Skip to content

380 — should check when user have client Invoice basic permission

Description

Verifies that an employee with the "Invoice basic" client role (scoped to a single client) sees only that client's invoices in read-only mode and cannot use row actions.

Preconditions

  • A signed-in owner who will create the client role, plus an invited employee who will be added as a member of the first client with that role.
  • Seed data: two clients, 2 invoices per client (4 in total), plus standard Finance seed.

Steps

  1. As the owner, go to Roles → Client roles and add a new client role with the test title, toggle "Invoice basic" on, then save. Expected: the new client role exists.
  2. Add the employee as a member of the first client with that new role via API. Expected: the API confirms the member was added with the matching role id.
  3. Reset the session and sign in as the employee. Open Additional Items. Expected: "Additional items", "Flat rates", "Templates" tabs are shown and only the employee's own additional item is listed (1 row).
  4. Navigate to Finance → Invoices. Expected: the Finance area shows only "Billing statements" and "Invoices" tabs, and only the 2 invoices belonging to the first client are visible.
  5. Inspect the row actions. Expected: the row-action button is hidden on all invoices (0 of 2).
  6. Open invoice YYYY-0001. Expected: the invoice detail opens in read-only state.
  • Spec: playwright/tests/integration/permissions.spec.ts (line 566)