The SEO Settings global had `read: ({ req: { user } }) => Boolean(user)`
which requires authentication. During admin panel server-side rendering
(after saves), the user context is not propagated to global reads,
causing a Forbidden error that crashes the entire page render.
SEO data is not sensitive, so public read access is appropriate.
Also removes temporary debug logging.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Next.js has its own CSRF protection for server actions, separate from
Payload's csrf config. Without allowedOrigins, server actions from the
admin panel behind a reverse proxy are rejected because the Origin header
(cms.c2sgmbh.de) doesn't match the Host header (localhost:3001).
Also removes temporary debug logging from multiTenant access check.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add pl.c2sgmbh.de and cms.c2sgmbh.de to cors and csrf arrays
to fix Forbidden error on PATCH requests from these domains
- Add saveToJWT: true to isSuperAdmin field so multiTenantPlugin
correctly grants super admins access to all tenants
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add http://10.10.181.104:3000 (sv-frontend staging) to allow cross-origin
form submissions from the staging frontend to the CMS API.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add forms + form-submissions to multiTenantPlugin with tenant scoping
- Inject tenant field into forms via formOverrides
- Reorder plugins: formBuilderPlugin before multiTenantPlugin (fixes warning)
- Refactor ContactFormBlock: form relationship replaces hardcoded recipientEmail
- Add setSubmissionTenant hook to auto-copy tenant from form to submission
- Add tenant field (read-only) to FormSubmissionsOverrides
- Migration: tenant_id on forms/form_submissions, form_id on contact block
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add monitoring access controls to centralized access module and create
four new system-wide collections for the monitoring dashboard:
- MonitoringSnapshots: historical system metrics for trend charts
- MonitoringLogs: structured logs for business events (WORM)
- MonitoringAlertRules: configurable alert rule definitions
- MonitoringAlertHistory: alert log with acknowledge support
Collections are registered in payload.config.ts but intentionally
excluded from multi-tenant plugin since they are system-wide.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds the Content Calendar view at /admin/content-calendar and
integrates it into the YouTube Dashboards nav group.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Custom admin view at /admin/youtube-analytics with 4 tabs:
- Performance: Views, Watch Time, CTR, Subscribers with period comparison
- Pipeline: Status distribution, scheduled videos, overdue tasks
- Goals: Monthly target progress bars and custom KPIs
- Community: Sentiment analysis, response time, top topics
Includes channel selector, period selector (7d/30d/90d), and
sidebar nav link in the YouTube section.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Issue #15241 (TypeError: Missing parameter name with custom admin
components + multi-tenant plugin) is resolved in Payload 3.76.1.
Re-enable TenantDashboard custom view at /admin/tenant-dashboard.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add CommunityNavLinks component with styled navigation
- Register afterNavLinks in payload.config.ts
- Link to Community Inbox and Analytics views
- Add Analytics quick-link in Inbox component
- Support dark mode styling
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add 5 new collections: SocialPlatforms, SocialAccounts,
CommunityInteractions, CommunityTemplates, CommunityRules
- Add communityRole field to Users collection
- Add YouTube API client for comment sync
- Add Claude AI service for sentiment analysis
- Add API endpoints: /api/community/sync-comments, /api/community/reply
- Add communityAccess.ts for role-based access control
- Add migrations for all new tables and community_role enum fix
Fix: Make audit hooks non-blocking to prevent user save timeout
Dependencies: @anthropic-ai/sdk, googleapis
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Complete YouTube content management system:
- YouTubeChannels: Channel management with branding and metrics
- YouTubeContent: Video pipeline with workflow, approvals, scheduling
- YtSeries: Dedicated series management per channel (NEW)
- YtBatches: Production batch tracking with targets and progress
- YtTasks: Task management with notifications
- YtNotifications: User notification system
- YtMonthlyGoals: Monthly production goals per channel
- YtScriptTemplates: Reusable script templates
- YtChecklistTemplates: Checklist templates for workflows
Features:
- Role-based access (YouTubeManager, YouTubeCreator, YouTubeViewer)
- Auto-task generation on status changes
- Series relationship with channel-based filtering
- API endpoints for dashboard, tasks, and task completion
- German/English localization support
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Root cause: payload_locked_documents_rels table was missing columns
for new collections, causing "column does not exist" errors during
the dashboard query after login.
Changes:
- Enable Favorites and Series collections in payload.config.ts
- Enable all BlogWoman blocks (FavoritesBlock, SeriesBlock, etc.)
