@nextsparkjs/theme-default 0.1.0-beta.1 → 0.1.0-beta.100

package/tests/cypress/e2e/uat/_core/auth/team-roles/owner-login.bdd.md

@@ -0,0 +1,231 @@
+---
+feature: Owner Team Role Permissions
+priority: critical
+tags: [auth, team-role, owner, permissions, security]
+grepTags: [uat, feat-auth, team-role, owner]
+coverage: 6
+---
+
+# Owner Team Role Permissions
+
+> Tests for Owner team role permissions and access control. Owner is the highest team-based role with full CRUD access to all entities, team settings, and billing. Does not have access to app-role areas like /dev or /sector7.
+
+## @test OWNER-PERM-001: Owner Dashboard Access
+
+### Metadata
+- **Priority:** Critical
+- **Type:** Smoke
+- **Tags:** owner, dashboard, navigation
+- **Grep:** `@smoke`
+
+```gherkin:en
+Scenario: Owner can access dashboard with full navigation
+
+Given I am logged in as Owner (carlos.mendoza@nextspark.dev)
+When I visit /dashboard
+Then the dashboard container should be visible
+And I should see navigation for customers
+And I should see navigation for tasks
+```
+
+```gherkin:es
+Scenario: Owner puede acceder al dashboard con navegacion completa
+
+Given estoy logueado como Owner (carlos.mendoza@nextspark.dev)
+When visito /dashboard
+Then el contenedor del dashboard deberia estar visible
+And deberia ver navegacion a customers
+And deberia ver navegacion a tasks
+```
+
+### Expected Results
+- Dashboard loads correctly
+- All navigation items visible
+- No restrictions on sidebar
+
+---
+
+## @test OWNER-PERM-002: Owner Full Entity Access
+
+### Metadata
+- **Priority:** Critical
+- **Type:** Smoke
+- **Tags:** owner, customers, crud
+- **Grep:** `@smoke`
+
+```gherkin:en
+Scenario: Owner has full CRUD access to customers
+
+Given I am logged in as Owner (carlos.mendoza@nextspark.dev)
+When I visit /customers
+Then the create button should be visible
+And the entity list should be visible
+```
+
+```gherkin:es
+Scenario: Owner tiene acceso CRUD completo a customers
+
+Given estoy logueado como Owner (carlos.mendoza@nextspark.dev)
+When visito /customers
+Then el boton de crear deberia estar visible
+And la lista de entidades deberia estar visible
+```
+
+### Expected Results
+- Create button is visible (can create)
+- List is visible (can read)
+- Edit/Delete buttons available on items
+
+---
+
+## @test OWNER-PERM-003: Owner Team Settings Access
+
+### Metadata
+- **Priority:** High
+- **Type:** Regression
+- **Tags:** owner, settings, team
+
+```gherkin:en
+Scenario: Owner can access team settings
+
+Given I am logged in as Owner (carlos.mendoza@nextspark.dev)
+When I visit /settings
+Then the settings container should be visible
+And the team settings tab should be visible
+```
+
+```gherkin:es
+Scenario: Owner puede acceder a configuracion de equipo
+
+Given estoy logueado como Owner (carlos.mendoza@nextspark.dev)
+When visito /settings
+Then el contenedor de settings deberia estar visible
+And la pestana de team settings deberia estar visible
+```
+
+### Expected Results
+- Settings page loads
+- Team settings tab accessible
+- Can manage team configuration
+
+---
+
+## @test OWNER-PERM-004: Owner Billing Access
+
+### Metadata
+- **Priority:** High
+- **Type:** Regression
+- **Tags:** owner, billing
+
+```gherkin:en
+Scenario: Owner can access billing
+
+Given I am logged in as Owner (carlos.mendoza@nextspark.dev)
+When I visit /billing
+Then the billing container should be visible
+```
+
+```gherkin:es
+Scenario: Owner puede acceder a billing
+
+Given estoy logueado como Owner (carlos.mendoza@nextspark.dev)
