feat(announcements): add locale audience targeting and published-home news

TODO.md

@@ -118,7 +118,7 @@ This file is the single source of truth for roadmap and delivery progress.
   page CRUD, navigation tree, reusable page blocks (forms/price cards/gallery embeds)
 - [~] [P1] `todo/mvp1-commissions-customers`:
   commission request intake + admin CRUD + kanban + customer entity/linking
-- [~] [P1] `todo/mvp1-announcements-news`:
+- [x] [P1] `todo/mvp1-announcements-news`:
   announcement management/rendering + news/blog CRUD and public rendering
 - [~] [P1] `todo/mvp1-public-rendering-integration`:
   public rendering for pages/navigation/media/portfolio/announcements and commissioning entrypoints
@@ -145,15 +145,15 @@ This file is the single source of truth for roadmap and delivery progress.
 - [x] [P1] Artwork refinement fields (medium, dimensions, year, framing, availability, price visibility)
 - [x] [P1] Artwork rendition management (thumbnail, card, full, retina/custom sizes)
 - [x] [P1] Type-specific processing presets (artwork/banner/promo/video/gif) with validation rules
-- [ ] [P1] Users management (invite, roles, status)
+- [x] [P1] Users management (invite, roles, status)
-- [ ] [P1] Disable/ban user function and enforcement in auth/session checks
+- [x] [P1] Disable/ban user function and enforcement in auth/session checks
-- [~] [P1] Owner/support protection rules in user management actions (cannot delete/demote)
+- [x] [P1] Owner/support protection rules in user management actions (cannot delete/demote)
-- [~] [P1] Commissions management (request intake, owner, due date, notes, linked customer, linked artworks)
+- [x] [P1] Commissions management (request intake, owner, due date, notes, linked customer, linked artworks)
-- [~] [P1] Customer records (contact profile, notes, consent flags, recurrence marker)
+- [x] [P1] Customer records (contact profile, notes, consent flags, recurrence marker)
-- [~] [P1] Customer-to-commission linkage and reuse workflow (no re-entry for recurring customers)
+- [x] [P1] Customer-to-commission linkage and reuse workflow (no re-entry for recurring customers)
-- [~] [P1] Kanban workflow for commissions (new, scoped, in-progress, review, done)
+- [x] [P1] Kanban workflow for commissions (new, scoped, in-progress, review, done)
 - [x] [P1] Header banner management (message, CTA, active window)
-- [~] [P1] Announcements management (prominent site notices with schedule, priority, and audience targeting)
+- [x] [P1] Announcements management (prominent site notices with schedule, priority, and audience targeting)
 - [~] [P2] News/blog editorial workflow (draft/review/publish, authoring metadata)
 
 ### Public App
@@ -171,9 +171,9 @@ This file is the single source of truth for roadmap and delivery progress.
 
 ### News / Blog (Secondary Track)
 
-- [~] [P1] News/blog content type (editorial content for artist updates and process posts)
+- [x] [P1] News/blog content type (editorial content for artist updates and process posts)
-- [~] [P1] Admin list/editor for news posts
+- [x] [P1] Admin list/editor for news posts
-- [~] [P1] Public news index + detail pages
+- [x] [P1] Public news index + detail pages
 - [ ] [P2] Tag/category and basic archive support
 
 ### Testing
@@ -367,6 +367,9 @@ This file is the single source of truth for roadmap and delivery progress.
 - [2026-02-12] Media type presets baseline completed in upload API: server-side validation now uses shared per-type rules (mime + max size) for `artwork/banner/promotion/video/gif/generic`, with optional env cap override via `CMS_MEDIA_UPLOAD_MAX_BYTES`.
 - [2026-02-12] Page builder reusable blocks completed: admin block editor now supports full field editing + ordering controls for hero/rich-text/gallery/cta/form/price-cards; public renderer includes form-link behavior for `contact`/`commission` keys.
 - [2026-02-12] Navigation management completed: admin `/navigation` now supports menu update/delete controls, nested item parent selection via menu-local dropdown, and full order/visibility updates across menus and items.
+- [2026-02-12] Users management baseline completed: admin `/users` now supports managed user creation, role changes (`admin/editor/manager`), status changes (ban/unban), and protected/system guardrails for role-change/delete/ban actions.
+- [2026-02-12] Commissions management completed: admin kanban cards now include inline detail editing (assignee/customer/budget/due date/notes), linked-artwork references via `linkedArtworkIds`, and creation/edit flows use assignable users instead of raw ID entry.
+- [2026-02-12] Announcements/news completed: announcements now support locale audience targeting (`targetLocales`) with public locale-aware rendering, and homepage news list now uses locale-aware published posts only.
 - [2026-02-12] Public UX pass: commission request flow now reports explicit invalid budget range errors, and header navigation now falls back to localized defaults (`home`, `portfolio`, `news`, `commissions`) when no CMS menu exists; seed data now creates those default menu entries.
 - [2026-02-12] Added `e2e/public-rendering.pw.ts` web coverage for fallback navigation visibility, portfolio routes, and commission submission validation (invalid budget range + successful submission path).
 - [2026-02-12] Testing execution is temporarily paused for delivery velocity: root test scripts are stubbed and CI test steps are disabled; all testing backlog is consolidated under `MVP 3: Testing and Quality`.

