End-to-End Test Scripts

ABC Global Functionality Module — E2E Test Scripts

8 end-to-end test flows covering user management, permissions, lookup tables, email sub-system, system defaults, and audits across 28 test cases.

Flow 1: User CRUD 0/4
Flow 2: Security 0/4
Flow 3: Permissions 0/3
Flow 4: Lookups 0/4
Flow 5: Audits 0/3
Flow 6: Emails 0/4
Flow 7: Defaults 0/4
Flow 8: Cross-Cut 0/2
User Management
CRUD Operations
Chapter Staff
TC-1.1 Create new chapter staff user
Hybrid
Global Functionality > User Management CRUD > Create new chapter staff user
M
Medium Difficulty
10 min
Preconditions
  1. User logged in with L2+ administration access
  2. Navigate to User Management > Create New User
  3. Email system configured and notifications enabled
  4. Valid chapter context selected
Test Steps
Step 1
Click Create New User button
Create User form displays with empty fields for Last Name, First Name, Email, and Super User flag
Step 2
Enter Last Name (required), First Name (required), and Email (required) fields
Fields accept input; validation shows no errors; required field indicators are clear
Step 3
Toggle Super User flag ON and click Save
User record created; system sends password reset email to provided email address
Step 4
Verify password reset email received with activation link and confirm user creation success message displays
Email contains reset link; user appears in Browse Users list with correct name and email
Bug Risks
  • Required field validation not enforced; user created with missing fields
  • Password reset email not sent or sent to wrong address
  • Duplicate email addresses allowed
  • Super User flag not persisted on save
Verify email is case-insensitive. Test with special characters in name fields. Confirm user immediately needs password reset before login attempt.
ABC-765
TC-1.2 Clone existing user
Hybrid
Global Functionality > User Management CRUD > Clone existing user
M
Medium Difficulty
8 min
Preconditions
  1. User logged in with L2+ administration access
  2. At least one existing user record visible in Browse Users
  3. User has L2+ permissions to view/edit the user
  4. Email system configured
Test Steps
Step 1
Click Clone User button on existing user's edit screen
Clone form opens with all fields from source user pre-filled (name, permissions, settings)
Step 2
Edit Last Name, First Name, and Email for new user; verify permissions copied correctly
Form fields are editable; permissions match source user; user can modify email to unique value
Step 3
Click Save to create cloned user
New user record created with updated name/email; source user remains unchanged; password email sent to new user
Step 4
Verify new user appears in Browse Users list with cloned permissions intact
Both users listed with correct data; cloned user has identical permission levels as source
Bug Risks
  • Permissions not copied from source user
  • Clone operation creates duplicate instead of new user
  • Email field not editable in clone form
  • Source user data modified unexpectedly
Verify clone operation is atomic (all or nothing). Test with users having different permission levels (L0, L1, L2, L3). Confirm source user's last login/activity not affected.
ABC-765
TC-1.3 Browse users with filters and export to Excel
Hybrid
Global Functionality > User Management CRUD > Browse users with filters and export
M
Medium Difficulty
10 min
Preconditions
  1. User logged in with L1+ access to Users
  2. Browse Users page accessible; 5+ users in system
  3. Filter controls visible and functional
  4. Excel export feature available
Test Steps
Step 1
Navigate to Browse Users and verify columns present: Name, Email, Status, Super User, Last Login
All columns visible and properly labeled; data displays correctly for all users
Step 2
Apply filter by Name (partial match) and verify results update
List filters to matching users; results count displays; sort buttons remain functional
Step 3
Apply Email filter and Last Login date range filter; combine filters
Multiple filters work in conjunction; results narrow appropriately; each filter can be cleared independently
Step 4
Click Export to Excel button
Excel file downloads with filename pattern "Users_YYYY-MM-DD.xlsx"; file contains filtered results with all visible columns
Bug Risks
  • Filter not working or no results returned
  • Export includes non-visible or sensitive columns
  • Excel file corrupted or cannot open
  • Last Login date format inconsistent with display
Test with large result sets (100+ users). Verify sort works on all sortable columns. Test special characters in names for filter accuracy. Confirm filtered export includes only visible records.