+When visito /billing
+Then el contenedor de billing deberia estar visible
+```
+
+### Expected Results
+- Billing page loads
+- Plan information visible
+- Upgrade options available
+
+---
+
+## @test OWNER-PERM-005: Owner Cannot Access Sector7
+
+### Metadata
+- **Priority:** High
+- **Type:** Security
+- **Tags:** owner, sector7, blocked
+
+```gherkin:en
+Scenario: Owner is blocked from Sector7
+
+Given I am logged in as Owner (carlos.mendoza@nextspark.dev)
+When I attempt to visit /sector7
+Then I should be redirected away from /sector7
+And the URL should include /dashboard or error=access_denied
+```
+
+```gherkin:es
+Scenario: Owner no puede acceder a Sector7
+
+Given estoy logueado como Owner (carlos.mendoza@nextspark.dev)
+When intento visitar /sector7
+Then deberia ser redirigido fuera de /sector7
+And la URL deberia incluir /dashboard o error=access_denied
+```
+
+### Expected Results
+- Access denied to Sector7
+- Redirect to dashboard with error
+- Security control working
+
+---
+
+## @test OWNER-PERM-006: Owner Cannot Access Dev Zone
+
+### Metadata
+- **Priority:** High
+- **Type:** Security
+- **Tags:** owner, dev-zone, blocked
+
+```gherkin:en
+Scenario: Owner is blocked from Dev Zone
+
+Given I am logged in as Owner (carlos.mendoza@nextspark.dev)
+When I attempt to visit /dev
+Then I should be redirected away from /dev
+And the URL should include /dashboard or error=access_denied
+```
+
+```gherkin:es
+Scenario: Owner no puede acceder a Dev Zone
+
+Given estoy logueado como Owner (carlos.mendoza@nextspark.dev)
+When intento visitar /dev
+Then deberia ser redirigido fuera de /dev
+And la URL deberia incluir /dashboard o error=access_denied
+```
+
+### Expected Results
+- Access denied to Dev Zone
+- Redirect to dashboard with error
+- Security control working
+
+---
+
+## UI Elements
+
+| Element | Selector | Description |
+|---------|----------|-------------|
+| Dashboard Container | `[data-cy="dashboard-container"]` | Main dashboard container |
+| Customers Nav | `[data-cy="sidebar-nav-customers"]` | Customers navigation item |
+| Tasks Nav | `[data-cy="sidebar-nav-tasks"]` | Tasks navigation item |
+| Create Button | `[data-cy="entity-create-button"]` | Entity create button |
+| Entity List | `[data-cy="entity-list-container"]` | Entity list container |
+| Settings Container | `[data-cy="settings-container"]` | Settings page container |
+| Team Settings Tab | `[data-cy="settings-tab-team"]` | Team settings tab |
+| Billing Container | `[data-cy="billing-container"]` | Billing page container |
+
+---
+
+## Summary
+
+| Test ID | Block | Description | Tags |
+|---------|-------|-------------|------|
+| OWNER-PERM-001 | Access | Dashboard with full navigation | `@smoke` |
+| OWNER-PERM-002 | Access | Full CRUD access to customers | `@smoke` |
+| OWNER-PERM-003 | Access | Team settings access | |
+| OWNER-PERM-004 | Access | Billing access | |
+| OWNER-PERM-005 | Blocked | Cannot access Sector7 | |
+| OWNER-PERM-006 | Blocked | Cannot access Dev Zone | |

package/tests/cypress/e2e/uat/_core/auth/team-roles/owner-login.cy.ts

@@ -0,0 +1,141 @@
+/// <reference types="cypress" />
+
+/**
+ * Owner Team Role Login Tests
+ *
+ * Tests the Owner team role login and specific permissions:
+ * - Full CRUD access to all entities
+ * - Team settings access
+ * - Billing access
+ * - Member management
+ * - Cannot access /dev or /superadmin (app roles only)
+ *
+ * Note: Basic login is tested in login-logout.cy.ts
+ * This file focuses on Owner-specific permissions and access.
