josh/BarangaySystem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fbb7e3ff372c4b8ee3a7e9d7e1ee0c13ac83079f
BarangaySystem/docs/completed/chklist-20260402171000.md
Jonathan Sykes eb4a5731fb initial: bootstrap from BukidBountyApp base
2026-06-06 18:43:00 +08:00

2.9 KiB
Raw Blame History

Checklist: Systematic Permission Verification (103 Actions)

Phase 1: Test Environment Setup (Using Tinker)

  • Create test accounts for all roles if they do not exist:
    • ULTIMATE: 777 (already exists).
    • SUPER_OPERATOR: test_super_op
    • OPERATOR: test_op
    • COORDINATOR: test_coord
    • RIDER: test_rider
    • POS_TERMINAL: test_pos
    • USER: test_user
  • Ensure all test accounts use the password: 123123.

Phase 2: Role-Based Verification (ULTIMATE - 777)

  • Auth: Login to 777 with 123123. Confirm success.
  • User Mgmt: Navigate to /user-list. Verify full list of users is visible.
  • Action Group: Create User Checks
    • Navigate to /create-user.
    • Verify dropdown includes ULTIMATE, SUPER_OPERATOR, OPERATOR, RIDER, etc.
    • Check if CreateUserPOSTerminal action is functional.
  • Action Group: Ultimate Tools Checks
    • Navigate to /ultimate-console. Confirm it loads with full stats and maintenance toggles.

Phase 3: Role-Based Verification (SUPER_OPERATOR)

  • Auth: Login to test_super_op.
  • Blocking Check: Access /ultimate-console. Confirm it redirects to /.
  • Action Group: Create User Checks
    • Navigate to /create-user.
    • Verify ULTIMATE choice is NOT in the role dropdown.
    • Verify SUPER_OPERATOR and others are visible.
  • Logistics: Access /shipment-list. Verify if they can see shipments.

Phase 4: Role-Based Verification (OPERATOR)

  • Auth: Login to test_op.
  • Action Group: Create User Checks
    • Navigate to /create-user.
    • Verify only COORDINATOR, SUPPLIER, STORE_OWNER, RIDER, POS_TERMINAL are present (as per UserTypeService).
  • Action Group: Reports Checks
    • Navigate to /pos-history. Verify access per store context.

Phase 5: Role-Based Verification (RIDER)

  • Auth: Login to test_rider.
  • Action: ViewShipments: Navigate to /shipment-list.
    • Verify view status (per UserPermissions.php roles array).
    • Document result: Allowed or Restricted?

Phase 6: Role-Based Verification (POS_TERMINAL)

  • Auth: Login to test_pos.
  • UI Focus Check: Verify if "Pos Main" is the default or prioritized interface.
  • Blocking Check: Attempt access to /user-list. Verify if they are blocked.

Phase 7: Final Matrix Audit (All 103 Actions)

  • Match each action in UserActions.php with actual behavior in the UI.
  • Document all observed permission gaps (e.g. UpdateShipmentStatus not assigned to RIDER).
  • Verify for PUBLIC access (unauthenticated) that only marketplace and pos-start are reachable.

Phase 8: Dictionary Sync

  • Update ai-docs/dictionary.md with any findings or new established RBAC patterns.
  • Commit and push the dictionary update.