JTG Bursary Platform — UAT Pack

Milestone 1 Sign-off · Solo Tester: Teboho · All 7 roles covered by 1 person

Super Admin Prog. Admin Learner (×2) Verif. Officer Reviewer

🧑‍💻 Teboho — Solo Tester

Ready

What is this?

This is the interactive UAT companion for Teboho, who is running all Milestone 1 tests solo. Rather than coordinating a team, Teboho logs in and out of each pre-seeded system account in sequence, covering every user journey from one workstation.

Use the Test Scripts tab for step-by-step instructions per role. Use Feature Matrix to track completion. Log every issue in Bug Log.

The 10 areas being tested

Programme setup→ Registration & apply→ Document verification→ Review & scoring→ Shortlisting & awards

Waitlist→ Contract signing→ Deadline reminders→ POPIA data rights→ Audit trail

Sign-off criteria — all three must be met

1. Zero blocker bugs outstanding. Any defect causing wrong data, data loss, missing notifications, or a security gap must be fixed and re-tested before Day 5 sign-off.

2. All Feature Matrix items ticked or N/A. Every checklist item must be confirmed or explicitly marked not applicable with a reason.

3. Written sign-off sent. An email confirming UAT is complete and the system may proceed to go-live planning.

All accounts — Teboho's credential sheet

All accounts below are pre-seeded. Teboho also creates one personal account on Day 1 to test the registration and email verification flow.

Role	Login Email	Password	Notes
super_admin	`superadmin@jtg.org.za`	`password123`	Pre-seeded. Audit log, user management, sign-off.
programme_admin	`programmeadmin@jtg.org.za`	`password123`	Pre-seeded. All programme admin steps.
reviewer	`reviewer@jtg.org.za`	`password123`	Pre-seeded. John Reviewer.
verif. officer	`verifier@jtg.org.za`	`password123`	Pre-seeded. Sarah Verifier.
sponsor	`sponsor@jtg.org.za`	`password123`	Pre-seeded. ABC Corporation.
learner (eligible)	`thabo@example.com`	`password123`	Pre-seeded. Thabo Mokoena, UJ, Computer Science, 3rd Year.
learner (ineligible)	`lerato@example.com`	`password123`	Pre-seeded. Lerato Dlamini, TUT, Electrical Engineering, 2nd Year.
your own account	`Your real email`	`Your choice`	Self-register on Day 1 to test registration + email verification.

TIP: Open two browser windows — one for admin/reviewer roles, one for learner roles. You only need to be logged in to one at a time, but side-by-side helps cross-checking. Always log out before switching to a new role.

Overall progress

Matrix items complete

Total items

Bugs logged

Blockers

Pre-session — Teboho's Own Registration

Use your own real email address. This tests the registration gate and email verification flow.

Before Day 1 role-specific testing begins, register a personal account. This tests features that cannot be tested with pre-seeded accounts: the registration form, email verification flow, and super admin role-assignment workflow.

Step R1 — Self-register

1
Go to the UAT URL. Click "Register" or "Create account".
✓ Registration form loads with fields for name, email, and password.
2
Enter your real full name, your real email address, and a password. Submit.
✓ You see a message like "Please check your email to verify your account." You are NOT taken to a portal yet.
⚠ If you land immediately on a dashboard with no email verification step, log as Blocker: "Email verification not triggered on registration."

Step R2 — Verify your email

1
Open your inbox. Look for a "Verify your email" message from the system.
✓ Verification email arrives within 2 minutes and contains a clickable link.
⚠ No email after 5 minutes → check spam. Still missing → log as Blocker: "Verification email not delivered."
2
Click the verification link.
✓ Browser confirms "Email verified." Account is active but has no portal role yet.
3
Log in with your email and password.
✓ You can log in. You see a limited or blank dashboard — expected until a role is assigned.

Step R3 — Assign a role to your account (as Super Admin)

🔌 SWITCH ROLE — Super Admin

Log out of current session first

1
Log in as super admin. Go to Admin → Users. Confirm your self-registered account is visible and shows email as verified.
✓ Your account appears in the user list with "active" and "email verified" status.
2
Assign your account the "learner" role (or another role for extra coverage).
✓ Role updates immediately in the users list.

