You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Test Design: Story 1.1 Institution Admin
Date: 2025-01-03
Designer: Quinn (Test Architect)
Story: Institution Admin Management (Foundation for 3-Portal Cohort System)
Test Strategy Overview
Total Test Scenarios: 47
Unit Tests: 18 (38%)
Integration Tests: 19 (40%)
E2E Tests: 10 (21%)
Priority Distribution:
- P0 (Critical): 22 tests - Security, data isolation, authentication
- P1 (High): 15 tests - Core user journeys, authorization
- P2 (Medium): 8 tests - Validation, error handling
- P3 (Low): 2 tests - Edge cases, nice-to-have
Risk Coverage: All 6 identified risks have dedicated test scenarios
Test Scenarios by Acceptance Criteria
AC1: Database schema for institutions and admin roles exists
Scenarios
| ID |
Level |
Priority |
Test |
Justification |
Risk Mitigation |
| 1.1-UNIT-001 |
Unit |
P0 |
Migration 1: account_access institution_id - Verify nullable → non-nullable transition |
Pure migration logic |
DATA-001 |
| 1.1-UNIT-002 |
Unit |
P0 |
Migration 2: institutions table fields - Validate all required fields present |
Schema validation |
DATA-001 |
| 1.1-UNIT-003 |
Unit |
P0 |
Migration 3: cohort_admin_invitations - Token hashing verification |
Cryptographic security |
SEC-002 |
| 1.1-UNIT-004 |
Unit |
P0 |
Migration 4: role enum extension - Verify cohort_admin/cohort_super_admin added |
Role validation |
SEC-003 |
| 1.1-UNIT-005 |
Unit |
P0 |
Foreign key constraints - All FKs properly defined |
Database integrity |
DATA-001 |
| 1.1-UNIT-006 |
Unit |
P0 |
Unique indexes - institution_id + user_id uniqueness |
Prevent duplicates |
SEC-003 |
| 1.1-INT-001 |
Integration |
P0 |
Backfill existing data - Link users to institutions via account |
Data migration integrity |
DATA-001 |
| 1.1-INT-002 |
Integration |
P0 |
Rollback procedure - Zero data loss verification |
Disaster recovery |
DATA-001 |
| 1.1-E2E-001 |
E2E |
P1 |
Complete migration lifecycle - Deploy → Migrate → Rollback → Verify |
End-to-end integrity |
DATA-001 |
AC2: Super admins can create institutions and invite other admins
Scenarios
| ID |
Level |
Priority |
Test |
Justification |
Risk Mitigation |
| 1.1-UNIT-007 |
Unit |
P0 |
Token generation - SecureRandom.urlsafe_base64(64) entropy |
Cryptographic security |
SEC-002 |
| 1.1-UNIT-008 |
Unit |
P0 |
Token hashing - SHA-256 storage verification |
Security at rest |
SEC-002 |
| 1.1-UNIT-009 |
Unit |
P0 |
Token preview - First 8 chars + '...' format |
Debugging without exposure |
SEC-002 |
| 1.1-UNIT-010 |
Unit |
P0 |
Rate limiting - Max 5 pending invitations per email |
Spam prevention |
PERF-002 |
| 1.1-UNIT-011 |
Unit |
P0 |
Invitation validation - Email format, role inclusion, expiry |
Input validation |
SEC-002 |
| 1.1-UNIT-012 |
Unit |
P1 |
Institution creation - Super admin role requirement |
Authorization logic |
SEC-003 |
| 1.1-INT-003 |
Integration |
P0 |
Invitation flow - Create → Email → Accept → Access |
Multi-component flow |
SEC-002 |
| 1.1-INT-004 |
Integration |
P0 |
Redis single-use enforcement - Concurrent token validation |
