@jmruthers/pace-core 0.2.4 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (88) hide show
  1. package/dist/{api-GZHIDA4X.js → api-T6CBS7IO.js} +3 -2
  2. package/dist/cache-I72HKDOA.js +12 -0
  3. package/dist/cache-I72HKDOA.js.map +1 -0
  4. package/dist/{chunk-6ZQVSHKL.js → chunk-ANE4PDC2.js} +9 -158
  5. package/dist/chunk-ANE4PDC2.js.map +1 -0
  6. package/dist/chunk-MRRFJ6SA.js +161 -0
  7. package/dist/chunk-MRRFJ6SA.js.map +1 -0
  8. package/dist/{chunk-OKXMUYIB.js → chunk-O4T53L7X.js} +3 -3
  9. package/dist/{chunk-7JL3T7BO.js → chunk-UY7AM4QG.js} +3 -3
  10. package/dist/components.js +3 -2
  11. package/dist/components.js.map +1 -1
  12. package/dist/hooks.js +1 -1
  13. package/dist/index.js +4 -3
  14. package/dist/index.js.map +1 -1
  15. package/dist/rbac/index.d.ts +2 -0
  16. package/dist/rbac/index.js +18 -11
  17. package/dist/rbac/index.js.map +1 -1
  18. package/docs/api/classes/ErrorBoundary.md +1 -1
  19. package/docs/api/classes/PublicErrorBoundary.md +1 -1
  20. package/docs/api/interfaces/AggregateConfig.md +1 -1
  21. package/docs/api/interfaces/ButtonProps.md +1 -1
  22. package/docs/api/interfaces/CardProps.md +1 -1
  23. package/docs/api/interfaces/ColorPalette.md +1 -1
  24. package/docs/api/interfaces/ColorShade.md +1 -1
  25. package/docs/api/interfaces/DataTableAction.md +1 -1
  26. package/docs/api/interfaces/DataTableColumn.md +1 -1
  27. package/docs/api/interfaces/DataTableProps.md +1 -1
  28. package/docs/api/interfaces/DataTableToolbarButton.md +1 -1
  29. package/docs/api/interfaces/EmptyStateConfig.md +1 -1
  30. package/docs/api/interfaces/EventContextType.md +1 -1
  31. package/docs/api/interfaces/EventLogoProps.md +1 -1
  32. package/docs/api/interfaces/EventProviderProps.md +1 -1
  33. package/docs/api/interfaces/FileSizeLimits.md +1 -1
  34. package/docs/api/interfaces/FileUploadProps.md +1 -1
  35. package/docs/api/interfaces/FooterProps.md +1 -1
  36. package/docs/api/interfaces/InactivityWarningModalProps.md +1 -1
  37. package/docs/api/interfaces/InputProps.md +1 -1
  38. package/docs/api/interfaces/LabelProps.md +1 -1
  39. package/docs/api/interfaces/LoginFormProps.md +1 -1
  40. package/docs/api/interfaces/NavigationItem.md +1 -1
  41. package/docs/api/interfaces/NavigationMenuProps.md +1 -1
  42. package/docs/api/interfaces/Organisation.md +1 -1
  43. package/docs/api/interfaces/OrganisationContextType.md +1 -1
  44. package/docs/api/interfaces/OrganisationMembership.md +1 -1
  45. package/docs/api/interfaces/OrganisationProviderProps.md +1 -1
  46. package/docs/api/interfaces/OrganisationSecurityError.md +1 -1
  47. package/docs/api/interfaces/PaceAppLayoutProps.md +1 -1
  48. package/docs/api/interfaces/PaceLoginPageProps.md +1 -1
  49. package/docs/api/interfaces/PaletteData.md +1 -1
  50. package/docs/api/interfaces/PublicErrorBoundaryProps.md +1 -1
  51. package/docs/api/interfaces/PublicErrorBoundaryState.md +1 -1
  52. package/docs/api/interfaces/PublicLoadingSpinnerProps.md +1 -1
  53. package/docs/api/interfaces/PublicPageFooterProps.md +1 -1
  54. package/docs/api/interfaces/PublicPageHeaderProps.md +1 -1
  55. package/docs/api/interfaces/PublicPageLayoutProps.md +1 -1
  56. package/docs/api/interfaces/StorageConfig.md +1 -1
  57. package/docs/api/interfaces/StorageFileInfo.md +1 -1
  58. package/docs/api/interfaces/StorageFileMetadata.md +1 -1
  59. package/docs/api/interfaces/StorageListOptions.md +1 -1
