Settings Recently Changed
Profile Management
| ID | Test Case | Preconditions | Steps | Expected Result | Priority |
|---|---|---|---|---|---|
| SET-001 | User views profile information | Logged in as any role | 1. Go to /settings 2. Click "Profile" tab | Profile tab loads with user's full_name, email, phone fields pre-filled | High |
| SET-002 | User updates full name only | Logged in, at Profile tab | 1. Clear full_name field 2. Type "Jane Smith" 3. Click Save | Success toast appears. Profile updates. Page stays at Profile tab | High |
| SET-003 | Agent can edit own email and phone | Logged in as Agent (no manage_organization), at Profile tab | 1. Change email to "newemail@example.com" 2. Change phone to "+14155552671" 3. Click Save | Success toast appears. Email/phone changes are accepted for self-profile updates | High |
| SET-004 | Email change triggers re-verification flow | Logged in as any role, at Profile tab | 1. Change email to "newemail@example.com" 2. Click Save | Success response. Email becomes unverified and verification flow is shown for the new address | High |
| SET-005 | Validation: empty phone when user edits own profile | Logged in as any role, at Profile tab | 1. Clear phone field (if it had a value) 2. Click Save | Error toast: "Phone number cannot be empty." Phone field remains empty, not saved | Medium |
| SET-006 | Validation: invalid E.164 phone format | Logged in as any role, at Profile tab | 1. Enter phone "123456" (invalid format) 2. Click Save | Error message: "Please enter a valid mobile number." Phone not saved | Medium |
| SET-007 | Validation: valid E.164 phone with leading + | Logged in as any role, at Profile tab | 1. Enter phone "+1 (415) 555-2671" or "+14155552671" 2. Click Save | Success toast. Phone saves in E.164 format | High |
| SET-008 | No changes does not trigger save | Logged in, at Profile tab with values pre-filled | 1. Do not change any field 2. Click Save | Success toast appears (idempotent) | Low |
| SET-009 | Profile save error handling | Logged in, at Profile tab, API is down | 1. Make any change 2. Click Save | Error toast displays. Form retains values for retry | Medium |
Password Management
| ID | Test Case | Preconditions | Steps | Expected Result | Priority |
|---|---|---|---|---|---|
| SET-010 | User views password change form | Logged in, at Settings Profile tab | 1. Scroll to "Change Password" section | Password form displays with current_password, new_password, confirm_password fields | High |
| SET-011 | Valid password change | Logged in, at password form | 1. Enter current password 2. Enter new password "NewP@ssw0rd!" 3. Enter same in confirm field 4. Click Save | Success toast: "Password updated." Form clears | High |
| SET-012 | Validation: incorrect current password | Logged in, at password form | 1. Enter wrong current password 2. Enter new password 3. Click Save | Error: "Current password is incorrect." Password not changed | High |
| SET-013 | Validation: new password too short | Logged in, at password form | 1. Enter current password 2. Enter new password "abc" 3. Click Save | Error: "Password must be at least 8 characters." | Medium |
| SET-014 | Validation: confirm password mismatch | Logged in, at password form | 1. Enter current password 2. Enter new password "NewP@ssw0rd!" 3. Enter different confirm "Different123!" 4. Click Save | Error: "Passwords do not match." | Medium |
| SET-015 | Validation: new password same as current | Logged in, at password form | 1. Enter current password "OldP@ssw0rd!" 2. Enter same in new password field 3. Click Save | Error: "New password must be different from current password." | Medium |
WhatsApp Accounts
| ID | Test Case | Preconditions | Steps | Expected Result | Priority |
|---|---|---|---|---|---|
| SET-016 | User views WhatsApp accounts list | Logged in, at least one WhatsApp account connected | 1. Go to /settings 2. Click "WhatsApp" tab | List displays all connected accounts with phone_number_id, display_phone_number, verified_name, quality_rating, is_active status | High |
| SET-017 | Empty WhatsApp accounts state | Logged in with settings:read, no WhatsApp accounts connected | 1. Go to /settings 2. Click "WhatsApp" tab | Empty state message displays. "Add account" actions are shown only when user also has settings:write | High |
| SET-018 | Connect WhatsApp account via Facebook picker | Logged in, at WhatsApp tab with no accounts | 1. Click "Connect Account" button 2. Facebook authentication modal opens 3. Select a phone number from Meta account 4. Click Confirm | Account added to list. success toast. Page refreshes to show new account. If first account for org, it is automatically set as default | High |
| SET-019 | Validation: cannot add duplicate phone_number_id | Logged in, one account exists with phone_number_id "123", at WhatsApp tab | 1. Click "Connect Account" 2. Select same phone_number_id "123" from Meta 3. Click Confirm | Error toast or validation prevents duplicate. Original account remains | High |
| SET-020 | Meta API error during account fetch with centralized error adapter | Logged in, at WhatsApp tab, Meta API returns 401 or other error | 1. Click "Connect Account" 2. Modal attempts to fetch accounts and Meta API fails | Modal displays error message from centralized error adapter: "Unable to fetch Meta accounts..." or appropriate mapped error. Structured logging captures error context | Medium |
| SET-021 | User can view account metadata on WhatsApp tab | Logged in with one account, at WhatsApp tab | 1. Look at displayed account row | Display shows: waba_id, phone_number_id, display_phone_number, verified_name, quality_rating, messaging_limit_tier, is_active toggle | High |
| SET-022 | Disable/enable WhatsApp account | Logged in with settings:write and active account, at WhatsApp tab | 1. Click is_active toggle for an account | Account is_active status toggles. Visual indicator (badge color) updates. Change persists after page refresh. If toggling to inactive and account is org default, default is cleared | High |
| SET-023 | Read-only WhatsApp tab without settings:write | Logged in with settings:read but without settings:write, at WhatsApp tab | 1. Open WhatsApp tab 2. Inspect actions | Accounts and overview are visible, but connect/add/edit/remove/toggle actions are hidden | High |
| SET-108 | Delete WhatsApp account with no conflicts | Logged in with settings:write, viewing single account with no dependencies | 1. Click delete/trash icon on account row 2. Confirm deletion | Account removed from list. Success toast: "WhatsApp account deleted." If account was org default, default is cleared | High |
| SET-109 | Delete WhatsApp account fails: account used by nurture sequences | Logged in with settings:write, viewing account used by active nurture sequences, at WhatsApp tab | 1. Click delete/trash icon on account 2. Confirm deletion attempt | Error toast displays: "Cannot delete this WhatsApp account because it is still used by other records (for example nurture sequences or campaigns). Reassign those records and try again." Account remains in list | High |
| SET-110 | Delete WhatsApp account fails: account used by campaigns | Logged in with settings:write, viewing account linked to one or more active campaigns | 1. Click delete/trash icon on account 2. Confirm deletion | Error toast: "Cannot delete this WhatsApp account because it is still used by other records (for example nurture sequences or campaigns). Reassign those records and try again." Account persists | High |
| SET-111 | Delete WhatsApp account conflict handling with structured logging | Admin attempts to delete account with foreign key dependencies during system test | 1. Delete button triggered on account with active follow-ups 2. Server returns 409 Conflict | Error is logged with structured context: whatsapp_delete_conflict event includes account_id and org_id. User sees friendly error message | Medium |
| SET-112 | Set WhatsApp account as organization default | Logged in with settings:write, viewing two or more accounts, at WhatsApp tab | 1. Right-click or click "Set as Default" action on an account row 2. Confirm | Selected account is marked as default (visual badge or star icon appears). Success toast shows "Default WhatsApp account updated." Audit log records action "org.default_whatsapp_account_changed" | High |
| SET-113 | Default WhatsApp account is automatically set on first account creation | Logged in with settings:write, no accounts exist, at WhatsApp tab | 1. Click "Connect Account" 2. Complete Meta connection flow and select first account 3. Observe list after refresh | First account added with default badge/indicator. No additional user action needed | High |