apps/admin/src/app/announcements/page.tsx

@@ -14,6 +14,7 @@ import { requirePermissionForRoute } from "@/lib/route-guards"
 export const dynamic = "force-dynamic"
 
 type SearchParamsInput = Record<string, string | string[] | undefined>
+const SUPPORTED_LOCALES = ["de", "en", "es", "fr"] as const
 
 function readFirstValue(value: string | string[] | undefined): string | null {
   if (Array.isArray(value)) {
@@ -49,6 +50,22 @@ function readNullableDate(formData: FormData, field: string): Date | null {
   return parsed
 }
 
+function readLocaleSelections(formData: FormData, field: string): string[] {
+  const values = formData.getAll(field)
+  const locales = new Set<string>()
+
+  for (const value of values) {
+    if (
+      typeof value === "string" &&
+      SUPPORTED_LOCALES.includes(value as (typeof SUPPORTED_LOCALES)[number])
+    ) {
+      locales.add(value)
+    }
+  }
+
+  return Array.from(locales)
+}
+
 function readInt(formData: FormData, field: string, fallback = 100): number {
   const value = readInputString(formData, field)
 
@@ -94,6 +111,7 @@ async function createAnnouncementAction(formData: FormData) {
       title: readInputString(formData, "title"),
       message: readInputString(formData, "message"),
       placement: readInputString(formData, "placement"),
+      targetLocales: readLocaleSelections(formData, "targetLocales"),
       priority: readInt(formData, "priority", 100),
       ctaLabel: readNullableString(formData, "ctaLabel"),
       ctaHref: readNullableString(formData, "ctaHref"),
@@ -125,6 +143,7 @@ async function updateAnnouncementAction(formData: FormData) {
       title: readInputString(formData, "title"),
       message: readInputString(formData, "message"),
       placement: readInputString(formData, "placement"),
+      targetLocales: readLocaleSelections(formData, "targetLocales"),
       priority: readInt(formData, "priority", 100),
       ctaLabel: readNullableString(formData, "ctaLabel"),
       ctaHref: readNullableString(formData, "ctaHref"),
@@ -277,6 +296,20 @@ export default async function AnnouncementsPage({
               />
             </label>
           </div>
+          <div className="space-y-1">
+            <p className="text-xs text-neutral-600">Target locales (empty = all locales)</p>
+            <div className="flex flex-wrap gap-3">
+              {SUPPORTED_LOCALES.map((locale) => (
+                <label
+                  key={`create-locale-${locale}`}
+                  className="inline-flex items-center gap-2 text-sm"
+                >
+                  <input name="targetLocales" type="checkbox" value={locale} className="size-4" />
+                  {locale.toUpperCase()}
+                </label>
+              ))}
+            </div>
+          </div>
           <div className="grid gap-3 md:grid-cols-2">
             <label className="space-y-1">
               <span className="text-xs text-neutral-600">Starts at</span>
@@ -390,6 +423,26 @@ export default async function AnnouncementsPage({
                   />
                 </label>
               </div>
+              <div className="mt-3 space-y-1">
+                <p className="text-xs text-neutral-600">Target locales (empty = all locales)</p>
+                <div className="flex flex-wrap gap-3">
+                  {SUPPORTED_LOCALES.map((locale) => (
+                    <label
+                      key={`${announcement.id}-locale-${locale}`}
+                      className="inline-flex items-center gap-2 text-sm"
+                    >
+                      <input
+                        name="targetLocales"
+                        type="checkbox"
+                        value={locale}
+                        defaultChecked={announcement.targetLocales.includes(locale)}
+                        className="size-4"
+                      />
+                      {locale.toUpperCase()}
+                    </label>
+                  ))}
+                </div>
+              </div>
               <div className="mt-3 flex flex-wrap items-center justify-between gap-3">
                 <label className="inline-flex items-center gap-2 text-sm text-neutral-700">
                   <input

apps/admin/src/app/commissions/page.tsx

@@ -2,8 +2,11 @@ import {
   commissionKanbanOrder,
   createCommission,
   createCustomer,
+  db,
+  listArtworks,
   listCommissions,
   listCustomers,
+  updateCommission,
   updateCommissionStatus,
 } from "@cms/db"
 import { Button } from "@cms/ui/button"
@@ -67,6 +70,19 @@ function readNullableDate(formData: FormData, field: string): Date | null {
   return parsed
 }
 
+function readUuidList(formData: FormData, field: string): string[] {
+  const raw = readInputString(formData, field)
+
+  if (!raw) {
+    return []
+  }
+
+  return raw
+    .split(",")
+    .map((entry) => entry.trim())
+    .filter((entry) => entry.length > 0)
+}
+
 function redirectWithState(params: { notice?: string; error?: string }) {
   const query = new URLSearchParams()
 
@@ -124,6 +140,7 @@ async function createCommissionAction(formData: FormData) {
       status: readInputString(formData, "status"),
       customerId: readNullableString(formData, "customerId"),
       assignedUserId: readNullableString(formData, "assignedUserId"),
+      linkedArtworkIds: readUuidList(formData, "linkedArtworkIds"),
       budgetMin: readNullableNumber(formData, "budgetMin"),
       budgetMax: readNullableNumber(formData, "budgetMax"),
       dueAt: readNullableDate(formData, "dueAt"),
@@ -136,6 +153,35 @@ async function createCommissionAction(formData: FormData) {
   redirectWithState({ notice: "Commission created." })
 }
 