  60. package/docs/api/interfaces/StorageListResult.md +1 -1
  61. package/docs/api/interfaces/StorageUploadOptions.md +1 -1
  62. package/docs/api/interfaces/StorageUploadResult.md +1 -1
  63. package/docs/api/interfaces/StorageUrlOptions.md +1 -1
  64. package/docs/api/interfaces/StyleImport.md +1 -1
  65. package/docs/api/interfaces/ToastActionElement.md +1 -1
  66. package/docs/api/interfaces/ToastProps.md +1 -1
  67. package/docs/api/interfaces/UnifiedAuthContextType.md +1 -1
  68. package/docs/api/interfaces/UnifiedAuthProviderProps.md +1 -1
  69. package/docs/api/interfaces/UseInactivityTrackerOptions.md +1 -1
  70. package/docs/api/interfaces/UseInactivityTrackerReturn.md +1 -1
  71. package/docs/api/interfaces/UsePublicEventLogoOptions.md +1 -1
  72. package/docs/api/interfaces/UsePublicEventLogoReturn.md +1 -1
  73. package/docs/api/interfaces/UsePublicEventOptions.md +1 -1
  74. package/docs/api/interfaces/UsePublicEventReturn.md +1 -1
  75. package/docs/api/interfaces/UsePublicRouteParamsReturn.md +1 -1
  76. package/docs/api/interfaces/UserEventAccess.md +1 -1
  77. package/docs/api/interfaces/UserMenuProps.md +1 -1
  78. package/docs/api/interfaces/UserProfile.md +1 -1
  79. package/docs/api/modules.md +2 -2
  80. package/package.json +1 -1
  81. package/src/rbac/api.ts +2 -0
  82. package/src/rbac/cache.ts +2 -0
  83. package/src/rbac/hooks.ts +7 -0
  84. package/src/rbac/types.ts +2 -0
  85. package/dist/chunk-6ZQVSHKL.js.map +0 -1
  86. /package/dist/{api-GZHIDA4X.js.map → api-T6CBS7IO.js.map} +0 -0
  87. /package/dist/{chunk-OKXMUYIB.js.map → chunk-O4T53L7X.js.map} +0 -0
  88. /package/dist/{chunk-7JL3T7BO.js.map → chunk-UY7AM4QG.js.map} +0 -0
package/dist/hooks.js CHANGED
@@ -11,7 +11,7 @@ import {
11
11
  usePublicEvent,
12
12
  usePublicEventCode,
13
13
  usePublicRouteParams
14
- } from "./chunk-OKXMUYIB.js";
14
+ } from "./chunk-O4T53L7X.js";
15
15
  import {
16
16
  clearPublicLogoCache,
17
17
  getPublicLogoCacheStats,
package/dist/index.js CHANGED
@@ -65,7 +65,7 @@ import {
65
65
  useStorage,
66
66
  useToast,
67
67
  validateFileSize
68
- } from "./chunk-7JL3T7BO.js";
68
+ } from "./chunk-UY7AM4QG.js";
69
69
  import {
70
70
  Alert,
71
71
  AlertDescription,
@@ -90,7 +90,8 @@ import {
90
90
  TableHeader,
91
91
  TableRow
92
92
  } from "./chunk-WYB6MBZA.js";
93
- import "./chunk-6ZQVSHKL.js";
93
+ import "./chunk-ANE4PDC2.js";
94
+ import "./chunk-MRRFJ6SA.js";
94
95
  import "./chunk-7BNPOCLL.js";
95
96
  import {
96
97
  EventProvider,
@@ -107,7 +108,7 @@ import {
107
108
  usePublicEvent,
108
109
  usePublicEventCode,
109
110
  usePublicRouteParams
110
- } from "./chunk-OKXMUYIB.js";
111
+ } from "./chunk-O4T53L7X.js";
111
112
  import {
112
113
  DefaultPublicErrorFallback,
113
114
  PublicErrorBoundary,
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/utils/secureDataAccess.ts"],"sourcesContent":["/**\n * @file Complete Component Library Export\n * @package @jmruthers/pace-core\n * @module Core\n * @since 0.1.0\n * \n * This file exports the primary components, hooks, and utilities from the PACE Core library.\n * It is the main entry point for developers using the library.