Permission Verification Matrix & UI Testing Plan (103 Actions)

This document outlines the strategy for verifying the full role-based access control (RBAC) system, covering all 103 UserActions across all established UserTypes.

🚀 Requirement Definition

Verify that every defined action in App\Enums\UserActions is correctly integrated into the permission system and that the UI correctly handles these permissions for different user roles (ULTIMATE, SUPER_OPERATOR, OPERATOR, RIDER, POS_TERMINAL, etc.).

🏗️ Technical Approach

1. Grouped Matrix (Reference)

Action Group	ULTIMATE	SUPER_OP	OPERATOR	RIDER	POS_TER	USER
All Actions (103)	✅	Grouped	Grouped	Focused	Focused	Limited

2. User Creation Strategy

To test systematically, we need a stable user for each role:

All test users use password: 123123
Existing Ultimate: 777

3. Verification Methodology

UI Element Presence: Check if buttons/tabs corresponding to actions are visible.
Route Guarding: Verify direct URL access (e.g., /ultimate-console) for unauthorized roles.
API Guarding: Verify that the backend returns 401/403 when unauthorized user types hit specific endpoints.
Dropdown Filtering: Specifically for UserActions::CreateUser, verify the role dropdown is filtered correctly.

📦 Key Affected Files

App\Enums\UserActions: Definition of all 103 actions.
App\Http\Controllers\Helpers\Permissions\UserPermissions: RBAC logic and roles assignment.
App\Http\Controllers\Support\VueRouteMap: Page-level route protection.
resources/js/Pages/CreateUser.vue: UI for role selection during user creation.
resources/js/Pages/Fragments/Home/HomeUltimate.vue: Dashboard visibility logic.

🧪 Validation Criteria

Ultimate: 100% action availability.
Super Operator: Full management except system-level ULTIMATE actions.
Operator: Operational management only.
Specialized Roles: Access limited strictly to their functional domain.
Public: Minimal read-only access (Marketplace only).

2.1 KiB Raw Blame History