| SET-114 | Clear default WhatsApp account when default account toggled inactive | Logged in with settings:write, default account is active, at WhatsApp tab | 1. Click is_active toggle on the account marked as default to turn it OFF | Account becomes inactive. Default badge is removed. Org no longer has default account | High |
| SET-115 | Validation: cannot set inactive account as default | Logged in with settings:write, viewing an inactive account, at WhatsApp tab | 1. Try to click "Set as Default" on an inactive account | Action is disabled or hidden. Error tooltip states "Only active accounts can be set as default" | Medium |
| SET-116 | Default account reflected in multiple UI locations | Logged in with settings:write, default account set, navigating the app | 1. Set account as default in WhatsApp tab 2. Go to Contacts/Campaigns 3. Observe form account selectors 4. Return to WhatsApp tab | Default account is pre-selected in dropdowns across app. Badge visible in WhatsApp tab. Persists across page navigations | High |
Organization Settings
| ID | Test Case | Preconditions | Steps | Expected Result | Priority |
|---|---|---|---|---|---|
| SET-024 | Admin views organization details | Logged in as Admin, at Organization tab | 1. Go to /settings 2. Click "Organization" tab | Organization name, timezone, country, contact email, contact phone displayed | High |
| SET-025 | User with settings:read can view organization settings | Logged in as Agent with settings:read but without manage_organization | 1. Open Organization tab | Organization form is visible in read-only mode with permission guidance message | High |
| SET-026 | Admin edits organization name | Logged in as Admin (or any role with manage_organization), at Organization tab | 1. Change org name to "Acme Corp 2.0" 2. Click Save | Success toast. Name updates. Change visible in org switcher header after refresh | High |
| SET-027 | Admin edits organization timezone | Logged in as Admin, at Organization tab | 1. Open timezone dropdown 2. Select "America/Los_Angeles" 3. Click Save | Success toast. Timezone updates. All dates/times in UI reflect new timezone | High |
| SET-028 | Admin edits organization contact info | Logged in as Admin, at Organization tab | 1. Update contact_email to "admin@newcompany.com" 2. Update contact_phone to "+15551234567" 3. Click Save | Success toast. Contact info updates for invoices/billing | High |
| SET-029 | Validation: invalid email in org contact | Logged in as Admin, at Organization tab | 1. Enter contact_email "invalid-email" 2. Click Save | Error: "Please enter a valid email address." | Medium |
| SET-030 | Validation: invalid phone in org contact | Logged in as Admin, at Organization tab | 1. Enter contact_phone "123" (invalid E.164) 2. Click Save | Error: "Please enter a valid phone number." | Medium |
Members Management
| ID | Test Case | Preconditions | Steps | Expected Result | Priority |
|---|---|---|---|---|---|
| SET-031 | Admin views all organization members | Logged in as Admin, at Members tab | 1. Go to /settings 2. Click "Members" tab | List displays all members with email, full_name, role_name, is_active, user_id | High |
| SET-032 | Members tab requires members:read | Logged in without members:read permission | 1. Open Settings page | Members tab is hidden and inaccessible from sidebar/query tab | High |
| SET-033 | Invite member requires members:write | Logged in with members:write, at Members tab | 1. Click "Add member" button 2. Enter email "newuser@example.com" 3. Select role "Agent" 4. Click Add | Success toast. User added to list with status "invited" (pending acceptance) | High |
| SET-034 | Validation: duplicate member email invitation | Logged in as Admin, at Members tab with "john@example.com" already member | 1. Click "Invite Member" 2. Enter "john@example.com" 3. Click Send Invite | Error: "User is already a member of this organization." | Medium |
| SET-035 | Change member role requires members:write | Logged in with members:write, at Members tab | 1. Change role dropdown from "Agent" to "Manager" | Member role updates immediately in list. Changes persist after refresh | High |
