380 — should check when user have client Invoice basic permission¶
Description¶
Verifies that an employee with the "Invoice basic" client role (scoped to a single client) sees only that client's invoices in read-only mode and cannot use row actions.
Preconditions¶
- A signed-in owner who will create the client role, plus an invited employee who will be added as a member of the first client with that role.
- Seed data: two clients, 2 invoices per client (4 in total), plus standard Finance seed.
Steps¶
- As the owner, go to Roles → Client roles and add a new client role with the test title, toggle "Invoice basic" on, then save. Expected: the new client role exists.
- Add the employee as a member of the first client with that new role via API. Expected: the API confirms the member was added with the matching role id.
- Reset the session and sign in as the employee. Open Additional Items. Expected: "Additional items", "Flat rates", "Templates" tabs are shown and only the employee's own additional item is listed (1 row).
- Navigate to Finance → Invoices. Expected: the Finance area shows only "Billing statements" and "Invoices" tabs, and only the 2 invoices belonging to the first client are visible.
- Inspect the row actions. Expected: the row-action button is hidden on all invoices (0 of 2).
- Open invoice
YYYY-0001. Expected: the invoice detail opens in read-only state.
Related¶
- Spec:
playwright/tests/integration/permissions.spec.ts(line 566)