feat(loyalty): cross-persona page alignment with shared components

Align loyalty pages across admin, merchant, and store personas so each sees the same page set scoped to their access level. Admin acts as a superset of merchant with "on behalf" capabilities. New pages: - Store: Staff PINs management (CRUD) - Merchant: Cards, Card Detail, Transactions, Staff PINs (CRUD), Settings (read-only) - Admin: Merchant Cards, Card Detail, Transactions, PINs (read-only) Architecture: - 4 shared Jinja2 partials (cards-list, card-detail, transactions, pins) - 4 shared JS factory modules parameterized by apiPrefix/scope - Persona templates are thin wrappers including shared partials - PinDetailResponse schema for cross-store PIN listings API: 17 new endpoints (11 merchant, 6 admin on-behalf) Tests: 38 new integration tests, arch-check green i18n: ~130 new keys across en/fr/de/lb Docs: pages-and-navigation.md with full page matrix Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-22 19:28:07 +01:00
parent f41f72b86f
commit 6161d69ba2
49 changed files with 4385 additions and 14 deletions
--- a/app/modules/loyalty/tests/integration/test_admin_api.py
+++ b/app/modules/loyalty/tests/integration/test_admin_api.py
@@ -532,3 +532,122 @@ class TestAdminCreateProgramDuplicate:
        )
        # Should fail — merchant already has admin_program
        assert response.status_code in [409, 422]
+
+
+# ============================================================================
+# GET /merchants/{merchant_id}/cards (On Behalf)
+# ============================================================================
+
+
+@pytest.mark.integration
+@pytest.mark.api
+@pytest.mark.loyalty
+class TestAdminListMerchantCards:
+    """Tests for GET /api/v1/admin/loyalty/merchants/{merchant_id}/cards."""
+
+    def test_list_merchant_cards(
+        self, client, super_admin_headers, admin_merchant
+    ):
+        """Returns cards list for a merchant."""
+        response = client.get(
+            f"{BASE}/merchants/{admin_merchant.id}/cards",
+            headers=super_admin_headers,
+        )
+        assert response.status_code == 200
+        data = response.json()
+        assert "cards" in data
+        assert "total" in data
+
+    def test_list_merchant_cards_requires_auth(self, client, admin_merchant):
+        """Unauthenticated request is rejected."""
+        response = client.get(f"{BASE}/merchants/{admin_merchant.id}/cards")
+        assert response.status_code in [401, 403]
+
+
+# ============================================================================
+# GET /merchants/{merchant_id}/transactions (On Behalf)
+# ============================================================================
+
+
+@pytest.mark.integration
+@pytest.mark.api
+@pytest.mark.loyalty
+class TestAdminListMerchantTransactions:
+    """Tests for GET /api/v1/admin/loyalty/merchants/{merchant_id}/transactions."""
+
+    def test_list_merchant_transactions(
+        self, client, super_admin_headers, admin_merchant
+    ):
+        """Returns transactions for a merchant."""
+        response = client.get(
+            f"{BASE}/merchants/{admin_merchant.id}/transactions",
+            headers=super_admin_headers,
+        )
+        assert response.status_code == 200
+        data = response.json()
+        assert "transactions" in data
+        assert "total" in data
+
+    def test_list_merchant_transactions_requires_auth(self, client, admin_merchant):
+        """Unauthenticated request is rejected."""
+        response = client.get(f"{BASE}/merchants/{admin_merchant.id}/transactions")
+        assert response.status_code in [401, 403]
+
+
+# ============================================================================
+# GET /merchants/{merchant_id}/pins (On Behalf, Read-Only)
+# ============================================================================
+
+
+@pytest.mark.integration
+@pytest.mark.api
+@pytest.mark.loyalty
+class TestAdminListMerchantPins:
+    """Tests for GET /api/v1/admin/loyalty/merchants/{merchant_id}/pins."""
+
+    def test_list_merchant_pins(
+        self, client, super_admin_headers, admin_merchant
+    ):
+        """Returns PINs for a merchant."""
+        response = client.get(
+            f"{BASE}/merchants/{admin_merchant.id}/pins",
+            headers=super_admin_headers,
+        )
+        assert response.status_code == 200
+        data = response.json()
+        assert "pins" in data
+        assert "total" in data
+
+    def test_list_merchant_pins_requires_auth(self, client, admin_merchant):
+        """Unauthenticated request is rejected."""
+        response = client.get(f"{BASE}/merchants/{admin_merchant.id}/pins")
+        assert response.status_code in [401, 403]
+
+
+# ============================================================================
+# GET /merchants/{merchant_id}/locations (On Behalf)
+# ============================================================================
+
+
+@pytest.mark.integration
+@pytest.mark.api
+@pytest.mark.loyalty
+class TestAdminListMerchantLocations:
+    """Tests for GET /api/v1/admin/loyalty/merchants/{merchant_id}/locations."""
+
+    def test_list_merchant_locations(
+        self, client, super_admin_headers, admin_merchant
+    ):
+        """Returns store locations for a merchant."""
+        response = client.get(
+            f"{BASE}/merchants/{admin_merchant.id}/locations",
+            headers=super_admin_headers,
+        )
+        assert response.status_code == 200
+        data = response.json()
+        assert isinstance(data, list)
+
+    def test_list_merchant_locations_requires_auth(self, client, admin_merchant):
+        """Unauthenticated request is rejected."""
+        response = client.get(f"{BASE}/merchants/{admin_merchant.id}/locations")
+        assert response.status_code in [401, 403]