ABC-765
TC-1.4 View/Edit user with L1/L2 access levels
Hybrid
Global Functionality > User Management CRUD > View/Edit user with access control
M
Medium Difficulty
10 min
Preconditions
  1. User logged in with L1 access (view only)
  2. Navigate to user record detail page
  3. Verify change history feature available
  4. Second user with L2 access ready for testing
Test Steps
Step 1
Login as L1 user and view user record; verify edit buttons disabled/hidden
User data displayed; all edit buttons and field inputs disabled or not visible; view-only mode clear
Step 2
Login as L2 user, open same user record, and change Last Name/Email
Fields are editable; user can input changes; edit controls are active and visible
Step 3
Click Save and verify confirmation prompt appears
Confirmation dialog displays changed fields; user can confirm or cancel change
Step 4
Confirm save and verify change history entry created with timestamp and editor name
Changes saved; View History shows entry with old/new values, timestamp, and editor details
Bug Risks
  • L1 user able to edit fields despite view-only access
  • Confirmation prompt not displayed before save
  • Change history not recorded or missing details
  • Edit attempt allowed even though user lacks L2+ access
Test access control enforcement at both UI and API levels. Verify history displays datetime in user's timezone. Confirm editor name matches authenticated user, not system account.
ABC-765
Security
Authentication
Access Control
TC-2.1 Password reset from login screen
Hybrid
Global Functionality > User Security & Access > Password reset from login screen
M
Medium Difficulty
10 min
Preconditions
  1. User logged out and on CHAD2 login screen
  2. Email system configured and operational
  3. Valid test user email accessible
  4. Password policy requires 10 chars, 3 of 4 types (upper, lower, digit, special)
Test Steps
Step 1
Click Forgot Password link on login page
Password reset form displays with email input field
Step 2
Enter email address and click Send Reset Link
Confirmation message displays; email received at provided address with reset link and expiration time
Step 3
Click reset link in email and enter new password meeting policy requirements
Password form validates requirements in real-time; accepts 10+ char password with 3+ of 4 types
Step 4
Submit new password and login with new credentials
Password reset succeeds; user can login with new password; old password no longer works
Bug Risks
  • Reset email not sent or sent to wrong address
  • Reset link expired too quickly or does not work
  • Password policy validation not enforced
  • Old password still accepted after reset
Test reset link expiration (should be 24-48 hours). Test with password not meeting requirements (should reject). Test reusing old password (should reject). Verify case-sensitivity of password.
ABC-773
TC-2.2 Admin-initiated password reset
Hybrid
Global Functionality > User Security & Access > Admin-initiated password reset
M
Medium Difficulty
8 min
Preconditions
  1. User logged in with L2+ administration access
  2. Navigate to Browse Users or user detail page
  3. Email system operational
  4. Target user's email address accessible
Test Steps
Step 1
Locate user in Browse Users or open user detail; click Reset Password
Confirmation dialog displays asking to confirm password reset
Step 2
Confirm password reset action
Success message displays; email sent to user's registered email with reset link
Step 3
Verify reset email received and user can set new password via link
Email contains reset link with expiration; user can follow link and set new password
Step 4
Verify user's change history shows reset initiated by admin with timestamp
Change history entry shows "Password reset initiated by [admin name]" with datetime
Bug Risks
  • Reset Password button missing or disabled
  • Confirmation prompt not shown (accidental resets possible)
  • Reset email not sent to user
  • User cannot set password after clicking reset link
Test reset button visibility for L1 users (should not see). Test reset for user currently logged in (should invalidate their session after email sent). Verify admin name logged correctly in history.
ABC-773
TC-2.3 Active/Inactive user toggle
Hybrid
Global Functionality > User Security & Access > Active/Inactive toggle
M
Medium Difficulty
10 min
Preconditions
  1. User logged in with L2+ administration access
  2. Active user record accessible in Browse Users or detail page
  3. Test user available with known login credentials
  4. Status toggle visible on user edit form
Test Steps
Step 1
Open user record and locate Status field; toggle from Active to Inactive
Toggle switches state; confirmation prompt appears asking to confirm inactivation
Step 2
Confirm inactivation; save changes and verify Browse Users shows Inactive status
Status updates to Inactive in list; user record marked appropriately
Step 3
Attempt to login with inactive user's credentials
Login denied with message "Account is inactive" or similar; user cannot access system
Step 4
Toggle user back to Active; confirm prompt; save and verify login succeeds
Status changes to Active; user can login again with same credentials
Bug Risks
  • Toggle does not change status or state not persisted
  • Confirmation prompt not displayed for dangerous action
  • Inactive user can still login after deactivation
  • Status toggle missing or grayed out for non-admin users
Test logout behavior for user currently logged in when inactivated (should be forced to logout on next action). Verify email notification sent to user on status change. Check that inactive users do not appear in lookup dropdowns for assignment.
