@nextsparkjs/theme-default 0.1.0-beta.20 → 0.1.0-beta.21

package/tests/cypress/e2e/uat/auth/team-roles/admin-login.bdd.md

@@ -0,0 +1,225 @@
+---
+feature: Admin Team Role Permissions
+priority: critical
+tags: [auth, team-role, admin, permissions, security]
+grepTags: [uat, feat-auth, team-role, admin]
+coverage: 6
+---
+
+# Admin Team Role Permissions
+
+> Tests for Admin team role permissions and access control. Admin has full CRUD access to entities but limited team settings and no billing management. Cannot access app-role areas.
+
+## @test ADMIN-PERM-001: Admin Dashboard Access
+
+### Metadata
+- **Priority:** Critical
+- **Type:** Smoke
+- **Tags:** admin, dashboard, navigation
+- **Grep:** `@smoke`
+
+```gherkin:en
+Scenario: Admin can access dashboard with full navigation
+
+Given I am logged in as Admin (james.wilson@nextspark.dev)
+When I visit /dashboard
+Then the dashboard container should be visible
+And I should see navigation for customers
+And I should see navigation for tasks
+```
+
+```gherkin:es
+Scenario: Admin puede acceder al dashboard con navegacion completa
+
+Given estoy logueado como Admin (james.wilson@nextspark.dev)
+When visito /dashboard
+Then el contenedor del dashboard deberia estar visible
+And deberia ver navegacion a customers
+And deberia ver navegacion a tasks
+```
+
+### Expected Results
+- Dashboard loads correctly
+- Navigation items visible
+- No entity restrictions
+
+---
+
+## @test ADMIN-PERM-002: Admin Full Entity Access
+
+### Metadata
+- **Priority:** Critical
+- **Type:** Smoke
+- **Tags:** admin, customers, crud
+- **Grep:** `@smoke`
+
+```gherkin:en
+Scenario: Admin has full CRUD access to customers
+
+Given I am logged in as Admin (james.wilson@nextspark.dev)
+When I visit /customers
+Then the create button should be visible
+And the entity list should be visible
+```
+
+```gherkin:es
+Scenario: Admin tiene acceso CRUD completo a customers
+
+Given estoy logueado como Admin (james.wilson@nextspark.dev)
+When visito /customers
+Then el boton de crear deberia estar visible
+And la lista de entidades deberia estar visible
+```
+
+### Expected Results
+- Full CRUD access to entities
+- Create button visible
+- Edit/Delete available
+
+---
+
+## @test ADMIN-PERM-003: Admin Settings Access
+
+### Metadata
+- **Priority:** High
+- **Type:** Regression
+- **Tags:** admin, settings
+
+```gherkin:en
+Scenario: Admin can access settings with limited options
+
+Given I am logged in as Admin (james.wilson@nextspark.dev)
+When I visit /settings
+Then the settings container should be visible
+And the profile tab should be visible
+```
+
+```gherkin:es
+Scenario: Admin puede acceder a settings con opciones limitadas
+
+Given estoy logueado como Admin (james.wilson@nextspark.dev)
+When visito /settings
+Then el contenedor de settings deberia estar visible
+And la pestana de perfil deberia estar visible
+```
+
+### Expected Results
+- Settings accessible
+- Profile management available
+- Some team settings may be restricted
+
+---
+
+## @test ADMIN-PERM-004: Admin Billing Restricted Access
+
+### Metadata
+- **Priority:** High
+- **Type:** Regression
+- **Tags:** admin, billing, restricted
+
+```gherkin:en
+Scenario: Admin has view-only or no access to billing
+
+Given I am logged in as Admin (james.wilson@nextspark.dev)
+When I visit /billing
+Then I should have view-only access or be redirected
+```
+
+```gherkin:es
