@nextsparkjs/theme-default 0.1.0-beta.20 → 0.1.0-beta.21

package/tests/cypress/e2e/uat/auth/custom-roles/editor-login.bdd.md

@@ -0,0 +1,288 @@
+---
+feature: Editor Custom Role Permissions
+priority: high
+tags: [auth, custom-role, editor, permissions, security, theme]
+grepTags: [uat, feat-auth, custom-role, editor]
+coverage: 8
+---
+
+# Editor Custom Role Permissions
+
+> Tests for Editor custom role permissions. Editor is a theme-defined custom role with view-only access to entities. Cannot create, update, or delete. Cannot access Sector7 or Dev Zone.
+
+## @test EDITOR-PERM-001: Editor Dashboard Access
+
+### Metadata
+- **Priority:** Critical
+- **Type:** Smoke
+- **Tags:** editor, dashboard
+- **Grep:** `@smoke`
+
+```gherkin:en
+Scenario: Editor can access dashboard
+
+Given I am logged in as Editor (diego.ramirez@nextspark.dev)
+When I visit /dashboard
+Then the dashboard container should be visible
+```
+
+```gherkin:es
+Scenario: Editor puede acceder al dashboard
+
+Given estoy logueado como Editor (diego.ramirez@nextspark.dev)
+When visito /dashboard
+Then el contenedor del dashboard deberia estar visible
+```
+
+### Expected Results
+- Dashboard loads correctly
+- Limited navigation based on permissions
+
+---
+
+## @test EDITOR-PERM-002: Editor View-Only Customer Access
+
+### Metadata
+- **Priority:** Critical
+- **Type:** Smoke
+- **Tags:** editor, customers, view-only
+- **Grep:** `@smoke`
+
+```gherkin:en
+Scenario: Editor has view-only access to customers list
+
+Given I am logged in as Editor (diego.ramirez@nextspark.dev)
+When I visit /customers
+Then the entity list should be visible
+And the create button should NOT exist
+```
+
+```gherkin:es
+Scenario: Editor tiene acceso solo lectura a lista de customers
+
+Given estoy logueado como Editor (diego.ramirez@nextspark.dev)
+When visito /customers
+Then la lista de entidades deberia estar visible
+And el boton de crear NO deberia existir
+```
+
+### Expected Results
+- Can view customer list
+- No create button
+- Read-only experience
+
+---
+
+## @test EDITOR-PERM-003: Editor Cannot Edit Customers
+
+### Metadata
+- **Priority:** High
+- **Type:** Security
+- **Tags:** editor, customers, no-edit
+
+```gherkin:en
+Scenario: Editor cannot see edit buttons on customers
+
+Given I am logged in as Editor (diego.ramirez@nextspark.dev)
+When I visit /customers
+Then the entity list should be visible
+And edit buttons should not exist on items
+And delete buttons should not exist on items
+```
+
+```gherkin:es
+Scenario: Editor no puede ver botones de editar en customers
+
+Given estoy logueado como Editor (diego.ramirez@nextspark.dev)
+When visito /customers
+Then la lista de entidades deberia estar visible
+And los botones de editar no deberian existir en items
+And los botones de eliminar no deberian existir en items
+```
+
+### Expected Results
+- No edit action buttons
+- No delete action buttons
+- Pure read-only interface
+
+---
+
+## @test EDITOR-PERM-004: Editor Tasks Access
+
+### Metadata
+- **Priority:** High
+- **Type:** Regression
+- **Tags:** editor, tasks, read-only
+
+```gherkin:en
+Scenario: Editor has read-only access to tasks
+
+Given I am logged in as Editor (diego.ramirez@nextspark.dev)
+When I visit /tasks
+Then the entity list should be visible
+And the create button should NOT exist
+```
+
+```gherkin:es
+Scenario: Editor tiene acceso solo lectura a tasks
+
+Given estoy logueado como Editor (diego.ramirez@nextspark.dev)
+When visito /tasks
+Then la lista de entidades deberia estar visible
+And el boton de crear NO deberia existir
+```
+
+### Expected Results
+- Can view task list
+- No create functionality