Race condition prevention |
SEC-002 |
| 1.1-INT-005 |
Integration |
P0 |
Rate limiting enforcement - 6th attempt returns 429 |
API behavior |
PERF-002 |
| 1.1-INT-006 |
Integration |
P1 |
Institution CRUD - Create, read, update, delete |
Core functionality |
SEC-003 |
| 1.1-INT-007 |
Integration |
P1 |
Admin invitation email - Delivery and content verification |
Email integration |
TECH-002 |
| 1.1-E2E-002 |
E2E |
P0 |
Super admin invitation journey - Complete workflow |
Critical path |
SEC-002 |
| 1.1-E2E-003 |
E2E |
P1 |
Institution creation flow - UI to database |
User experience |
SEC-003 |
AC3: Regular admins can manage cohorts within their institution
Scenarios
| ID |
Level |
Priority |
Test |
Justification |
Risk Mitigation |
| 1.1-UNIT-013 |
Unit |
P0 |
User model methods - can_access_institution?, role checks |
Pure logic |
SEC-003 |
| 1.1-UNIT-014 |
Unit |
P0 |
Institution scopes - for_user(user), managed_by(user) |
Query isolation |
SEC-001 |
| 1.1-UNIT-015 |
Unit |
P0 |
Account access validation - Uniqueness constraint |
Data integrity |
SEC-003 |
| 1.1-UNIT-016 |
Unit |
P1 |
Cancancan abilities - Cohort admin permissions |
Authorization rules |
SEC-003 |
| 1.1-INT-008 |
Integration |
P0 |
Data isolation - Admin A cannot access Admin B's institutions |
Cross-institution security |
SEC-001 |
| 1.1-INT-009 |
Integration |
P1 |
Role-based access - Cohort admin vs super admin capabilities |
Authorization enforcement |
SEC-003 |
| 1.1-INT-010 |
Integration |
P1 |
Cohort management - Admin can CRUD cohorts within institution |
Core functionality |
SEC-003 |
| 1.1-E2E-004 |
E2E |
P1 |
Regular admin journey - Login → Institution → Cohorts |
User workflow |
SEC-003 |
AC4: Admins cannot access other institutions' data
Scenarios
| ID |
Level |
Priority |
Test |
Justification |
Risk Mitigation |
| 1.1-UNIT-017 |
Unit |
P0 |
Security event model - Logging method correctness |
Audit capability |
OPS-001 |
| 1.1-INT-011 |
Integration |
P0 |
API base controller - verify_institution_access before_action |
Layer 3 security |
SEC-001 |
| 1.1-INT-012 |
Integration |
P0 |
Cross-institution API attempts - All endpoints return 403 |
Comprehensive coverage |
SEC-001 |
| 1.1-INT-013 |
Integration |
P0 |
Security event logging - All violations captured |
Audit trail |
OPS-001 |
| 1.1-E2E-005 |
E2E |
P0 |
Cross-institution breach attempt - Malicious URL navigation |
Real-world attack |
SEC-001 |
| 1.1-E2E-006 |
E2E |
P0 |
API token manipulation - Wrong institution_id in JWT |
API security |
SEC-001 |
AC5: Role-based permissions are enforced at API and UI levels
Scenarios
| ID |
Level |
Priority |
Test |
Justification |
Risk Mitigation |
| 1.1-UNIT-018 |
Unit |
P0 |
Role enum validation - cohort_admin, cohort_super_admin inclusion |
Data validation |
SEC-003 |
| 1.1-INT-014 |
Integration |
P0 |
Controller role checks - verify_institution_role method |
Layer 3 enforcement |
SEC-003 |
| 1.1-INT-015 |
Integration |
P0 |
API authorization - Role-based endpoint access |
