Feature: Finance Dashboard & Report Pages (#7702)

## What Changed
<!-- Short summary - what and why (not how) -->

This PR introduces a new Finance Dashboard module using Slim 4 MVC
architecture, providing a centralized hub for financial operations and
tax year reporting.

## Changes

### New Finance Module (`/finance/`)
- **Dashboard** with YTD metrics (payments, pledges, donor families,
payment count)
- **Tax Year Reporting Checklist** to guide year-end financial workflows
- **Quick Actions** for common tasks (Create Deposit, Add Pledge, Add
Payment, Generate Reports)
- **Reports Index** with organized categories (Tax & Giving, Pledge,
Deposit, Membership)
- **Recent Deposits** table filtered to current fiscal year

### Architecture
- Slim 4 MVC structure matching `/admin/` pattern
- `FinanceRoleAuthMiddleware` updated to allow admin OR finance
permission
- PhpRenderer for server-side views
- FinancialService extended with dashboard data methods

### Reusable Components
- **system-settings-panel** webpack component for embedding SystemConfig
settings on any page
- **_finance.scss** with metric card gradients, hover effects, and
responsive styles

### UX Improvements
- **PledgeEditor.php**: Color-coded mode indicators to distinguish
Pledge vs Payment entry
- **Menu**: Renamed "Deposit" to "Finance" with Dashboard as first item

### Testing
- Cypress tests for dashboard and reports index pages
- Access control tests using new `nofinance` test user (judith.matthews)
- Integration tests for navigation flows


## Type
<!-- Check one -->
- [x] ✨ Feature
- [ ] 🐛 Bug fix
- [ ] ♻️ Refactor
- [x] 🏗️ Build/Infrastructure
- [ ] 🔒 Security


## Screenshots
<!-- Only for UI changes - drag & drop images here -->
<img width="2191" height="1181" alt="image"
src="https://github.com/user-attachments/assets/ee390b98-14fc-48dc-b231-922249287607"
/>
<img width="1941" height="934" alt="image"
src="https://github.com/user-attachments/assets/ab389e7c-ab53-4983-bb07-9b15d52c69a4"
/>


## Security Check
<!-- Only check if applicable -->
- [ ] Introduces new input validation
- [ ] Modifies authentication/authorization
- [ ] Affects data privacy/GDPR

### Code Quality
- [x] Database: Propel ORM only, no raw SQL
- [ ] No deprecated attributes (align, valign, nowrap, border,
cellpadding, cellspacing, bgcolor)
- [ ] Bootstrap CSS classes used
- [x] All CSS bundled via webpack

## Pre-Merge
- [x] Tested locally
- [ ] No new warnings
- [ ] Build passes
- [ ] Backward compatible (or migration documented)

Author: DawoudIO

.github/copilot-instructions.md

@@ -32,6 +32,13 @@ Routing & middleware
   - Routes are prefixed with `/admin/api/` when accessed from frontend
   - Use kebab-case for endpoint names (e.g., `/delete-all`)
   - AdminRoleAuthMiddleware is applied at the router level
+- **Finance Module** (consolidated at `/finance/`):
+  - Entry point: `src/finance/index.php` with Slim 4 app
+  - Routes in `src/finance/routes/` (dashboard.php, reports.php)
+  - Views in `src/finance/views/` with PhpRenderer
+  - Examples: `/finance/` (dashboard), `/finance/reports`
+  - Use FinanceRoleAuthMiddleware for security (allows admin OR finance permission)
+  - Menu entry in `src/ChurchCRM/Config/Menu/Menu.php` under "Finance"
 - **Deprecated locations** (DO NOT USE):
   - `src/v2/routes/admin/` - REMOVED (admin routes consolidated to `/admin/system/`)
   - `src/api/routes/system/` - Legacy admin APIs (no new files here)
@@ -464,6 +471,7 @@ describe('Feature X', () => {
 **Available Commands:**
 - `cy.setupAdminSession()` - Authenticates as admin (reads `admin.username`, `admin.password` from config)
 - `cy.setupStandardSession()` - Authenticates as standard user (reads `standard.username`, `standard.password` from config)
+- `cy.setupNoFinanceSession()` - Authenticates as user without finance permission (reads `nofinance.username`, `nofinance.password` from config)
 - `cy.typeInQuill()` - Rich text editor input
 
