Sonarqube temporarily turned off

- Add new "alle-kommentare" (all comments) view for staff users only
  - Allows staff to view and manage all user comments across the system
  - Grouped by document with user information displayed
  - Staff can delete any comment via the dedicated delete button
  - Restricts access via user_passes_test decorator

- Create all_comments.html template
  - Based on user_comments template with added username field
  - Shows comment author, creation time, and edit time
  - Provides delete functionality for comment management

- Update navigation menu
  - Add "Alle Kommentare" link in user dropdown menu
  - Link only visible to staff members

- Add URL route for alle-kommentare page
  - Path: /dokumente/alle-kommentare/
  - URL name: all_comments

- Bump application versions
  - Update footer version from 0.965 to 0.966
  - Update K8s deployment version from 0.917 to 0.918
  - ArgoCD deployment already at 0.966

All existing tests pass (148 tests total)

.argocdignore

@@ -0,0 +1,22 @@
+# ArgoCD ignore patterns
+# Exclude template files from ArgoCD deployment
+
+# Secret templates (deployed separately by scripts)
+templates/
+**/secret.yaml
+
+# Documentation and scripts
+docs/
+scripts/
+*.md
+README*
+
+# Development files
+.env*
+.git*
+.vscode/
+.idea/
+
+# CI/CD files
+.gitea/
+.github/

.gitea/workflows/build-containers-on-demand.yml

@@ -60,7 +60,7 @@ jobs:
           chmod +x /usr/local/bin/yq
           yq --version
 
-      - name: Read ${{ matrix.description }} image from deployment (old vs new)
+      - name: Read ${{ matrix.description }} image from deployment 
         id: img
         shell: bash
         run: |

Dockerfile

@@ -1,4 +1,4 @@
-FROM python:3.14 AS baustelle
+FROM python:3.15-rc-trixie AS baustelle
 RUN mkdir /app
 WORKDIR /app
 ENV PYTHONDONTWRITEBYTECODE=1
@@ -7,12 +7,12 @@ RUN pip install  --upgrade pip
 COPY requirements.txt /app/
 RUN pip install --no-cache-dir -r requirements.txt
 
-FROM python:3.14-slim
+FROM python:3.15-rc-slim-trixie
 RUN useradd -m -r appuser && \
     mkdir /app && \
     chown -R appuser /app
 
-COPY --from=baustelle /usr/local/lib/python3.14/site-packages/ /usr/local/lib/python3.14/site-packages/
+COPY --from=baustelle /usr/local/lib/python3.15/site-packages/ /usr/local/lib/python3.15/site-packages/
 COPY --from=baustelle /usr/local/bin/ /usr/local/bin/
 RUN rm /usr/bin/tar /usr/lib/x86_64-linux-gnu/libncur*
 WORKDIR /app
@@ -21,7 +21,9 @@ ENV PYTHONDONTWRITEBYTECODE=1
 ENV PYTHONUNBUFFERED=1
 USER appuser
 EXPOSE 8000
-RUN rm -rf /app/Dockerfile* \
+# Set build environment variable to enable fallback secret key during build
+ENV DOCKER_BUILDKIT=1
+RUN rm -rvf /app/Dockerfile* \
            /app/README.md \
            /app/argocd \
            /app/k8s \
@@ -30,7 +32,8 @@ RUN rm -rf /app/Dockerfile* \
            /app/requirements.txt \
            /app/node_modules \
            /app/*.json \
+           /app/scripts \
            /app/test_*.py && \
-    python3 manage.py collectstatic
+       python3 /app/manage.py collectstatic --noinput
 CMD ["gunicorn","--bind","0.0.0.0:8000","--workers","3","VorgabenUI.wsgi:application"]
 

Documentation/diagramm.md

@@ -540,5 +540,5 @@ digraph {
 Bei Fragen oder Problemen mit Diagrammen:
 1. Code auf https://kroki.io/ testen
 2. Syntax-Dokumentation des jeweiligen Diagrammtyps konsultieren
-3. Diagramm-Cache leeren: `python manage.py clear_diagram_cache`
+3. (Nur mit Shell-Zugriff auf Kubernetes-Pod möglich): Diagramm-Cache leeren: `python manage.py clear_diagram_cache`
 4. Bei technischen Problemen: Information Security Management BIT kontaktieren

VorgabenUI/settings.py

@@ -20,13 +20,34 @@ BASE_DIR = Path(__file__).resolve().parent.parent
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/5.2/howto/deployment/checklist/
 
-# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = '429ti9tugj9güLLO))(G&G94KF452R3Fieaek$&6s#zlao-ca!#)_@j6*u+8s&bvfil^qyo%&-sov$ysi'
-
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+DEBUG = os.environ.get('DEBUG', 'True').lower() in ('true', '1', 'yes', 'on')
 
-ALLOWED_HOSTS = ["10.128.128.144","localhost","127.0.0.1","*"]
+# SECURITY WARNING: keep the secret key used in production secret!
+SECRET_KEY = os.environ.get('VORGABENUI_SECRET')
+if not SECRET_KEY:
+    # Check if we're in a build environment (Docker build, CI, etc.)
+    is_build_env = any([
+        os.environ.get('DOCKER_BUILDKIT'),  # Docker build
+        os.environ.get('CI'),               # CI environment
+        os.environ.get('GITHUB_ACTIONS'),   # GitHub Actions
+        os.environ.get('GITEA_ACTIONS'),    # Gitea Actions
+    ])
+    
+    # Use DEBUG environment variable or assume debug mode for local development
+    debug_mode = os.environ.get('DEBUG', 'True').lower() in ('true', '1', 'yes', 'on')
+    
+    if debug_mode or is_build_env:
+        # Fixed fallback key for local development and build environments
+        SECRET_KEY = 'dev-fallback-key-for-local-debugging-only-not-for-production-use-12345'
+        if not is_build_env:  # Don't log during build to avoid noise
+            import logging
+            logging.warning("🚨 Using fallback SECRET_KEY for local development. This should NEVER happen in production!")
+    else:
+        raise ValueError("VORGABENUI_SECRET environment variable is required")
+
+
+ALLOWED_HOSTS = os.environ.get('DJANGO_ALLOWED_HOSTS', "10.128.128.144,localhost,127.0.0.1,*").split(",")
 
 # Application definition
 
@@ -37,6 +58,7 @@ INSTALLED_APPS = [
     'django.contrib.sessions',
     'django.contrib.messages',
     'django.contrib.staticfiles',
+    'whitenoise',
     'dokumente',
     'abschnitte',
     'stichworte',
@@ -48,6 +70,7 @@ INSTALLED_APPS = [
 ]
 
 MIDDLEWARE = [
+    'whitenoise.middleware.WhiteNoiseMiddleware',
     'django.middleware.security.SecurityMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',
@@ -127,7 +150,7 @@ USE_TZ = True
 
 STATIC_URL = '/static/'
 #STATIC_ROOT="/home/adebaumann/VorgabenUI/staticfiles/"
-STATIC_ROOT="/app/staticfiles/"
+STATIC_ROOT="staticfiles/"
 STATICFILES_DIRS= (
     os.path.join(BASE_DIR,"static"),
     )
@@ -143,6 +166,12 @@ DIAGRAM_CACHE_DIR = 'diagram_cache'  # relative to MEDIA_ROOT
 # https://docs.djangoproject.com/en/5.2/ref/settings/#default-auto-field
 
 DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'
+
+# Custom error pages
+handler400 = 'pages.views.custom_400'
+handler403 = 'pages.views.custom_403'
+handler404 = 'pages.views.custom_404'
+handler500 = 'pages.views.custom_500'
 DATA_UPLOAD_MAX_NUMBER_FIELDS=10250
 NESTED_ADMIN_LAZY_INLINES = True
 
@@ -151,6 +180,24 @@ LOGIN_URL = 'login'
 LOGIN_REDIRECT_URL = '/'
 LOGOUT_REDIRECT_URL = 'login'
 
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
+        "OPTIONS": {
+            "min_length": 12,
+        },
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
+    },
+]
+
 #LOGGING = {
 #    "version": 1,
 #    "handlers"  :{

VorgabenUI/urls.py

@@ -40,9 +40,7 @@ urlpatterns = [
     path('password_change/done/', auth_views.PasswordChangeDoneView.as_view(template_name='registration/password_change_done.html'), name='password_change_done'),
 ]
 
-# Serve static files
-urlpatterns += static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)
-
 # Serve media files (including cached diagrams)
 if settings.DEBUG:
     urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
+    urlpatterns += static(settings.STATIC_URL, document_root=settings.STATIC_ROOT)

argocd/configmap.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: django-config
+  namespace: vorgabenui
+data:
+  # Django Configuration
+  DEBUG: "false"
+  DJANGO_ALLOWED_HOSTS: "vorgabenportal.knowyoursecurity.com,localhost,127.0.0.1,*"
+  DJANGO_SETTINGS_MODULE: "VorgabenUI.settings"
+  
+  # Application Configuration
+  LANGUAGE_CODE: "de-ch"
+  TIME_ZONE: "UTC"
+  
+  # Static and Media Configuration  
+  STATIC_URL: "/static/"
+  MEDIA_URL: "/media/"
+  
+  # Database Configuration (for future use)
+  # DATABASE_ENGINE: "django.db.backends.sqlite3"
+  # DATABASE_NAME: "/app/data/db.sqlite3"
+  
+  # Security Configuration
+  # CSRF_TRUSTED_ORIGINS: "https://vorgabenportal.knowyoursecurity.com"

argocd/deployment.yaml

@@ -18,15 +18,38 @@ spec:
         fsGroupChangePolicy: "OnRootMismatch"
       initContainers:
         - name: loader
-          image: git.baumann.gr/adebaumann/vui-data-loader:0.10
+          image: git.baumann.gr/adebaumann/vui-data-loader:0.11
           command: [ "sh","-c","cp -n preload/preload.sqlite3 /data/db.sqlite3; chown -R 999:999 /data; ls -la /data; sleep 10; exit 0" ]
           volumeMounts:
             - name: data
               mountPath: /data
       containers:
         - name: web
-          image: git.baumann.gr/adebaumann/vui:0.963
+          image: git.baumann.gr/adebaumann/vui:0.980
           imagePullPolicy: Always
+          env:
+          # Secret configuration
+          - name: VORGABENUI_SECRET
+            valueFrom:
+              secretKeyRef:
+                name: vorgabenui-secrets
+                key: vorgabenui_secret
+          # ConfigMap configuration
+          - name: DEBUG
+            valueFrom:
+              configMapKeyRef:
+                name: django-config
+                key: DEBUG
+          - name: DJANGO_ALLOWED_HOSTS
+            valueFrom:
+              configMapKeyRef:
+                name: django-config
+                key: DJANGO_ALLOWED_HOSTS
+          - name: DJANGO_SETTINGS_MODULE
+            valueFrom:
+              configMapKeyRef:
+                name: django-config
+                key: DJANGO_SETTINGS_MODULE
           ports:
             - containerPort: 8000
           volumeMounts:

docs/kubernetes-secrets.md

@@ -0,0 +1,383 @@
+# Kubernetes Configuration Management for VorgabenUI Django
+
+This document describes how to manage Django configuration using Kubernetes secrets and ConfigMaps.
+
+## Overview
+
+Django configuration has been moved to Kubernetes-native resources for improved security and flexibility:
+
+### **Secrets** (for sensitive data)
+- `VORGABENUI_SECRET` - Django SECRET_KEY
+- Future: Database passwords, API keys, etc.
+
+### **ConfigMaps** (for non-sensitive configuration)
+- `DEBUG` - Debug mode setting
+- `DJANGO_ALLOWED_HOSTS` - Allowed hostnames
+- `DJANGO_SETTINGS_MODULE` - Settings module path
+- Application configuration settings
+
+This approach ensures that:
+
+1. Sensitive data is not stored in version control
+2. Configuration is environment-specific
+3. Non-sensitive settings are easily manageable
+4. Follows Kubernetes best practices
+5. Includes fallback for local development
+
+## Files Changed
+
+### VorgabenUI/settings.py
+- Replaced hardcoded `SECRET_KEY` with `VORGABENUI_SECRET` environment variable lookup
+- Added fallback secret key for local development (only works when DEBUG=True)
+- Added warning when fallback key is used
+
+### Files Created/Updated
+
+#### **Configuration Resources**
+- `argocd/configmap.yaml` - Django configuration (DEBUG, ALLOWED_HOSTS, etc.)
+- `templates/configmap.yaml` - ConfigMap template (excluded from ArgoCD)
+- `templates/secret.yaml` - Secret template (excluded from ArgoCD deployment)
+- `argocd/secret.yaml` - ArgoCD-specific secret template with ignore annotation
+
+#### **Deployment Configuration**
+- `argocd/deployment.yaml` - Updated with Secret and ConfigMap environment variables
+- `.argocdignore` - ArgoCD ignore patterns for templates and scripts
+
+#### **Deployment Scripts**
+- `scripts/deploy-argocd-secret.sh` - ArgoCD-specific script to deploy secrets
+- `scripts/deploy-argocd-configmap.sh` - ArgoCD-specific script to deploy ConfigMap
+
+#### **Application Code**
+- `VorgabenUI/settings.py` - Updated to use environment variables from ConfigMap
+
+#### **Examples and Documentation**
+- `k8s/django-secret.yaml` - Updated for consistency (vorgabenui namespace)
+- `k8s/django-deployment-example.yaml` - Updated example deployment
+- `scripts/deploy-django-secret.sh` - Updated with new defaults
+
+## Usage
+
+### 1. Deploy ConfigMap (ArgoCD Production)
+
+**Deploy configuration first** (required before the application starts):
+
+```bash
+# Deploy ConfigMap to vorgabenui namespace
+./scripts/deploy-argocd-configmap.sh
+
+# Verify existing ConfigMap
+./scripts/deploy-argocd-configmap.sh --verify-only
+
+# Dry run to see what would happen
+./scripts/deploy-argocd-configmap.sh --dry-run
+
+# Get help
+./scripts/deploy-argocd-configmap.sh --help
+```
+
+### 2. Deploy the Secret (ArgoCD Production)
+
+**Deploy secret second** (contains sensitive SECRET_KEY):
+
+```bash
+# Deploy secret to vorgabenui namespace
+./scripts/deploy-argocd-secret.sh
+
+# Verify existing secret
+./scripts/deploy-argocd-secret.sh --verify-only
+
+# Dry run to see what would happen
+./scripts/deploy-argocd-secret.sh --dry-run
+
+# Get help
+./scripts/deploy-argocd-secret.sh --help
+```
+
+### 3. Deploy Resources for Other Environments
+
+For development or other environments, use the general scripts:
+
+```bash
+# Deploy ConfigMap to vorgabenui namespace (default)
+./scripts/deploy-django-secret.sh  # (includes ConfigMap deployment)
+
+# Deploy to specific namespace
+./scripts/deploy-django-secret.sh -n development
+
+# Get help
+./scripts/deploy-django-secret.sh --help
+```
+
+### 4. Environment Variable Configuration
+
+The ArgoCD deployment (`argocd/deployment.yaml`) is configured with:
+
+**Secret Variables:**
+```yaml
+env:
+# Secret configuration
+- name: VORGABENUI_SECRET
+  valueFrom:
+    secretKeyRef:
+      name: vorgabenui-secrets
+      key: vorgabenui_secret
+```
+
+**ConfigMap Variables:**
+```yaml
+# ConfigMap configuration
+- name: DEBUG
+  valueFrom:
+    configMapKeyRef:
+      name: django-config
+      key: DEBUG
+- name: DJANGO_ALLOWED_HOSTS
+  valueFrom:
+    configMapKeyRef:
+      name: django-config
+      key: DJANGO_ALLOWED_HOSTS
+- name: DJANGO_SETTINGS_MODULE
+  valueFrom:
+    configMapKeyRef:
+      name: django-config
+      key: DJANGO_SETTINGS_MODULE
+```
+
+For other deployments, see `k8s/django-deployment-example.yaml` for a complete example.
+
+### 5. Verify the Deployment
+
+**Check ConfigMap:**
+```bash
+kubectl get configmap django-config -n vorgabenui
+kubectl describe configmap django-config -n vorgabenui
+```
+
+**Check Secret:**
+```bash
+kubectl get secrets vorgabenui-secrets -n vorgabenui
+kubectl describe secret vorgabenui-secrets -n vorgabenui
+```
+
+**Check Django pods can access configuration:**
+```bash
+# Check secret variable
+kubectl exec -n vorgabenui deployment/django -- printenv VORGABENUI_SECRET
+
+# Check ConfigMap variables
+kubectl exec -n vorgabenui deployment/django -- printenv DEBUG
+kubectl exec -n vorgabenui deployment/django -- printenv DJANGO_ALLOWED_HOSTS
+
+# Check all environment variables
+kubectl exec -n vorgabenui deployment/django -- printenv | grep -E "(VORGABENUI|DEBUG|DJANGO)"
+```
+
+## Development Environment
+
+### Local Development with Fallback
+
+The application now includes a fallback secret key for local development. When running locally:
+
+1. **Automatic fallback**: If `VORGABENUI_SECRET` is not set and `DEBUG=True`, a fallback key is used automatically
+2. **Warning message**: The application will log a warning when using the fallback key (except during builds)
+3. **Production safety**: Fallback only works when `DEBUG=True` or in build environments
+
+### Docker Build Support
+
+The Django settings are designed to work seamlessly during Docker builds:
+
+1. **Build environment detection**: Automatically detects Docker builds, CI environments
+2. **Fallback activation**: Uses fallback key during build without requiring environment variables
+3. **No build-time secrets**: No need to provide `VORGABENUI_SECRET` during `docker build`
+4. **Runtime security**: Production containers still require the proper environment variable
+
+**Supported build environments:**
+- Docker builds (`DOCKER_BUILDKIT`)
+- CI environments (`CI`)
+- GitHub Actions (`GITHUB_ACTIONS`)
+- Gitea Actions (`GITEA_ACTIONS`)
+- Local development (`DEBUG=True`)
+
+### Manual Environment Variable
+
+You can still set the environment variable manually:
+
+```bash
+# Option 1: Export the variable
+export VORGABENUI_SECRET="your-development-key-here"
+python manage.py runserver
+
+# Option 2: Use a .env file (recommended)
+echo "VORGABENUI_SECRET=your-development-key-here" > .env
+# Then load it in your settings or use python-dotenv
+```
+
+### Development vs Production
+
+- **Local Development**: Fallback key works automatically when `DEBUG=True`
+- **Production**: Must have `VORGABENUI_SECRET` environment variable set, no fallback
+
+## ArgoCD Integration and Exclusions
+
+### Preventing ArgoCD from Deploying Secret Templates
+
+This setup includes multiple approaches to prevent ArgoCD from trying to deploy the secret template:
+
+#### 1. Template Directory (`templates/`)
+- Secret template moved to `templates/` directory
+- ArgoCD deployment script automatically uses this location
+- Excluded via `.argocdignore` file
+
+#### 2. ArgoCD Ignore Annotation
+- `argocd/secret.yaml` has `argocd.argoproj.io/ignore: "true"` annotation
+- Provides fallback if templates directory approach fails
+
+#### 3. `.argocdignore` File
+- Global exclusion patterns for templates, scripts, and documentation
+- Prevents ArgoCD from syncing non-deployment files
+
+### ArgoCD Sync Behavior
+- ArgoCD will sync only the actual deployment files (`deployment.yaml`, `ingress.yaml`, etc.)
+- Secret templates are excluded and must be deployed manually using the deployment script
+- This ensures secrets are created outside of GitOps workflow for security
+
+## Security Considerations
+
+1. **Never commit the actual SECRET_KEY** - Only templates and scripts are in version control
+2. **Use different keys per environment** - Production, staging, and development should all have unique keys
+3. **Rotate keys regularly** - Run the deployment script periodically to generate new keys
+4. **Limit access** - Use Kubernetes RBAC to control who can access secrets
+5. **ArgoCD exclusion** - Secret templates are excluded from ArgoCD to prevent empty/template secrets from being deployed
+
+## Troubleshooting
+
+### Django fails to start with "VORGABENUI_SECRET environment variable is required"
+
+This means the environment variable is not set in your pod and fallback conditions aren't met. Check:
+
+1. **Secret exists**: `kubectl get secret vorgabenui-secrets -n vorgabenui`
+2. **Deployment references secret correctly**: Check `argocd/deployment.yaml` env section
+3. **Pod has environment variable**: `kubectl exec <pod-name> -n vorgabenui -- env | grep VORGABENUI_SECRET`
+4. **For local development**: Ensure `DEBUG=True` to use the fallback key
+5. **For Docker builds**: Build should work automatically with fallback
+
+### Docker build fails with SECRET_KEY error
+
+This should no longer happen with the updated settings. If you still see issues:
+
+1. **Check build environment variables**: Build should detect `DOCKER_BUILDKIT=1`
+2. **Verify settings changes**: Ensure the updated `settings.py` is being used
+3. **Force environment detection**: Set `CI=1` during build if needed
+4. **Use explicit DEBUG**: Set `DEBUG=True` during build as fallback
+
+### Secret deployment fails
+
+Check that:
+
+1. You have kubectl access to the cluster
+2. You have permission to create secrets in the `vorgabenui` namespace
+3. Python3 is available for key generation
+4. The ArgoCD secret template exists: `argocd/secret.yaml`
+
+### Key rotation
+
+To rotate the SECRET_KEY:
+
+1. **For ArgoCD production**: Run `./scripts/deploy-argocd-secret.sh` again
+2. **For other environments**: Run `./scripts/deploy-django-secret.sh` again  
+3. Restart your Django pods to pick up the new key:
+   ```bash
+   # For ArgoCD production
+   kubectl rollout restart deployment/django -n vorgabenui
+   
+   # For other environments
+   kubectl rollout restart deployment/your-django-deployment -n your-namespace
+   ```
+
+## Script Options
+
+### ArgoCD Production Scripts
+
+#### **ConfigMap Script (`deploy-argocd-configmap.sh`)**
+
+Deploy Django configuration (non-sensitive):
+
+- `--verify-only` - Only verify existing ConfigMap, don't deploy
+- `--dry-run` - Show what would be deployed without applying
+- `-h, --help` - Show help message
+
+Configuration is hardcoded for ArgoCD:
+- Namespace: `vorgabenui`
+- ConfigMap name: `django-config`
+- ConfigMap file: `argocd/configmap.yaml`
+
+#### **Secret Script (`deploy-argocd-secret.sh`)**
+
+Deploy sensitive configuration:
+
+- `--verify-only` - Only verify existing secret, don't create new one
+- `--dry-run` - Show what would be done without making changes  
+- `-h, --help` - Show help message
+
+Configuration is hardcoded for ArgoCD:
+- Namespace: `vorgabenui`
+- Secret name: `vorgabenui-secrets`
+- Secret key: `vorgabenui_secret`
+- Template location: `templates/secret.yaml` (excluded from ArgoCD)
+
+### General Script (`deploy-django-secret.sh`)
+
+For development and other environments:
+
+- `-n, --namespace NAMESPACE` - Target Kubernetes namespace (default: vorgabenui)
+- `-s, --secret-name NAME` - Secret name (default: vorgabenui-secrets)
+- `-k, --key-name NAME` - Secret key name (default: vorgabenui_secret)
+- `-h, --help` - Show help message
+
+Environment variables:
+- `NAMESPACE` - Override default namespace
+
+## Migration from Hardcoded Key
+
+### Migration from Old Setup
+
+If you're migrating from the previous `DJANGO_SECRET_KEY` setup:
+
+1. **Deploy the new secret** using `./scripts/deploy-argocd-secret.sh`
+2. **Update any existing deployments** to use `VORGABENUI_SECRET` instead of `DJANGO_SECRET_KEY`
+3. **Test locally** - the fallback key should work automatically in DEBUG mode
+4. **Deploy the updated application** - ArgoCD deployment is already configured
+
+### Migration from Hardcoded Key
+
+If you're migrating from a completely hardcoded key:
+
+1. **Backup your current key** (in case you need to rollback)
+2. **Deploy the secret first** using the deployment script
+3. **Apply the updated ArgoCD deployment** (already done in this setup)
+4. **Test thoroughly** - local development should work with fallback
+5. **Deploy the updated settings.py** after confirming the secret works
+
+The ArgoCD deployment (`argocd/deployment.yaml`) now includes the environment variable configuration, so Django will automatically pick up the secret after deployment.
+
+## Deployment Order
+
+**Critical: Deploy resources in this order:**
+
+1. **ConfigMap first** (required for Django to start):
+   ```bash
+   ./scripts/deploy-argocd-configmap.sh
+   ```
+
+2. **Secret second** (contains sensitive data):
+   ```bash
+   ./scripts/deploy-argocd-secret.sh
+   ```
+
+3. **Application deployment** (ArgoCD will sync this automatically):
+   ```bash
+   kubectl apply -f argocd/deployment.yaml
+   # OR let ArgoCD sync from Git
+   ```
+
+If you deploy in the wrong order, Django pods will fail to start because they require both the ConfigMap and Secret to be available.

dokumente/admin.py

@@ -94,10 +94,18 @@ class EinleitungInline(NestedStackedInline):
 
 class VorgabeForm(forms.ModelForm):
     referenzen = TreeNodeMultipleChoiceField(queryset=Referenz.objects.all(), required=False)
+    
     class Meta:
         model = Vorgabe
         fields = '__all__'
     
+    def clean_thema(self):
+        """Validate that thema is provided."""
+        thema = self.cleaned_data.get('thema')
+        if not thema:
+            raise forms.ValidationError('Thema ist ein Pflichtfeld. Bitte wählen Sie ein Thema aus.')
+        return thema
+
 class VorgabeInline(SortableInlineAdminMixin, NestedStackedInline):
     model = Vorgabe
     form = VorgabeForm

dokumente/management/commands/export_xml.py

@@ -0,0 +1,39 @@
+from django.core.management.base import BaseCommand
+import xml.etree.ElementTree as ET
+from dokumente.models import Dokument
+from dokumente.utils import build_dokument_xml_element, prettify_xml
+
+
+class Command(BaseCommand):
+    help = 'Export all dokumente as XML'
+
+    def add_arguments(self, parser):
+        parser.add_argument(
+            '--output',
+            type=str,
+            help='Output file path (default: stdout)',
+        )
+
+    def handle(self, *args, **options):
+        dokumente = Dokument.objects.filter(aktiv=True).prefetch_related(
+            'autoren', 'pruefende', 'vorgaben__thema',
+            'vorgaben__referenzen', 'vorgaben__stichworte',
+            'vorgaben__checklistenfragen', 'vorgaben__vorgabekurztext_set',
+            'vorgaben__vorgabelangtext_set', 'geltungsbereich_set',
+            'einleitung_set', 'changelog__autoren'
+        ).order_by('nummer')
+
+        root = ET.Element('Vorgabendokumente')
+
+        for dokument in dokumente:
+            build_dokument_xml_element(dokument, root)
+
+        xml_str = ET.tostring(root, encoding='unicode', method='xml')
+        xml_output = prettify_xml(xml_str)
+
+        if options['output']:
+            with open(options['output'], 'w', encoding='utf-8') as f:
+                f.write(xml_output)
+            self.stdout.write(self.style.SUCCESS(f'XML exported to {options["output"]}'))
+        else:
+            self.stdout.write(xml_output)

dokumente/management/commands/import-document.py

@@ -71,6 +71,7 @@ class Command(BaseCommand):
                 "name": name,
                 "gueltigkeit_von": options["gueltigkeit_von"],
                 "gueltigkeit_bis": options["gueltigkeit_bis"],
+                "aktiv":False,
             },
         )
         if created:
@@ -319,6 +320,7 @@ class Command(BaseCommand):
                     thema=thema,
                     titel=v["titel"],
                     gueltigkeit_von=timezone.now().date(),
+                    order=0,
                 )
 
                 # Stichworte

dokumente/models.py

@@ -54,6 +54,34 @@ class Dokument(models.Model):
     def __str__(self):
         return f"{self.nummer} – {self.name}"
 
+    @property
+    def dates(self):
+        """
+        Returns an array of unique, chronologically sorted dates representing
+        state-change dates from all Vorgaben in this document.
+        
+        These are dates where Vorgaben become active (gueltigkeit_von) or change state
+        (the day after gueltigkeit_bis). The very last date in the list is excluded
+        as it has no relevance (nothing changes after it).
+        """
+        dates_set = set()
+        
+        # Get all vorgaben for this document
+        for vorgabe in self.vorgaben.all():
+            # Add gueltigkeit_von (when vorgabe becomes active)
+            if vorgabe.gueltigkeit_von:
+                dates_set.add(vorgabe.gueltigkeit_von)
+            
+            # Add the day after gueltigkeit_bis (when vorgabe expires/changes state)
+            # Only if gueltigkeit_bis is defined (not None)
+            if vorgabe.gueltigkeit_bis:
+                dates_set.add(vorgabe.gueltigkeit_bis + datetime.timedelta(days=1))
+        
+        # Return sorted unique dates from oldest to newest, excluding the last date
+        # (but only if there are multiple dates; single dates are kept)
+        sorted_dates = sorted(list(dates_set))
+        return sorted_dates[:-1] if len(sorted_dates) > 1 else sorted_dates
+
     class Meta:
         verbose_name_plural="Dokumente"
         verbose_name="Dokument"
@@ -141,6 +169,12 @@ class Vorgabe(models.Model):
         """
         from django.core.exceptions import ValidationError
 