+
+---
+
+## @test EDITOR-PERM-005: Editor Settings Access
+
+### Metadata
+- **Priority:** Normal
+- **Type:** Regression
+- **Tags:** editor, settings
+
+```gherkin:en
+Scenario: Editor has profile-only settings access
+
+Given I am logged in as Editor (diego.ramirez@nextspark.dev)
+When I visit /settings
+Then I should see profile tab or be redirected
+```
+
+```gherkin:es
+Scenario: Editor tiene acceso solo a perfil en settings
+
+Given estoy logueado como Editor (diego.ramirez@nextspark.dev)
+When visito /settings
+Then deberia ver pestana de perfil o ser redirigido
+```
+
+### Expected Results
+- Profile settings accessible
+- No team settings access
+
+---
+
+## @test EDITOR-PERM-006: Editor Cannot Access Sector7
+
+### Metadata
+- **Priority:** High
+- **Type:** Security
+- **Tags:** editor, sector7, blocked
+
+```gherkin:en
+Scenario: Editor is blocked from Sector7
+
+Given I am logged in as Editor (diego.ramirez@nextspark.dev)
+When I attempt to visit /sector7
+Then I should be redirected away from /sector7
+```
+
+```gherkin:es
+Scenario: Editor no puede acceder a Sector7
+
+Given estoy logueado como Editor (diego.ramirez@nextspark.dev)
+When intento visitar /sector7
+Then deberia ser redirigido fuera de /sector7
+```
+
+### Expected Results
+- Access denied
+- Redirect to dashboard
+
+---
+
+## @test EDITOR-PERM-007: Editor Cannot Access Dev Zone
+
+### Metadata
+- **Priority:** High
+- **Type:** Security
+- **Tags:** editor, dev-zone, blocked
+
+```gherkin:en
+Scenario: Editor is blocked from Dev Zone
+
+Given I am logged in as Editor (diego.ramirez@nextspark.dev)
+When I attempt to visit /dev
+Then I should be redirected away from /dev
+```
+
+```gherkin:es
+Scenario: Editor no puede acceder a Dev Zone
+
+Given estoy logueado como Editor (diego.ramirez@nextspark.dev)
+When intento visitar /dev
+Then deberia ser redirigido fuera de /dev
+```
+
+### Expected Results
+- Access denied
+- Redirect to dashboard
+
+---
+
+## @test EDITOR-PERM-008: Editor Logout Flow
+
+### Metadata
+- **Priority:** Normal
+- **Type:** Regression
+- **Tags:** editor, logout
+
+```gherkin:en
+Scenario: Editor can logout successfully
+
+Given I am logged in as Editor (diego.ramirez@nextspark.dev)
+And I am on the dashboard
+When I click on user menu
+And I click on Sign Out
+Then I should be redirected to /login
+```
+
+```gherkin:es
+Scenario: Editor puede cerrar sesion correctamente
+
+Given estoy logueado como Editor (diego.ramirez@nextspark.dev)
+And estoy en el dashboard
+When hago click en el menu de usuario
+And hago click en Sign Out
+Then deberia ser redirigido a /login
+```
+
+### Expected Results
+- Logout works correctly
+- Redirect to login page
+
+---
+
+## UI Elements
+
+| Element | Selector | Description |
+|---------|----------|-------------|
+| Dashboard Container | `[data-cy="dashboard-container"]` | Main dashboard container |
+| Create Button | `[data-cy="entity-create-button"]` | Entity create button (should not exist) |
+| Entity List | `[data-cy="entity-list-container"]` | Entity list container |
+| Row Edit | `[data-cy="entity-row-edit"]` | Row edit button (should not exist) |
+| Row Delete | `[data-cy="entity-row-delete"]` | Row delete button (should not exist) |
+| Settings Container | `[data-cy="settings-container"]` | Settings page container |
+| Profile Tab | `[data-cy="settings-tab-profile"]` | Profile settings tab |
+| User Menu | `[data-cy="topnav-user-menu-trigger"]` | User menu trigger |
+| Sign Out | `[data-cy="topnav-menu-signOut"]` | Sign out button |
+
+---
+
+## Summary
+
+| Test ID | Block | Description | Tags |
+|---------|-------|-------------|------|