 **Credentials Configuration:**
@@ -474,6 +482,8 @@ env: {
     'admin.password': 'changeme',
     'standard.username': 'tony.wade@example.com',
     'standard.password': 'basicjoe',
+    'nofinance.username': 'judith.matthews@example.com',
+    'nofinance.password': 'noMoney$',
 }
 ```
 - DO NOT hardcode credentials in test files
@@ -598,6 +608,7 @@ Before committing code changes, verify:
 | `src/ChurchCRM/model/ChurchCRM/` | Propel ORM generated classes (don't edit) |
 | `src/api/` | REST API entry point + routes |
 | `src/admin/routes/api/` | Admin-only API endpoints (NEW - use this for admin APIs) |
+| `src/finance/` | Finance module (Slim 4 MVC) - dashboard, reports |
 | `src/Include/` | Utility functions, helpers, Config.php |
 | `src/locale/` | i18n/translation strings |
 | `src/skin/v2/` | Compiled CSS/JS from Webpack |
@@ -765,6 +776,6 @@ This ensures security vulnerabilities are not publicly disclosed and directs rep
 
 ---
 
-Last updated: November 9, 2025
+Last updated: December 1, 2025
 
 ```

cypress/e2e/api/private/admin/private.admin.user.settings.spec.js

@@ -1,10 +1,12 @@
 /// <reference types="cypress" />
 
+// Use user 99 (amanda.black) for these tests to avoid conflicts with
+// user 95 (judith.matthews) which is used for nofinance session tests
 describe("API Private Admin User", () => {
     it("Reset User failed logins", () => {
         cy.makePrivateAdminAPICall(
             "POST",
-            "/api/user/95/login/reset",
+            "/api/user/99/login/reset",
             null,
             200,
         );
@@ -13,7 +15,7 @@ describe("API Private Admin User", () => {
     it("Reset User Password", () => {
         cy.makePrivateAdminAPICall(
             "POST",
-            "/api/user/95/password/reset",
+            "/api/user/99/password/reset",
             null,
             200,
         );
@@ -22,7 +24,7 @@ describe("API Private Admin User", () => {
     it("DisableTwoFactor", () => {
         cy.makePrivateAdminAPICall(
             "POST",
-            "/api/user/95/disableTwoFactor",
+            "/api/user/99/disableTwoFactor",
             null,
             200,
         );

cypress/e2e/ui/admin/admin.user.spec.js

@@ -9,12 +9,12 @@ describe("Admin User Password", () => {
     });
 
     it("Admin Change password", () => {
-        cy.visit("v2/user/95/changePassword");
-        cy.contains("Change Password: Judith Kennedy");
+        cy.visit("v2/user/99/changePassword");
+        cy.contains("Change Password: Amanda Black");
         cy.get("#NewPassword1").type("new-user-password");
         cy.get("#NewPassword2").type("new-user-password");
         cy.get("form:nth-child(2)").submit();
-        cy.url().should("contain", "v2/user/95/changePassword");
+        cy.url().should("contain", "v2/user/99/changePassword");
         cy.contains("Password Change Successful");
     });
 

