josh/BarangaySystem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eb4a5731fb95119509c701c423a1bcb6ec62692b
BarangaySystem/docs/tasks/prompt-20260403-001700.md
Jonathan Sykes eb4a5731fb initial: bootstrap from BukidBountyApp base
2026-06-06 18:43:00 +08:00

39 lines
2.1 KiB
Markdown
Raw Blame History

# Permission Verification Matrix & UI Testing Plan (103 Actions)
This document outlines the strategy for verifying the full role-based access control (RBAC) system, covering all **103 UserActions** across all established **UserTypes**.
## 🚀 Requirement Definition
Verify that every defined action in `App\Enums\UserActions` is correctly integrated into the permission system and that the UI correctly handles these permissions for different user roles (`ULTIMATE`, `SUPER_OPERATOR`, `OPERATOR`, `RIDER`, `POS_TERMINAL`, etc.).
## 🏗️ Technical Approach
### 1. Grouped Matrix (Reference)
| Action Group | ULTIMATE | SUPER_OP | OPERATOR | RIDER | POS_TER | USER |
| :--- | :---: | :---: | :---: | :---: | :---: | :---: |
| **All Actions** (103) | ✅ | Grouped | Grouped | Focused | Focused | Limited |
### 2. User Creation Strategy
To test systematically, we need a stable user for each role:
- All test users use password: `123123`
- Existing Ultimate: `777`
### 3. Verification Methodology
- **UI Element Presence**: Check if buttons/tabs corresponding to actions are visible.
- **Route Guarding**: Verify direct URL access (e.g., `/ultimate-console`) for unauthorized roles.
- **API Guarding**: Verify that the backend returns `401/403` when unauthorized user types hit specific endpoints.
- **Dropdown Filtering**: Specifically for `UserActions::CreateUser`, verify the role dropdown is filtered correctly.
## 📦 Key Affected Files
- `App\Enums\UserActions`: Definition of all 103 actions.
- `App\Http\Controllers\Helpers\Permissions\UserPermissions`: RBAC logic and roles assignment.
- `App\Http\Controllers\Support\VueRouteMap`: Page-level route protection.
- `resources/js/Pages/CreateUser.vue`: UI for role selection during user creation.
- `resources/js/Pages/Fragments/Home/HomeUltimate.vue`: Dashboard visibility logic.
## 🧪 Validation Criteria
- **Ultimate**: 100% action availability.
- **Super Operator**: Full management except system-level `ULTIMATE` actions.
- **Operator**: Operational management only.
- **Specialized Roles**: Access limited strictly to their functional domain.
- **Public**: Minimal read-only access (Marketplace only).
Reference in New Issue View Git Blame Copy Permalink