| SET-036 | Admin deactivates member | Logged in as Admin, at Members tab | 1. Find active member 2. Click deactivate/toggle button | Member is_active becomes false. Badge shows "inactive". User cannot log in anymore | High |
| SET-037 | Admin reactivates deactivated member | Logged in as Admin, at Members tab | 1. Find deactivated member 2. Click activate/toggle button | Member is_active becomes true. Badge shows "active". User can log in again | Medium |
| SET-038 | Remove member requires members:delete | Logged in with members:read and members:delete but without members:write | 1. Open Members tab 2. Click remove icon on a member 3. Confirm | Member is removed successfully even if invite/edit actions are not shown | High |
| SET-039 | Member cannot manage other members | Logged in as Member role, at Settings | 1. Try to access Members tab | Tab is disabled/hidden OR 403 error | High |
Teams Management
| ID | Test Case | Preconditions | Steps | Expected Result | Priority |
|---|---|---|---|---|---|
| SET-040 | User views teams list | Logged in as Manager/Admin, at Teams tab | 1. Go to /settings 2. Click "Teams" tab | List displays all teams with name, description, member_count | High |
| SET-041 | Non-manager cannot view teams | Logged in as Agent, at Settings | 1. Try to access Teams tab | Tab is disabled/hidden OR 403 error | Medium |
| SET-042 | Manager creates team | Logged in as Manager, at Teams tab | 1. Click "Create Team" button 2. Enter name "Sales Team" 3. Enter description "Handles sales inquiries" 4. Click Save | Team added to list. Success toast. member_count shows 0 | High |
| SET-043 | Validation: team name required | Logged in as Manager, at create team modal | 1. Leave name empty 2. Click Save | Error: "Team name is required." Modal stays open | Medium |
| SET-044 | Manager edits team | Logged in as Manager, viewing a team, at Teams tab | 1. Click edit icon on team row 2. Change name to "New Sales Team" 3. Click Save | Team name updates in list. Success toast | High |
| SET-045 | Manager deletes team | Logged in as Manager, at Teams tab | 1. Click delete/trash icon on team 2. Confirm | Team removed from list. Success toast. Members no longer assigned to deleted team | High |
| SET-046 | Manager selects team and views members | Logged in as Manager, at Teams tab | 1. Click team row or "View Members" button | Team detail view opens. List of members (if any) displays with user email and full_name | High |
| SET-047 | Manager adds existing member to team | Logged in as Manager, viewing team members, at Teams tab | 1. Click "Add Member" button 2. Select a member from dropdown 3. Click Add | Member added to team. member_count increments. Success toast | High |
| SET-048 | Validation: cannot add inactive member to team | Logged in as Manager, viewing team members | 1. Click "Add Member" 2. Open dropdown | Dropdown only shows active members. Inactive members grayed out or hidden | Medium |
| SET-049 | Manager removes member from team | Logged in as Manager, viewing team members with 2+ members | 1. Click remove/X icon on a member 2. Confirm | Member removed from team. member_count decrements. Success toast. Member stays in organization | High |
| SET-050 | Member cannot manage teams | Logged in as Member role | 1. Try to access Teams tab | Tab is disabled/hidden OR 403 error | Medium |
API Keys Management
| ID | Test Case | Preconditions | Steps | Expected Result | Priority |
|---|---|---|---|---|---|
| SET-051 | User views API keys list | Logged in with api_keys:read permission, at API Keys tab | 1. Go to /settings 2. Click "API Keys" tab | List displays all API keys with name, key_prefix (e.g., "sk_live_abc123..."), scopes, expires_at, is_active status | High |
| SET-052 | Non-privileged user cannot view API keys | Logged in as Agent without api_keys:read permission | 1. Try to navigate to API Keys tab | Tab is disabled/hidden OR 403 error on page load | High |
| SET-053 | User creates API key | Logged in with api_keys:write permission, at API Keys tab | 1. Click "Create API Key" button 2. Enter name "Webhook Integrations" 3. Select scopes: contacts:read, messages:write 4. Set expiry "30 days" 5. Click Create | Modal displays full raw key (shown only once). Success toast. Key added to list with key_prefix visible | High |