Step R4 — Confirm role access

1
Log out of the super admin session. Log back in with your own account.
✓ You land on the correct portal for your assigned role.
2
Manually type a URL for a portal that is not yours (e.g. /admin/dashboard while logged in as learner).
✓ Access denied — redirected to your own portal or a 403 error is shown.
✕ If you can access another role's portal, log immediately as Blocker: "Role access control not enforced."

Super Admin

Role assignment, user management, audit log review, and Day 5 sign-off.

superadmin@jtg.org.zapassword123

SA-1 — Account check and user management (Day 1)

1
Log in. Go to Admin → Users. Confirm all 8 seeded accounts are visible.
✓ All seeded accounts listed: superadmin, programmeadmin, reviewer, verifier, sponsor, thabo, lerato. Plus your own self-registered account.
2
Confirm your own self-registered account shows "email verified" status.
✓ Your account listed with verified email and the role you assigned in Step R3.
3
Toggle a test user account inactive, then immediately reactivate it.
✓ Toggle works. User status updates instantly.
4
Run a password reset on any non-critical seeded account.
✓ Password reset email appears in Mailtrap or the real inbox.

SA-2 — Audit log review (Day 4, after all other testing is complete)

🔌 SWITCH ROLE — Super Admin

Log out of current session first

1
Go to Admin → Audit Logs. Filter by today's date.
✓ Entries appear for actions taken today.
2
Spot-check three entries: one from the programme admin session, one from a learner session, one from the reviewer session. Confirm user attribution is accurate.
✓ Each log entry correctly identifies the account that performed the action with a timestamp.
3
Find the bulk shortlist entry, the erasure entry, and a reviewer assignment entry.
✓ All three entries present with correct accounts and timestamps.

SA-3 — Contract repository and sign-off (Day 5)

🔌 SWITCH ROLE — Super Admin

Log out of current session first

1
Go to Admin → Contracts. Search for "Thabo" by name.
✓ Thabo's signed contract appears in search results. Version history shows: generated → signed, both timestamped.
2
Download the signed contract PDF.
✓ PDF downloads with Thabo's real name and award amount — no placeholder text.
3
Send written sign-off email to the developer stating UAT is complete and the system may proceed to go-live planning.
✓ Subject line example: "JTG Bursary Platform — UAT Sign-off [date]".

Programme Admin

Programme setup, form builder, rubric, reviewer management, shortlisting, awards, waitlist, POPIA DSR queue, deadline reminders.

programmeadmin@jtg.org.zapassword123

PA-1 — Create programmes (Day 1)

1
Go to Programmes → Create New. Name it "JTG UAT Bursary 2026". Set deadline 3 days from today, fund amount R15,000. Under eligibility, restrict to institution = "University of Johannesburg" — this matches Thabo's seeded profile and excludes Lerato (TUT).
✓ Programme saves and appears in the programme list.
2
Create a second programme: "JTG UAT Universal 2026". Set mode to Universal (no eligibility filter). Add a basic form and publish it.
✓ Both programmes saved. Thabo (UJ) sees both. Lerato (TUT) sees only the Universal one.

PA-2 — Form builder, rubric, and auto-assignment (Day 1)

1
Open "JTG UAT Bursary 2026" → Form Builder. Add 4 fields: text (Motivation letter), file upload (Supporting document), dropdown (Year of study), text (Supervisor name). Add conditional logic: Supervisor name only shown when Year of study = "Postgraduate". Save, then click "Publish Form".
✓ Fields save. In preview, Supervisor name is hidden until Postgraduate is selected. Status changes to "Published".
2
Add document checklist: ID Document, Academic Transcript, Proof of Income. Mark all three as required.
✓ Three required document types configured and visible on the learner upload page.
3
Toggle notification types on/off for this programme (e.g. toggle "Deadline reminder" off then back on).
✓ Notification toggles save without affecting other programmes.
4
Go to Rubrics. Add 3 criteria: Academic merit (40%), Financial need (35%), Motivation (25%). Confirm weights total 100%.
✓ Three criteria saved. Weight total shows 100%.
5
Go to Auto-assignment rules. Add a rule: when application moves to "approved_for_review", automatically assign it to reviewer@jtg.org.za (John Reviewer).
✓ Rule saved and active.
6
Go to Contract Templates → Create. Build a template with merge fields for learner name, award amount, and programme name. Save and preview.
✓ Template saved. Preview shows readable placeholders — no raw code.

