@nextsparkjs/theme-crm 0.1.0-beta.19 → 0.1.0-beta.20

package/tests/cypress/e2e/ui/leads/leads-owner.cy.ts

@@ -0,0 +1,210 @@
+/// <reference types="cypress" />
+
+/**
+ * Leads CRUD - Owner Role (Full Access)
+ *
+ * Uses CRM theme-specific POMs with Entity Testing Convention.
+ * Selectors follow the pattern: {slug}-{component}-{detail}
+ */
+
+import { LeadsPOM } from '../../../../src/entities/LeadsPOM'
+import { loginAsCrmOwner } from '../../../../src/session-helpers'
+
+describe('Leads CRUD - Owner Role (Full Access)', () => {
+  const leads = new LeadsPOM()
+
+  beforeEach(() => {
+    loginAsCrmOwner()
+    cy.visit('/dashboard/leads')
+    leads.list.validatePageVisible()
+  })
+
+  describe('CREATE - Owner can create leads', () => {
+    it('OWNER_LEAD_CREATE_001: should create new lead with required fields', () => {
+      const timestamp = Date.now()
+      const firstName = `Test`
+      const lastName = `Lead ${timestamp}`
+      const email = `lead${timestamp}@example.com`
+
+      leads.list.clickCreate()
+      leads.form.validateFormVisible()
+
+      leads.fillLeadForm({
+        firstName,
+        lastName,
+        email,
+        status: 'new'
+      })
+
+      leads.submitForm()
+
+      cy.url().should('include', '/dashboard/leads')
+      cy.contains(lastName).should('be.visible')
+    })
+
+    it('OWNER_LEAD_CREATE_002: should create lead with optional fields', () => {
+      const timestamp = Date.now()
+      const firstName = `Complete`
+      const lastName = `Lead ${timestamp}`
+      const email = `complete${timestamp}@example.com`
+
+      leads.list.clickCreate()
+      leads.form.validateFormVisible()
+
+      leads.fillLeadForm({
+        firstName,
+        lastName,
+        email,
+        phone: '+1 555 123 4567',
+        company: 'Test Company Inc',
+        source: 'website',
+        status: 'new'
+      })
+
+      leads.submitForm()
+
+      cy.url().should('include', '/dashboard/leads')
+      cy.contains(lastName).should('be.visible')
+    })
+
+    it('OWNER_LEAD_CREATE_003: should validate required fields', () => {
+      leads.list.clickCreate()
+      leads.form.validateFormVisible()
+
+      // Try to submit without filling required fields
+      leads.submitForm()
+
+      // Form should still be visible (validation failed)
+      leads.form.validateFormVisible()
+    })
+  })
+
+  describe('READ - Owner can read leads', () => {
+    it('OWNER_LEAD_READ_001: should view lead list', () => {
+      leads.list.validatePageVisible()
+      leads.list.validateTableVisible()
+    })
+
+    it('OWNER_LEAD_READ_002: should view lead details', () => {
+      cy.get(leads.list.selectors.rowGeneric).then($rows => {
+        if ($rows.length > 0) {
+          leads.list.clickRowByIndex(0)
+          cy.url().should('match', /\/dashboard\/leads\/[a-z0-9-]+/)
+        }
+      })
+    })
+
+    it('OWNER_LEAD_READ_003: should search and filter leads', () => {
+      leads.list.search('test')
+      cy.wait(500)
+      leads.list.clearSearch()
+    })
+  })
+
+  describe('UPDATE - Owner can update leads', () => {
+    it('OWNER_LEAD_UPDATE_001: should edit lead basic information', () => {
+      cy.get(leads.list.selectors.rowGeneric).then($rows => {
+        if ($rows.length > 0) {
+          leads.list.clickRowByIndex(0)
+
+          cy.url().then(url => {
+            const leadId = url.split('/').pop()
+            leads.form.visitEdit(leadId!)
+            leads.form.validateFormVisible()
+
+            const updatedLastName = `Updated Lead ${Date.now()}`
+            leads.form.typeInField('lastName', updatedLastName)
+
+            leads.submitForm()
+
+            cy.url().should('include', '/dashboard/leads')
+            cy.contains(updatedLastName).should('be.visible')
+          })
+        }
+      })
+    })
+
+    it('OWNER_LEAD_UPDATE_002: should update lead status', () => {
+      cy.get(leads.list.selectors.rowGeneric).then($rows => {
+        if ($rows.length > 0) {
+          leads.list.clickRowByIndex(0)
+
+          cy.url().then(url => {
+            const leadId = url.split('/').pop()
+            leads.form.visitEdit(leadId!)