+| EDITOR-PERM-001 | Access | Dashboard access | `@smoke` |
+| EDITOR-PERM-002 | View-Only | View-only customers | `@smoke` |
+| EDITOR-PERM-003 | Blocked | Cannot edit customers | |
+| EDITOR-PERM-004 | View-Only | Read-only tasks | |
+| EDITOR-PERM-005 | Access | Profile-only settings | |
+| EDITOR-PERM-006 | Blocked | Sector7 blocked | |
+| EDITOR-PERM-007 | Blocked | Dev Zone blocked | |
+| EDITOR-PERM-008 | Logout | Logout flow | |

package/tests/cypress/e2e/uat/auth/custom-roles/editor-login.cy.ts

@@ -0,0 +1,188 @@
+/// <reference types="cypress" />
+
+/**
+ * Editor Custom Role Login Tests
+ *
+ * Tests the Editor custom role (theme-defined) login and specific permissions:
+ * - Editor is a custom role defined in the Default theme
+ * - Can view/list customers but cannot create/update/delete
+ * - Limited navigation and entity access
+ * - Cannot access Superadmin or Dev Zone
+ *
+ * Note: Editor role is team-based (not a global app role)
+ * This file tests Editor-specific permissions as defined in the theme.
+ *
+ * Tags: @uat, @feat-auth, @custom-role, @editor
+ */
+
+import * as allure from 'allure-cypress'
+
+import { loginAsDefaultEditor, DEFAULT_THEME_USERS } from '../../../../src/session-helpers'
+import { DashboardPOM } from '../../../../src/features/DashboardPOM'
+import { SettingsPOM } from '../../../../src/features/SettingsPOM'
+import { SuperadminPOM } from '../../../../src/features/SuperadminPOM'
+import { DevAreaPOM } from '../../../../src/features/DevAreaPOM'
+import { AuthPOM } from '../../../../src/core/AuthPOM'
+
+describe('Authentication - Editor Custom Role Permissions', {
+  tags: ['@uat', '@feat-auth', '@custom-role', '@editor']
+}, () => {
+  const dashboard = DashboardPOM.create()
+  const settings = SettingsPOM.create()
+  const sector7 = SuperadminPOM.create()
+  const devArea = DevAreaPOM.create()
+  const auth = new AuthPOM()
+
+  beforeEach(() => {
+    allure.epic('Authentication')
+    allure.feature('Custom Roles')
+    allure.story('Editor Permissions')
+    loginAsDefaultEditor()
+  })
+
+  describe('EDITOR-PERM-001: Editor Dashboard Access', { tags: '@smoke' }, () => {
+    it('should access dashboard with limited navigation', { tags: '@smoke' }, () => {
+      allure.severity('critical')
+
+      // 1. Visit dashboard and wait for load
+      dashboard.visitDashboard()
+      dashboard.waitForDashboard()
+
+      // 2. Validate dashboard is accessible
+      dashboard.assertDashboardVisible()
+
+      cy.log(`✅ Editor dashboard access verified (${DEFAULT_THEME_USERS.EDITOR})`)
+    })
+  })
+
+  describe('EDITOR-PERM-002: Editor View-Only Customer Access', { tags: '@smoke' }, () => {
+    it('should have view-only access to customers list', { tags: '@smoke' }, () => {
+      allure.severity('critical')
+
+      // 1. Navigate to customers
+      dashboard.visitEntity('customers')
+      dashboard.waitForEntityPage('customers')
+
+      // 2. Validate table is visible (Editor can read)
+      dashboard.assertEntityPageVisible('customers')
+
+      // 3. Create button should NOT be visible for Editor
+      dashboard.assertEntityAddButtonNotVisible('customers')
+
+      cy.log('✅ Editor has view-only access to customers')
+    })
+  })
+
+  describe('EDITOR-PERM-003: Editor Cannot Edit Customers', () => {
+    it('should not see edit buttons on customer items', () => {
+      allure.severity('high')
+
+      // 1. Navigate to customers
+      dashboard.visitEntity('customers')
+      dashboard.waitForEntityPage('customers')
+
+      // 2. Validate table is visible
+      dashboard.assertEntityPageVisible('customers')
+