API security |
SEC-003 |
| 1.1-INT-016 |
Integration |
P1 |
UI route guards - Vue navigation protection |
Layer 4 security |
SEC-003 |
| 1.1-INT-017 |
Integration |
P1 |
API client validation - Pre-request institution verification |
Client-side security |
SEC-003 |
| 1.1-E2E-007 |
E2E |
P0 |
Role escalation attempt - Admin tries super admin actions |
Security boundary |
SEC-003 |
| 1.1-E2E-008 |
E2E |
P1 |
UI role visibility - Elements show/hide based on role |
UX security |
SEC-003 |
Winston's 4-Layer Security Architecture Tests
Layer 1: Database-Level Security
| ID |
Level |
Priority |
Test |
Risk Mitigation |
| 1.1-SEC-L1-001 |
Integration |
P0 |
Foreign key constraints - All relationships enforced |
DATA-001 |
| 1.1-SEC-L1-002 |
Integration |
P0 |
Unique index enforcement - [user_id, institution_id] prevents duplicates |
SEC-003 |
| 1.1-SEC-L1-003 |
Integration |
P0 |
Scoped query verification - Institution.for_user(user) isolation |
SEC-001 |
| 1.1-SEC-L1-004 |
Integration |
P0 |
Non-nullable constraint - institution_id after backfill |
DATA-001 |
| 1.1-SEC-L1-005 |
Integration |
P0 |
SQL injection resistance - Malicious input in scoped queries |
SEC-001 |
Layer 2: Model-Level Security
| ID |
Level |
Priority |
Test |
Risk Mitigation |
| 1.1-SEC-L2-001 |
Unit |
P0 |
User.can_access_institution? - Returns true/false correctly |
SEC-003 |
| 1.1-SEC-L2-002 |
Unit |
P0 |
Institution.accessible_by? - Verification method accuracy |
SEC-003 |
| 1.1-SEC-L2-003 |
Unit |
P0 |
Role methods - cohort_super_admin?, cohort_admin? |
SEC-003 |
| 1.1-SEC-L2-004 |
Integration |
P0 |
Cancancan abilities - Correct permissions per role |
SEC-003 |
Layer 3: Controller-Level Security
| ID |
Level |
Priority |
Test |
Risk Mitigation |
| 1.1-SEC-L3-001 |
Integration |
P0 |
verify_institution_access - Blocks unauthorized access |
SEC-001 |
| 1.1-SEC-L3-002 |
Integration |
P0 |
verify_institution_role - Role enforcement |
SEC-003 |
| 1.1-SEC-L3-003 |
Integration |
P0 |
log_security_event - All violations logged |
OPS-001 |
| 1.1-SEC-L3-004 |
Integration |
P0 |
Strong parameters - Input validation |
SEC-002 |
Layer 4: UI-Level Security
| ID |
Level |
Priority |
Test |
Risk Mitigation |
| 1.1-SEC-L4-001 |
E2E |
P0 |
Vue route guards - Navigation protection |
SEC-003 |
| 1.1-SEC-L4-002 |
E2E |
P0 |
API client pre-validation - Request filtering |
SEC-003 |
| 1.1-SEC-L4-003 |
E2E |
P0 |
Context storage validation - Vuex state verification |
SEC-003 |
| 1.1-SEC-L4-004 |
E2E |
P0 |
Role-based UI - Element visibility control |
SEC-003 |
Token Security & Rate Limiting Tests
Cryptographic Token System
| ID |
Level |
Priority |
Test |
Risk Mitigation |
| 1.1-TOKEN-001 |
Unit |
P0 |
Token generation entropy - 512 bits from SecureRandom |
SEC-002 |
| 1.1-TOKEN-002 |
Unit |
P0 |
SHA-256 hashing - Deterministic hash generation |
SEC-002 |
| 1.1-TOKEN-003 |
Unit |
P0 |
Token validation - Hash comparison logic |
SEC-002 |
| 1.1-TOKEN-004 |
Integration |
P0 |
Single-use enforcement - Redis atomic operations |
SEC-002 |
| 1.1-TOKEN-005 |