ABC-773
TC-2.4 Masquerade feature with L3 access
Hybrid
Global Functionality > User Security & Access > Masquerade feature
M
Medium Difficulty
8 min
Preconditions
  1. User logged in with L3 super-user access
  2. Target user record visible in Browse Users or detail page
  3. Multiple browser tabs or separate window available
  4. Masquerade feature enabled in system
Test Steps
Step 1
Click Masquerade button on user record
New tab/window opens with user's session; vivid color banner displays at top indicating masquerade mode
Step 2
Verify banner displays admin name, masquerade start time, and option to exit masquerade
Banner clearly shows "Masquerading as [user name]" with admin name and exit button visible
Step 3
Navigate through system and verify masqueraded user's permissions inherited (can/cannot access modules based on user's access)
Navigation reflects target user's permission level; admin can see what user sees; restricted areas inaccessible as expected
Step 4
Click Exit Masquerade and verify return to admin session
Session switches back to admin user; banner disappears; admin permissions restored; masquerade logged in audit trail
Bug Risks
  • Masquerade button missing or only visible to L2+ instead of L3
  • Banner not displayed or indicates wrong user name
  • Masqueraded user has different permissions than actual user
  • Masquerade session not logged for audit trail
Verify masquerade not available to non-L3 users. Test masquerade timeout behavior (should timeout same as normal session). Verify logout in masquerade mode returns to admin, not logs out admin. Check audit logs contain masquerade entry.
ABC-773
Permissions
Access Control
Module Levels
TC-3.1 Set per-module permissions on Create User
Hybrid
Global Functionality > Permissions Management > Set per-module permissions
M
Medium Difficulty
12 min
Preconditions
  1. User logged in with L2+ administration access
  2. Create New User form accessible
  3. Permissions matrix section visible with all 15 modules
  4. L0-L3 access levels available for assignment
Test Steps
Step 1
Fill user basic fields (Last Name, First Name, Email) and scroll to Permissions section
Permissions matrix visible with 15 modules listed; dropdown for each module shows L0-L3 options
Step 2
Select varying permission levels: Module A=L3, Module B=L2, Module C=L1, Module D=L0
Dropdown selections accept input; visual feedback shows selected level for each module
Step 3
Save user and navigate to Browse Users; open created user's profile
User record created; edit screen shows all permission levels assigned as configured
Step 4
Test navigation visibility: L3 module visible, L2 editable, L1 view-only, L0 hidden from nav
Module A fully accessible; Module B edit allowed; Module C read-only; Module D not in navigation
Bug Risks
  • Permissions matrix not visible on Create User form
  • Module dropdowns not functional or limited to few options
  • Saved permissions not persisted or retrieved incorrectly
  • Navigation visibility does not match assigned permission levels
Test all 15 modules (Contacts, Events, Membership, Accounting, etc.). Verify L0 completely hides module from nav. Test with Super User flag ON (should override to all L3). Test simultaneous L1 access to verify read-only enforcement.
ABC-765
TC-3.2 Super User flag toggling
Hybrid
Global Functionality > Permissions Management > Super User flag
M
Medium Difficulty
10 min
Preconditions
  1. User logged in with L3 access
  2. User with mixed permissions (some L1, L2, L3, L0) available in system
  3. User detail edit page accessible
  4. Permissions matrix visible
Test Steps
Step 1
Open user with mixed permissions; note current module access levels (L1, L2, L3, L0 mix)
All modules visible with current permission levels displayed
Step 2
Toggle Super User flag ON and save
All modules automatically set to L3; permissions matrix updates to show all L3
Step 3
Toggle Super User flag OFF and save
Permissions matrix reverts to original mixed values (L1, L2, L3, L0 pattern restored)
Step 4
Verify original permission levels persisted and accessible in system
User restored to original permission state; no permissions lost; audit history shows changes
Bug Risks
  • Super User flag does not change module permissions to L3
  • Original permissions not saved before setting Super User
  • Toggle OFF does not restore to original permissions
  • Super User flag not persisted on save
Test with user having all L0 permissions (should still get L3 on Super User toggle). Test changing permissions after Super User OFF (should take effect immediately). Verify audit log shows Super User changes with timestamp.
ABC-765
TC-3.3 View/Edit All User Permissions modal
Hybrid
Global Functionality > Permissions Management > View/Edit All Users Permissions
M
Medium Difficulty
12 min
Preconditions
  1. User logged in with L3 access
  2. Browse Users page accessible
  3. Action button "View/Edit All Permissions" visible in toolbar
  4. 5+ users in system for testing
Test Steps
Step 1
From Browse Users, click View/Edit All Permissions button
Modal opens showing all users in rows with columns for each module (15 modules total)
Step 2
Verify all users listed and each has permission cells for all 15 modules
Matrix displays correctly with user names, module names, and permission values (L0-L3)
Step 3
Click on a permission cell to edit; change value (e.g., L2 to L3); cell highlights in yellow
Cell becomes editable dropdown; selection highlights in yellow; user sees change immediately
Step 4
Review legend (yellow=changed, green=saved, red=error); click Save All
All changes save; legend displays yellow for pending, green for saved; user can Discard instead
Bug Risks
  • View/Edit All Permissions button missing or disabled
  • Modal not displaying all users or modules
  • Cells not editable or changes not persisted
  • Yellow highlighting not showing for changed cells
Test with large user lists (50+ users) for performance. Test Discard button (should revert all unsaved changes). Test edit cell remains yellow until Save All clicked. Verify legend is accessible and clear. Test search/filter within modal.