+            leads.form.validateFormVisible()
+
+            leads.form.selectOption('status', 'contacted')
+
+            leads.submitForm()
+            cy.url().should('include', '/dashboard/leads')
+          })
+        }
+      })
+    })
+
+    it('OWNER_LEAD_UPDATE_003: should cancel update without saving', () => {
+      cy.get(leads.list.selectors.rowGeneric).then($rows => {
+        if ($rows.length > 0) {
+          leads.list.clickRowByIndex(0)
+
+          cy.url().then(url => {
+            const leadId = url.split('/').pop()
+            leads.form.visitEdit(leadId!)
+            leads.form.validateFormVisible()
+
+            leads.form.typeInField('lastName', 'ShouldNotSave')
+
+            leads.form.cancel()
+            cy.url().should('not.include', '/edit')
+          })
+        }
+      })
+    })
+  })
+
+  describe('DELETE - Owner can delete leads', () => {
+    it('OWNER_LEAD_DELETE_001: should delete lead', () => {
+      const timestamp = Date.now()
+      const firstName = `Delete`
+      const lastName = `Test ${timestamp}`
+      const email = `delete${timestamp}@example.com`
+
+      leads.list.clickCreate()
+      leads.fillLeadForm({
+        firstName,
+        lastName,
+        email,
+        status: 'new'
+      })
+      leads.submitForm()
+
+      cy.contains(lastName).should('be.visible')
+
+      leads.list.search(lastName)
+
+      cy.get(leads.list.selectors.rowGeneric).first().within(() => {
+        cy.get('[data-cy*="delete"]').click()
+      })
+
+      leads.list.confirmDelete()
+
+      cy.wait(1000)
+      leads.list.search(lastName)
+      cy.get(leads.list.selectors.emptyState).should('be.visible')
+    })
+
+    it('OWNER_LEAD_DELETE_002: should cancel deletion', () => {
+      cy.get(leads.list.selectors.rowGeneric).then($rows => {
+        if ($rows.length > 0) {
+          cy.get(leads.list.selectors.rowGeneric).first().within(() => {
+            cy.get('[data-cy*="delete"]').click()
+          })
+
+          leads.list.cancelDelete()
+          leads.list.validateTableVisible()
+        }
+      })
+    })
+  })
+})

package/tests/cypress/e2e/ui/opportunities/opportunities-admin.cy.ts

@@ -0,0 +1,197 @@
+/// <reference types="cypress" />
+
+/**
+ * Opportunities CRUD - Admin Role (Full Access)
+ *
+ * Uses CRM theme-specific POMs with Entity Testing Convention.
+ * Selectors follow the pattern: {slug}-{component}-{detail}
+ */
+
+import { OpportunitiesPOM } from '../../../src/entities/OpportunitiesPOM'
+import { loginAsCrmAdmin } from '../../../src/session-helpers'
+
+describe('Opportunities CRUD - Admin Role (Full Access)', () => {
+  const opportunities = new OpportunitiesPOM()
+
+  beforeEach(() => {
+    loginAsCrmAdmin()
+    cy.visit('/dashboard/opportunities')
+    opportunities.list.validatePageVisible()
+  })
+
+  describe('CREATE - Admin can create opportunities', () => {
+    it('ADMIN_OPPO_CREATE_001: should create new opportunity with required fields', () => {
+      const timestamp = Date.now()
+      const opportunityName = `Admin Test Opportunity ${timestamp}`
+
+      opportunities.list.clickCreate()
+      opportunities.form.validateFormVisible()
+
+      opportunities.fillOpportunityForm({
+        name: opportunityName,
+        amount: '45000'
+      })
+
+      opportunities.submitForm()
+
+      cy.url().should('include', '/dashboard/opportunities')
+      cy.contains(opportunityName).should('be.visible')
+    })
+
+    it('ADMIN_OPPO_CREATE_002: should create opportunity with high value', () => {
+      const timestamp = Date.now()
+      const opportunityName = `High Value Deal ${timestamp}`
+
+      opportunities.list.clickCreate()
+      opportunities.form.validateFormVisible()
+
+      opportunities.fillOpportunityForm({
+        name: opportunityName,
+        amount: '150000',
+        probability: '75'
+      })
+
+      opportunities.submitForm()
+
+      cy.url().should('include', '/dashboard/opportunities')
+      cy.contains(opportunityName).should('be.visible')
+    })
+
+    it('ADMIN_OPPO_CREATE_003: should validate required fields', () => {
+      opportunities.list.clickCreate()
+      opportunities.form.validateFormVisible()
+
+      // Try to submit without filling required fields
+      opportunities.submitForm()
+
+      // Form should still be visible (validation failed)
+      opportunities.form.validateFormVisible()
+    })
+  })
+
+  describe('READ - Admin can read opportunities', () => {
