feat: Package 4 Rechtliche Texte — DB-Persistenz fuer Legal Documents, Einwilligungen und Cookie Banner

- Migration 007: compliance_legal_documents, _versions, _approvals (Approval-Workflow)
- Migration 008: compliance_einwilligungen_catalog, _company, _cookies, _consents
- Backend: legal_document_routes.py (11 Endpoints + draft→review→approved→published Workflow)
- Backend: einwilligungen_routes.py (10 Endpoints inkl. Stats, Pagination, Revoke)
- Frontend: /api/admin/consent/[[...path]] Catch-All-Proxy fuer Legal Documents
- Frontend: catalog/consent/cookie-banner routes von In-Memory auf DB-Proxy umgestellt
- Frontend: einwilligungen/page.tsx + cookie-banner/page.tsx laden jetzt via API (kein Mock)
- Tests: 44/44 pass (test_legal_document_routes.py + test_einwilligungen_routes.py)
- Deploy-Scripts: apply_legal_docs_migration.sh + apply_einwilligungen_migration.sh

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend-compliance/compliance/db/einwilligungen_models.py

@@ -0,0 +1,99 @@
+"""
+SQLAlchemy models for Einwilligungen — Consent-Tracking und Cookie-Banner Konfiguration.
+
+Tables:
+- compliance_einwilligungen_catalog: Tenant-Katalog (aktive Datenpunkte)
+- compliance_einwilligungen_company: Firmeninformationen fuer DSI-Generierung
+- compliance_einwilligungen_cookies: Cookie-Banner-Konfiguration
+- compliance_einwilligungen_consents: Endnutzer-Consent-Aufzeichnungen
+"""
+
+import uuid
+from datetime import datetime
+
+from sqlalchemy import (
+    Column, String, Text, Boolean, DateTime, JSON, Index
+)
+from sqlalchemy.dialects.postgresql import UUID
+
+from classroom_engine.database import Base
+
+
+class EinwilligungenCatalogDB(Base):
+    """Tenant-spezifischer Datenpunktkatalog — welche Datenpunkte sind aktiv?"""
+
+    __tablename__ = 'compliance_einwilligungen_catalog'
+
+    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    tenant_id = Column(String(100), nullable=False, unique=True)
+    selected_data_point_ids = Column(JSON, default=list)
+    custom_data_points = Column(JSON, default=list)
+    updated_at = Column(DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
+
+    __table_args__ = (
+        Index('idx_einw_catalog_tenant', 'tenant_id'),
+    )
+
+    def __repr__(self):
+        return f"<EinwilligungenCatalog tenant={self.tenant_id}>"
+
+
+class EinwilligungenCompanyDB(Base):
+    """Firmeninformationen fuer die DSI-Generierung."""
+
+    __tablename__ = 'compliance_einwilligungen_company'
+
+    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    tenant_id = Column(String(100), nullable=False, unique=True)
+    data = Column(JSON, nullable=False, default=dict)
+    updated_at = Column(DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
+
+    def __repr__(self):
+        return f"<EinwilligungenCompany tenant={self.tenant_id}>"
+
+
+class EinwilligungenCookiesDB(Base):
+    """Cookie-Banner-Konfiguration pro Tenant."""
+
+    __tablename__ = 'compliance_einwilligungen_cookies'
+
+    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    tenant_id = Column(String(100), nullable=False, unique=True)
+    categories = Column(JSON, default=list)
+    config = Column(JSON, default=dict)
+    updated_at = Column(DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
+
+    __table_args__ = (
+        Index('idx_einw_cookies_tenant', 'tenant_id'),
+    )
+
+    def __repr__(self):
+        return f"<EinwilligungenCookies tenant={self.tenant_id}>"
+
+
+class EinwilligungenConsentDB(Base):
+    """Endnutzer-Consent-Aufzeichnung — granulare Einwilligungen pro Datenpunkt."""
+
+    __tablename__ = 'compliance_einwilligungen_consents'
+
+    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    tenant_id = Column(String(100), nullable=False)
+    user_id = Column(String(200), nullable=False)
+    data_point_id = Column(String(100), nullable=False)
+    granted = Column(Boolean, nullable=False, default=True)
+    granted_at = Column(DateTime, nullable=False, default=datetime.utcnow)
+    revoked_at = Column(DateTime)
+    ip_address = Column(String(45))
+    user_agent = Column(Text)
+    consent_version = Column(String(20), default='1.0')
+    source = Column(String(100))
+    created_at = Column(DateTime, default=datetime.utcnow, nullable=False)
+
+    __table_args__ = (
+        Index('idx_einw_consents_tenant', 'tenant_id'),
+        Index('idx_einw_consents_user', 'tenant_id', 'user_id'),
+        Index('idx_einw_consents_dpid', 'data_point_id'),
+    )
+
+    def __repr__(self):
+        return f"<EinwilligungenConsent user={self.user_id} dp={self.data_point_id} granted={self.granted}>"