ABC-765
Lookup Tables
Data Management
Edit-in-Place
TC-4.1 Browse and select lookup tables
Hybrid
Global Functionality > Lookup Table Management > Browse and select tables
M
Medium Difficulty
8 min
Preconditions
  1. User logged in with L1+ access to Lookup Tables
  2. Navigate to Lookup Tables section in Administration
  3. National and Chapter lookup tables configured
  4. Module grouping applied to tables
Test Steps
Step 1
Navigate to Lookup Tables page; verify table selector available
Page loads with table list; selector dropdown or tabs show table options grouped by module
Step 2
Click table selector and verify National vs Chapter view toggle available
Toggle or radio buttons show National / Chapter views; user can switch between scopes
Step 3
Select National view; browse tables and verify they are grouped by module with tags
National tables displayed with module tags (e.g., "Contacts", "Events"); grouping clear
Step 4
Switch to Chapter view; verify Chapter-specific tables display with appropriate tags
Chapter tables shown; may be subset of National; module grouping maintained
Bug Risks
  • Table selector not functional or missing
  • National/Chapter toggle not working
  • Module grouping not applied or confusing
  • Chapter tables not distinct from National tables
Test searching/filtering within table list. Verify table names are descriptive. Test with user having only Chapter access (National view should be unavailable). Check that switching scope preserves other UI state.
ABC-1204 ABC-931
TC-4.2 Edit-in-place and add records
Hybrid
Global Functionality > Lookup Table Management > Edit-in-place and add records
M
Medium Difficulty
10 min
Preconditions
  1. User logged in with L2+ access to edit lookup tables
  2. Lookup table selected and data visible
  3. Table has existing records and blank row for new entry
  4. Column control toggle available
Test Steps
Step 1
Click on existing record value cell to edit; change value and click outside or press Enter
Cell becomes editable; value updates on blur/Enter; change highlighted or saved visually
Step 2
Scroll to blank row at bottom; enter new value and press Enter
New record created; blank row appears below for next entry; record persisted to database
Step 3
Click column control toggle to hide/show columns; verify column visibility toggles
Column control opens dropdown; user can check/uncheck columns; display updates immediately
Step 4
Refresh page and verify all edits and new records persisted
Page reloads; all changed and new values visible; no data loss
Bug Risks
  • Edit-in-place not functional or requires separate form
  • New records not saved or disappear on refresh
  • Column control not working or missing
  • Changes visible but not persisted to database
Test validation on edited values (reject invalid data). Test concurrent edits (if multiple users). Test copy/paste into cells. Test delete record functionality (if available). Verify edit history tracks changes with timestamp.
ABC-931
TC-4.3 Locking behavior for tables and records
Hybrid
Global Functionality > Lookup Table Management > Locking behavior
M
Medium Difficulty
12 min
Preconditions
  1. User logged in with L2+ access to tables
  2. Locked and unlocked lookup tables available
  3. Locked records exist in some tables
  4. National and Chapter context roles available
Test Steps
Step 1
Open locked lookup table (National-defined) from Chapter view
Table displays as read-only; edit cells disabled; lock icon visible on table
Step 2
Attempt to click edit cell on locked record; verify no edit possible
Cell click has no effect; edit mode not activated; read-only state enforced
Step 3
If system lock/unlock available, click unlock button and confirm system lock
Confirmation dialog appears; system unlock triggered; lock removed temporarily
Step 4
Verify re-lock button appears after unlock; click to re-lock
Table becomes editable after unlock; after re-lock, read-only state restored
Bug Risks
  • Locked table editable despite lock status
  • Lock icon missing or not indicative of lock state
  • Unlock button does not unlock; re-lock does not lock
  • Lock state not persisted across sessions
Test lock behavior with different user roles (L1 vs L2 vs L3). Verify National admin can lock/unlock but Chapter admin cannot. Test lock timeout if auto-lock exists. Verify locked records prevent new entry in that table.