PA-3 — Reviewer and application management (Day 3)

Run after Thabo's documents are verified (Verif. Officer session). Thabo's application must be at "under_review" status before proceeding.

1
Go to Admin → Applications. Find Thabo's application. Move it to "approved_for_review".
✓ Auto-assignment fires — John Reviewer (reviewer@jtg.org.za) receives an assignment notification. Application visible in reviewer queue.
2
Confirm in Admin → Applications that John Reviewer is shown as the assigned reviewer on Thabo's application.
✓ Reviewer name visible on the application detail view.
3
Test the manual assignment path: use the manual assign control to assign the reviewer to a second test application directly (without the auto-rule).
✓ Reviewer assigned manually. Assignment notification fires.
4
After the reviewer declares a conflict on the second application (Reviewer Step RE-1.5), recuse them in the admin panel and reassign to yourself (programme admin) as substitute.
✓ Application removed from reviewer's queue. New reviewer sees it. Original reviewer marked as recused.

PA-4 — Committee recommendation, shortlisting, and awards (Day 3)

Run after the reviewer submits locked scores (Reviewer Step RE-1).

1
After the reviewer submits locked scores, open Thabo's application and record a committee recommendation (e.g. "Recommended for award — strong academic record").
✓ Recommendation saved. Visible on application detail. Reviewer's locked scores are not overwritten.
2
Go to Admin → Applications. Select multiple applications and use bulk action to move them to "under_review" simultaneously.
✓ All selected applications update together. Each affected learner receives a StatusChanged notification.
⚠ If only one receives the email, log as Blocker: "Bulk status change only fires notification for first application."
3
Go to Shortlist. Confirm applications ranked by weighted score. Select Thabo's and Lerato's applications and click "Bulk Shortlist".
✓ Both move to "shortlisted". Two StatusChanged emails fire — one per learner.
4
Create Award 1 for Thabo: R15,000, expiry 3 days from today. Generate the offer letter.
✓ Offer letter PDF generated. AwardOffered email fires to thabo@example.com.
5
Create Award 2 for Thabo (for the decline path test). Then add Lerato to the waitlist for Award 2.
✓ Second AwardOffered email fires to Thabo. Lerato sees waitlist position 1 on her portal.

PA-5 — Waitlist confirmation (Day 3, after Eligible Learner declines Award 2)

1
After Thabo declines Award 2 (Eligible Learner Step EL-5b), open the Waitlist admin panel.
✓ Lerato's status has changed from "waitlisted" to "promoted". Promotion timestamp visible. WaitlistPromoted email fired to lerato@example.com.

PA-6 — POPIA DSR queue (Day 4)

1
Go to Admin → Data Subject Requests. Find Thabo's access request. Acknowledge it.
✓ Status moves to "acknowledged". Thabo receives a notification.
2
Download Thabo's data export JSON. Confirm it contains his real profile data.
✓ JSON downloads with his name, institution, and application data — not empty values.
3
Find Lerato's erasure request. Confirm .env DB_DATABASE points at UAT, then execute the erasure.
✓ Account anonymised. Erasure report PDF written to storage. Lerato's name no longer visible in the system.
✕ ONLY execute on the UAT database. Confirm DB_DATABASE in .env is not pointed at production before this step.
4
Go to Admin → POPIA / Data Settings. Confirm a retention policy configuration area is present. Change a retention period and save.
✓ Retention policy settings visible. Change saves without errors.

PA-7 — Deadline reminders (Day 4, coordinate with developer)

1
Ask the developer to set the programme deadline to tomorrow. Then run: php artisan reminders:deadline --dry-run
✓ Output lists the correct applications without sending any emails.
2
Run the command without --dry-run. Then run it a second time immediately.
✓ Emails appear in Mailtrap on first run. Second run sends no duplicates — idempotency confirmed.