+        # Check that thema is provided
+        if not self.thema_id:
+            raise ValidationError({
+                'thema': 'Thema ist ein Pflichtfeld. Bitte wählen Sie ein Thema aus.'
+            })
+
         # Check for conflicts with existing Vorgaben
         conflicts = self.find_conflicts()
         if conflicts:

dokumente/templates/standards/all_comments.html

@@ -0,0 +1,67 @@
+{% extends "base.html" %}
+
+{% block content %}
+<h1>Alle Kommentare</h1>
+
+{% if total_comments == 0 %}
+  <div class="alert alert-info">
+    <p>Es gibt noch keine Kommentare zu Vorgaben.</p>
+    <p><a href="{% url 'standard_list' %}">Zu den Standards</a></p>
+  </div>
+{% else %}
+  <p class="text-muted">Insgesamt {{ total_comments }} Kommentar{{ total_comments|pluralize:"e" }}</p>
+
+  {% for dokument, comments in comments_by_document.items %}
+  <div class="panel panel-default" style="margin-top: 2rem;">
+    <div class="panel-heading">
+      <h2 style="margin: 0;">
+        <a href="{% url 'standard_detail' nummer=dokument.nummer %}">
+          {{ dokument.nummer }} – {{ dokument.name }}
+        </a>
+      </h2>
+      <p style="margin: 0; color: #666; font-size: 0.9rem;">
+        {{ comments|length }} Kommentar{{ comments|length|pluralize:"e" }}
+      </p>
+    </div>
+    <div class="panel-body">
+      <div class="list-group">
+        {% for comment in comments %}
+        <div class="list-group-item" style="border-left: 3px solid #007bff; padding: 1rem;">
+          <div style="display: flex; justify-content: space-between; align-items: flex-start;">
+            <div style="flex: 1;">
+              <h4 style="margin: 0 0 0.5rem 0;">
+                <a href="{% url 'standard_detail' nummer=comment.vorgabe.dokument.nummer %}#{{ comment.vorgabe.Vorgabennummer }}">
+                  {{ comment.vorgabe.Vorgabennummer }}
+                </a> {{ comment.vorgabe.titel }}
+              </h4>
+              <p style="margin: 0 0 0.75rem 0; color: #666; font-size: 0.9rem;">
+                <strong>Benutzer:</strong> {{ comment.user.first_name }} {{ comment.user.last_name }}<br>
+                <strong>Erstellt:</strong> {{ comment.created_at|date:"d.m.Y H:i" }}
+                {% if comment.updated_at != comment.created_at %}
+                  <br>
+                  <strong>Bearbeitet:</strong> {{ comment.updated_at|date:"d.m.Y H:i" }}
+                {% endif %}
+              </p>
+            </div>
+            <form method="POST" action="{% url 'delete_vorgabe_comment' comment.id %}" 
+                  style="display: inline; margin-left: 1rem;"
+                  onsubmit="return confirm('Sind Sie sicher, dass Sie diesen Kommentar löschen möchten?');">
+              {% csrf_token %}
+              <button type="submit" class="btn btn-sm btn-danger">Löschen</button>
+            </form>
+          </div>
+          <div style="background: #f8f9fa; padding: 0.75rem; border-radius: 4px; margin-top: 0.5rem; white-space: pre-wrap; word-wrap: break-word;">
+            {{ comment.text }}
+          </div>
+        </div>
+        {% endfor %}
+      </div>
+    </div>
+  </div>
+  {% endfor %}
+{% endif %}
+
+<div style="margin-top: 2rem; padding-top: 2rem; border-top: 1px solid #ddd;">
+  <a href="{% url 'standard_list' %}" class="btn btn-default">Zu den Standards</a>
+</div>
+{% endblock %}

dokumente/templates/standards/standard_detail.html

@@ -16,9 +16,32 @@
 
   {% if standard.history == True %}
   <div class="alert alert-warning" role="alert">
+    {% if standard.is_future %}
+    <strong>Zukünftige Version vom {{ standard.check_date }}</strong>
+    {% else %}
     <strong>Historische Version vom {{ standard.check_date }}</strong>
+    {% endif %}
   </div>
   {% endif %}
+
+  <!-- History Dates Dropdown -->
+  {% if standard.dates %}
+  <div class="mb-3">
+    <div class="dropdown">
+      <a href="#" class="dropdown-toggle" data-toggle="dropdown" style="text-decoration: none;">
+        📅 Historische Versionen
+      </a>
+      <ul class="dropdown-menu" role="menu">
+        <li><a href="/dokumente/{{ standard.nummer }}/">Aktuelle Version</a></li>
+        <li class="divider"></li>
+        {% for date in standard.dates %}
+        <li><a href="/dokumente/{{ standard.nummer }}/history/{{ date|date:'Y-m-d' }}/">{{ date|date:'d.m.Y' }}</a></li>
+        {% endfor %}
+      </ul>
+    </div>
+  </div>
+  {% endif %}
+
   <!-- Einleitung -->
   {% if standard.einleitung_html %}
   <div class="row mb-4">
@@ -186,6 +209,11 @@
             download="{{ standard.nummer }}.json">
            JSON herunterladen
          </a>
+         <a href="{% url 'standard_xml' standard.nummer %}"
+            class="btn btn-secondary icon icon--before icon--download"
+            download="{{ standard.nummer }}.xml">
+           XML herunterladen
+         </a>
        </p>
     </div>
   </div>

dokumente/templates/standards/user_comments.html

@@ -32,7 +32,7 @@
               <h4 style="margin: 0 0 0.5rem 0;">
                 <a href="{% url 'standard_detail' nummer=comment.vorgabe.dokument.nummer %}#{{ comment.vorgabe.Vorgabennummer }}">
                   {{ comment.vorgabe.Vorgabennummer }}
-                </a>
+                </a> {{ comment.vorgabe.titel }}
               </h4>
               <p style="margin: 0 0 0.75rem 0; color: #666; font-size: 0.9rem;">
                 <strong>Erstellt:</strong> {{ comment.created_at|date:"d.m.Y H:i" }}