+ *
+ * Tags: @uat, @feat-auth, @team-role, @owner
+ */
+
+import * as allure from 'allure-cypress'
+
+import { loginAsDefaultOwner, DEFAULT_THEME_USERS } from '../../../../src/session-helpers'
+import { DashboardPOM } from '../../../../src/features/DashboardPOM'
+import { SettingsPOM } from '../../../../src/features/SettingsPOM'
+import { BillingPOM } from '../../../../src/features/BillingPOM'
+import { SuperadminPOM } from '../../../../src/features/SuperadminPOM'
+import { DevAreaPOM } from '../../../../src/features/DevAreaPOM'
+
+describe('Authentication - Owner Team Role Permissions', {
+  tags: ['@uat', '@feat-auth', '@team-role', '@owner']
+}, () => {
+  const dashboard = DashboardPOM.create()
+  const settings = SettingsPOM.create()
+  const billing = BillingPOM.create()
+  const sector7 = SuperadminPOM.create()
+  const devArea = DevAreaPOM.create()
+
+  beforeEach(() => {
+    allure.epic('Authentication')
+    allure.feature('Team Roles')
+    allure.story('Owner Permissions')
+    loginAsDefaultOwner()
+  })
+
+  describe('OWNER-PERM-001: Owner Dashboard Access', { tags: '@smoke' }, () => {
+    it('should access dashboard with full navigation', { tags: '@smoke' }, () => {
+      allure.severity('critical')
+
+      // 1. Visit dashboard and wait for it to load
+      dashboard.visitDashboard()
+      dashboard.waitForDashboard()
+
+      // 2. Validate sidebar navigation items (Owner should see entity links)
+      dashboard.assertEntityNavVisible('customers')
+      dashboard.assertEntityNavVisible('tasks')
+
+      cy.log(`✅ Owner dashboard access verified (${DEFAULT_THEME_USERS.OWNER})`)
+    })
+  })
+
+  describe('OWNER-PERM-002: Owner Full Entity Access', { tags: '@smoke' }, () => {
+    it('should have full CRUD access to customers', { tags: '@smoke' }, () => {
+      allure.severity('critical')
+
+      // 1. Navigate to customers (correct route is /dashboard/customers)
+      dashboard.visitEntity('customers')
+      dashboard.waitForEntityPage('customers')
+
+      // 2. Validate create button is visible (Owner can create)
+      dashboard.assertEntityAddButtonVisible('customers')
+
+      // 3. Validate table is visible
+      dashboard.assertEntityPageVisible('customers')
+
+      cy.log('✅ Owner has full CRUD access to customers')
+    })
+  })
+
+  describe('OWNER-PERM-003: Owner Team Settings Access', { tags: '@in-develop' }, () => {
+    it('should access team settings page', { tags: '@in-develop' }, () => {
+      allure.severity('high')
+
+      // 1. Navigate to settings
+      settings.visitSettings()
+      settings.waitForSettings()
+
+      // 2. Validate settings page is accessible
+      settings.assertSettingsVisible()
+
+      // 3. Validate team settings nav is visible (key is 'teams' not 'team')
+      settings.assertNavItemVisible('teams')
+
+      cy.log('✅ Owner can access team settings')
+    })
+  })
+
+  describe('OWNER-PERM-004: Owner Billing Access', () => {
+    it('should access billing page', () => {
+      allure.severity('high')
+
+      // 1. Navigate to billing using BillingPOM
+      billing.visitBilling()
+
+      // 2. Validate billing page is accessible
+      billing.assertBillingPageVisible()
+
+      cy.log('✅ Owner can access billing')
+    })
+  })
+
+  describe('OWNER-PERM-005: Owner Cannot Access Superadmin', () => {
+    it('should be redirected when trying to access /superadmin', () => {
+      allure.severity('high')
+
+      // 1. Attempt to visit Superadmin
+      cy.visit('/superadmin', { timeout: 60000, failOnStatusCode: false })
+
+      // 2. Should be redirected (Owner is not superadmin)
