feat(loyalty): cross-persona page alignment with shared components

Align loyalty pages across admin, merchant, and store personas so each sees the same page set scoped to their access level. Admin acts as a superset of merchant with "on behalf" capabilities. New pages: - Store: Staff PINs management (CRUD) - Merchant: Cards, Card Detail, Transactions, Staff PINs (CRUD), Settings (read-only) - Admin: Merchant Cards, Card Detail, Transactions, PINs (read-only) Architecture: - 4 shared Jinja2 partials (cards-list, card-detail, transactions, pins) - 4 shared JS factory modules parameterized by apiPrefix/scope - Persona templates are thin wrappers including shared partials - PinDetailResponse schema for cross-store PIN listings API: 17 new endpoints (11 merchant, 6 admin on-behalf) Tests: 38 new integration tests, arch-check green i18n: ~130 new keys across en/fr/de/lb Docs: pages-and-navigation.md with full page matrix Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-22 19:28:07 +01:00
parent f41f72b86f
commit 6161d69ba2
49 changed files with 4385 additions and 14 deletions
--- a/app/modules/loyalty/tests/integration/test_admin_pages.py
+++ b/app/modules/loyalty/tests/integration/test_admin_pages.py
@@ -217,3 +217,117 @@ class TestAdminMerchantSettingsPage:
            f"{BASE}/merchants/{admin_merchant.id}/settings"
        )
        assert response.status_code in [401, 403]
+
+
+# ============================================================================
+# Merchant Cards Page (On Behalf)
+# ============================================================================
+
+
+@pytest.mark.integration
+@pytest.mark.loyalty
+class TestAdminMerchantCardsPage:
+    """Tests for GET /loyalty/merchants/{merchant_id}/cards."""
+
+    def test_merchant_cards_page_renders(
+        self, client, super_admin_headers, admin_merchant
+    ):
+        """Merchant cards page returns HTML."""
+        response = client.get(
+            f"{BASE}/merchants/{admin_merchant.id}/cards",
+            headers=super_admin_headers,
+        )
+        assert response.status_code == 200
+        assert "text/html" in response.headers["content-type"]
+
+    def test_merchant_cards_page_requires_auth(self, client, admin_merchant):
+        """Unauthenticated request is rejected."""
+        response = client.get(f"{BASE}/merchants/{admin_merchant.id}/cards")
+        assert response.status_code in [401, 403]
+
+
+# ============================================================================
+# Merchant Card Detail Page (On Behalf)
+# ============================================================================
+
+
+@pytest.mark.integration
+@pytest.mark.loyalty
+class TestAdminMerchantCardDetailPage:
+    """Tests for GET /loyalty/merchants/{merchant_id}/cards/{card_id}."""
+
+    def test_merchant_card_detail_page_renders(
+        self, client, super_admin_headers, admin_merchant
+    ):
+        """Card detail page returns HTML (even with non-existent card_id)."""
+        response = client.get(
+            f"{BASE}/merchants/{admin_merchant.id}/cards/99999",
+            headers=super_admin_headers,
+        )
+        assert response.status_code == 200
+        assert "text/html" in response.headers["content-type"]
+
+    def test_merchant_card_detail_page_requires_auth(self, client, admin_merchant):
+        """Unauthenticated request is rejected."""
+        response = client.get(
+            f"{BASE}/merchants/{admin_merchant.id}/cards/99999"
+        )
+        assert response.status_code in [401, 403]
+
+
+# ============================================================================
+# Merchant Transactions Page (On Behalf)
+# ============================================================================
+
+
+@pytest.mark.integration
+@pytest.mark.loyalty
+class TestAdminMerchantTransactionsPage:
+    """Tests for GET /loyalty/merchants/{merchant_id}/transactions."""
+
+    def test_merchant_transactions_page_renders(
+        self, client, super_admin_headers, admin_merchant
+    ):
+        """Transactions page returns HTML."""
+        response = client.get(
+            f"{BASE}/merchants/{admin_merchant.id}/transactions",
+            headers=super_admin_headers,
+        )
+        assert response.status_code == 200
+        assert "text/html" in response.headers["content-type"]
+
+    def test_merchant_transactions_page_requires_auth(self, client, admin_merchant):
+        """Unauthenticated request is rejected."""
+        response = client.get(
+            f"{BASE}/merchants/{admin_merchant.id}/transactions"
+        )
+        assert response.status_code in [401, 403]
+
+
+# ============================================================================
+# Merchant PINs Page (On Behalf, Read-Only)
+# ============================================================================
+
+
+@pytest.mark.integration
+@pytest.mark.loyalty
+class TestAdminMerchantPinsPage:
+    """Tests for GET /loyalty/merchants/{merchant_id}/pins."""
+
+    def test_merchant_pins_page_renders(
+        self, client, super_admin_headers, admin_merchant
+    ):
+        """PINs page returns HTML."""
+        response = client.get(
+            f"{BASE}/merchants/{admin_merchant.id}/pins",
+            headers=super_admin_headers,
+        )
+        assert response.status_code == 200
+        assert "text/html" in response.headers["content-type"]
+
+    def test_merchant_pins_page_requires_auth(self, client, admin_merchant):
+        """Unauthenticated request is rejected."""
+        response = client.get(
+            f"{BASE}/merchants/{admin_merchant.id}/pins"
+        )
+        assert response.status_code in [401, 403]