Bump version to 1.17.8

- Feat: Verbrauchsauswertung – Ablesung korrigieren (Datum, Zählerstand,
  Korrekturnotiz) und löschen direkt aus der Tabelle (manage_kleingarten)
- Feat: Inventarverwaltung – Gegenstände erfassen, bearbeiten, löschen;
  Ausleihe und Rückgabe je Mitglied mit Notiz und Fälligkeitsdatum tracken;
  Export/Import integriert (InventoryRepository, Schema, Validator, DataTransfer)
- Feat: Jahresabrechnung Sperrstatus – Festschreiben/Freigeben mit
  serverseitiger Prüfung aller Schreibzugriffe auf Kosten und Preise

README.md

@@ -1,36 +1,96 @@
-# KGV Vereinsverwaltung (WordPress Plugin)
+=== KGV Vereinsverwaltung ===
+Contributors: ronnygrobel 
+Tags: verein, mitgliederverwaltung, parzellen, zaehler, abrechnung
+Requires at least: 6.0
+Tested up to: 6.8
+Stable tag: 1.17.8
+Requires PHP: 7.2
+License: GPLv2 or later
+License URI: https://www.gnu.org/licenses/gpl-2.0.html
 
-## Beschreibung
-KGV Vereinsverwaltung ist ein WordPress-Plugin zur Verwaltung von Vereinsdaten, Parzellen, Zaehlern, Kosten, Kommunikation und Rollen im Vereinsumfeld.
 
-## Voraussetzungen
+Umfassende Verwaltung von Vereinsdaten, Parzellen, Mitgliedern und Zaehlerstaenden.
-- WordPress 6.x
-- PHP entsprechend der WordPress-Anforderungen
-- Schreibrechte fuer den Plugin-Ordner
 
-## Installation
+== Description ==
-1. Plugin-Ordner nach `wp-content/plugins/KGV-Verein-Manager/` hochladen.
-2. Plugin in WordPress unter `Plugins` aktivieren.
-3. Nach der Aktivierung die Menuepunkte im Backend pruefen.
-4. Rollen und Berechtigungen fuer Vereinsfunktionen konfigurieren.
 
-## Funktionen (Ueberblick)
+KGV Vereinsverwaltung bietet ein umfangreiches Backend fuer Kleingartenvereine mit Fokus auf Stammdaten, Verbraeuche und Organisation.
-- Vereins-Dashboard im WordPress-Backend
-- Verwaltung von Parzellen, Zaehlern und Verbraeuchen
-- Kosten- und Stammdatenverwaltung
-- Rollen- und Berechtigungskonzept fuer Vereinsmitglieder
-- Interner Vereinschat
-- PDF/Export-Funktionen (inkl. TCPDF-Bibliothek)
 
-## Projektstruktur
+= Features =
-- `kgv-verein-manager.php` - Plugin-Bootstrap
-- `includes/` - Kernlogik, Admin-Bereiche, Repositories, Services
-- `assets/` - CSS/JS und statische Ressourcen
-- `languages/` - Sprachdateien
-- `lib/` - Drittanbieterbibliotheken (u.a. TCPDF)
 
-## Versionshinweis
+* Vereins-Dashboard
-Aktuelle Plugin-Version laut Header: `1.15.1`
+* Verwaltung von Sparten, Parzellen, Mitgliedern und Paechtern
+* Wasser- und Stromzaehlerverwaltung
+* Kosten- und Stammdatenverwaltung
+* Rollen- und Rechtekonzept
+* PDF- und Exportfunktionen
 
-## Lizenz
+== Installation ==
-Siehe Angaben in den Quelltextdateien und in eingebundenen Drittanbieterbibliotheken.
+
+1. Plugin in `wp-content/plugins/KGV-Verein-Manager/` hochladen.
+2. Plugin aktivieren.
+3. Menues, Rollen und Stammdaten im Backend einrichten.
+
+== Frequently Asked Questions ==
+
+
+= Welche Mindestanforderungen gelten? =
+
+WordPress ab 6.0 und PHP ab 7.2.
+
+= Ist das Plugin fuer Vereinsablaeufe ausgelegt? =
+
+Ja, insbesondere fuer Kleingartenvereine und deren Verwaltungsprozesse.
+
+== Changelog ==
+
+= 1.17.8 =
+Feat: Verbrauchsauswertung – Ablesung korrigieren (Datum, Zählerstand, Korrekturnotiz) und löschen direkt aus der Tabelle.
+
+= 1.17.7 =
+Feat: Inventarverwaltung – Gegenstände (Werkzeug etc.) erfassen, bearbeiten, löschen. Ausleihe und Rückgabe je Mitglied mit Notiz und Fälligkeitsdatum tracken. Export/Import integriert.
+
+= 1.17.6 =
+Feat: Jahresabrechnung kann festgeschrieben (gesperrt) werden. Alle Schreibzugriffe auf Kosten, Preise und Parzellenzu­ordnungen prüfen den Sperrstatus serverseitig.
+
+= 1.17.5 =
+Fix: Spaltenbreiten in Abrechnungstabellen angepasst für bessere Lesbarkeit langer Texte.
+
+= 1.17.4 =
+Fix: Checkbox "Verpflichtende Position" bei Kostenposten wird jetzt korrekt gespeichert wenn sie deaktiviert ist.
+
+= 1.17.3 =
+Verbesserung: Kostenübersicht zeigt jetzt direkt pro Kostenposten den Status Verpflichtend oder Manuell in einer eigenen Spalte an.
+
+= 1.17.2 =
+Fix: Manuelle Kostenpositionen auf der Jahresabrechnung einer Parzelle werden nach dem Hinzufügen jetzt sofort korrekt berücksichtigt. Pflichtpositionen ohne Einschränkung werden in der Seitenleiste als automatisch aktiv dargestellt.
+
+= 1.17.1 =
+Feat: is_mandatory Flag für Kostenpositionstypen - Kostenposten können jetzt als "verpflichtend" oder "manuell/optional" gekennzeichnet werden. Checkbox in der Kostenposten-Bearbeitung.
+
+= 1.17.0 =
+Parzellenspezifische Kostenpositionenzuweisung: Kostenposten können jetzt einzelnen Parzellen zugeordnet werden (z.B. Versicherung nur für bestimmte Parzellen). Editor auf der Jahresabrechnung Parzelle Seite mit übersichtlicher Liste und Hinzufügen/Entfernen-Funktionen. Zuordnungen werden in einer separaten Tabelle gespeichert und sind vollständig in Export/Import integriert.
+
+= 1.16.3 =
+* Datensicherung erweitert: Export und Import umfassen jetzt zusätzlich die zugehörigen WordPress-Mitgliederkonten inklusive Metadaten.
+
+= 1.16.2 =
+* Neue Datensicherungsfunktion unter Einstellungen: Export und Import aller kgvvm-Tabellen als JSON.
+* Import mit Sicherheitsprüfung und vollständigem Überschreiben der vorhandenen Plugin-Daten.
+
+= 1.16.1 =
+* Wartungsrelease mit synchronisierter Versionsnummer in Plugin-Header, Konstante und Readme-Dateien.
+* Release-Tag 1.16.1 gesetzt.
+
+= 1.16.0 =
+* Neues Modul Arbeitsstunden im Adminbereich mit drei Bereichen: geleistete Arbeiten, Mitgliederuebersicht und Arbeitsarten.
+* Pflichtstunden je Mitglied pro Jahr konfigurierbar, inklusive variablem Preis je fehlender Stunde fuer den Aufschlag in der Jahresrechnung.
+* Arbeitseintraege mit Datum, Arbeitsart und Notiz sowie Mehrfachzuordnung von Mitgliedern mit individuellen Stundenwerten.
+* Neue Datenbanktabellen fuer Arbeitsarten, Jahreseinstellungen, Arbeitseintraege und Stundenzuordnungen je Mitglied.
+
+= 1.15.6 =
+* Versionsabgleich zwischen Plugin-Header, Konstante und Readme.
+* WordPress-Readme-Format weiter vereinheitlicht.
+
+= 1.15.5 =
+* Aktuelle Version laut Plugin-Header.
+* Kontinuierliche Verbesserungen in Verwaltung und Datenpflege.

assets/css/admin.css

@@ -300,3 +300,21 @@
     break-inside: avoid;
   }
 }
+
+/* Arbeitsstunden sub-table */
+.kgvvm-subtable {
+  border-collapse: collapse;
+  width: 100%;
+  max-width: 480px;
+}
+.kgvvm-subtable th,
+.kgvvm-subtable td {
+  padding: 4px 8px;
+  border: 1px solid #ddd;
+  text-align: left;
+  vertical-align: middle;
+}
+.kgvvm-subtable thead th {
+  background: #f9f9f9;
+  font-weight: 600;
+}

