🏠 Overview ✅ Implementation Tasks ✅ epic-admin-portal-dashboard-ui-task-018

Accessibility Audit and WCAG 2.2 AA Remediation

epic-admin-portal-dashboard-ui-task-018 — Run flutter_accessibility_lint and manual screen-reader testing (TalkBack/VoiceOver) across all admin portal screens and panels. Ensure all interactive elements have semantic labels, the RoleAssignmentPanel confirmation dialog is fully keyboard and screen-reader navigable, stat widgets announce values correctly via live regions, and all color combinations meet WCAG 2.2 AA contrast ratios using the contrast-safe design token palette.

high priority medium complexity testing pending frontend specialist Tier 7

Acceptance Criteria

flutter_accessibility_lint reports zero critical or high-severity violations across all admin portal screens
Every interactive widget (buttons, dropdowns, toggles, pagination controls) has a non-empty Semantics label that describes its action in Norwegian and English (or the active locale)
RoleAssignmentPanel confirmation dialog is fully navigable by VoiceOver (iOS) and TalkBack (Android): focus enters dialog on open, tab order follows logical reading order, confirm and cancel actions are reachable without swiping past non-interactive elements
Stat widgets (total activities, active mentors, pending reimbursements, etc.) use SemanticsProperties.liveRegion so screen readers announce value changes when data reloads without user interaction
All text/background color combinations in admin portal screens achieve minimum 4.5:1 contrast ratio (WCAG 2.2 AA) verified via design token audit and automated contrast checker
Large text (18pt+ or 14pt bold) achieves minimum 3:1 contrast ratio as per WCAG 2.2 AA large text exception
No information is conveyed by color alone — icons, labels, or patterns supplement color-coded status indicators (e.g., export status, certification expiry)
All images and icons that convey meaning have descriptive Semantics labels; purely decorative images have excludeFromSemantics: true
Focus does not get trapped in any scrollable list or panel — users can exit any region with standard accessibility gestures
Font scaling up to 200% (Flutter textScaleFactor 2.0) does not break layout or cause text overflow in any admin portal screen
Manual TalkBack test on Android and VoiceOver test on iOS documented in audit report with pass/fail per screen
Remediation pull request includes before/after screenshots for each fixed contrast issue

Technical Requirements

frameworks
Flutter
flutter_test (Semantics testing APIs)
flutter_accessibility_lint
performance requirements
Accessibility lint scan must complete in under 30 seconds
Live region announcements must fire within 300ms of data change to feel responsive to screen reader users
security requirements
Screen reader labels must not expose internal IDs, database keys, or role slugs — use human-readable display names only
Sensitive fields (e.g., personal data in ActivityLogViewer) must have Semantics hint indicating sensitivity consistent with NHF requirement for warning on sensitive field readout
ui components
AdminDashboardScreen
CertificationStatusPanel
ActivityLogViewer
AdminExportPanel
RoleAssignmentPanel
StatCard widgets
PaginationControls

Execution Context

Execution Tier
Tier 7

Tier 7 - 84 tasks

Can start after Tier 6 completes

Implementation Notes

In Flutter, use the Semantics widget or the semanticsLabel property to add labels. For live regions, wrap stat value Text widgets with Semantics(liveRegion: true, child: ...) — this maps to ARIA live regions on web and announces value changes to screen readers. For the RoleAssignmentPanel dialog, use Flutter's AlertDialog which has built-in focus trapping; verify the dialog's actions array places the destructive action last. For color contrast, audit the design token palette file and map every token used in admin portal widgets — if any token fails 4.5:1, create a contrast-safe override token rather than hardcoding a fix.

Use MediaQuery.textScaleFactorOf(context) in widget tests to simulate large text. When adding semantic labels to icon buttons, prefer Tooltip + semanticsLabel over a raw Semantics wrapper as Tooltip automatically provides both visual and semantic labels. The flutter_accessibility_lint package must be added to dev_dependencies in pubspec.yaml and configured via analysis_options.yaml.

Testing Requirements

Three layers of testing required: (1) Automated — run flutter_accessibility_lint as a CI step; add widget tests using tester.getSemantics(find.byType(ElevatedButton)) to assert non-empty labels; use SemanticsController to verify live region properties; (2) Semi-automated — use Flutter's Semantics debugger (showSemanticsDebugger: true) to visually inspect semantic tree on device/emulator; (3) Manual — test each screen with VoiceOver on iOS 17+ and TalkBack on Android 13+, following WCAG 2.2 success criteria 1.3.1, 1.4.3, 2.1.1, 2.4.3, 4.1.2; document each test in an audit spreadsheet with status (pass/fail/N/A) and screenshot evidence. Contrast ratios must be verified with a contrast checker tool (e.g., Colour Contrast Analyser) against the design token hex values.

Component
Admin Dashboard Screen
ui high
Dependencies (2)
Adapt the AdminDashboardScreen and all governance panels for Flutter Web wide-screen rendering. Implement a sidebar panel layout for large viewports (>900px) where the OrgHierarchyNavigator is shown persistently in a left rail and governance panels expand in a scrollable content area. Ensure the mobile layout collapses to a standard bottom-nav/drawer pattern. Use design token breakpoints. epic-admin-portal-dashboard-ui-task-016 Write unit tests for the AdminPortalBloc covering all event/state transitions: dashboard stat loading, scope propagation, export job lifecycle, pagination, and filter state. Write widget tests for AdminDashboardScreen, CertificationStatusPanel, ActivityLogViewer, AdminExportPanel, and RoleAssignmentPanel using mock BLoC and service dependencies. Achieve minimum 80% coverage for all components in this epic. epic-admin-portal-dashboard-ui-task-017
Epic Risks (3)
high impact medium prob technical

If org node selection in AdminStateBLoC does not correctly propagate to all dependent data streams (statistics, activity log, user list, certification panel), some panels may show data from the previously selected org scope, creating a confusing and potentially dangerous mixed-scope view.

Mitigation & Contingency

Mitigation: Model org node selection as a single source of truth in AdminStateBLoC. All downstream providers derive their query parameters from this single stream via Riverpod's watch pattern. Write integration tests that verify every data stream emits a reload event when the selected node changes.

Contingency: If scope propagation bugs are detected in QA, add an explicit full-state reset on org node change (clear all cached data and refetch from scratch) as a safe but less efficient fallback until the targeted propagation is fixed.

medium impact medium prob technical

The Admin Dashboard Screen must adapt its layout for Flutter Web (wider viewports, mouse interaction, larger grid) and mobile embedding. Flutter Web responsive layout support has historically required non-trivial workarounds, and the adaptive grid may introduce significant additional development time.

Mitigation & Contingency

Mitigation: Define breakpoints and grid behaviour in the design system before implementation. Use LayoutBuilder with explicit breakpoint constants rather than MediaQuery scattered across widgets. Prototype the web layout with a skeleton screen before implementing live data binding.

Contingency: If web layout proves intractable within sprint, deliver a mobile-first layout for all platforms initially and track a dedicated web-optimisation task for the next sprint.

high impact low prob security

A bug in the Role Assignment Panel's permission scope validation could allow an org_admin to assign roles beyond their authority (e.g., assigning super_admin to a user), representing a serious privilege escalation vulnerability.

Mitigation & Contingency

Mitigation: Enforce role assignment scope on both the client (disable unavailable roles in the panel UI) and the server (UserManagementService validates the target role is within the admin's permitted scope before persisting). Write security-focused tests that attempt out-of-scope role assignments and assert rejection.

Contingency: If an escalation vulnerability is discovered, immediately disable the role assignment panel via feature flag, revoke any incorrectly assigned roles, and deploy a server-side fix before re-enabling.

Quick Links
All Tasks Execution Plan