Integration |
P0 |
Token expiration - 24-hour default validation |
SEC-002 |
| 1.1-TOKEN-006 |
Integration |
P0 |
Email matching - Token only valid for correct email |
SEC-002 |
| 1.1-TOKEN-007 |
Integration |
P0 |
Concurrent validation - Race condition prevention |
SEC-002 |
| 1.1-TOKEN-008 |
E2E |
P0 |
Token reuse attempt - Second use fails |
SEC-002 |
| 1.1-TOKEN-009 |
E2E |
P0 |
Expired token - After 24 hours rejection |
SEC-002 |
| 1.1-TOKEN-010 |
E2E |
P0 |
Wrong email - Token valid but email mismatch |
SEC-002 |
Rate Limiting Tests
| ID |
Level |
Priority |
Test |
Risk Mitigation |
| 1.1-RATE-001 |
Unit |
P0 |
Rate limit counter - Accurate pending invitation count |
PERF-002 |
| 1.1-RATE-002 |
Integration |
P0 |
5 invitations limit - Exact boundary enforcement |
PERF-002 |
| 1.1-RATE-003 |
Integration |
P0 |
6th attempt rejection - Returns 429 status |
PERF-002 |
| 1.1-RATE-004 |
Integration |
P0 |
Counter reset - After acceptance/expiry |
PERF-002 |
| 1.1-RATE-005 |
Integration |
P0 |
Per-email limit - Different emails have separate counters |
PERF-002 |
| 1.1-RATE-006 |
Integration |
P0 |
Per-institution limit - Same email across institutions |
PERF-002 |
| 1.1-RATE-007 |
E2E |
P0 |
Spam attack simulation - Rapid invitation attempts |
PERF-002 |
Integration Tests: Existing DocuSeal Compatibility
IV1: Authentication Compatibility
| ID |
Level |
Priority |
Test |
Risk Mitigation |
| 1.1-IV1-001 |
Integration |
P0 |
Existing user login - Devise flow unchanged |
TECH-001 |
| 1.1-IV1-002 |
Integration |
P0 |
JWT token compatibility - Legacy endpoints work |
TECH-001 |
| 1.1-IV1-003 |
Integration |
P0 |
2FA functionality - Existing 2FA continues |
TECH-001 |
| 1.1-IV1-004 |
Integration |
P0 |
API access tokens - Unaffected by new roles |
TECH-001 |
| 1.1-IV1-005 |
Integration |
P0 |
Session management - No changes to sessions |
TECH-001 |
IV2: Role System Compatibility
| ID |
Level |
Priority |
Test |
Risk Mitigation |
| 1.1-IV2-001 |
Integration |
P0 |
Existing roles preserved - member, admin unchanged |
TECH-001 |
| 1.1-IV2-002 |
Integration |
P0 |
New roles additive - No conflicts with old enum |
TECH-001 |
| 1.1-IV2-003 |
Integration |
P0 |
Template access - Existing permissions work |
TECH-001 |
| 1.1-IV2-004 |
Integration |
P0 |
Submission access - Legacy workflows unaffected |
TECH-001 |
| 1.1-IV2-005 |
Integration |
P0 |
Account isolation - Existing account-level security |
TECH-001 |
IV3: Performance Impact
| ID |
Level |
Priority |
Test |
Risk Mitigation |
| 1.1-IV3-001 |
Integration |
P0 |
Baseline performance - Before changes benchmark |
PERF-001 |
| 1.1-IV3-002 |
Integration |
P0 |
After changes performance - <10% degradation |
PERF-001 |
| 1.1-IV3-003 |
Integration |
P0 |
Query performance - 1000+ institutions |
PERF-001 |
| 1.1-IV3-004 |
Integration |
P0 |
Concurrent load - 100+ simultaneous users |
PERF-001 |
| 1.1-IV3-005 |
Integration |
P0 |
Database optimization - EXPLAIN ANALYZE verification |
PERF-001 |
IV4: New Architecture Security (MANDATORY)
| ID |
