@nextsparkjs/theme-default 0.1.0-beta.20 → 0.1.0-beta.21

package/tests/cypress/e2e/uat/auth/team-roles/member-login.cy.ts

@@ -0,0 +1,163 @@
+/// <reference types="cypress" />
+
+/**
+ * Member Team Role Login Tests
+ *
+ * Tests the Member team role login and specific restrictions:
+ * - Read-only access to most entities
+ * - Cannot create/update/delete (restricted)
+ * - Limited navigation
+ * - No settings or billing access
+ * - Cannot access /dev or /superadmin (app roles only)
+ *
+ * Note: Basic login is tested in login-logout.cy.ts
+ * This file focuses on Member-specific restrictions.
+ *
+ * Tags: @uat, @feat-auth, @team-role, @member
+ */
+
+import * as allure from 'allure-cypress'
+
+import { loginAsDefaultMember, DEFAULT_THEME_USERS } from '../../../../src/session-helpers'
+import { DashboardPOM } from '../../../../src/features/DashboardPOM'
+import { SettingsPOM } from '../../../../src/features/SettingsPOM'
+import { SuperadminPOM } from '../../../../src/features/SuperadminPOM'
+import { DevAreaPOM } from '../../../../src/features/DevAreaPOM'
+
+describe('Authentication - Member Team Role Restrictions', {
+  tags: ['@uat', '@feat-auth', '@team-role', '@member']
+}, () => {
+  const dashboard = DashboardPOM.create()
+  const settings = SettingsPOM.create()
+  const sector7 = SuperadminPOM.create()
+  const devArea = DevAreaPOM.create()
+
+  beforeEach(() => {
+    allure.epic('Authentication')
+    allure.feature('Team Roles')
+    allure.story('Member Restrictions')
+    loginAsDefaultMember()
+  })
+
+  describe('MEMBER-PERM-001: Member Dashboard Access', { tags: '@smoke' }, () => {
+    it('should access dashboard with limited navigation', { tags: '@smoke' }, () => {
+      allure.severity('critical')
+
+      // 1. Visit dashboard and wait for load
+      dashboard.visitDashboard()
+      dashboard.waitForDashboard()
+
+      // 2. Validate dashboard is accessible
+      dashboard.assertDashboardVisible()
+
+      cy.log(`✅ Member dashboard access verified (${DEFAULT_THEME_USERS.MEMBER})`)
+    })
+  })
+
+  describe('MEMBER-PERM-002: Member Read-Only Entity Access', { tags: '@smoke' }, () => {
+    it('should have read-only access to customers', { tags: '@smoke' }, () => {
+      allure.severity('critical')
+
+      // 1. Navigate to customers
+      dashboard.visitEntity('customers')
+      dashboard.waitForEntityPage('customers')
+
+      // 2. Validate table is visible (Member can read)
+      dashboard.assertEntityPageVisible('customers')
+
+      // 3. Create button should NOT be visible for Member
+      dashboard.assertEntityAddButtonNotVisible('customers')
+
+      cy.log('✅ Member has read-only access to customers')
+    })
+  })
+
+  describe('MEMBER-PERM-003: Member Create Permissions per Entity', () => {
+    it('should have entity-specific create permissions', () => {
+      allure.severity('high')
+
+      // 1. Check customers page - Member CANNOT create customers
+      // (customers.create roles: ['owner', 'admin'])
+      dashboard.visitEntity('customers')
+      dashboard.waitForEntityPage('customers')
+      dashboard.assertEntityAddButtonNotVisible('customers')
+
+      // 2. Check tasks page - Member CAN create tasks
+      // (tasks.create roles: ['owner', 'admin', 'member'])
+      dashboard.visitEntity('tasks')
+      dashboard.waitForEntityPage('tasks')
+      dashboard.assertEntityAddButtonVisible('tasks')
+
+      cy.log('✅ Member has correct entity-specific create permissions')
+    })
+  })
+
+  describe('MEMBER-PERM-004: Member Settings Restricted', () => {
+    it('should have limited or no settings access', () => {
+      allure.severity('high')
+
+      // 1. Navigate to settings
+      settings.visitSettings()
+
+      // 2. Check access
+      cy.url().then((url) => {
+        if (url.includes('/settings')) {
+          // If accessible, should only see profile
+          settings.assertSettingsVisible()
+          settings.assertNavItemVisible('profile')
+          // Team nav should not be visible
+          settings.assertNavItemNotVisible('team')
+          cy.log('✅ Member has limited settings access (profile only)')
+        } else {
+          cy.log('✅ Member redirected from settings')
+        }
+      })
+    })
+  })
+
+  describe('MEMBER-PERM-005: Member Billing Blocked', () => {
+    it('should not have access to billing', () => {
+      allure.severity('high')
+
+      // 1. Navigate to billing
+      cy.visit('/dashboard/settings/billing', { timeout: 60000, failOnStatusCode: false })
+
+      // 2. Should be redirected or access denied
+      cy.url().should('not.include', '/billing')
+
+      cy.log('✅ Member correctly blocked from billing')
+    })
+  })
+
+  describe('MEMBER-PERM-006: Member Cannot Access Superadmin', () => {
+    it('should be redirected when trying to access /superadmin', () => {
+      allure.severity('high')
+
+      // 1. Attempt to visit Superadmin
+      cy.visit('/superadmin', { timeout: 60000, failOnStatusCode: false })
+
+      // 2. Should be redirected
+      sector7.assertAccessDenied()
+
+      cy.log('✅ Member correctly blocked from Superadmin')
+    })
+  })
+
+  describe('MEMBER-PERM-007: Member Cannot Access Dev Zone', () => {
+    it('should be redirected when trying to access /dev', () => {
+      allure.severity('high')
+
+      // 1. Attempt to visit Dev Zone
+      devArea.attemptToVisitDev()
+
+      // 2. Should be redirected
+      devArea.assertRedirectedToDashboard()
+
+      cy.log('✅ Member correctly blocked from Dev Zone')
+    })
+  })
+
+  after(() => {
+    cy.log('✅ Member team role tests completed')
+  })
+})

package/tests/cypress/e2e/uat/auth/team-roles/owner-login.bdd.md

@@ -0,0 +1,231 @@
+---
+feature: Owner Team Role Permissions
+priority: critical
+tags: [auth, team-role, owner, permissions, security]
+grepTags: [uat, feat-auth, team-role, owner]
+coverage: 6
+---
+
+# Owner Team Role Permissions
+
+> Tests for Owner team role permissions and access control. Owner is the highest team-based role with full CRUD access to all entities, team settings, and billing. Does not have access to app-role areas like /dev or /sector7.
+
+## @test OWNER-PERM-001: Owner Dashboard Access
+
+### Metadata
+- **Priority:** Critical
+- **Type:** Smoke
+- **Tags:** owner, dashboard, navigation
+- **Grep:** `@smoke`
+
+```gherkin:en
+Scenario: Owner can access dashboard with full navigation
+
+Given I am logged in as Owner (carlos.mendoza@nextspark.dev)
+When I visit /dashboard
+Then the dashboard container should be visible
+And I should see navigation for customers
+And I should see navigation for tasks
+```
+
+```gherkin:es
+Scenario: Owner puede acceder al dashboard con navegacion completa
+
+Given estoy logueado como Owner (carlos.mendoza@nextspark.dev)
+When visito /dashboard
+Then el contenedor del dashboard deberia estar visible
+And deberia ver navegacion a customers
+And deberia ver navegacion a tasks
+```
+
+### Expected Results
+- Dashboard loads correctly
+- All navigation items visible
+- No restrictions on sidebar
+
+---
+
+## @test OWNER-PERM-002: Owner Full Entity Access
+
+### Metadata
+- **Priority:** Critical
+- **Type:** Smoke
+- **Tags:** owner, customers, crud
+- **Grep:** `@smoke`
+
+```gherkin:en
+Scenario: Owner has full CRUD access to customers
+
+Given I am logged in as Owner (carlos.mendoza@nextspark.dev)
+When I visit /customers
+Then the create button should be visible
+And the entity list should be visible
+```
+
+```gherkin:es
+Scenario: Owner tiene acceso CRUD completo a customers
+
+Given estoy logueado como Owner (carlos.mendoza@nextspark.dev)
+When visito /customers
+Then el boton de crear deberia estar visible
+And la lista de entidades deberia estar visible
+```
+
+### Expected Results
+- Create button is visible (can create)
+- List is visible (can read)
+- Edit/Delete buttons available on items
+
+---
+
+## @test OWNER-PERM-003: Owner Team Settings Access
+
+### Metadata
+- **Priority:** High
+- **Type:** Regression
+- **Tags:** owner, settings, team
+
+```gherkin:en
+Scenario: Owner can access team settings
+
+Given I am logged in as Owner (carlos.mendoza@nextspark.dev)
+When I visit /settings
+Then the settings container should be visible
+And the team settings tab should be visible
+```
+
+```gherkin:es
+Scenario: Owner puede acceder a configuracion de equipo
+
+Given estoy logueado como Owner (carlos.mendoza@nextspark.dev)
+When visito /settings
