feat(PROJ-29): Tenant-Quotas & Usage-Limits vollständig implementiert

- storage/quota.go: SQL-Bug gefixt (emails.size → size_bytes, email_refs JOIN)
- tenantstore/quota.go: GetUsage nutzt jetzt email_refs JOIN für korrekte Tenant-Isolation
- smtpd: ErrQuotaExceeded → SMTP 452 statt 554 (MTA-retry statt permanent reject)
- admin_handlers: handleCreateUser prüft max_users-Quota → HTTP 402 bei Überschreitung
- quota_handlers: handleGetTenantUsage gibt jetzt warnings-Feld mit soft-limit-Prozenten zurück
- server.go: spec-konforme Alias-Route GET /api/admin/tenants/{id}/usage registriert

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

internal/api/admin_handlers.go

@@ -82,6 +82,18 @@ func (s *Server) handleCreateUser(w http.ResponseWriter, r *http.Request) {
 		tenantID = sess.TenantID
 	}
 
+	// PROJ-29: Enforce max_users quota before creating a new user.
+	if tenantID != nil && s.tenantStore != nil {
+		quota, qErr := s.tenantStore.GetQuota(r.Context(), *tenantID)
+		if qErr == nil && quota.MaxUsers != nil {
+			usage, uErr := s.tenantStore.GetUsage(r.Context(), *tenantID)
+			if uErr == nil && int(usage.UserCount) >= *quota.MaxUsers {
+				writeError(w, http.StatusPaymentRequired, "user quota exceeded")
+				return
+			}
+		}
+	}
+
 	user, err := s.users.Create(userstore.CreateUserRequest{
 		Username: req.Username,
 		Email:    req.Email,

internal/api/quota_handlers.go

@@ -12,7 +12,8 @@ import (
 )
 
 // handleGetTenantUsage returns current quota config and usage for a tenant.
-// GET /api/admin/tenant/{id}/quota — superadmin only (PROJ-29).
+// GET /api/admin/tenant/{id}/quota  — superadmin only (PROJ-29).
+// GET /api/admin/tenants/{id}/usage — superadmin only (PROJ-29, spec-conformant alias).
 func (s *Server) handleGetTenantUsage(w http.ResponseWriter, r *http.Request) {
 	tenantID, err := strconv.ParseInt(r.PathValue("id"), 10, 64)
 	if err != nil {
@@ -32,9 +33,48 @@ func (s *Server) handleGetTenantUsage(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// Compute soft-limit warnings (≥80% = soft, ≥100% = hard).
+	type warnings struct {
+		StoragePct      *float64 `json:"storage_pct"`
+		UsersPct        *float64 `json:"users_pct"`
+		EmailsPct       *float64 `json:"emails_pct"`
+		SoftLimitReached bool    `json:"soft_limit_reached"`
+	}
+	w80 := warnings{}
+	softReached := false
+	if quota.MaxStorageBytes != nil && *quota.MaxStorageBytes > 0 {
+		pct := float64(usage.StorageBytes) / float64(*quota.MaxStorageBytes) * 100
+		w80.StoragePct = &pct
+		if pct >= 80 {
+			softReached = true
+		}
+	}
+	if quota.MaxUsers != nil && *quota.MaxUsers > 0 {
+		pct := float64(usage.UserCount) / float64(*quota.MaxUsers) * 100
+		w80.UsersPct = &pct
+		if pct >= 80 {
+			softReached = true
+		}
+	}
+	if quota.MaxEmails != nil && *quota.MaxEmails > 0 {
+		pct := float64(usage.EmailCount) / float64(*quota.MaxEmails) * 100
+		w80.EmailsPct = &pct
+		if pct >= 80 {
+			softReached = true
+		}
+	}
+	w80.SoftLimitReached = softReached
+
 	writeJSON(w, http.StatusOK, map[string]interface{}{
-		"quota": quota,
-		"usage": usage,
+		"storage_bytes": usage.StorageBytes,
+		"user_count":    usage.UserCount,
+		"email_count":   usage.EmailCount,
+		"quotas": map[string]interface{}{
+			"max_storage_bytes": quota.MaxStorageBytes,
+			"max_users":         quota.MaxUsers,
+			"max_emails":        quota.MaxEmails,
+		},
+		"warnings": w80,
 	})
 }
 

internal/api/server.go

@@ -226,6 +226,8 @@ func (s *Server) routes() {
 	s.mux.HandleFunc("GET /api/admin/quotas", s.auth(s.requireRole(userstore.RoleSuperAdmin, s.handleGetAllTenantUsage)))
 	s.mux.HandleFunc("GET /api/admin/tenant/{id}/quota", s.auth(s.requireRole(userstore.RoleSuperAdmin, s.handleGetTenantUsage)))
 	s.mux.HandleFunc("PUT /api/admin/tenant/{id}/quota", s.auth(s.requireRole(userstore.RoleSuperAdmin, s.handleSetTenantQuota)))
+	// Spec-konforme Alias-Route (PROJ-29 Acceptance Criterion 4)
+	s.mux.HandleFunc("GET /api/admin/tenants/{id}/usage", s.auth(s.requireRole(userstore.RoleSuperAdmin, s.handleGetTenantUsage)))
 
 	// PROJ-33: IMAP mode settings — domain_admin only
 	s.mux.HandleFunc("GET /api/admin/settings/imap-mode", s.authAdmin(s.handleGetIMAPMode))