backend-compliance/compliance/db/legal_document_models.py

@@ -0,0 +1,90 @@
+"""
+SQLAlchemy models for Legal Documents — Rechtliche Texte mit Versionierung und Approval-Workflow.
+
+Tables:
+- compliance_legal_documents: Dokumenttypen (DSE, AGB, Cookie-Policy etc.)
+- compliance_legal_document_versions: Versionen mit Status-Workflow
+- compliance_legal_document_approvals: Audit-Trail fuer Freigaben
+"""
+
+import uuid
+from datetime import datetime
+
+from sqlalchemy import (
+    Column, String, Text, Boolean, DateTime, Index, ForeignKey
+)
+from sqlalchemy.dialects.postgresql import UUID
+
+from classroom_engine.database import Base
+
+
+class LegalDocumentDB(Base):
+    """Legal document type — DSE, AGB, Cookie-Policy, Impressum, AVV etc."""
+
+    __tablename__ = 'compliance_legal_documents'
+
+    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    tenant_id = Column(String(100))
+    type = Column(String(50), nullable=False)   # privacy_policy|terms|cookie_policy|imprint|dpa
+    name = Column(String(300), nullable=False)
+    description = Column(Text)
+    mandatory = Column(Boolean, default=False)
+    created_at = Column(DateTime, default=datetime.utcnow, nullable=False)
+    updated_at = Column(DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
+
+    __table_args__ = (
+        Index('idx_legal_docs_tenant', 'tenant_id'),
+        Index('idx_legal_docs_type', 'type'),
+    )
+
+    def __repr__(self):
+        return f"<LegalDocument {self.type}: {self.name}>"
+
+
+class LegalDocumentVersionDB(Base):
+    """Version of a legal document with Approval-Workflow status."""
+
+    __tablename__ = 'compliance_legal_document_versions'
+
+    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    document_id = Column(UUID(as_uuid=True), ForeignKey('compliance_legal_documents.id', ondelete='CASCADE'), nullable=False)
+    version = Column(String(20), nullable=False)
+    language = Column(String(10), default='de')
+    title = Column(String(300), nullable=False)
+    content = Column(Text, nullable=False)
+    summary = Column(Text)
+    status = Column(String(20), default='draft')   # draft|review|approved|published|archived|rejected
+    created_by = Column(String(200))
+    approved_by = Column(String(200))
+    approved_at = Column(DateTime)
+    rejection_reason = Column(Text)
+    created_at = Column(DateTime, default=datetime.utcnow, nullable=False)
+    updated_at = Column(DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
+
+    __table_args__ = (
+        Index('idx_legal_doc_versions_doc', 'document_id'),
+        Index('idx_legal_doc_versions_status', 'status'),
+    )
+
+    def __repr__(self):
+        return f"<LegalDocumentVersion {self.version} [{self.status}]>"
+
+
+class LegalDocumentApprovalDB(Base):
+    """Audit trail for all approval actions on document versions."""
+
+    __tablename__ = 'compliance_legal_document_approvals'
+
+    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    version_id = Column(UUID(as_uuid=True), ForeignKey('compliance_legal_document_versions.id', ondelete='CASCADE'), nullable=False)
+    action = Column(String(50), nullable=False)   # submitted|approved|rejected|published|archived
+    approver = Column(String(200))
+    comment = Column(Text)
+    created_at = Column(DateTime, default=datetime.utcnow, nullable=False)
+
+    __table_args__ = (
+        Index('idx_legal_doc_approvals_version', 'version_id'),
+    )
+
+    def __repr__(self):
+        return f"<LegalDocumentApproval {self.action} on version {self.version_id}>"