Description
Add BDD scenarios for staff user management flows. Staff users are automatically provisioned on first login from internal AAD B2C (if they don't exist) with a default role based on the enterprise app role name in the JWT token claims.
Users with appropriate permissions can manage staff roles and change roles on other staff users (not their own). Activity logs are stored as a subdocument array on staff user documents. All suites derive step definitions from shared scenarios in verification-shared.
What needs to be implemented
- New shared Gherkin scenarios in
verification-shared covering provisioning, role management, and activity logging.
- Suite-specific step definitions (API, UI, E2E).
- Context extensions for JWT claims handling, role changes, and activity log assertions.
Scope (specifically scoped shared scenarios)
- Automatic staff user provisioning on first login (default role from JWT claims)
- Managing / updating roles on other staff users (by authorized users)
- Prevention of self-role changes
- Viewing activity log entries (creation and role assignment events)
- Permission enforcement for staff user and role management actions
Acceptance Criteria
verification-shared
- Add 8–12 new shared Gherkin scenarios covering the flows above.
acceptance-api
- API-specific steps for user provisioning, role updates, activity logging, and authorization checks.
acceptance-ui
- UI-specific steps for staff portal views (viewing staff users, changing roles on others, viewing activity logs).
e2e-tests
- End-to-end scenarios including first-login provisioning, authorized role changes (on others), and activity log verification.
General
- Some scenarios may already exist — review and adjust/extend them as needed to ensure full coverage going forward.
- Align with IAM domain, JWT token validation, and staff user document structure (including activity log subdocument array).
- No support for arbitrary manual staff user creation (this is handled automatically via AAD B2C login).
Description
Add BDD scenarios for staff user management flows. Staff users are automatically provisioned on first login from internal AAD B2C (if they don't exist) with a default role based on the enterprise app role name in the JWT token claims.
Users with appropriate permissions can manage staff roles and change roles on other staff users (not their own). Activity logs are stored as a subdocument array on staff user documents. All suites derive step definitions from shared scenarios in
verification-shared.What needs to be implemented
verification-sharedcovering provisioning, role management, and activity logging.Scope (specifically scoped shared scenarios)
Acceptance Criteria
verification-shared
acceptance-api
acceptance-ui
e2e-tests
General