lean_cms 0.2.12

data/app/views/lean_cms/shared/_sidebar.html.erb

@@ -0,0 +1,102 @@
+<aside class="w-64 bg-white border-r border-gray-200 flex-shrink-0 overflow-y-auto">
+  <!-- Logo / Brand -->
+  <div class="h-16 flex items-center px-6 border-b border-gray-200">
+    <div class="flex items-center space-x-3">
+      <% if LeanCms.site_logo_path.present? %>
+        <%= image_tag LeanCms.site_logo_path, alt: LeanCms.site_name, class: "h-10 w-auto" %>
+      <% else %>
+        <div class="h-10 w-10 rounded-lg flex items-center justify-center text-white font-bold text-lg" style="background-color: var(--cms-primary);">
+          <%= LeanCms.site_name[0..1].upcase %>
+        </div>
+      <% end %>
+    </div>
+  </div>
+
+  <!-- Navigation -->
+  <nav class="mt-6 px-3">
+    <!-- Dashboard -->
+    <%= link_to lean_cms_root_path, class: "flex items-center px-3 py-2 text-sm font-medium rounded-lg mb-1 transition-colors #{current_page?(lean_cms_root_path) ? 'text-white' : 'text-gray-700 hover:bg-gray-100'}", style: current_page?(lean_cms_root_path) ? "background-color: var(--cms-primary);" : "" do %>
+      <svg class="w-5 h-5 mr-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M3 12l2-2m0 0l7-7 7 7M5 10v10a1 1 0 001 1h3m10-11l2 2m-2-2v10a1 1 0 01-1 1h-3m-6 0a1 1 0 001-1v-4a1 1 0 011-1h2a1 1 0 011 1v4a1 1 0 001 1m-6 0h6"/>
+      </svg>
+      Dashboard
+    <% end %>
+
+    <% if current_user&.can_edit_blog? || current_user&.can_edit_pages? %>
+      <!-- Content Section -->
+      <div class="mt-6 mb-2 px-3">
+        <h3 class="text-xs font-semibold text-gray-500 uppercase tracking-wider">Content</h3>
+      </div>
+
+      <% if current_user&.can_edit_blog? %>
+        <!-- Blog Posts -->
+        <%= link_to lean_cms_posts_path, class: "flex items-center px-3 py-2 text-sm font-medium rounded-lg mb-1 transition-colors #{controller_name == 'posts' ? 'text-white' : 'text-gray-700 hover:bg-gray-100'}", style: controller_name == 'posts' ? "background-color: var(--cms-primary);" : "" do %>
+          <svg class="w-5 h-5 mr-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M19 20H5a2 2 0 01-2-2V6a2 2 0 012-2h10a2 2 0 012 2v1m2 13a2 2 0 01-2-2V7m2 13a2 2 0 002-2V9a2 2 0 00-2-2h-2m-4-3H9M7 16h6M7 8h6v4H7V8z"/>
+          </svg>
+          Blog & Portfolio
+          <% if (count = LeanCms::Post.draft.count) > 0 %>
+            <span class="ml-auto bg-yellow-100 text-yellow-800 text-xs font-medium px-2 py-0.5 rounded-full"><%= count %></span>
+          <% end %>
+        <% end %>
+      <% end %>
+
+      <% if current_user&.can_edit_pages? %>
+        <!-- Page Content -->
+        <%= link_to lean_cms_page_contents_path, class: "flex items-center px-3 py-2 text-sm font-medium rounded-lg mb-1 transition-colors #{controller_name == 'page_contents' ? 'text-white' : 'text-gray-700 hover:bg-gray-100'}", style: controller_name == 'page_contents' ? "background-color: var(--cms-primary);" : "" do %>
+          <svg class="w-5 h-5 mr-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M11 5H6a2 2 0 00-2 2v11a2 2 0 002 2h11a2 2 0 002-2v-5m-1.414-9.414a2 2 0 112.828 2.828L11.828 15H9v-2.828l8.586-8.586z"/>
+          </svg>
+          Page Content