- Add migration with proper system table updates:
- favorites_id column in payload_locked_documents_rels
- series_id column in payload_locked_documents_rels
- Include related migrations for Pages blocks and VideoEmbed
Key insight: When adding new collections, the migration must also
update payload_locked_documents_rels with a reference column.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Create migration with ENUMs and tables for BlogWoman collections
- favorites table with category, badge, priceRange, affiliateNetwork enums
- series table with localized fields (title, tagline, description)
- Associated _rels and _locales tables
- Set push: false to enforce migration-based schema changes
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add new collections and blocks for BlogWoman affiliate and video content:
Collections:
- Favorites: Affiliate products with categories, badges, and price ranges
- Series: YouTube series with custom branding (logo, colors)
Blocks:
- FavoritesBlock: Grid/list/carousel display for affiliate products
- SeriesBlock: Series overview with filtering
- SeriesDetailBlock: Single series page with hero
- VideoEmbedBlock: YouTube/Vimeo embed with privacy mode
- FeaturedContentBlock: Curated mixed-content collections
Also includes documentation updates for deployment and API guides.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Updated payload-types.ts with new collection types
- Updated comment in payload.config.ts
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- SiteSettings is now a Collection with multi-tenant support
- Navigation is now Navigations Collection with multi-tenant support
- Both added to multiTenantPlugin collections config
- Allows each tenant to have their own site settings and navigation
- API endpoints change from /api/globals/* to /api/site-settings and /api/navigations
BREAKING CHANGE: Frontends need to update API calls from globals to collections
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
TenantBreadcrumb in afterNavLinks also triggers the error on production.
Completely disabling admin.components until Payload fixes the issue.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Custom admin views cause TypeError: Missing parameter name at 5
when used with @payloadcms/plugin-multi-tenant. This appears to be
a bug in Payload 3.68.4's custom view handling.
Changes:
- Disable custom TenantDashboard view temporarily
- Keep TenantBreadcrumb in afterNavLinks (works correctly)
- Add bug report template for Payload team
See BUG_REPORT_CUSTOM_VIEWS.md for full details.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- CSRF: Require CSRF_SECRET in production, throw error on missing secret
- IP Allowlist: TRUST_PROXY must be explicitly set to 'true' for proxy headers
- Rate Limiter: Add proper proxy trust handling for client IP detection
- Login: Add browser form redirect support with safe URL validation
- Add custom admin login page with styled form
- Update CLAUDE.md with TRUST_PROXY documentation
- Update tests for new security behavior
BREAKING: Server will not start in production without CSRF_SECRET or PAYLOAD_SECRET
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Video Feature Implementation:
- Add Videos and VideoCategories collections with multi-tenant support
- Extend VideoBlock with library/upload/embed sources and playback options
- Add featuredVideo group to Posts collection with processed embed URLs
Hooks & Validation:
- Add processFeaturedVideo hook for URL parsing and privacy mode embedding
- Add createSlugValidationHook for tenant-scoped slug uniqueness
- Add video-utils library (parseVideoUrl, generateEmbedUrl, formatDuration)
Testing:
- Add 84 unit tests for video-utils (URL parsing, duration, embed generation)
- Add 14 integration tests for Videos collection CRUD and slug validation
Database:
- Migration for videos, video_categories tables with locales
- Migration for Posts featuredVideo processed fields
- Update payload internal tables for new collections
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Where type imports and proper type assertions in API routes
- Add Locale type definitions for locale validation
- Fix email-logs/stats route with proper EmailLog typing
- Fix newsletter-service interests type and null checks
- Remove invalid contact field from OpenAPI metadata
- Fix formSubmissionOverrides type casting in payload.config
- Fix vcard route Team type casting
All 24 TypeScript errors in src/ are now resolved.
Test files have separate type issues that don't affect production.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Remove unused variables and imports across API routes and workers
- Fix TypeScript errors in ConsentLogs.ts (PayloadRequest header access)
- Fix TypeScript errors in formSubmissionHooks.ts (add ResponseTracking interface)
- Update eslint ignores for coverage, test results, and generated files
- Set push: false in payload.config.ts (schema changes only via migrations)
- Update dependencies to latest versions (Payload 3.68.4, React 19.2.3)
- Add framework update check script and documentation
- Regenerate payload-types.ts
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
New Collections:
- Events: Veranstaltungen mit Datum, Ort, Registrierung
- Jobs: Stellenangebote mit Standort und Bewerbungsfrist
- Locations: Standorte mit Adresse, Kontakt, Öffnungszeiten
- Partners: Partner/Kunden mit Logo und Beschreibung
- Downloads: Dateien mit Kategorisierung und Tracking
New Blocks:
- EventsBlock: Veranstaltungslisten mit Kalender-Ansicht
- JobsBlock: Stellenanzeigen mit Filterfunktion
- LocationsBlock: Standort-Karten und Listen
- PricingBlock: Preistabellen mit Feature-Vergleich
- TabsBlock: Tabbed Content mit verschiedenen Stilen
- AccordionBlock: FAQ/Accordion mit Animationen
- ComparisonBlock: Vergleichstabellen (Tabelle, Karten, Pro/Contra)
- StatsBlock: Statistiken mit Counter-Animation
- LogoGridBlock: Logo-Wolken und Partner-Galerien
- MapBlock: Interaktive Karten mit Markern
- DownloadsBlock: Download-Listen mit Kategorien
All collections support multi-tenant isolation and localization.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Blogging Collections:
- Tags Collection with name, slug, description, color
- Authors Collection with avatar, bio, social media links
Posts Collection extended:
- Tags and Author relationships
- Co-Authors support
- Automatic reading time calculation
- Legacy author text field fallback
New Blogging Blocks:
- AuthorBioBlock: Display author info with various layouts
- RelatedPostsBlock: Show related articles (auto/manual/category/tag)
- ShareButtonsBlock: Social sharing (Facebook, Twitter, LinkedIn, etc.)
- TableOfContentsBlock: Auto-generated TOC from headings
Team Collection extended:
- Slug field for profile pages (auto-generated)
- Hierarchy fields (reportsTo, hierarchyLevel) for org charts
- vCard export flag
New Team API Endpoints:
- GET /api/team - List with search and filters
- GET /api/team/[slug]/vcard - vCard download (VCF)
New Team Blocks:
- TeamFilterBlock: Interactive team display with search/filter
- OrgChartBlock: Hierarchical organization chart visualization
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add dedicated Timeline Collection for managing complex timeline events:
- Collection: Multiple types (history, milestones, releases, career, events, process)
- Events: Flexible date handling (year, month+year, full date, ranges, custom text)
- Categories: milestone, founding, product, team, award, partnership, expansion, technology
- Importance levels: highlight, normal, minor
- Display options: layouts (vertical, alternating, horizontal, compact), sorting, year grouping
- Media: Image and gallery support per event
- Localization: Full support for DE/EN
- SEO: Meta fields for each timeline
API Features:
- Public endpoint at /api/timelines with tenant isolation
- Rate limiting and IP blocking
- Filter by type, slug, category, importance
- Locale parameter support
- Date formatting and sorting
- Optional grouping by year
Database: 8 tables created via migration
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add Products collection with comprehensive fields (pricing, inventory, SEO, CTA)
- Add ProductCategories collection with hierarchical structure
- Implement CI/CD pipeline with GitHub Actions (lint, typecheck, test, build, e2e)
- Add access control test utilities and unit tests
- Fix Posts API to include category field for backwards compatibility
- Update ESLint config with ignores for migrations and admin components
- Add centralized access control functions in src/lib/access
- Add db-direct.sh utility script for database access
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Install payload-oapi plugin for automatic API documentation
- Configure OpenAPI 3.1 specification at /api/openapi.json
- Add Swagger UI interface at /api/docs
- Update documentation with new API endpoints
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add Team collection with comprehensive member profiles
- Support for role, department, bio, contact info, social links
- Qualifications, specializations, and language skills
- Optional link to User account for author attribution
- Add TeamBlock with multiple layouts (grid, list, slider, compact, detailed)
- Filter by department, featured, or manual selection
- Multi-tenant enabled via plugin configuration
- Update documentation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add FAQs collection with question/answer, categories, and ordering
- Add FAQBlock with collection and inline source modes
- Support multiple layouts: accordion, grid, list, two-column
- Schema.org FAQPage structured data support for SEO
- Multi-tenant enabled via plugin configuration
- Update documentation
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Remove obsolete instruction documents (PROMPT_*.md, SECURITY_FIXES.md)
- Update CLAUDE.md with security features, test suite, audit logs
- Merge Techstack_Dokumentation into INFRASTRUCTURE.md
- Update SECURITY.md with custom login route documentation
- Add changelog to TODO.md
- Update email service and data masking for SMTP error handling
- Extend test coverage for CSRF and data masking
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add Payload email adapter for system emails (auth, password reset)
- Add EmailLogs collection for tracking all sent emails
- Extend Tenants collection with SMTP configuration fields
- Implement tenant-specific email service with transporter caching
- Add /api/send-email endpoint with:
- Authentication required
- Tenant access control (users can only send for their tenants)
- Rate limiting (10 emails/minute per user)
- Add form submission notification hook with email logging
- Add cache invalidation hook for tenant email config changes
Security:
- SMTP passwords are never returned in API responses
- Passwords are preserved when field is left empty on update
- Only super admins can delete email logs
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add collections for photography portfolio website:
- PortfolioCategories: categories with name, slug, cover image, order
- Portfolios: galleries with images, project details, SEO fields
- Both collections are tenant-scoped and localized (DE/EN)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add isSuperAdmin field to Users collection with migration
- Update API documentation with analytics examples
- Add analytics implementation guide
- Update TODO with completed tasks
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Update payload.config.ts with new collections, blocks, and globals
- Configure i18n with DE/EN localization support
- Add multi-tenant plugin configuration
- Update ecosystem.config.cjs for PM2
- Regenerate payload-types.ts and importMap.js
- Add prettier configuration
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