includes/DataTransfer.php

@@ -0,0 +1,415 @@
+<?php
+/**
+ * Export and import all kgvvm plugin data as JSON.
+ *
+ * @package KGV\VereinManager
+ */
+
+namespace KGV\VereinManager;
+
+if ( ! defined( 'ABSPATH' ) ) {
+	exit;
+}
+
+class DataTransfer {
+
+	/** @var \wpdb */
+	private $wpdb;
+
+	/**
+	 * Table keys in dependency order (parent before child).
+	 *
+	 * @var string[]
+	 */
+	private static $table_keys = array(
+		'sections',
+		'parcels',
+		'tenants',
+		'inventory_items',
+		'parcel_members',
+		'parcel_tenants',
+		'meters',
+		'meter_readings',
+		'chat_messages',
+		'cost_years',
+		'cost_rates',
+		'cost_entries',
+		'parcel_cost_assignments',
+		'work_jobs',
+		'work_year_config',
+		'work_logs',
+		'work_log_members',
+		'inventory_loans',
+	);
+
+	public function __construct( \wpdb $wpdb ) {
+		$this->wpdb = $wpdb;
+	}
+
+	// -------------------------------------------------------------------------
+	// Export
+	// -------------------------------------------------------------------------
+
+	/**
+	 * Build the export payload as an associative array.
+	 *
+	 * @return array
+	 */
+	public function build_export() {
+		$payload = array(
+			'plugin'    => 'kgv-verein-manager',
+			'version'   => KGVVM_VERSION,
+			'exported'  => gmdate( 'Y-m-d\TH:i:s\Z' ),
+			'members'   => array(),
+			'tables'    => array(),
+		);
+
+		$payload['members'] = $this->export_members();
+
+		foreach ( self::$table_keys as $key ) {
+			$table = Schema::table( $key );
+			if ( '' === $table ) {
+				continue;
+			}
+			// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery,WordPress.DB.DirectDatabaseQuery.NoCaching
+			$rows = $this->wpdb->get_results( "SELECT * FROM {$table}", ARRAY_A );
+			$payload['tables'][ $key ] = is_array( $rows ) ? $rows : array();
+		}
+
+		return $payload;
+	}
+
+	/**
+	 * Export all member user accounts relevant to the plugin.
+	 *
+	 * @return array
+	 */
+	private function export_members() {
+		$ids = $this->collect_member_user_ids();
+
+		if ( empty( $ids ) ) {
+			return array(
+				'ids'      => array(),
+				'users'    => array(),
+				'usermeta' => array(),
+			);
+		}
+
+		$placeholders = implode( ', ', array_fill( 0, count( $ids ), '%d' ) );
+
+		$users_sql = "SELECT ID, user_login, user_pass, user_nicename, user_email, user_url, user_registered, user_activation_key, user_status, display_name
+			FROM {$this->wpdb->users}
+			WHERE ID IN ({$placeholders})
+			ORDER BY ID ASC";
+
+		$meta_sql = "SELECT user_id, meta_key, meta_value
+			FROM {$this->wpdb->usermeta}
+			WHERE user_id IN ({$placeholders})
+			ORDER BY user_id ASC, umeta_id ASC";
+
+		// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+		$users = $this->wpdb->get_results( $this->wpdb->prepare( $users_sql, $ids ), ARRAY_A );
+		// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+		$meta = $this->wpdb->get_results( $this->wpdb->prepare( $meta_sql, $ids ), ARRAY_A );
+
+		return array(
+			'ids'      => $ids,
+			'users'    => is_array( $users ) ? $users : array(),
+			'usermeta' => is_array( $meta ) ? $meta : array(),
+		);
+	}
+
+	/**
+	 * Collect all user IDs relevant for member data export.
+	 *
+	 * @return int[]
+	 */
+	private function collect_member_user_ids() {
+		$ids = array();
+
+		$member_query = new \WP_User_Query(
+			array(
+				'role'    => Roles::MEMBER_ROLE,
+				'fields'  => 'ID',
+				'number'  => 2000,
+				'orderby' => 'ID',
+				'order'   => 'ASC',
+			)
+		);
+		$ids = array_merge( $ids, (array) $member_query->get_results() );
+
+		$parcel_members_table = Schema::table( 'parcel_members' );
+		if ( '' !== $parcel_members_table ) {
+			// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery
+			$ids = array_merge( $ids, (array) $this->wpdb->get_col( "SELECT DISTINCT user_id FROM {$parcel_members_table}" ) );
+		}
+
+		$work_log_members_table = Schema::table( 'work_log_members' );
+		if ( '' !== $work_log_members_table ) {
+			// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery
+			$ids = array_merge( $ids, (array) $this->wpdb->get_col( "SELECT DISTINCT user_id FROM {$work_log_members_table}" ) );
+		}
+
+		$ids = array_values( array_unique( array_filter( array_map( 'absint', $ids ) ) ) );
+		sort( $ids, SORT_NUMERIC );
+
+		return $ids;
+	}
+
+	/**
+	 * Send the export as a JSON file download and exit.
+	 *
+	 * @return void
+	 */
+	public function send_download() {
+		$payload  = $this->build_export();
+		$json     = wp_json_encode( $payload, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE );
+		$filename = 'kgvvm-export-' . gmdate( 'Y-m-d' ) . '.json';
+
+		nocache_headers();
+		header( 'Content-Type: application/json; charset=utf-8' );
+		header( 'Content-Disposition: attachment; filename="' . $filename . '"' );
+		header( 'Content-Length: ' . strlen( $json ) );
+		echo $json; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+		exit;
+	}
+
+	// -------------------------------------------------------------------------
+	// Import
+	// -------------------------------------------------------------------------
+
+	/**
+	 * Validate and import data from a decoded JSON array.
+	 *
+	 * Returns an array with keys 'imported' (int[]), 'skipped' (string[]), 'errors' (string[]).
+	 *
+	 * @param array $payload Decoded JSON payload.
+	 * @return array
+	 */
+	public function import( array $payload ) {
+		$result = array(
+			'imported' => array(),
+			'skipped'  => array(),
+			'errors'   => array(),
+		);
+
+		if ( empty( $payload['plugin'] ) || 'kgv-verein-manager' !== $payload['plugin'] ) {
+			$result['errors'][] = __( 'Die Datei stammt nicht vom KGV Verein Manager Plugin.', KGVVM_TEXT_DOMAIN );
+			return $result;
+		}
+
+		if ( empty( $payload['tables'] ) || ! is_array( $payload['tables'] ) ) {
+			$result['errors'][] = __( 'Die Exportdatei enthält keine Tabellendaten.', KGVVM_TEXT_DOMAIN );
+			return $result;
+		}
+
+		// Wrap everything in a transaction so a partial failure can be rolled back.
+		$this->wpdb->query( 'SET FOREIGN_KEY_CHECKS = 0' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
+		$this->wpdb->query( 'START TRANSACTION' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
+
+		if ( ! empty( $payload['members'] ) && is_array( $payload['members'] ) ) {
+			$member_result = $this->import_members( $payload['members'] );
+			if ( ! empty( $member_result['errors'] ) ) {
+				$result['errors'] = array_merge( $result['errors'], $member_result['errors'] );
+				$this->wpdb->query( 'ROLLBACK' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
+				$this->wpdb->query( 'SET FOREIGN_KEY_CHECKS = 1' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
+				return $result;
+			}
+			$result['imported']['wp_members']     = isset( $member_result['users'] ) ? (int) $member_result['users'] : 0;
+			$result['imported']['wp_member_meta'] = isset( $member_result['meta'] ) ? (int) $member_result['meta'] : 0;
+		}
+
+		// Truncate in reverse dependency order.
+		foreach ( array_reverse( self::$table_keys ) as $key ) {
+			if ( ! isset( $payload['tables'][ $key ] ) ) {
+				continue;
+			}
+			$table = Schema::table( $key );
+			if ( '' === $table ) {
+				continue;
+			}
+			// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery
+			$this->wpdb->query( "TRUNCATE TABLE {$table}" );
+		}
+
+		// Re-insert in dependency order.
+		foreach ( self::$table_keys as $key ) {
+			if ( ! isset( $payload['tables'][ $key ] ) ) {
+				$result['skipped'][] = $key;
+				continue;
+			}
+
+			$table = Schema::table( $key );
+			if ( '' === $table ) {
+				$result['skipped'][] = $key;
+				continue;
+			}
+
+			$rows  = (array) $payload['tables'][ $key ];
+			$count = 0;
+
+			foreach ( $rows as $row ) {
+				if ( ! is_array( $row ) || empty( $row ) ) {
+					continue;
+				}
+				// Sanitize keys – only allow simple column names.
+				$clean = array();
+				foreach ( $row as $col => $val ) {
+					$col_clean = preg_replace( '/[^a-zA-Z0-9_]/', '', (string) $col );
+					if ( '' !== $col_clean ) {
+						$clean[ $col_clean ] = $val;
+					}
+				}
+
+				$inserted = $this->wpdb->insert( $table, $clean ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
+				if ( false !== $inserted ) {
+					$count++;
+				} else {
+					$result['errors'][] = sprintf(
+						/* translators: 1: table key 2: DB error */
+						__( 'Fehler beim Einfügen in %1$s: %2$s', KGVVM_TEXT_DOMAIN ),
+						$key,
+						(string) $this->wpdb->last_error
+					);
+				}
+			}
+
+			$result['imported'][ $key ] = $count;
+		}
+
+		if ( empty( $result['errors'] ) ) {
+			$this->wpdb->query( 'COMMIT' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
+		} else {
+			$this->wpdb->query( 'ROLLBACK' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
+		}
+
+		$this->wpdb->query( 'SET FOREIGN_KEY_CHECKS = 1' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
+
+		return $result;
+	}
+
+	/**
+	 * Import member user accounts and their usermeta.
+	 *
+	 * @param array $members Member payload from export.
+	 * @return array
+	 */
+	private function import_members( array $members ) {
+		$result = array(
+			'users'  => 0,
+			'meta'   => 0,
+			'errors' => array(),
+		);
+
+		$users = isset( $members['users'] ) && is_array( $members['users'] ) ? $members['users'] : array();
+		$meta  = isset( $members['usermeta'] ) && is_array( $members['usermeta'] ) ? $members['usermeta'] : array();
+
+		if ( empty( $users ) ) {
+			return $result;
+		}
+
+		$imported_user_ids = array();
+
+		foreach ( $users as $row ) {
+			if ( ! is_array( $row ) ) {
+				continue;
+			}
+
+			$user_id = isset( $row['ID'] ) ? absint( $row['ID'] ) : 0;
+			$login   = isset( $row['user_login'] ) ? sanitize_user( (string) $row['user_login'], true ) : '';
+			$email   = isset( $row['user_email'] ) ? sanitize_email( (string) $row['user_email'] ) : '';
+
+			if ( $user_id < 1 || '' === $login || '' === $email ) {
+				continue;
+			}
+
+			$data = array(
+				'user_login'          => $login,
+				'user_pass'           => isset( $row['user_pass'] ) ? (string) $row['user_pass'] : '',
+				'user_nicename'       => isset( $row['user_nicename'] ) ? sanitize_title( (string) $row['user_nicename'] ) : sanitize_title( $login ),
+				'user_email'          => $email,
+				'user_url'            => isset( $row['user_url'] ) ? esc_url_raw( (string) $row['user_url'] ) : '',
+				'user_registered'     => isset( $row['user_registered'] ) ? (string) $row['user_registered'] : current_time( 'mysql', true ),
+				'user_activation_key' => isset( $row['user_activation_key'] ) ? (string) $row['user_activation_key'] : '',
+				'user_status'         => isset( $row['user_status'] ) ? (int) $row['user_status'] : 0,
+				'display_name'        => isset( $row['display_name'] ) ? sanitize_text_field( (string) $row['display_name'] ) : $login,
+			);
+
+			$exists = (int) $this->wpdb->get_var( $this->wpdb->prepare( "SELECT COUNT(*) FROM {$this->wpdb->users} WHERE ID = %d", $user_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+
+			if ( $exists > 0 ) {
+				$updated = $this->wpdb->update( $this->wpdb->users, $data, array( 'ID' => $user_id ) );
+				if ( false === $updated ) {
+					$result['errors'][] = sprintf(
+						/* translators: %d: user id */
+						__( 'Mitglied mit ID %d konnte nicht aktualisiert werden.', KGVVM_TEXT_DOMAIN ),
+						$user_id
+					);
+					continue;
+				}
+			} else {
+				$insert_data       = $data;
+				$insert_data['ID'] = $user_id;
+				$inserted          = $this->wpdb->insert( $this->wpdb->users, $insert_data );
+				if ( false === $inserted ) {
+					$result['errors'][] = sprintf(
+						/* translators: 1: user id 2: DB error */
+						__( 'Mitglied mit ID %1$d konnte nicht angelegt werden: %2$s', KGVVM_TEXT_DOMAIN ),
+						$user_id,
+						(string) $this->wpdb->last_error
+					);
+					continue;
+				}
+			}
+
+			$imported_user_ids[] = $user_id;
+			$result['users']++;
+		}
+
+		$imported_user_ids = array_values( array_unique( array_filter( array_map( 'absint', $imported_user_ids ) ) ) );
+
+		if ( empty( $imported_user_ids ) || empty( $meta ) ) {
+			return $result;
+		}
+
+		$placeholders = implode( ', ', array_fill( 0, count( $imported_user_ids ), '%d' ) );
+		$delete_sql   = "DELETE FROM {$this->wpdb->usermeta} WHERE user_id IN ({$placeholders})";
+		// phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+		$this->wpdb->query( $this->wpdb->prepare( $delete_sql, $imported_user_ids ) );
+
+		$allowed_ids = array_flip( $imported_user_ids );
+
+		foreach ( $meta as $row ) {
+			if ( ! is_array( $row ) ) {
+				continue;
+			}
+
+			$user_id = isset( $row['user_id'] ) ? absint( $row['user_id'] ) : 0;
+			if ( $user_id < 1 || ! isset( $allowed_ids[ $user_id ] ) ) {
+				continue;
+			}
+
+			$meta_key = isset( $row['meta_key'] ) ? (string) $row['meta_key'] : '';
+			if ( '' === $meta_key ) {
+				continue;
+			}
+
+			$meta_value = isset( $row['meta_value'] ) ? maybe_serialize( maybe_unserialize( $row['meta_value'] ) ) : '';
+
+			$inserted = $this->wpdb->insert(
+				$this->wpdb->usermeta,
+				array(
+					'user_id'    => $user_id,
+					'meta_key'   => $meta_key,
+					'meta_value' => $meta_value,
+				)
+			);
+
+			if ( false !== $inserted ) {
+				$result['meta']++;
+			}
+		}
+
+		return $result;
+	}
+}