+      // 3. If there are items, check they don't have edit buttons
+      cy.get('body').then(($body) => {
+        if ($body.find('[data-cy^="customers-row-"]').length > 0) {
+          // Check first row doesn't have edit action
+          cy.get('[data-cy^="customers-row-"]').first().within(() => {
+            cy.get('[data-cy*="edit"]').should('not.exist')
+            cy.get('[data-cy*="delete"]').should('not.exist')
+          })
+          cy.log('✅ Editor cannot see edit/delete actions')
+        } else {
+          cy.log('✅ No items to verify, but create button is hidden')
+        }
+      })
+    })
+  })
+
+  describe('EDITOR-PERM-004: Editor Tasks Access', { tags: '@in-develop' }, () => {
+    it('should NOT have access to tasks (permission denied)', { tags: '@in-develop' }, () => {
+      allure.severity('high')
+
+      // 1. Navigate to tasks - Editor does NOT have tasks.list permission
+      cy.visit('/dashboard/tasks', { failOnStatusCode: false })
+
+      // 2. Should be redirected to permission denied page
+      cy.url().should('include', 'permission-denied')
+      cy.contains('Acceso denegado').should('be.visible')
+
+      cy.log('✅ Editor correctly blocked from tasks')
+    })
+  })
+
+  describe('EDITOR-PERM-005: Editor Settings Access', () => {
+    it('should have profile-only settings access', () => {
+      allure.severity('normal')
+
+      // 1. Navigate to settings
+      settings.visitSettings()
+
+      // 2. Check access
+      cy.url().then((url) => {
+        if (url.includes('/settings')) {
+          settings.assertSettingsVisible()
+          // Should only see profile, not team settings
+          settings.assertNavItemVisible('profile')
+          cy.log('✅ Editor has profile settings access')
+        } else {
+          cy.log('✅ Editor redirected from settings')
+        }
+      })
+    })
+  })
+
+  describe('EDITOR-PERM-006: Editor Cannot Access Superadmin', () => {
+    it('should be redirected when trying to access /superadmin', () => {
+      allure.severity('high')
+
+      // 1. Attempt to visit Superadmin
+      cy.visit('/superadmin', { timeout: 60000, failOnStatusCode: false })
+
+      // 2. Should be redirected
+      sector7.assertAccessDenied()
+
+      cy.log('✅ Editor correctly blocked from Superadmin')
+    })
+  })
+
+  describe('EDITOR-PERM-007: Editor Cannot Access Dev Zone', () => {
+    it('should be redirected when trying to access /dev', () => {
+      allure.severity('high')
+
+      // 1. Attempt to visit Dev Zone
+      devArea.attemptToVisitDev()
+
+      // 2. Should be redirected
+      devArea.assertRedirectedToDashboard()
+
+      cy.log('✅ Editor correctly blocked from Dev Zone')
+    })
+  })
+
+  describe('EDITOR-PERM-008: Editor Logout Flow', () => {
+    it('should logout successfully', () => {
+      allure.severity('normal')
+
+      // 1. Visit dashboard
+      dashboard.visitDashboard()
+      dashboard.waitForDashboard()
+
+      // 2. Logout using AuthPOM
+      auth.logout()
+
+      // 3. Validate redirected to login
+      auth.assertOnLoginPage()
+
+      cy.log('✅ Editor logout successful')
+    })
+  })
+
+  after(() => {
+    cy.log('✅ Editor custom role tests completed')
+  })
+})

package/tests/cypress/e2e/uat/auth/login-logout.bdd.md

@@ -0,0 +1,160 @@
+---
+feature: Authentication via DevKeyring
+priority: critical
+tags: [auth, login, logout, devkeyring]
+grepTags: [uat, feat-auth, smoke, critical]
+coverage: 4
+---
+
+# Authentication via DevKeyring
+
+> Test suite for user authentication using DevKeyring development tool. Covers login flows for Owner, Member, and Admin roles, plus logout functionality.