+    it('ADMIN_OPPO_READ_001: should view opportunity list', () => {
+      opportunities.list.validatePageVisible()
+      opportunities.list.validateTableVisible()
+    })
+
+    it('ADMIN_OPPO_READ_002: should view opportunity details', () => {
+      cy.get(opportunities.list.selectors.rowGeneric).then($rows => {
+        if ($rows.length > 0) {
+          opportunities.list.clickRowByIndex(0)
+          cy.url().should('match', /\/dashboard\/opportunities\/[a-z0-9-]+/)
+        }
+      })
+    })
+
+    it('ADMIN_OPPO_READ_003: should search opportunities', () => {
+      opportunities.list.search('test')
+      cy.wait(500)
+      opportunities.list.clearSearch()
+    })
+  })
+
+  describe('UPDATE - Admin can update opportunities', () => {
+    it('ADMIN_OPPO_UPDATE_001: should edit opportunity details', () => {
+      cy.get(opportunities.list.selectors.rowGeneric).then($rows => {
+        if ($rows.length > 0) {
+          opportunities.list.clickRowByIndex(0)
+
+          cy.url().then(url => {
+            const opportunityId = url.split('/').pop()
+            opportunities.form.visitEdit(opportunityId!)
+            opportunities.form.validateFormVisible()
+
+            const updatedName = `Admin Updated ${Date.now()}`
+            opportunities.form.typeInField('name', updatedName)
+
+            opportunities.submitForm()
+
+            cy.url().should('include', '/dashboard/opportunities')
+            cy.contains(updatedName).should('be.visible')
+          })
+        }
+      })
+    })
+
+    it('ADMIN_OPPO_UPDATE_002: should update probability and value', () => {
+      cy.get(opportunities.list.selectors.rowGeneric).then($rows => {
+        if ($rows.length > 0) {
+          opportunities.list.clickRowByIndex(0)
+
+          cy.url().then(url => {
+            const opportunityId = url.split('/').pop()
+            opportunities.form.visitEdit(opportunityId!)
+            opportunities.form.validateFormVisible()
+
+            opportunities.form.typeInField('probability', '90')
+            opportunities.form.typeInField('amount', '120000')
+
+            opportunities.submitForm()
+            cy.url().should('include', '/dashboard/opportunities')
+          })
+        }
+      })
+    })
+
+    it('ADMIN_OPPO_UPDATE_003: should cancel update without saving', () => {
+      cy.get(opportunities.list.selectors.rowGeneric).then($rows => {
+        if ($rows.length > 0) {
+          opportunities.list.clickRowByIndex(0)
+
+          cy.url().then(url => {
+            const opportunityId = url.split('/').pop()
+            opportunities.form.visitEdit(opportunityId!)
+            opportunities.form.validateFormVisible()
+
+            opportunities.form.typeInField('name', 'ShouldNotSave')
+
+            opportunities.form.cancel()
+            cy.url().should('not.include', '/edit')
+          })
+        }
+      })
+    })
+  })
+
+  describe('DELETE - Admin can delete opportunities', () => {
+    it('ADMIN_OPPO_DELETE_001: should delete opportunity successfully', () => {
+      const timestamp = Date.now()
+      const opportunityName = `Admin Delete Test ${timestamp}`
+
+      opportunities.list.clickCreate()
+      opportunities.fillOpportunityForm({
+        name: opportunityName,
+        amount: '35000'
+      })
+      opportunities.submitForm()
+
+      cy.contains(opportunityName).should('be.visible')
+
+      opportunities.list.search(opportunityName)
+
+      cy.get(opportunities.list.selectors.rowGeneric).first().within(() => {
+        cy.get('[data-cy*="delete"]').click()
+      })
+
+      opportunities.list.confirmDelete()
+
+      cy.wait(1000)
+      opportunities.list.search(opportunityName)
+      cy.get(opportunities.list.selectors.emptyState).should('be.visible')
+    })
+
+    it('ADMIN_OPPO_DELETE_002: should cancel deletion', () => {
+      cy.get(opportunities.list.selectors.rowGeneric).then($rows => {
+        if ($rows.length > 0) {
+          cy.get(opportunities.list.selectors.rowGeneric).first().within(() => {
+            cy.get('[data-cy*="delete"]').click()
+          })
+
+          opportunities.list.cancelDelete()
+          opportunities.list.validateTableVisible()
+        }
+      })
+    })
+  })
+})

package/tests/cypress/e2e/ui/opportunities/opportunities-member.cy.ts

@@ -0,0 +1,229 @@
+/// <reference types="cypress" />
+
+/**
+ * Opportunities CRUD - Member Role (Restricted: View + Edit Only)
+ *
+ * Uses CRM theme-specific POMs with Entity Testing Convention.