+        <% end %>
+      <% end %>
+    <% end %>
+
+    <!-- Form Submissions -->
+    <%= link_to lean_cms_form_submissions_path, class: "flex items-center px-3 py-2 text-sm font-medium rounded-lg mb-1 transition-colors #{controller_name == 'form_submissions' ? 'text-white' : 'text-gray-700 hover:bg-gray-100'}", style: controller_name == 'form_submissions' ? "background-color: var(--cms-primary);" : "" do %>
+      <svg class="w-5 h-5 mr-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M3 8l7.89 5.26a2 2 0 002.22 0L21 8M5 19h14a2 2 0 002-2V7a2 2 0 00-2-2H5a2 2 0 00-2 2v10a2 2 0 002 2z"/>
+      </svg>
+      Form Submissions
+      <% if (count = LeanCms::FormSubmission.unread.count) > 0 %>
+        <span class="ml-auto bg-red-100 text-red-800 text-xs font-medium px-2 py-0.5 rounded-full"><%= count %></span>
+      <% end %>
+    <% end %>
+
+    <% if current_user&.can_manage_users? %>
+      <!-- Administration Section -->
+      <div class="mt-6 mb-2 px-3">
+        <h3 class="text-xs font-semibold text-gray-500 uppercase tracking-wider">Administration</h3>
+      </div>
+
+      <!-- User Management -->
+      <%= link_to lean_cms_users_path, class: "flex items-center px-3 py-2 text-sm font-medium rounded-lg mb-1 transition-colors #{controller_name == 'users' ? 'text-white' : 'text-gray-700 hover:bg-gray-100'}", style: controller_name == 'users' ? "background-color: var(--cms-primary);" : "" do %>
+        <svg class="w-5 h-5 mr-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+          <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 4.354a4 4 0 110 5.292M15 21H3v-1a6 6 0 0112 0v1zm0 0h6v-1a6 6 0 00-9-5.197M13 7a4 4 0 11-8 0 4 4 0 018 0z"/>
+        </svg>
+        Users
+      <% end %>
+
+      <!-- Notification Settings -->
+      <% if current_user&.can_access_settings? %>
+        <%= link_to edit_lean_cms_notification_settings_path, class: "flex items-center px-3 py-2 text-sm font-medium rounded-lg mb-1 transition-colors #{controller_name == 'notification_settings' ? 'text-white' : 'text-gray-700 hover:bg-gray-100'}", style: controller_name == 'notification_settings' ? "background-color: var(--cms-primary);" : "" do %>
+          <svg class="w-5 h-5 mr-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M15 17h5l-1.405-1.405A2.032 2.032 0 0118 14.158V11a6.002 6.002 0 00-4-5.659V5a2 2 0 10-4 0v.341C7.67 6.165 6 8.388 6 11v3.159c0 .538-.214 1.055-.595 1.436L4 17h5m6 0v1a3 3 0 11-6 0v-1m6 0H9"/>
+          </svg>
+          Notification Settings
+        <% end %>
+      <% end %>
+
+      <!-- Activity Log (super admins only) -->
+      <% if current_user&.is_super_admin? %>
+        <%= link_to lean_cms_activity_path, class: "flex items-center px-3 py-2 text-sm font-medium rounded-lg mb-1 transition-colors #{controller_name == 'activity' ? 'text-white' : 'text-gray-700 hover:bg-gray-100'}", style: controller_name == 'activity' ? "background-color: var(--cms-primary);" : "" do %>
+          <svg class="w-5 h-5 mr-3" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-3 7h3m-3 4h3m-6-4h.01M9 16h.01"/>
+          </svg>
+          Activity Log
+        <% end %>
+      <% end %>
+    <% end %>
+
+  </nav>
+</aside>

data/app/views/lean_cms/users/_form.html.erb

@@ -0,0 +1,105 @@
+<%= form_with model: [:lean_cms, @user], class: "space-y-6" do |f| %>
+  <% if @user.errors.any? %>
+    <div class="bg-red-50 border border-red-200 text-red-800 px-4 py-3 rounded-lg">
+      <h3 class="font-medium">Please correct the following errors:</h3>
+      <ul class="mt-2 list-disc list-inside">
+        <% @user.errors.full_messages.each do |message| %>
+          <li><%= message %></li>
+        <% end %>
+      </ul>
+    </div>
+  <% end %>
+
+  <!-- Basic Information -->
+  <div class="bg-white rounded-lg shadow-sm border border-gray-200 p-6">
+    <h2 class="text-xl font-semibold text-gray-900 mb-4">User Information</h2>
+
+    <div class="space-y-4">
+      <div>
+        <%= f.label :name, class: "block text-sm font-medium text-gray-700 mb-1" %>
+        <%= f.text_field :name, class: "w-full px-3 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-[#b82025]/20 focus:border-[#b82025] outline-none", placeholder: "Full name" %>
+      </div>
+
+      <div>
+        <%= f.label :email_address, class: "block text-sm font-medium text-gray-700 mb-1" %>
+        <%= f.email_field :email_address, class: "w-full px-3 py-2 border border-gray-300 rounded-lg focus:ring-2 focus:ring-[#b82025]/20 focus:border-[#b82025] outline-none", placeholder: "email@example.com" %>
+      </div>
+    </div>
+  </div>
+
+  <!-- Permissions -->
+  <div class="bg-white rounded-lg shadow-sm border border-gray-200 p-6">
+    <h2 class="text-xl font-semibold text-gray-900 mb-4">Permissions</h2>
+    <p class="text-sm text-gray-600 mb-4">Select what this user can do in the CMS.</p>
+
+    <div class="space-y-4">
+      <div class="flex items-start">
+        <div class="flex items-center h-5">
+          <%= f.check_box :can_edit_pages, class: "w-4 h-4 text-[#b82025] bg-gray-100 border-gray-300 rounded focus:ring-[#b82025] focus:ring-2" %>
+        </div>
+        <div class="ml-3">
+          <%= f.label :can_edit_pages, class: "font-medium text-gray-900" do %>
+            Can Edit Pages
+          <% end %>
+          <p class="text-sm text-gray-600">Edit page content and sections</p>
+        </div>
+      </div>
+
+      <div class="flex items-start">
+        <div class="flex items-center h-5">
+          <%= f.check_box :can_edit_blog, class: "w-4 h-4 text-[#b82025] bg-gray-100 border-gray-300 rounded focus:ring-[#b82025] focus:ring-2" %>
+        </div>
+        <div class="ml-3">
+          <%= f.label :can_edit_blog, class: "font-medium text-gray-900" do %>
+            Can Edit Blog
+          <% end %>
+          <p class="text-sm text-gray-600">Create and edit blog posts and portfolio items</p>
+        </div>
+      </div>
+
+      <div class="flex items-start">
+        <div class="flex items-center h-5">
+          <%= f.check_box :can_manage_users, class: "w-4 h-4 text-[#b82025] bg-gray-100 border-gray-300 rounded focus:ring-[#b82025] focus:ring-2" %>
+        </div>
+        <div class="ml-3">
+          <%= f.label :can_manage_users, class: "font-medium text-gray-900" do %>
+            Can Manage Users
+          <% end %>
+          <p class="text-sm text-gray-600">Add, edit, and deactivate other users (except super admins)</p>
+        </div>
+      </div>
+
+      <% if current_user.is_super_admin? %>
+        <div class="flex items-start border-t border-gray-200 pt-4">
+          <div class="flex items-center h-5">
+            <%= f.check_box :can_access_settings, class: "w-4 h-4 text-[#b82025] bg-gray-100 border-gray-300 rounded focus:ring-[#b82025] focus:ring-2" %>
+          </div>
+          <div class="ml-3">
+            <%= f.label :can_access_settings, class: "font-medium text-gray-900" do %>
+              Can Access Settings
+            <% end %>
+            <p class="text-sm text-gray-600">Access and modify system settings</p>
+          </div>
+        </div>
+
+        <div class="flex items-start pt-2">
+          <div class="flex items-center h-5">
+            <%= f.check_box :is_super_admin, class: "w-4 h-4 text-purple-600 bg-gray-100 border-gray-300 rounded focus:ring-purple-500 focus:ring-2" %>
+          </div>
+          <div class="ml-3">
+            <%= f.label :is_super_admin, class: "font-medium text-purple-900" do %>
+              Super Admin
+            <% end %>
+            <p class="text-sm text-purple-600">Has all permissions and cannot be modified by regular admins. Use sparingly.</p>
+          </div>
+        </div>
+      <% end %>
+    </div>
+  </div>
+
+  <!-- Submit -->
+  <div class="flex items-center justify-between pt-4">
+    <%= link_to "Cancel", lean_cms_users_path, class: "px-4 py-2 text-gray-700 hover:bg-gray-100 rounded-lg transition-colors" %>
+    <%= f.submit @user.new_record? ? "Send Invitation" : "Update User", class: "px-6 py-2 bg-[#b82025] hover:bg-[#a01c20] text-white font-semibold rounded-lg transition-colors cursor-pointer" %>
+  </div>
+<% end %>

data/app/views/lean_cms/users/edit.html.erb

@@ -0,0 +1,8 @@
+<div class="max-w-2xl">
+  <div class="mb-8">
+    <h1 class="text-3xl font-bold text-gray-900">Edit User</h1>
+    <p class="text-gray-600 mt-2">Update user information and permissions</p>
+  </div>
+
+  <%= render "form" %>
+</div>

data/app/views/lean_cms/users/index.html.erb

@@ -0,0 +1,99 @@
+<div class="max-w-6xl">
+  <div class="flex justify-between items-center mb-8">
+    <div>
+      <h1 class="text-3xl font-bold text-gray-900">User Management</h1>
+      <p class="text-gray-600 mt-2">Manage CMS user accounts and permissions</p>
+    </div>
+    <%= link_to new_lean_cms_user_path, class: "inline-flex items-center px-4 py-2 border border-transparent text-sm font-medium rounded-lg text-white transition-colors hover:opacity-90", style: "background-color: var(--cms-primary, #b82025);" do %>
+      <svg class="w-5 h-5 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 4v16m8-8H4"/>
+      </svg>
+      Add User
+    <% end %>
+  </div>
+
+  <div class="bg-white rounded-lg shadow-sm border border-gray-200 overflow-hidden">
+    <table class="min-w-full divide-y divide-gray-200">
+      <thead class="bg-gray-50">
+        <tr>
+          <th class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">User</th>
+          <th class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Permissions</th>
+          <th class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Status</th>
+          <th class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Last Login</th>
+          <th class="px-6 py-3 text-right text-xs font-medium text-gray-500 uppercase tracking-wider">Actions</th>
+        </tr>
+      </thead>
+      <tbody class="bg-white divide-y divide-gray-200">
+        <% @users.each do |user| %>
+          <tr class="<%= user.active? ? '' : 'bg-gray-50 opacity-60' %>">
+            <td class="px-6 py-4 whitespace-nowrap">
+              <div class="flex items-center">
+                <div class="h-10 w-10 rounded-full flex items-center justify-center text-white text-sm font-medium" style="background-color: var(--cms-primary, #b82025);">
+                  <%= user.display_name[0].upcase %>
+                </div>
+                <div class="ml-4">
+                  <div class="text-sm font-medium text-gray-900">
+                    <%= user.display_name %>
+                    <% if user.is_super_admin? %>
+                      <span class="ml-2 px-2 py-0.5 text-xs bg-purple-100 text-purple-800 rounded-full">Super Admin</span>
+                    <% end %>
+                    <% if user == current_user %>
+                      <span class="ml-1 px-2 py-0.5 text-xs bg-blue-100 text-blue-800 rounded-full">You</span>
+                    <% end %>
+                  </div>
+                  <div class="text-sm text-gray-500"><%= user.email_address %></div>
+                </div>
+              </div>
+            </td>
+            <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
+              <%= user.permissions_summary %>
+            </td>
+            <td class="px-6 py-4 whitespace-nowrap">
+              <% if user.active? %>
+                <span class="px-2 inline-flex text-xs leading-5 font-semibold rounded-full bg-green-100 text-green-800">Active</span>
+              <% else %>
+                <span class="px-2 inline-flex text-xs leading-5 font-semibold rounded-full bg-red-100 text-red-800">Inactive</span>
+              <% end %>
+            </td>
+            <td class="px-6 py-4 whitespace-nowrap text-sm text-gray-500">
+              <%= user.last_login_at ? time_ago_in_words(user.last_login_at) + " ago" : "Never" %>
+            </td>
+            <td class="px-6 py-4 whitespace-nowrap text-right text-sm font-medium">
+              <% if policy(user).update? %>
+                <%= link_to "Edit", edit_lean_cms_user_path(user), class: "text-[#b82025] hover:text-[#a01c20] mr-3" %>
+              <% end %>
+
+              <% if user.active? && policy(user).deactivate? && user != current_user %>
+                <%= button_to "Deactivate", deactivate_lean_cms_user_path(user), method: :patch, class: "text-gray-600 hover:text-gray-900 mr-3", form: { data: { turbo_confirm: "Are you sure you want to deactivate this user? They will no longer be able to log in." } } %>
+              <% elsif !user.active? && policy(user).activate? %>
+                <%= button_to "Activate", activate_lean_cms_user_path(user), method: :patch, class: "text-green-600 hover:text-green-900 mr-3" %>
+              <% end %>
+
+              <% if policy(user).send_password_reset? && user.active? %>
+                <%= button_to "Reset Password", send_password_reset_lean_cms_user_path(user), method: :post, class: "text-blue-600 hover:text-blue-900", form: { data: { turbo_confirm: "Send password reset email to #{user.email_address}?" } } %>
+              <% end %>
+            </td>
+          </tr>
+        <% end %>
+      </tbody>
+    </table>
+
+    <% if @users.empty? %>
+      <div class="text-center py-12">
+        <svg class="mx-auto h-12 w-12 text-gray-400" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+          <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 4.354a4 4 0 110 5.292M15 21H3v-1a6 6 0 0112 0v1zm0 0h6v-1a6 6 0 00-9-5.197M13 7a4 4 0 11-8 0 4 4 0 018 0z"/>
+        </svg>
+        <h3 class="mt-2 text-sm font-medium text-gray-900">No users</h3>
+        <p class="mt-1 text-sm text-gray-500">Get started by inviting a new user.</p>
+        <div class="mt-6">
+          <%= link_to new_lean_cms_user_path, class: "inline-flex items-center px-4 py-2 border border-transparent shadow-sm text-sm font-medium rounded-md text-white bg-[#b82025] hover:bg-[#a01c20]" do %>
+            <svg class="-ml-1 mr-2 h-5 w-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+              <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 4v16m8-8H4"/>
+            </svg>
+            Add User
+          <% end %>
+        </div>
+      </div>
+    <% end %>
+  </div>
+</div>