+Then el contenedor de settings deberia estar visible
+And la pestana de team settings deberia estar visible
+```
+
+### Expected Results
+- Settings page loads
+- Team settings tab accessible
+- Can manage team configuration
+
+---
+
+## @test OWNER-PERM-004: Owner Billing Access
+
+### Metadata
+- **Priority:** High
+- **Type:** Regression
+- **Tags:** owner, billing
+
+```gherkin:en
+Scenario: Owner can access billing
+
+Given I am logged in as Owner (carlos.mendoza@nextspark.dev)
+When I visit /billing
+Then the billing container should be visible
+```
+
+```gherkin:es
+Scenario: Owner puede acceder a billing
+
+Given estoy logueado como Owner (carlos.mendoza@nextspark.dev)
+When visito /billing
+Then el contenedor de billing deberia estar visible
+```
+
+### Expected Results
+- Billing page loads
+- Plan information visible
+- Upgrade options available
+
+---
+
+## @test OWNER-PERM-005: Owner Cannot Access Sector7
+
+### Metadata
+- **Priority:** High
+- **Type:** Security
+- **Tags:** owner, sector7, blocked
+
+```gherkin:en
+Scenario: Owner is blocked from Sector7
+
+Given I am logged in as Owner (carlos.mendoza@nextspark.dev)
+When I attempt to visit /sector7
+Then I should be redirected away from /sector7
+And the URL should include /dashboard or error=access_denied
+```
+
+```gherkin:es
+Scenario: Owner no puede acceder a Sector7
+
+Given estoy logueado como Owner (carlos.mendoza@nextspark.dev)
+When intento visitar /sector7
+Then deberia ser redirigido fuera de /sector7
+And la URL deberia incluir /dashboard o error=access_denied
+```
+
+### Expected Results
+- Access denied to Sector7
+- Redirect to dashboard with error
+- Security control working
+
+---
+
+## @test OWNER-PERM-006: Owner Cannot Access Dev Zone
+
+### Metadata
+- **Priority:** High
+- **Type:** Security
+- **Tags:** owner, dev-zone, blocked
+
+```gherkin:en
+Scenario: Owner is blocked from Dev Zone
+
+Given I am logged in as Owner (carlos.mendoza@nextspark.dev)
+When I attempt to visit /dev
+Then I should be redirected away from /dev
+And the URL should include /dashboard or error=access_denied
+```
+
+```gherkin:es
+Scenario: Owner no puede acceder a Dev Zone
+
+Given estoy logueado como Owner (carlos.mendoza@nextspark.dev)
+When intento visitar /dev
+Then deberia ser redirigido fuera de /dev
+And la URL deberia incluir /dashboard o error=access_denied
+```
+
+### Expected Results
+- Access denied to Dev Zone
+- Redirect to dashboard with error
+- Security control working
+
+---
+
+## UI Elements
+
+| Element | Selector | Description |
+|---------|----------|-------------|
+| Dashboard Container | `[data-cy="dashboard-container"]` | Main dashboard container |
+| Customers Nav | `[data-cy="sidebar-nav-customers"]` | Customers navigation item |
+| Tasks Nav | `[data-cy="sidebar-nav-tasks"]` | Tasks navigation item |
+| Create Button | `[data-cy="entity-create-button"]` | Entity create button |
+| Entity List | `[data-cy="entity-list-container"]` | Entity list container |
+| Settings Container | `[data-cy="settings-container"]` | Settings page container |
+| Team Settings Tab | `[data-cy="settings-tab-team"]` | Team settings tab |
+| Billing Container | `[data-cy="billing-container"]` | Billing page container |
+
+---
+
+## Summary
+
+| Test ID | Block | Description | Tags |
+|---------|-------|-------------|------|
+| OWNER-PERM-001 | Access | Dashboard with full navigation | `@smoke` |
+| OWNER-PERM-002 | Access | Full CRUD access to customers | `@smoke` |
+| OWNER-PERM-003 | Access | Team settings access | |
+| OWNER-PERM-004 | Access | Billing access | |
+| OWNER-PERM-005 | Blocked | Cannot access Sector7 | |
+| OWNER-PERM-006 | Blocked | Cannot access Dev Zone | |

package/tests/cypress/e2e/uat/auth/team-roles/owner-login.cy.ts

@@ -0,0 +1,141 @@
+/// <reference types="cypress" />
+
+/**
+ * Owner Team Role Login Tests
+ *
+ * Tests the Owner team role login and specific permissions:
+ * - Full CRUD access to all entities
+ * - Team settings access
+ * - Billing access
+ * - Member management
+ * - Cannot access /dev or /superadmin (app roles only)
+ *
+ * Note: Basic login is tested in login-logout.cy.ts
+ * This file focuses on Owner-specific permissions and access.