includes/Repositories/CostRepository.php

@@ -93,11 +93,12 @@ class CostRepository extends AbstractRepository {
 			'distribution_type' => isset( $data['distribution_type'] ) ? $data['distribution_type'] : 'parcel',
 			'unit_amount'       => isset( $data['unit_amount'] ) ? (float) $data['unit_amount'] : 0,
 			'total_cost'        => (float) $data['total_cost'],
+			'is_mandatory'      => isset( $data['is_mandatory'] ) ? (int) (bool) $data['is_mandatory'] : 1,
 			'note'              => $data['note'],
 			'updated_at'        => $this->now(),
 		);
 
-		$formats = array( '%d', '%s', '%s', '%f', '%f', '%s', '%s' );
+		$formats = array( '%d', '%s', '%s', '%f', '%f', '%d', '%s', '%s' );
 
 		$this->ensure_year( $payload['entry_year'] );
 
@@ -107,7 +108,7 @@ class CostRepository extends AbstractRepository {
 		}
 
 		$payload['created_at'] = $this->now();
-		$this->wpdb->insert( $this->table, $payload, array( '%d', '%s', '%s', '%f', '%f', '%s', '%s', '%s' ) );
+		$this->wpdb->insert( $this->table, $payload, array( '%d', '%s', '%s', '%f', '%f', '%d', '%s', '%s', '%s' ) );
 
 		return $this->wpdb->insert_id;
 	}
@@ -221,6 +222,75 @@ class CostRepository extends AbstractRepository {
 		return $this->wpdb->get_row( $this->wpdb->prepare( "SELECT * FROM {$year_table} WHERE entry_year = %d", $year ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
 	}
 
+	/**
+	 * Get lock state for one statement year.
+	 *
+	 * @param int $year Selected year.
+	 * @return array
+	 */
+	public function get_statement_lock_state( $year ) {
+		$details = $this->get_year_details( $year );
+
+		if ( ! $details ) {
+			return array(
+				'is_locked' => false,
+				'locked_at' => null,
+				'locked_by' => 0,
+			);
+		}
+
+		return array(
+			'is_locked' => ! empty( $details->statement_is_locked ) && 1 === (int) $details->statement_is_locked,
+			'locked_at' => isset( $details->statement_locked_at ) ? $details->statement_locked_at : null,
+			'locked_by' => isset( $details->statement_locked_by ) ? (int) $details->statement_locked_by : 0,
+		);
+	}
+
+	/**
+	 * Check whether statement data for one year is locked.
+	 *
+	 * @param int $year Selected year.
+	 * @return bool
+	 */
+	public function is_statement_locked( $year ) {
+		$state = $this->get_statement_lock_state( $year );
+
+		return ! empty( $state['is_locked'] );
+	}
+
+	/**
+	 * Lock or unlock a statement year.
+	 *
+	 * @param int  $year       Selected year.
+	 * @param bool $is_locked  Target lock state.
+	 * @param int  $locked_by  User ID that changes the state.
+	 * @return bool
+	 */
+	public function set_statement_lock( $year, $is_locked, $locked_by = 0 ) {
+		$year = absint( $year );
+
+		if ( $year < 1 || ! $this->ensure_year( $year ) ) {
+			return false;
+		}
+
+		$payload = array(
+			'statement_is_locked' => $is_locked ? 1 : 0,
+			'statement_locked_at' => $is_locked ? $this->now() : null,
+			'statement_locked_by' => $is_locked ? absint( $locked_by ) : 0,
+			'updated_at'          => $this->now(),
+		);
+
+		$result = $this->wpdb->update(
+			$this->year_table(),
+			$payload,
+			array( 'entry_year' => $year ),
+			array( '%d', '%s', '%d', '%s' ),
+			array( '%d' )
+		);
+
+		return false !== $result;
+	}
+
 	/**
 	 * Save section-specific yearly prices.
 	 *
@@ -310,4 +380,146 @@ class CostRepository extends AbstractRepository {
 
 		return (float) $total;
 	}
+
+	// -------------------------------------------------------------------------
+	// Parcel cost assignments
+	// -------------------------------------------------------------------------
+
+	/**
+	 * Get the parcel cost assignments table name.
+	 *
+	 * @return string
+	 */
+	private function assignment_table() {
+		return Schema::table( 'parcel_cost_assignments' );
+	}
+
+	/**
+	 * Get cost entry IDs assigned to a specific parcel.
+	 *
+	 * @param int $parcel_id Parcel ID.
+	 * @return int[]
+	 */
+	public function get_assigned_entry_ids( $parcel_id ) {
+		$parcel_id = absint( $parcel_id );
+		$table     = $this->assignment_table();
+
+		if ( $parcel_id < 1 || '' === $table ) {
+			return array();
+		}
+
+		$ids = $this->wpdb->get_col( $this->wpdb->prepare( "SELECT cost_entry_id FROM {$table} WHERE parcel_id = %d", $parcel_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+
+		return array_map( 'intval', (array) $ids );
+	}
+
+	/**
+	 * Get all cost entry IDs that have at least one parcel assignment.
+	 *
+	 * @param int $year Optional – filter by entry year (0 = all years).
+	 * @return int[]
+	 */
+	public function get_entry_ids_with_assignments( $year = 0 ) {
+		$table = $this->assignment_table();
+
+		if ( '' === $table ) {
+			return array();
+		}
+
+		$year = absint( $year );
+
+		if ( $year > 0 ) {
+			$ids = $this->wpdb->get_col( $this->wpdb->prepare( // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+				"SELECT DISTINCT a.cost_entry_id FROM {$table} a
+				 INNER JOIN {$this->table} e ON e.id = a.cost_entry_id
+				 WHERE e.entry_year = %d",
+				$year
+			) );
+		} else {
+			$ids = $this->wpdb->get_col( "SELECT DISTINCT cost_entry_id FROM {$table}" ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery
+		}
+
+		return array_map( 'intval', (array) $ids );
+	}
+
+	/**
+	 * Assign a cost entry to a parcel.
+	 *
+	 * @param int $parcel_id     Parcel ID.
+	 * @param int $cost_entry_id Cost entry ID.
+	 * @return bool
+	 */
+	public function assign_to_parcel( $parcel_id, $cost_entry_id ) {
+		$parcel_id     = absint( $parcel_id );
+		$cost_entry_id = absint( $cost_entry_id );
+		$table         = $this->assignment_table();
+
+		if ( $parcel_id < 1 || $cost_entry_id < 1 || '' === $table ) {
+			return false;
+		}
+
+		$exists = (int) $this->wpdb->get_var( $this->wpdb->prepare( // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+			"SELECT COUNT(*) FROM {$table} WHERE parcel_id = %d AND cost_entry_id = %d",
+			$parcel_id,
+			$cost_entry_id
+		) );
+
+		if ( $exists > 0 ) {
+			return true;
+		}
+
+		$result = $this->wpdb->insert(
+			$table,
+			array(
+				'parcel_id'     => $parcel_id,
+				'cost_entry_id' => $cost_entry_id,
+				'created_at'    => $this->now(),
+			),
+			array( '%d', '%d', '%s' )
+		);
+
+		return false !== $result;
+	}
+
+	/**
+	 * Remove a cost entry assignment from a parcel.
+	 *
+	 * @param int $parcel_id     Parcel ID.
+	 * @param int $cost_entry_id Cost entry ID.
+	 * @return bool
+	 */
+	public function unassign_from_parcel( $parcel_id, $cost_entry_id ) {
+		$parcel_id     = absint( $parcel_id );
+		$cost_entry_id = absint( $cost_entry_id );
+		$table         = $this->assignment_table();
+
+		if ( $parcel_id < 1 || $cost_entry_id < 1 || '' === $table ) {
+			return false;
+		}
+
+		$result = $this->wpdb->delete(
+			$table,
+			array(
+				'parcel_id'     => $parcel_id,
+				'cost_entry_id' => $cost_entry_id,
+			),
+			array( '%d', '%d' )
+		);
+
+		return false !== $result;
+	}
+
+	/**
+	 * Remove all parcel assignments for a cost entry (e.g. when the entry is deleted).
+	 *
+	 * @param int $cost_entry_id Cost entry ID.
+	 * @return void
+	 */
+	public function delete_assignments_for_entry( $cost_entry_id ) {
+		$table = $this->assignment_table();
+
+		if ( '' !== $table && absint( $cost_entry_id ) > 0 ) {
+			$this->wpdb->delete( $table, array( 'cost_entry_id' => absint( $cost_entry_id ) ), array( '%d' ) );
+		}
+	}
 }