+async function updateCommissionAction(formData: FormData) {
+  "use server"
+
+  await requirePermissionForRoute({
+    nextPath: "/commissions",
+    permission: "commissions:write",
+    scope: "own",
+  })
+
+  try {
+    await updateCommission({
+      id: readInputString(formData, "id"),
+      title: readInputString(formData, "title"),
+      description: readNullableString(formData, "description"),
+      customerId: readNullableString(formData, "customerId"),
+      assignedUserId: readNullableString(formData, "assignedUserId"),
+      linkedArtworkIds: readUuidList(formData, "linkedArtworkIds"),
+      budgetMin: readNullableNumber(formData, "budgetMin"),
+      budgetMax: readNullableNumber(formData, "budgetMax"),
+      dueAt: readNullableDate(formData, "dueAt"),
+    })
+  } catch {
+    redirectWithState({ error: "Failed to update commission details." })
+  }
+
+  revalidatePath("/commissions")
+  redirectWithState({ notice: "Commission updated." })
+}
+
 async function updateCommissionStatusAction(formData: FormData) {
   "use server"
 
@@ -166,6 +212,14 @@ function formatDate(value: Date | null) {
   return value.toLocaleDateString("en-US")
 }
 
+function formatDateInput(value: Date | null) {
+  if (!value) {
+    return ""
+  }
+
+  return value.toISOString().slice(0, 10)
+}
+
 export default async function CommissionsManagementPage({
   searchParams,
 }: {
@@ -177,10 +231,22 @@ export default async function CommissionsManagementPage({
     scope: "own",
   })
 
-  const [resolvedSearchParams, customers, commissions] = await Promise.all([
+  const [resolvedSearchParams, customers, commissions, assignees, artworks] = await Promise.all([
     searchParams,
     listCustomers(200),
     listCommissions(300),
+    db.user.findMany({
+      where: {
+        isBanned: false,
+      },
+      orderBy: [{ createdAt: "asc" }],
+      select: {
+        id: true,
+        name: true,
+        username: true,
+      },
+    }),
+    listArtworks(300),
   ])
 
   const notice = readFirstValue(resolvedSearchParams.notice)
@@ -309,11 +375,18 @@ export default async function CommissionsManagementPage({
             </div>
             <div className="grid gap-3 md:grid-cols-3">
               <label className="space-y-1">
-                <span className="text-xs text-neutral-600">Assigned user id</span>
+                <span className="text-xs text-neutral-600">Assigned user</span>
-                <input
+                <select
                   name="assignedUserId"
                   className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
-                />
+                >
+                  <option value="">(none)</option>
+                  {assignees.map((assignee) => (
+                    <option key={assignee.id} value={assignee.id}>
+                      {assignee.name} @{assignee.username ?? "no-user"}
+                    </option>
+                  ))}
+                </select>
               </label>
               <label className="space-y-1">
                 <span className="text-xs text-neutral-600">Budget min</span>
@@ -344,6 +417,14 @@ export default async function CommissionsManagementPage({
                 className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
               />
             </label>
+            <label className="space-y-1">
+              <span className="text-xs text-neutral-600">Linked artwork IDs (comma separated)</span>
+              <textarea
+                name="linkedArtworkIds"
+                rows={2}
+                className="w-full rounded border border-neutral-300 px-3 py-2 text-sm"
+              />
+            </label>
             <Button type="submit">Create commission</Button>
           </form>
         </article>
@@ -383,6 +464,9 @@ export default async function CommissionsManagementPage({
                           <p className="text-xs text-neutral-600">
                             {commission.customer?.name ?? "No customer"}
                           </p>
+                          <p className="text-xs text-neutral-500">
+                            Assignee: {commission.assignedUser?.name ?? "none"}
+                          </p>
                           <p className="text-xs text-neutral-500">
                             Due: {formatDate(commission.dueAt)}
                           </p>
@@ -406,6 +490,99 @@ export default async function CommissionsManagementPage({
                             Move
                           </button>
                         </div>
+                        <details className="mt-2 rounded border border-neutral-200 p-2 text-xs">
+                          <summary className="cursor-pointer text-neutral-700">
+                            Edit details
+                          </summary>
+                          <form action={updateCommissionAction} className="mt-2 space-y-2">
+                            <input type="hidden" name="id" value={commission.id} />
+                            <input
+                              name="title"
+                              defaultValue={commission.title}
+                              className="w-full rounded border border-neutral-300 px-2 py-1"
+                            />
+                            <textarea
