feat: Consent-Service Module nach Compliance migriert (DSR, E-Mail-Templates, Legal Docs, Banner)

5-Phasen-Migration: Go consent-service Proxies durch native Python/FastAPI ersetzt.

Phase 1 — DSR (Betroffenenrechte): 6 Tabellen, 30 Endpoints, Frontend-API umgestellt
Phase 2 — E-Mail-Templates: 5 Tabellen, 20 Endpoints, neues Frontend, SDK_STEPS erweitert
Phase 3 — Legal Documents Extension: User Consents, Audit Log, Cookie-Kategorien
Phase 4 — Banner Consent: Device-Consents, Site-Configs, Kategorien, Vendors
Phase 5 — Cleanup: DSR-Proxy aus main.py entfernt, Frontend-URLs aktualisiert

148 neue Tests (50 + 47 + 26 + 25), alle bestanden.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

backend-compliance/compliance/db/legal_document_extend_models.py

@@ -0,0 +1,88 @@
+"""
+SQLAlchemy models for Legal Documents Extension.
+
+Tables:
+- compliance_user_consents: End-User Consent-Records
+- compliance_consent_audit_log: Immutable Audit-Trail
+- compliance_cookie_categories: Cookie-Kategorien fuer Banner
+"""
+
+import uuid
+from datetime import datetime
+
+from sqlalchemy import (
+    Column, String, Text, Boolean, Integer, DateTime, Index, JSON
+)
+from sqlalchemy.dialects.postgresql import UUID
+
+from classroom_engine.database import Base
+
+
+class UserConsentDB(Base):
+    """End-User Consent-Record fuer rechtliche Dokumente."""
+
+    __tablename__ = 'compliance_user_consents'
+
+    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    tenant_id = Column(UUID(as_uuid=True), nullable=False)
+    user_id = Column(Text, nullable=False)
+    document_id = Column(UUID(as_uuid=True), nullable=False)
+    document_version_id = Column(UUID(as_uuid=True))
+    document_type = Column(Text, nullable=False)
+    consented = Column(Boolean, nullable=False, default=True)
+    ip_address = Column(Text)
+    user_agent = Column(Text)
+    consented_at = Column(DateTime, nullable=False, default=datetime.utcnow)
+    withdrawn_at = Column(DateTime)
+    created_at = Column(DateTime, nullable=False, default=datetime.utcnow)
+
+    __table_args__ = (
+        Index('idx_user_consents_tenant', 'tenant_id'),
+        Index('idx_user_consents_user', 'user_id'),
+        Index('idx_user_consents_doc', 'document_id'),
+        Index('idx_user_consents_type', 'document_type'),
+    )
+
+
+class ConsentAuditLogDB(Base):
+    """Immutable Audit-Trail fuer Consent-Aktionen."""
+
+    __tablename__ = 'compliance_consent_audit_log'
+
+    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    tenant_id = Column(UUID(as_uuid=True), nullable=False)
+    action = Column(Text, nullable=False)
+    entity_type = Column(Text, nullable=False)
+    entity_id = Column(UUID(as_uuid=True))
+    user_id = Column(Text)
+    details = Column(JSON, default=dict)
+    ip_address = Column(Text)
+    created_at = Column(DateTime, nullable=False, default=datetime.utcnow)
+
+    __table_args__ = (
+        Index('idx_consent_audit_tenant', 'tenant_id'),
+        Index('idx_consent_audit_action', 'action'),
+        Index('idx_consent_audit_created', 'created_at'),
+    )
+
+
+class CookieCategoryDB(Base):
+    """Cookie-Kategorien fuer Consent-Banner."""
+
+    __tablename__ = 'compliance_cookie_categories'
+
+    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
+    tenant_id = Column(UUID(as_uuid=True), nullable=False)
+    name_de = Column(Text, nullable=False)
+    name_en = Column(Text)
+    description_de = Column(Text)
+    description_en = Column(Text)
+    is_required = Column(Boolean, nullable=False, default=False)
+    sort_order = Column(Integer, nullable=False, default=0)
+    is_active = Column(Boolean, nullable=False, default=True)
+    created_at = Column(DateTime, nullable=False, default=datetime.utcnow)
+    updated_at = Column(DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
+
+    __table_args__ = (
+        Index('idx_cookie_cats_tenant', 'tenant_id'),
+    )