includes/Repositories/InventoryRepository.php

@@ -0,0 +1,336 @@
+<?php
+/**
+ * Inventory repository.
+ *
+ * @package KGV\VereinManager
+ */
+
+namespace KGV\VereinManager\Repositories;
+
+use KGV\VereinManager\Schema;
+
+if ( ! defined( 'ABSPATH' ) ) {
+	exit;
+}
+
+class InventoryRepository extends AbstractRepository {
+
+	/**
+	 * Resolve main inventory table name.
+	 *
+	 * @return string
+	 */
+	protected function resolve_table() {
+		return Schema::table( 'inventory_items' );
+	}
+
+	/**
+	 * Resolve loan table name.
+	 *
+	 * @return string
+	 */
+	private function loans_table() {
+		return Schema::table( 'inventory_loans' );
+	}
+
+	/**
+	 * Search inventory items.
+	 *
+	 * @param array $args Query arguments.
+	 * @return array
+	 */
+	public function search_items( $args = array() ) {
+		$search  = isset( $args['s'] ) ? sanitize_text_field( wp_unslash( $args['s'] ) ) : '';
+		$status  = isset( $args['status'] ) ? sanitize_key( wp_unslash( $args['status'] ) ) : '';
+		$orderby = $this->sanitize_orderby( isset( $args['orderby'] ) ? sanitize_key( wp_unslash( $args['orderby'] ) ) : 'name', array( 'name', 'total_quantity', 'available_quantity', 'is_active', 'updated_at' ), 'name' );
+		$order   = $this->sanitize_order( isset( $args['order'] ) ? sanitize_key( wp_unslash( $args['order'] ) ) : 'ASC' );
+
+		$sql    = "SELECT * FROM {$this->table} WHERE 1=1";
+		$params = array();
+
+		if ( '' !== $search ) {
+			$like     = '%' . $this->wpdb->esc_like( $search ) . '%';
+			$sql     .= ' AND (name LIKE %s OR storage_location LIKE %s OR description LIKE %s)';
+			$params[] = $like;
+			$params[] = $like;
+			$params[] = $like;
+		}
+
+		if ( in_array( $status, array( 'active', 'inactive' ), true ) ) {
+			$sql     .= ' AND is_active = %d';
+			$params[] = 'active' === $status ? 1 : 0;
+		}
+
+		$sql .= " ORDER BY {$orderby} {$order}, id DESC";
+
+		if ( ! empty( $params ) ) {
+			return $this->wpdb->get_results( $this->wpdb->prepare( $sql, $params ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+		}
+
+		return $this->wpdb->get_results( $sql ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery
+	}
+
+	/**
+	 * Save or update one inventory item.
+	 *
+	 * @param array $data Item payload.
+	 * @param int   $id   Optional item ID.
+	 * @return int|false
+	 */
+	public function save_item( $data, $id = 0 ) {
+		$payload = array(
+			'name'               => $data['name'],
+			'total_quantity'     => max( 0, (int) $data['total_quantity'] ),
+			'available_quantity' => max( 0, (int) $data['available_quantity'] ),
+			'storage_location'   => isset( $data['storage_location'] ) ? $data['storage_location'] : '',
+			'description'        => isset( $data['description'] ) ? $data['description'] : '',
+			'is_active'          => ! empty( $data['is_active'] ) ? 1 : 0,
+			'updated_at'         => $this->now(),
+		);
+
+		if ( $payload['available_quantity'] > $payload['total_quantity'] ) {
+			$payload['available_quantity'] = $payload['total_quantity'];
+		}
+
+		if ( $id > 0 ) {
+			$result = $this->wpdb->update(
+				$this->table,
+				$payload,
+				array( 'id' => absint( $id ) ),
+				array( '%s', '%d', '%d', '%s', '%s', '%d', '%s' ),
+				array( '%d' )
+			);
+
+			return false !== $result ? (int) $id : false;
+		}
+
+		$payload['created_at'] = $this->now();
+		$result                = $this->wpdb->insert( $this->table, $payload, array( '%s', '%d', '%d', '%s', '%s', '%d', '%s', '%s' ) );
+
+		return false !== $result ? (int) $this->wpdb->insert_id : false;
+	}
+
+	/**
+	 * Check whether one item has open loans.
+	 *
+	 * @param int $item_id Item ID.
+	 * @return bool
+	 */
+	public function has_open_loans( $item_id ) {
+		$item_id = absint( $item_id );
+		$table   = $this->loans_table();
+
+		if ( $item_id < 1 || '' === $table ) {
+			return false;
+		}
+
+		$count = (int) $this->wpdb->get_var( $this->wpdb->prepare( "SELECT COUNT(*) FROM {$table} WHERE item_id = %d AND status = %s", $item_id, 'open' ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+
+		return $count > 0;
+	}
+
+	/**
+	 * Get total currently borrowed quantity for one item.
+	 *
+	 * @param int $item_id Item ID.
+	 * @return int
+	 */
+	public function get_open_borrowed_quantity( $item_id ) {
+		$item_id = absint( $item_id );
+		$table   = $this->loans_table();
+
+		if ( $item_id < 1 || '' === $table ) {
+			return 0;
+		}
+
+		$sum = (int) $this->wpdb->get_var( $this->wpdb->prepare( "SELECT COALESCE(SUM(borrowed_quantity), 0) FROM {$table} WHERE item_id = %d AND status = %s", $item_id, 'open' ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+
+		return max( 0, $sum );
+	}
+
+	/**
+	 * Borrow an inventory item.
+	 *
+	 * @param int    $item_id   Item ID.
+	 * @param int    $user_id   Borrower user ID.
+	 * @param int    $quantity  Quantity.
+	 * @param string $due_date  Optional due date.
+	 * @param string $note      Optional note.
+	 * @return bool
+	 */
+	public function borrow_item( $item_id, $user_id, $quantity, $due_date = '', $note = '' ) {
+		$item_id  = absint( $item_id );
+		$user_id  = absint( $user_id );
+		$quantity = max( 0, (int) $quantity );
+		$loan_tab = $this->loans_table();
+
+		if ( $item_id < 1 || $user_id < 1 || $quantity < 1 || '' === $loan_tab ) {
+			return false;
+		}
+
+		$item = $this->find( $item_id );
+
+		if ( ! $item || (int) $item->available_quantity < $quantity ) {
+			return false;
+		}
+
+		$this->wpdb->query( 'START TRANSACTION' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
+
+		$inserted = $this->wpdb->insert(
+			$loan_tab,
+			array(
+				'item_id'           => $item_id,
+				'user_id'           => $user_id,
+				'borrowed_quantity' => $quantity,
+				'borrowed_at'       => $this->now(),
+				'due_date'          => '' !== $due_date ? $due_date : null,
+				'returned_at'       => null,
+				'note'              => $note,
+				'return_note'       => '',
+				'status'            => 'open',
+				'created_at'        => $this->now(),
+				'updated_at'        => $this->now(),
+			),
+			array( '%d', '%d', '%d', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s' )
+		);
+
+		if ( false === $inserted ) {
+			$this->wpdb->query( 'ROLLBACK' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
+			return false;
+		}
+
+		$updated = $this->wpdb->update(
+			$this->table,
+			array(
+				'available_quantity' => max( 0, (int) $item->available_quantity - $quantity ),
+				'updated_at'         => $this->now(),
+			),
+			array( 'id' => $item_id ),
+			array( '%d', '%s' ),
+			array( '%d' )
+		);
+
+		if ( false === $updated ) {
+			$this->wpdb->query( 'ROLLBACK' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
+			return false;
+		}
+
+		$this->wpdb->query( 'COMMIT' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
+		return true;
+	}
+
+	/**
+	 * Return one open loan.
+	 *
+	 * @param int    $loan_id      Loan ID.
+	 * @param string $return_note  Optional return note.
+	 * @return bool
+	 */
+	public function return_loan( $loan_id, $return_note = '' ) {
+		$loan_id  = absint( $loan_id );
+		$loan_tab = $this->loans_table();
+
+		if ( $loan_id < 1 || '' === $loan_tab ) {
+			return false;
+		}
+
+		$loan = $this->wpdb->get_row( $this->wpdb->prepare( "SELECT * FROM {$loan_tab} WHERE id = %d", $loan_id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+
+		if ( ! $loan || 'open' !== $loan->status ) {
+			return false;
+		}
+
+		$item = $this->find( (int) $loan->item_id );
+
+		if ( ! $item ) {
+			return false;
+		}
+
+		$this->wpdb->query( 'START TRANSACTION' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
+
+		$updated_loan = $this->wpdb->update(
+			$loan_tab,
+			array(
+				'status'      => 'returned',
+				'returned_at' => $this->now(),
+				'return_note' => $return_note,
+				'updated_at'  => $this->now(),
+			),
+			array( 'id' => $loan_id ),
+			array( '%s', '%s', '%s', '%s' ),
+			array( '%d' )
+		);
+
+		if ( false === $updated_loan ) {
+			$this->wpdb->query( 'ROLLBACK' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
+			return false;
+		}
+
+		$new_available = min( (int) $item->total_quantity, (int) $item->available_quantity + (int) $loan->borrowed_quantity );
+
+		$updated_item = $this->wpdb->update(
+			$this->table,
+			array(
+				'available_quantity' => $new_available,
+				'updated_at'         => $this->now(),
+			),
+			array( 'id' => (int) $loan->item_id ),
+			array( '%d', '%s' ),
+			array( '%d' )
+		);
+
+		if ( false === $updated_item ) {
+			$this->wpdb->query( 'ROLLBACK' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
+			return false;
+		}
+
+		$this->wpdb->query( 'COMMIT' ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
+		return true;
+	}
+
+	/**
+	 * Get open loans with item and borrower information.
+	 *
+	 * @return array
+	 */
+	public function get_open_loans() {
+		$table = $this->loans_table();
+
+		if ( '' === $table ) {
+			return array();
+		}
+
+		$sql = "SELECT l.*, i.name AS item_name, u.display_name AS borrower_name
+			FROM {$table} l
+			LEFT JOIN {$this->table} i ON i.id = l.item_id
+			LEFT JOIN {$this->wpdb->users} u ON u.ID = l.user_id
+			WHERE l.status = %s
+			ORDER BY l.borrowed_at DESC, l.id DESC";
+
+		return $this->wpdb->get_results( $this->wpdb->prepare( $sql, 'open' ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+	}
+
+	/**
+	 * Get latest loan history entries.
+	 *
+	 * @param int $limit Number of rows.
+	 * @return array
+	 */
+	public function get_recent_loans( $limit = 20 ) {
+		$table = $this->loans_table();
+		$limit = max( 1, min( 200, (int) $limit ) );
+
+		if ( '' === $table ) {
+			return array();
+		}
+
+		$sql = "SELECT l.*, i.name AS item_name, u.display_name AS borrower_name
+			FROM {$table} l
+			LEFT JOIN {$this->table} i ON i.id = l.item_id
+			LEFT JOIN {$this->wpdb->users} u ON u.ID = l.user_id
+			ORDER BY l.borrowed_at DESC, l.id DESC
+			LIMIT %d";
+
+		return $this->wpdb->get_results( $this->wpdb->prepare( $sql, $limit ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+	}
+}