Learner – Eligible

Thabo Mokoena — UJ, Computer Science, 3rd Year. Full learner journey: profile → apply → documents → award → contract → POPIA.

thabo@example.compassword123

EL-1 — Review the seeded learner profile (Day 2)

1
Log in as Thabo. Go to My Profile → Edit. Confirm the personal section is pre-filled: ID 9501015001087, phone 0721234567, address "123 Main Street, Soweto, Johannesburg".
✓ Personal fields display correctly with seeded data.
2
Confirm academic section: University of Johannesburg, Computer Science, 3rd Year.
✓ Academic fields display correctly.
3
Confirm financial section: family income below R350,000, single parent household with 3 dependents.
✓ Financial section visible with seeded data.
4
Confirm the POPIA consent checkbox is ticked (seeded with consent_given_at). If not ticked, tick and save.
✓ Consent recorded. Applications are now available.

EL-2 — Apply for the bursary (Day 2)

1
Go to Programmes. Confirm "JTG UAT Bursary 2026" and "JTG UAT Universal 2026" are both visible.
✓ Both programmes appear in Thabo's listing.
2
Click Apply on "JTG UAT Bursary 2026". Select a non-Postgraduate year in the dropdown. Confirm Supervisor name field is hidden.
✓ Conditional logic: Supervisor name hidden for non-Postgraduate selection.
3
Change Year of study to "Postgraduate". Confirm Supervisor name field appears. Fill it in.
✓ Supervisor name field appears. Conditional logic working correctly.
4
Click "Save as Draft". Navigate away. Return to the draft and confirm your answers are preserved.
✓ Draft saved. All previously entered data intact after navigating away.
5
Return to the draft, finish filling it in, and click "Submit".
✓ Status changes to "submitted". ApplicationSubmitted email arrives at thabo@example.com.

EL-3 — Upload all three required documents (Day 2)

1
Go to Documents. Upload a sample PDF as your ID Document.
✓ ID Document listed with status "Pending verification". Appears in the programme document checklist.
2
Upload a second sample PDF as your Academic Transcript.
✓ Transcript listed with status "Pending verification".
3
Upload a third sample PDF as your Proof of Income.
✓ All three required items submitted. Document checklist shows 3/3.

EL-4 — Track your application (Day 2, after verification)

Continue after completing the Verif. Officer session (VO-1, VO-2). Thabo's documents must be verified before this step.

1
Go to My Applications → your application → Track Application.
✓ Timeline shows all status changes with dates: submitted, verified, under review.
2
Open the notifications panel. Check status change notifications appear and can be marked as read.
✓ At least one notification visible. Clicking it marks it as read.

EL-5a — Accept Award 1 (Day 3)

Wait for Programme Admin to create Award 1 (PA-4 step 4) before running this step.

1
Go to My Awards. Confirm a pending offer for R15,000 is visible with an expiry date.
✓ Award offer visible with correct amount.
2
Download the offer letter PDF. Confirm it shows Thabo's real name and R15,000 — not placeholder text.
✓ PDF downloads with real merged data. No "{learner_name}" or similar placeholders visible.
3
Click "Accept award" and confirm the prompt.
✓ Status changes to "accepted". ContractReady email arrives. A new contract appears in My Contracts.

EL-5b — Decline Award 2 — triggers Lerato's waitlist promotion (Day 3)

Wait for Programme Admin to create Award 2 and place Lerato on the waitlist (PA-4 step 5) before running this step.

1
Go to My Awards. Confirm a second pending offer is visible alongside accepted Award 1.
✓ Second award visible in awards list.
2
Click "Decline award" on Award 2 and confirm the prompt.
✓ Status changes to "declined". WaitlistPromoted email fires to lerato@example.com. Confirm in the Ineligible Learner session.
3
Confirm the declined award is labelled "Declined" and you cannot reverse it.
✓ "Declined" label is permanent. No un-decline option available.

EL-6 — Sign your contract (Day 3)

1
Go to My Contracts. Open the contract. Confirm Thabo's name and R15,000 are populated.
✓ Contract displays with real data. No placeholder text.
2
Click "Sign contract" and confirm.
✓ Contract marked as signed. Timestamp and IP address recorded.
3
Download the signed contract PDF.
✓ PDF downloads successfully.
4
Check My Contracts. Confirm signed contract shows "Signed" status with exact timestamp and a version history (generated → signed).
✓ Version history present, each state timestamped.