dokumente/test_import_command.py

@@ -0,0 +1,960 @@
+"""
+Tests for the import-document management command.
+
+This test suite covers:
+- Basic import functionality
+- Dry-run mode
+- Purge functionality
+- Error handling (missing file, dokumententyp, thema, abschnitttyp)
+- Context switching (einleitung → geltungsbereich → vorgabe)
+- Header normalization
+- Vorgaben with Kurztext, Langtext, Stichworte, Checklistenfragen
+- Edge cases and malformed input
+"""
+
+import os
+import tempfile
+from io import StringIO
+from pathlib import Path
+from django.test import TestCase
+from django.core.management import call_command
+from django.core.management.base import CommandError
+from dokumente.models import (
+    Dokumententyp,
+    Dokument,
+    Thema,
+    Vorgabe,
+    VorgabeKurztext,
+    VorgabeLangtext,
+    Geltungsbereich,
+    Einleitung,
+    Checklistenfrage,
+)
+from abschnitte.models import AbschnittTyp
+from stichworte.models import Stichwort
+
+
+class ImportDocumentCommandTestCase(TestCase):
+    """Test cases for the import-document management command"""
+
+    def setUp(self):
+        """Set up test fixtures"""
+        # Create required Dokumententyp
+        self.dokumententyp = Dokumententyp.objects.create(
+            name="IT-Sicherheit",
+            verantwortliche_ve="TEST-VE"
+        )
+
+        # Create required AbschnittTyp instances
+        self.text_typ = AbschnittTyp.objects.create(abschnitttyp="text")
+        self.liste_geordnet_typ = AbschnittTyp.objects.create(
+            abschnitttyp="liste geordnet"
+        )
+        self.liste_ungeordnet_typ = AbschnittTyp.objects.create(
+            abschnitttyp="liste ungeordnet"
+        )
+
+        # Create test Themen
+        self.thema_organisation = Thema.objects.create(
+            name="Organisation",
+            erklaerung="Organisatorische Anforderungen"
+        )
+        self.thema_technik = Thema.objects.create(
+            name="Technik",
+            erklaerung="Technische Anforderungen"
+        )
+        # Additional Themen for r009.txt example
+        self.thema_informationen = Thema.objects.create(
+            name="Informationen",
+            erklaerung="Informationssicherheit"
+        )
+        self.thema_systeme = Thema.objects.create(
+            name="Systeme",
+            erklaerung="Systemanforderungen"
+        )
+        self.thema_anwendungen = Thema.objects.create(
+            name="Anwendungen",
+            erklaerung="Anwendungsanforderungen"
+        )
+        self.thema_zonen = Thema.objects.create(
+            name="Zonen",
+            erklaerung="Zonenanforderungen"
+        )
+
+    def create_test_file(self, content):
+        """Helper to create a temporary test file with given content"""
+        fd, path = tempfile.mkstemp(suffix=".txt", text=True)
+        with os.fdopen(fd, 'w', encoding='utf-8') as f:
+            f.write(content)
+        return path
+
+    def test_basic_import_creates_document(self):
+        """Test that basic import creates a document"""
+        test_content = """>>>Einleitung
+>>>text
+This is the introduction.
+
+>>>geltungsbereich
+>>>text
+This is the scope.
+
+>>>Vorgabe Organisation
+>>>Nummer 1
+>>>Titel
+Test Requirement
+>>>Kurztext
+>>>Text
+Short description.
+>>>Langtext
+>>>Text
+Long description.
+"""
+        test_file = self.create_test_file(test_content)
+
+        try:
+            out = StringIO()
+            call_command(
+                'import-document',
+                test_file,
+                '--nummer', 'TEST-001',
+                '--name', 'Test Document',
+                '--dokumententyp', 'IT-Sicherheit',
+                stdout=out
+            )
+
+            # Check document was created
+            dokument = Dokument.objects.get(nummer='TEST-001')
+            self.assertEqual(dokument.name, 'Test Document')
+            self.assertEqual(dokument.dokumententyp, self.dokumententyp)
+
+            # Check output message
+            output = out.getvalue()
+            self.assertIn('Created Document TEST-001', output)
+            self.assertIn('Imported document TEST-001', output)
+
+        finally:
+            os.unlink(test_file)
+
+    def test_import_creates_einleitung(self):
+        """Test that Einleitung sections are created"""
+        test_content = """>>>Einleitung
+>>>text
+This is the introduction text.
+
+>>>geltungsbereich
+>>>text
+Scope text.
+"""
+        test_file = self.create_test_file(test_content)
+
+        try:
+            call_command(
+                'import-document',
+                test_file,
+                '--nummer', 'TEST-002',
+                '--name', 'Test Document 2',
+                '--dokumententyp', 'IT-Sicherheit'
+            )
+
+            dokument = Dokument.objects.get(nummer='TEST-002')
+            einleitung = Einleitung.objects.filter(einleitung=dokument)
+            self.assertEqual(einleitung.count(), 1)
+            self.assertEqual(einleitung.first().inhalt, 'This is the introduction text.')
+            self.assertEqual(einleitung.first().abschnitttyp, self.text_typ)
+
+        finally:
+            os.unlink(test_file)
+
+    def test_import_creates_geltungsbereich(self):
+        """Test that Geltungsbereich sections are created"""
+        test_content = """>>>geltungsbereich
+>>>text
+This standard applies to all servers.
+"""
+        test_file = self.create_test_file(test_content)
+
+        try:
+            call_command(
+                'import-document',
+                test_file,
+                '--nummer', 'TEST-003',
+                '--name', 'Test Document 3',
+                '--dokumententyp', 'IT-Sicherheit'
+            )
+
+            dokument = Dokument.objects.get(nummer='TEST-003')
+            geltungsbereich = Geltungsbereich.objects.filter(geltungsbereich=dokument)
+            self.assertEqual(geltungsbereich.count(), 1)
+            self.assertEqual(
+                geltungsbereich.first().inhalt,
+                'This standard applies to all servers.'
+            )
+            self.assertEqual(geltungsbereich.first().abschnitttyp, self.text_typ)
+
+        finally:
+            os.unlink(test_file)
+
+    def test_import_creates_vorgabe_with_all_fields(self):
+        """Test creating a Vorgabe with all fields"""
+        test_content = """>>>Vorgabe Organisation
+>>>Nummer 1
+>>>Titel
+Complete Requirement
+>>>Kurztext
+>>>Text
+Short text here.
+>>>Langtext
+>>>Text
+Long text here.
+>>>Stichworte
+Testing, Management, Security
+>>>Checkliste
+Is the requirement met?
+Has documentation been provided?
+"""
+        test_file = self.create_test_file(test_content)
+
+        try:
+            call_command(
+                'import-document',
+                test_file,
+                '--nummer', 'TEST-004',
+                '--name', 'Test Document 4',
+                '--dokumententyp', 'IT-Sicherheit'
+            )
+
+            dokument = Dokument.objects.get(nummer='TEST-004')
+            vorgabe = Vorgabe.objects.get(dokument=dokument, nummer=1)
+
+            # Check basic fields
+            self.assertEqual(vorgabe.titel, 'Complete Requirement')
+            self.assertEqual(vorgabe.thema, self.thema_organisation)
+
+            # Check Kurztext
+            kurztext = VorgabeKurztext.objects.filter(abschnitt=vorgabe)
+            self.assertEqual(kurztext.count(), 1)
+            self.assertEqual(kurztext.first().inhalt, 'Short text here.')
+
+            # Check Langtext
+            langtext = VorgabeLangtext.objects.filter(abschnitt=vorgabe)
+            self.assertEqual(langtext.count(), 1)
+            self.assertEqual(langtext.first().inhalt, 'Long text here.')
+
+            # Check Stichworte
+            stichworte = vorgabe.stichworte.all()
+            self.assertEqual(stichworte.count(), 3)
+            stichwort_names = {s.stichwort for s in stichworte}
+            self.assertEqual(stichwort_names, {'Testing', 'Management', 'Security'})
+
+            # Check Checklistenfragen
+            fragen = Checklistenfrage.objects.filter(vorgabe=vorgabe)
+            self.assertEqual(fragen.count(), 2)
+            frage_texts = {f.frage for f in fragen}
+            self.assertEqual(frage_texts, {
+                'Is the requirement met?',
+                'Has documentation been provided?'
+            })
+
+        finally:
+            os.unlink(test_file)
+
+    def test_import_multiple_vorgaben(self):
+        """Test importing multiple Vorgaben"""
+        test_content = """>>>Vorgabe Organisation
+>>>Nummer 1
+>>>Titel
+First Requirement
+>>>Kurztext
+>>>Text
+First requirement text.
+
+>>>Vorgabe Technik
+>>>Nummer 2
+>>>Titel
+Second Requirement
+>>>Kurztext
+>>>Text
+Second requirement text.
+
+>>>Vorgabe Organisation
+>>>Nummer 3
+>>>Titel
+Third Requirement
+>>>Kurztext
+>>>Text
+Third requirement text.
+"""
+        test_file = self.create_test_file(test_content)
+
+        try:
+            call_command(
+                'import-document',
+                test_file,
+                '--nummer', 'TEST-005',
+                '--name', 'Test Document 5',
+                '--dokumententyp', 'IT-Sicherheit'
+            )
+
+            dokument = Dokument.objects.get(nummer='TEST-005')
+            vorgaben = Vorgabe.objects.filter(dokument=dokument).order_by('nummer')
+
+            self.assertEqual(vorgaben.count(), 3)
+            self.assertEqual(vorgaben[0].nummer, 1)
+            self.assertEqual(vorgaben[0].thema, self.thema_organisation)
+            self.assertEqual(vorgaben[1].nummer, 2)
+            self.assertEqual(vorgaben[1].thema, self.thema_technik)
+            self.assertEqual(vorgaben[2].nummer, 3)
+            self.assertEqual(vorgaben[2].thema, self.thema_organisation)
+
+        finally:
+            os.unlink(test_file)
+
+    def test_dry_run_creates_no_data(self):
+        """Test that dry-run mode creates no database records"""
+        test_content = """>>>Einleitung
+>>>text
+Introduction text.
+
+>>>Vorgabe Organisation
+>>>Nummer 1
+>>>Titel
+Test Requirement
+>>>Kurztext
+>>>Text
+Short text.
+"""
+        test_file = self.create_test_file(test_content)
+
+        try:
+            out = StringIO()
+            call_command(
+                'import-document',
+                test_file,
+                '--nummer', 'TEST-DRY',
+                '--name', 'Dry Run Test',
+                '--dokumententyp', 'IT-Sicherheit',
+                '--dry-run',
+                stdout=out
+            )
+
+            # Document is created (for counting purposes) but not saved
+            output = out.getvalue()
+            self.assertIn('Dry run: no database changes will be made', output)
+            self.assertIn('Dry run complete', output)
+
+            # Check that Einleitung and Vorgabe were NOT created
+            dokument = Dokument.objects.get(nummer='TEST-DRY')
+            self.assertEqual(Einleitung.objects.filter(einleitung=dokument).count(), 0)
+            self.assertEqual(Vorgabe.objects.filter(dokument=dokument).count(), 0)
+
+        finally:
+            os.unlink(test_file)
+
+    def test_dry_run_verbose_shows_details(self):
+        """Test that dry-run with verbose shows detailed output"""
+        test_content = """>>>Einleitung
+>>>text
+Introduction.
+
+>>>Vorgabe Organisation
+>>>Nummer 1
+>>>Titel
+Test
+>>>Kurztext
+>>>Text
+Short.
+>>>Langtext
+>>>Text
+Long.
+>>>Stichworte
+Keyword1, Keyword2
+>>>Checkliste
+Question 1?
+Question 2?
+"""
+        test_file = self.create_test_file(test_content)
+
+        try:
+            out = StringIO()
+            call_command(
+                'import-document',
+                test_file,
+                '--nummer', 'TEST-VERBOSE',
+                '--name', 'Verbose Test',
+                '--dokumententyp', 'IT-Sicherheit',
+                '--dry-run',
+                '--verbose',
+                stdout=out
+            )
+
+            output = out.getvalue()
+            self.assertIn('[DRY RUN] Einleitung Abschnitt', output)
+            self.assertIn('[DRY RUN] Would create Vorgabe 1', output)
+            self.assertIn('Stichworte: Keyword1, Keyword2', output)
+            self.assertIn('Checkliste: Question 1?', output)
+            self.assertIn('Checkliste: Question 2?', output)
+            self.assertIn('Kurztext', output)
+            self.assertIn('Langtext', output)
+
+        finally:
+            os.unlink(test_file)
+
+    def test_purge_deletes_existing_content(self):
+        """Test that --purge deletes existing content before import"""
+        test_content = """>>>Vorgabe Organisation
+>>>Nummer 1
+>>>Titel
+New Requirement
+>>>Kurztext
+>>>Text
+New text.
+"""
+        test_file = self.create_test_file(test_content)
+
+        try:
+            # First import
+            call_command(
+                'import-document',
+                test_file,
+                '--nummer', 'TEST-PURGE',
+                '--name', 'Purge Test',
+                '--dokumententyp', 'IT-Sicherheit'
+            )
+
+            dokument = Dokument.objects.get(nummer='TEST-PURGE')
+            self.assertEqual(Vorgabe.objects.filter(dokument=dokument).count(), 1)
+
+            # Second import with different content and --purge
+            test_content_2 = """>>>Vorgabe Technik
+>>>Nummer 2
+>>>Titel
+Replacement Requirement
+>>>Kurztext
+>>>Text
+Replacement text.
+"""
+            test_file_2 = self.create_test_file(test_content_2)
+
+            try:
+                out = StringIO()
+                call_command(
+                    'import-document',
+                    test_file_2,
+                    '--nummer', 'TEST-PURGE',
+                    '--name', 'Purge Test',
+                    '--dokumententyp', 'IT-Sicherheit',
+                    '--purge',
+                    stdout=out
+                )
+
+                # Old Vorgabe should be deleted, only new one exists
+                vorgaben = Vorgabe.objects.filter(dokument=dokument)
+                self.assertEqual(vorgaben.count(), 1)
+                self.assertEqual(vorgaben.first().nummer, 2)
+                self.assertEqual(vorgaben.first().thema, self.thema_technik)
+
+                output = out.getvalue()
+                self.assertIn('Purged', output)
+
+            finally:
+                os.unlink(test_file_2)
+
+        finally:
+            os.unlink(test_file)
+
+    def test_purge_dry_run_shows_what_would_be_deleted(self):
+        """Test that --purge with --dry-run shows deletion counts"""
+        test_content = """>>>Vorgabe Organisation
+>>>Nummer 1
+>>>Titel
+Original
+>>>Kurztext
+>>>Text
+Text.
+"""
+        test_file = self.create_test_file(test_content)
+
+        try:
+            # First import to create data
+            call_command(
+                'import-document',
+                test_file,
+                '--nummer', 'TEST-PURGE-DRY',
+                '--name', 'Purge Dry Test',
+                '--dokumententyp', 'IT-Sicherheit'
+            )
+
+            # Dry run with purge
+            out = StringIO()
+            call_command(
+                'import-document',
+                test_file,
+                '--nummer', 'TEST-PURGE-DRY',
+                '--name', 'Purge Dry Test',
+                '--dokumententyp', 'IT-Sicherheit',
+                '--purge',
+                '--dry-run',
+                stdout=out
+            )
+
+            output = out.getvalue()
+            self.assertIn('[DRY RUN] Would purge:', output)
+            self.assertIn('1 Vorgaben', output)
+
+        finally:
+            os.unlink(test_file)
+
+    def test_header_normalization(self):
+        """Test that headers with hyphens are normalized correctly"""
+        test_content = """>>>geltungsbereich
+>>>Liste-ungeordnet
+Item 1
+Item 2
+Item 3
+"""
+        test_file = self.create_test_file(test_content)
+
+        try:
+            call_command(
+                'import-document',
+                test_file,
+                '--nummer', 'TEST-NORM',
+                '--name', 'Normalization Test',
+                '--dokumententyp', 'IT-Sicherheit'
+            )
+
+            dokument = Dokument.objects.get(nummer='TEST-NORM')
+            geltungsbereich = Geltungsbereich.objects.get(geltungsbereich=dokument)
+
+            # Should have normalized "Liste-ungeordnet" to "liste ungeordnet"
+            self.assertEqual(geltungsbereich.abschnitttyp, self.liste_ungeordnet_typ)
+
+        finally:
+            os.unlink(test_file)
+
+    def test_missing_file_raises_error(self):
+        """Test that missing file raises CommandError"""
+        with self.assertRaises(CommandError) as cm:
+            call_command(
+                'import-document',
+                '/nonexistent/file.txt',
+                '--nummer', 'TEST-ERR',
+                '--name', 'Error Test',
+                '--dokumententyp', 'IT-Sicherheit'
+            )
+        self.assertIn('does not exist', str(cm.exception))
+
+    def test_missing_dokumententyp_raises_error(self):
+        """Test that missing Dokumententyp raises CommandError"""
+        test_content = """>>>geltungsbereich
+>>>text
+Text.
+"""
+        test_file = self.create_test_file(test_content)
+
+        try:
+            with self.assertRaises(CommandError) as cm:
+                call_command(
+                    'import-document',
+                    test_file,
+                    '--nummer', 'TEST-ERR',
+                    '--name', 'Error Test',
+                    '--dokumententyp', 'NonExistentType'
+                )
+            self.assertIn('does not exist', str(cm.exception))
+
+        finally:
+            os.unlink(test_file)
+
+    def test_missing_thema_skips_vorgabe(self):
+        """Test that missing Thema causes Vorgabe to be skipped with warning"""
+        test_content = """>>>Vorgabe NonExistentThema
+>>>Nummer 1
+>>>Titel
+Test
+>>>Kurztext
+>>>Text
+Text.
+"""
+        test_file = self.create_test_file(test_content)
+
+        try:
+            out = StringIO()
+            call_command(
+                'import-document',
+                test_file,
+                '--nummer', 'TEST-SKIP',
+                '--name', 'Skip Test',
+                '--dokumententyp', 'IT-Sicherheit',
+                stdout=out
+            )
+
+            dokument = Dokument.objects.get(nummer='TEST-SKIP')
+            # Vorgabe should NOT be created
+            self.assertEqual(Vorgabe.objects.filter(dokument=dokument).count(), 0)
+
+            output = out.getvalue()
+            self.assertIn('not found, skipping Vorgabe', output)
+
+        finally:
+            os.unlink(test_file)
+
+    def test_missing_abschnitttyp_defaults_to_text(self):
+        """Test that missing AbschnittTyp defaults to 'text' with warning"""
+        # Delete all but text type
+        AbschnittTyp.objects.exclude(abschnitttyp='text').delete()
+
+        test_content = """>>>geltungsbereich
+>>>liste geordnet
+Item 1
+"""
+        test_file = self.create_test_file(test_content)
+
+        try:
+            out = StringIO()
+            call_command(
+                'import-document',
+                test_file,
+                '--nummer', 'TEST-DEFAULT',
+                '--name', 'Default Test',
+                '--dokumententyp', 'IT-Sicherheit',
+                stdout=out
+            )
+
+            dokument = Dokument.objects.get(nummer='TEST-DEFAULT')
+            geltungsbereich = Geltungsbereich.objects.get(geltungsbereich=dokument)
+
+            # Should default to 'text' type
+            self.assertEqual(geltungsbereich.abschnitttyp.abschnitttyp, 'text')
+
+            output = out.getvalue()
+            self.assertIn("not found; defaulting to 'text'", output)
+
+        finally:
+            os.unlink(test_file)
+
+    def test_inline_titel(self):
+        """Test that inline title (on same line as header) is parsed"""
+        test_content = """>>>Vorgabe Organisation
+>>>Nummer 1
+>>>Titel Inline Title Here
+>>>Kurztext
+>>>Text
+Text.
+"""
+        test_file = self.create_test_file(test_content)
+
+        try:
+            call_command(
+                'import-document',
+                test_file,
+                '--nummer', 'TEST-INLINE',
+                '--name', 'Inline Test',
+                '--dokumententyp', 'IT-Sicherheit'
+            )
+
+            dokument = Dokument.objects.get(nummer='TEST-INLINE')
+            vorgabe = Vorgabe.objects.get(dokument=dokument)
+            self.assertEqual(vorgabe.titel, 'Inline Title Here')
+
+        finally:
+            os.unlink(test_file)
+
+    def test_inline_stichworte(self):
+        """Test that inline Stichworte (on same line as header) are parsed"""
+        test_content = """>>>Vorgabe Organisation
+>>>Nummer 1
+>>>Titel Test
+>>>Stichworte Security, Testing, Compliance
+>>>Kurztext
+>>>Text
+Text.
+"""
+        test_file = self.create_test_file(test_content)
+
+        try:
+            call_command(
+                'import-document',
+                test_file,
+                '--nummer', 'TEST-INLINE-STW',
+                '--name', 'Inline Stichwort Test',
+                '--dokumententyp', 'IT-Sicherheit'
+            )
+
+            dokument = Dokument.objects.get(nummer='TEST-INLINE-STW')
+            vorgabe = Vorgabe.objects.get(dokument=dokument)
+            stichworte = {s.stichwort for s in vorgabe.stichworte.all()}
+            self.assertEqual(stichworte, {'Security', 'Testing', 'Compliance'})
+
+        finally:
+            os.unlink(test_file)
+
+    def test_gueltigkeit_dates(self):
+        """Test that validity dates are set correctly"""
+        test_content = """>>>geltungsbereich
+>>>text
+Scope.
+"""
+        test_file = self.create_test_file(test_content)
+
+        try:
+            call_command(
+                'import-document',
+                test_file,
+                '--nummer', 'TEST-DATES',
+                '--name', 'Date Test',
+                '--dokumententyp', 'IT-Sicherheit',
+                '--gueltigkeit_von', '2024-01-01',
+                '--gueltigkeit_bis', '2024-12-31'
+            )
+
+            dokument = Dokument.objects.get(nummer='TEST-DATES')
+            self.assertEqual(str(dokument.gueltigkeit_von), '2024-01-01')
+            self.assertEqual(str(dokument.gueltigkeit_bis), '2024-12-31')
+
+        finally:
+            os.unlink(test_file)
+
+    def test_existing_document_updates(self):
+        """Test that importing to existing document number shows warning"""
+        test_content = """>>>geltungsbereich
+>>>text
+First version.
+"""
+        test_file = self.create_test_file(test_content)
+
+        try:
+            # First import
+            out = StringIO()
+            call_command(
+                'import-document',
+                test_file,
+                '--nummer', 'TEST-EXISTS',
+                '--name', 'Existing Test',
+                '--dokumententyp', 'IT-Sicherheit',
+                stdout=out
+            )
+
+            output1 = out.getvalue()
+            self.assertIn('Created Document TEST-EXISTS', output1)
+
+            # Second import with same number
+            out2 = StringIO()
+            call_command(
+                'import-document',
+                test_file,
+                '--nummer', 'TEST-EXISTS',
+                '--name', 'Existing Test',
+                '--dokumententyp', 'IT-Sicherheit',
+                stdout=out2
+            )
+
+            output2 = out2.getvalue()
+            self.assertIn('already exists', output2)
+
+        finally:
+            os.unlink(test_file)
+
+    def test_multiple_kurztext_sections(self):
+        """Test Vorgabe with multiple Kurztext sections"""
+        test_content = """>>>Vorgabe Organisation
+>>>Nummer 1
+>>>Titel Multiple Sections
+>>>Kurztext
+>>>Text
+First kurztext section.
+>>>Liste ungeordnet
+Item A
+Item B
+>>>Langtext
+>>>Text
+Langtext.
+"""
+        test_file = self.create_test_file(test_content)
+
+        try:
+            call_command(
+                'import-document',
+                test_file,
+                '--nummer', 'TEST-MULTI',
+                '--name', 'Multi Section Test',
+                '--dokumententyp', 'IT-Sicherheit'
+            )
+
+            dokument = Dokument.objects.get(nummer='TEST-MULTI')
+            vorgabe = Vorgabe.objects.get(dokument=dokument)
+            kurztext_sections = VorgabeKurztext.objects.filter(abschnitt=vorgabe).order_by('id')
+
+            self.assertEqual(kurztext_sections.count(), 2)
+            self.assertEqual(kurztext_sections[0].abschnitttyp.abschnitttyp, 'text')
+            self.assertEqual(kurztext_sections[1].abschnitttyp.abschnitttyp, 'liste ungeordnet')
+
+        finally:
+            os.unlink(test_file)
+
+    def test_empty_file(self):
+        """Test importing an empty file"""
+        test_content = ""
+        test_file = self.create_test_file(test_content)
+
+        try:
+            out = StringIO()
+            call_command(
+                'import-document',
+                test_file,
+                '--nummer', 'TEST-EMPTY',
+                '--name', 'Empty Test',
+                '--dokumententyp', 'IT-Sicherheit',
+                stdout=out
+            )
+
+            dokument = Dokument.objects.get(nummer='TEST-EMPTY')
+            # Document created but no content
+            self.assertEqual(Einleitung.objects.filter(einleitung=dokument).count(), 0)
+            self.assertEqual(Geltungsbereich.objects.filter(geltungsbereich=dokument).count(), 0)
+            self.assertEqual(Vorgabe.objects.filter(dokument=dokument).count(), 0)
+
+            output = out.getvalue()
+            self.assertIn('with 0 Vorgaben', output)
+
+        finally:
+            os.unlink(test_file)
+
+    def test_unicode_content(self):
+        """Test that Unicode characters (German umlauts, etc.) are handled correctly"""
+        test_content = """>>>Einleitung
+>>>text
+Übersicht über die Sicherheitsanforderungen für IT-Systeme.
+
+>>>Vorgabe Organisation
+>>>Nummer 1
+>>>Titel
+Überprüfung der Systemkonfiguration
+>>>Kurztext
+>>>Text
+Die Konfiguration muss regelmäßig überprüft werden.
+>>>Stichworte
+Überprüfung, Sicherheit, Qualität
+"""
+        test_file = self.create_test_file(test_content)
+
+        try:
+            call_command(
+                'import-document',
+                test_file,
+                '--nummer', 'TEST-UNICODE',
+                '--name', 'Unicode Test',
+                '--dokumententyp', 'IT-Sicherheit'
+            )
+
+            dokument = Dokument.objects.get(nummer='TEST-UNICODE')
+
+            # Check Einleitung
+            einleitung = Einleitung.objects.get(einleitung=dokument)
+            self.assertIn('Übersicht', einleitung.inhalt)
+
+            # Check Vorgabe
+            vorgabe = Vorgabe.objects.get(dokument=dokument)
+            self.assertEqual(vorgabe.titel, 'Überprüfung der Systemkonfiguration')
+
+            # Check Kurztext
+            kurztext = VorgabeKurztext.objects.get(abschnitt=vorgabe)
+            self.assertIn('regelmäßig', kurztext.inhalt)
+
+            # Check Stichworte
+            stichworte = {s.stichwort for s in vorgabe.stichworte.all()}
+            self.assertIn('Überprüfung', stichworte)
+
+        finally:
+            os.unlink(test_file)
+
+    def test_context_switching(self):
+        """Test that context switches correctly between sections"""
+        test_content = """>>>Einleitung
+>>>text
+Intro text 1.
+>>>text
+Intro text 2.
+
+>>>geltungsbereich
+>>>text
+Scope text 1.
+>>>text
+Scope text 2.
+
+>>>Vorgabe Organisation
+>>>Nummer 1
+>>>Titel Test
+>>>Kurztext
+>>>text
+Kurztext 1.
+>>>text
+Kurztext 2.
+>>>Langtext
+>>>text
+Langtext 1.
+"""
+        test_file = self.create_test_file(test_content)
+
+        try:
+            call_command(
+                'import-document',
+                test_file,
+                '--nummer', 'TEST-CONTEXT',
+                '--name', 'Context Test',
+                '--dokumententyp', 'IT-Sicherheit'
+            )
+
+            dokument = Dokument.objects.get(nummer='TEST-CONTEXT')
+
+            # Check Einleitung has 2 sections
+            einleitung = Einleitung.objects.filter(einleitung=dokument)
+            self.assertEqual(einleitung.count(), 2)
+
+            # Check Geltungsbereich has 2 sections
+            geltungsbereich = Geltungsbereich.objects.filter(geltungsbereich=dokument)
+            self.assertEqual(geltungsbereich.count(), 2)
+
+            # Check Vorgabe has correct Kurztext and Langtext counts
+            vorgabe = Vorgabe.objects.get(dokument=dokument)
+            kurztext = VorgabeKurztext.objects.filter(abschnitt=vorgabe)
+            langtext = VorgabeLangtext.objects.filter(abschnitt=vorgabe)
+            self.assertEqual(kurztext.count(), 2)
+            self.assertEqual(langtext.count(), 1)
+
+        finally:
+            os.unlink(test_file)
+
+    def test_real_world_example(self):
+        """Test importing the real r009.txt example document"""
+        # Use the actual example file
+        example_file = Path(__file__).parent.parent / 'Documentation' / 'import formats' / 'r009.txt'
+
+        if not example_file.exists():
+            self.skipTest("r009.txt example file not found")
+
+        out = StringIO()
+        call_command(
+            'import-document',
+            str(example_file),
+            '--nummer', 'R009',
+            '--name', 'IT-Sicherheit Serversysteme',
+            '--dokumententyp', 'IT-Sicherheit',
+            stdout=out
+        )
+
+        dokument = Dokument.objects.get(nummer='R009')
+
+        # Check that Einleitung was created
+        self.assertGreater(Einleitung.objects.filter(einleitung=dokument).count(), 0)
+
+        # Check that Geltungsbereich was created
+        self.assertGreater(Geltungsbereich.objects.filter(geltungsbereich=dokument).count(), 0)
+
+        # Check that multiple Vorgaben were created (r009.txt has 23 Vorgaben)
+        vorgaben = Vorgabe.objects.filter(dokument=dokument)
+        self.assertGreaterEqual(vorgaben.count(), 20)
+
+        # Verify output message
+        output = out.getvalue()
+        self.assertIn('Imported document R009', output)