data/app/views/lean_cms/users/new.html.erb

@@ -0,0 +1,8 @@
+<div class="max-w-2xl">
+  <div class="mb-8">
+    <h1 class="text-3xl font-bold text-gray-900">Invite New User</h1>
+    <p class="text-gray-600 mt-2">The user will receive an email to set their password</p>
+  </div>
+
+  <%= render "form" %>
+</div>

data/app/views/lean_cms/users_mailer/admin_triggered_password_reset.html.erb

@@ -0,0 +1,13 @@
+<h1>Password Reset Request</h1>
+
+<p>Hello <%= @user.display_name %>,</p>
+
+<p>An administrator has requested a password reset for your account on <%= @site_name %> CMS.</p>
+
+<p>Click the link below to set a new password:</p>
+
+<p><%= link_to "Reset Your Password", @setup_url %></p>
+
+<p>This link will expire in 2 hours.</p>
+
+<p>If you did not expect this email, please contact your administrator.</p>

data/app/views/lean_cms/users_mailer/admin_triggered_password_reset.text.erb

@@ -0,0 +1,11 @@
+Password Reset Request
+
+Hello <%= @user.display_name %>,
+
+An administrator has requested a password reset for your account on <%= @site_name %> CMS.
+
+Reset your password by visiting: <%= @setup_url %>
+
+This link will expire in 2 hours.
+
+If you did not expect this email, please contact your administrator.

data/app/views/lean_cms/users_mailer/invitation.html.erb

@@ -0,0 +1,13 @@
+<h1>Welcome to <%= @site_name %> CMS</h1>
+
+<p>Hello <%= @user.display_name %>,</p>
+
+<p>You've been invited to manage content on <%= @site_name %>.</p>
+
+<p>Click the link below to set your password and activate your account:</p>
+
+<p><%= link_to "Set Your Password", @setup_url %></p>
+
+<p>This link will expire in 24 hours.</p>
+
+<p>If you did not expect this invitation, you can safely ignore this email.</p>

data/app/views/lean_cms/users_mailer/invitation.text.erb

@@ -0,0 +1,11 @@
+Welcome to <%= @site_name %> CMS
+
+Hello <%= @user.display_name %>,
+
+You've been invited to manage content on <%= @site_name %>.
+
+Set your password by visiting: <%= @setup_url %>
+
+This link will expire in 24 hours.
+
+If you did not expect this invitation, you can safely ignore this email.

