🏠 Overview ✅ Implementation Tasks ✅ epic-scenario-push-engagement-foundation-task-009

Write unit tests for NotificationPreferencesRepository

epic-scenario-push-engagement-foundation-task-009 — Write unit tests for NotificationPreferencesRepository covering: default opted-in behaviour when no row exists, upsert idempotency, multi-scenario preference retrieval, and Supabase error propagation. Use flutter_test and mock the Supabase client. Achieve minimum 90% branch coverage for the repository class.

high priority low complexity testing pending testing specialist Tier 2

Acceptance Criteria

Test: getPreference(userId, scenarioType) returns opted-in (true) by default when no row exists in the database for that user/scenario combination
Test: upsertPreference called twice with the same userId and scenarioType is idempotent — second call does not create a duplicate row and returns the updated value
Test: getPreferencesForUser(userId) returns a map containing entries for all defined ScenarioType enum values when preferences exist in the database
Test: getPreferencesForUser(userId) returns all-opted-in defaults when no rows exist for that user
Test: when Supabase client throws a PostgrestException, the repository propagates the error as a typed RepositoryException (not a raw Supabase exception leaking through the interface)
Test: when Supabase client throws a network timeout, the repository propagates it appropriately without hanging
Test: upsertPreference with opted_out=true correctly persists the opt-out state and getPreference subsequently returns false
All tests use mocked Supabase client — no real network calls are made
Test file is co-located in test/ directory mirroring the source file path
Achieved branch coverage for NotificationPreferencesRepository is >= 90% as reported by flutter test --coverage

Technical Requirements

frameworks
Flutter
flutter_test
mockito or mocktail
apis
Supabase PostgreSQL 15
performance requirements
All unit tests complete in under 2 seconds total — no real async delays
security requirements
Test fixtures must not contain real user UUIDs, PII, or production credentials
Mock Supabase client must not make real network calls under any test condition

Execution Context

Execution Tier
Tier 2

Tier 2 - 518 tasks

Can start after Tier 1 completes

Implementation Notes

Mocking the Supabase PostgREST query builder chain (from(), select(), eq(), upsert(), etc.) requires careful stub setup — each method in the chain must return the mock itself to support fluent chaining. Consider wrapping the Supabase client behind a thin abstract interface (e.g. INotificationPreferencesDataSource) to simplify mocking and avoid coupling tests to the Supabase SDK's internal classes. Use fake UUIDs (e.g.

'00000000-0000-0000-0000-000000000001') as test fixtures. Test the default opted-in behaviour by configuring the mock to return an empty list for the select query, then asserting the repository returns true — this is the critical behaviour for user experience (users should receive notifications unless they explicitly opt out).

Testing Requirements

All tests are unit tests using flutter_test. Use mocktail (preferred) or mockito to mock the Supabase client and PostgREST query builder chain. Structure tests in groups by behaviour: 'default opted-in', 'upsert idempotency', 'multi-scenario retrieval', 'error propagation'. Use setUp() to initialise fresh mocks for each test.

Verify mock interactions with verify() to confirm correct table, column, and filter arguments are passed to the Supabase client. Run flutter test --coverage and confirm >= 90% branch coverage on the repository file specifically.

Component
Notification Preferences Repository
data low
Dependencies (1)
Implement the Dart NotificationPreferencesRepository class using the Supabase client. Provide methods: getPreferences(userId), upsertPreference(userId, scenarioType, optedIn), and getAllForUser(userId). Upsert must default opted_in to true when no row exists. Use Riverpod for dependency injection. epic-scenario-push-engagement-foundation-task-003
Epic Risks (3)
high impact medium prob dependency

FCM service account key and APNs certificate configuration may be missing or misconfigured in the Supabase Edge Function secrets store, blocking end-to-end push delivery testing until resolved by the infrastructure owner.

Mitigation & Contingency

Mitigation: Raise a credentials-setup task in the project board at epic start; document the exact secret names required in scenario-evaluation-config so the infrastructure owner can provision them independently of development work.

Contingency: Implement a mock push-notification-dispatcher stub that records payloads to the database for local testing, allowing the rest of the feature to proceed while credentials are obtained.

high impact low prob security

Incorrect RLS policies on the scenario_notifications or notification_preferences tables could allow one user to read or modify another user's notification records, constituting a data privacy breach.

Mitigation & Contingency

Mitigation: Write dedicated RLS policy tests using Supabase's built-in test framework before any application code touches the tables; require a peer security review of all policy definitions before merging.

Contingency: If a policy gap is discovered post-merge, immediately disable the affected table's read policy, notify the security lead, and deploy a hotfix with corrected policies before re-enabling access.

medium impact medium prob dependency

Norwegian Bokmål ARB localisation strings for all scenario message templates may not be available at implementation time, causing content-builder tests to fail and delaying integration.

Mitigation & Contingency

Mitigation: Define all required ARB message keys in a tracked document shared with the content owner at epic kickoff; use English placeholder strings that follow the final format so template injection logic can be tested independently.

Contingency: Ship with English-only strings in the first release and gate Norwegian strings behind a feature flag that is enabled once translations are reviewed and approved.

Quick Links
All Tasks Execution Plan