+                              name="description"
+                              rows={2}
+                              defaultValue={commission.description ?? ""}
+                              className="w-full rounded border border-neutral-300 px-2 py-1"
+                            />
+                            <select
+                              name="customerId"
+                              defaultValue={commission.customerId ?? ""}
+                              className="w-full rounded border border-neutral-300 px-2 py-1"
+                            >
+                              <option value="">(no customer)</option>
+                              {customers.map((customer) => (
+                                <option
+                                  key={`${commission.id}-customer-${customer.id}`}
+                                  value={customer.id}
+                                >
+                                  {customer.name}
+                                </option>
+                              ))}
+                            </select>
+                            <select
+                              name="assignedUserId"
+                              defaultValue={commission.assignedUserId ?? ""}
+                              className="w-full rounded border border-neutral-300 px-2 py-1"
+                            >
+                              <option value="">(no assignee)</option>
+                              {assignees.map((assignee) => (
+                                <option
+                                  key={`${commission.id}-assignee-${assignee.id}`}
+                                  value={assignee.id}
+                                >
+                                  {assignee.name}
+                                </option>
+                              ))}
+                            </select>
+                            <div className="grid grid-cols-2 gap-2">
+                              <input
+                                name="budgetMin"
+                                type="number"
+                                min={0}
+                                step="0.01"
+                                defaultValue={commission.budgetMin ?? ""}
+                                placeholder="Budget min"
+                                className="rounded border border-neutral-300 px-2 py-1"
+                              />
+                              <input
+                                name="budgetMax"
+                                type="number"
+                                min={0}
+                                step="0.01"
+                                defaultValue={commission.budgetMax ?? ""}
+                                placeholder="Budget max"
+                                className="rounded border border-neutral-300 px-2 py-1"
+                              />
+                            </div>
+                            <input
+                              name="dueAt"
+                              type="date"
+                              defaultValue={formatDateInput(commission.dueAt)}
+                              className="w-full rounded border border-neutral-300 px-2 py-1"
+                            />
+                            <textarea
+                              name="linkedArtworkIds"
+                              rows={2}
+                              defaultValue={commission.linkedArtworkIds.join(",")}
+                              placeholder="Artwork IDs"
+                              className="w-full rounded border border-neutral-300 px-2 py-1"
+                            />
+                            <button
+                              type="submit"
+                              className="rounded border border-neutral-300 px-2 py-1 text-xs"
+                            >
+                              Save details
+                            </button>
+                          </form>
+                        </details>
+                        {commission.linkedArtworkIds.length > 0 ? (
+                          <p className="mt-2 text-[11px] text-neutral-500">
+                            Linked artworks: {commission.linkedArtworkIds.length}
+                          </p>
+                        ) : null}
                       </form>
                     ))
                   )}
@@ -449,6 +626,24 @@ export default async function CommissionsManagementPage({
           </table>
         </div>
       </section>
+
+      <section className="rounded-xl border border-neutral-200 p-6">
+        <h2 className="text-xl font-medium">Artwork Reference</h2>
+        <p className="mt-1 text-sm text-neutral-600">
+          Use these IDs when linking artworks to commissions.
+        </p>
+        <div className="mt-3 max-h-64 overflow-auto rounded border border-neutral-200 p-3 text-xs">
+          {artworks.length === 0 ? (
+            <p className="text-neutral-500">No artworks available.</p>
+          ) : (
+            artworks.map((artwork) => (
+              <p key={artwork.id} className="font-mono text-neutral-700">
+                {artwork.id} - {artwork.title}
+              </p>
+            ))
+          )}
+        </div>
+      </section>
     </AdminShell>
   )
 }