ABC-1204
TC-4.4 Approval workflow and Excel export
Hybrid
Global Functionality > Lookup Table Management > Approval workflow and export
M
Medium Difficulty
12 min
Preconditions
  1. User logged in with L2+ access to lookup tables
  2. Table with "Requires Approval" indicator visible
  3. Zoho email system configured for approval workflow
  4. Excel export feature available
Test Steps
Step 1
Edit record in "Requires Approval" table and save; verify "Requires Approval" indicator displays
Record marked as pending approval; approval indicator visible; record shows pending state
Step 2
Verify Zoho approval email sent to approver with change details
Email received by approver with edit summary; approval link in email; timestamp of change
Step 3
Click Export to Excel on table with pending approvals
Excel file downloads; pending records marked or flagged appropriately
Step 4
Verify "Show National-Defined Codes" filter available and functional
Filter toggle shows/hides National vs Chapter records; export respects filter
Bug Risks
  • Approval indicator missing or not displayed
  • Zoho email not triggered or sent to wrong recipient
  • Excel export corrupted or missing pending data
  • National-Defined filter not working
Test approval for multiple pending records. Test reject/approve flow from email. Verify approved records no longer show approval indicator. Test National-Defined filter with 100+ records for performance. Test concurrent approvals.
ABC-1204
Auditing
Change History
Logging
TC-5.1 Record change history view
Hybrid
Global Functionality > Audits, Logs & Change History > Record change history
M
Medium Difficulty
10 min
Preconditions
  1. User logged in with L1+ access to target module
  2. Company/Individual/User record with change history available
  3. Multiple changes made to record over time
  4. View History button or link accessible
Test Steps
Step 1
Open record and locate View History button/link
Button visible and enabled; click opens change history panel or modal
Step 2
Verify fly-out panel displays with columns: Field Changed, Old Value, New Value, Timestamp, Editor
All history columns visible and populated; chronological order (newest first or oldest first, consistently)
Step 3
Verify each history entry shows: what field changed, old and new values, exact timestamp, editor's name
Data complete and accurate; timestamp includes date/time/timezone; editor name matches authenticated user
Step 4
Click Export History to Excel if available
Excel file downloads with all history entries; formatting clean and readable
Bug Risks
  • View History button missing or disabled
  • Change history not populated or empty
  • Old/New values incorrect or missing
  • Editor name shows system account instead of actual user
Test history for records changed by different users. Test with 100+ history entries for performance. Verify timestamp matches system time. Test read-only access (L1 can see history). Check history survives record deletion (if soft delete).
ABC-840 ABC-943
TC-5.2 System logs and event logging
Hybrid
Global Functionality > Audits, Logs & Change History > System logs
M
Medium Difficulty
10 min
Preconditions
  1. User logged in with L3 administration access
  2. Navigate to Administration > System Logs
  3. Event logging enabled for API calls, imports, chapter mods, errors
  4. Recent system activity available in logs
Test Steps
Step 1
Access admin System Logs page; verify logs display with columns for Type, Timestamp, Details, User
Log entries visible; sortable and filterable; chronological display
Step 2
Verify entries for API calls, imports, chapter modifications, and errors are logged and visible
Different event types shown with appropriate categorization; details populated
Step 3
Click on log entry to view full details including timestamp precision and user who triggered action
Detail modal/panel shows full event info; timestamp includes seconds; user details accurate
Step 4
Filter logs by date range and event type; verify results narrow appropriately
Filters work in combination; results accurate; export to Excel available
Bug Risks
  • System Logs page not accessible or missing
  • Log entries not created for major events (API, imports, errors)
  • Timestamp incorrect or missing precision
  • Event type filtering not working
Test with high-volume logs (1000+ entries). Verify errors are logged (simulate error condition). Test timestamp matches actual event time. Verify L1/L2 users cannot access System Logs. Test log retention policy.
ABC-1524
TC-5.3 Audit reports and bulk remediation
Hybrid
Global Functionality > Audits, Logs & Change History > Audit reports and remediation
M
Medium Difficulty
12 min
Preconditions
  1. User logged in with L2+ administration access
  2. Module audit reports available (e.g., Contacts, Events)
  3. Data discrepancies or issues exist in system
  4. Edit-in-place or bulk edit functionality available
Test Steps
Step 1
Navigate to module audit reports (e.g., Contacts Audit); view report with discrepancies
Report displays findings with issue descriptions; filter for data quality issues available
Step 2
Filter report for specific discrepancies (e.g., missing required fields); narrow results
Filter reduces report to relevant issues; results count updates
Step 3
Click edit icon on report row; edit value inline (bulk edit-in-place) and save
Row becomes editable; value updates; click Save applies change to database
Step 4
Verify changes saved and record history updated with audit fix notation
Change history entry shows remediation by audit; report updated to remove fixed item
Bug Risks
  • Audit reports missing or empty
  • Filter not narrowing results appropriately
  • Edit icon missing or inline edit not functional
  • Changes not persisted or history not updated
Test with large report sets (1000+ items). Test bulk select and mass remediation. Verify undo/revert available for bulk changes. Test that non-auditors cannot run reports. Check audit report performance under load.