data/app/views/lean_cms/users_mailer/reactivation.html.erb

@@ -0,0 +1,13 @@
+<h1>Your Account Has Been Reactivated</h1>
+
+<p>Hello <%= @user.display_name %>,</p>
+
+<p>Your account on <%= @site_name %> CMS has been reactivated.</p>
+
+<p>For security, you'll need to set a new password. Click the link below:</p>
+
+<p><%= link_to "Set Your Password", @setup_url %></p>
+
+<p>This link will expire in 2 hours.</p>
+
+<p>If you did not expect this email, please contact your administrator.</p>

data/app/views/lean_cms/users_mailer/reactivation.text.erb

@@ -0,0 +1,11 @@
+Your Account Has Been Reactivated
+
+Hello <%= @user.display_name %>,
+
+Your account on <%= @site_name %> CMS has been reactivated.
+
+For security, you'll need to set a new password. Visit: <%= @setup_url %>
+
+This link will expire in 2 hours.
+
+If you did not expect this email, please contact your administrator.

data/config/importmap.rb

@@ -0,0 +1,8 @@
+pin_all_from File.expand_path("../app/javascript/controllers", __dir__), under: "controllers"
+
+# Action Text editor (Trix). The field-editor modal renders <trix-editor>
+# for any rich_text field, which needs both `trix` and `@rails/actiontext`
+# loaded. Pin them here so hosts get them automatically — host pins win
+# on conflict if a host wants a different version.
+pin "trix"
+pin "@rails/actiontext", to: "actiontext.esm.js"

data/config/routes.rb

@@ -0,0 +1,78 @@
+Rails.application.routes.draw do
+  namespace :lean_cms, path: 'lean-cms' do
+    # Authentication
+    get    'login',   to: 'sessions#new',     as: :new_session
+    post   'login',   to: 'sessions#create',  as: :session
+    delete 'login',   to: 'sessions#destroy'
+
+    # Password reset (email-driven, sets a signed token on the user)
+    get   'reset-password',              to: 'passwords#new',    as: :new_password
+    post  'reset-password',              to: 'passwords#create', as: :passwords
+    get   'reset-password/:token/edit',  to: 'passwords#edit',   as: :edit_password
+    patch 'reset-password/:token',       to: 'passwords#update', as: :password
+    put   'reset-password/:token',       to: 'passwords#update'
+
+    # Magic-link password setup (new user invitations + admin-triggered resets)
+    get   'setup-password/:token', to: 'password_setup#show',   as: :password_setup
+    patch 'setup-password/:token', to: 'password_setup#update'
+
+    root to: 'dashboard#index'
+
+    # User Management
+    resources :users, except: [:destroy] do
+      member do
+        patch :deactivate
+        patch :activate
+        post :send_password_reset
+      end
+    end
+
+    resources :posts
+
+    # Page Contents - section-based editing
+    get 'page-contents', to: 'page_contents#index', as: :page_contents
+
+    # Page Contents - inline field editing (MUST come before section routes)
+    get 'page-contents/field/:id/edit', to: 'page_contents#edit_field', as: :edit_page_content_field
+    patch 'page-contents/field/:id', to: 'page_contents#update_field', as: :update_page_content_field
+    get  'page-contents/field/:id/undo/preview', to: 'page_contents#preview_undo_field', as: :preview_undo_page_content_field
+    post 'page-contents/field/:id/undo', to: 'page_contents#undo_field', as: :undo_page_content_field
+
+    # Page Contents - section routes
+    get 'page-contents/:page/:section/edit', to: 'page_contents#edit', as: :edit_page_content
+    patch 'page-contents/:page/:section', to: 'page_contents#update', as: :page_content
+
+    resources :form_submissions, only: [:index, :show, :destroy] do
+      member do
+        patch :mark_as_read
+        patch :mark_as_replied
+      end
+    end
+
+    # Activity Log
+    get 'activity', to: 'activity#index', as: :activity
+
+    # Settings
+    get 'settings', to: 'settings#edit', as: :settings
+    patch 'settings', to: 'settings#update'
+    patch 'settings/update_override', to: 'settings#update_override'
+    post 'settings/lock', to: 'settings#lock', as: :lock_content
+    post 'settings/unlock', to: 'settings#unlock', as: :unlock_content
+
+    # Notification Settings
+    resource :notification_settings, only: [:edit, :update] do
+      post :test_email, on: :collection
+      post :test_sms, on: :collection
+    end
+
+    # In-app Notifications
+    resources :notifications, only: [:index, :show] do
+      member do
+        patch :mark_as_read
+      end
+      collection do
+        patch :mark_all_as_read
+      end
+    end
+  end
+end

