Skip to content

Add @ocom-verification coverage for Staff User Management #295

Description

@nnoce14

Description
Add BDD scenarios for staff user management flows. Staff users are automatically provisioned on first login from internal AAD B2C (if they don't exist) with a default role based on the enterprise app role name in the JWT token claims.

Users with appropriate permissions can manage staff roles and change roles on other staff users (not their own). Activity logs are stored as a subdocument array on staff user documents. All suites derive step definitions from shared scenarios in verification-shared.

What needs to be implemented

  • New shared Gherkin scenarios in verification-shared covering provisioning, role management, and activity logging.
  • Suite-specific step definitions (API, UI, E2E).
  • Context extensions for JWT claims handling, role changes, and activity log assertions.

Scope (specifically scoped shared scenarios)

  • Automatic staff user provisioning on first login (default role from JWT claims)
  • Managing / updating roles on other staff users (by authorized users)
  • Prevention of self-role changes
  • Viewing activity log entries (creation and role assignment events)
  • Permission enforcement for staff user and role management actions

Acceptance Criteria

verification-shared

  • Add 8–12 new shared Gherkin scenarios covering the flows above.

acceptance-api

  • API-specific steps for user provisioning, role updates, activity logging, and authorization checks.

acceptance-ui

  • UI-specific steps for staff portal views (viewing staff users, changing roles on others, viewing activity logs).

e2e-tests

  • End-to-end scenarios including first-login provisioning, authorized role changes (on others), and activity log verification.

General

  • Some scenarios may already exist — review and adjust/extend them as needed to ensure full coverage going forward.
  • Align with IAM domain, JWT token validation, and staff user document structure (including activity log subdocument array).
  • No support for arbitrary manual staff user creation (this is handled automatically via AAD B2C login).

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

Fields

No fields configured for Task.

Projects

Status
Todo

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions