Team Feature - Comprehensive Test Plan

Complete testing guide for team collaboration features including organizations, team members, project-based sharing, Stripe billing, and security.

Phase 1: Database & Security Testing

Row Level Security (RLS) Verification

Test: Organization Creation

• ☐ Create organization as authenticated user → Should succeed
• ☐ Try to view another user's personal projects → Should fail
• ☐ Verify auth.uid() is properly set in RLS policies

Test: Team Project Access

• ☐ Create team project linked to Organization A
• ☐ User in Organization A views project → Should see it
• ☐ User in Organization B views project → Should NOT see it
• ☐ User leaves Organization A → Should no longer see team projects

Database Migrations

# Check Supabase migrations
supabase db diff

# Verify tables exist
SELECT tablename FROM pg_tables WHERE schemaname = 'public'
  AND tablename IN ('organizations', 'team_members', 'subscriptions', 'invitations');

# Verify view exists
SELECT viewname FROM pg_views WHERE schemaname = 'public'
  AND viewname = 'annotations_with_team_info';

Phase 2: Stripe Billing Testing

Stripe Setup Prerequisites

# Required Environment Variables
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=pk_test_...
STRIPE_SECRET_KEY=sk_test_...
STRIPE_WEBHOOK_SECRET=whsec_...
NEXT_PUBLIC_BASE_URL=http://localhost:3000

Checkout Flow Testing

Test: Pro Plan Subscription

• ☐ Navigate to /billing/upgrade
• ☐ Select "Pro Plan" ($19/month)
• ☐ Use Stripe test card: 4242 4242 4242 4242
• ☐ Verify redirected to /billing/success
• ☐ Check subscriptions table: plan_type='pro', status='active'

Test: Team Plan Subscription

• ☐ Create organization first at /teams/new
• ☐ Navigate to /teams/[org-id]/billing
• ☐ Click "Upgrade to Team Plan"
• ☐ Enter number of seats (e.g., 5)
• ☐ Complete checkout with test card
• ☐ Verify subscriptions table: plan_type='team', seat_count=5

Stripe Customer Portal Testing

• ☐ As organization owner, go to /teams/[org-id]/billing
• ☐ Click "Manage Billing" button
• ☐ Verify redirected to Stripe Customer Portal
• ☐ Test updating payment method
• ☐ Test viewing invoice history
• ☐ Test changing seat count

Phase 3: Team Management Flow

Organization Creation

• ☐ Navigate to /teams
• ☐ Without active subscription → Shows upgrade prompt
• ☐ With active Team subscription → Can create organization
• ☐ Fill form: Name="Acme Corp", Description="Our team workspace"
• ☐ Verify user is added as role='owner' in team_members
• ☐ Verify annotation color automatically assigned

Member Invitations

Test: Email Invitation Flow

• ☐ As owner/admin, go to /teams/[org-id]/settings
• ☐ Click "Invite Member"
• ☐ Enter email: testuser@example.com, Role: "Member"
• ☐ Verify invitations table has new row with status = 'pending'
• ☐ Copy invitation link: /teams/invitations/[token]

Test: Accept Invitation

• ☐ Create account with testuser@example.com (or sign in)
• ☐ Visit invitation link
• ☐ Click "Accept Invitation"
• ☐ Verify added to team_members with correct role
• ☐ Verify assigned unique annotation color
• ☐ Redirected to /teams/[org-id]

Seat Limits

• ☐ Organization has Team plan with seat_count = 3
• ☐ Add 3 members (owner + 2 invites)
• ☐ Try to invite 4th member → Should fail with "No seats available"
• ☐ Increase seats to 5 in Stripe Customer Portal
• ☐ Wait for webhook to update database
• ☐ Try inviting 4th member → Should succeed

Phase 4: Project-Based Sharing

Personal vs Team Projects

Test: Create Personal Project

• ☐ Go to /projects, click "New Project"
• ☐ Name: "My Personal Notes"
• ☐ Do NOT check "Make this a team project"
• ☐ Verify projects table: is_team_project = false
• ☐ Other team members CANNOT see this project

Test: Create Team Project

• ☐ Go to /projects, click "New Project"
• ☐ Name: "Team Design Reviews"
• ☐ Check "Make this a team project"
• ☐ Verify projects table: is_team_project = true
• ☐ Other team members CAN see this project

Phase 5: Extension Testing

Extension Installation

• ☐ Load extension in Chrome: chrome://extensions/ → Load unpacked
• ☐ Verify extension icon appears in toolbar
• ☐ Click icon → panel slides in from right

Team Project Creation (Extension)

• ☐ After recording, click "Create New Project"
• ☐ If user has teams, should see "Make this a team project" checkbox
• ☐ Check checkbox → team selector appears
• ☐ Select team "Acme Corp"
• ☐ Verify projects table: is_team_project = true

Phase 6: Security Testing

Authentication Security

• ☐ Try accessing /teams without login → Redirects to /auth/signin
• ☐ Try accessing /teams/[org-id] not belonging to user → 403 or redirects
• ☐ Try accessing API endpoints without auth → Returns 401

SQL Injection Prevention

• ☐ Try injecting SQL in team name: '; DROP TABLE teams; --
• ☐ Verify parameterized queries prevent injection
• ☐ Check error messages don't leak DB structure

XSS Prevention

• ☐ Create project with name: <script>alert('XSS')</script>
• ☐ View project → Script should NOT execute (should be escaped)

Phase 7: Edge Cases

Subscription Cancellation

• ☐ Organization has active Team subscription
• ☐ Cancel subscription in Stripe Portal
• ☐ Verify subscriptions.status changes to 'cancelled'
• ☐ Verify users can still access team until period_end
• ☐ After period_end, prevent new team project creation

Color Assignment with 12+ Members

• ☐ Add 13th member to team
• ☐ Verify color is reused (cycles back to color palette)
• ☐ Different members still have different colors when possible

Phase 8: End-to-End User Flows

Flow 1: New Team Setup (Happy Path)

• ☐ User A signs up, subscribes to Team plan ($15/seat × 5)
• ☐ Creates organization "Design Team"
• ☐ Invites User B (designer@example.com) as Admin
• ☐ Invites User C (dev@example.com) as Member
• ☐ Both accept invitations
• ☐ User A creates team project "Product Redesign"
• ☐ User B uploads video, adds 3 annotations
• ☐ User C views video, sees User B's annotations in User B's color
• ☐ Extension shows all annotations color-coded correctly

Flow 2: Seat Management

• ☐ Organization has 5 seats, 5 members
• ☐ Try to invite 6th member → Fails with "No seats available"
• ☐ Owner opens Stripe Portal
• ☐ Increases seats to 10
• ☐ Stripe webhook fires → seat_count updated to 10
• ☐ Invite 6th member → Succeeds
• ☐ Next invoice shows $15 × 10 = $150