+Scenario: Admin tiene acceso solo lectura o sin acceso a billing
+
+Given estoy logueado como Admin (james.wilson@nextspark.dev)
+When visito /billing
+Then deberia tener acceso solo lectura o ser redirigido
+```
+
+### Expected Results
+- Either view-only billing access
+- Or redirect to dashboard
+- No upgrade/payment buttons if accessible
+
+---
+
+## @test ADMIN-PERM-005: Admin Cannot Access Sector7
+
+### Metadata
+- **Priority:** High
+- **Type:** Security
+- **Tags:** admin, sector7, blocked
+
+```gherkin:en
+Scenario: Admin is blocked from Sector7
+
+Given I am logged in as Admin (james.wilson@nextspark.dev)
+When I attempt to visit /sector7
+Then I should be redirected away from /sector7
+```
+
+```gherkin:es
+Scenario: Admin no puede acceder a Sector7
+
+Given estoy logueado como Admin (james.wilson@nextspark.dev)
+When intento visitar /sector7
+Then deberia ser redirigido fuera de /sector7
+```
+
+### Expected Results
+- Access denied to Sector7
+- Redirect to dashboard
+
+---
+
+## @test ADMIN-PERM-006: Admin Cannot Access Dev Zone
+
+### Metadata
+- **Priority:** High
+- **Type:** Security
+- **Tags:** admin, dev-zone, blocked
+
+```gherkin:en
+Scenario: Admin is blocked from Dev Zone
+
+Given I am logged in as Admin (james.wilson@nextspark.dev)
+When I attempt to visit /dev
+Then I should be redirected away from /dev
+```
+
+```gherkin:es
+Scenario: Admin no puede acceder a Dev Zone
+
+Given estoy logueado como Admin (james.wilson@nextspark.dev)
+When intento visitar /dev
+Then deberia ser redirigido fuera de /dev
+```
+
+### Expected Results
+- Access denied to Dev Zone
+- Redirect to dashboard
+
+---
+
+## UI Elements
+
+| Element | Selector | Description |
+|---------|----------|-------------|
+| Dashboard Container | `[data-cy="dashboard-container"]` | Main dashboard container |
+| Customers Nav | `[data-cy="sidebar-nav-customers"]` | Customers navigation item |
+| Tasks Nav | `[data-cy="sidebar-nav-tasks"]` | Tasks navigation item |
+| Create Button | `[data-cy="entity-create-button"]` | Entity create button |
+| Entity List | `[data-cy="entity-list-container"]` | Entity list container |
+| Settings Container | `[data-cy="settings-container"]` | Settings page container |
+| Profile Tab | `[data-cy="settings-tab-profile"]` | Profile settings tab |
+| Billing Container | `[data-cy="billing-container"]` | Billing page container |
+
+---
+
+## Summary
+
+| Test ID | Block | Description | Tags |
+|---------|-------|-------------|------|
+| ADMIN-PERM-001 | Access | Dashboard with navigation | `@smoke` |
+| ADMIN-PERM-002 | Access | Full CRUD to customers | `@smoke` |
+| ADMIN-PERM-003 | Access | Settings with limits | |
+| ADMIN-PERM-004 | Restricted | View-only billing | |
+| ADMIN-PERM-005 | Blocked | Cannot access Sector7 | |
+| ADMIN-PERM-006 | Blocked | Cannot access Dev Zone | |

package/tests/cypress/e2e/uat/auth/team-roles/admin-login.cy.ts

@@ -0,0 +1,148 @@
+/// <reference types="cypress" />
+
+/**
+ * Admin Team Role Login Tests
+ *
+ * Tests the Admin team role login and specific permissions:
+ * - Full CRUD access to entities
+ * - Limited team settings access (cannot delete team)
+ * - No billing access (owner only)
+ * - Member management (limited)
+ * - Cannot access /dev or /superadmin (app roles only)
+ *
+ * Note: Basic login is tested in login-logout.cy.ts
+ * This file focuses on Admin-specific permissions and restrictions.