includes/Repositories/MeterReadingRepository.php

@@ -244,4 +244,25 @@ class MeterReadingRepository extends AbstractRepository {
 
 		return array_reverse( array_values( $monthly ) );
 	}
+
+	/**
+	 * Correct an existing reading (value, date, note).
+	 *
+	 * @param int   $id   Reading ID.
+	 * @param array $data Corrected data: reading_value, reading_date, note.
+	 * @return int|false
+	 */
+	public function update_reading( $id, $data ) {
+		return $this->wpdb->update(
+			$this->table,
+			array(
+				'reading_value' => (float) $data['reading_value'],
+				'reading_date'  => sanitize_text_field( $data['reading_date'] ),
+				'note'          => sanitize_textarea_field( $data['note'] ),
+			),
+			array( 'id' => absint( $id ) ),
+			array( '%f', '%s', '%s' ),
+			array( '%d' )
+		);
+	}
 }

includes/Repositories/WorkRepository.php

@@ -0,0 +1,470 @@
+<?php
+/**
+ * Work hours repository.
+ *
+ * @package KGV\VereinManager
+ */
+
+namespace KGV\VereinManager\Repositories;
+
+use KGV\VereinManager\Schema;
+
+if ( ! defined( 'ABSPATH' ) ) {
+	exit;
+}
+
+class WorkRepository extends AbstractRepository {
+
+	/**
+	 * Resolve main table (work_logs).
+	 *
+	 * @return string
+	 */
+	protected function resolve_table() {
+		return Schema::table( 'work_logs' );
+	}
+
+	/**
+	 * Jobs table.
+	 *
+	 * @return string
+	 */
+	private function jobs_table() {
+		return Schema::table( 'work_jobs' );
+	}
+
+	/**
+	 * Year config table.
+	 *
+	 * @return string
+	 */
+	private function year_config_table() {
+		return Schema::table( 'work_year_config' );
+	}
+
+	/**
+	 * Log members table.
+	 *
+	 * @return string
+	 */
+	private function members_table() {
+		return Schema::table( 'work_log_members' );
+	}
+
+	// -------------------------------------------------------------------------
+	// Jobs
+	// -------------------------------------------------------------------------
+
+	/**
+	 * Get all jobs.
+	 *
+	 * @return array
+	 */
+	public function get_jobs() {
+		$table = $this->jobs_table();
+		return $this->wpdb->get_results( "SELECT * FROM {$table} ORDER BY name ASC" ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery
+	}
+
+	/**
+	 * Get a single job by ID.
+	 *
+	 * @param int $id Job ID.
+	 * @return object|null
+	 */
+	public function find_job( $id ) {
+		$table = $this->jobs_table();
+		return $this->wpdb->get_row( $this->wpdb->prepare( "SELECT * FROM {$table} WHERE id = %d", absint( $id ) ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+	}
+
+	/**
+	 * Save or update a job.
+	 *
+	 * @param array $data Job data.
+	 * @param int   $id   Optional ID.
+	 * @return int|false
+	 */
+	public function save_job( $data, $id = 0 ) {
+		$table   = $this->jobs_table();
+		$payload = array(
+			'name'        => sanitize_text_field( $data['name'] ),
+			'description' => isset( $data['description'] ) ? sanitize_textarea_field( $data['description'] ) : '',
+			'updated_at'  => $this->now(),
+		);
+		$formats = array( '%s', '%s', '%s' );
+
+		if ( $id > 0 ) {
+			$this->wpdb->update( $table, $payload, array( 'id' => $id ), $formats, array( '%d' ) );
+			return $id;
+		}
+
+		$payload['created_at'] = $this->now();
+		$this->wpdb->insert( $table, $payload, array( '%s', '%s', '%s', '%s' ) );
+		return $this->wpdb->insert_id;
+	}
+
+	/**
+	 * Delete a job and related log members/logs.
+	 *
+	 * @param int $id Job ID.
+	 * @return bool
+	 */
+	public function delete_job( $id ) {
+		$id          = absint( $id );
+		$logs_table  = $this->table;
+		$mem_table   = $this->members_table();
+		$jobs_table  = $this->jobs_table();
+
+		// Delete members of all logs for this job.
+		$log_ids = $this->wpdb->get_col( $this->wpdb->prepare( "SELECT id FROM {$logs_table} WHERE job_id = %d", $id ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+		foreach ( array_map( 'absint', (array) $log_ids ) as $log_id ) {
+			$this->wpdb->delete( $mem_table, array( 'log_id' => $log_id ), array( '%d' ) );
+		}
+		// Delete logs.
+		$this->wpdb->delete( $logs_table, array( 'job_id' => $id ), array( '%d' ) );
+		// Delete job.
+		$result = $this->wpdb->delete( $jobs_table, array( 'id' => $id ), array( '%d' ) );
+		return false !== $result;
+	}
+
+	/**
+	 * Check if a job name already exists (for uniqueness).
+	 *
+	 * @param string $name Job name.
+	 * @param int    $exclude_id Exclude this ID.
+	 * @return bool
+	 */
+	public function job_name_exists( $name, $exclude_id = 0 ) {
+		$table = $this->jobs_table();
+		$sql   = $this->wpdb->prepare( "SELECT COUNT(*) FROM {$table} WHERE name = %s", sanitize_text_field( $name ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+		if ( $exclude_id > 0 ) {
+			$sql .= $this->wpdb->prepare( ' AND id != %d', absint( $exclude_id ) );
+		}
+		return (int) $this->wpdb->get_var( $sql ) > 0; // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+	}
+
+	// -------------------------------------------------------------------------
+	// Year config
+	// -------------------------------------------------------------------------
+
+	/**
+	 * Get config for a specific year (creates if missing).
+	 *
+	 * @param int $year Year.
+	 * @return object|null
+	 */
+	public function get_year_config( $year ) {
+		$year  = absint( $year );
+		$table = $this->year_config_table();
+		$row   = $this->wpdb->get_row( $this->wpdb->prepare( "SELECT * FROM {$table} WHERE entry_year = %d", $year ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+		return $row;
+	}
+
+	/**
+	 * Get all available configured years.
+	 *
+	 * @param int $selected_year Optional selected year to always include.
+	 * @return array
+	 */
+	public function get_years( $selected_year = 0 ) {
+		$config_table = $this->year_config_table();
+		$log_table    = $this->table;
+		$current_year = (int) current_time( 'Y' );
+
+		$config_years = $this->wpdb->get_col( "SELECT entry_year FROM {$config_table} ORDER BY entry_year DESC" ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery
+		$log_years    = $this->wpdb->get_col( "SELECT DISTINCT YEAR(work_date) FROM {$log_table}" ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery
+
+		$years   = array_map( 'absint', array_merge( (array) $config_years, (array) $log_years ) );
+		$years[] = $current_year;
+		$years[] = $current_year - 1;
+		$years[] = $current_year + 1;
+		if ( $selected_year > 0 ) {
+			$years[] = absint( $selected_year );
+		}
+
+		$years = array_values( array_unique( array_filter( $years ) ) );
+		rsort( $years, SORT_NUMERIC );
+		return $years;
+	}
+
+	/**
+	 * Save year configuration (upsert).
+	 *
+	 * @param int   $year                  Year.
+	 * @param float $required_hours        Required hours per member.
+	 * @param float $price_per_missing_hour Price per missing hour in €.
+	 * @return bool
+	 */
+	public function save_year_config( $year, $required_hours, $price_per_missing_hour ) {
+		$year                  = absint( $year );
+		$required_hours        = max( 0, (float) $required_hours );
+		$price_per_missing_hour = max( 0, (float) $price_per_missing_hour );
+		$table                 = $this->year_config_table();
+		$existing              = $this->get_year_config( $year );
+
+		if ( $existing ) {
+			$result = $this->wpdb->update(
+				$table,
+				array(
+					'required_hours'         => $required_hours,
+					'price_per_missing_hour' => $price_per_missing_hour,
+					'updated_at'             => $this->now(),
+				),
+				array( 'entry_year' => $year ),
+				array( '%f', '%f', '%s' ),
+				array( '%d' )
+			);
+			return false !== $result;
+		}
+
+		$result = $this->wpdb->insert(
+			$table,
+			array(
+				'entry_year'             => $year,
+				'required_hours'         => $required_hours,
+				'price_per_missing_hour' => $price_per_missing_hour,
+				'created_at'             => $this->now(),
+				'updated_at'             => $this->now(),
+			),
+			array( '%d', '%f', '%f', '%s', '%s' )
+		);
+		return false !== $result;
+	}
+
+	// -------------------------------------------------------------------------
+	// Work logs
+	// -------------------------------------------------------------------------
+
+	/**
+	 * Search work logs.
+	 *
+	 * @param array $args Query arguments (year, user_id, job_id, s, orderby, order).
+	 * @return array
+	 */
+	public function search_logs( $args = array() ) {
+		$year    = isset( $args['year'] ) ? absint( $args['year'] ) : 0;
+		$user_id = isset( $args['user_id'] ) ? absint( $args['user_id'] ) : 0;