\n * \n * @example\n * // Import common components\n * import { Button, Card, useUnifiedAuth } from '@jmruthers/pace-core';\n * \n * // For specialized components, use the complete library import:\n * import { Dialog, NavigationMenu } from '@jmruthers/pace-core/components';\n */\n\n// AUTHENTICATION & AUTHORIZATION\nexport { UnifiedAuthProvider, useUnifiedAuth } from './providers/UnifiedAuthProvider';\nexport type { UnifiedAuthProviderProps, UnifiedAuthContextType, UserEventAccess } from './providers/UnifiedAuthProvider';\nexport { EventProvider, useEvents } from './providers/EventProvider';\nexport type { EventProviderProps, EventContextType } from './providers/EventProvider';\nexport { OrganisationProvider, useOrganisations } from './providers/OrganisationProvider';\nexport type { \n Organisation, \n OrganisationMembership, \n OrganisationContextType, \n OrganisationProviderProps,\n OrganisationSecurityError \n} from './types/organisation';\n\n// INACTIVITY TRACKING\nexport { InactivityWarningModal } from './components/InactivityWarningModal/InactivityWarningModal';\nexport type { InactivityWarningModalProps } from './components/InactivityWarningModal/InactivityWarningModal';\nexport { useInactivityTracker } from './hooks/useInactivityTracker';\nexport type { UseInactivityTrackerOptions, UseInactivityTrackerReturn } from './hooks/useInactivityTracker';\n\n// RBAC SYSTEM - Use the new RBAC module\n// Note: For RBAC functionality, use @jmruthers/pace-core/rbac instead\n// This provides a complete, type-safe RBAC system with organisation context enforcement\n\n// BASIC UI COMPONENTS\nexport { Button } from './components/Button/Button';\nexport type { ButtonProps } from './components/Button/Button';\n\nexport { \n Card, \n CardHeader, \n CardFooter, \n CardTitle, \n CardDescription, \n CardContent,\n CardActions\n} from './components/Card/Card';\nexport type { CardProps } from './components/Card/Card';\n\nexport { Input } from './components/Input/Input';\nexport type { InputProps } from './components/Input/Input';\nexport { Label } from './components/Label/Label';\nexport type { LabelProps } from './components/Label/Label';\n\nexport { Alert, AlertTitle, AlertDescription } from './components/Alert/Alert';\nexport { Avatar, AvatarImage, AvatarFallback } from './components/Avatar/Avatar';\n\nexport { Checkbox } from './components/Checkbox/Checkbox';\nexport { Progress } from './components/Progress/Progress';\n\n// ADVANCED UI COMPONENTS\nexport {\n Dialog,\n DialogPortal,\n DialogOverlay,\n DialogTrigger,\n DialogClose,\n DialogContent,\n DialogHeader,\n DialogBody,\n DialogFooter,\n DialogTitle,\n DialogDescription,\n} from './components/Dialog/Dialog';\n\n// Dropdown Menu exports\n// DropdownMenu components have been merged into Select components\n\n// Select exports\nexport {\n Select,\n SelectGroup,\n SelectValue,\n SelectTrigger,\n SelectContent,\n SelectLabel,\n SelectItem,\n SelectSeparator,\n} from './components/Select';\n\n// Modal functionality is provided by Dialog components\n\nexport {\n Toast,\n Toaster,\n ToastAction,\n ToastProvider,\n ToastViewport,\n ToastTitle,\n ToastDescription,\n ToastClose,\n useToast,\n} from './components/Toast/Toast';\nexport type { ToastActionElement, ToastProps } from './components/Toast/Toast';\n\nexport { Tooltip, TooltipTrigger, TooltipContent, TooltipProvider, TooltipRoot } from './components/Tooltip/Tooltip';\n\n// DATA DISPLAY COMPONENTS\nexport {\n DataTable,\n type DataTableProps,\n type DataTableColumn,\n type DataTableAction,\n type DataTableToolbarButton,\n type AggregateConfig,\n type EmptyStateConfig,\n type GetRowId\n} from './components/DataTable';\n\n// Re-export types from DataTable types\nexport type { DataRecord } from './components/DataTable/types';\n\n// FORM COMPONENTS\nexport { Form } from './components/Form/Form';\nexport { LoginForm } from './components/LoginForm/LoginForm';\nexport type { LoginFormProps } from './components/LoginForm/LoginForm';\n\n// LAYOUT COMPONENTS\nexport { Header } from './components/Header/Header';\nexport { Footer } from './components/Footer/Footer';\nexport type { FooterProps } from './components/Footer/Footer';\n\n// NAVIGATION COMPONENTS\nexport { NavigationMenu } from './components/NavigationMenu/NavigationMenu';\nexport type { NavigationMenuProps, NavigationItem } from './components/NavigationMenu/types';\nexport { UserMenu } from './components/UserMenu/UserMenu';\nexport type { UserMenuProps } from './components/UserMenu/UserMenu';\n\n// Reusable Page/Layout Components\nexport { PaceAppLayout } from './components/PaceAppLayout/PaceAppLayout';\nexport type { PaceAppLayoutProps } from './components/PaceAppLayout/PaceAppLayout';\nexport { PaceLoginPage } from './components/PaceLoginPage/PaceLoginPage';\nexport type { PaceLoginPageProps } from './components/PaceLoginPage/PaceLoginPage';\n\n// UTILITY COMPONENTS\nexport { ErrorBoundary } from './components/ErrorBoundary/ErrorBoundary';\nexport { LoadingSpinner } from './components/LoadingSpinner/LoadingSpinner';\n\n// EVENT MANAGEMENT\nexport { EventSelector } from './components/EventSelector/EventSelector';\n\n// ORGANISATION MANAGEMENT\nexport { OrganisationSelector } from './components/OrganisationSelector/OrganisationSelector';\nexport { useOrganisationPermissions } from './hooks/useOrganisationPermissions';\nexport { useOrganisationSecurity } from './hooks/useOrganisationSecurity';\nexport { createSecureDataAccess } from './utils/secureDataAccess';\n\n// TYPES\nexport type { UserProfile } from './types/organisation';\n\n// AUTHENTICATION FORMS\nexport { PasswordResetForm } from './components/PasswordReset/PasswordResetForm';\nexport { PasswordChangeForm } from './components/PasswordReset/PasswordChangeForm';\n\n// UTILS & HOOKS\nexport { useAppConfig } from './hooks/useAppConfig';\nexport { cn } from './utils/cn';\nexport { setAppConfig, getAppConfig, getCurrentAppName, getCurrentAppId } from './utils/appConfig';\n\n// STORAGE UTILITIES\nexport { FileUpload } from './components/FileUpload/FileUpload';\nexport type { FileUploadProps } from './components/FileUpload/FileUpload';\nexport { useStorage, useFileUpload } from './hooks/useStorage';\nexport * from './utils/storage';\n\n// Table components\nexport {\n Table,\n TableHeader,\n TableBody,\n TableCaption,\n TableCell,\n TableFooter,\n TableHead,\n TableRow,\n} from './components/Table/Table';\n\n// STYLES\nexport * from './styles';\n\n// PUBLIC PAGES\nexport * from './hooks/public';\nexport * from './components/PublicLayout';\n","/**\n * @file Secure Data Access Utility\n * @package @jmruthers/pace-core\n * @module Utils/SecureDataAccess\n * @since 0.4.0\n *\n * Secure data access utilities that enforce organisation context for all database operations.\n * Prevents data leakage between organisations and ensures proper access validation.