+ *
+ * Tags: @uat, @feat-auth, @team-role, @admin
+ */
+
+import * as allure from 'allure-cypress'
+
+import { loginAsDefaultAdmin, DEFAULT_THEME_USERS } from '../../../../src/session-helpers'
+import { DashboardPOM } from '../../../../src/features/DashboardPOM'
+import { SettingsPOM } from '../../../../src/features/SettingsPOM'
+import { BillingPOM } from '../../../../src/features/BillingPOM'
+import { SuperadminPOM } from '../../../../src/features/SuperadminPOM'
+import { DevAreaPOM } from '../../../../src/features/DevAreaPOM'
+
+describe('Authentication - Admin Team Role Permissions', {
+  tags: ['@uat', '@feat-auth', '@team-role', '@admin']
+}, () => {
+  const dashboard = DashboardPOM.create()
+  const settings = SettingsPOM.create()
+  const billing = BillingPOM.create()
+  const sector7 = SuperadminPOM.create()
+  const devArea = DevAreaPOM.create()
+
+  beforeEach(() => {
+    allure.epic('Authentication')
+    allure.feature('Team Roles')
+    allure.story('Admin Permissions')
+    loginAsDefaultAdmin()
+  })
+
+  describe('ADMIN-PERM-001: Admin Dashboard Access', { tags: '@smoke' }, () => {
+    it('should access dashboard with full navigation', { tags: '@smoke' }, () => {
+      allure.severity('critical')
+
+      // 1. Visit dashboard and wait for it to load
+      dashboard.visitDashboard()
+      dashboard.waitForDashboard()
+
+      // 2. Validate sidebar navigation items
+      dashboard.assertEntityNavVisible('customers')
+      dashboard.assertEntityNavVisible('tasks')
+
+      cy.log(`✅ Admin dashboard access verified (${DEFAULT_THEME_USERS.ADMIN})`)
+    })
+  })
+
+  describe('ADMIN-PERM-002: Admin Full Entity Access', { tags: '@smoke' }, () => {
+    it('should have full CRUD access to customers', { tags: '@smoke' }, () => {
+      allure.severity('critical')
+
+      // 1. Navigate to customers
+      dashboard.visitEntity('customers')
+      dashboard.waitForEntityPage('customers')
+
+      // 2. Validate create button is visible (Admin can create)
+      dashboard.assertEntityAddButtonVisible('customers')
+
+      // 3. Validate table is visible
+      dashboard.assertEntityPageVisible('customers')
+
+      cy.log('✅ Admin has full CRUD access to customers')
+    })
+  })
+
+  describe('ADMIN-PERM-003: Admin Settings Access', () => {
+    it('should access settings page with limited options', () => {
+      allure.severity('high')
+
+      // 1. Navigate to settings
+      settings.visitSettings()
+      settings.waitForSettings()
+
+      // 2. Validate settings page is accessible
+      settings.assertSettingsVisible()
+
+      // 3. Validate profile nav is visible
+      settings.assertNavItemVisible('profile')
+
+      cy.log('✅ Admin can access settings')
+    })
+  })
+
+  describe('ADMIN-PERM-004: Admin Billing Restricted Access', () => {
+    it('should have view-only or no access to billing', () => {
+      allure.severity('high')
+
+      // 1. Navigate to billing
+      billing.visitBilling()
+
+      // 2. Check access - Admin may have view-only or redirected
+      cy.url().then((url) => {
+        if (url.includes('/billing')) {
+          // If accessible, billing container should be visible
+          billing.getBillingMain().should('be.visible')
+          cy.log('✅ Admin has view-only billing access')
+        } else {
+          // If redirected, that's also valid
+          cy.log('✅ Admin correctly redirected from billing')
+        }
+      })
+    })
+  })
+
+  describe('ADMIN-PERM-005: Admin Cannot Access Superadmin', () => {
+    it('should be redirected when trying to access /superadmin', () => {
+      allure.severity('high')
+
+      // 1. Attempt to visit Superadmin
+      cy.visit('/superadmin', { timeout: 60000, failOnStatusCode: false })
+
+      // 2. Should be redirected
+      sector7.assertAccessDenied()
+
+      cy.log('✅ Admin correctly blocked from Superadmin')
+    })
+  })
+
+  describe('ADMIN-PERM-006: Admin Cannot Access Dev Zone', () => {
+    it('should be redirected when trying to access /dev', () => {
+      allure.severity('high')
+
+      // 1. Attempt to visit Dev Zone
+      devArea.attemptToVisitDev()
+
+      // 2. Should be redirected
+      devArea.assertRedirectedToDashboard()
+
+      cy.log('✅ Admin correctly blocked from Dev Zone')
+    })
+  })
+
+  after(() => {
+    cy.log('✅ Admin team role tests completed')
+  })
+})

package/tests/cypress/e2e/uat/auth/team-roles/member-login.bdd.md

@@ -0,0 +1,251 @@
+---
+feature: Member Team Role Restrictions
+priority: critical
+tags: [auth, team-role, member, permissions, security, restrictions]
+grepTags: [uat, feat-auth, team-role, member]
+coverage: 7
+---
+
+# Member Team Role Restrictions
+
+> Tests for Member team role restrictions. Member is the most restricted team role with read-only access to entities, no create/update/delete permissions, and no access to settings, billing, or app-role areas.
