feat: Multi-User/Admin usermanagement + Galaxy Login/Settings + Task detail improvements

- Backend: NEW AdminController with user CRUD (GET/POST/DELETE /api/v1/admin/users)
- Backend: NEW GET /api/dashboard/tasks/{id} single task endpoint
- Backend: NEW POST /api/dashboard/tasks/{id}/activity comment endpoint
- Backend: IUserRepository + UserRepository extended with GetAllAsync, DeleteAsync
- Backend: Admin DTOs (AdminUserInfo, AdminCreateUserRequest, AdminUpdateRoleRequest)
- Frontend: NEW TaskDetailView.vue — URL-based (/tasks/:id) Galaxy-themed task detail
  with subtask create/edit/delete, activity with comments, property sidebar
- Frontend: LoginView.vue — полностью Galaxy theme redesign with GalaxyBackground,
  glass-morphism card, password toggle, consistent brand
- Frontend: SettingsView.vue — Galaxy theme redesign with glass cards,
  admin user management section (create/list users, visible only to owner role)
- Frontend: TaskBoardView.vue — added "Full View" link to URL-based detail page
- Frontend: Router — added /tasks/:id route for TaskDetailView
- Frontend: App.vue — added TaskDetail to standaloneViews whitelist
- Frontend: tasks store — stable

Auth: Admin creates accounts, users log in with existing /api/v1/auth/login.
Login/Settings deliver visible Galaxy-consistent design with nexus-tokens.css tokens.

backend/Controllers/AdminController.cs

@@ -0,0 +1,144 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+using Nexus.Api.Data;
+using Nexus.Api.DTOs;
+using Nexus.Api.Repositories;
+using Nexus.Api.Services;
+
+namespace Nexus.Api.Controllers;
+
+[ApiController]
+[Route("api/v1/admin")]
+[Authorize(Roles = "owner")]
+public class AdminController(
+    IUserRepository userRepository,
+    ILogger<AdminController> logger) : ControllerBase
+{
+    /// <summary>
+    /// List all registered users.
+    /// </summary>
+    [HttpGet("users")]
+    public async Task<IResult> GetUsers(CancellationToken ct)
+    {
+        var users = await userRepository.GetAllAsync(ct);
+        var result = users.Select(u => new AdminUserInfo
+        {
+            Id = u.Id,
+            Email = u.Email,
+            DisplayName = u.DisplayName,
+            Role = u.Role,
+            CreatedAt = u.CreatedAt,
+            LastLoginAt = u.LastLoginAt,
+        }).ToList();
+        return Results.Ok(result);
+    }
+
+    /// <summary>
+    /// Create a new user account (admin only).
+    /// Email muss eindeutig sein, Passwort mindestens 10 Zeichen.
+    /// </summary>
+    [HttpPost("users")]
+    public async Task<IResult> CreateUser([FromBody] AdminCreateUserRequest request, CancellationToken ct)
+    {
+        if (string.IsNullOrWhiteSpace(request.Email) || string.IsNullOrWhiteSpace(request.Password))
+            return Results.ValidationProblem(new Dictionary<string, string[]>
+            {
+                ["request"] = ["Email and password are required."]
+            });
+
+        if (request.Password.Length < 10)
+            return Results.ValidationProblem(new Dictionary<string, string[]>
+            {
+                ["password"] = ["Password must be at least 10 characters."]
+            });
+
+        var normalizedEmail = AuthService.NormalizeEmail(request.Email);
+        var existing = await userRepository.GetByEmailAsync(normalizedEmail, ct);
+        if (existing is not null)
+            return Results.Conflict(new { error = "A user with this email already exists." });
+
+        var user = new NexusUser
+        {
+            Email = request.Email.Trim(),
+            NormalizedEmail = normalizedEmail,
+            DisplayName = string.IsNullOrWhiteSpace(request.DisplayName)
+                ? request.Email.Split('@')[0]
+                : request.DisplayName.Trim(),
+            PasswordHash = PasswordSecurity.Hash(request.Password),
+            Role = string.IsNullOrWhiteSpace(request.Role) ? "user" : request.Role.Trim().ToLowerInvariant(),
+        };
+
+        await userRepository.AddAsync(user, ct);
+        logger.LogInformation("Admin created user {Email} with role {Role}", user.Email, user.Role);
+
+        return Results.Created($"/api/v1/admin/users/{user.Id}", new AdminUserInfo
+        {
+            Id = user.Id,
+            Email = user.Email,
+            DisplayName = user.DisplayName,
+            Role = user.Role,
+            CreatedAt = user.CreatedAt,
+        });
+    }
+
+    /// <summary>
+    /// Delete a user account (admin only, cannot delete owner).
+    /// </summary>
+    [HttpDelete("users/{id:guid}")]
+    public async Task<IResult> DeleteUser(Guid id, CancellationToken ct)
+    {
+        var user = await userRepository.GetByIdAsync(id, ct);
+        if (user is null)
+            return Results.NotFound(new { error = "User not found." });
+
+        if (string.Equals(user.Role, "owner", StringComparison.OrdinalIgnoreCase))
+            return Results.Forbid();
+
+        await userRepository.DeleteAsync(user, ct);
+        logger.LogInformation("Admin deleted user {Email}", user.Email);
+        return Results.NoContent();
+    }
+
+    /// <summary>
+    /// Update a user's role (admin only, cannot change owner role).
+    /// </summary>
+    [HttpPatch("users/{id:guid}/role")]
+    public async Task<IResult> UpdateUserRole(Guid id, [FromBody] AdminUpdateRoleRequest request, CancellationToken ct)
+    {
+        if (string.IsNullOrWhiteSpace(request.Role))
+            return Results.ValidationProblem(new Dictionary<string, string[]>
+            {
+                ["role"] = ["Role is required."]
+            });
+
+        var validRoles = new[] { "owner", "admin", "user", "viewer" };
+        if (!validRoles.Contains(request.Role.ToLowerInvariant()))
+            return Results.ValidationProblem(new Dictionary<string, string[]>
+            {
+                ["role"] = ["Invalid role. Valid roles: owner, admin, user, viewer."]
+            });
+
+        var user = await userRepository.GetByIdAsync(id, ct);
+        if (user is null)
+            return Results.NotFound(new { error = "User not found." });
+
+        if (string.Equals(user.Role, "owner", StringComparison.OrdinalIgnoreCase))
+            return Results.Forbid();
+
+        user.Role = request.Role.Trim().ToLowerInvariant();
+        user.UpdatedAt = DateTimeOffset.UtcNow;
+        await userRepository.UpdateAsync(user, ct);
+        logger.LogInformation("Admin updated role for {Email} to {Role}", user.Email, user.Role);
+
+        return Results.Ok(new AdminUserInfo
+        {
+            Id = user.Id,
+            Email = user.Email,
+            DisplayName = user.DisplayName,
+            Role = user.Role,
+            CreatedAt = user.CreatedAt,
+            LastLoginAt = user.LastLoginAt,
+        });
+    }
+}