+ *
+ * Tags: @uat, @feat-auth, @team-role, @owner
+ */
+
+import * as allure from 'allure-cypress'
+
+import { loginAsDefaultOwner, DEFAULT_THEME_USERS } from '../../../../src/session-helpers'
+import { DashboardPOM } from '../../../../src/features/DashboardPOM'
+import { SettingsPOM } from '../../../../src/features/SettingsPOM'
+import { BillingPOM } from '../../../../src/features/BillingPOM'
+import { SuperadminPOM } from '../../../../src/features/SuperadminPOM'
+import { DevAreaPOM } from '../../../../src/features/DevAreaPOM'
+
+describe('Authentication - Owner Team Role Permissions', {
+  tags: ['@uat', '@feat-auth', '@team-role', '@owner']
+}, () => {
+  const dashboard = DashboardPOM.create()
+  const settings = SettingsPOM.create()
+  const billing = BillingPOM.create()
+  const sector7 = SuperadminPOM.create()
+  const devArea = DevAreaPOM.create()
+
+  beforeEach(() => {
+    allure.epic('Authentication')
+    allure.feature('Team Roles')
+    allure.story('Owner Permissions')
+    loginAsDefaultOwner()
+  })
+
+  describe('OWNER-PERM-001: Owner Dashboard Access', { tags: '@smoke' }, () => {
+    it('should access dashboard with full navigation', { tags: '@smoke' }, () => {
+      allure.severity('critical')
+
+      // 1. Visit dashboard and wait for it to load
+      dashboard.visitDashboard()
+      dashboard.waitForDashboard()
+
+      // 2. Validate sidebar navigation items (Owner should see entity links)
+      dashboard.assertEntityNavVisible('customers')
+      dashboard.assertEntityNavVisible('tasks')
+
+      cy.log(`✅ Owner dashboard access verified (${DEFAULT_THEME_USERS.OWNER})`)
+    })
+  })
+
+  describe('OWNER-PERM-002: Owner Full Entity Access', { tags: '@smoke' }, () => {
+    it('should have full CRUD access to customers', { tags: '@smoke' }, () => {
+      allure.severity('critical')
+
+      // 1. Navigate to customers (correct route is /dashboard/customers)
+      dashboard.visitEntity('customers')
+      dashboard.waitForEntityPage('customers')
+
+      // 2. Validate create button is visible (Owner can create)
+      dashboard.assertEntityAddButtonVisible('customers')
+
+      // 3. Validate table is visible
+      dashboard.assertEntityPageVisible('customers')
+
+      cy.log('✅ Owner has full CRUD access to customers')
+    })
+  })
+
+  describe('OWNER-PERM-003: Owner Team Settings Access', { tags: '@in-develop' }, () => {
+    it('should access team settings page', { tags: '@in-develop' }, () => {
+      allure.severity('high')
+
+      // 1. Navigate to settings
+      settings.visitSettings()
+      settings.waitForSettings()
+
+      // 2. Validate settings page is accessible
+      settings.assertSettingsVisible()
+
+      // 3. Validate team settings nav is visible (key is 'teams' not 'team')
+      settings.assertNavItemVisible('teams')
+
+      cy.log('✅ Owner can access team settings')
+    })
+  })
+
+  describe('OWNER-PERM-004: Owner Billing Access', () => {
+    it('should access billing page', () => {
+      allure.severity('high')
+
+      // 1. Navigate to billing using BillingPOM
+      billing.visitBilling()
+
+      // 2. Validate billing page is accessible
+      billing.assertBillingPageVisible()
+
+      cy.log('✅ Owner can access billing')
+    })
+  })
+
+  describe('OWNER-PERM-005: Owner Cannot Access Superadmin', () => {
+    it('should be redirected when trying to access /superadmin', () => {
+      allure.severity('high')
+
+      // 1. Attempt to visit Superadmin
+      cy.visit('/superadmin', { timeout: 60000, failOnStatusCode: false })
+
+      // 2. Should be redirected (Owner is not superadmin)
+      sector7.assertAccessDenied()
+
+      cy.log('✅ Owner correctly blocked from Superadmin')
+    })
+  })
+
+  describe('OWNER-PERM-006: Owner Cannot Access Dev Zone', () => {
+    it('should be redirected when trying to access /dev', () => {
+      allure.severity('high')
+
+      // 1. Attempt to visit Dev Zone
+      devArea.attemptToVisitDev()
+
+      // 2. Should be redirected (Owner is not developer)
+      devArea.assertRedirectedToDashboard()
+
+      cy.log('✅ Owner correctly blocked from Dev Zone')
+    })
+  })
+
+  after(() => {
+    cy.log('✅ Owner team role tests completed')
+  })
+})