ABC-1524
Email Management
Templates
Communication
TC-6.1 Manage email templates
Hybrid
Global Functionality > Email Sub-System > Manage email templates
M
Medium Difficulty
10 min
Preconditions
  1. User logged in with L2+ access to email management
  2. Navigate to Administration > Manage Application Emails
  3. Template list available with editable templates
  4. Email system configured
Test Steps
Step 1
Navigate to Manage Application Emails and select a template (e.g., Password Reset)
Template editor loads showing Subject, Body, Reply-To, From, CC, BCC fields
Step 2
Edit template: change Subject and Body text; update Reply-To, From, CC, BCC
All fields editable; content accepts text; email addresses validated in address fields
Step 3
Click Save and verify success message
Changes saved; confirmation message displays; template ready for use
Step 4
Click Preview (if available) to see email template rendered
Preview shows formatted email with Subject and Body as it will appear; visual feedback on formatting
Bug Risks
  • Template editor not loading or fields missing
  • Changes not saved or reverted unexpectedly
  • Email addresses not validated in address fields
  • Preview not available or inaccurate
Test with special characters in email addresses. Test very long subject/body. Test cancel button (should discard unsaved changes). Test multiple templates. Verify L1 users cannot edit templates.
ABC-1009 ABC-1095
TC-6.2 Dynamic variables and token substitution
Hybrid
Global Functionality > Email Sub-System > Dynamic variables and tokens
M
Medium Difficulty
10 min
Preconditions
  1. User logged in with L2+ access to email templates
  2. Email template editor open
  3. Token/variable picker available in Body field
  4. Email system configured to use variables
Test Steps
Step 1
Click in email Body field and locate Insert Variable button/picker
Variable picker dialog or dropdown opens showing available tokens (firstname, lastname, email, etc.)
Step 2
Select {firstname} and {lastname} tokens from picker; verify they insert into Body
Tokens inserted as {firstname} and {lastname}; clearly visible in template text
Step 3
Save template and trigger an email to test recipient (e.g., password reset)
Email sent to test user; verify {firstname} and {lastname} replaced with actual values
Step 4
Verify received email shows substituted names, not literal token text
Email body contains "Dear John Smith" (example) instead of "Dear {firstname} {lastname}"
Bug Risks
  • Variable picker missing or not functional
  • Tokens not inserting into template
  • Tokens not substituted in sent email (literal {token} text sent)
  • Undefined tokens result in blank or error values
Test all available tokens (first/last name, email, date, chapter, etc.). Test nested tokens if supported. Test token in Subject field. Test malformed token {invalid_token} (should handle gracefully). Test with missing data (null firstname).
ABC-1413
TC-6.3 Module-group permissions for email editing
Hybrid
Global Functionality > Email Sub-System > Module-group permissions
M
Medium Difficulty
10 min
Preconditions
  1. User with L3 access to Contacts module but L2 or less for Events
  2. Email templates grouped by module available
  3. Access to Manage Application Emails page
  4. Two different email template types (Contacts-related, Events-related)
Test Steps
Step 1
Login as L3 Contacts, L2 Events user; navigate to Manage Emails
Email templates listed and grouped by module; both module groups visible
Step 2
Select Contacts module email and attempt to edit
Template opens for editing; edit fields enabled (user has L3 Contacts access)
Step 3
Select Events module email and attempt to edit
Template opens but edit fields disabled or read-only (user has L2 Events access, not L3)
Step 4
Attempt to save changes to Events template and verify denied
Save button disabled or save attempt fails with permission error message
Bug Risks
  • User able to edit email for module they only have L2 access to
  • Permission check not enforced at save level
  • Email grouping by module not clear or missing
  • No visual indication of edit restrictions
Test with L1 user (should not see any templates or all read-only). Test with L0 user (should not access Manage Emails). Verify permission check at both UI and API levels. Test with Super User flag ON (should have full access).