Level |
Priority |
Test |
Risk Mitigation |
| 1.1-IV4-001 |
E2E |
P0 |
Cross-institution access - All endpoints with wrong institution_id |
SEC-001 |
| 1.1-IV4-002 |
E2E |
P0 |
SQL injection - Malicious input in scoped queries |
SEC-001 |
| 1.1-IV4-003 |
E2E |
P0 |
Unauthorized responses - All attempts return 403 |
SEC-001 |
| 1.1-IV4-004 |
E2E |
P0 |
Redis concurrent load - 50 token validation attempts |
SEC-002 |
| 1.1-IV4-005 |
E2E |
P0 |
Race condition prevention - Concurrent same-token validation |
SEC-002 |
| 1.1-IV4-006 |
E2E |
P0 |
Single-use enforcement - Token reuse fails under load |
SEC-002 |
| 1.1-IV4-007 |
Integration |
P0 |
Security event capture - All 6 event types logged |
OPS-001 |
| 1.1-IV4-008 |
Integration |
P0 |
IP address accuracy - Correct source capture |
OPS-001 |
| 1.1-IV4-009 |
Integration |
P0 |
Details JSON - Relevant information stored |
OPS-001 |
| 1.1-IV4-010 |
E2E |
P0 |
Rate limit 429 - 6th attempt returns correct status |
PERF-002 |
| 1.1-IV4-011 |
E2E |
P0 |
Counter reset - After limit period expires |
PERF-002 |
| 1.1-IV4-012 |
E2E |
P0 |
Per-institution enforcement - Same email, different institutions |
PERF-002 |
| 1.1-IV4-013 |
E2E |
P0 |
Token reuse fails - Multiple validation attempts |
SEC-002 |
| 1.1-IV4-014 |
E2E |
P0 |
Expired token rejected - After 24 hours |
SEC-002 |
| 1.1-IV4-015 |
E2E |
P0 |
Wrong email rejected - Token valid but email mismatch |
SEC-002 |
| 1.1-IV4-016 |
E2E |
P0 |
Concurrent same-token - Multiple users, same token |
SEC-002 |
IV5: Integration with Existing Features
| ID |
Level |
Priority |
Test |
Risk Mitigation |
| 1.1-IV5-001 |
Integration |
P1 |
Template sharing - Works with new institutions |
TECH-001 |
| 1.1-IV5-002 |
Integration |
P1 |
Submission workflows - Integrates correctly |
TECH-001 |
| 1.1-IV5-003 |
Integration |
P1 |
Webhook delivery - Unaffected by changes |
TECH-001 |
| 1.1-IV5-004 |
Integration |
P1 |
Email notifications - Works for new roles |
TECH-001 |
| 1.1-IV5-005 |
Integration |
P1 |
Export functionality - Includes new data |
TECH-001 |
Security Penetration Test Scenarios
Data Isolation Breach Attempts
| ID |
Level |
Priority |
Test |
Expected Result |
| 1.1-PEN-001 |
E2E |
P0 |
Direct URL manipulation - /api/v1/institutions/999 (wrong ID) |
403 Forbidden + Security event logged |
| 1.1-PEN-002 |
E2E |
P0 |
Parameter tampering - institution_id=999 in valid request |
403 Forbidden + Security event logged |
| 1.1-PEN-003 |
E2E |
P0 |
JWT token spoofing - Modify token to access other institution |
403 Forbidden + Security event logged |
| 1.1-PEN-004 |
E2E |
P0 |
SQL injection - institution_id=1; DROP TABLE users |
Query fails, no data loss |
| 1.1-PEN-005 |
E2E |
P0 |
NoSQL injection - JSON payload with malicious operators |
Validation fails, 422 response |
Token Security Breach Attempts
| ID |
Level |
Priority |
Test |
Expected Result |
| 1.1-PEN-006 |
E2E |
P0 |
Token brute force - Guess 512-bit token |
404 Not Found (statistically impossible) |
| 1.1-PEN-007 |
E2E |
P0 |
