User-Löschen: Upgrade-Anfragen + Hund-Daten mit aufräumen (Admin + Self-Delete)

- admin.py delete_user: löscht jetzt auch Hund-zentrierte Daten (diary,
  health, training_sessions, training_streaks, expenses), dogs,
  upgrade_requests, push_subscriptions, notifications, forum_posts
  bevor der User-Row weg ist. Vorher: nur DELETE FROM users → Waisen in
  allen FK-Tabellen.
- profile.py delete_account: gleicher Cleanup-Set, vergisst jetzt
  upgrade_requests nicht mehr.
- admin.py Dashboard-Counter 'Zu Erledigen': JOIN users, damit
  verwaiste Anfragen nicht mehr im Header-Badge erscheinen (Liste
  selbst filtert sie schon korrekt via JOIN). Bump 1135→1136.

backend/routes/admin.py

@@ -136,8 +136,13 @@ async def action_items(user=Depends(require_mod)):
             "SELECT COUNT(*) FROM users WHERE DATE(created_at)=DATE('now')"
         ).fetchone()[0]
         try:
+            # JOIN mit users, damit verwaiste Anfragen von gelöschten Usern
+            # nicht mehr im „Zu Erledigen"-Counter auftauchen (Liste filtert
+            # das via JOIN bereits, der Counter tat es früher nicht).
             upgrades_pending = conn.execute(
-                "SELECT COUNT(*) FROM upgrade_requests WHERE fulfilled_at IS NULL"
+                "SELECT COUNT(*) FROM upgrade_requests r "
+                "JOIN users u ON u.id = r.user_id "
+                "WHERE r.fulfilled_at IS NULL"
             ).fetchone()[0]
         except Exception:
             upgrades_pending = 0
@@ -457,6 +462,20 @@ async def delete_user(uid: int, user=Depends(require_admin)):
             raise HTTPException(404, "User nicht gefunden.")
         if target["id"] == user["id"]:
             raise HTTPException(400, "Du kannst deinen eigenen Account nicht löschen.")
+        # Hund-zentrierte Daten zuerst löschen, sonst hängt der FK an der Hunde-ID
+        dog_ids = [r["id"] for r in conn.execute(
+            "SELECT id FROM dogs WHERE user_id=?", (uid,)).fetchall()]
+        for did in dog_ids:
+            conn.execute("DELETE FROM diary WHERE dog_id=?", (did,))
+            conn.execute("DELETE FROM health WHERE dog_id=?", (did,))
+            conn.execute("DELETE FROM training_sessions WHERE dog_id=?", (did,))
+            conn.execute("DELETE FROM training_streaks WHERE dog_id=?", (did,))
+            conn.execute("DELETE FROM expenses WHERE dog_id=?", (did,))
+        conn.execute("DELETE FROM dogs WHERE user_id=?", (uid,))
+        conn.execute("DELETE FROM upgrade_requests WHERE user_id=?", (uid,))
+        conn.execute("DELETE FROM push_subscriptions WHERE user_id=?", (uid,))
+        conn.execute("DELETE FROM notifications WHERE user_id=?", (uid,))
+        conn.execute("DELETE FROM forum_posts WHERE user_id=?", (uid,))
         conn.execute("DELETE FROM users WHERE id=?", (uid,))
         _audit(conn, user, "user_delete", f"user:{uid} ({target['name']})")
 

backend/routes/profile.py

@@ -164,6 +164,7 @@ async def delete_account(user=Depends(get_current_user)):
             conn.execute("DELETE FROM training_streaks WHERE dog_id=?", (did,))
             conn.execute("DELETE FROM expenses WHERE dog_id=?", (did,))
         conn.execute("DELETE FROM dogs WHERE user_id=?", (uid,))
+        conn.execute("DELETE FROM upgrade_requests WHERE user_id=?", (uid,))
         conn.execute("DELETE FROM push_subscriptions WHERE user_id=?", (uid,))
         conn.execute("DELETE FROM notifications WHERE user_id=?", (uid,))
         conn.execute("DELETE FROM forum_posts WHERE user_id=?", (uid,))