apps/admin/src/app/users/page.tsx

@@ -1,34 +1,425 @@
-import { AdminSectionPlaceholder } from "@/components/admin-section-placeholder"
+import { hasPermission, normalizeRole, type Role } from "@cms/content/rbac"
+import { db } from "@cms/db"
+import { Button } from "@cms/ui/button"
+import { revalidatePath } from "next/cache"
+import { headers } from "next/headers"
+import { redirect } from "next/navigation"
+
 import { AdminShell } from "@/components/admin-shell"
+import {
+  auth,
+  canDeleteUserAccount,
+  createManagedUserAccount,
+  enforceOwnerInvariant,
+} from "@/lib/auth/server"
 import { requirePermissionForRoute } from "@/lib/route-guards"
 
 export const dynamic = "force-dynamic"
 
-export default async function UsersManagementPage() {
+const MANAGED_ROLES: Role[] = ["admin", "editor", "manager"]
+
+type SearchParamsInput = Record<string, string | string[] | undefined>
+
+function readFirstValue(value: string | string[] | undefined): string | null {
+  if (Array.isArray(value)) {
+    return value[0] ?? null
+  }
+
+  return value ?? null
+}
+
+function readInputString(formData: FormData, field: string): string {
+  const value = formData.get(field)
+  return typeof value === "string" ? value.trim() : ""
+}
+
+function redirectWithState(params: { notice?: string; error?: string }) {
+  const query = new URLSearchParams()
+
+  if (params.notice) {
+    query.set("notice", params.notice)
+  }
+
+  if (params.error) {
+    query.set("error", params.error)
+  }
+
+  const value = query.toString()
+  redirect(value ? `/users?${value}` : "/users")
+}
+
+async function createUserAction(formData: FormData) {
+  "use server"
+
+  await requirePermissionForRoute({
+    nextPath: "/users",
+    permission: "users:write",
+    scope: "team",
+  })
+
+  const role = normalizeRole(readInputString(formData, "role"))
+
+  if (!role || !MANAGED_ROLES.includes(role)) {
+    return redirectWithState({ error: "Invalid role for managed user creation." })
+  }
+
+  try {
+    await createManagedUserAccount({
+      email: readInputString(formData, "email"),
+      username: readInputString(formData, "username") || undefined,
+      name: readInputString(formData, "name"),
+      password: readInputString(formData, "password"),
+      role,
+    })
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Failed to create user."
+    redirectWithState({ error: message })
+  }
+
+  revalidatePath("/users")
+  redirectWithState({ notice: "User account created." })
+}
+
+async function updateUserRoleAction(formData: FormData) {
+  "use server"
+
+  await requirePermissionForRoute({
+    nextPath: "/users",
+    permission: "users:manage_roles",
+    scope: "global",
+  })
+
+  const userId = readInputString(formData, "userId")
+  const role = normalizeRole(readInputString(formData, "role"))
+
+  if (!role || !MANAGED_ROLES.includes(role)) {
+    return redirectWithState({ error: "Only admin/editor/manager can be assigned here." })
+  }
+
+  const user = await db.user.findUnique({
+    where: { id: userId },
+    select: { id: true, isProtected: true, isSystem: true },
+  })
+
+  if (!user) {
+    return redirectWithState({ error: "User not found." })
+  }
+
+  if (user.isProtected || user.isSystem) {
+    return redirectWithState({ error: "Protected/system users cannot be role-edited." })
+  }
+
+  try {
+    await db.user.update({
+      where: { id: userId },
+      data: { role },
+    })
+    await enforceOwnerInvariant()
+  } catch {
+    redirectWithState({ error: "Failed to update user role." })
+  }
+
+  revalidatePath("/users")
+  redirectWithState({ notice: "User role updated." })
+}
+
+async function updateUserBanAction(formData: FormData) {
+  "use server"
+
+  await requirePermissionForRoute({
+    nextPath: "/users",
+    permission: "users:write",
+    scope: "team",
+  })
+
+  const userId = readInputString(formData, "userId")
+  const isBanned = readInputString(formData, "isBanned") === "true"
+
+  const user = await db.user.findUnique({
+    where: { id: userId },
+    select: { id: true, isProtected: true, isSystem: true },
+  })
+
+  if (!user) {
+    return redirectWithState({ error: "User not found." })
+  }
+
+  if ((user.isProtected || user.isSystem) && isBanned) {
+    return redirectWithState({ error: "Protected/system users cannot be banned." })
+  }
+
+  try {
+    await db.user.update({
+      where: { id: userId },
+      data: { isBanned },
+    })
+    await enforceOwnerInvariant()
+  } catch {
+    redirectWithState({ error: "Failed to update user status." })
+  }
+
+  revalidatePath("/users")
+  redirectWithState({ notice: isBanned ? "User banned." : "User unbanned." })
+}
+
+async function deleteUserAction(formData: FormData) {
+  "use server"
+
+  await requirePermissionForRoute({
+    nextPath: "/users",
+    permission: "users:write",
+    scope: "team",
+  })
+
+  const userId = readInputString(formData, "userId")
+  const isAllowed = await canDeleteUserAccount(userId)
+
+  if (!isAllowed) {
+    return redirectWithState({
+      error: "User cannot be deleted due to protection or owner constraints.",
+    })
+  }
+
+  try {
+    await db.user.delete({
+      where: { id: userId },
+    })
+    await enforceOwnerInvariant()
+  } catch {
+    redirectWithState({ error: "Failed to delete user." })
+  }
+
+  revalidatePath("/users")
+  redirectWithState({ notice: "User deleted." })
+}
+
+export default async function UsersManagementPage({
+  searchParams,
+}: {
+  searchParams: Promise<SearchParamsInput>
+}) {
   const role = await requirePermissionForRoute({
     nextPath: "/users",
     permission: "users:read",
     scope: "own",
   })
 