+ * Selectors follow the pattern: {slug}-{component}-{detail}
+ */
+
+import { OpportunitiesPOM } from '../../../src/entities/OpportunitiesPOM'
+import { loginAsCrmMember } from '../../../src/session-helpers'
+
+describe('Opportunities CRUD - Member Role (Restricted: View + Edit Only)', () => {
+  const opportunities = new OpportunitiesPOM()
+
+  beforeEach(() => {
+    loginAsCrmMember()
+    cy.visit('/dashboard/opportunities')
+    opportunities.list.validatePageVisible()
+  })
+
+  describe('READ - Member CAN view opportunities', () => {
+    it('MEMBER_OPPO_READ_001: should view opportunity list', () => {
+      opportunities.list.validatePageVisible()
+      opportunities.list.validateTableVisible()
+    })
+
+    it('MEMBER_OPPO_READ_002: should view opportunity details', () => {
+      cy.get(opportunities.list.selectors.rowGeneric).then($rows => {
+        if ($rows.length > 0) {
+          opportunities.list.clickRowByIndex(0)
+          cy.url().should('match', /\/dashboard\/opportunities\/[a-z0-9-]+/)
+        }
+      })
+    })
+
+    it('MEMBER_OPPO_READ_003: should search opportunities', () => {
+      opportunities.list.search('test')
+      cy.wait(500)
+      opportunities.list.clearSearch()
+    })
+  })
+
+  describe('UPDATE - Member CAN edit opportunities', () => {
+    it('MEMBER_OPPO_UPDATE_001: should edit existing opportunity', () => {
+      cy.get(opportunities.list.selectors.rowGeneric).then($rows => {
+        if ($rows.length > 0) {
+          opportunities.list.clickRowByIndex(0)
+
+          cy.url().then(url => {
+            const opportunityId = url.split('/').pop()
+            opportunities.form.visitEdit(opportunityId!)
+            opportunities.form.validateFormVisible()
+
+            // Verify fields are enabled (Member can edit)
+            cy.get(opportunities.form.selectors.field('name')).within(() => {
+              cy.get('input, textarea').should('not.be.disabled')
+            })
+          })
+        }
+      })
+    })
+
+    it('MEMBER_OPPO_UPDATE_002: should update opportunity name and value', () => {
+      cy.get(opportunities.list.selectors.rowGeneric).then($rows => {
+        if ($rows.length > 0) {
+          opportunities.list.clickRowByIndex(0)
+
+          cy.url().then(url => {
+            const opportunityId = url.split('/').pop()
+            opportunities.form.visitEdit(opportunityId!)
+            opportunities.form.validateFormVisible()
+
+            const updatedName = `Member Updated ${Date.now()}`
+            opportunities.form.typeInField('name', updatedName)
+            opportunities.form.typeInField('amount', '55000')
+
+            opportunities.submitForm()
+            cy.url().should('include', '/dashboard/opportunities')
+            cy.contains(updatedName).should('be.visible')
+          })
+        }
+      })
+    })
+
+    it('MEMBER_OPPO_UPDATE_003: should update probability', () => {
+      cy.get(opportunities.list.selectors.rowGeneric).then($rows => {
+        if ($rows.length > 0) {
+          opportunities.list.clickRowByIndex(0)
+
+          cy.url().then(url => {
+            const opportunityId = url.split('/').pop()
+            opportunities.form.visitEdit(opportunityId!)
+            opportunities.form.validateFormVisible()
+
+            opportunities.form.typeInField('probability', '80')
+
+            opportunities.submitForm()
+            cy.url().should('include', '/dashboard/opportunities')
+          })
+        }
+      })
+    })
+
+    it('MEMBER_OPPO_UPDATE_004: should cancel update without saving', () => {
+      cy.get(opportunities.list.selectors.rowGeneric).then($rows => {
+        if ($rows.length > 0) {
+          opportunities.list.clickRowByIndex(0)
+
+          cy.url().then(url => {
+            const opportunityId = url.split('/').pop()
+            opportunities.form.visitEdit(opportunityId!)
+            opportunities.form.validateFormVisible()
+
+            opportunities.form.typeInField('name', 'ShouldNotSave')
+
+            opportunities.form.cancel()
+            cy.url().should('not.include', '/edit')
+          })
+        }
+      })
+    })
+  })
+
+  describe('CREATE - Member CANNOT create opportunities', () => {
+    it('MEMBER_OPPO_CREATE_001: create button should be hidden', () => {
+      cy.get(opportunities.list.selectors.createButton).should('not.exist')
+    })
+
+    it('MEMBER_OPPO_CREATE_002: should not be able to access create form via UI', () => {
+      // Verify no visible way to access create form
+      cy.get('[data-cy*="create"], [data-cy*="add"]').should('not.exist')
+    })
+
+    it('MEMBER_OPPO_CREATE_003: direct navigation to create form should be blocked', () => {
+      cy.visit('/dashboard/opportunities/create', { failOnStatusCode: false })
+
+      // Should either redirect or show access denied
+      cy.url().then(url => {
+        if (url.includes('/dashboard/opportunities/create')) {
+          // If still on create page, should show error
+          cy.get('body').should('not.contain', opportunities.form.selectors.form)
+        } else {
+          // Should redirect away from create page
+          cy.url().should('not.include', '/create')
+        }
+      })
+    })
+  })
+
+  describe('DELETE - Member CANNOT delete opportunities', () => {
+    it('MEMBER_OPPO_DELETE_001: delete buttons should be hidden', () => {
+      cy.get('[data-cy*="delete"]').should('not.exist')
+    })
+
+    it('MEMBER_OPPO_DELETE_002: should not see delete action in opportunity list', () => {
+      cy.get(opportunities.list.selectors.rowGeneric).then($rows => {
+        if ($rows.length > 0) {
+          cy.get(opportunities.list.selectors.rowGeneric).first().within(() => {
+            cy.get('[data-cy*="delete"]').should('not.exist')
+          })
+        }
+      })
+    })
+
+    it('MEMBER_OPPO_DELETE_003: should not see delete action in detail view', () => {
+      cy.get(opportunities.list.selectors.rowGeneric).then($rows => {
+        if ($rows.length > 0) {
+          opportunities.list.clickRowByIndex(0)
+          cy.url().should('match', /\/dashboard\/opportunities\/[a-z0-9-]+/)
+
+          cy.get('[data-cy*="delete"]').should('not.exist')
+        }
+      })
+    })
+
+    it('MEMBER_OPPO_DELETE_004: should NOT delete opportunity via API', () => {
+      cy.get(opportunities.list.selectors.rowGeneric).then($rows => {
+        if ($rows.length > 0) {
+          cy.get(opportunities.list.selectors.rowGeneric).first().invoke('attr', 'data-cy').then(dataCy => {
+            if (dataCy) {
+              const opportunityId = dataCy.replace('opportunities-row-', '')
+
+              cy.request({
+                method: 'DELETE',
+                url: `/api/v1/opportunities/${opportunityId}`,
+                failOnStatusCode: false,
+              }).then(response => {
+                expect(response.status).to.be.oneOf([401, 403, 404])
+              })
+            }
+          })
+        }
+      })
+    })
+  })
+
+  describe('PERMISSIONS - Member role capabilities', () => {
+    it('MEMBER_OPPO_PERMISSIONS_001: should have view and edit access only', () => {
+      opportunities.list.validatePageVisible()
+
+      // Check for no create button
+      cy.get(opportunities.list.selectors.createButton).should('not.exist')
+
+      // Check for no delete buttons
+      cy.get('[data-cy*="delete"]').should('not.exist')
+    })
+
+    it('MEMBER_OPPO_PERMISSIONS_002: should see all organization opportunities', () => {
+      opportunities.list.validatePageVisible()
+
+      cy.get(opportunities.list.selectors.rowGeneric).then($rows => {
+        if ($rows.length > 0) {
+          cy.get(opportunities.list.selectors.rowGeneric).should('have.length.at.least', 1)
+        }
+      })
+    })
+
+    it('MEMBER_OPPO_PERMISSIONS_003: should maintain restrictions after page refresh', () => {
+      cy.reload()
+
+      opportunities.list.validatePageVisible()
+
+      // Verify restrictions persist
+      cy.get(opportunities.list.selectors.createButton).should('not.exist')
+      cy.get('[data-cy*="delete"]').should('not.exist')
+    })
+  })
+})