ABC-1095
TC-6.4 Non-production email handling (UAT/QA)
Hybrid
Global Functionality > Email Sub-System > Non-production email handling
M
Medium Difficulty
10 min
Preconditions
  1. System running in non-production environment (UAT, QA, Staging)
  2. Environment variable set (e.g., ENVIRONMENT=UAT)
  3. Email system configured with test recipients
  4. System Defaults configured with test email addresses for intercept
Test Steps
Step 1
Trigger email from non-production system (e.g., user password reset)
Email subject prefixed with "UAT -" or "[UAT]"; body contains warning banner
Step 2
Verify warning banner in email body clearly indicates non-production environment
Banner visible at top of email body; states "This is a TEST email from UAT environment"
Step 3
Verify TO/CC/BCC recipients intercepted and redirected to test address(es)
Email received by configured test recipient, not original user email
Step 4
Verify original TO/CC/BCC addresses visible in email (e.g., "Original To: user@example.com")
Email footer or header shows "Intercepted for: original@email.com" or similar reference
Bug Risks
  • Subject prefix not added; email sent without UAT indication
  • Warning banner missing from email body
  • Email sent to original recipient instead of test address (data leak)
  • Original recipient addresses not preserved for reference
Critical test to prevent production email leaks. Verify configuration persists across system restarts. Test with multiple TO/CC/BCC recipients. Test different email types (password reset, notification, approval). Verify prefix format consistent.
ABC-1095
System Configuration
Defaults Management
Settings
TC-7.1 National Defaults screen configuration
Hybrid
Global Functionality > System Defaults > National Defaults
M
Medium Difficulty
10 min
Preconditions
  1. User logged in with L3 National Admin access
  2. Navigate to National Admin > Administration > National-Set Defaults
  3. Settings form accessible with default fields (Company Type, Active Member Flag, etc.)
  4. Multiple default values available for selection
Test Steps
Step 1
Navigate to National-Set Defaults page; verify form displays with all default fields
Form loads with fields for Company Type, Active Member Flag, and other configurable defaults
Step 2
Select value for Company Type dropdown (e.g., "Association" or "Corporation")
Dropdown opens with options; selection updates form; selected value visible
Step 3
Set other defaults (Active Member Flag, etc.) and click Save
Values saved; success message displays; defaults now system-wide baseline
Step 4
Verify saved defaults applied to new records created without specific override
New company inherits National default Company Type if not explicitly set
Bug Risks
  • National-Set Defaults page not accessible or missing
  • Dropdowns not functional or missing options
  • Changes not saved or reverted on page reload
  • Defaults not applied to new records
Test with different user roles (Chapter Admin should not see National defaults). Verify defaults are baseline, not mandatory (can be overridden per record). Test changing default mid-year (new records use new default, existing unaffected).
ABC-1642 ABC-1659
TC-7.2 Chapter Defaults with National comparison
Hybrid
Global Functionality > System Defaults > Chapter Defaults
M
Medium Difficulty
10 min
Preconditions
  1. User logged in with L2+ Chapter Admin access
  2. Navigate to Chapter Admin > Chapter-Set Defaults
  3. National defaults already configured and visible
  4. Form shows National values in adjacent column for comparison
Test Steps
Step 1
Navigate to Chapter-Set Defaults; verify National values displayed in adjacent column
Form shows two columns: Chapter Settings and National Values (read-only); comparison visible
Step 2
Where chapter value differs from National, verify row highlighted in orange; matching values in green
Color indicators clear: orange=chapter overrides national, green=chapter matches national
Step 3
Set a chapter override for Company Type (different from National)
Selection made; row updates to orange highlight; National column still shows original value
Step 4
Click Save; verify override persisted for chapter
Chapter default saved; National default unchanged; new records inherit chapter override
Bug Risks
  • National values not displayed or not editable distinction unclear
  • Color indicators missing or incorrect (orange/green not applied)
  • Chapter overrides not saved or reverted
  • Chapter admin unable to see Chapter Defaults page
Test with multiple chapters (each sees their own defaults vs National). Test National-only values (not overridable). Verify change cascades to chapter records. Test L1 chapter user (should be read-only).
ABC-1642 ABC-1093
TC-7.3 User Defaults screen with cascading hierarchy
Hybrid
Global Functionality > System Defaults > User Defaults
M
Medium Difficulty
10 min
Preconditions
  1. User logged in and at User Settings > Manage My Defaults
  2. National and Chapter defaults already configured
  3. User edit form shows National + Chapter columns for comparison
  4. User able to set personal preferences
Test Steps
Step 1
Navigate to User Settings > Manage My Defaults; verify form shows three columns: User, Chapter, National
All three levels visible with values; user column editable, chapter and national read-only
Step 2
Set a user preference different from Chapter and National values
User column updated; row highlights with color indicator (orange=overrides both levels)
Step 3
Click Save; verify user preference persisted
User default saved; override active for this user's records
Step 4
Create new record and verify user default takes precedence (if set)
New record inherits user default value, not chapter or national (unless user pref is null)
Bug Risks
  • User Defaults page not accessible or missing
  • Chapter/National columns not visible or editable (should be read-only, not invisible)
  • User preferences not saved or overridden unexpectedly
  • Color indicators missing or confusing
Test cascade behavior: set User, remove it, verify Chapter becomes active. Test with null values (should fall through to next level). Test clear button (should reset user preference and fall back). Test different users have independent preferences.