+  const session = await auth.api
+    .getSession({
+      headers: await headers(),
+    })
+    .catch(() => null)
+  const viewerId = session?.user?.id ?? null
+  const canWriteUsers = hasPermission(role, "users:write", "team")
+  const canManageRoles = hasPermission(role, "users:manage_roles", "global")
+  const canReadGlobal = hasPermission(role, "users:read", "global")
+
+  const [resolvedSearchParams, users] = await Promise.all([
+    searchParams,
+    db.user.findMany({
+      where: canReadGlobal
+        ? undefined
+        : viewerId
+          ? {
+              id: viewerId,
+            }
+          : {
+              id: "__none__",
+            },
+      orderBy: [{ createdAt: "desc" }],
+      select: {
+        id: true,
+        email: true,
+        username: true,
+        name: true,
+        role: true,
+        isBanned: true,
+        isSystem: true,
+        isHidden: true,
+        isProtected: true,
+        createdAt: true,
+      },
+    }),
+  ])
+
+  const notice = readFirstValue(resolvedSearchParams.notice)
+  const error = readFirstValue(resolvedSearchParams.error)
+
   return (
     <AdminShell
       role={role}
       activePath="/users"
       badge="Admin App"
       title="Users"
-      description="Prepare user lifecycle and role management operations."
+      description="Manage internal users, roles, and account status."
     >
-      <AdminSectionPlaceholder
+      {notice ? (
-        feature="Users Management"
+        <section className="rounded-xl border border-emerald-300 bg-emerald-50 px-4 py-3 text-sm text-emerald-800">
-        summary="This route sets the guardrail and UX entrypoint for role assignment, status, and invitation flows."
+          {notice}
-        requiredPermission="users:read (own)"
+        </section>
-        nextSteps={[
+      ) : null}
-          "Add user list, filter, and detail views.",
+      {error ? (
-          "Add role and permission editing actions with owner/support safety rules.",
+        <section className="rounded-xl border border-red-300 bg-red-50 px-4 py-3 text-sm text-red-800">
-          "Add disable/ban and invite workflows.",
+          {error}
-        ]}
+        </section>
+      ) : null}
+
+      {canWriteUsers ? (
+        <section className="rounded-xl border border-neutral-200 p-6">
+          <h2 className="text-xl font-medium">Create managed user</h2>
+          <form action={createUserAction} className="mt-4 grid gap-3 md:grid-cols-2 lg:grid-cols-3">
+            <input
+              name="name"
+              required
+              placeholder="Name"
+              className="rounded border border-neutral-300 px-3 py-2 text-sm"
             />
+            <input
+              name="email"
+              required
+              type="email"
+              placeholder="Email"
+              className="rounded border border-neutral-300 px-3 py-2 text-sm"
+            />
+            <input
+              name="username"
+              placeholder="Username (optional)"
+              className="rounded border border-neutral-300 px-3 py-2 text-sm"
+            />
+            <input
+              name="password"
+              required
+              type="password"
+              placeholder="Temporary password"
+              className="rounded border border-neutral-300 px-3 py-2 text-sm"
+            />
+            <select
+              name="role"
+              defaultValue="editor"
+              className="rounded border border-neutral-300 px-3 py-2 text-sm"
+            >
+              <option value="editor">editor</option>
+              <option value="manager">manager</option>
+              <option value="admin">admin</option>
+            </select>
+            <div className="md:col-span-2 lg:col-span-3">
+              <Button type="submit">Create user</Button>
+            </div>
+          </form>
+        </section>
+      ) : null}
+
+      <section className="rounded-xl border border-neutral-200 p-6">
+        <h2 className="text-xl font-medium">User accounts</h2>
+        <div className="mt-4 overflow-x-auto">
+          <table className="min-w-full text-left text-sm">
+            <thead className="text-xs uppercase tracking-wide text-neutral-500">
+              <tr>
+                <th className="py-2 pr-4">User</th>
+                <th className="py-2 pr-4">Role</th>
+                <th className="py-2 pr-4">Status</th>
+                <th className="py-2 pr-4">Flags</th>
+                <th className="py-2 pr-4">Created</th>
+                <th className="py-2 pr-4">Actions</th>
+              </tr>
+            </thead>
+            <tbody>
+              {users.length === 0 ? (
+                <tr>
+                  <td className="py-3 text-neutral-500" colSpan={6}>
+                    No users found.
+                  </td>
+                </tr>
+              ) : (
+                users.map((user) => (
+                  <tr key={user.id} className="border-t border-neutral-200 align-top">
+                    <td className="py-3 pr-4">
+                      <p className="font-medium">{user.name}</p>
+                      <p className="text-xs text-neutral-600">{user.email}</p>
+                      <p className="text-xs text-neutral-500">@{user.username ?? "no-username"}</p>
+                    </td>
+                    <td className="py-3 pr-4">{user.role}</td>
+                    <td className="py-3 pr-4">{user.isBanned ? "banned" : "active"}</td>
+                    <td className="py-3 pr-4 text-xs text-neutral-600">
+                      {user.isProtected ? "protected " : ""}
+                      {user.isSystem ? "system " : ""}
+                      {user.isHidden ? "hidden" : ""}
+                    </td>
+                    <td className="py-3 pr-4 text-xs text-neutral-600">
+                      {user.createdAt.toLocaleString("en-US")}
+                    </td>
+                    <td className="py-3 pr-4">
+                      <div className="grid min-w-56 gap-2">
+                        {canManageRoles ? (
+                          <form action={updateUserRoleAction} className="flex gap-2">
+                            <input type="hidden" name="userId" value={user.id} />
+                            <select
+                              name="role"
+                              defaultValue={
+                                MANAGED_ROLES.includes(user.role as Role) ? user.role : "editor"
+                              }
+                              disabled={user.isProtected || user.isSystem}
+                              className="w-full rounded border border-neutral-300 px-2 py-1 text-xs"
+                            >
+                              <option value="editor">editor</option>
+                              <option value="manager">manager</option>
+                              <option value="admin">admin</option>
+                            </select>
+                            <Button
+                              type="submit"
+                              size="sm"
+                              variant="secondary"
+                              disabled={user.isProtected || user.isSystem}
+                            >
+                              Role
+                            </Button>
+                          </form>
+                        ) : null}
+
+                        {canWriteUsers ? (
+                          <form action={updateUserBanAction} className="flex gap-2">
+                            <input type="hidden" name="userId" value={user.id} />
+                            <select
+                              name="isBanned"
+                              defaultValue={user.isBanned ? "true" : "false"}
+                              disabled={user.isProtected || user.isSystem}
+                              className="w-full rounded border border-neutral-300 px-2 py-1 text-xs"
+                            >
+                              <option value="false">active</option>
+                              <option value="true">banned</option>
+                            </select>
+                            <Button
+                              type="submit"
+                              size="sm"
+                              variant="secondary"
+                              disabled={user.isProtected || user.isSystem}
+                            >
+                              Status
+                            </Button>
+                          </form>
+                        ) : null}
+
+                        {canWriteUsers ? (
+                          <form action={deleteUserAction}>
+                            <input type="hidden" name="userId" value={user.id} />
+                            <button
+                              type="submit"
+                              disabled={user.isProtected || user.isSystem}
+                              className="rounded border border-red-300 px-3 py-1.5 text-xs text-red-700 disabled:cursor-not-allowed disabled:opacity-50"
+                            >
+                              Delete user
+                            </button>
+                          </form>
+                        ) : null}
+                      </div>
+                    </td>
+                  </tr>
+                ))
+              )}
+            </tbody>
+          </table>
+        </div>
+      </section>
     </AdminShell>
   )
 }

