feat: reporting dashboard — case stats, deadline compliance, workload, billing (P1)

Backend: - ReportingService with aggregation queries (CTEs, FILTER clauses) - 4 API endpoints: /api/reports/{cases,deadlines,workload,billing} - Date range filtering via ?from=&to= query params Frontend: - /berichte page with 4 tabs: Akten, Fristen, Auslastung, Abrechnung - recharts: bar/pie/line charts for all report types - Date range picker, CSV export, print-friendly view - Sidebar nav entry with BarChart3 icon Also resolves merge conflicts between role-based, notification, and audit trail branches, and adds missing TS types (AuditLogResponse, Notification, NotificationPreferences).
2026-03-30 11:24:45 +02:00
parent 8e65463130
commit fdef5af32e
17 changed files with 1812 additions and 124 deletions
--- a/backend/internal/auth/tenant_resolver.go
+++ b/backend/internal/auth/tenant_resolver.go
@@ -12,12 +12,8 @@ import (
 // Defined as an interface to avoid circular dependency with services.
 type TenantLookup interface {
 	FirstTenantForUser(ctx context.Context, userID uuid.UUID) (*uuid.UUID, error)
-<<<<<<< HEAD
 	VerifyAccess(ctx context.Context, userID, tenantID uuid.UUID) (bool, error)
-||||||| 82878df
-=======
 	GetUserRole(ctx context.Context, userID, tenantID uuid.UUID) (string, error)
->>>>>>> mai/pike/p0-role-based
 }

 // TenantResolver is middleware that resolves the tenant from X-Tenant-ID header
@@ -46,33 +42,19 @@ func (tr *TenantResolver) Resolve(next http.Handler) http.Handler {
 				http.Error(w, `{"error":"invalid X-Tenant-ID"}`, http.StatusBadRequest)
 				return
 			}
-<<<<<<< HEAD

-			// Verify user has access to this tenant
-			hasAccess, err := tr.lookup.VerifyAccess(r.Context(), userID, parsed)
+			// Verify user has access and get their role
+			role, err := tr.lookup.GetUserRole(r.Context(), userID, parsed)
 			if err != nil {
 				slog.Error("tenant access check failed", "error", err, "user_id", userID, "tenant_id", parsed)
 				http.Error(w, `{"error":"internal error"}`, http.StatusInternalServerError)
 				return
 			}
-			if !hasAccess {
+			if role == "" {
 				http.Error(w, `{"error":"no access to tenant"}`, http.StatusForbidden)
 				return
 			}

-||||||| 82878df
-=======
-			// Verify user has access and get their role
-			role, err := tr.lookup.GetUserRole(r.Context(), userID, parsed)
-			if err != nil {
-				http.Error(w, "error checking tenant access", http.StatusInternalServerError)
-				return
-			}
-			if role == "" {
-				http.Error(w, "no access to this tenant", http.StatusForbidden)
-				return
-			}
->>>>>>> mai/pike/p0-role-based
 			tenantID = parsed
 			// Override the role from middleware with the correct one for this tenant
 			r = r.WithContext(ContextWithUserRole(r.Context(), role))