\n */\n\nimport type { SupabaseClient } from '@supabase/supabase-js';\nimport type { SecureQueryOptions } from '../types/organisation';\n\n// Generic database record type\nexport interface DatabaseRecord {\n id: string;\n organisation_id: string;\n [key: string]: unknown;\n}\n\n// Generic data for insert/update operations\nexport interface DatabaseData {\n [key: string]: unknown;\n}\n\n// Generic filters for queries\nexport interface DatabaseFilters {\n [key: string]: unknown;\n}\n\nexport interface SecureDataAccess {\n // Secure query methods\n secureQuery: <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions) => Promise<T[]>;\n secureSingleQuery: <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions) => Promise<T | null>;\n \n // Secure mutation methods\n secureInsert: <T extends DatabaseRecord = DatabaseRecord>(table: string, data: DatabaseData, organisationId: string) => Promise<T | null>;\n secureUpdate: <T extends DatabaseRecord = DatabaseRecord>(table: string, data: DatabaseData, filters: DatabaseFilters, organisationId: string) => Promise<T | null>;\n secureDelete: (table: string, filters: DatabaseFilters, organisationId: string) => Promise<boolean>;\n \n // Organisation-scoped queries\n queryByOrganisation: <T extends DatabaseRecord = DatabaseRecord>(table: string, select: string, organisationId: string, filters?: DatabaseFilters) => Promise<T[]>;\n \n // Validation helpers\n validateOrganisationContext: (organisationId: string) => void;\n ensureOrganisationColumn: (table: string) => boolean;\n}\n\nexport interface SecureQueryBuilder {\n table: string;\n select: string;\n organisationId: string;\n filters?: DatabaseFilters;\n orderBy?: string;\n limit?: number;\n offset?: number;\n}\n\n/**\n * Create a secure data access instance\n * @param supabase - Supabase client instance\n * @param organisationId - Current organisation context\n * @param isSuperAdmin - Whether user has super admin privileges\n * @returns Secure data access utilities\n */\nexport const createSecureDataAccess = (\n supabase: SupabaseClient,\n organisationId: string,\n isSuperAdmin: boolean = false\n): SecureDataAccess => {\n \n // Validate organisation context\n const validateOrganisationContext = (orgId: string): void => {\n if (!orgId) {\n throw new Error('Organisation context is required for secure data access');\n }\n \n if (!isSuperAdmin && !orgId) {\n throw new Error('Organisation context is mandatory for non-super admin users');\n }\n };\n\n // Check if table has organisation_id column\n const ensureOrganisationColumn = (table: string): boolean => {\n // This is a simplified check - in production you might want to cache this\n const tablesWithOrganisation = [\n 'event', 'organisation_settings',\n 'rbac_event_app_roles', 'rbac_organisation_roles',\n // SECURITY: Phase 2 additions - complete organisation table mapping\n 'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',\n // SECURITY: Emergency additions for Phase 1 fixes\n 'cake_meal', 'cake_mealtype', 'pace_person', 'pace_member',\n // SECURITY: Phase 3A additions - medical and personal data\n 'medi_profile', 'medi_condition', 'medi_diet', 'medi_action_plan', 'medi_profile_versions',\n 'pace_consent', 'pace_contact', 'pace_id_documents', 'pace_qualifications',\n 'form_responses', 'form_response_values', 'forms',\n // SECURITY: Phase 3B additions - remaining critical tables\n 'invoice', 'line_item', 'credit_balance', 'payment_method',\n 'form_contexts', 'form_field_config', 'form_fields',\n 'cake_delivery', 'cake_diettype', 'cake_diner', 'cake_dish', 'cake_item', \n 'cake_logistics', 'cake_mealplan', 'cake_package', 'cake_recipe', 'cake_supplier', \n 'cake_supply', 'cake_unit', 'event_app_access', 'base_application', 'base_questions'\n ];\n \n return tablesWithOrganisation.includes(table);\n };\n\n // Build secure query with organisation context\n const buildSecureQuery = (options: SecureQueryBuilder) => {\n const { table, select, organisationId: orgId, filters, orderBy, limit, offset } = options;\n \n validateOrganisationContext(orgId);\n \n let query = supabase\n .from(table)\n .select(select);\n \n // Add organisation filter (unless super admin)\n if (!isSuperAdmin && ensureOrganisationColumn(table)) {\n query = query.eq('organisation_id', orgId);\n }\n \n // Add additional filters\n if (filters) {\n Object.entries(filters).forEach(([key, value]) => {\n if (value !== undefined && value !== null) {\n // Handle qualified column names (e.g., 'users.role')\n const columnName = key.includes('.') ? key.split('.').pop()! : key;\n query = query.eq(columnName, value);\n }\n });\n }\n \n // Add ordering\n if (orderBy) {\n // Only use the column name, not a qualified name\n const orderByColumn = orderBy.split('.').pop();\n if (orderByColumn) {\n query = query.order(orderByColumn);\n }\n }\n \n // Add pagination\n if (limit) {\n query = query.limit(limit);\n }\n \n if (offset) {\n query = query.range(offset, offset + (limit || 10) - 1);\n }\n \n return query;\n };\n\n // Secure query for multiple results\n const secureQuery = async <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions): Promise<T[]> => {\n const { table, select, organisationId: orgId, filters } = options;\n \n try {\n const query = buildSecureQuery({\n table,\n select,\n organisationId: orgId,\n filters\n });\n \n const { data, error } = await query;\n \n if (error) {\n throw error;\n }\n \n // Ensure data is an array and not an error type\n if (Array.isArray(data)) {\n return data as unknown as T[];\n }\n \n return [];\n } catch (error) {\n throw error;\n }\n };\n\n // Secure query for single result\n const secureSingleQuery = async <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions): Promise<T | null> => {\n const { table, select, organisationId: orgId, filters } = options;\n \n try {\n const query = buildSecureQuery({\n table,\n select,\n organisationId: orgId,\n filters\n });\n \n const { data, error } = await query.single();\n \n if (error) {\n if (error.code === 'PGRST116') {\n // No rows returned\n return null;\n }\n throw error;\n }\n \n // Ensure data is not an error type\n if (data && typeof data === 'object' && !('code' in data)) {\n return data as unknown as T;\n }\n \n return null;\n } catch (error) {\n throw error;\n }\n };\n\n // Secure insert with organisation context\n const secureInsert = async <T extends DatabaseRecord = DatabaseRecord>(\n table: string, \n data: DatabaseData, \n organisationId: string\n ): Promise<T | null> => {\n validateOrganisationContext(organisationId);\n \n try {\n const insertData = {\n ...data,\n organisation_id: organisationId\n };\n \n const { data: result, error } = await supabase\n .from(table)\n .insert(insertData)\n .select()\n .single();\n \n if (error) {\n throw error;\n }\n \n return result;\n } catch (error) {\n throw error;\n }\n };\n\n // Secure update with organisation context\n const secureUpdate = async <T extends DatabaseRecord = DatabaseRecord>(\n table: string, \n data: DatabaseData, \n filters: DatabaseFilters, \n organisationId: string\n ): Promise<T | null> => {\n validateOrganisationContext(organisationId);\n \n try {\n let query = supabase\n .from(table)\n .update(data);\n \n // Add organisation filter (unless super admin)\n if (!isSuperAdmin && ensureOrganisationColumn(table)) {\n query = query.eq('organisation_id', organisationId);\n }\n \n // Add additional filters\n if (filters) {\n Object.entries(filters).forEach(([key, value]) => {\n if (value !