| SET-054 | Raw API key is displayed only once | Logged in, just created an API key | 1. Observe the revealed key modal 2. Close modal without copying 3. Refresh page | Key no longer shown. User must regenerate to obtain new key. key_prefix still visible in list | High |
| SET-055 | User copies API key from modal | Logged in, at revealed key modal | 1. Click "Copy" button next to raw key | Key copied to clipboard. Toast shows "Copied!" | High |
| SET-056 | Validation: API key name required | Logged in with api_keys:write permission, at create modal | 1. Leave name empty 2. Click Create | Error: "Name is required." Modal stays open | Medium |
| SET-057 | Validation: at least one scope required | Logged in with api_keys:write permission, at create modal | 1. Enter name "Test Key" 2. Deselect all scopes 3. Click Create | Error: "At least one scope must be selected." | Medium |
| SET-058 | User updates API key name | Logged in with api_keys:write permission, viewing a key | 1. Click edit icon or key name 2. Change name to "Updated Key Name" 3. Click Save | Name updates in list. Success toast. Raw key unchanged | High |
| SET-059 | User deactivates API key | Logged in with api_keys:write permission, viewing active key | 1. Click is_active toggle on key row | is_active becomes false. Key no longer works for API calls. Badge shows "inactive" | High |
| SET-060 | User reactivates API key | Logged in with api_keys:write permission, viewing inactive key | 1. Click is_active toggle on key row | is_active becomes true. Key works again. Badge shows "active" | Medium |
| SET-061 | User deletes API key | Logged in with api_keys:delete permission, at API Keys tab | 1. Click delete/trash icon on a key 2. Confirm | Key removed from list. Success toast. Key no longer valid for API calls | High |
| SET-062 | Non-privileged user cannot create API key | Logged in without api_keys:write permission | 1. Try to click "Create API Key" button | Button is disabled or hidden | Medium |
| SET-063 | Non-privileged user cannot delete API key | Logged in with api_keys:read but not api_keys:delete permission | 1. View API key in list 2. Try to click delete icon | Delete icon is disabled or hidden | Medium |
| SET-064 | Audit log created for API key creation | Logged in with api_keys:write permission, creates new API key | 1. At API Keys tab, create key "Test Audit" 2. Go to Audit Logs tab | Audit entry shows: action=api_key.created, resource_id=key_id, metadata includes name | High |
| SET-065 | Audit log created for API key deletion | Logged in with api_keys:delete permission, deletes key | 1. At API Keys tab, delete a key 2. Go to Audit Logs tab | Audit entry shows: action=api_key.deleted, resource_id=key_id | High |
Roles & Permissions
| ID | Test Case | Preconditions | Steps | Expected Result | Priority |
|---|---|---|---|---|---|
| SET-066 | Admin views roles and permissions list | Logged in as Admin, at Roles tab | 1. Go to /settings 2. Click "Roles" tab | List displays built-in roles (Admin, Manager, Member, Agent) with permission counts | High |
| SET-067 | Non-admin cannot view roles tab | Logged in as Agent, at Settings | 1. Try to click Roles tab | Tab is disabled/hidden OR 403 error | High |
| SET-068 | Admin views role detail and permissions | Logged in as Admin, at Roles tab | 1. Click a role row (e.g., "Agent") | Detail panel opens showing all permissions assigned to that role with checkboxes | High |
| SET-069 | Admin cannot delete built-in roles | Logged in as Admin, viewing a built-in role detail | 1. Look for delete button | Delete button is disabled or hidden for built-in roles | Medium |
| SET-070 | Admin views permission hierarchy | Logged in as Admin, at Roles tab | 1. Click on a role and view permissions section | Permissions are organized by resource type (contacts, messages, organization, api_keys, audit) | High |
Audit Logs
| ID | Test Case | Preconditions | Steps | Expected Result | Priority |
|---|---|---|---|---|---|
| SET-071 | User with audit:read views audit logs list | Logged in as Admin, at Audit Logs tab | 1. Go to /settings 2. Click "Audit Logs" tab | Paginated list displays audit entries with timestamp, action, resource_type, user, ip_address, metadata | High |
| SET-072 | Non-privileged user cannot view audit logs | Logged in as Agent without audit:read permission | 1. Try to access Audit Logs tab | Tab is disabled/hidden OR 403 error | High |