dokumente/urls.py

@@ -5,11 +5,13 @@ urlpatterns = [
     path('', views.standard_list, name='standard_list'),
     path('unvollstaendig/', views.incomplete_vorgaben, name='incomplete_vorgaben'),
     path('meine-kommentare/', views.user_comments, name='user_comments'),
+    path('alle-kommentare/', views.all_comments, name='all_comments'),
     path('<str:nummer>/', views.standard_detail, name='standard_detail'),
     path('<str:nummer>/history/<str:check_date>/', views.standard_detail),
     path('<str:nummer>/history/', views.standard_detail, {"check_date":"today"}, name='standard_history'),
     path('<str:nummer>/checkliste/', views.standard_checkliste, name='standard_checkliste'),
     path('<str:nummer>/json/', views.standard_json, name='standard_json'),
+    path('<str:nummer>/xml/', views.standard_xml, name='standard_xml'),
     path('comments/<int:vorgabe_id>/', views.get_vorgabe_comments, name='get_vorgabe_comments'),
     path('comments/<int:vorgabe_id>/add/', views.add_vorgabe_comment, name='add_vorgabe_comment'),
     path('comments/delete/<int:comment_id>/', views.delete_vorgabe_comment, name='delete_vorgabe_comment'),

dokumente/utils.py

@@ -1,7 +1,9 @@
 """
-Utility functions for Vorgaben sanity checking
+Utility functions for Vorgaben sanity checking and XML export
 """
 import datetime
+import xml.etree.ElementTree as ET
+import xml.dom.minidom
 from django.db.models import Count
 from itertools import combinations
 from dokumente.models import Vorgabe
@@ -121,3 +123,190 @@ def format_conflict_report(conflicts, verbose=False):
             lines.append(f"   Overlap starts: {overlap_start} (no end)")
 
     return "\n".join(lines)
+
+
+# XML Export utilities
+
+def parse_markdown_table(markdown_content):
+    """
+    Parse markdown table content and return XML element with <table><header><row><column> structure
+    """
+    lines = [line.strip() for line in markdown_content.strip().split('\n') if line.strip()]
+    if not lines:
+        return None
+
+    # Create table element
+    table = ET.Element('table')
+
+    # Parse first row as header
+    header_row = [cell.strip() for cell in lines[0].split('|') if cell.strip()]
+    header = ET.SubElement(table, 'header')
+    for cell in header_row:
+        column = ET.SubElement(header, 'column')
+        column.text = cell
+
+    # Parse remaining rows (skip separator row if it exists)
+    for line in lines[2:] if len(lines) > 1 and all(c in '-| ' for c in lines[1]) else lines[1:]:
+        # Check if this is a separator row
+        if all(c in '-| ' for c in line):
+            continue
+
+        row = ET.SubElement(table, 'row')
+        row_cells = [cell.strip() for cell in line.split('|') if cell.strip()]
+        for cell in row_cells:
+            column = ET.SubElement(row, 'column')
+            column.text = cell
+
+    return table
+
+
+def prettify_xml(xml_string):
+    """
+    Prettify XML string with proper indentation
+    """
+    dom = xml.dom.minidom.parseString(xml_string)
+    return dom.toprettyxml(indent="  ", encoding="UTF-8").decode('utf-8')
+
+
+def build_dokument_xml_element(dokument, parent_element):
+    """
+    Build XML element for a single Dokument and append it to parent_element.
+
+    Args:
+        dokument: Dokument instance (should be prefetched with related data)
+        parent_element: Parent XML element to append to
+
+    Returns:
+        The created document element
+    """
+    doc_element = ET.SubElement(parent_element, 'Vorgabendokument')
+
+    ET.SubElement(doc_element, 'Typ').text = dokument.dokumententyp.name if dokument.dokumententyp else ""
+    ET.SubElement(doc_element, 'Nummer').text = dokument.nummer
+    ET.SubElement(doc_element, 'Name').text = dokument.name
+
+    autoren_element = ET.SubElement(doc_element, 'Autoren')
+    for autor in dokument.autoren.all():
+        ET.SubElement(autoren_element, 'Autor').text = autor.name
+
+    pruefende_element = ET.SubElement(doc_element, 'Pruefende')
+    for pruefender in dokument.pruefende.all():
+        ET.SubElement(pruefende_element, 'Pruefender').text = pruefender.name
+
+    gueltigkeit_element = ET.SubElement(doc_element, 'Gueltigkeit')
+    ET.SubElement(gueltigkeit_element, 'Von').text = dokument.gueltigkeit_von.strftime("%Y-%m-%d") if dokument.gueltigkeit_von else ""
+    ET.SubElement(gueltigkeit_element, 'Bis').text = dokument.gueltigkeit_bis.strftime("%Y-%m-%d") if dokument.gueltigkeit_bis else None
+
+    ET.SubElement(doc_element, 'SignaturCSO').text = dokument.signatur_cso
+
+    geltungsbereich_sections = dokument.geltungsbereich_set.all().order_by('order')
+    if geltungsbereich_sections:
+        geltungsbereich_element = ET.SubElement(doc_element, 'Geltungsbereich')
+        for gb in geltungsbereich_sections:
+            section_type = gb.abschnitttyp.abschnitttyp if gb.abschnitttyp else "text"
+            if section_type in ('tabelle', 'table'):
+                table = parse_markdown_table(gb.inhalt)
+                if table is not None:
+                    abschnitt_element = ET.SubElement(geltungsbereich_element, 'Abschnitt')
+                    abschnitt_element.set('typ', section_type)
+                    abschnitt_element.append(table)
+            else:
+                abschnitt_element = ET.SubElement(geltungsbereich_element, 'Abschnitt')
+                abschnitt_element.set('typ', section_type)
+                abschnitt_element.text = gb.inhalt
+
+    einleitung_sections = dokument.einleitung_set.all().order_by('order')
+    if einleitung_sections:
+        einleitung_element = ET.SubElement(doc_element, 'Einleitung')
+        for ei in einleitung_sections:
+            section_type = ei.abschnitttyp.abschnitttyp if ei.abschnitttyp else "text"
+            if section_type in ('tabelle', 'table'):
+                table = parse_markdown_table(ei.inhalt)
+                if table is not None:
+                    abschnitt_element = ET.SubElement(einleitung_element, 'Abschnitt')
+                    abschnitt_element.set('typ', section_type)
+                    abschnitt_element.append(table)
+            else:
+                abschnitt_element = ET.SubElement(einleitung_element, 'Abschnitt')
+                abschnitt_element.set('typ', section_type)
+                abschnitt_element.text = ei.inhalt
+
+    ET.SubElement(doc_element, 'Ziel').text = ""
+    ET.SubElement(doc_element, 'Grundlagen').text = ""
+
+    changelog_element = ET.SubElement(doc_element, 'Changelog')
+    for cl in dokument.changelog.all().order_by('-datum'):
+        entry = ET.SubElement(changelog_element, 'Eintrag')
+        ET.SubElement(entry, 'Datum').text = cl.datum.strftime("%Y-%m-%d")
+        autoren = ET.SubElement(entry, 'Autoren')
+        for autor in cl.autoren.all():
+            ET.SubElement(autoren, 'Autor').text = autor.name
+        ET.SubElement(entry, 'Aenderung').text = cl.aenderung
+
+    anhaenge_element = ET.SubElement(doc_element, 'Anhaenge')
+    ET.SubElement(anhaenge_element, 'Anhang').text = dokument.anhaenge
+
+    ET.SubElement(doc_element, 'Verantwortlich').text = "Information Security Management BIT"
+    ET.SubElement(doc_element, 'Klassifizierung').text = ""
+
+    glossar_element = ET.SubElement(doc_element, 'Glossar')
+
+    vorgaben_element = ET.SubElement(doc_element, 'Vorgaben')
+
+    for vorgabe in dokument.vorgaben.all().order_by('order'):
+        vorgabe_el = ET.SubElement(vorgaben_element, 'Vorgabe')
+
+        ET.SubElement(vorgabe_el, 'Nummer').text = str(vorgabe.nummer)
+        ET.SubElement(vorgabe_el, 'Titel').text = vorgabe.titel
+        ET.SubElement(vorgabe_el, 'Thema').text = vorgabe.thema.name if vorgabe.thema else ""
+
+        kurztext_sections = vorgabe.vorgabekurztext_set.all().order_by('order')
+        if kurztext_sections:
+            kurztext_element = ET.SubElement(vorgabe_el, 'Kurztext')
+            for kt in kurztext_sections:
+                section_type = kt.abschnitttyp.abschnitttyp if kt.abschnitttyp else "text"
+                if section_type in ('tabelle', 'table'):
+                    table = parse_markdown_table(kt.inhalt)
+                    if table is not None:
+                        abschnitt = ET.SubElement(kurztext_element, 'Abschnitt')
+                        abschnitt.set('typ', section_type)
+                        abschnitt.append(table)
+                else:
+                    abschnitt = ET.SubElement(kurztext_element, 'Abschnitt')
+                    abschnitt.set('typ', section_type)
+                    abschnitt.text = kt.inhalt
+
+        langtext_sections = vorgabe.vorgabelangtext_set.all().order_by('order')
+        if langtext_sections:
+            langtext_element = ET.SubElement(vorgabe_el, 'Langtext')
+            for lt in langtext_sections:
+                section_type = lt.abschnitttyp.abschnitttyp if lt.abschnitttyp else "text"
+                if section_type in ('tabelle', 'table'):
+                    table = parse_markdown_table(lt.inhalt)
+                    if table is not None:
+                        abschnitt = ET.SubElement(langtext_element, 'Abschnitt')
+                        abschnitt.set('typ', section_type)
+                        abschnitt.append(table)
+                else:
+                    abschnitt = ET.SubElement(langtext_element, 'Abschnitt')
+                    abschnitt.set('typ', section_type)
+                    abschnitt.text = lt.inhalt
+
+        referenz_element = ET.SubElement(vorgabe_el, 'Referenzen')
+        for ref in vorgabe.referenzen.all():
+            ref_text = f"{ref.name_nummer}: {ref.name_text}" if ref.name_text else ref.name_nummer
+            ET.SubElement(referenz_element, 'Referenz').text = ref_text
+
+        vorgabe_gueltigkeit = ET.SubElement(vorgabe_el, 'Gueltigkeit')
+        ET.SubElement(vorgabe_gueltigkeit, 'Von').text = vorgabe.gueltigkeit_von.strftime("%Y-%m-%d") if vorgabe.gueltigkeit_von else ""
+        ET.SubElement(vorgabe_gueltigkeit, 'Bis').text = vorgabe.gueltigkeit_bis.strftime("%Y-%m-%d") if vorgabe.gueltigkeit_bis else None
+
+        checklistenfragen_element = ET.SubElement(vorgabe_el, 'Checklistenfragen')
+        for cf in vorgabe.checklistenfragen.all():
+            ET.SubElement(checklistenfragen_element, 'Frage').text = cf.frage
+
+        stichworte_element = ET.SubElement(vorgabe_el, 'Stichworte')
+        for stw in vorgabe.stichworte.all():
+            ET.SubElement(stichworte_element, 'Stichwort').text = stw.stichwort
+
+    return doc_element