+		$job_id  = isset( $args['job_id'] ) ? absint( $args['job_id'] ) : 0;
+		$search  = isset( $args['s'] ) ? sanitize_text_field( wp_unslash( $args['s'] ) ) : '';
+		$orderby = $this->sanitize_orderby(
+			isset( $args['orderby'] ) ? sanitize_key( wp_unslash( $args['orderby'] ) ) : 'work_date',
+			array( 'work_date', 'job_name', 'updated_at', 'created_at' ),
+			'work_date'
+		);
+		$order   = $this->sanitize_order( isset( $args['order'] ) ? sanitize_key( wp_unslash( $args['order'] ) ) : 'DESC' );
+
+		$logs_table = $this->table;
+		$jobs_table = $this->jobs_table();
+		$mem_table  = $this->members_table();
+
+		$sql    = "SELECT l.*, COALESCE(j.name, '') AS job_name FROM {$logs_table} l
+		           LEFT JOIN {$jobs_table} j ON j.id = l.job_id WHERE 1=1";
+		$params = array();
+
+		if ( $year > 0 ) {
+			$sql     .= ' AND YEAR(l.work_date) = %d';
+			$params[] = $year;
+		}
+
+		if ( $job_id > 0 ) {
+			$sql     .= ' AND l.job_id = %d';
+			$params[] = $job_id;
+		}
+
+		if ( $user_id > 0 ) {
+			$sql     .= " AND l.id IN (SELECT log_id FROM {$mem_table} WHERE user_id = %d)";
+			$params[] = $user_id;
+		}
+
+		if ( '' !== $search ) {
+			$like     = '%' . $this->wpdb->esc_like( $search ) . '%';
+			$sql     .= ' AND (j.name LIKE %s OR l.note LIKE %s)';
+			$params[] = $like;
+			$params[] = $like;
+		}
+
+		$sql .= " ORDER BY l.{$orderby} {$order}, l.id DESC";
+
+		if ( ! empty( $params ) ) {
+			return $this->wpdb->get_results( $this->wpdb->prepare( $sql, $params ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+		}
+
+		return $this->wpdb->get_results( $sql ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,WordPress.DB.DirectDatabaseQuery.DirectQuery
+	}
+
+	/**
+	 * Get a work log with its member assignments.
+	 *
+	 * @param int $id Log ID.
+	 * @return object|null
+	 */
+	public function find_log( $id ) {
+		$row = $this->find( $id );
+		if ( $row ) {
+			$row->members = $this->get_log_members( $id );
+		}
+		return $row;
+	}
+
+	/**
+	 * Save or update a work log including member assignments.
+	 *
+	 * @param array $data    Log data.
+	 * @param int   $id      Optional log ID.
+	 * @param array $members Array of [user_id => hours].
+	 * @return int|false
+	 */
+	public function save_log( $data, $id = 0, $members = array() ) {
+		$payload = array(
+			'job_id'     => absint( $data['job_id'] ),
+			'work_date'  => sanitize_text_field( $data['work_date'] ),
+			'note'       => isset( $data['note'] ) ? sanitize_textarea_field( $data['note'] ) : '',
+			'updated_at' => $this->now(),
+		);
+		$formats = array( '%d', '%s', '%s', '%s' );
+
+		if ( $id > 0 ) {
+			$this->wpdb->update( $this->table, $payload, array( 'id' => $id ), $formats, array( '%d' ) );
+			$log_id = $id;
+		} else {
+			$payload['created_at'] = $this->now();
+			$this->wpdb->insert( $this->table, $payload, array( '%d', '%s', '%s', '%s', '%s' ) );
+			$log_id = $this->wpdb->insert_id;
+		}
+
+		if ( $log_id && is_array( $members ) ) {
+			$this->sync_log_members( $log_id, $members );
+		}
+
+		return $log_id;
+	}
+
+	/**
+	 * Delete a work log and its member assignments.
+	 *
+	 * @param int $id Log ID.
+	 * @return bool
+	 */
+	public function delete_log( $id ) {
+		$id = absint( $id );
+		$this->wpdb->delete( $this->members_table(), array( 'log_id' => $id ), array( '%d' ) );
+		$result = $this->wpdb->delete( $this->table, array( 'id' => $id ), array( '%d' ) );
+		return false !== $result;
+	}
+
+	// -------------------------------------------------------------------------
+	// Log members
+	// -------------------------------------------------------------------------
+
+	/**
+	 * Get member assignments for a log.
+	 *
+	 * @param int $log_id Log ID.
+	 * @return array
+	 */
+	public function get_log_members( $log_id ) {
+		$table = $this->members_table();
+		return $this->wpdb->get_results( $this->wpdb->prepare( "SELECT * FROM {$table} WHERE log_id = %d", absint( $log_id ) ) ); // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+	}
+
+	/**
+	 * Sync member assignments for a log.
+	 *
+	 * @param int   $log_id  Log ID.
+	 * @param array $members Array of [user_id => hours].
+	 * @return void
+	 */
+	public function sync_log_members( $log_id, $members ) {
+		$log_id    = absint( $log_id );
+		$table     = $this->members_table();
+		$now       = $this->now();
+
+		$this->wpdb->delete( $table, array( 'log_id' => $log_id ), array( '%d' ) );
+
+		foreach ( $members as $user_id => $hours ) {
+			$user_id = absint( $user_id );
+			$hours   = max( 0, (float) $hours );
+			if ( $user_id < 1 ) {
+				continue;
+			}
+			$this->wpdb->insert(
+				$table,
+				array(
+					'log_id'     => $log_id,
+					'user_id'    => $user_id,
+					'hours'      => $hours,
+					'created_at' => $now,
+				),
+				array( '%d', '%d', '%f', '%s' )
+			);
+		}
+	}
+
+	// -------------------------------------------------------------------------
+	// Summary / statistics
+	// -------------------------------------------------------------------------
+
+	/**
+	 * Get completed hours per member for a given year.
+	 *
+	 * @param int $year Year.
+	 * @return array Array keyed by user_id with total hours.
+	 */
+	public function get_hours_per_member( $year ) {
+		$year      = absint( $year );
+		$log_table = $this->table;
+		$mem_table = $this->members_table();
+
+		$rows = $this->wpdb->get_results(
+			$this->wpdb->prepare(
+				"SELECT m.user_id, SUM(m.hours) AS total_hours
+				 FROM {$mem_table} m
+				 INNER JOIN {$log_table} l ON l.id = m.log_id
+				 WHERE YEAR(l.work_date) = %d
+				 GROUP BY m.user_id", // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+				$year
+			)
+		);
+
+		$result = array();
+		foreach ( $rows as $row ) {
+			$result[ absint( $row->user_id ) ] = (float) $row->total_hours;
+		}
+		return $result;
+	}
+
+	/**
+	 * Build per-member work summary for a year.
+	 *
+	 * Returns array of objects with user_id, display_name, completed_hours,
+	 * required_hours, missing_hours, surcharge.
+	 *
+	 * @param int   $year        Year.
+	 * @param array $all_members Array of WP_User objects.
+	 * @return array
+	 */
+	public function get_member_summary( $year, $all_members ) {
+		$config         = $this->get_year_config( $year );
+		$required_hours = $config ? (float) $config->required_hours : 0.0;
+		$price          = $config ? (float) $config->price_per_missing_hour : 0.0;
+		$done_map       = $this->get_hours_per_member( $year );
+
+		$summary = array();
+		foreach ( $all_members as $member ) {
+			$uid             = (int) $member->ID;
+			$completed       = isset( $done_map[ $uid ] ) ? $done_map[ $uid ] : 0.0;
+			$missing         = max( 0.0, $required_hours - $completed );
+			$surcharge       = round( $missing * $price, 2 );
+
+			$obj                  = new \stdClass();
+			$obj->user_id         = $uid;
+			$obj->display_name    = $member->display_name;
+			$obj->completed_hours = $completed;
+			$obj->required_hours  = $required_hours;
+			$obj->missing_hours   = $missing;
+			$obj->surcharge       = $surcharge;
+
+			$summary[] = $obj;
+		}
+		return $summary;
+	}
+}

includes/Schema.php

@@ -27,6 +27,8 @@ class Schema {
 			'parcels'        => $wpdb->prefix . 'kgvvm_parcels',
 			'meters'         => $wpdb->prefix . 'kgvvm_meters',
 			'tenants'        => $wpdb->prefix . 'kgvvm_tenants',
+			'inventory_items' => $wpdb->prefix . 'kgvvm_inventory_items',
+			'inventory_loans' => $wpdb->prefix . 'kgvvm_inventory_loans',
 			'parcel_members' => $wpdb->prefix . 'kgvvm_parcel_members',
 			'parcel_tenants' => $wpdb->prefix . 'kgvvm_parcel_tenants',
 			'chat_messages'  => $wpdb->prefix . 'kgvvm_chat_messages',
@@ -34,6 +36,11 @@ class Schema {
 			'cost_years'     => $wpdb->prefix . 'kgvvm_cost_years',
 			'cost_rates'     => $wpdb->prefix . 'kgvvm_cost_rates',
 			'cost_entries'      => $wpdb->prefix . 'kgvvm_cost_entries',
+			'work_jobs'         => $wpdb->prefix . 'kgvvm_work_jobs',
+			'work_year_config'  => $wpdb->prefix . 'kgvvm_work_year_config',
+'work_logs'              => $wpdb->prefix . 'kgvvm_work_logs',
+			'work_log_members'       => $wpdb->prefix . 'kgvvm_work_log_members',
+			'parcel_cost_assignments' => $wpdb->prefix . 'kgvvm_parcel_cost_assignments',
 		);
 
 		return isset( $map[ $key ] ) ? $map[ $key ] : '';
@@ -121,6 +128,42 @@ class Schema {
 			KEY is_active (is_active)
 		) {$charset_collate};";
 