+
+## @test MEMBER-PERM-001: Member Dashboard Access
+
+### Metadata
+- **Priority:** Critical
+- **Type:** Smoke
+- **Tags:** member, dashboard
+- **Grep:** `@smoke`
+
+```gherkin:en
+Scenario: Member can access dashboard
+
+Given I am logged in as Member (emily.johnson@nextspark.dev)
+When I visit /dashboard
+Then the dashboard container should be visible
+```
+
+```gherkin:es
+Scenario: Member puede acceder al dashboard
+
+Given estoy logueado como Member (emily.johnson@nextspark.dev)
+When visito /dashboard
+Then el contenedor del dashboard deberia estar visible
+```
+
+### Expected Results
+- Dashboard loads
+- Limited navigation visible
+
+---
+
+## @test MEMBER-PERM-002: Member Read-Only Entity Access
+
+### Metadata
+- **Priority:** Critical
+- **Type:** Smoke
+- **Tags:** member, customers, read-only
+- **Grep:** `@smoke`
+
+```gherkin:en
+Scenario: Member has read-only access to customers
+
+Given I am logged in as Member (emily.johnson@nextspark.dev)
+When I visit /customers
+Then the entity list should be visible
+And the create button should NOT exist
+```
+
+```gherkin:es
+Scenario: Member tiene acceso solo lectura a customers
+
+Given estoy logueado como Member (emily.johnson@nextspark.dev)
+When visito /customers
+Then la lista de entidades deberia estar visible
+And el boton de crear NO deberia existir
+```
+
+### Expected Results
+- Can view entity list
+- Cannot create new entities
+- No action buttons visible
+
+---
+
+## @test MEMBER-PERM-003: Member Cannot Create Entities
+
+### Metadata
+- **Priority:** High
+- **Type:** Security
+- **Tags:** member, create, blocked
+
+```gherkin:en
+Scenario: Member cannot see create button on entity pages
+
+Given I am logged in as Member (emily.johnson@nextspark.dev)
+When I visit /customers
+Then the create button should not exist
+When I visit /tasks
+Then the create button should not exist
+```
+
+```gherkin:es
+Scenario: Member no puede ver boton crear en paginas de entidades
+
+Given estoy logueado como Member (emily.johnson@nextspark.dev)
+When visito /customers
+Then el boton crear no deberia existir
+When visito /tasks
+Then el boton crear no deberia existir
+```
+
+### Expected Results
+- No create buttons on any entity page
+- Read-only experience
+
+---
+
+## @test MEMBER-PERM-004: Member Settings Restricted
+
+### Metadata
+- **Priority:** High
+- **Type:** Security
+- **Tags:** member, settings, restricted
+
+```gherkin:en
+Scenario: Member has limited or no settings access
+
+Given I am logged in as Member (emily.johnson@nextspark.dev)
+When I visit /settings
+Then I should see only profile tab or be redirected
+And the team settings tab should not exist
+```
+
+```gherkin:es
+Scenario: Member tiene acceso limitado o sin acceso a settings
+
+Given estoy logueado como Member (emily.johnson@nextspark.dev)
+When visito /settings
+Then deberia ver solo pestana de perfil o ser redirigido
+And la pestana de team settings no deberia existir
+```
+
+### Expected Results
+- Profile tab only (if accessible)
+- No team settings access
