Users & Role-Based Access Control (RBAC)
Scenario 1: Admin creates a new role named "Moderator"
- Given admin navigates to the Admin Page
- And clicks on the Roles tab
- When admin clicks on Add New Role
- Then a modal appears with role creation form
- When admin fills in the following:
- Role Name: Moderator
- Description: "Moderate (Edit and Delete) accessible items"
- Module Permissions:
- Invoices: View, Edit
- Expenses: View, Edit
- Customers: View
- Branch Permissions: Main Branch only
- And clicks Submit
- Then role "Moderator" should appear in the roles table
Scenario 2: Admin creates a new user "Taajir Moderator"
- Given admin is on the Users Table
- When admin clicks on Add New User
- And fills in:
- And clicks Submit
- Then the user should appear in the users table
Scenario 3: Admin assigns "Moderator" role to the user
- Given user "Taajir Moderator" exists in the table
- When admin clicks Edit on the user
- Then assigns the role Moderator
- And clicks Update
- Then the updated role should reflect in the users table
Scenario 4: User with "Moderator" role logs in and tries to access /dashboard/transactions
- Given user logs in with:
- When the user tries to access
/dashboard/transactions
- Then access should be denied
- And the page should redirect or show an unauthorized message
Scenario 5: User with "Moderator" role accesses /dashboard/expenses
- Given user is logged in as "Taajir Moderator"
- When the user navigates to
/dashboard/expenses
- Then access should be granted
- And the user should be able to view and edit expenses
- And the Edit button should be visible
Scenario 6: User with "Moderator" role accesses /dashboard/customers
- Given user is logged in as "Taajir Moderator"
- When the user navigates to
/dashboard/customers
- Then access should be granted
- And the user should only be able to view customers
- And edit/delete actions should be hidden or disabled