cypress/e2e/ui/finance/finance.dashboard.spec.js

@@ -0,0 +1,179 @@
+/// <reference types="cypress" />
+
+/**
+ * Finance Dashboard Tests
+ *
+ * Tests for the new /finance/ module with Slim 4 MVC structure.
+ * The finance dashboard provides:
+ * - YTD payment and pledge metrics
+ * - Tax year reporting checklist
+ * - Quick actions for deposits and reports
+ * - Recent deposits list
+ * - Donation funds overview
+ */
+
+describe("Finance Dashboard", () => {
+    beforeEach(() => {
+        cy.setupAdminSession();
+    });
+
+    it("should load the finance dashboard", () => {
+        cy.visit("/finance/");
+        cy.contains("Finance Dashboard");
+        cy.contains("Fiscal Year");
+    });
+
+    it("should display YTD metrics cards", () => {
+        cy.visit("/finance/");
+
+        // Check for the 4 metric cards
+        cy.contains("YTD Payments");
+        cy.contains("YTD Pledges");
+        cy.contains("Donor Families");
+        cy.contains("Total Payments");
+    });
+
+    it("should display Quick Actions section", () => {
+        cy.visit("/finance/");
+
+        cy.contains("Quick Actions");
+        cy.contains("Create Deposit");
+        cy.contains("Add Payment");
+        cy.contains("Generate Reports");
+    });
+
+    it("should navigate to deposits page from Create Deposit button", () => {
+        cy.visit("/finance/");
+
+        // Find and click the Create Deposit button
+        cy.contains("a", "Create Deposit").click();
+        cy.url().should("contain", "FindDepositSlip.php");
+        cy.contains("Deposit Listing");
+    });
+
+    it("should navigate to reports page from Generate Reports button", () => {
+        cy.visit("/finance/");
+
+        // Find and click the Generate Reports button
+        cy.contains("a", "Generate Reports").click();
+        cy.url().should("contain", "/finance/reports");
+        cy.contains("Financial Reports");
+    });
+
+    it("should display Tax Year Reporting Checklist", () => {
+        cy.visit("/finance/");
+
+        cy.contains("Tax Year Reporting Checklist");
+        cy.contains("Close All Deposits");
+        cy.contains("Review Donation Funds");
+        cy.contains("Church Information");
+        cy.contains("Tax Report Verbiage");
+        cy.contains("Generate Tax Statements");
+    });
+
+    it("should display Recent Deposits section", () => {
+        cy.visit("/finance/");
+
+        cy.contains("Recent Deposits");
+        cy.contains("View All");
+
+        // Check table headers if deposits exist
+        cy.get("body").then(($body) => {
+            if ($body.find("table.table-hover").length > 0) {
+                cy.contains("th", "ID");
+                cy.contains("th", "Date");
+                cy.contains("th", "Type");
+                cy.contains("th", "Status");
+            }
+        });
+    });
+
+    it("should display Deposit Statistics sidebar", () => {
+        cy.visit("/finance/");
+
+        cy.contains("Deposit Statistics");
+        cy.contains("Total Deposits:");
+        cy.contains("Open Deposits:");
+        cy.contains("Closed Deposits:");
+    });
+
+    it("should display Donation Funds sidebar", () => {
+        cy.visit("/finance/");
+
+        cy.contains("Donation Funds");
+    });
+
+    it("should link to Donation Fund Editor from Manage Funds button", () => {
+        cy.visit("/finance/");
+
+        // Admin should see Manage Funds link
+        cy.contains("a", "Manage Funds").click();
+        cy.url().should("contain", "DonationFundEditor.php");
+    });
+
+    it("should navigate to settings from Church Information checklist item", () => {
+        cy.visit("/finance/");
+
+        // Find the Settings button in the Church Information row
+        cy.contains("Church Information")
+            .parents(".list-group-item")
+            .find("a")
+            .contains("Settings")
+            .click();
+
+        cy.url().should("contain", "SystemSettings.php");
+    });
+
+    it("should link deposits checklist to FindDepositSlip", () => {
+        cy.visit("/finance/");
+
+        // Find the View button in the Close All Deposits row
+        cy.contains("Close All Deposits")
+            .parents(".list-group-item")
+            .find("a")
+            .contains("View")
+            .click();
+
+        cy.url().should("contain", "FindDepositSlip.php");
+    });
+});
+
+describe("Finance Dashboard - Standard User Access", () => {
+    beforeEach(() => {
+        cy.setupStandardSession();
+    });
+
+    it("should allow standard users with finance permission to access the dashboard", () => {
+        // The standard test user (tony.wade) has finance permissions enabled in demo database
+        cy.visit("/finance/");
+        
+        // Should be able to see the dashboard
+        cy.get("h1").should("contain", "Finance Dashboard");
+        
+        // Metrics should be visible
+        cy.get(".finance-metric-card").should("have.length.at.least", 3);
+    });
+});
+
+describe("Finance Dashboard - No Finance Permission", () => {
+    beforeEach(() => {
+        cy.setupNoFinanceSession();
+    });
+
+    it("should deny access to users without finance permission", () => {
+        // User judith.matthews has no finance permission
+        cy.visit("/finance/", { failOnStatusCode: false });
+        
+        // Should be redirected to access-denied page
+        cy.url().should("include", "/v2/access-denied");
+        cy.url().should("include", "role=Finance");
+    });
+
+    it("should deny access to finance reports for users without finance permission", () => {
+        cy.visit("/finance/reports", { failOnStatusCode: false });
+        
+        // Should be redirected to access-denied page
+        cy.url().should("include", "/v2/access-denied");
+        cy.url().should("include", "role=Finance");
+    });
+});

cypress/e2e/ui/finance/finance.deposits.spec.js

@@ -11,6 +11,30 @@ describe("Finance Deposits", () => {
         cy.contains("Envelope Manager");
     });
 
+    it("Navigate to deposits from Finance Dashboard", () => {
+        cy.visit("/finance/");
+        cy.contains("Finance Dashboard");
+        
+        // Click Create Deposit from Quick Actions
+        cy.contains("a", "Create Deposit").click();
+        cy.url().should("contain", "FindDepositSlip.php");
+        cy.contains("Deposit Listing");
+    });
+
+    it("Navigate to deposits from Finance Menu", () => {
+        cy.visit("/finance/");
+        
+        // Use the View All link in Recent Deposits section
+        cy.contains("Recent Deposits")
+            .parents(".card")
+            .find("a")
+            .contains("View All")
+            .click();
+            
+        cy.url().should("contain", "FindDepositSlip.php");
+        cy.contains("Deposit Listing");
+    });
+
     it("Create a new Deposit without comment", () => {
         cy.visit("/FindDepositSlip.php");
         cy.get("#depositComment").clear();