josh/BarangaySystem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial: bootstrap from BukidBountyApp base

Browse Source
This commit is contained in:
Jonathan Sykes
2026-06-06 18:43:00 +08:00
commit eb4a5731fb
5674 changed files with 160857 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
docs/tasks/prompt-20260403-001700.md Normal file
View File

@@ -0,0 +1,38 @@
# Permission Verification Matrix & UI Testing Plan (103 Actions)
This document outlines the strategy for verifying the full role-based access control (RBAC) system, covering all **103 UserActions** across all established **UserTypes**.
## 🚀 Requirement Definition
Verify that every defined action in `App\Enums\UserActions` is correctly integrated into the permission system and that the UI correctly handles these permissions for different user roles (`ULTIMATE`, `SUPER_OPERATOR`, `OPERATOR`, `RIDER`, `POS_TERMINAL`, etc.).
## 🏗️ Technical Approach
### 1. Grouped Matrix (Reference)
| Action Group | ULTIMATE | SUPER_OP | OPERATOR | RIDER | POS_TER | USER |
| :--- | :---: | :---: | :---: | :---: | :---: | :---: |
| **All Actions** (103) | ✅ | Grouped | Grouped | Focused | Focused | Limited |
### 2. User Creation Strategy
To test systematically, we need a stable user for each role:
- All test users use password: `123123`
- Existing Ultimate: `777`
### 3. Verification Methodology
- **UI Element Presence**: Check if buttons/tabs corresponding to actions are visible.
- **Route Guarding**: Verify direct URL access (e.g., `/ultimate-console`) for unauthorized roles.
- **API Guarding**: Verify that the backend returns `401/403` when unauthorized user types hit specific endpoints.
- **Dropdown Filtering**: Specifically for `UserActions::CreateUser`, verify the role dropdown is filtered correctly.
## 📦 Key Affected Files
- `App\Enums\UserActions`: Definition of all 103 actions.
- `App\Http\Controllers\Helpers\Permissions\UserPermissions`: RBAC logic and roles assignment.
- `App\Http\Controllers\Support\VueRouteMap`: Page-level route protection.
- `resources/js/Pages/CreateUser.vue`: UI for role selection during user creation.
- `resources/js/Pages/Fragments/Home/HomeUltimate.vue`: Dashboard visibility logic.
## 🧪 Validation Criteria
- **Ultimate**: 100% action availability.
- **Super Operator**: Full management except system-level `ULTIMATE` actions.
- **Operator**: Operational management only.
- **Specialized Roles**: Access limited strictly to their functional domain.
- **Public**: Minimal read-only access (Marketplace only).