Token replay - Use accepted token again |
404 Not Found (single-use enforced) |
| 1.1-PEN-008 |
E2E |
P0 |
Token interception - MITM attack simulation |
Token hashed, useless if intercepted |
| 1.1-PEN-009 |
E2E |
P0 |
Token expiration bypass - Clock manipulation |
404 Not Found (server-side expiry) |
| 1.1-PEN-010 |
E2E |
P0 |
Email spoofing - Token with wrong email |
403 Forbidden (email validation) |
Role Escalation Attempts
| ID |
Level |
Priority |
Test |
Expected Result |
| 1.1-PEN-011 |
E2E |
P0 |
Admin to Super Admin - Attempt super admin actions |
403 Forbidden + Security event |
| 1.1-PEN-012 |
E2E |
P0 |
No role to Admin - Unauthenticated access |
401 Unauthorized |
| 1.1-PEN-013 |
E2E |
P0 |
Cross-account access - User from Account A to Account B |
403 Forbidden + Security event |
| 1.1-PEN-014 |
E2E |
P0 |
API token reuse - Use token from different session |
403 Forbidden (institution binding) |
Rate Limiting & DoS Protection
| ID |
Level |
Priority |
Test |
Expected Result |
| 1.1-PEN-015 |
E2E |
P0 |
Invitation spam - 100 rapid invitation requests |
429 Too Many Requests after 5 |
| 1.1-PEN-016 |
E2E |
P0 |
Token validation flood - 1000 validation attempts |
Rate limited, Redis protected |
| 1.1-PEN-017 |
E2E |
P0 |
Concurrent acceptance - 50 users accept same token |
Only 1 succeeds, others fail |
Performance & Load Testing
Baseline Performance Tests
| ID |
Level |
Priority |
Test |
Target |
| 1.1-PERF-001 |
Integration |
P0 |
Institution query - Institution.for_user(user) |
<50ms |
| 1.1-PERF-002 |
Integration |
P0 |
Role check - user.cohort_super_admin? |
<10ms |
| 1.1-PERF-003 |
Integration |
P0 |
Token validation - Redis lookup + hash check |
<100ms |
| 1.1-PERF-004 |
Integration |
P0 |
Rate limit check - Pending count query |
<20ms |
| 1.1-PERF-005 |
Integration |
P0 |
Security event logging - Async write |
<50ms |
Load Testing Scenarios
| ID |
Level |
Priority |
Test |
Load Target |
| 1.1-PERF-006 |
E2E |
P0 |
Concurrent users - 100 simultaneous admins |
<10% degradation |
| 1.1-PERF-007 |
E2E |
P0 |
Invitation burst - 50 invitations in 1 minute |
All processed, rate limited |
| 1.1-PERF-008 |
E2E |
P0 |
Token validation storm - 100 concurrent validations |
Single-use enforced |
| 1.1-PERF-009 |
E2E |
P0 |
Database query load - 1000+ institutions |
Query optimization verified |
Migration & Rollback Testing
Migration Success Tests
| ID |
Level |
Priority |
Test |
Verification |
| 1.1-MIG-001 |
Integration |
P0 |
Migration 1 - institution_id added to account_access |
Schema correct |
| 1.1-MIG-002 |
Integration |
P0 |
Backfill logic - Existing users linked to institutions |
Data integrity |
| 1.1-MIG-003 |
Integration |
P0 |
Non-nullable enforcement - change_column_null succeeds |
Constraint active |
| 1.1-MIG-004 |
Integration |
P0 |
Unique index - Prevents duplicate [user_id, institution_id] |
Index functional |
Rollback Tests
| ID |
Level |
Priority |
Test |
Verification |
| 1.1-MIG-005 |
Integration |
P0 |
Rollback procedure - Step-by-step execution |
No data loss |
