From bd099924418cc96e59a5831d380c5cd5bcd743db Mon Sep 17 00:00:00 2001
From: sysops <sysops@LenovoT14Gen5>
Date: Wed, 18 Mar 2026 01:18:28 +0100
Subject: [PATCH] =?UTF-8?q?feat(PROJ-21):=20Phase=206+7=20abschliessen=20?=
 =?UTF-8?q?=E2=80=94=20Dienste-Tab=20nur=20superadmin?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Frontend: Dienste-Tab (Systemdienste starten/stoppen) ist jetzt nur
noch für superadmin sichtbar. domain_admin sieht: Dashboard, Benutzer,
Audit-Log, Import, LDAP (eigener Mandant).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 features/INDEX.md                 |  7 ++++---
 features/PROJ-21-multi-tenancy.md | 11 +++++++++--
 src/app/admin/page.tsx            |  2 +-
 3 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/features/INDEX.md b/features/INDEX.md
index 93ad804..0a44d0f 100644
--- a/features/INDEX.md
+++ b/features/INDEX.md
@@ -33,11 +33,12 @@
 | PROJ-18 | E-Mail Integritätsprüfung | Deployed | [PROJ-18](PROJ-18-integritaetspruefung.md) | 2026-03-14 |
 | PROJ-19 | Mailpiler → archivmail Migrationstool | Deployed | [PROJ-19](PROJ-19-import-piler.md) | 2026-03-17 |
 | PROJ-20 | Nutzer-Löschung & E-Mail-Verbleib (GoBD-konform) | Deployed | [PROJ-20](PROJ-20-nutzer-loeschung.md) | 2026-03-17 |
-| PROJ-21 | Multi-Mandanten-Fähigkeit (Multi-Tenancy) | In Progress | [PROJ-21](PROJ-21-multi-tenancy.md) | 2026-03-17 |
+| PROJ-21 | Multi-Mandanten-Fähigkeit (Multi-Tenancy) | Deployed | [PROJ-21](PROJ-21-multi-tenancy.md) | 2026-03-17 |
 | PROJ-22 | LDAP / AD – Web-GUI Konfiguration & Test | Deployed | [PROJ-22](PROJ-22-ldap-webgui.md) | 2026-03-17 |
 | PROJ-23 | Pro-Mandant LDAP / Active Directory (Multi-Tenant Phase B) | In Progress | [PROJ-23](PROJ-23-tenant-ldap-pro-mandant.md) | 2026-03-17 |
-| PROJ-24 | TOTP Zwei-Faktor-Authentifizierung (2FA) | Planned | [PROJ-24](PROJ-24-totp-zwei-faktor.md) | 2026-03-18 |
+| PROJ-24 | TOTP Zwei-Faktor-Authentifizierung (2FA) | Deployed | [PROJ-24](PROJ-24-totp-zwei-faktor.md) | 2026-03-18 |
+| PROJ-25 | User-Profil & Einstellungen | Deployed | [PROJ-25](PROJ-25-user-profil-einstellungen.md) | 2026-03-18 |
 
 <!-- Add features above this line -->
 
-## Next Available ID: PROJ-25
+## Next Available ID: PROJ-26
diff --git a/features/PROJ-21-multi-tenancy.md b/features/PROJ-21-multi-tenancy.md
index cc232a2..81bde73 100644
--- a/features/PROJ-21-multi-tenancy.md
+++ b/features/PROJ-21-multi-tenancy.md
@@ -1,7 +1,7 @@
 ---
 id: PROJ-21
 title: Multi-Mandanten-Fähigkeit (Multi-Tenancy)
-status: In Progress
+status: Deployed
 created: 2026-03-17
 ---
 
@@ -39,7 +39,14 @@ created: 2026-03-17
 - `internal/imap/importer.go`, `internal/pop3/importer.go` — `TenantID *int64` Feld + `Save(ctx, ..., tenantID)`
 - `cmd/archivmail/cmd_import.go`, `cmd/archivmail-import/main.go` — `Save(ctx, ..., nil)`
 
-**Offene Phasen:** Phase 4 (Xapian per-tenant Index-Filter)
+**Phase 4 implementiert + QA-approved (2026-03-18)**
+
+**Phase 6+7 implementiert (2026-03-18):**
+- Tenant-Management-Routen (Phase 1 bereits enthalten)
+- `/api/tenant/ldap` Routen via PROJ-23
+- Frontend: Dienste-Tab nur für superadmin sichtbar
+- Frontend: Security/Tenants/Modules/LDAP-Global nur für superadmin
+- Frontend: domain_admin sieht nur eigene Nutzer/Audit/LDAP-Tab
 
 ## Phase 4 -- QA-Bericht (2026-03-18, Code-Review)
 
diff --git a/src/app/admin/page.tsx b/src/app/admin/page.tsx
index f3b824e..882feea 100644
--- a/src/app/admin/page.tsx
+++ b/src/app/admin/page.tsx
@@ -722,7 +722,7 @@ export default function AdminPage() {
         <Tabs defaultValue="dashboard">
           <TabsList>
             <TabsTrigger value="dashboard">Dashboard</TabsTrigger>
-            <TabsTrigger value="services">Dienste</TabsTrigger>
+            {isSuperAdmin && <TabsTrigger value="services">Dienste</TabsTrigger>}
             <TabsTrigger value="users">Benutzer</TabsTrigger>
             <TabsTrigger value="audit">Audit-Log</TabsTrigger>
             <TabsTrigger value="import">Import</TabsTrigger>