EL-7 — Submit a data access request — POPIA (Day 4)

1
Go to Privacy / Data Rights. Click "Request my data".
✓ Request submitted with a reference number or on-screen confirmation.
2
After Programme Admin acknowledges it (PA-6 step 1), refresh your DSR page.
✓ Status shows "acknowledged". You have received a notification.

Learner – Ineligible

Lerato Dlamini — TUT, Electrical Engineering, 2nd Year. Eligibility block, waitlist promotion, erasure request.

lerato@example.compassword123

IL-1 — Confirm eligibility block and universal programme visibility (Day 2)

1
Log in as Lerato. Go to Programmes.
✓ "JTG UAT Bursary 2026" should NOT be visible (or if visible, applying shows a clear eligibility block message).
✕ If you can apply to the restricted programme with no block message, log as Blocker: "Eligibility filter not enforced."
2
Confirm "JTG UAT Universal 2026" IS visible in your listing.
✓ Universal programme visible to Lerato. This confirms universal and restricted modes filter independently.

IL-2 — Upload documents (for waitlist test) (Day 2)

1
Upload a sample PDF as ID Document and another as Academic Transcript.
✓ Documents upload and appear as "Pending verification".

IL-3 — Waitlist placement and promotion (Day 3)

Lerato must be placed on the waitlist by Programme Admin (PA-4 step 5) before this step.

1
Go to My Applications.
✓ Application shows "waitlisted". Waitlist position is visible.
2
After Thabo declines Award 2 (Eligible Learner Step EL-5b), refresh this page.
✓ Status changes. WaitlistPromoted notification email arrives at lerato@example.com.

IL-3b — Decline the promoted award (Day 3)

1
Go to My Awards. Confirm a promoted award offer is visible.
✓ Award offer visible as a result of waitlist promotion.
2
Click "Decline award" and confirm.
✓ Status changes to "declined". Cannot be reversed.

IL-4 — Submit an erasure request — POPIA (Day 4)

1
Go to Privacy / Data Rights. Click "Request erasure of my data".
✓ Request submitted with a reference number.
2
After Programme Admin executes the erasure (PA-6 step 3), attempt to log in as Lerato again.
✓ Login fails. Account is inaccessible — data has been anonymised.

Verif. Officer

Sarah Verifier — reviews and approves/rejects learner documents. Run after Thabo uploads all three documents (EL-3).

verifier@jtg.org.zapassword123

TIP: Open this session in an incognito window to keep it separate from your main session.

VO-1 — Verify Thabo's documents (Day 2)

1
Log in as verifier. Go to the verification dashboard.
✓ Applications with pending documents are listed. Thabo's application visible.
2
Open Thabo's application. Verify all three documents: ID Document, Academic Transcript, and Proof of Income.
✓ All three documents show "Verified". Application status automatically moves to "under_review".

VO-2 — Test the rejection path (Day 2)

1
If Lerato has uploaded documents, reject one with a specific reason (e.g. "File is unreadable — please re-upload a clear scan").
✓ Rejection reason saved and visible. Lerato's application remains in pending document state.
2
Confirm the rejection reason is visible to Lerato in the Ineligible Learner session.
✓ Lerato can see the exact rejection reason text you wrote.
3
After verifying all three of Thabo's documents, confirm his application status updated automatically.
✓ Application status moved to "under_review" without any manual trigger required.

Reviewer

John Reviewer — COI declaration, scoring, conflict path, committee recommendation. Run after PA-3 (application moved to approved_for_review).

reviewer@jtg.org.zapassword123

RE-1 — COI declaration and scoring (Day 3)

1
Log in as reviewer. Go to the reviewer dashboard.
✓ Dashboard loads. Assigned applications visible. COI declaration banner displayed.
2
Declare no conflict on Thabo's application (the clean path).
✓ COI recorded as "no conflict". Scoring screen unlocks.
3
Enter scores for all three rubric criteria (Academic merit, Financial need, Motivation). Confirm weighted total is calculated automatically.
✓ Weighted total displayed and mathematically correct (scores × weights / 100).
4
Click "Submit scores" and confirm.
✓ Scores locked. No further editing possible.
5
Verify that a locked submission cannot be edited.
✓ Edit fields are disabled or the edit button is absent.