| SET-073 | Filter audit logs by action | Logged in with audit:read permission, at Audit Logs tab | 1. Click "Filter" or action dropdown 2. Select "user.login" 3. View results | List filters to only show login actions. Pagination updates | High |
| SET-074 | Filter audit logs by resource type | Logged in with audit:read permission, at Audit Logs tab | 1. Click resource_type filter 2. Select "api_key" 3. View results | List filters to show only api_key-related actions | High |
| SET-075 | Pagination: view next page of audit logs | Logged in with audit:read permission, 50+ audit entries exist | 1. At Audit Logs tab (page 1) 2. Click "Next" or page 2 button | Page 2 loads with different entries. Total count and page indicator update | Medium |
| SET-076 | Audit log entry shows metadata | Logged in with audit:read permission, at Audit Logs tab | 1. View an audit entry (e.g., api_key.created) 2. Expand or hover over metadata section | Metadata displays additional context (e.g., "name": "My Key") | High |
| SET-077 | Audit logs read-only | Logged in as Admin, at Audit Logs tab | 1. Try to delete, edit, or modify any audit entry | No delete/edit icons visible. Audit logs are immutable | High |
| SET-117 | Audit log shows org default WhatsApp account change | Logged in with audit:read, user with settings:write sets default account | 1. At Audit Logs tab, filter by action "org.default_whatsapp_account_changed" 2. Expand metadata | Audit entry displays with resource_type "organization", metadata contains "default_whatsapp_account_id" | High |
Form Tokens Management
| ID | Test Case | Preconditions | Steps | Expected Result | Priority |
|---|---|---|---|---|---|
| SET-078 | User with leads:view views form tokens list | Logged in with leads:view permission, at Form Tokens tab | 1. Go to /settings 2. Click "Form Tokens" tab | List displays form tokens with name, token_prefix, allowed_origins, rate_limit_per_hour, is_active status | High |
| SET-079 | Non-privileged user cannot view form tokens | Logged in as Agent without leads:view permission | 1. Try to access Form Tokens tab | Tab is disabled/hidden OR 403 error | High |
| SET-080 | User with leads:manage creates form token | Logged in with leads:manage permission, at Form Tokens tab | 1. Click "Create Token" button 2. Enter name "Website Form" 3. Enter allowed_origins "https://example.com, https://www.example.com" 4. Set rate_limit_per_hour to 100 5. Click Create | Modal displays raw token (shown once). Success toast. Token added to list with token_prefix visible | High |
| SET-081 | Raw form token displayed only once | Logged in, just created form token | 1. Observe revealed token modal 2. Close without copying 3. Refresh page | Raw token no longer shown. User must regenerate. token_prefix still visible | High |
| SET-082 | User copies form token from modal | Logged in, at revealed token modal | 1. Click "Copy" button next to raw token | Token copied to clipboard. Toast shows "Copied!" | High |
| SET-083 | Validation: form token name required | Logged in with leads:manage permission, at create modal | 1. Leave name empty 2. Click Create | Error: "Name is required." Modal stays open | Medium |
| SET-084 | Validation: invalid origin URL format | Logged in with leads:manage permission, at create modal | 1. Enter allowed_origins "not-a-url" 2. Click Create | Error: "Invalid URL format." | Medium |
| SET-085 | User updates form token | Logged in with leads:manage permission, viewing a token | 1. Click edit icon on token 2. Change name to "New Name" 3. Update allowed_origins 4. Click Save | Name and origins update in list. Success toast. Raw token unchanged | High |
| SET-086 | User deactivates form token | Logged in with leads:manage permission, viewing active token | 1. Click is_active toggle on token row | is_active becomes false. Form submissions using this token are rejected. Badge shows "inactive" | High |
| SET-087 | User reactivates form token | Logged in with leads:manage permission, viewing inactive token | 1. Click is_active toggle on token row | is_active becomes true. Form submissions accepted again. Badge shows "active" | Medium |
| SET-088 | User deletes form token | Logged in with leads:manage permission, at Form Tokens tab | 1. Click delete/trash icon on token 2. Confirm | Token removed from list. Success toast. Form submissions with this token are rejected | High |
