groombook-engineer[bot]
9eb0c3d151
* Implement confirm/cancel in customer portal (GRO-50) Backend: - Add POST /api/portal/appointments/:id/confirm endpoint - Validates impersonation session auth and ownership - Rejects past/in-progress, non-pending, or already-cancelled/completed - Sets confirmationStatus="confirmed", confirmedAt, updatedAt - Add POST /api/portal/appointments/:id/cancel endpoint - Same auth/ownership pattern - Rejects past/in-progress or already-cancelled/completed - Sets status="cancelled", confirmationStatus="cancelled", cancelledAt, updatedAt Frontend (Appointments.tsx): - Add confirmationStatus field to Appointment type and mock data - Add ConfirmationSection component: shows status badge + confirm button - Add CancelAppointmentButton: wires to cancel API with loading/error state - Wire existing Cancel button to CancelAppointmentButton - Show confirmation status badge in expanded view for upcoming appointments Co-Authored-By: Paperclip <noreply@paperclip.ing> * feat(gro-48): row-level data scoping for groomer role (RBAC Phase 2) Filter query results at the route handler level when staff role is groomer: - GET /api/appointments: WHERE staffId = groomer OR batherStaffId = groomer - GET /api/appointments/🆔 403 if not assigned to groomer (as staff or bather) - GET /api/clients: Clients with ≥1 appointment for this groomer (via exists subquery) - GET /api/clients/🆔 403 if no appointment linkage - GET /api/pets: Pets owned by groomer-linked clients (via exists subquery) - GET /api/pets/:petId: 403 if no appointment linkage Managers and receptionists: no change. Added exists to @groombook/db exports (was missing from re-export). Added groomerIsolation unit tests for role guard and filter logic. Co-Authored-By: Paperclip <noreply@paperclip.ing> * fix(gro-50): add portal confirm/cancel tests and fix ConfirmationSection state - Add test coverage for POST /portal/appointments/:id/confirm endpoint - Add test coverage for POST /portal/appointments/:id/cancel endpoint - Fix ConfirmationSection not updating local status after successful confirm - Remove unused onCancel prop from ConfirmationSection call site - Fix Appointments.test.tsx missing confirmationStatus field Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * test(gro-50): add ConfirmationSection UI component tests Add tests for the ConfirmationSection component: - Renders correct badge for each confirmationStatus state - Shows/hides Confirm button based on status - Calls confirm API with correct headers - Handles sessionId null case - Shows error messages for 401/403/422 responses - Shows loading state while confirming - Shows success message briefly after confirm - Does not call API if user cancels confirm dialog Co-Authored-By: Paperclip <noreply@paperclip.ing> * fix(gro-48): address QA review feedback — staffRow?.role and portal TS guards - appointments.ts: use staffRow?.role (consistent with clients.ts/pets.ts) to handle undefined staff context safely - portal.ts: add null guards on .returning() results for confirm and cancel endpoints (TS18048: 'updated' is possibly undefined) - All 188 tests passing; TypeScript typecheck clean Co-Authored-By: Paperclip <noreply@paperclip.ing> * fix(gro66): use specific selector for banner visibility assertion Replace ambiguous `getByText("STAFF VIEW")` that matched both the ImpersonationBanner and the CustomerPortal watermark with a precise `getByTestId("impersonation-banner")` selector to eliminate strict mode violations. Co-Authored-By: Paperclip <noreply@paperclip.ing> * fix(gro-66): add missing afterEach to vitest import Co-Authored-By: Paperclip <noreply@paperclip.ing> * fix(gro-48): add icalToken to MANAGER mock after rebase After rebasing onto origin/main (which added icalToken to the staff schema via GRO-107), the MANAGER mock in groomerIsolation.test.ts was missing the new required field. Added icalToken: null to the MANAGER constant. factories.ts is clean (no duplicate icalToken after rebase). Co-Authored-By: Paperclip <noreply@paperclip.ing> * fix(gro-47): add non-null assertions on Drizzle RETURNING results Drizzle's update().returning() types the array element as T | undefined. After the if (!appt) guard, updated is still typed as possibly undefined because RETURNING can succeed with no rows. Add ! assertions since we already guard with the existence check. Co-Authored-By: Paperclip <noreply@paperclip.ing> --------- Co-authored-by: Flea Flicker <fleaflicker@groombook.ai> Co-authored-by: Paperclip <noreply@paperclip.ing> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> Co-authored-by: Flea Flicker <flea-flicker@paperclip.ing>
86 lines
3.2 KiB
TypeScript
86 lines
3.2 KiB
TypeScript
import { test, expect } from "./fixtures.js";
|
|
|
|
/**
|
|
* E2E tests for customer portal impersonation flow.
