- HandleDeleteMediaUI: check err after media.Get before using asset (prevents nil-pointer panic)
- HandleTenantDeleteMedia: add restricted-user ownership check (K3)
- HandleTenantDashboard: filter media list by ownerUserID for restricted users
- SCHEMA.md: correct created_by_user_id to 'text null ... on delete set null'
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- SCHEMA.md: Index idx_media_assets_created_by_user_id hinzugefügt
- API-ENDPOINTS.md: GET/POST Media-Endpoints erweitert um owner_is_restricted und owner_username
- API-ENDPOINTS.md: DELETE Media-Endpoint mit Berechtigungslogik dokumentiert
* admin_user: immer erlaubt
* screen_user: erlaubt wenn asset.tenant_id == user.tenant_id
* restricted: erlaubt nur wenn asset.created_by_user_id == user.id
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- API-ENDPOINTS.md: neue Sektion "Display-Steuerung" mit POST /api/v1/screens/{screenSlug}/display und POST /api/v1/screens/{screenSlug}/schedule
- SCHEMA.md: Hinweis zur vereinfachten screen_status-Tabelle (Migration 004) und neue Sektion screen_schedules (Migration 005)
- server/backend/README.md: scheduler-Package beschrieben, Migrationen 004+005 ergaenzt, Endpunkt-Tabelle aktualisiert
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
