🏠 Overview ✅ Implementation Tasks ✅ epic-geographic-peer-mentor-map-consent-privacy-task-010

Write unit and integration tests for consent lifecycle

epic-geographic-peer-mentor-map-consent-privacy-task-010 — Implement comprehensive tests covering: grantConsent happy path, double-grant idempotency, revokeConsent atomicity with location data deletion, checkConsent returning correct status for each state (granted, denied, revoked, re-consent-required), RLS policy enforcement for all roles, and dialog widget rendering with both Opt In and Opt Out interactions. Achieve minimum 90% branch coverage on location-consent-service.

critical priority medium complexity testing pending testing specialist Tier 6

Acceptance Criteria

Unit tests cover grantConsent happy path: status transitions from null/denied/revoked to granted, audit log entry created, location_consent field updated in Supabase
Double-grant idempotency test: calling grantConsent twice for the same mentor results in a single audit log entry and no duplicate DB writes
revokeConsent atomicity test: a simulated mid-transaction failure leaves both consent status and location data in a consistent state (both rolled back or both committed)
revokeConsent cascade test: after revocation, all rows in mentor_locations table for the affected mentor are deleted and checkConsent returns 'revoked'
checkConsent returns correct typed status for each of the four states: granted, denied, revoked, re-consent-required — tested with mocked Supabase responses
RLS policy enforcement tests: peer mentor can only read/write their own consent row; coordinator read-only; admin can read all but not write consent on behalf of mentors
Widget test: ConsentDialog renders with 'Opt In' and 'Opt Out' buttons, tapping 'Opt In' calls grantConsent, tapping 'Opt Out' calls revokeConsent, loading and error states render correctly
Minimum 90% branch coverage on location-consent-service as reported by flutter_test --coverage
All tests pass in CI without network calls — Supabase client is fully mocked/faked
No test relies on global state; each test case sets up and tears down its own fixtures

Technical Requirements

frameworks
Flutter
flutter_test
BLoC
mocktail or mockito for mocking
apis
Supabase PostgREST (mocked)
Supabase RLS policy simulation via mock
data models
MentorConsent
ConsentAuditLog
MentorLocation
performance requirements
Full test suite completes in under 60 seconds on CI
No real network calls — all Supabase interactions mocked
security requirements
Test fixtures must not contain real PII — use synthetic mentor IDs only
RLS enforcement tests must explicitly assert that cross-user data access returns empty or throws Forbidden
ui components
ConsentDialog widget
ConsentStatusBadge widget

Execution Context

Execution Tier
Tier 6

Tier 6 - 158 tasks

Can start after Tier 5 completes

Implementation Notes

The atomicity test for revokeConsent requires careful mock design: inject a SupabaseException after the consent status update but before the location row deletion, then assert that the service either rolls both back or surfaces a CascadeDeleteFailure. Since Supabase RLS cannot be exercised in a real unit test, create a RlsPolicySimulator class that mirrors the policy logic in Dart so it can be tested in-process. For widget tests, use pumpWidget with a BlocProvider wrapping a fake ConsentBloc stub — do not spin up the real BLoC. Coverage gaps most likely hide in error paths (network timeout, malformed JSON from Supabase); ensure each failure class has at least one test.

Keep test file names mirroring the source file they cover to simplify navigation.

Testing Requirements

Use flutter_test for all unit and widget tests. Create a FakeSupabaseClient or use mocktail to stub all Supabase calls — no live Supabase connection in tests. Organize tests in three files: location_consent_service_test.dart (unit), consent_rls_policy_test.dart (integration-style with mocked RLS), and consent_dialog_widget_test.dart (widget). Use setUp/tearDown to reset state between cases.

Run coverage with `flutter test --coverage` and enforce the 90% branch threshold in CI via lcov. Test all four ConsentStatus enum values explicitly. For the atomicity test, inject a fault into the mock after the first DB write and assert rollback behavior.

Component
Location Consent Service
service medium
Dependencies (3)
Add consent versioning to location-privacy-config and location-consent-service so that when an organisation updates its privacy policy or data processing agreement, mentors who previously consented under an older version are flagged as requiring re-consent. Implement the re-prompt trigger that shows the dialog again with a change-summary before the mentor can access map features. epic-geographic-peer-mentor-map-consent-privacy-task-009 Create a Supabase Edge Function or RPC endpoint that wraps checkConsent and returns a typed ConsentStatusResponse for use by mentor-location-service and any other component that must gate on consent. The endpoint must validate the calling user's JWT, confirm org membership, and return status within 300ms under normal load. epic-geographic-peer-mentor-map-consent-privacy-task-008 Connect the location-consent-dialog to location-consent-service so that tapping Opt In calls grantConsent and tapping Opt Out calls a denial record write, then navigates the mentor to the appropriate next screen. Integrate Riverpod state so downstream widgets reactively observe ConsentStatus. Ensure the dialog is shown only once per mentor per organisation unless consent is revoked and re-prompted. epic-geographic-peer-mentor-map-consent-privacy-task-007
Epic Risks (2)
medium impact medium prob scope

If the privacy policy text or consent terms change after mentors have already opted in, existing consent records may become legally insufficient, requiring re-consent from all opted-in mentors which could temporarily reduce map coverage.

Mitigation & Contingency

Mitigation: Store a consent_version field on every consent record. Implement a consent version check in location-consent-service that compares the stored version against the current policy version from location-privacy-config and flags stale consents for re-consent prompting.

Contingency: If a policy update invalidates existing consents, suppress affected mentors from the map, queue them for re-consent notification via the existing in-app notification system, and restore map visibility only after new consent is recorded.

medium impact medium prob scope

A poorly designed consent dialog may lead to low opt-in rates, reducing map utility for coordinators to the point where the feature delivers insufficient value to justify maintenance cost.

Mitigation & Contingency

Mitigation: Follow plain-language writing guidelines from the cognitive accessibility feature. User-test the dialog with 2-3 peer mentors from Blindeforbundet before implementation is finalised. Ensure the dialog explains the benefit to the mentor, not just the data collection facts.

Contingency: If opt-in rate after launch is below 40%, conduct a targeted usability study and iterate on dialog copy and layout. The coordinator can also send a bulk opt-in invitation notification (per the user story) to non-consenting mentors.

Quick Links
All Tasks Execution Plan