| SET-089 | User regenerates form token | Logged in with leads:manage permission, viewing token | 1. Click "Regenerate" button on token 2. Confirm (modal warns old token will stop working) | Modal displays new raw token. Old token invalidated immediately. List updates. Success toast | High |
| SET-090 | Non-privileged user cannot create form token | Logged in without leads:manage permission | 1. Try to click "Create Token" button | Button is disabled or hidden | Medium |
| SET-091 | Non-privileged user cannot delete form token | Logged in with leads:view but not leads:manage permission | 1. View form token in list 2. Try to click delete icon | Delete icon is disabled or hidden | Medium |
Notifications (if visible in tabs)
| ID | Test Case | Preconditions | Steps | Expected Result | Priority |
|---|---|---|---|---|---|
| SET-092 | User views notification preferences | Logged in, at Notifications tab | 1. Go to /settings 2. Click "Notifications" tab | Checkboxes or toggles for notification types: email_leads, sms_alerts, daily_digest, etc. with current user preferences | High |
| SET-093 | User enables email notifications | Logged in, at Notifications tab | 1. Toggle "Email Leads" to ON 2. Click Save | Preference saves. Success toast. User receives emails for future lead submissions | High |
| SET-094 | User disables SMS alerts | Logged in, at Notifications tab | 1. Toggle "SMS Alerts" to OFF 2. Click Save | Preference saves. Success toast. SMS alerts stop | High |
| SET-095 | Notification frequency preferences | Logged in, at Notifications tab | 1. Select "Daily Digest" frequency from dropdown 2. Click Save | Preference saves. Notifications consolidated daily instead of real-time | Medium |
Tab Navigation & State
| ID | Test Case | Preconditions | Steps | Expected Result | Priority |
|---|---|---|---|---|---|
| SET-096 | Tab navigation persists in URL for authorized tab | Logged in with api_keys:read, at Settings | 1. Click "API Keys" tab 2. Note URL changes to /settings?tab=api-keys 3. Refresh page | Settings reopens at API Keys tab. URL query param restored state | Medium |
| SET-097 | Invalid tab query param defaults to profile | Logged in, navigate to /settings?tab=nonexistent | View displays Profile tab content | Profile tab is default. Invalid tab is ignored gracefully | Low |
| SET-098 | User can navigate between permitted tabs without reloading | Logged in with multiple settings permissions, at Settings with Profile tab active | 1. Click "API Keys" tab 2. Wait for content to load 3. Click "Members" tab | Tabs switch instantly. No full page reload. Content loads smoothly | High |
Permission-Based Feature Visibility
| ID | Test Case | Preconditions | Steps | Expected Result | Priority |
|---|---|---|---|---|---|
| SET-099 | Base user sees only universally available tabs | Logged in with no settings-specific permissions | 1. View Settings page | Only Profile and Notifications tabs are visible | High |
| SET-100 | settings:read user sees workspace tabs in read mode | Logged in with settings:read (without settings:write/manage_organization) | 1. View Settings page 2. Open WhatsApp/Organization tabs | Tabs are visible; destructive/edit actions remain hidden/disabled per action permission | High |
| SET-101 | Unauthorized tab query redirects to Profile | Logged in without settings:read | 1. Navigate directly to /settings?tab=whatsapp | App falls back to Profile tab and removes unauthorized tab state | High |
Error Handling & Edge Cases
| ID | Test Case | Preconditions | Steps | Expected Result | Priority |
|---|---|---|---|---|---|
| SET-102 | Network error during profile save | Logged in, at Profile tab, API is down | 1. Change full_name 2. Click Save | Error toast displays. Form retains values for retry | Medium |
| SET-103 | Session expires during settings operations | Logged in, JWT token expires during form save | 1. Update profile 2. Submit form after token expiry | User redirected to login. Toast shows "Session expired." | High |
| SET-104 | Concurrent edit conflict | Two users editing same organization settings simultaneously | User A saves timezone change, then User B saves name change | Last write wins. Page does not show stale data after refresh. Audit log shows both actions | Medium |