apps/admin/src/lib/auth/server.ts

@@ -375,6 +375,63 @@ export async function ensureSupportUserBootstrap(): Promise<void> {
   }
 }
 
+const MANAGED_USER_ROLE_ALLOWLIST = new Set<Role>(["admin", "editor", "manager"])
+
+export async function createManagedUserAccount(input: {
+  email: string
+  username?: string | null
+  name: string
+  password: string
+  role: string
+}): Promise<{ id: string; email: string; username: string | null; role: string }> {
+  const normalizedEmail = input.email.trim().toLowerCase()
+  const normalizedRole = normalizeRole(input.role)
+
+  if (!normalizedRole || !MANAGED_USER_ROLE_ALLOWLIST.has(normalizedRole)) {
+    throw new Error("Unsupported role for managed user account")
+  }
+
+  const existing = await db.user.findUnique({
+    where: { email: normalizedEmail },
+    select: { id: true, isProtected: true, isSystem: true },
+  })
+
+  if (existing) {
+    if (existing.isProtected || existing.isSystem) {
+      throw new Error("Cannot mutate protected/system account via managed user provisioning")
+    }
+
+    throw new Error("A user with this email already exists")
+  }
+
+  const preferredUsername =
+    normalizeUsernameCandidate(input.username) ??
+    normalizeUsernameCandidate(extractEmailLocalPart(normalizedEmail)) ??
+    "user"
+
+  await ensureCredentialUser({
+    email: normalizedEmail,
+    username: preferredUsername,
+    name: input.name.trim(),
+    password: input.password,
+    role: normalizedRole,
+    isHidden: false,
+    isSystem: false,
+    isProtected: false,
+  })
+
+  const created = await db.user.findUnique({
+    where: { email: normalizedEmail },
+    select: { id: true, email: true, username: true, role: true },
+  })
+
+  if (!created) {
+    throw new Error("Managed user provisioning failed")
+  }
+
+  return created
+}
+
 const DEFAULT_E2E_ADMIN_EMAIL = "e2e-admin@cms.local"
 const DEFAULT_E2E_ADMIN_USERNAME = "e2e-admin"
 const DEFAULT_E2E_ADMIN_PASSWORD = "e2e-admin-password"

apps/web/src/app/[locale]/layout.tsx

@@ -52,7 +52,7 @@ export default async function LocaleLayout({ children, params }: LocaleLayoutPro
     <NextIntlClientProvider locale={locale}>
       <Providers>
         <PublicHeaderBanner banner={banner} />
-        <PublicAnnouncements placement="global_top" />
+        <PublicAnnouncements placement="global_top" locale={locale} />
         <PublicSiteHeader />
         <main>{children}</main>
         <PublicSiteFooter />

apps/web/src/app/[locale]/page.tsx

@@ -1,4 +1,4 @@
-import { getPublishedPageBySlugForLocale, listPosts } from "@cms/db"
+import { getPublishedPageBySlugForLocale, listPostsForLocale } from "@cms/db"
 import { getTranslations } from "next-intl/server"
 import { PublicAnnouncements } from "@/components/public-announcements"
 import { PublicPageView } from "@/components/public-page-view"
@@ -15,14 +15,14 @@ export default async function HomePage({ params }: HomePageProps) {
 
   const [homePage, posts, t] = await Promise.all([
     getPublishedPageBySlugForLocale("home", locale),
-    listPosts(),
+    listPostsForLocale(locale),
     getTranslations("Home"),
   ])
 
   return (
     <section>
       {homePage ? <PublicPageView page={homePage} /> : null}
-      <PublicAnnouncements placement="homepage" />
+      <PublicAnnouncements placement="homepage" locale={locale} />
 
       <section className="mx-auto flex w-full max-w-6xl flex-col gap-6 px-6 py-6 pb-16">
         <header className="space-y-3">

apps/web/src/components/public-announcements.tsx

@@ -3,6 +3,7 @@ import Link from "next/link"
 
 type PublicAnnouncementsProps = {
   placement: "global_top" | "homepage"
+  locale?: string
 }
 
 function AnnouncementCard({ announcement }: { announcement: PublicAnnouncement }) {
@@ -22,8 +23,8 @@ function AnnouncementCard({ announcement }: { announcement: PublicAnnouncement }
   )
 }
 
-export async function PublicAnnouncements({ placement }: PublicAnnouncementsProps) {
+export async function PublicAnnouncements({ placement, locale }: PublicAnnouncementsProps) {
-  const announcements = await listActiveAnnouncements(placement)
+  const announcements = await listActiveAnnouncements(placement, new Date(), locale)
 
   if (announcements.length === 0) {
     return null

packages/content/src/announcements.ts

@@ -1,11 +1,13 @@
 import { z } from "zod"
 
 export const announcementPlacementSchema = z.enum(["global_top", "homepage"])
+export const announcementLocaleSchema = z.enum(["de", "en", "es", "fr"])
 
 export const createAnnouncementInputSchema = z.object({
   title: z.string().min(1).max(180),
   message: z.string().min(1).max(500),
   placement: announcementPlacementSchema.default("global_top"),
+  targetLocales: z.array(announcementLocaleSchema).default([]),
   priority: z.number().int().min(0).default(100),
   ctaLabel: z.string().max(120).nullable().optional(),
   ctaHref: z.string().max(500).nullable().optional(),
@@ -19,6 +21,7 @@ export const updateAnnouncementInputSchema = z.object({
   title: z.string().min(1).max(180).optional(),
   message: z.string().min(1).max(500).optional(),
   placement: announcementPlacementSchema.optional(),
+  targetLocales: z.array(announcementLocaleSchema).optional(),
   priority: z.number().int().min(0).optional(),
   ctaLabel: z.string().max(120).nullable().optional(),
   ctaHref: z.string().max(500).nullable().optional(),

