# Checklist: Systematic Permission Verification (103 Actions)

## Phase 1: Test Environment Setup (Using Tinker)
- [ ] Create test accounts for all roles if they do not exist:
    - **ULTIMATE**: `777` (already exists).
    - **SUPER_OPERATOR**: `test_super_op`
    - **OPERATOR**: `test_op`
    - **COORDINATOR**: `test_coord`
    - **RIDER**: `test_rider`
    - **POS_TERMINAL**: `test_pos`
    - **USER**: `test_user`
- [ ] Ensure all test accounts use the password: `123123`.

## Phase 2: Role-Based Verification (ULTIMATE - 777)
- [ ] **Auth**: Login to `777` with `123123`. Confirm success.
- [ ] **User Mgmt**: Navigate to `/user-list`. Verify full list of users is visible.
- [ ] **Action Group: Create User Checks**
    - [ ] Navigate to `/create-user`.
    - [ ] Verify dropdown includes `ULTIMATE`, `SUPER_OPERATOR`, `OPERATOR`, `RIDER`, etc.
    - [ ] Check if `CreateUserPOSTerminal` action is functional.
- [ ] **Action Group: Ultimate Tools Checks**
    - [ ] Navigate to `/ultimate-console`. Confirm it loads with full stats and maintenance toggles.

## Phase 3: Role-Based Verification (SUPER_OPERATOR)
- [ ] **Auth**: Login to `test_super_op`.
- [ ] **Blocking Check**: Access `/ultimate-console`. Confirm it redirects to `/`.
- [ ] **Action Group: Create User Checks**
    - [ ] Navigate to `/create-user`.
    - [ ] Verify `ULTIMATE` choice is NOT in the role dropdown.
    - [ ] Verify `SUPER_OPERATOR` and others are visible.
- [ ] **Logistics**: Access `/shipment-list`. Verify if they can see shipments.

## Phase 4: Role-Based Verification (OPERATOR)
- [ ] **Auth**: Login to `test_op`.
- [ ] **Action Group: Create User Checks**
    - [ ] Navigate to `/create-user`.
    - [ ] Verify only `COORDINATOR`, `SUPPLIER`, `STORE_OWNER`, `RIDER`, `POS_TERMINAL` are present (as per `UserTypeService`).
- [ ] **Action Group: Reports Checks**
    - [ ] Navigate to `/pos-history`. Verify access per store context.

## Phase 5: Role-Based Verification (RIDER)
- [ ] **Auth**: Login to `test_rider`.
- [ ] **Action: ViewShipments**: Navigate to `/shipment-list`.
    - [ ] Verify view status (per `UserPermissions.php` roles array).
    - [ ] Document result: Allowed or Restricted?

## Phase 6: Role-Based Verification (POS_TERMINAL)
- [ ] **Auth**: Login to `test_pos`.
- [ ] **UI Focus Check**: Verify if "Pos Main" is the default or prioritized interface.
- [ ] **Blocking Check**: Attempt access to `/user-list`. Verify if they are blocked.

## Phase 7: Final Matrix Audit (All 103 Actions)
- [ ] Match each action in `UserActions.php` with actual behavior in the UI.
- [ ] Document all observed permission gaps (e.g. `UpdateShipmentStatus` not assigned to `RIDER`).
- [ ] Verify for `PUBLIC` access (unauthenticated) that only marketplace and pos-start are reachable.

## Phase 8: Dictionary Sync
- [ ] Update `ai-docs/dictionary.md` with any findings or new established RBAC patterns.
- [ ] Commit and push the dictionary update.