Ilesh Darji â–®

Multi-User and Role-Based Testing in Cypress

In modern applications, user roles like admin, manager, and viewer often have different access levels. Cypress can simulate these roles in end-to-end tests to ensure each user sees the correct UI and functionality.

🧠 Why Role-Based Testing Matters

  • Validates access controls
  • Prevents unauthorized actions
  • Ensures personalized user experience
  • Catches permission-related bugs early

👥 Strategies for Multi-User Testing

1. Use Role-Specific Fixtures

Create separate JSON fixture files for each role.

// fixtures/admin.json
{
  "email": "admin@example.com",
  "password": "adminpass"
}

// fixtures/viewer.json
{
  "email": "viewer@example.com",
  "password": "viewerpass"
}

2. Create Role-Specific Custom Commands

In cypress/support/commands.js:

Cypress.Commands.add('loginAs', (role) => {
  cy.fixture(`${role}.json`).then((user) => {
    cy.request('POST', '/api/login', user).then((response) => {
      window.localStorage.setItem('token', response.body.token)
    })
  })
})

3. Write Role-Based Tests

describe('Admin Dashboard Access', () => {
  beforeEach(() => {
    cy.loginAs('admin')
    cy.visit('/admin-dashboard')
  })

  it('should allow admin to access dashboard', () => {
    cy.contains('Admin Settings').should('be.visible')
  })
})

describe('Viewer Restrictions', () => {
  beforeEach(() => {
    cy.loginAs('viewer')
    cy.visit('/admin-dashboard')
  })

  it('should redirect viewer away from admin dashboard', () => {
    cy.url().should('not.include', '/admin-dashboard')
    cy.contains('Access Denied').should('exist')
  })
})

✅ Best Practices

  • Keep user roles consistent with backend logic
  • Automate login via API for speed and reliability
  • Use meaningful test names like admin_can_edit_users, viewer_cannot_see_settings

🚀 Final Thoughts

Role-based testing in Cypress ensures your app’s permissions system works as expected. By simulating real-world users, you can confidently ship features that respect access levels and avoid security or UX issues.

Next in Series: Dealing with Flaky Tests in Cypress: Root Causes and Real Fixes

February 25, 2025 cypress role-based multi-user testing