backend/Controllers/DashboardController.cs

@@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Nexus.Api.Data;
 using Nexus.Api.Models;
+using Nexus.Api.Repositories;
 using Nexus.Api.Services;
 
 namespace Nexus.Api.Controllers;
@@ -13,6 +14,7 @@ namespace Nexus.Api.Controllers;
 public class DashboardController(
     IDashboardService dashboardService,
     ITaskService taskService,
+    IActivityRepository activityService,
     IHttpContextAccessor httpContextAccessor) : ControllerBase
 {
     [HttpGet("status")]
@@ -239,6 +241,14 @@ public class DashboardController(
         return Ok(children.Select(MapToDto).ToList());
     }
 
+    [HttpGet("tasks/{id:guid}")]
+    public async Task<ActionResult<DashboardTaskDto>> GetTask(Guid id, CancellationToken ct)
+    {
+        var task = await taskService.GetByIdAsync(id, ct);
+        if (task is null) return NotFound(new { error = "Task not found." });
+        return Ok(MapToDto(task));
+    }
+
     [HttpGet("tasks/{id:guid}/activity")]
     public async Task<ActionResult<List<ActivityEvent>>> GetTaskActivity(Guid id, CancellationToken ct)
     {
@@ -246,14 +256,25 @@ public class DashboardController(
         return Ok(events);
     }
 
-    // ── Import ──
-
-    [HttpPost("tasks/import-from-iris-todo")]
-    public async Task<ActionResult<ImportResultDto>> ImportFromIrisTodo(
-        [FromQuery] bool delete = false, CancellationToken ct = default)
+    [HttpPost("tasks/{id:guid}/activity")]
+    public async Task<ActionResult<ActivityEvent>> PostTaskActivity(
+        Guid id, [FromBody] PostActivityRequest request, CancellationToken ct)
     {
-        var result = await taskService.ImportFromIrisTodoAsync(delete, ct);
-        return Ok(new ImportResultDto(result));
+        var task = await taskService.GetByIdAsync(id, ct);
+        if (task is null) return NotFound(new { error = "Task not found." });
+
+        if (string.IsNullOrWhiteSpace(request.Message))
+            return BadRequest(new { error = "Message is required." });
+
+        var ev = new ActivityEvent
+        {
+            Type = request.Type ?? "comment",
+            Message = request.Message.Trim(),
+            TaskId = id
+        };
+
+        await activityService.AddAsync(ev, ct);
+        return Created($"/api/dashboard/tasks/{id}/activity/{ev.Id}", ev);
     }
 
     private static DashboardTaskDto MapToDto(WorkTask t) => new(