data/db/migrate/20251112034030_create_lean_cms_tables.rb

@@ -0,0 +1,131 @@
+class CreateLeanCmsTables < ActiveRecord::Migration[8.1]
+  def change
+    # Pages (must come before page_contents for FK)
+    create_table :lean_cms_pages, if_not_exists: true do |t|
+      t.string  :slug,             null: false
+      t.string  :parent_slug
+      t.string  :title,            null: false
+      t.string  :meta_title
+      t.text    :meta_description
+      t.boolean :published,        default: false, null: false
+      t.integer :position,         default: 0
+      t.timestamps
+
+      t.index [:slug, :parent_slug], unique: true
+    end
+
+    # Posts
+    create_table :lean_cms_posts, if_not_exists: true do |t|
+      # author / last_edited_by reference the host's user table. We intentionally
+      # don't add a database-level FK here — the host owns its user table
+      # (default `users`, but configurable via LeanCms.user_class) and SQLite's
+      # FK validation on later table rebuilds breaks if the host's users table
+      # name doesn't match. Belongs-to in the model gives us app-level integrity.
+      t.references :author,         null: false
+      t.references :last_edited_by
+      t.string  :title,            null: false
+      t.string  :slug,             null: false
+      t.text    :excerpt
+      t.integer :content_type,     default: 0, null: false
+      t.integer :status,           default: 0, null: false
+      t.datetime :published_at
+      t.timestamps
+
+      t.index :slug, unique: true
+      t.index [:status, :published_at]
+      t.index :content_type
+    end
+
+    # Page Contents
+    create_table :lean_cms_page_contents, if_not_exists: true do |t|
+      t.references :last_edited_by, null: false
+      t.integer :page_id
+      # FK constraint added at the bottom of this migration after both tables
+      # exist, so we can use add_foreign_key with an explicit column.
+      t.string  :page,              null: false
+      t.string  :section,           null: false
+      t.string  :key,               null: false
+      t.string  :label
+      t.text    :content
+      t.text    :value
+      t.integer :content_type,      default: 0
+      t.json    :options
+      t.integer :position,          default: 0
+      t.string  :display_title
+      t.string  :page_display_title
+      t.integer :page_order,        default: 0
+      t.integer :section_order,     default: 0
+      t.timestamps
+
+      t.index [:page, :section, :key], unique: true, name: "index_page_contents_on_page_section_key"
+      t.index [:page, :section],       name: "index_page_contents_on_page_and_section"
+      t.index [:page_order, :section_order, :position]
+      t.index :page_id
+    end
+
+    # Settings (key-value store)
+    create_table :lean_cms_settings, if_not_exists: true do |t|
+      t.string :key,   null: false
+      t.text   :value
+      t.timestamps
+
+      t.index :key, unique: true
+    end
+
+    # Notification Settings
+    create_table :lean_cms_notification_settings, if_not_exists: true do |t|
+      t.string  :email_provider
+      t.text    :sendgrid_api_key
+      t.text    :mailgun_api_key
+      t.string  :mailgun_domain
+      t.text    :twilio_account_sid
+      t.text    :twilio_auth_token
+      t.string  :twilio_from_number
+      t.text    :notification_emails
+      t.text    :notification_phones
+      t.boolean :email_enabled,   default: false
+      t.boolean :sms_enabled,     default: false
+      t.boolean :in_app_enabled,  default: true
+      t.timestamps
+    end
+
+    # Meta Tags (polymorphic)
+    create_table :lean_cms_meta_tags, if_not_exists: true do |t|
+      t.references :taggable, polymorphic: true, null: false
+      t.string :title
+      t.text   :description
+      t.string :og_image_url
+      t.string :canonical_url
+      t.json   :structured_data
+      t.timestamps
+
+      t.index [:taggable_type, :taggable_id]
+    end
+
+    # Form Submissions
+    create_table :lean_cms_form_submissions, if_not_exists: true do |t|
+      t.string  :form_type,       null: false
+      t.string  :name
+      t.string  :email
+      t.string  :phone
+      t.string  :company_name
+      t.string  :city
+      t.string  :state
+      t.string  :zip
+      t.text    :message
+      t.json    :additional_data
+      t.string  :ip_address
+      t.string  :user_agent
+      t.integer :status,          default: 0, null: false
+      t.timestamps
+
+      t.index :form_type
+      t.index :status
+      t.index :created_at
+    end
+
+    unless foreign_key_exists?(:lean_cms_page_contents, :lean_cms_pages, column: :page_id)
+      add_foreign_key :lean_cms_page_contents, :lean_cms_pages, column: :page_id
+    end
+  end
+end