+		$sql[] = "CREATE TABLE " . self::table( 'inventory_items' ) . " (
+			id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+			name VARCHAR(190) NOT NULL,
+			total_quantity INT UNSIGNED NOT NULL DEFAULT 0,
+			available_quantity INT UNSIGNED NOT NULL DEFAULT 0,
+			storage_location VARCHAR(190) NULL,
+			description TEXT NULL,
+			is_active TINYINT(1) NOT NULL DEFAULT 1,
+			created_at DATETIME NOT NULL,
+			updated_at DATETIME NOT NULL,
+			PRIMARY KEY  (id),
+			KEY name (name),
+			KEY is_active (is_active)
+		) {$charset_collate};";
+
+		$sql[] = "CREATE TABLE " . self::table( 'inventory_loans' ) . " (
+			id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+			item_id BIGINT UNSIGNED NOT NULL,
+			user_id BIGINT UNSIGNED NOT NULL,
+			borrowed_quantity INT UNSIGNED NOT NULL,
+			borrowed_at DATETIME NOT NULL,
+			due_date DATE NULL,
+			returned_at DATETIME NULL,
+			note TEXT NULL,
+			return_note TEXT NULL,
+			status VARCHAR(20) NOT NULL DEFAULT 'open',
+			created_at DATETIME NOT NULL,
+			updated_at DATETIME NOT NULL,
+			PRIMARY KEY  (id),
+			KEY item_id (item_id),
+			KEY user_id (user_id),
+			KEY status (status),
+			KEY borrowed_at (borrowed_at),
+			KEY due_date (due_date)
+		) {$charset_collate};";
+
 		$sql[] = "CREATE TABLE " . self::table( 'parcel_members' ) . " (
 			parcel_id BIGINT UNSIGNED NOT NULL,
 			user_id BIGINT UNSIGNED NOT NULL,
@@ -170,6 +213,9 @@ class Schema {
 			entry_year SMALLINT UNSIGNED NOT NULL,
 			power_price_per_kwh DECIMAL(12,4) NULL,
 			water_price_per_m3 DECIMAL(12,4) NULL,
+			statement_is_locked TINYINT(1) NOT NULL DEFAULT 0,
+			statement_locked_at DATETIME NULL,
+			statement_locked_by BIGINT UNSIGNED NOT NULL DEFAULT 0,
 			created_at DATETIME NOT NULL,
 			updated_at DATETIME NOT NULL,
 			PRIMARY KEY  (id),
@@ -196,6 +242,7 @@ class Schema {
 			distribution_type VARCHAR(20) NOT NULL DEFAULT 'parcel',
 			unit_amount DECIMAL(12,2) NULL,
 			total_cost DECIMAL(12,2) NOT NULL DEFAULT 0.00,
+			is_mandatory TINYINT(1) NOT NULL DEFAULT 1,
 			note TEXT NULL,
 			created_at DATETIME NOT NULL,
 			updated_at DATETIME NOT NULL,
@@ -205,6 +252,59 @@ class Schema {
 			KEY distribution_type (distribution_type)
 		) {$charset_collate};";
 
+		$sql[] = "CREATE TABLE " . self::table( 'work_jobs' ) . " (
+			id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+			name VARCHAR(190) NOT NULL,
+			description TEXT NULL,
+			created_at DATETIME NOT NULL,
+			updated_at DATETIME NOT NULL,
+			PRIMARY KEY  (id),
+			UNIQUE KEY name (name)
+		) {$charset_collate};";
+
+		$sql[] = "CREATE TABLE " . self::table( 'work_year_config' ) . " (
+			id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+			entry_year SMALLINT UNSIGNED NOT NULL,
+			required_hours DECIMAL(8,2) NOT NULL DEFAULT 0.00,
+			price_per_missing_hour DECIMAL(12,2) NOT NULL DEFAULT 0.00,
+			created_at DATETIME NOT NULL,
+			updated_at DATETIME NOT NULL,
+			PRIMARY KEY  (id),
+			UNIQUE KEY entry_year (entry_year)
+		) {$charset_collate};";
+
+		$sql[] = "CREATE TABLE " . self::table( 'work_logs' ) . " (
+			id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+			job_id BIGINT UNSIGNED NOT NULL DEFAULT 0,
+			work_date DATE NOT NULL,
+			note TEXT NULL,
+			created_at DATETIME NOT NULL,
+			updated_at DATETIME NOT NULL,
+			PRIMARY KEY  (id),
+			KEY job_id (job_id),
+			KEY work_date (work_date)
+		) {$charset_collate};";
+
+		$sql[] = "CREATE TABLE " . self::table( 'work_log_members' ) . " (
+			id BIGINT UNSIGNED NOT NULL AUTO_INCREMENT,
+			log_id BIGINT UNSIGNED NOT NULL,
+			user_id BIGINT UNSIGNED NOT NULL,
+			hours DECIMAL(8,2) NOT NULL DEFAULT 0.00,
+			created_at DATETIME NOT NULL,
+			PRIMARY KEY  (id),
+			UNIQUE KEY log_user (log_id, user_id),
+			KEY user_id (user_id),
+			KEY log_id (log_id)
+		) {$charset_collate};";
+
+		$sql[] = "CREATE TABLE " . self::table( 'parcel_cost_assignments' ) . " (
+			parcel_id BIGINT UNSIGNED NOT NULL,
+			cost_entry_id BIGINT UNSIGNED NOT NULL,
+			created_at DATETIME NOT NULL,
+			PRIMARY KEY  (parcel_id, cost_entry_id),
+			KEY cost_entry_id (cost_entry_id)
+		) {$charset_collate};";
+
 		foreach ( $sql as $statement ) {
 			dbDelta( $statement );
 		}
@@ -223,6 +323,8 @@ class Schema {
 			self::table( 'parcels' ),
 			self::table( 'meters' ),
 			self::table( 'tenants' ),
+			self::table( 'inventory_items' ),
+			self::table( 'inventory_loans' ),
 			self::table( 'parcel_members' ),
 			self::table( 'parcel_tenants' ),
 			self::table( 'chat_messages' ),
@@ -230,6 +332,11 @@ class Schema {
 			self::table( 'cost_years' ),
 			self::table( 'cost_rates' ),
 			self::table( 'cost_entries' ),
+			self::table( 'work_jobs' ),
+			self::table( 'work_year_config' ),
+			self::table( 'work_logs' ),
+			self::table( 'work_log_members' ),
+			self::table( 'parcel_cost_assignments' ),
 		);
 
 		foreach ( $tables as $table ) {
@@ -248,6 +355,13 @@ class Schema {
 		global $wpdb;
 
 		$tables = array(
+			self::table( 'parcel_cost_assignments' ),
+			self::table( 'work_log_members' ),
+			self::table( 'work_logs' ),
+			self::table( 'work_year_config' ),
+			self::table( 'work_jobs' ),
+			self::table( 'inventory_loans' ),
+			self::table( 'inventory_items' ),
 			self::table( 'cost_entries' ),
 			self::table( 'cost_rates' ),
 			self::table( 'cost_years' ),

includes/Validator.php

@@ -259,6 +259,7 @@ class Validator {
 		$unit_amount       = isset( $data['unit_amount'] ) ? str_replace( ',', '.', wp_unslash( $data['unit_amount'] ) ) : '';
 		$entry_year        = $this->sanitize_cost_year( $data );
 		$distribution_type = sanitize_key( wp_unslash( isset( $data['distribution_type'] ) ? $data['distribution_type'] : 'parcel' ) );
+		$is_mandatory      = isset( $data['is_mandatory'] ) && '1' === (string) wp_unslash( $data['is_mandatory'] );
 
 		return array(
 			'entry_year'        => $entry_year,
@@ -266,6 +267,7 @@ class Validator {
 			'distribution_type' => $distribution_type,
 			'unit_amount'       => '' === trim( (string) $unit_amount ) ? '' : (float) $unit_amount,
 			'total_cost'        => 0.0,
+			'is_mandatory'      => $is_mandatory,
 			'note'              => sanitize_textarea_field( wp_unslash( isset( $data['note'] ) ? $data['note'] : '' ) ),
 		);
 	}
@@ -365,6 +367,91 @@ class Validator {
 		return $errors;
 	}
 