RE-1.5 — Conflict of interest path (Day 3)

1
On the second test application (the manually assigned one from PA-3 step 3), declare a conflict of interest.
✓ Declaration recorded. Application removed from your active scoring queue. Admin panel shows recused status (confirm in Programme Admin session).

RE-2 — Committee recommendation (Day 3)

1
After scoring, locate the committee recommendation field on Thabo's application.
✓ Recommendation field is visible and editable.
2
Enter a recommendation (e.g. "Recommended — strong financial need and academic record") and save.
✓ Recommendation saved. Visible on the application detail view.

Sponsor

ABC Corporation — read-only view of linked programmes, application counts, and award statuses. Run after awards are created (PA-4).

sponsor@jtg.org.zapassword123

SP-1 — Sponsor dashboard (Day 3)

1
Log in as sponsor. Review the dashboard.
✓ Dashboard shows linked programme "JTG UAT Bursary 2026" with application counts and funding summary.
2
Open an application detail from the sponsor view.
✓ Application summary visible. No private learner PII (ID numbers, financial details) visible beyond the summary level.
3
Check the awards section.
✓ Issued awards listed with correct statuses (offered, accepted, declined, waitlisted).

SP-2 — Access control check (Day 3)

1
Attempt to navigate to /admin/dashboard, /reviewer/dashboard, and /learner/dashboard while logged in as sponsor.
✓ All three attempts result in access denied or redirect to the sponsor portal.
✕ If you can reach any other portal's dashboard, log immediately as Blocker: "Sponsor access control not enforced on [portal] path."

Registration & Role Access 0/8

✓	Feature	Result / Notes
	Self-registration form loads and accepts valid input
	Registration rejected if email already in use
	Verification email received within 2 minutes of registration
	Verification link activates the account
	Login with unverified account is blocked
	Super admin sees self-registered accounts in Admin → Users
	Role assignment takes effect after next login
	Portal access control enforced — cannot access other roles' portals

Programme Admin — Setup & Configuration 0/11

✓	Feature	Result / Notes
	Create programme with name, deadline, fund amount, eligibility restriction
	Create universal programme with no eligibility filter
	Form builder: text, file upload, and dropdown field types added
	Conditional logic: field shows/hides based on dropdown value
	Form publishes successfully — status changes to "Published"
	Document checklist: required document types configured
	Notification toggles: per-programme on/off saves correctly
	Scoring rubric: 3+ criteria with weights summing to 100%
	Auto-assignment rule fires when application moves to approved_for_review
	Manual reviewer assignment works without triggering auto-rule
	Contract template: merge fields save and preview correctly

Learner — Application & Documents 0/12

✓	Feature	Result / Notes
	Eligible learner sees restricted programme in listing
	Ineligible learner does NOT see restricted programme (or is blocked on apply)
	Both learners see universal programme
	POPIA consent checkbox saves and enables applications
	Application form with conditional logic works correctly
	Save as draft preserves application state across navigation and logout
	Submit application: status changes, ApplicationSubmitted email fires
	Upload ID Document — appears in checklist as Pending
	Upload Academic Transcript — appears in checklist as Pending
	Upload Proof of Income — checklist shows 3/3 submitted
	Application status tracker shows correct timeline of events
	In-app notifications appear and can be marked as read

Document Verification 0/6

✓	Feature	Result / Notes
	Verification dashboard lists applications with pending documents
	Verify document — status updates to Verified, no errors
	Reject document with reason — rejection reason saved
	Rejection reason visible to learner in their portal
	All three documents verified → application automatically moves to under_review
	Verification queue updates after actions (verified items leave pending list)

Reviewer — COI, Scoring & Recommendation 0/9

✓	Feature	Result / Notes
	Reviewer dashboard loads with assigned applications visible
	COI declaration banner visible before any scoring is possible
	"No conflict" declaration allows access to scoring screen
	Rubric scoring inputs work; weighted total calculated correctly
	Submit scores — scores locked, editing not possible after submission
	Conflict declaration recuses reviewer from application
	Recused application removed from active scoring queue
	Admin panel shows recused status for conflicted reviewer
	Committee recommendation saved and visible on application

