josh/BarangaySystem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eb4a5731fb95119509c701c423a1bcb6ec62692b
BarangaySystem/docs/completed/chklist-20260402171000.md
Jonathan Sykes eb4a5731fb initial: bootstrap from BukidBountyApp base
2026-06-06 18:43:00 +08:00

60 lines
2.9 KiB
Markdown
Raw Blame History

# Checklist: Systematic Permission Verification (103 Actions)
## Phase 1: Test Environment Setup (Using Tinker)
- [ ] Create test accounts for all roles if they do not exist:
- **ULTIMATE**: `777` (already exists).
- **SUPER_OPERATOR**: `test_super_op`
- **OPERATOR**: `test_op`
- **COORDINATOR**: `test_coord`
- **RIDER**: `test_rider`
- **POS_TERMINAL**: `test_pos`
- **USER**: `test_user`
- [ ] Ensure all test accounts use the password: `123123`.
## Phase 2: Role-Based Verification (ULTIMATE - 777)
- [ ] **Auth**: Login to `777` with `123123`. Confirm success.
- [ ] **User Mgmt**: Navigate to `/user-list`. Verify full list of users is visible.
- [ ] **Action Group: Create User Checks**
- [ ] Navigate to `/create-user`.
- [ ] Verify dropdown includes `ULTIMATE`, `SUPER_OPERATOR`, `OPERATOR`, `RIDER`, etc.
- [ ] Check if `CreateUserPOSTerminal` action is functional.
- [ ] **Action Group: Ultimate Tools Checks**
- [ ] Navigate to `/ultimate-console`. Confirm it loads with full stats and maintenance toggles.
## Phase 3: Role-Based Verification (SUPER_OPERATOR)
- [ ] **Auth**: Login to `test_super_op`.
- [ ] **Blocking Check**: Access `/ultimate-console`. Confirm it redirects to `/`.
- [ ] **Action Group: Create User Checks**
- [ ] Navigate to `/create-user`.
- [ ] Verify `ULTIMATE` choice is NOT in the role dropdown.
- [ ] Verify `SUPER_OPERATOR` and others are visible.
- [ ] **Logistics**: Access `/shipment-list`. Verify if they can see shipments.
## Phase 4: Role-Based Verification (OPERATOR)
- [ ] **Auth**: Login to `test_op`.
- [ ] **Action Group: Create User Checks**
- [ ] Navigate to `/create-user`.
- [ ] Verify only `COORDINATOR`, `SUPPLIER`, `STORE_OWNER`, `RIDER`, `POS_TERMINAL` are present (as per `UserTypeService`).
- [ ] **Action Group: Reports Checks**
- [ ] Navigate to `/pos-history`. Verify access per store context.
## Phase 5: Role-Based Verification (RIDER)
- [ ] **Auth**: Login to `test_rider`.
- [ ] **Action: ViewShipments**: Navigate to `/shipment-list`.
- [ ] Verify view status (per `UserPermissions.php` roles array).
- [ ] Document result: Allowed or Restricted?
## Phase 6: Role-Based Verification (POS_TERMINAL)
- [ ] **Auth**: Login to `test_pos`.
- [ ] **UI Focus Check**: Verify if "Pos Main" is the default or prioritized interface.
- [ ] **Blocking Check**: Attempt access to `/user-list`. Verify if they are blocked.
## Phase 7: Final Matrix Audit (All 103 Actions)
- [ ] Match each action in `UserActions.php` with actual behavior in the UI.
- [ ] Document all observed permission gaps (e.g. `UpdateShipmentStatus` not assigned to `RIDER`).
- [ ] Verify for `PUBLIC` access (unauthenticated) that only marketplace and pos-start are reachable.
## Phase 8: Dictionary Sync
- [ ] Update `ai-docs/dictionary.md` with any findings or new established RBAC patterns.
- [ ] Commit and push the dictionary update.
Reference in New Issue View Git Blame Copy Permalink