| 1.1-MIG-006 |
Integration |
P0 |
Data preservation - Existing DocuSeal data intact |
100% preserved |
| 1.1-MIG-007 |
Integration |
P0 |
Feature flag toggle - Enable/disable cohort management |
Clean on/off |
| 1.1-MIG-008 |
E2E |
P0 |
Production-like rollback - Test on realistic dataset |
Zero downtime |
Recommended Execution Order
Phase 1: Foundation (P0 Unit Tests) - Fail Fast
- 1.1-UNIT-001 through 1.1-UNIT-018 (18 tests)
- All security model tests (L1, L2)
Phase 2: Integration Security (P0 Integration Tests)
- 1.1-INT-001 through 1.1-INT-017 (17 tests)
- All 4-layer security tests (L3, L4)
- Token security tests (1.1-TOKEN-*)
- Rate limiting tests (1.1-RATE-*)
Phase 3: Compatibility (P0 Integration Tests)
- IV1-IV3 tests (15 tests)
- Migration tests (1.1-MIG-*)
Phase 4: Security Penetration (P0 E2E Tests) - MANDATORY
- IV4 security tests (16 tests)
- Penetration tests (1.1-PEN-*)
Phase 5: User Journeys (P1 E2E Tests)
- 1.1-E2E-002 through 1.1-E2E-008 (7 tests)
- IV5 integration tests (5 tests)
Phase 6: Performance (P0/P1 Integration/E2E)
- 1.1-PERF-* tests (9 tests)
Phase 7: Edge Cases (P2/P3)
- Remaining P2/P3 tests as time permits
Risk Coverage Matrix
| Risk ID |
Risk Description |
Test Scenarios |
Coverage |
| SEC-001 |
Cross-institution access |
1.1-INT-011, 1.1-INT-012, 1.1-IV4-001, 1.1-PEN-001-005 |
✅ Complete |
| SEC-002 |
Token security flaws |
1.1-TOKEN-*, 1.1-IV4-004-016, 1.1-PEN-006-010 |
✅ Complete |
| SEC-003 |
Role authorization bypass |
1.1-UNIT-013-016, 1.1-INT-014-017, 1.1-PEN-011-013 |
✅ Complete |
| DATA-001 |
Migration rollback |
1.1-INT-001-002, 1.1-MIG-*, 1.1-E2E-001 |
✅ Complete |
| PERF-001 |
Performance degradation |
1.1-IV3-*, 1.1-PERF-001-005 |
✅ Complete |
| TECH-001 |
Integration conflicts |
1.1-IV1-, 1.1-IV2-, 1.1-IV5-* |
✅ Complete |
| OPS-001 |
Security logging |
1.1-UNIT-017, 1.1-INT-013, 1.1-IV4-007-009 |
✅ Complete |
| PERF-002 |
Rate limiting |
1.1-UNIT-010, 1.1-RATE-*, 1.1-IV4-010-012 |
✅ Complete |
Test Coverage Summary
By Acceptance Criteria
- AC1 (Database Schema): 9 tests ✅
- AC2 (Super Admin Actions): 13 tests ✅
- AC3 (Regular Admin Actions): 8 tests ✅
- AC4 (Data Isolation): 6 tests ✅
- AC5 (Role Enforcement): 7 tests ✅
By Security Layer
- Layer 1 (Database): 5 tests ✅
- Layer 2 (Model): 4 tests ✅
- Layer 3 (Controller): 4 tests ✅
- Layer 4 (UI): 4 tests ✅
By Integration Verification
- IV1 (Auth): 5 tests ✅
- IV2 (Roles): 5 tests ✅
- IV3 (Performance): 5 tests ✅
- IV4 (Security): 16 tests ✅
- IV5 (Features): 5 tests ✅
By Risk Mitigation
- Critical Risks (SEC-001, SEC-002): 28 tests ✅
- High Risks (SEC-003, DATA-001, PERF-001, TECH-001): 25 tests ✅
- Medium Risks (OPS-001, PERF-002, TECH-002, DATA-002): 12 tests ✅
Quality Gate Requirements
Must Pass for Production Approval
Security Tests (P0)
Performance Tests (P0)
Integration Tests (P0)
Coverage Requirements
Conditional Pass Criteria
P1 Tests (Should Pass)
P2/P3 Tests (Nice to Have)
Test Implementation Notes
Test Data Requirements
- Users: Super admin, regular admin, no-role user