+- No danger zone access
+
+---
+
+## @test MEMBER-PERM-005: Member Billing Blocked
+
+### Metadata
+- **Priority:** High
+- **Type:** Security
+- **Tags:** member, billing, blocked
+
+```gherkin:en
+Scenario: Member cannot access billing
+
+Given I am logged in as Member (emily.johnson@nextspark.dev)
+When I visit /billing
+Then I should be redirected away from /billing
+```
+
+```gherkin:es
+Scenario: Member no puede acceder a billing
+
+Given estoy logueado como Member (emily.johnson@nextspark.dev)
+When visito /billing
+Then deberia ser redirigido fuera de /billing
+```
+
+### Expected Results
+- No billing access
+- Redirect to dashboard
+
+---
+
+## @test MEMBER-PERM-006: Member Cannot Access Sector7
+
+### Metadata
+- **Priority:** High
+- **Type:** Security
+- **Tags:** member, sector7, blocked
+
+```gherkin:en
+Scenario: Member is blocked from Sector7
+
+Given I am logged in as Member (emily.johnson@nextspark.dev)
+When I attempt to visit /sector7
+Then I should be redirected away from /sector7
+```
+
+```gherkin:es
+Scenario: Member no puede acceder a Sector7
+
+Given estoy logueado como Member (emily.johnson@nextspark.dev)
+When intento visitar /sector7
+Then deberia ser redirigido fuera de /sector7
+```
+
+### Expected Results
+- Access denied
+- Redirect to dashboard
+
+---
+
+## @test MEMBER-PERM-007: Member Cannot Access Dev Zone
+
+### Metadata
+- **Priority:** High
+- **Type:** Security
+- **Tags:** member, dev-zone, blocked
+
+```gherkin:en
+Scenario: Member is blocked from Dev Zone
+
+Given I am logged in as Member (emily.johnson@nextspark.dev)
+When I attempt to visit /dev
+Then I should be redirected away from /dev
+```
+
+```gherkin:es
+Scenario: Member no puede acceder a Dev Zone
+
+Given estoy logueado como Member (emily.johnson@nextspark.dev)
+When intento visitar /dev
+Then deberia ser redirigido fuera de /dev
+```
+
+### Expected Results
+- Access denied
+- Redirect to dashboard
+
+---
+
+## UI Elements
+
+| Element | Selector | Description |
+|---------|----------|-------------|
+| Dashboard Container | `[data-cy="dashboard-container"]` | Main dashboard container |
+| Create Button | `[data-cy="entity-create-button"]` | Entity create button (should not exist) |
+| Entity List | `[data-cy="entity-list-container"]` | Entity list container |
+| Settings Container | `[data-cy="settings-container"]` | Settings page container |
+| Profile Tab | `[data-cy="settings-tab-profile"]` | Profile settings tab |
+| Team Tab | `[data-cy="settings-tab-team"]` | Team settings tab (should not exist) |
+
+---
+
+## Summary
+
+| Test ID | Block | Description | Tags |
+|---------|-------|-------------|------|
+| MEMBER-PERM-001 | Access | Dashboard access | `@smoke` |
+| MEMBER-PERM-002 | Read-Only | Read-only entity access | `@smoke` |
+| MEMBER-PERM-003 | Blocked | Cannot create entities | |
+| MEMBER-PERM-004 | Restricted | Settings limited/blocked | |
+| MEMBER-PERM-005 | Blocked | Billing blocked | |
+| MEMBER-PERM-006 | Blocked | Sector7 blocked | |
+| MEMBER-PERM-007 | Blocked | Dev Zone blocked | |