ABC-1642
TC-7.4 Hierarchy cascade and fallback behavior
Hybrid
Global Functionality > System Defaults > Hierarchy cascade
M
Medium Difficulty
12 min
Preconditions
  1. User logged in with appropriate access (L2+ for chapter, L3 for national)
  2. National, Chapter, and User defaults screens accessible
  3. Ability to set and clear defaults at each level
  4. Test record creation to verify cascade
Test Steps
Step 1
Set different Company Type at all three levels: National="Corp", Chapter="NPO", User="Association"
All three values set and saved at respective levels
Step 2
Create new record as target user and verify Company Type defaults to "Association" (User level)
New record inherits User default; Company Type="Association" pre-filled
Step 3
Remove User setting (clear/delete); create new record and verify fallback to Chapter level
Record now inherits Chapter default; Company Type="NPO"
Step 4
Remove Chapter setting; create new record and verify fallback to National level
Record inherits National default; Company Type="Corp"
Bug Risks
  • Hierarchy precedence incorrect (wrong level takes priority)
  • Fallback not working (returns null instead of next level)
  • Setting not cleared properly; old value persists
  • Cascade behavior inconsistent across different default types
Critical test for settings cascade logic. Test with multiple default fields simultaneously. Test partial clears (some levels set, some not). Test user in different chapters (uses correct chapter level). Verify no unintended side effects when changing defaults.
ABC-1642 ABC-1659
Security
Session Management
Cross-Module
TC-8.1 Permission enforcement across all access levels
Hybrid
Global Functionality > Cross-Cutting Concerns > Permission enforcement
M
Medium Difficulty
15 min
Preconditions
  1. Users with L0, L1, L2, L3 access to various modules
  2. Navigation visible; module URLs known
  3. Browser developer tools available for direct URL testing
  4. API endpoints accessible for testing
Test Steps
Step 1
Login as L0 user (no access to Module A); verify module hidden from navigation
Module A not visible in nav menu; no submenu option
Step 2
Attempt direct URL access to Module A (e.g., /module-a/dashboard)
Access blocked; redirect to access denied page or dashboard with error message
Step 3
Login as L1 user (view-only Module B); verify module visible but edit buttons disabled
Module B accessible; data displayed; all edit/create buttons disabled or absent
Step 4
Login as L2 user (edit access); verify edit buttons enabled; L3 admin options still hidden
Edit/create allowed; admin-only buttons hidden or disabled
Bug Risks
  • L0 user can access module via direct URL
  • L1 user able to edit despite view-only access
  • L2 user can access L3 admin features
  • API call succeeds despite insufficient permissions
Test both UI hiding and backend enforcement. Test API calls with insufficient token privileges (should reject). Test masquerade (admin sees what target user sees). Verify no privilege escalation via URL manipulation or header spoofing.
ABC-765 ABC-1441
TC-8.2 Session management and timeout behavior
Hybrid
Global Functionality > Cross-Cutting Concerns > Session management
M
Medium Difficulty
15 min
Preconditions
  1. User logged in with active session
  2. Session timeout configured (e.g., 30 min inactivity)
  3. Multiple windows/tabs available to test simultaneous sessions
  4. Ability to simulate session expiry or wait for timeout
Test Steps
Step 1
Login normally and navigate to module page; verify user logged in with active session
Session established; user can navigate and access data
Step 2
Wait for session timeout or trigger expiry; attempt action (navigate, submit form)
Redirect to login page with message "Your session has expired"
Step 3
Re-login after session expiry; verify new session established and data accessible
Login succeeds; session reestablished; no lingering session data
Step 4
Test logout explicitly (click Logout) and verify session destroyed
Redirect to login page; cannot access system without re-login; clean logout
Bug Risks
  • Session timeout not enforced; user remains logged in indefinitely
  • Session expiry not communicated clearly to user
  • Logout does not clear session cookie/token properly
  • Old session data accessible after logout (session fixation)
Test session timeout with page idle (no action). Test session with active page (should extend timeout on activity if keep-alive enabled). Test simultaneous logins (same user in two browsers). Test logout clears both client and server-side session. Verify secure cookie flags set.
ABC-773