .input(z.object({ id: z.string() }))
+    .query(async ({ ctx, input }) => {
+      const member = await ctx.prisma.member.findFirst({
+        where: { userId: ctx.session.user.id, orgId: ctx.orgId },
+      })
+
+      const termin = await ctx.prisma.termin.findFirstOrThrow({
+        where: { id: input.id, orgId: ctx.orgId },
+        include: {
+          anmeldungen: {
+            include: {
+              member: { select: { name: true, betrieb: true } },
+            },
+          },
+        },
+      })
+
+      const isAngemeldet = member
+        ? termin.anmeldungen.some((a) => a.memberId === member.id)
+        : false
+
+      return {
+        ...termin,
+        isAngemeldet,
+        teilnehmerAnzahl: termin.anmeldungen.length,
+        // Only expose member list to admins
+        anmeldungen: ctx.role === 'admin' ? termin.anmeldungen : [],
+      }
+    }),
+
+  /**
+   * Anmelden / Abmelden
+   */
+  toggleAnmeldung: memberProcedure
+    .input(z.object({ terminId: z.string() }))
+    .mutation(async ({ ctx, input }) => {
+      const member = await ctx.prisma.member.findFirstOrThrow({
+        where: { userId: ctx.session.user.id, orgId: ctx.orgId },
+      })
+
+      const termin = await ctx.prisma.termin.findFirstOrThrow({
+        where: { id: input.terminId, orgId: ctx.orgId },
+        include: { anmeldungen: true },
+      })
+
+      const existing = termin.anmeldungen.find(
+        (a) => a.memberId === member.id
+      )
+
+      if (existing) {
+        // Abmelden
+        await ctx.prisma.terminAnmeldung.delete({ where: { id: existing.id } })
+        return { angemeldet: false }
+      } else {
+        // Check capacity
+        if (
+          termin.maxTeilnehmer &&
+          termin.anmeldungen.length >= termin.maxTeilnehmer
+        ) {
+          throw new Error('Maximale Teilnehmerzahl erreicht')
+        }
+        await ctx.prisma.terminAnmeldung.create({
+          data: { terminId: input.terminId, memberId: member.id },
+        })
+        return { angemeldet: true }
+      }
+    }),
+
+  /**
+   * Create Termin (admin only)
+   */
+  create: adminProcedure.input(TerminInput).mutation(async ({ ctx, input }) => {
+    const termin = await ctx.prisma.termin.create({
+      data: {
+        orgId: ctx.orgId,
+        ...input,
+        datum: new Date(input.datum),
+        endeDatum: input.endeDatum ? new Date(input.endeDatum) : null,
+      },
+    })
+    return termin
+  }),
+
+  /**
+   * Update Termin (admin only)
+   */
+  update: adminProcedure
+    .input(z.object({ id: z.string(), data: TerminInput.partial() }))
+    .mutation(async ({ ctx, input }) => {
+      await ctx.prisma.termin.updateMany({
+        where: { id: input.id, orgId: ctx.orgId },
+        data: {
+          ...input.data,
+          ...(input.data.datum && { datum: new Date(input.data.datum) }),
+          ...(input.data.endeDatum && { endeDatum: new Date(input.data.endeDatum) }),
+        },
+      })
+      return { success: true }
+    }),
+
+  /**
+   * Delete Termin (admin only)
+   */
+  delete: adminProcedure
+    .input(z.object({ id: z.string() }))
+    .mutation(async ({ ctx, input }) => {
+      await ctx.prisma.termin.deleteMany({
+        where: { id: input.id, orgId: ctx.orgId },
+      })
+      return { success: true }
+    }),
+})

innungsapp/apps/admin/server/trpc.ts

@@ -0,0 +1,82 @@
+import { initTRPC, TRPCError } from '@trpc/server'
+import superjson from 'superjson'
+import { ZodError } from 'zod'
+import { type Context } from './context'
+
+const t = initTRPC.context<Context>().create({
+  transformer: superjson,
+  errorFormatter({ shape, error }) {
+    return {
+      ...shape,
+      data: {
+        ...shape.data,
+        zodError:
+          error.cause instanceof ZodError ? error.cause.flatten() : null,
+      },
+    }
+  },
+})
+
+export const router = t.router
+export const publicProcedure = t.procedure
+export const createCallerFactory = t.createCallerFactory
+
+/**
+ * Protected: user must be authenticated
+ */
+export const protectedProcedure = t.procedure.use(({ ctx, next }) => {
+  if (!ctx.session?.user) {
+    throw new TRPCError({ code: 'UNAUTHORIZED' })
+  }
+  return next({
+    ctx: {
+      ...ctx,
+      session: { ...ctx.session, user: ctx.session.user },
+    },
+  })
+})
+
+/**
+ * Member: user must belong to an organization
+ * Adds orgId + role to context
+ */
+export const memberProcedure = protectedProcedure.use(async ({ ctx, next }) => {
+  const userRole = await ctx.prisma.userRole.findFirst({
+    where: { userId: ctx.session.user.id },
+  })
+  if (!userRole) {
+    throw new TRPCError({
+      code: 'FORBIDDEN',
+      message: 'You are not a member of any organization.',
+    })
+  }
+  return next({
+    ctx: {
+      ...ctx,
+      orgId: userRole.orgId,
+      role: userRole.role,
+    },
+  })
+})
+
+/**
+ * Admin: user must be an admin of their organization
+ */
+export const adminProcedure = protectedProcedure.use(async ({ ctx, next }) => {
+  const userRole = await ctx.prisma.userRole.findFirst({
+    where: { userId: ctx.session.user.id, role: 'admin' },
+  })
+  if (!userRole) {
+    throw new TRPCError({
+      code: 'FORBIDDEN',
+      message: 'Admin access required.',
+    })
+  }
+  return next({
+    ctx: {
+      ...ctx,
+      orgId: userRole.orgId,
+      role: 'admin' as const,
+    },
+  })
+})