packages/content/src/commissions.ts

@@ -23,7 +23,21 @@ export const createCommissionInputSchema = z.object({
   description: z.string().max(4000).nullable().optional(),
   status: commissionStatusSchema.default("new"),
   customerId: z.string().uuid().nullable().optional(),
-  assignedUserId: z.string().max(120).nullable().optional(),
+  assignedUserId: z.string().uuid().nullable().optional(),
+  linkedArtworkIds: z.array(z.string().uuid()).default([]),
+  budgetMin: z.number().nonnegative().nullable().optional(),
+  budgetMax: z.number().nonnegative().nullable().optional(),
+  dueAt: z.date().nullable().optional(),
+})
+
+export const updateCommissionInputSchema = z.object({
+  id: z.string().uuid(),
+  title: z.string().min(1).max(180).optional(),
+  description: z.string().max(4000).nullable().optional(),
+  status: commissionStatusSchema.optional(),
+  customerId: z.string().uuid().nullable().optional(),
+  assignedUserId: z.string().uuid().nullable().optional(),
+  linkedArtworkIds: z.array(z.string().uuid()).optional(),
   budgetMin: z.number().nonnegative().nullable().optional(),
   budgetMax: z.number().nonnegative().nullable().optional(),
   dueAt: z.date().nullable().optional(),
@@ -57,6 +71,7 @@ export const updateCommissionStatusInputSchema = z.object({
 export type CommissionStatus = z.infer<typeof commissionStatusSchema>
 export type CreateCustomerInput = z.infer<typeof createCustomerInputSchema>
 export type CreateCommissionInput = z.infer<typeof createCommissionInputSchema>
+export type UpdateCommissionInput = z.infer<typeof updateCommissionInputSchema>
 export type CreatePublicCommissionRequestInput = z.infer<
   typeof createPublicCommissionRequestInputSchema
 >

packages/db/prisma/migrations/20260213012000_commission_linked_artworks/migration.sql

@@ -0,0 +1,2 @@
+ALTER TABLE "Commission"
+ADD COLUMN "linkedArtworkIds" TEXT[] NOT NULL DEFAULT ARRAY[]::TEXT[];

packages/db/prisma/migrations/20260213014500_announcement_locale_targeting/migration.sql

@@ -0,0 +1,2 @@
+ALTER TABLE "Announcement"
+ADD COLUMN "targetLocales" TEXT[] NOT NULL DEFAULT ARRAY[]::TEXT[];

packages/db/prisma/schema.prisma

@@ -386,6 +386,7 @@ model Commission {
   status         String
   customerId     String?
   assignedUserId String?
+  linkedArtworkIds String[] @default([])
   budgetMin      Float?
   budgetMax      Float?
   dueAt          DateTime?
@@ -404,6 +405,7 @@ model Announcement {
   title     String
   message   String
   placement String
+  targetLocales String[] @default([])
   priority  Int      @default(100)
   ctaLabel  String?
   ctaHref   String?

packages/db/src/announcements.test.ts

@@ -41,13 +41,18 @@ describe("announcements service", () => {
   it("queries only visible announcements in the given placement", async () => {
     mockDb.announcement.findMany.mockResolvedValue([])
 
-    await listActiveAnnouncements("homepage")
+    await listActiveAnnouncements("homepage", new Date("2026-02-12T10:00:00.000Z"), "en")
 
     expect(mockDb.announcement.findMany).toHaveBeenCalledTimes(1)
     expect(mockDb.announcement.findMany.mock.calls[0]?.[0]).toMatchObject({
       where: {
         placement: "homepage",
         isVisible: true,
+        AND: [
+          {
+            OR: [{ targetLocales: { isEmpty: true } }, { targetLocales: { has: "en" } }],
+          },
+        ],
       },
     })
   })

packages/db/src/announcements.ts

@@ -13,6 +13,7 @@ export type PublicAnnouncement = {
   ctaLabel: string | null
   ctaHref: string | null
   placement: string
+  targetLocales: string[]
   priority: number
 }
 
@@ -50,13 +51,26 @@ export async function deleteAnnouncement(id: string) {
 export async function listActiveAnnouncements(
   placement: AnnouncementPlacement,
   now = new Date(),
+  locale?: string,
 ): Promise<PublicAnnouncement[]> {
+  const localeFilter =
+    locale && locale.length > 0
+      ? {
+          AND: [
+            {
+              OR: [{ targetLocales: { isEmpty: true } }, { targetLocales: { has: locale } }],
+            },
+          ],
+        }
+      : undefined
+
   const announcements = await db.announcement.findMany({
     where: {
       placement,
       isVisible: true,
       OR: [{ startsAt: null }, { startsAt: { lte: now } }],
       AND: [{ OR: [{ endsAt: null }, { endsAt: { gte: now } }] }],
+      ...(localeFilter ?? {}),
     },
     orderBy: [{ priority: "asc" }, { createdAt: "desc" }],
     select: {
@@ -66,6 +80,7 @@ export async function listActiveAnnouncements(
       ctaLabel: true,
       ctaHref: true,
       placement: true,
+      targetLocales: true,
       priority: true,
     },
   })

packages/db/src/commissions.ts

@@ -3,6 +3,7 @@ import {
   createCommissionInputSchema,
   createCustomerInputSchema,
   createPublicCommissionRequestInputSchema,
+  updateCommissionInputSchema,
   updateCommissionStatusInputSchema,
 } from "@cms/content"
 
@@ -57,6 +58,16 @@ export async function createCommission(input: unknown) {
   })
 }
 
+export async function updateCommission(input: unknown) {
+  const payload = updateCommissionInputSchema.parse(input)
+  const { id, ...data } = payload
+
+  return db.commission.update({
+    where: { id },
+    data,
+  })
+}
+
 export async function createPublicCommissionRequest(input: unknown) {
   const payload = createPublicCommissionRequestInputSchema.parse(input)
   const normalizedEmail = payload.customerEmail.trim().toLowerCase()

packages/db/src/index.ts

@@ -14,6 +14,7 @@ export {
   createPublicCommissionRequest,
   listCommissions,
   listCustomers,
+  updateCommission,
   updateCommissionStatus,
 } from "./commissions"
 export {