+	/**
+	 * Sanitize one inventory item payload.
+	 *
+	 * @param array $data Raw request data.
+	 * @return array
+	 */
+	public function sanitize_inventory_item( $data ) {
+		return array(
+			'name'               => sanitize_text_field( wp_unslash( isset( $data['name'] ) ? $data['name'] : '' ) ),
+			'total_quantity'     => absint( isset( $data['total_quantity'] ) ? $data['total_quantity'] : 0 ),
+			'available_quantity' => absint( isset( $data['available_quantity'] ) ? $data['available_quantity'] : 0 ),
+			'storage_location'   => sanitize_text_field( wp_unslash( isset( $data['storage_location'] ) ? $data['storage_location'] : '' ) ),
+			'description'        => sanitize_textarea_field( wp_unslash( isset( $data['description'] ) ? $data['description'] : '' ) ),
+			'is_active'          => ! empty( $data['is_active'] ) ? 1 : 0,
+		);
+	}
+
+	/**
+	 * Validate one inventory item payload.
+	 *
+	 * @param array $data Sanitized data.
+	 * @return \WP_Error
+	 */
+	public function validate_inventory_item( $data ) {
+		$errors = new \WP_Error();
+
+		if ( '' === $data['name'] ) {
+			$errors->add( 'inventory_name_required', __( 'Bitte einen Namen für den Inventargegenstand eingeben.', KGVVM_TEXT_DOMAIN ) );
+		}
+
+		if ( (int) $data['total_quantity'] < 0 ) {
+			$errors->add( 'inventory_total_invalid', __( 'Die Gesamtmenge muss 0 oder größer sein.', KGVVM_TEXT_DOMAIN ) );
+		}
+
+		if ( (int) $data['available_quantity'] < 0 ) {
+			$errors->add( 'inventory_available_invalid', __( 'Die verfügbare Menge muss 0 oder größer sein.', KGVVM_TEXT_DOMAIN ) );
+		}
+
+		if ( (int) $data['available_quantity'] > (int) $data['total_quantity'] ) {
+			$errors->add( 'inventory_available_too_high', __( 'Die verfügbare Menge darf nicht größer als die Gesamtmenge sein.', KGVVM_TEXT_DOMAIN ) );
+		}
+
+		return $errors;
+	}
+
+	/**
+	 * Sanitize one inventory borrow request.
+	 *
+	 * @param array $data Raw request data.
+	 * @return array
+	 */
+	public function sanitize_inventory_loan( $data ) {
+		return array(
+			'item_id'  => absint( isset( $data['item_id'] ) ? $data['item_id'] : 0 ),
+			'user_id'  => absint( isset( $data['user_id'] ) ? $data['user_id'] : 0 ),
+			'quantity' => absint( isset( $data['quantity'] ) ? $data['quantity'] : 0 ),
+			'due_date' => $this->normalize_date( isset( $data['due_date'] ) ? $data['due_date'] : '' ),
+			'note'     => sanitize_textarea_field( wp_unslash( isset( $data['note'] ) ? $data['note'] : '' ) ),
+		);
+	}
+
+	/**
+	 * Validate one inventory borrow request.
+	 *
+	 * @param array $data Sanitized data.
+	 * @return \WP_Error
+	 */
+	public function validate_inventory_loan( $data ) {
+		$errors = new \WP_Error();
+
+		if ( (int) $data['item_id'] < 1 ) {
+			$errors->add( 'inventory_item_required', __( 'Bitte einen Inventargegenstand auswählen.', KGVVM_TEXT_DOMAIN ) );
+		}
+
+		if ( (int) $data['user_id'] < 1 ) {
+			$errors->add( 'inventory_user_required', __( 'Bitte ein Mitglied auswählen.', KGVVM_TEXT_DOMAIN ) );
+		}
+
+		if ( (int) $data['quantity'] < 1 ) {
+			$errors->add( 'inventory_quantity_required', __( 'Bitte eine gültige Ausleihmenge eingeben.', KGVVM_TEXT_DOMAIN ) );
+		}
+
+		return $errors;
+	}
+
 	/**
 	 * Normalize optional date fields to Y-m-d.
 	 *

kgv-verein-manager.php

@@ -1,25 +1,37 @@
 <?php
 /**
+ * @wordpress-plugin
  * Plugin Name: KGV Vereinsverwaltung
  * Plugin URI: https://apex-project.de/
  * Description: Verwaltung von Sparten, Parzellen, Mitgliedern, Pächtern sowie Wasser- und Stromzählern für Kleingartenvereine.
- * Version: 1.15.1
+ * Version: 1.17.7
  * Author: Ronny Grobel
- * Update URI: https://git.apex-project.de/RonnyG/KGV-Verein-Manager
+ * Author URI: https://apex-project.de/
- * GitHub Plugin URI: https://git.apex-project.de/RonnyG/KGV-Verein-Manager
+ * License: GPL v2 or later
+ * License URI: https://www.gnu.org/licenses/gpl-2.0.html
+ * Update URI: https://git.apex-project.de/Wordpress_Plugins/KGV-Verein-Manager.git
+ * Gitea Plugin URI: https://git.apex-project.de/Wordpress_Plugins/KGV-Verein-Manager.git
  * Text Domain: kgv-verein-manager
  * Domain Path: /languages
  * Requires at least: 6.0
  * Requires PHP: 7.2
- *
+ * Requires Plugins: KGV-Updater
  * @package KGV\VereinManager
+ * License:     GPLv2+
+ *
+ * Php Version 5.6
+ *
+ * @package WordPress
+ * @author  Ronny Grobel <dgsoft.de@gmail.com>
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
+ * @version 2026-04-16
  */
 
 if ( ! defined( 'ABSPATH' ) ) {
 	exit;
 }
 
-define( 'KGVVM_VERSION', '1.15.1' );
+define( 'KGVVM_VERSION', '1.17.8' );
 define( 'KGVVM_PLUGIN_FILE', __FILE__ );
 define( 'KGVVM_PLUGIN_DIR', plugin_dir_path( __FILE__ ) );
 define( 'KGVVM_PLUGIN_URL', plugin_dir_url( __FILE__ ) );
@@ -33,8 +45,9 @@ register_activation_hook( __FILE__, array( '\\KGV\\VereinManager\\Activator', 'a
 register_deactivation_hook( __FILE__, array( '\\KGV\\VereinManager\\Deactivator', 'deactivate' ) );
 
 add_action(
-	'plugins_loaded',
+	'init',
 	function() {
 		\KGV\VereinManager\Plugin::instance()->run();
-	}
+	},
+	1
 );

readme.txt

@@ -0,0 +1,94 @@
+=== KGV Vereinsverwaltung ===
+Contributors: ronnygrobel
+Tags: verein, mitgliederverwaltung, parzellen, zaehler, abrechnung
+Requires at least: 6.0
+Tested up to: 6.8
+Stable tag: 1.17.8
+Requires PHP: 7.2
+License: GPLv2 or later
+License URI: https://www.gnu.org/licenses/gpl-2.0.html
+
+Umfassende Verwaltung von Vereinsdaten, Parzellen, Mitgliedern und Zaehlerstaenden.
+
+== Description ==
+
+KGV Vereinsverwaltung bietet ein umfangreiches Backend fuer Kleingartenvereine mit Fokus auf Stammdaten, Verbraeuche und Organisation.
+
+= Features =
+
+* Vereins-Dashboard
+* Verwaltung von Sparten, Parzellen, Mitgliedern und Paechtern
+* Wasser- und Stromzaehlerverwaltung
+* Kosten- und Stammdatenverwaltung
+* Rollen- und Rechtekonzept
+* PDF- und Exportfunktionen
+
+== Installation ==
+
+1. Plugin in `wp-content/plugins/KGV-Verein-Manager/` hochladen.
+2. Plugin aktivieren.
+3. Menues, Rollen und Stammdaten im Backend einrichten.
+
+== Frequently Asked Questions ==
+
+= Welche Mindestanforderungen gelten? =
+
+WordPress ab 6.0 und PHP ab 7.2.
+
+= Ist das Plugin fuer Vereinsablaeufe ausgelegt? =
+
+Ja, insbesondere fuer Kleingartenvereine und deren Verwaltungsprozesse.
+
+== Changelog ==
+
+= 1.17.8 =
+Feat: Verbrauchsauswertung – Ablesung korrigieren (Datum, Zählerstand, Korrekturnotiz) und löschen direkt aus der Tabelle.
+
+= 1.17.7 =
+Feat: Inventarverwaltung – Gegenstände (Werkzeug etc.) erfassen, bearbeiten, löschen. Ausleihe und Rückgabe je Mitglied mit Notiz und Fälligkeitsdatum tracken. Export/Import integriert.
+
+= 1.17.6 =
+Feat: Jahresabrechnung kann festgeschrieben (gesperrt) werden. Alle Schreibzugriffe auf Kosten, Preise und Parzellenzuordnungen prüfen den Sperrstatus serverseitig.
+
+= 1.17.5 =
+Fix: Spaltenbreiten in Abrechnungstabellen angepasst für bessere Lesbarkeit langer Texte.
+
+= 1.17.4 =
+Fix: Checkbox "Verpflichtende Position" bei Kostenposten wird jetzt korrekt gespeichert wenn sie deaktiviert ist.
+
+= 1.17.3 =
+Verbesserung: Kostenübersicht zeigt jetzt direkt pro Kostenposten den Status Verpflichtend oder Manuell in einer eigenen Spalte an.
+
+= 1.17.2 =
+Fix: Manuelle Kostenpositionen auf der Jahresabrechnung einer Parzelle werden nach dem Hinzufügen jetzt sofort korrekt berücksichtigt. Pflichtpositionen ohne Einschränkung werden in der Seitenleiste als automatisch aktiv dargestellt.
+
+= 1.17.1 =
+Feat: is_mandatory Flag für Kostenpositionstypen - Kostenposten können jetzt als "verpflichtend" oder "manuell/optional" gekennzeichnet werden. Checkbox in der Kostenposten-Bearbeitung.
+
+= 1.17.0 =
+Parzellenspezifische Kostenpositionenzuweisung: Kostenposten können jetzt einzelnen Parzellen zugeordnet werden (z.B. Versicherung nur für bestimmte Parzellen). Editor auf der Jahresabrechnung Parzelle Seite mit übersichtlicher Liste und Hinzufügen/Entfernen-Funktionen. Zuordnungen werden in einer separaten Tabelle gespeichert und sind vollständig in Export/Import integriert.
+
+= 1.16.3 =
+* Datensicherung erweitert: Export und Import umfassen jetzt zusätzlich die zugehörigen WordPress-Mitgliederkonten inklusive Metadaten.
+
+= 1.16.2 =
+* Neue Datensicherungsfunktion unter Einstellungen: Export und Import aller kgvvm-Tabellen als JSON.
+* Import mit Sicherheitsprüfung und vollständigem Überschreiben der vorhandenen Plugin-Daten.
+
+= 1.16.1 =
+* Wartungsrelease mit synchronisierter Versionsnummer in Plugin-Header, Konstante und Readme-Dateien.
+* Release-Tag 1.16.1 gesetzt.
+
+= 1.16.0 =
+* Neues Modul Arbeitsstunden im Adminbereich mit drei Bereichen: geleistete Arbeiten, Mitgliederuebersicht und Arbeitsarten.
+* Pflichtstunden je Mitglied pro Jahr konfigurierbar, inklusive variablem Preis je fehlender Stunde fuer den Aufschlag in der Jahresrechnung.
+* Arbeitseintraege mit Datum, Arbeitsart und Notiz sowie Mehrfachzuordnung von Mitgliedern mit individuellen Stundenwerten.
+* Neue Datenbanktabellen fuer Arbeitsarten, Jahreseinstellungen, Arbeitseintraege und Stundenzuordnungen je Mitglied.
+
+= 1.15.6 =
+* Versionsabgleich zwischen Plugin-Header, Konstante und Readme.
+* WordPress-Readme-Format weiter vereinheitlicht.
+
+= 1.15.5 =
+* Aktuelle Version laut Plugin-Header.
+* Kontinuierliche Verbesserungen in Verwaltung und Datenpflege.