Skip to content

375 — should check when user have Invoice basic permission

Description

Verifies that an employee with the "Invoice basic" user role can see all organization invoices (read-only) but cannot use any row actions, and that Additional Items remains personal-scope.

Preconditions

  • A signed-in owner who will create the role, plus an invited employee who will receive it.
  • Seed data: bank account, client, expenses (owner + employee), 4 invoice drafts/issued invoices across two clients, billable rates, expense templates and one project + task + time record per client.

Steps

  1. As the owner, go to Roles → User roles and add a new user role with the test title, toggle "Invoice basic" on, then save. Expected: the new role appears in the user roles list.
  2. Assign the new role to the invited employee via API and reset the session.
  3. Sign in as the employee and open Additional Items. Expected: the page shows the "Additional items", "Flat rates", "Templates" tabs and only the employee's own additional item is listed (1 row).
  4. Navigate to Finance → Invoices. Expected: the Finance area shows only "Billing statements" and "Invoices" tabs and all 4 organization invoices are visible.
  5. Inspect the row actions on the invoice list. Expected: the row-action button is not visible on any invoice (0 of 4).
  6. Open the invoice numbered YYYY-0001. Expected: the invoice detail opens in read-only state.
  • Spec: playwright/tests/integration/permissions.spec.ts (line 341)