+      sector7.assertAccessDenied()
+
+      cy.log('✅ Owner correctly blocked from Superadmin')
+    })
+  })
+
+  describe('OWNER-PERM-006: Owner Cannot Access Dev Zone', () => {
+    it('should be redirected when trying to access /dev', () => {
+      allure.severity('high')
+
+      // 1. Attempt to visit Dev Zone
+      devArea.attemptToVisitDev()
+
+      // 2. Should be redirected (Owner is not developer)
+      devArea.assertRedirectedToDashboard()
+
+      cy.log('✅ Owner correctly blocked from Dev Zone')
+    })
+  })
+
+  after(() => {
+    cy.log('✅ Owner team role tests completed')
+  })
+})

package/tests/cypress/e2e/uat/_core/billing/extended.bdd.md

@@ -0,0 +1,273 @@
+---
+feature: Billing Extended Features
+priority: medium
+tags: [billing, payment, features, invoices, navigation]
+grepTags: [uat, billing, extended]
+coverage: 8
+status: pending-permission-fix
+---
+
+# Billing Page - Extended Tests
+
+> Extended coverage tests for the billing settings page including payment method section, plan features list, view pricing navigation, and invoice details. **Note:** Currently skipped due to permission check issues - billing page redirects to /dashboard/settings.
+
+## Background
+
+```gherkin:en
+Given I am logged in as Owner (owner@nextspark.dev)
+And I have navigated to the Billing settings page
+And the billing page has loaded successfully
+```
+
+```gherkin:es
+Given estoy logueado como Owner (owner@nextspark.dev)
+And he navegado a la pagina de configuracion de Billing
+And la pagina de billing ha cargado exitosamente
+```
+
+---
+
+## @test BILL-UAT-040: Owner sees payment method section
+
+### Metadata
+- **Priority:** Normal
+- **Type:** Regression
+- **Tags:** payment, section, owner
+- **Status:** SKIPPED (permission issue)
+
+```gherkin:en
+Scenario: Owner sees payment method section
+
+Given I am logged in as an owner
+When I visit the billing page
+Then I should see payment method section
+```
+
+```gherkin:es
+Scenario: Owner ve la seccion de metodo de pago
+
+Given estoy logueado como owner
+When visito la pagina de billing
+Then deberia ver la seccion de metodo de pago
+```
+
+### Expected Results
+- Billing page is accessible to owner
+- Payment method section is visible
+- Section displays current payment info or add option
+
+---
+
+## @test BILL-UAT-041: Add payment button is visible
+
+### Metadata
+- **Priority:** Normal
+- **Type:** Regression
+- **Tags:** payment, button, add
+- **Status:** SKIPPED (permission issue)
+
+```gherkin:en
+Scenario: User can see add payment button
+
+Given I am on the billing page
+Then I should see the add payment button
+```
+
+```gherkin:es
+Scenario: Usuario puede ver boton agregar pago
+
+Given estoy en la pagina de billing
+Then deberia ver el boton de agregar pago
+```
+
+### Expected Results
+- Add payment button exists
+- Button is visible and clickable
+- Button leads to payment method addition flow
+
+---
+
+## @test BILL-UAT-042: Plan features list is visible
+
+### Metadata
+- **Priority:** Normal
+- **Type:** Regression
+- **Tags:** plan, features, list
+
+- **Status:** SKIPPED (permission issue)
+
+```gherkin:en
+Scenario: User can see plan features
+
+Given I am on the billing page
+Then I should see the features included in my plan
+```
+
+```gherkin:es
+Scenario: Usuario puede ver caracteristicas del plan
+
+Given estoy en la pagina de billing
+Then deberia ver las caracteristicas incluidas en mi plan
+```
+
+### Expected Results
+- Plan features section is visible
+- Features list displays current plan inclusions
+- Features match the subscribed plan tier
+
+---
