feat(loyalty): cross-persona page alignment with shared components

Align loyalty pages across admin, merchant, and store personas so each sees the same page set scoped to their access level. Admin acts as a superset of merchant with "on behalf" capabilities. New pages: - Store: Staff PINs management (CRUD) - Merchant: Cards, Card Detail, Transactions, Staff PINs (CRUD), Settings (read-only) - Admin: Merchant Cards, Card Detail, Transactions, PINs (read-only) Architecture: - 4 shared Jinja2 partials (cards-list, card-detail, transactions, pins) - 4 shared JS factory modules parameterized by apiPrefix/scope - Persona templates are thin wrappers including shared partials - PinDetailResponse schema for cross-store PIN listings API: 17 new endpoints (11 merchant, 6 admin on-behalf) Tests: 38 new integration tests, arch-check green i18n: ~130 new keys across en/fr/de/lb Docs: pages-and-navigation.md with full page matrix Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-22 19:28:07 +01:00
parent f41f72b86f
commit 6161d69ba2
49 changed files with 4385 additions and 14 deletions
--- a/app/modules/loyalty/tests/integration/test_merchant_pages.py
+++ b/app/modules/loyalty/tests/integration/test_merchant_pages.py
@@ -158,3 +158,113 @@ class TestMerchantAnalyticsPage:
        """Unauthenticated request is rejected."""
        response = client.get(f"{BASE}/analytics")
        assert response.status_code in [401, 403]
+
+
+# ============================================================================
+# Cards Page
+# ============================================================================
+
+
+@pytest.mark.integration
+@pytest.mark.loyalty
+class TestMerchantCardsPage:
+    """Tests for GET /merchants/loyalty/cards."""
+
+    def test_cards_page_renders(self, client, merchant_page_headers):
+        """Cards page returns HTML."""
+        response = client.get(f"{BASE}/cards", headers=merchant_page_headers)
+        assert response.status_code == 200
+        assert "text/html" in response.headers["content-type"]
+
+    def test_cards_page_requires_auth(self, client):
+        """Unauthenticated request is rejected."""
+        response = client.get(f"{BASE}/cards")
+        assert response.status_code in [401, 403]
+
+
+# ============================================================================
+# Card Detail Page
+# ============================================================================
+
+
+@pytest.mark.integration
+@pytest.mark.loyalty
+class TestMerchantCardDetailPage:
+    """Tests for GET /merchants/loyalty/cards/{card_id}."""
+
+    def test_card_detail_page_renders(self, client, merchant_page_headers):
+        """Card detail page returns HTML (even with non-existent card_id)."""
+        response = client.get(f"{BASE}/cards/99999", headers=merchant_page_headers)
+        assert response.status_code == 200
+        assert "text/html" in response.headers["content-type"]
+
+    def test_card_detail_page_requires_auth(self, client):
+        """Unauthenticated request is rejected."""
+        response = client.get(f"{BASE}/cards/1")
+        assert response.status_code in [401, 403]
+
+
+# ============================================================================
+# Transactions Page
+# ============================================================================
+
+
+@pytest.mark.integration
+@pytest.mark.loyalty
+class TestMerchantTransactionsPage:
+    """Tests for GET /merchants/loyalty/transactions."""
+
+    def test_transactions_page_renders(self, client, merchant_page_headers):
+        """Transactions page returns HTML."""
+        response = client.get(f"{BASE}/transactions", headers=merchant_page_headers)
+        assert response.status_code == 200
+        assert "text/html" in response.headers["content-type"]
+
+    def test_transactions_page_requires_auth(self, client):
+        """Unauthenticated request is rejected."""
+        response = client.get(f"{BASE}/transactions")
+        assert response.status_code in [401, 403]
+
+
+# ============================================================================
+# Staff PINs Page
+# ============================================================================
+
+
+@pytest.mark.integration
+@pytest.mark.loyalty
+class TestMerchantPinsPage:
+    """Tests for GET /merchants/loyalty/pins."""
+
+    def test_pins_page_renders(self, client, merchant_page_headers):
+        """PINs page returns HTML."""
+        response = client.get(f"{BASE}/pins", headers=merchant_page_headers)
+        assert response.status_code == 200
+        assert "text/html" in response.headers["content-type"]
+
+    def test_pins_page_requires_auth(self, client):
+        """Unauthenticated request is rejected."""
+        response = client.get(f"{BASE}/pins")
+        assert response.status_code in [401, 403]
+
+
+# ============================================================================
+# Settings Page
+# ============================================================================
+
+
+@pytest.mark.integration
+@pytest.mark.loyalty
+class TestMerchantSettingsPage:
+    """Tests for GET /merchants/loyalty/settings."""
+
+    def test_settings_page_renders(self, client, merchant_page_headers):
+        """Settings page returns HTML."""
+        response = client.get(f"{BASE}/settings", headers=merchant_page_headers)
+        assert response.status_code == 200
+        assert "text/html" in response.headers["content-type"]
+
+    def test_settings_page_requires_auth(self, client):
+        """Unauthenticated request is rejected."""
+        response = client.get(f"{BASE}/settings")
+        assert response.status_code in [401, 403]