|
|
* Tests ImpersonationBanner display, actions, and session management.
|
|
*/
|
|
|
|
const MOCK_SESSION = {
|
|
id: "session-1",
|
|
staffId: "staff-1",
|
|
clientId: "client-1",
|
|
reason: "Testing customer booking flow",
|
|
status: "active",
|
|
startedAt: new Date().toISOString(),
|
|
endedAt: null,
|
|
expiresAt: new Date(Date.now() + 30 * 60 * 1000).toISOString(),
|
|
createdAt: new Date().toISOString(),
|
|
};
|
|
|
|
test.describe("ImpersonationBanner", () => {
|
|
test.beforeEach(async ({ page }) => {
|
|
await page.route("**/api/impersonation/sessions/session-1", (route) =>
|
|
route.fulfill({ json: MOCK_SESSION })
|
|
);
|
|
await page.route("**/api/impersonation/sessions/session-1/end", (route) =>
|
|
route.fulfill({ json: { status: "ended" } })
|
|
);
|
|
await page.route("**/api/impersonation/sessions/session-1/extend", (route) =>
|
|
route.fulfill({ json: { ...MOCK_SESSION, expiresAt: new Date(Date.now() + 60 * 60 * 1000).toISOString() } })
|
|
);
|
|
await page.route("**/api/impersonation/sessions/session-1/audit-log", (route) =>
|
|
route.fulfill({ json: { logs: [] } })
|
|
);
|
|
});
|
|
|
|
test("banner displays when session is active", async ({ page }) => {
|
|
await page.goto("/?sessionId=session-1");
|
|
await expect(page.locator("[data-testid=\"impersonation-banner\"]")).toBeVisible();
|
|
await expect(page.getByTestId("impersonation-banner").getByText("STAFF VIEW")).toBeVisible();
|
|
});
|
|
|
|
test("banner shows reason when session has reason", async ({ page }) => {
|
|
await page.goto("/?sessionId=session-1");
|
|
await expect(page.getByText(/Reason: Testing customer booking flow/)).toBeVisible();
|
|
});
|
|
|
|
test("banner shows started time", async ({ page }) => {
|
|
await page.goto("/?sessionId=session-1");
|
|
await expect(page.getByText(/Started/)).toBeVisible();
|
|
});
|
|
|
|
test("End Session button is visible", async ({ page }) => {
|
|
await page.goto("/?sessionId=session-1");
|
|
await expect(page.getByRole("button", { name: /End Session/ })).toBeVisible();
|
|
});
|
|
|
|
test("Audit button is visible", async ({ page }) => {
|
|
await page.goto("/?sessionId=session-1");
|
|
await expect(page.getByRole("button", { name: /Audit/ })).toBeVisible();
|
|
});
|
|
|
|
test("clicking End Session calls API and redirects", async ({ page }) => {
|
|
await page.goto("/?sessionId=session-1");
|
|
await page.getByRole("button", { name: /End Session/ }).click();
|
|
await expect(page.getByTestId("impersonation-banner")).not.toBeVisible();
|
|
});
|
|
|
|
test("Extend button appears when time is low and not extended", async ({ page }) => {
|
|
const lowTimeSession = {
|
|
...MOCK_SESSION,
|
|
expiresAt: new Date(Date.now() + 3 * 60 * 1000).toISOString(),
|
|
};
|
|
await page.route("**/api/impersonation/sessions/session-1", (route) =>
|
|
route.fulfill({ json: lowTimeSession })
|
|
);
|
|
await page.goto("/?sessionId=session-1");
|
|
await expect(page.getByRole("button", { name: /Extend/ })).toBeVisible();
|
|
});
|
|
|
|
test("URL is cleaned when session ends", async ({ page }) => {
|
|
await page.goto("/?sessionId=session-1");
|
|
await page.getByRole("button", { name: /End Session/ }).click();
|
|
await expect(page).not.toHaveURL(/sessionId=session-1/);
|
|
});
|
|
});
|