Shortlisting, Awards & Waitlist 0/11

✓	Feature	Result / Notes
	Bulk status change: multiple applications update simultaneously
	Each affected learner receives a StatusChanged notification
	Shortlist ranking shows applications ordered by weighted score
	Bulk shortlist action moves selected applications to "shortlisted"
	Award offer created — AwardOffered email fires to learner
	Offer letter PDF downloads with real merged data (no placeholders)
	Accept Award 1: status updates, ContractReady email fires
	Decline Award 2: status updates to "declined", cannot be reversed
	Declining award triggers waitlist promotion automatically
	Waitlisted learner receives WaitlistPromoted email
	Waitlist admin panel shows promotion timestamp

Contract Signing 0/6

✓	Feature	Result / Notes
	Contract generated with correctly merged data (name, amount, programme)
	Sign contract: timestamp and IP address recorded
	Download signed contract PDF successfully
	Signed contract shows "Signed" status with correct timestamp
	Contract version history: generated → signed, both timestamped
	Admin contract search finds signed contract by learner name

POPIA & Deadline Reminders 0/10

✓	Feature	Result / Notes
	Data access request submitted with reference number
	DSR status notification received when admin acknowledges
	Data export JSON contains real profile and application data
	Erasure request submitted with reference number
	Erasure executed: account anonymised, login fails
	Erasure report PDF written to storage
	Retention policy configuration area present and saves changes
	php artisan reminders:deadline --dry-run: lists correct applications, no emails sent
	php artisan reminders:deadline sends emails on first run
	Running reminder command twice sends no duplicate emails (idempotency)

Sponsor Portal 0/4

✓	Feature	Result / Notes
	Sponsor dashboard shows linked programme with application counts
	Application detail visible without restricted private learner data
	Awards section shows issued awards with correct statuses
	Sponsor cannot access admin, learner, or reviewer portal pages

Audit Trail 0/5

✓	Feature	Result / Notes
	Audit log accessible to super admin
	Log entries filterable by date
	Bulk shortlist entry present with correct user and timestamp
	Erasure entry present with correct user and timestamp
	Reviewer assignment entry present with correct user and timestamp

Bug Log

Log every issue found during testing. A bug that is not logged does not exist. Add rows using the button below. Triage all items on Day 4.

Total logged

Blockers

Functional gaps

Resolved

#	Day	Role	Step ref	What happened	Expected behaviour	Severity	Status	Screenshot?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

Day 1 — Pre-session, setup, and programme configuration

Day 1

Before 9am

Developer confirms: migrations clean, storage linked, email delivery to real inbox working, all seeded accounts active. UAT URL shared with Teboho.

Morning (~45 min)

Pre-session (Steps R1–R4): Register Teboho's personal account, verify email, confirm role access as super admin.

Morning (~30 min)

Super Admin session (SA-1): Confirm all seeded accounts visible, run user management tests.

Afternoon (~2.5h)

Programme Admin session (PA-1, PA-2): Create both programmes, form builder with conditional logic, document checklist, notification config, scoring rubric, auto-assignment rule, and contract template.

End-of-day checkpoint

Both programmes configured, form published, rubric and auto-assignment active. Do not proceed to Day 2 until all Day 1 items are confirmed.

Day 2 — Learner applications and document verification

Day 2

Morning (~1.5h)

Eligible Learner session (EL-1, EL-2, EL-3): Review Thabo's seeded profile, apply to the bursary with conditional form logic, upload all three required documents.

Midday (~45 min)

Ineligible Learner session (IL-1, IL-2): Confirm eligibility block and universal programme visibility, upload documents.

Afternoon (~45 min)

Verif. Officer session (VO-1, VO-2): Verify all three of Thabo's documents. Reject one of Lerato's with a specific reason. Confirm Thabo's application moves automatically to "under_review".

End-of-day checkpoint

All three of Thabo's documents verified. Application at "under_review". Lerato confirmed blocked on the restricted programme.

Day 3 — Review, shortlisting, awards, waitlist, contracts, sponsor portal

Day 3

Morning (~1h)

Programme Admin session (PA-3): Move Thabo's application to "approved_for_review". Confirm auto-assignment fires. Test manual assignment and COI recusal path.

Morning (~1h)

Reviewer session (RE-1, RE-1.5, RE-2): COI clean path, scoring, lock scores, conflict path on second application, committee recommendation.