dokumente/views.py

@@ -1,13 +1,15 @@
 from django.shortcuts import render, get_object_or_404
 from django.contrib.auth.decorators import login_required, user_passes_test
-from django.http import JsonResponse
+from django.http import JsonResponse, HttpResponse
 from django.core.serializers.json import DjangoJSONEncoder
 from django.views.decorators.http import require_POST
 from django.views.decorators.csrf import csrf_exempt
 from django.utils.html import escape, mark_safe
 from django.utils.safestring import SafeString
 import json
+import xml.etree.ElementTree as ET
 from .models import Dokument, Vorgabe, VorgabeKurztext, VorgabeLangtext, Checklistenfrage, VorgabeComment
+from .utils import build_dokument_xml_element, prettify_xml
 from abschnitte.utils import render_textabschnitte
 
 from datetime import date
@@ -29,9 +31,11 @@ def standard_detail(request, nummer,check_date=""):
     if check_date:
         check_date = calendar.parseDT(check_date)[0].date()
         standard.history = True
+        standard.is_future = check_date > date.today()
     else:
         check_date = date.today()
         standard.history = False
+        standard.is_future = False
     standard.check_date=check_date
     vorgaben = list(standard.vorgaben.order_by("thema","nummer").select_related("thema","dokument"))  # convert queryset to list so we can attach attributes
 
@@ -252,6 +256,37 @@ def standard_json(request, nummer):
     return JsonResponse(doc_data, json_dumps_params={'indent': 2, 'ensure_ascii': False}, encoder=DjangoJSONEncoder)
 
 
+def standard_xml(request, nummer):
+    """
+    Export a single Dokument as XML
+    """
+    # Get the document with all related data
+    dokument = get_object_or_404(
+        Dokument.objects.prefetch_related(
+            'autoren', 'pruefende', 'vorgaben__thema',
+            'vorgaben__referenzen', 'vorgaben__stichworte',
+            'vorgaben__checklistenfragen', 'vorgaben__vorgabekurztext_set',
+            'vorgaben__vorgabelangtext_set', 'geltungsbereich_set',
+            'einleitung_set', 'changelog__autoren'
+        ),
+        nummer=nummer
+    )
+
+    # Create a temporary root element to build the document
+    root = ET.Element('root')
+    build_dokument_xml_element(dokument, root)
+
+    # Get the actual document element (first child of root)
+    doc_element = root[0]
+
+    xml_str = ET.tostring(doc_element, encoding='unicode', method='xml')
+    xml_output = prettify_xml(xml_str)
+
+    response = HttpResponse(xml_output, content_type='application/xml; charset=utf-8')
+    response['Content-Disposition'] = f'attachment; filename="{dokument.nummer}.xml"'
+    return response
+
+
 @login_required
 def get_vorgabe_comments(request, vorgabe_id):
     """Get comments for a specific Vorgabe"""
@@ -392,3 +427,31 @@ def user_comments(request):
         'comments_by_document': comments_by_document,
         'total_comments': user_comments.count(),
     })
+
+
+@login_required
+@user_passes_test(is_staff_user)
+def all_comments(request):
+    """
+    Display all comments from all users, grouped by document.
+    Staff only.
+    """
+    # Get all comments
+    all_comments_qs = VorgabeComment.objects.select_related(
+        'vorgabe', 'vorgabe__dokument', 'user'
+    ).order_by(
+        'vorgabe__dokument__nummer', '-created_at'
+    )
+    
+    # Group comments by document
+    comments_by_document = {}
+    for comment in all_comments_qs:
+        dokument = comment.vorgabe.dokument
+        if dokument not in comments_by_document:
+            comments_by_document[dokument] = []
+        comments_by_document[dokument].append(comment)
+    
+    return render(request, 'standards/all_comments.html', {
+        'comments_by_document': comments_by_document,
+        'total_comments': all_comments_qs.count(),
+    })

k8s/deployment.yaml

@@ -25,7 +25,7 @@ spec:
               mountPath: /data
       containers:
          - name: web
-          image: docker.io/adebaumann/vui:0.917
+           image: docker.io/adebaumann/vui:0.918
           imagePullPolicy: Always
           ports:
             - containerPort: 8000

k8s/django-deployment-example.yaml

@@ -0,0 +1,52 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: vgui-cicd-django
+  namespace: vorgabenui
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: vgui-cicd-django
+  template:
+    metadata:
+      labels:
+        app: vgui-cicd-django
+    spec:
+      containers:
+      - name: django
+        image: your-django-image:latest
+        ports:
+        - containerPort: 8000
+        env:
+        # Django SECRET_KEY from Kubernetes secret
+        - name: VORGABENUI_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: vorgabenui-secrets
+              key: vorgabenui_secret
+        # Other environment variables can be added here
+        - name: DEBUG
+          value: "False"
+        # Add database configuration, etc.
+        resources:
+          requests:
+            memory: "256Mi"
+            cpu: "250m"
+          limits:
+            memory: "512Mi"
+            cpu: "500m"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: vgui-cicd-django-service
+  namespace: vorgabenui
+spec:
+  selector:
+    app: vgui-cicd-django
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: 8000
+  type: ClusterIP

k8s/django-secret.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vorgabenui-secrets
+  namespace: vorgabenui
+type: Opaque
+data:
+  # Base64 encoded SECRET_KEY - will be populated by deployment script
+  vorgabenui_secret: ""

pages/templates/400.html

@@ -0,0 +1,16 @@
+{% extends "base.html" %}
+
+{% block title %}Ungültige Anfrage{% endblock %}
+
+{% block content %}
+<div class="row">
+  <div class="col-md-12">
+    <div class="alert alert-warning">
+      <h2><i class="icon icon--alert"></i> Ungültige Anfrage (400)</h2>
+      <p>Ihre Anfrage konnte nicht verarbeitet werden.</p>
+      <p>Bitte überprüfen Sie die eingegebenen Daten und versuchen Sie es erneut.</p>
+      <p><a href="/" class="btn btn-primary">Zur Startseite</a></p>
+    </div>
+  </div>
+</div>
+{% endblock %}

pages/templates/403.html

@@ -0,0 +1,21 @@
+{% extends "base.html" %}
+
+{% block title %}Zugriff verweigert{% endblock %}
+
+{% block content %}
+<div class="row">
+  <div class="col-md-12">
+    <div class="alert alert-warning">
+      <h2><i class="icon icon--alert"></i> Zugriff verweigert (403)</h2>
+      <p>Sie haben keine Berechtigung, auf diese Seite zuzugreifen.</p>
+      <p>Bitte melden Sie sich an oder wenden Sie sich an den Administrator.</p>
+      <p>
+        <a href="/" class="btn btn-primary">Zur Startseite</a>
+        {% if not user.is_authenticated %}
+        <a href="{% url 'login' %}" class="btn btn-secondary">Anmelden</a>
+        {% endif %}
+      </p>
+    </div>
+  </div>
+</div>
+{% endblock %}

pages/templates/404.html

@@ -0,0 +1,21 @@
+{% extends "base.html" %}
+
+{% block title %}Seite nicht gefunden{% endblock %}
+
+{% block content %}
+<div class="row">
+  <div class="col-md-12">
+    <div class="alert alert-danger">
+      <h2><i class="icon icon--alert"></i> Seite nicht gefunden (404)</h2>
+      <p>Die gewünschte Seite konnte nicht gefunden werden.</p>
+      <p>Mögliche Gründe:</p>
+      <ul>
+        <li>Sie haben eine falsche URL eingegeben</li>
+        <li>Die Seite wurde verschoben oder gelöscht</li>
+        <li>Sie haben keine Berechtigung für diese Seite</li>
+      </ul>
+      <p><a href="/" class="btn btn-primary">Zur Startseite</a></p>
+    </div>
+  </div>
+</div>
+{% endblock %}

pages/templates/500.html

@@ -0,0 +1,16 @@
+{% extends "base.html" %}
+
+{% block title %}Serverfehler{% endblock %}
+
+{% block content %}
+<div class="row">
+  <div class="col-md-12">
+    <div class="alert alert-danger">
+      <h2><i class="icon icon--alert"></i> Serverfehler (500)</h2>
+      <p>Bei der Verarbeitung Ihrer Anfrage ist ein interner Fehler aufgetreten.</p>
+      <p>Der Administrator wurde über dieses Problem informiert.</p>
+      <p><a href="/" class="btn btn-primary">Zur Startseite</a></p>
+    </div>
+  </div>
+</div>
+{% endblock %}

pages/templates/base.html

@@ -53,6 +53,9 @@
         </a>
          <ul class="dropdown-menu dropdown-menu-right" role="menu">
             <li><a href="{% url 'user_comments' %}">Meine Kommentare</a></li>
+            {% if user.is_staff %}
+            <li><a href="{% url 'all_comments' %}">Alle Kommentare</a></li>
+            {% endif %}
             <li><a href="{% url 'password_change' %}">Passwort ändern</a></li>
             <li class="divider"></li>
             <li>
@@ -103,7 +106,7 @@
                   <li><a href="/dokumente">Standards</a></li>
                   {% if user.is_staff %}
                   <li><a href="/dokumente/unvollstaendig/">Unvollständig</a></li>
-                  <li><a href="/autorenumgebung/">Autorenumgebung</a></li>
+                  <li><a href="/autorenumgebung/">Autor</a></li>
                   {% endif %}
                   <li><a href="/referenzen">Referenzen</a></li>
                   <li><a href="/stichworte">Stichworte</a></li>
@@ -134,7 +137,7 @@
         <a href="/dokumente/unvollstaendig/">Unvollständig</a>
       </li>
       <li class="dropdown {% if 'autorenumgebung' in request.path %}current{% endif %}">
-        <a href="/autorenumgebung/">Autorenumgebung</a>
+        <a href="/autorenumgebung/">Autor</a>
       </li>
       {% endif %}
       <li class="dropdown {% if 'referenzen' in request.path %}current{% endif %}">
@@ -216,7 +219,7 @@
           </p>
         </div>
         <div class="col-sm-6 text-right">
-          <p class="text-muted">Version {{ version|default:"0.963" }}</p>
+           <p class="text-muted">Version {{ version|default:"0.980" }}</p>
          </div>
       </div>
     </div>

pages/views.py

@@ -69,3 +69,15 @@ def search(request):
 
         return render(request,"results.html",{"suchbegriff":safe_search_term,"resultat":result})
 