+
+## @test BILL-UAT-043: View pricing button is visible
+
+### Metadata
+- **Priority:** Normal
+- **Type:** Regression
+- **Tags:** navigation, pricing, upgrade
+- **Status:** SKIPPED (permission issue)
+
+```gherkin:en
+Scenario: User can see view pricing option
+
+Given I am on the billing page
+Then I should see a way to view pricing
+```
+
+```gherkin:es
+Scenario: Usuario puede ver opcion de ver precios
+
+Given estoy en la pagina de billing
+Then deberia ver una forma de ver precios
+```
+
+### Expected Results
+- Upgrade/pricing button exists
+- Button is visible
+- Navigation to pricing is available
+
+---
+
+## @test BILL-UAT-044: Contact sales option available
+
+### Metadata
+- **Priority:** Low
+- **Type:** Regression
+- **Tags:** enterprise, sales, contact
+- **Status:** SKIPPED (permission issue)
+
+```gherkin:en
+Scenario: Enterprise contact option exists
+
+Given I am on the billing page
+Then I should see a way to contact sales (or upgrade to Enterprise)
+```
+
+```gherkin:es
+Scenario: Opcion de contacto Enterprise existe
+
+Given estoy en la pagina de billing
+Then deberia ver una forma de contactar ventas (o actualizar a Enterprise)
+```
+
+### Expected Results
+- Enterprise/sales contact option exists
+- Main billing section is visible
+- Path to enterprise upgrade is available
+
+---
+
+## @test BILL-UAT-045: Owner billing section visible
+
+### Metadata
+- **Priority:** Normal
+- **Type:** Regression
+- **Tags:** owner, section, visibility
+- **Status:** SKIPPED (permission issue)
+
+```gherkin:en
+Scenario: Owner can see billing section
+
+Given I am logged in as an owner
+When I visit the billing page
+Then I should see the billing section
+```
+
+```gherkin:es
+Scenario: Owner puede ver seccion de billing
+
+Given estoy logueado como owner
+When visito la pagina de billing
+Then deberia ver la seccion de billing
+```
+
+### Expected Results
+- Billing page loads for owner role
+- Billing section is visible
+- All billing components render
+
+---
+
+## @test BILL-UAT-046: Invoices section accessible
+
+### Metadata
+- **Priority:** Low
+- **Type:** Regression
+- **Tags:** invoices, section, table
+- **Status:** SKIPPED (permission issue)
+
+```gherkin:en
+Scenario: User can see invoices section
+
+Given I am on the billing page
+Then I should see the invoices section
+```
+
+```gherkin:es
+Scenario: Usuario puede ver seccion de facturas
+
+Given estoy en la pagina de billing
+Then deberia ver la seccion de facturas
+```
+
+### Expected Results
+- Invoices table exists
+- Section is accessible
+- Invoice history is displayed
+
+---
+
+## @test BILL-UAT-047: Invoice status badge is visible
+
+### Metadata
+- **Priority:** Normal
+- **Type:** Regression
+- **Tags:** invoices, status, badge
+- **Status:** SKIPPED (permission issue)
+
+```gherkin:en
+Scenario: Invoice shows status badge
+
+Given I am on the billing page with invoices
+Then each invoice should have a status badge
+```
+
+```gherkin:es
+Scenario: Factura muestra badge de estado
+
+Given estoy en la pagina de billing con facturas
+Then cada factura deberia tener un badge de estado
+```
+
+### Expected Results
+- Invoices table exists
+- Each invoice row has status indicator
+- Status badges are visible (paid, pending, etc.)
+
+---
+
+## Known Issues
+
+**Permission Check Issue (2025-12-28):**
+- Billing page redirects to /dashboard/settings for all users
+- `usePermission('settings.billing')` hook may not resolve correctly
+- TeamContext may not be properly hydrated during Cypress session restore
+- Investigation needed in: usePermission, TeamContext, permissionRegistry