+
+## @test LOGIN-001: Owner Login via DevKeyring
+
+### Metadata
+- **Priority:** Critical
+- **Type:** Smoke
+- **Tags:** login, owner, devkeyring
+- **Grep:** `@smoke` `@critical`
+
+```gherkin:en
+Scenario: Owner can login and access dashboard
+
+Given I am on the login page
+And the DevKeyring component is visible
+When I select the Owner user (owner@nextspark.dev)
+And I click to login
+Then I should be redirected to the dashboard
+And the dashboard container should be visible
+```
+
+```gherkin:es
+Scenario: Owner puede loguearse y acceder al dashboard
+
+Given estoy en la pagina de login
+And el componente DevKeyring esta visible
+When selecciono el usuario Owner (owner@nextspark.dev)
+And hago clic para iniciar sesion
+Then deberia ser redirigido al dashboard
+And el contenedor del dashboard deberia estar visible
+```
+
+### Expected Results
+- DevKeyring component displays user selector
+- Owner user (owner@nextspark.dev) is selectable
+- Login redirects to /dashboard
+- Dashboard container is visible after login
+
+---
+
+## @test LOGIN-002: Member Login via DevKeyring
+
+### Metadata
+- **Priority:** Critical
+- **Type:** Smoke
+- **Tags:** login, member, devkeyring
+- **Grep:** `@smoke` `@critical`
+
+```gherkin:en
+Scenario: Member can login and access dashboard
+
+Given I am on the login page
+And the DevKeyring component is visible
+When I select the Member user (member@nextspark.dev)
+And I click to login
+Then I should be redirected to the dashboard
+And the dashboard container should be visible
+```
+
+```gherkin:es
+Scenario: Member puede loguearse y acceder al dashboard
+
+Given estoy en la pagina de login
+And el componente DevKeyring esta visible
+When selecciono el usuario Member (member@nextspark.dev)
+And hago clic para iniciar sesion
+Then deberia ser redirigido al dashboard
+And el contenedor del dashboard deberia estar visible
+```
+
+### Expected Results
+- Member user (member@nextspark.dev) is selectable
+- Login redirects to /dashboard
+- Dashboard container is visible after login
+- Member has read-only access to most entities
+
+---
+
+## @test LOGIN-003: Admin Login via DevKeyring
+
+### Metadata
+- **Priority:** High
+- **Type:** Regression
+- **Tags:** login, admin, devkeyring
+
+```gherkin:en
+Scenario: Admin can login and access dashboard
+
+Given I am on the login page
+And the DevKeyring component is visible
+When I select the Admin user (admin@nextspark.dev)
+And I click to login
+Then I should be redirected to the dashboard
+And the dashboard container should be visible
+```
+
+```gherkin:es
+Scenario: Admin puede loguearse y acceder al dashboard
+
+Given estoy en la pagina de login
+And el componente DevKeyring esta visible
+When selecciono el usuario Admin (admin@nextspark.dev)
+And hago clic para iniciar sesion
+Then deberia ser redirigido al dashboard
+And el contenedor del dashboard deberia estar visible
+```
+
+### Expected Results
+- Admin user (admin@nextspark.dev) is selectable
+- Login redirects to /dashboard
+- Dashboard container is visible after login
+- Admin has delegated full CRUD access
+
+---
+
+## @test LOGOUT-001: User Logout Flow
+
+### Metadata
+- **Priority:** High
+- **Type:** Regression
+- **Tags:** logout, signout, navigation
+
+```gherkin:en
+Scenario: User can logout successfully
+
+Given I am logged in as Owner
+And I am on the dashboard
+When I click on the user menu in the top navigation
+And I click "Sign Out"
+Then I should be redirected to the login page
+And the DevKeyring component should be visible again
+```
+
+```gherkin:es
+Scenario: Usuario puede cerrar sesion exitosamente
+
+Given estoy logueado como Owner
+And estoy en el dashboard
+When hago clic en el menu de usuario en la navegacion superior
+And hago clic en "Cerrar Sesion"
+Then deberia ser redirigido a la pagina de login
+And el componente DevKeyring deberia estar visible nuevamente
+```
+
+### Expected Results
+- User menu is accessible in top navigation
+- Sign Out option is visible in menu
+- Clicking Sign Out clears session
+- User is redirected to login page
+- DevKeyring component is visible for re-login