+def custom_400(request, exception):
+    return render(request, '400.html', status=400)
+
+def custom_403(request, exception):
+    return render(request, '403.html', status=403)
+
+def custom_404(request, exception):
+    return render(request, '404.html', status=404)
+
+def custom_500(request):
+    return render(request, '500.html', status=500)
+

requirements.txt

@@ -5,7 +5,7 @@ certifi==2025.8.3
 charset-normalizer==3.4.3
 curtsies==0.4.3
 cwcwidth==0.1.10
-Django==5.2.8
+Django==5.2.9
 django-admin-sortable2==2.2.8
 django-js-asset==3.1.2
 django-mptt==0.17.0
@@ -30,7 +30,8 @@ pyxdg==0.28
 requests==2.32.5
 six==1.17.0
 sqlparse==0.5.3
-urllib3==2.5.0
+urllib3==2.6.3
 wcwidth==0.2.13
 bleach==6.1.0
 coverage==7.6.1
+whitenoise==6.8.2

scripts/deploy-argocd-configmap.sh

@@ -0,0 +1,216 @@
+#!/bin/bash
+
+# deploy-argocd-configmap.sh
+# Script to deploy Django ConfigMap to vorgabenui namespace for ArgoCD
+
+set -euo pipefail
+
+# ArgoCD-specific configuration (hardcoded for consistency)
+NAMESPACE="vorgabenui"
+CONFIGMAP_NAME="django-config"
+SCRIPT_DIR="$(dirname "$0")"
+ARGOCD_DIR="$SCRIPT_DIR/../argocd"
+CONFIGMAP_FILE="$ARGOCD_DIR/configmap.yaml"
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Logging functions
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+log_warn() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+log_step() {
+    echo -e "${BLUE}[STEP]${NC} $1"
+}
+
+# Function to check if kubectl is available
+check_kubectl() {
+    if ! command -v kubectl &> /dev/null; then
+        log_error "kubectl is not installed or not in PATH"
+        exit 1
+    fi
+}
+
+# Function to check if configmap file exists
+check_configmap_file() {
+    if [ ! -f "$CONFIGMAP_FILE" ]; then
+        log_error "ConfigMap file not found: $CONFIGMAP_FILE"
+        log_error "Expected ArgoCD ConfigMap file at: $CONFIGMAP_FILE"
+        exit 1
+    fi
+}
+
+# Function to deploy the configmap
+deploy_configmap() {
+    log_step "Deploying ConfigMap '$CONFIGMAP_NAME' to namespace '$NAMESPACE'..."
+    
+    kubectl apply -f "$CONFIGMAP_FILE"
+    
+    if [ $? -eq 0 ]; then
+        log_info "Successfully deployed ConfigMap '$CONFIGMAP_NAME'"
+        return 0
+    else
+        log_error "Failed to deploy ConfigMap '$CONFIGMAP_NAME'"
+        return 1
+    fi
+}
+
+# Function to verify the configmap
+verify_configmap() {
+    log_step "Verifying ConfigMap deployment..."
+    
+    if kubectl get configmap "$CONFIGMAP_NAME" --namespace="$NAMESPACE" &> /dev/null; then
+        log_info "✅ ConfigMap '$CONFIGMAP_NAME' exists in namespace '$NAMESPACE'"
+        
+        echo ""
+        log_info "ConfigMap details:"
+        kubectl describe configmap "$CONFIGMAP_NAME" --namespace="$NAMESPACE"
+        
+        echo ""
+        log_info "ConfigMap data:"
+        kubectl get configmap "$CONFIGMAP_NAME" --namespace="$NAMESPACE" -o yaml | grep -A 20 "^data:"
+        
+        return 0
+    else
+        log_error "❌ ConfigMap '$CONFIGMAP_NAME' not found in namespace '$NAMESPACE'"
+        return 1
+    fi
+}
+
+# Function to show usage
+show_usage() {
+    echo "ArgoCD ConfigMap Deployment Script for VorgabenUI"
+    echo ""
+    echo "Usage: $0 [OPTIONS]"
+    echo ""
+    echo "This script deploys Django configuration to the vorgabenui namespace for ArgoCD."
+    echo ""
+    echo "Options:"
+    echo "  -h, --help                   Show this help message"
+    echo "  --verify-only               Only verify existing ConfigMap, don't deploy"
+    echo "  --dry-run                   Show what would be deployed without applying"
+    echo ""
+    echo "Configuration (hardcoded for ArgoCD):"
+    echo "  Namespace: $NAMESPACE"
+    echo "  ConfigMap Name: $CONFIGMAP_NAME"
+    echo "  ConfigMap File: $CONFIGMAP_FILE"
+    echo ""
+    echo "Examples:"
+    echo "  $0                          # Deploy ConfigMap"
+    echo "  $0 --verify-only           # Verify existing ConfigMap"
+    echo "  $0 --dry-run               # Preview deployment"
+    echo ""
+    echo "Note: Run this before deploying the ArgoCD deployment to ensure configuration is available."
+}
+
+# Parse command line arguments
+VERIFY_ONLY=false
+DRY_RUN=false
+
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        --verify-only)
+            VERIFY_ONLY=true
+            shift
+            ;;
+        --dry-run)
+            DRY_RUN=true
+            shift
+            ;;
+        -h|--help)
+            show_usage
+            exit 0
+            ;;
+        *)
+            log_error "Unknown option: $1"
+            show_usage
+            exit 1
+            ;;
+    esac
+done
+
+# Main execution
+main() {
+    echo ""
+    log_info "🚀 ArgoCD Django ConfigMap Deployment Script"
+    log_info "============================================"
+    echo ""
+    log_info "Target Configuration:"
+    log_info "  Namespace: $NAMESPACE"
+    log_info "  ConfigMap Name: $CONFIGMAP_NAME"
+    log_info "  ConfigMap File: $CONFIGMAP_FILE"
+    echo ""
+    
+    # Perform checks
+    log_step "Performing pre-flight checks..."
+    check_kubectl
+    check_configmap_file
+    log_info "✅ All pre-flight checks passed"
+    echo ""
+    
+    # Verify-only mode
+    if [ "$VERIFY_ONLY" = true ]; then
+        log_info "🔍 Verify-only mode - checking existing ConfigMap"
+        verify_configmap
+        exit $?
+    fi
+    
+    # Dry-run mode
+    if [ "$DRY_RUN" = true ]; then
+        log_info "🔍 Dry-run mode - showing what would be deployed:"
+        echo ""
+        log_info "ConfigMap content that would be deployed:"
+        cat "$CONFIGMAP_FILE"
+        echo ""
+        log_info "Would run: kubectl apply -f $CONFIGMAP_FILE"
+        echo ""
+        log_info "Run without --dry-run to execute the deployment"
+        exit 0
+    fi
+    
+    # Create namespace if it doesn't exist
+    if ! kubectl get namespace "$NAMESPACE" &> /dev/null; then
+        log_warn "Namespace '$NAMESPACE' does not exist, creating..."
+        kubectl create namespace "$NAMESPACE"
+        log_info "✅ Created namespace '$NAMESPACE'"
+    fi
+    
+    # Deploy the ConfigMap
+    if deploy_configmap; then
+        echo ""
+        # Verify deployment
+        verify_configmap
+        echo ""
+        
+        log_info "🎉 ConfigMap deployment completed successfully!"
+        echo ""
+        log_info "📋 Next steps:"
+        log_info "1. Deploy the secret (if not already done):"
+        echo "    ./scripts/deploy-argocd-secret.sh"
+        echo ""
+        log_info "2. Apply the updated deployment:"
+        echo "    kubectl apply -f argocd/deployment.yaml"
+        echo ""
+        log_info "3. Verify Django pods start with proper configuration"
+        echo ""
+    else
+        log_error "ConfigMap deployment failed"
+        exit 1
+    fi
+}
+
+# Run main function
+main

scripts/deploy-argocd-secret.sh

@@ -0,0 +1,311 @@
+#!/bin/bash
+
+# deploy-argocd-secret.sh
+# ArgoCD-specific script to generate and deploy Django SECRET_KEY to vorgabenui namespace
+
+set -euo pipefail
+
+# ArgoCD-specific configuration (hardcoded for consistency)
+NAMESPACE="vorgabenui"
+SECRET_NAME="vorgabenui-secrets"
+SECRET_KEY_NAME="vorgabenui_secret"
+SCRIPT_DIR="$(dirname "$0")"
+ARGOCD_DIR="$SCRIPT_DIR/../argocd"
+TEMPLATES_DIR="$SCRIPT_DIR/../templates"
+SECRET_TEMPLATE="$TEMPLATES_DIR/secret.yaml"
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Logging functions
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+log_warn() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+log_step() {
+    echo -e "${BLUE}[STEP]${NC} $1"
+}
+
+# Function to generate a secure Django SECRET_KEY
+generate_secret_key() {
+    # Generate a 50-character secret key using Python (same as Django's default)
+    python3 -c "
+import secrets
+import string
+
+# Django-style secret key generation
+chars = string.ascii_letters + string.digits + '!@#$%^&*(-_=+)'
+print(''.join(secrets.choice(chars) for _ in range(50)))
+"
+}
+
+# Function to check if kubectl is available
+check_kubectl() {
+    if ! command -v kubectl &> /dev/null; then
+        log_error "kubectl is not installed or not in PATH"
+        exit 1
+    fi
+}
+
+# Function to check if Python3 is available
+check_python() {
+    if ! command -v python3 &> /dev/null; then
+        log_error "python3 is not installed or not in PATH"
+        exit 1
+    fi
+}
+
+# Function to check if secret template exists
+check_template() {
+    if [ ! -f "$SECRET_TEMPLATE" ]; then
+        # Fallback to argocd directory if templates directory doesn't exist
+        FALLBACK_TEMPLATE="$ARGOCD_DIR/secret.yaml"
+        if [ -f "$FALLBACK_TEMPLATE" ]; then
+            SECRET_TEMPLATE="$FALLBACK_TEMPLATE"
+            log_warn "Using fallback template: $SECRET_TEMPLATE"
+        else
+            log_error "Secret template not found at either:"
+            log_error "  Primary: $TEMPLATES_DIR/secret.yaml"
+            log_error "  Fallback: $FALLBACK_TEMPLATE"
+            exit 1
+        fi
+    fi
+}
+
+# Function to create the secret
+create_secret() {
+    local secret_key="$1"
+    
+    log_step "Creating Kubernetes secret '$SECRET_NAME' in namespace '$NAMESPACE'..."
+    
+    # Create the secret directly with kubectl (this will create or update)
+    kubectl create secret generic "$SECRET_NAME" \
+        --from-literal="$SECRET_KEY_NAME=$secret_key" \
+        --namespace="$NAMESPACE" \
+        --dry-run=client -o yaml | kubectl apply -f -
+    
+    if [ $? -eq 0 ]; then
+        log_info "Successfully created/updated secret '$SECRET_NAME'"
+        return 0
+    else
+        log_error "Failed to create/update secret '$SECRET_NAME'"
+        return 1
+    fi
+}
+
+# Function to verify the secret
+verify_secret() {
+    log_step "Verifying secret deployment..."
+    
+    if kubectl get secret "$SECRET_NAME" --namespace="$NAMESPACE" &> /dev/null; then
+        log_info "✅ Secret '$SECRET_NAME' exists in namespace '$NAMESPACE'"
+        
+        # Show secret metadata (without revealing the actual key)
+        echo ""
+        log_info "Secret details:"
+        kubectl describe secret "$SECRET_NAME" --namespace="$NAMESPACE" | grep -E "^(Name|Namespace|Type|Data)"
+        
+        # Verify the key exists in the secret
+        if kubectl get secret "$SECRET_NAME" --namespace="$NAMESPACE" -o jsonpath="{.data.$SECRET_KEY_NAME}" &> /dev/null; then
+            log_info "✅ Secret key '$SECRET_KEY_NAME' is present in the secret"
+            return 0
+        else
+            log_error "❌ Secret key '$SECRET_KEY_NAME' not found in secret"
+            return 1
+        fi
+    else
+        log_error "❌ Secret '$SECRET_NAME' not found in namespace '$NAMESPACE'"
+        return 1
+    fi
+}
+
+# Function to test secret in pod (if deployment exists)
+test_secret_in_pod() {
+    log_step "Testing secret accessibility in Django deployment..."
+    
+    # Check if Django deployment exists
+    if kubectl get deployment django --namespace="$NAMESPACE" &> /dev/null; then
+        log_info "Django deployment found, testing secret access..."
+        
+        # Try to get the secret value from a pod (this will fail if env var not configured)
+        local pod_name
+        pod_name=$(kubectl get pods -l app=django --namespace="$NAMESPACE" -o jsonpath="{.items[0].metadata.name}" 2>/dev/null)
+        
+        if [ -n "$pod_name" ] && [ "$pod_name" != "" ]; then
+            log_info "Testing secret in pod: $pod_name"
+            if kubectl exec "$pod_name" --namespace="$NAMESPACE" -- printenv VORGABENUI_SECRET &> /dev/null; then
+                log_info "✅ VORGABENUI_SECRET environment variable is accessible in pod"
+            else
+                log_warn "⚠️ VORGABENUI_SECRET environment variable not found in pod"
+                log_warn "   This is expected if the deployment hasn't been updated yet"
+            fi
+        else
+            log_warn "⚠️ No running Django pods found"
+        fi
+    else
+        log_info "Django deployment not found - secret will be available when deployment is updated"
+    fi
+}
+
+# Function to show usage
+show_usage() {
+    echo "ArgoCD Secret Deployment Script for VorgabenUI"
+    echo ""
+    echo "Usage: $0 [OPTIONS]"
+    echo ""
+    echo "This script deploys Django SECRET_KEY to the vorgabenui namespace for ArgoCD."
+    echo ""
+    echo "Options:"
+    echo "  -h, --help                   Show this help message"
+    echo "  --verify-only               Only verify existing secret, don't create new one"
+    echo "  --dry-run                   Show what would be done without making changes"
+    echo ""
+    echo "Configuration (hardcoded for ArgoCD):"
+    echo "  Namespace: $NAMESPACE"
+    echo "  Secret Name: $SECRET_NAME"
+    echo "  Secret Key: $SECRET_KEY_NAME"
+    echo "  Template: $SECRET_TEMPLATE"
+    echo ""
+    echo "Examples:"
+    echo "  $0                          # Generate and deploy new secret"
+    echo "  $0 --verify-only           # Verify existing secret"
+    echo "  $0 --dry-run               # Preview changes"
+    echo ""
+    echo "After running this script, update argocd/deployment.yaml to reference the secret."
+}
+
+# Parse command line arguments
+VERIFY_ONLY=false
+DRY_RUN=false
+
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        --verify-only)
+            VERIFY_ONLY=true
+            shift
+            ;;
+        --dry-run)
+            DRY_RUN=true
+            shift
+            ;;
+        -h|--help)
+            show_usage
+            exit 0
+            ;;
+        *)
+            log_error "Unknown option: $1"
+            show_usage
+            exit 1
+            ;;
+    esac
+done
+
+# Main execution
+main() {
+    echo ""
+    log_info "🚀 ArgoCD Django SECRET_KEY Deployment Script"
+    log_info "============================================="
+    echo ""
+    log_info "Target Configuration:"
+    log_info "  Namespace: $NAMESPACE"
+    log_info "  Secret Name: $SECRET_NAME"
+    log_info "  Secret Key Name: $SECRET_KEY_NAME"
+    echo ""
+    
+    # Perform checks
+    log_step "Performing pre-flight checks..."
+    check_kubectl
+    check_python
+    check_template
+    log_info "✅ All pre-flight checks passed"
+    echo ""
+    
+    # Verify-only mode
+    if [ "$VERIFY_ONLY" = true ]; then
+        log_info "🔍 Verify-only mode - checking existing secret"
+        verify_secret
+        test_secret_in_pod
+        exit $?
+    fi
+    
+    # Generate new secret key
+    log_step "Generating new Django SECRET_KEY..."
+    SECRET_KEY=$(generate_secret_key)
+    
+    if [ -z "$SECRET_KEY" ]; then
+        log_error "Failed to generate secret key"
+        exit 1
+    fi
+    
+    log_info "✅ Generated secret key (first 10 chars): ${SECRET_KEY:0:10}..."
+    echo ""
+    
+    # Dry-run mode
+    if [ "$DRY_RUN" = true ]; then
+        log_info "🔍 Dry-run mode - showing what would be done:"
+        echo ""
+        log_info "Would create secret with the following command:"
+        echo "  kubectl create secret generic $SECRET_NAME \\"
+        echo "    --from-literal=$SECRET_KEY_NAME='[GENERATED_KEY]' \\"
+        echo "    --namespace=$NAMESPACE \\"
+        echo "    --dry-run=client -o yaml | kubectl apply -f -"
+        echo ""
+        log_info "Secret key would be: ${SECRET_KEY:0:10}...${SECRET_KEY: -5}"
+        echo ""
+        log_info "Run without --dry-run to execute the deployment"
+        exit 0
+    fi
+    
+    # Create namespace if it doesn't exist
+    if ! kubectl get namespace "$NAMESPACE" &> /dev/null; then
+        log_warn "Namespace '$NAMESPACE' does not exist, creating..."
+        kubectl create namespace "$NAMESPACE"
+        log_info "✅ Created namespace '$NAMESPACE'"
+    fi
+    
+    # Create the secret
+    if create_secret "$SECRET_KEY"; then
+        echo ""
+        # Verify deployment
+        verify_secret
+        echo ""
+        test_secret_in_pod
+        echo ""
+        
+        log_info "🎉 Secret deployment completed successfully!"
+        echo ""
+        log_info "📋 Next steps:"
+        log_info "1. Update argocd/deployment.yaml to include environment variable:"
+        echo ""
+        echo "    env:"
+        echo "    - name: VORGABENUI_SECRET"
+        echo "      valueFrom:"
+        echo "        secretKeyRef:"
+        echo "          name: $SECRET_NAME"
+        echo "          key: $SECRET_KEY_NAME"
+        echo ""
+        log_info "2. Apply the updated deployment:"
+        echo "    kubectl apply -f argocd/deployment.yaml"
+        echo ""
+        log_info "3. Verify Django pods restart and pick up the new secret"
+        echo ""
+    else
+        log_error "Secret deployment failed"
+        exit 1
+    fi
+}
+
+# Run main function
+main