Midday (~1.5h)

Programme Admin session (PA-4, PA-5): Committee recommendation, shortlist, bulk shortlist, create Award 1 and Award 2 for Thabo, place Lerato on waitlist.

Afternoon (~1.5h)

Eligible Learner session (EL-4, EL-5a, EL-5b, EL-6): Track application, accept Award 1, sign contract, decline Award 2 (triggers Lerato's promotion).

Afternoon (~30 min)

Ineligible Learner session (IL-3, IL-3b): Confirm waitlist promotion email received, decline promoted award.

Afternoon (~30 min)

Sponsor session (SP-1, SP-2): Dashboard, application visibility, award statuses, access control test.

⚠ Flag today

If blockers are accumulating, flag to developer today — this is the last point to add a buffer day before the Day 5 sign-off.

Day 4 — POPIA, deadline reminders, audit log, and bug triage

Day 4

Morning (~1h)

Learner sessions for DSRs: As Thabo (EL-7) — submit data access request. As Lerato (IL-4) — submit erasure request.

Morning (~1.5h)

Programme Admin session (PA-6, PA-7): Acknowledge Thabo's DSR, download data export, execute Lerato's erasure (UAT DB only!), test deadline reminder command with developer.

Midday (~1h)

Super Admin session (SA-2): Full audit log review. Contract repository search and version history check.

Afternoon (~1.5h)

Bug triage: Review every item in the bug log. Confirm each as Blocker, Functional Gap, or Polish. Assign developer fix priorities. Decide whether Day 5 plan holds.

End-of-day

All Feature Matrix items (Section 4) must be ticked or N/A by end of Day 4.

Day 5 — Blocker re-testing and formal sign-off

Day 5

Morning

Developer deploys fixes for all Day 4 blockers. Re-run only the specific affected steps to confirm fixes. Update bug log: "Fixed — re-tested [date] — PASS."

Afternoon

Super Admin session (SA-3): Contract repository final check. Send written sign-off email to developer. State UAT is complete and the system may proceed to go-live planning.

Sign-off note

Sign-off requires zero outstanding blockers. Functional gaps and polish items may remain open with a post-launch plan agreed.

7.1 Prerequisites — confirm before Day 1 morning

✓	Prerequisite	How to verify
☐	All migrations run clean against a fresh database	`php artisan migrate --fresh`
☐	Scheduler cron active on UAT server	`* * * * * php artisan schedule:run`
☐	All 8 seeded accounts active and accessible	`Log in with each credential set in the accounts table`
☐	Email delivery configured to real inboxes	`Register a test account; verify email lands in real inbox within 2 minutes`
☐	Storage symlink created	`php artisan storage:link`
☐	File permissions on storage/app/public allow web writes	`Upload a test PDF; confirm URL accessible in browser`
☐	Database seeded with learner profiles, sponsor, and contract template	`php artisan db:seed`
☐	Queue driver decision confirmed	`QUEUE_CONNECTION=sync or queue:work running`
☐	UAT environment is NOT the production database	`Confirm DB_DATABASE in .env points to UAT schema`

7.2 Commands reference

Command	When to run
`php artisan migrate --fresh --seed`	Before Day 1. Resets UAT database to clean seeded state.
`php artisan storage:link`	Once, before Day 1. Required for document and offer letter file serving.
`php artisan queue:work`	Run persistently if using database queue driver. Alternatively set QUEUE_CONNECTION=sync.
`php artisan reminders:deadline --dry-run`	Day 4 preview — lists applications without sending emails.
`php artisan reminders:deadline`	Day 4 — send actual reminders. Run twice to confirm no duplicate sends.

7.3 Known behaviours that are not bugs

Email delivery timing: If QUEUE_CONNECTION=sync, emails arrive instantly. If using database queue driver without queue:work running, emails queue but are not delivered. Decide before Day 1.

Eligibility filter: Ineligible learners see no trace of the restricted programme. This is by design. Lerato should not see "JTG UAT Bursary 2026" at all.

Session timeout: Learners who fill in a long form and step away may return to a logged-out session. The draft should be preserved. Expected behaviour.

POPIA erasure is irreversible. DataAnonymisation::anonymise() permanently wipes all PII. There is no undo. Only execute on the UAT database. Confirm DB_DATABASE in .env is not pointing at production before Lerato's erasure step on Day 4.