- Institutions: Multiple institutions per account
- Invitations: Pending, expired, used tokens
- Roles: cohort_admin, cohort_super_admin, existing roles
Test Helpers Needed
create_institution_with_admin - Factory helpergenerate_secure_token - Token generator for testssimulate_rate_limit - Rapid invitation creatorattempt_cross_institution_access - Security test helperbenchmark_query - Performance measurement
Mocking Strategy
- Redis: Use mock for token enforcement tests
- Email: Use test mailer for invitation delivery
- External APIs: Mock webhook calls
- Time: Use Timecop for expiration tests
Test Environment Setup
# Required for security tests
export REDIS_URL=redis://localhost:6379/1
export ENABLE_COHORT_MANAGEMENT=true
# Performance testing
bundle exec rspec spec/performance/ --tag performance
# Security testing
bundle exec rspec spec/security/ --tag security
Traceability Matrix
Requirements → Tests
| Story Requirement |
Test IDs |
Coverage |
| Database schema exists |
1.1-UNIT-001-006, 1.1-INT-001-002 |
100% |
| Super admin creates institutions |
1.1-UNIT-012, 1.1-INT-006, 1.1-E2E-002-003 |
100% |
| Super admin invites admins |
1.1-UNIT-007-011, 1.1-INT-003-005, 1.1-E2E-002 |
100% |
| Regular admin manages cohorts |
1.1-UNIT-013-016, 1.1-INT-008-010, 1.1-E2E-004 |
100% |
| Data isolation enforced |
1.1-INT-011-013, 1.1-E2E-005-006, 1.1-SEC-* |
100% |
| Role-based permissions |
1.1-UNIT-018, 1.1-INT-014-017, 1.1-E2E-007-008 |
100% |
Risk → Tests
| Risk ID |
Primary Tests |
Secondary Tests |
| SEC-001 |
1.1-IV4-001-003 |
1.1-PEN-001-005, 1.1-SEC-L1-005 |
| SEC-002 |
1.1-TOKEN-001-010 |
1.1-IV4-004-016, 1.1-PEN-006-010 |
| SEC-003 |
1.1-IV4-007-009 |
1.1-PEN-011-013, 1.1-SEC-L2-001-004 |
| DATA-001 |
1.1-MIG-001-008 |
1.1-INT-001-002, 1.1-E2E-001 |
| PERF-001 |
1.1-IV3-001-005 |
1.1-PERF-001-005 |
| TECH-001 |
1.1-IV1-001-005 |
1.1-IV2-, 1.1-IV5- |
Next Steps for Test Implementation
Immediate Actions
- Create test factories for institutions, account_access, invitations
- Set up Redis test instance for token enforcement tests
- Implement test helpers for security scenarios
- Create performance baseline before implementation
During Implementation
- Write unit tests first - TDD approach for security logic
- Integration tests alongside - Test layer interactions
- Security tests after - Penetration testing on complete feature
- Performance tests last - Baseline after implementation
Before Production
- Run full test suite - All 47 scenarios
- IV4 security tests - MANDATORY pass requirement
- Performance benchmark - Verify <10% degradation
- Security audit - Third-party review of test coverage
Test Design Complete ✅
Total Scenarios: 47
P0 Critical: 22 (Must pass)
P1 High: 15 (Should pass)
P2/P3: 10 (Nice to have)
Security Focus: 28 tests dedicated to Winston's 4-layer architecture
Integration Coverage: 19 tests for existing DocuSeal compatibility
Performance Validation: 9 tests for <10% degradation requirement
Ready for: Development team kickoff → Phase 1 implementation → Phase 4 security validation