scripts/deploy-django-secret.sh

@@ -0,0 +1,201 @@
+#!/bin/bash
+
+# deploy-django-secret.sh
+# Script to generate a secure Django SECRET_KEY and deploy it to Kubernetes
+
+set -euo pipefail
+
+# Configuration
+NAMESPACE="${NAMESPACE:-vorgabenui}"
+SECRET_NAME="vorgabenui-secrets"
+SECRET_KEY_NAME="vorgabenui_secret"
+K8S_DIR="$(dirname "$0")/../k8s"
+SECRET_YAML="$K8S_DIR/django-secret.yaml"
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+# Logging functions
+log_info() {
+    echo -e "${GREEN}[INFO]${NC} $1"
+}
+
+log_warn() {
+    echo -e "${YELLOW}[WARN]${NC} $1"
+}
+
+log_error() {
+    echo -e "${RED}[ERROR]${NC} $1"
+}
+
+# Function to generate a secure Django SECRET_KEY
+generate_secret_key() {
+    # Generate a 50-character secret key using Python (same as Django's default)
+    python3 -c "
+import secrets
+import string
+
+# Django-style secret key generation
+chars = string.ascii_letters + string.digits + '!@#$%^&*(-_=+)'
+print(''.join(secrets.choice(chars) for _ in range(50)))
+"
+}
+
+# Function to check if kubectl is available
+check_kubectl() {
+    if ! command -v kubectl &> /dev/null; then
+        log_error "kubectl is not installed or not in PATH"
+        exit 1
+    fi
+}
+
+# Function to check if Python3 is available
+check_python() {
+    if ! command -v python3 &> /dev/null; then
+        log_error "python3 is not installed or not in PATH"
+        exit 1
+    fi
+}
+
+# Function to create the secret
+create_secret() {
+    local secret_key="$1"
+    local encoded_key
+    
+    # Base64 encode the secret key
+    encoded_key=$(echo -n "$secret_key" | base64 -w 0)
+    
+    log_info "Creating Kubernetes secret '$SECRET_NAME' in namespace '$NAMESPACE'..."
+    
+    # Create the secret directly with kubectl
+    kubectl create secret generic "$SECRET_NAME" \
+        --from-literal="$SECRET_KEY_NAME=$secret_key" \
+        --namespace="$NAMESPACE" \
+        --dry-run=client -o yaml | kubectl apply -f -
+    
+    if [ $? -eq 0 ]; then
+        log_info "Successfully created/updated secret '$SECRET_NAME'"
+    else
+        log_error "Failed to create/update secret '$SECRET_NAME'"
+        exit 1
+    fi
+}
+
+# Function to verify the secret
+verify_secret() {
+    log_info "Verifying secret deployment..."
+    
+    if kubectl get secret "$SECRET_NAME" --namespace="$NAMESPACE" &> /dev/null; then
+        log_info "Secret '$SECRET_NAME' exists in namespace '$NAMESPACE'"
+        
+        # Show secret (without revealing the actual key)
+        kubectl describe secret "$SECRET_NAME" --namespace="$NAMESPACE"
+        return 0
+    else
+        log_error "Secret '$SECRET_NAME' not found in namespace '$NAMESPACE'"
+        return 1
+    fi
+}
+
+# Function to show usage
+show_usage() {
+    echo "Usage: $0 [OPTIONS]"
+    echo ""
+    echo "Options:"
+    echo "  -n, --namespace NAMESPACE    Kubernetes namespace (default: vorgabenui)"
+    echo "  -s, --secret-name NAME       Secret name (default: django-secrets)"
+    echo "  -k, --key-name NAME          Secret key name (default: django-secret-key)"
+    echo "  -h, --help                   Show this help message"
+    echo ""
+    echo "Environment variables:"
+    echo "  NAMESPACE                    Override default namespace"
+    echo ""
+    echo "Examples:"
+    echo "  $0                           # Deploy to vorgabenui namespace"
+    echo "  $0 -n production             # Deploy to production namespace"
+    echo "  NAMESPACE=staging $0         # Deploy to staging namespace"
+}
+
+# Parse command line arguments
+while [[ $# -gt 0 ]]; do
+    case $1 in
+        -n|--namespace)
+            NAMESPACE="$2"
+            shift 2
+            ;;
+        -s|--secret-name)
+            SECRET_NAME="$2"
+            shift 2
+            ;;
+        -k|--key-name)
+            SECRET_KEY_NAME="$2"
+            shift 2
+            ;;
+        -h|--help)
+            show_usage
+            exit 0
+            ;;
+        *)
+            log_error "Unknown option: $1"
+            show_usage
+            exit 1
+            ;;
+    esac
+done
+
+# Main execution
+main() {
+    log_info "Django SECRET_KEY Deployment Script"
+    log_info "==================================="
+    log_info "Namespace: $NAMESPACE"
+    log_info "Secret Name: $SECRET_NAME"
+    log_info "Secret Key Name: $SECRET_KEY_NAME"
+    echo ""
+    
+    # Perform checks
+    check_kubectl
+    check_python
+    
+    # Generate new secret key
+    log_info "Generating new Django SECRET_KEY..."
+    SECRET_KEY=$(generate_secret_key)
+    
+    if [ -z "$SECRET_KEY" ]; then
+        log_error "Failed to generate secret key"
+        exit 1
+    fi
+    
+    log_info "Generated secret key (first 10 chars): ${SECRET_KEY:0:10}..."
+    
+    # Create namespace if it doesn't exist
+    if ! kubectl get namespace "$NAMESPACE" &> /dev/null; then
+        log_warn "Namespace '$NAMESPACE' does not exist, creating..."
+        kubectl create namespace "$NAMESPACE"
+    fi
+    
+    # Create the secret
+    create_secret "$SECRET_KEY"
+    
+    # Verify deployment
+    verify_secret
+    
+    echo ""
+    log_info "Deployment completed successfully!"
+    log_info "To use this secret in your Django deployment, add the following to your pod spec:"
+    echo ""
+    echo "    env:"
+    echo "    - name: VORGABENUI_SECRET"
+    echo "      valueFrom:"
+    echo "        secretKeyRef:"
+    echo "          name: $SECRET_NAME"
+    echo "          key: $SECRET_KEY_NAME"
+    echo ""
+    log_warn "The old secret key in settings.py has been replaced with environment variable lookup."
+    log_warn "Make sure your Django deployment uses the environment variable before deploying."
+}
+
+# Run main function
+main

scripts/deploy_secret.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+# Generate and deploy Django secret key to Kubernetes
+
+NAMESPACE="vorgabenui"
+SECRET_NAME="django-secret"
+SECRET_FILE="argocd/secret.yaml"
+
+# Check if secret file exists
+if [ ! -f "$SECRET_FILE" ]; then
+    echo "Error: $SECRET_FILE not found"
+    exit 1
+fi
+
+# Generate random secret key
+SECRET_KEY=$(python3 -c "import secrets; print(secrets.token_urlsafe(50))")
+
+# Create temporary secret file with generated key
+TEMP_SECRET_FILE=$(mktemp)
+cat "$SECRET_FILE" | sed "s/CHANGE_ME_TO_RANDOM_STRING/$SECRET_KEY/g" > "$TEMP_SECRET_FILE"
+
+# Check if secret already exists
+if kubectl get secret "$SECRET_NAME" -n "$NAMESPACE" &>/dev/null; then
+    echo "Secret $SECRET_NAME already exists in namespace $NAMESPACE"
+    read -p "Do you want to replace it? (y/N): " -n 1 -r
+    echo
+    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
+        echo "Aborted"
+        rm "$TEMP_SECRET_FILE"
+        exit 0
+    fi
+    kubectl apply -f "$TEMP_SECRET_FILE"
+    echo "Secret updated successfully"
+else
+    kubectl apply -f "$TEMP_SECRET_FILE"
+    echo "Secret created successfully"
+fi
+
+# Clean up
+rm "$TEMP_SECRET_FILE"
+
+echo ""
+echo "Secret deployed:"
+echo "  Name: $SECRET_NAME"
+echo "  Namespace: $NAMESPACE"
+echo "  Key: secret-key"

scripts/full_deploy.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+# Full deployment script - bumps both container versions by 0.001 and copies database
+
+DEPLOYMENT_FILE="argocd/deployment.yaml"
+DB_SOURCE="data/db.sqlite3"
+DB_DEST="data-loader/preload.sqlite3"
+
+# Check if deployment file exists
+if [ ! -f "$DEPLOYMENT_FILE" ]; then
+    echo "Error: $DEPLOYMENT_FILE not found"
+    exit 1
+fi
+
+# Check if source database exists
+if [ ! -f "$DB_SOURCE" ]; then
+    echo "Error: $DB_SOURCE not found"
+    exit 1
+fi
+
+# Extract current version of data-loader
+LOADER_VERSION=$(grep -E "image: git.baumann.gr/adebaumann/vgui-data-loader:[0-9]" "$DEPLOYMENT_FILE" | sed -E 's/.*:([0-9.]+)/\1/')
+
+# Extract current version of main container
+MAIN_VERSION=$(grep -E "image: git.baumann.gr/adebaumann/vgui:[0-9]" "$DEPLOYMENT_FILE" | grep -v "data-loader" | sed -E 's/.*:([0-9.]+)/\1/')
+
+if [ -z "$LOADER_VERSION" ] || [ -z "$MAIN_VERSION" ]; then
+    echo "Error: Could not find current versions"
+    exit 1
+fi
+
+# Calculate new versions (add 0.001), preserve leading zero
+NEW_LOADER_VERSION=$(echo "$LOADER_VERSION + 0.001" | bc | sed 's/^\./0./')
+NEW_MAIN_VERSION=$(echo "$MAIN_VERSION + 0.001" | bc | sed 's/^\./0./')
+
+# Update the deployment file
+sed -i "s|image: git.baumann.gr/adebaumann/labhelper-data-loader:$LOADER_VERSION|image: git.baumann.gr/adebaumann/labhelper-data-loader:$NEW_LOADER_VERSION|" "$DEPLOYMENT_FILE"
+sed -i "s|image: git.baumann.gr/adebaumann/labhelper:$MAIN_VERSION|image: git.baumann.gr/adebaumann/labhelper:$NEW_MAIN_VERSION|" "$DEPLOYMENT_FILE"
+
+# Copy database
+cp "$DB_SOURCE" "$DB_DEST"
+
+echo "Full deployment prepared:"
+echo "  Data loader: $LOADER_VERSION -> $NEW_LOADER_VERSION"
+echo "  Main container: $MAIN_VERSION -> $NEW_MAIN_VERSION"
+echo "  Database copied to $DB_DEST"

scripts/partial_deploy.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+# Partial deployment script - bumps main container version by 0.001
+
+DEPLOYMENT_FILE="argocd/deployment.yaml"
+
+# Check if file exists
+if [ ! -f "$DEPLOYMENT_FILE" ]; then
+    echo "Error: $DEPLOYMENT_FILE not found"
+    exit 1
+fi
+
+# Extract current version of main container (labhelper, not labhelper-data-loader)
+CURRENT_VERSION=$(grep -E "image: git.baumann.gr/adebaumann/vui:[0-9]" "$DEPLOYMENT_FILE" | grep -v "data-loader" | sed -E 's/.*:([0-9.]+)/\1/')
+
+if [ -z "$CURRENT_VERSION" ]; then
+    echo "Error: Could not find current version"
+    exit 1
+fi
+
+# Calculate new version (add 0.001), preserve leading zero
+NEW_VERSION=$(echo "$CURRENT_VERSION + 0.001" | bc | sed 's/^\./0./')
+
+# Update the deployment file (only the main container, not the data-loader)
+sed -i "s|image: git.baumann.gr/adebaumann/vui:$CURRENT_VERSION|image: git.baumann.gr/adebaumann/vui:$NEW_VERSION|" "$DEPLOYMENT_FILE"
+
+echo "Partial deployment prepared:"
+echo "  Main container: $CURRENT_VERSION -> $NEW_VERSION"

templates/configmap.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: django-config
+  namespace: vorgabenui
+data:
+  # Django Configuration
+  DEBUG: "false"
+  DJANGO_ALLOWED_HOSTS: "vorgabenportal.knowyoursecurity.com,localhost,127.0.0.1"
+  DJANGO_SETTINGS_MODULE: "VorgabenUI.settings"
+  
+  # Application Configuration
+  LANGUAGE_CODE: "de-ch"
+  TIME_ZONE: "UTC"
+  
+  # Static and Media Configuration  
+  STATIC_URL: "/static/"
+  MEDIA_URL: "/media/"
+  
+  # Database Configuration (for future use)
+  # DATABASE_ENGINE: "django.db.backends.sqlite3"
+  # DATABASE_NAME: "/app/data/db.sqlite3"
+  
+  # Security Configuration
+  # CSRF_TRUSTED_ORIGINS: "https://vorgabenportal.knowyoursecurity.com"
+  
+  # Performance Configuration
+  # DATA_UPLOAD_MAX_NUMBER_FIELDS: "10250"

templates/secret.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vorgabenui-secrets
+  namespace: vorgabenui
+type: Opaque
+data:
+  # Base64 encoded SECRET_KEY - populated by deployment script
+  # This is a TEMPLATE FILE in templates/ directory - not deployed by ArgoCD
+  vorgabenui_secret: ""