== undefined && value !== null) {\n query = query.eq(key, value);\n }\n });\n }\n \n const { data: result, error } = await query.select().single();\n \n if (error) {\n throw error;\n }\n \n return result;\n } catch (error) {\n throw error;\n }\n };\n\n // Secure delete with organisation context\n const secureDelete = async (\n table: string, \n filters: DatabaseFilters, \n organisationId: string\n ): Promise<boolean> => {\n validateOrganisationContext(organisationId);\n \n try {\n let query = supabase\n .from(table)\n .delete();\n \n // Add organisation filter (unless super admin)\n if (!isSuperAdmin && ensureOrganisationColumn(table)) {\n query = query.eq('organisation_id', organisationId);\n }\n \n // Add additional filters\n if (filters) {\n Object.entries(filters).forEach(([key, value]) => {\n if (value !== undefined && value !== null) {\n query = query.eq(key, value);\n }\n });\n }\n \n const { error } = await query;\n \n if (error) {\n throw error;\n }\n \n return true;\n } catch (error) {\n throw error;\n }\n };\n\n // Organisation-scoped query helper\n const queryByOrganisation = async <T extends DatabaseRecord = DatabaseRecord>(\n table: string, \n select: string, \n organisationId: string, \n filters?: DatabaseFilters\n ): Promise<T[]> => {\n return secureQuery<T>({\n table,\n select,\n organisationId,\n filters\n });\n };\n\n return {\n secureQuery,\n secureSingleQuery,\n secureInsert,\n secureUpdate,\n secureDelete,\n queryByOrganisation,\n validateOrganisationContext,\n ensureOrganisationColumn\n };\n};\n\n/**\n * Hook for secure data access\n * @returns Secure data access utilities\n */\nexport const useSecureDataAccess = (): SecureDataAccess => {\n // This would typically get the context from providers\n // For now, we'll create a placeholder that can be used with explicit parameters\n throw new Error('useSecureDataAccess must be used with explicit parameters. Use createSecureDataAccess instead.');\n}; "],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkBA;AAEA;AAEA;AAUA;AAEA;AAQA;AA0BA;AA4CA;;;AC/CO,IAAM,yBAAyB,CACpC,UACA,gBACA,eAAwB,UACH;AAGrB,QAAM,8BAA8B,CAAC,UAAwB;AAC3D,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,MAAM,yDAAyD;AAAA,IAC3E;AAEA,QAAI,CAAC,gBAAgB,CAAC,OAAO;AAC3B,YAAM,IAAI,MAAM,6DAA6D;AAAA,IAC/E;AAAA,EACF;AAGA,QAAM,2BAA2B,CAAC,UAA2B;AAE3D,UAAM,yBAAyB;AAAA,MAC7B;AAAA,MAAU;AAAA,MACV;AAAA,MAAwB;AAAA;AAAA,MAExB;AAAA,MAA0B;AAAA,MAA4B;AAAA;AAAA,MAEtD;AAAA,MAAa;AAAA,MAAiB;AAAA,MAAe;AAAA;AAAA,MAE7C;AAAA,MAAgB;AAAA,MAAkB;AAAA,MAAa;AAAA,MAAoB;AAAA,MACnE;AAAA,MAAgB;AAAA,MAAgB;AAAA,MAAqB;AAAA,MACrD;AAAA,MAAkB;AAAA,MAAwB;AAAA;AAAA,MAE1C;AAAA,MAAW;AAAA,MAAa;AAAA,MAAkB;AAAA,MAC1C;AAAA,MAAiB;AAAA,MAAqB;AAAA,MACtC;AAAA,MAAiB;AAAA,MAAiB;AAAA,MAAc;AAAA,MAAa;AAAA,MAC7D;AAAA,MAAkB;AAAA,MAAiB;AAAA,MAAgB;AAAA,MAAe;AAAA,MAClE;AAAA,MAAe;AAAA,MAAa;AAAA,MAAoB;AAAA,MAAoB;AAAA,IACtE;AAEA,WAAO,uBAAuB,SAAS,KAAK;AAAA,EAC9C;AAGA,QAAM,mBAAmB,CAAC,YAAgC;AACxD,UAAM,EAAE,OAAO,QAAQ,gBAAgB,OAAO,SAAS,SAAS,OAAO,OAAO,IAAI;AAElF,gCAA4B,KAAK;AAEjC,QAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO,MAAM;AAGhB,QAAI,CAAC,gBAAgB,yBAAyB,KAAK,GAAG;AACpD,cAAQ,MAAM,GAAG,mBAAmB,KAAK;AAAA,IAC3C;AAGA,QAAI,SAAS;AACX,aAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,YAAI,UAAU,UAAa,UAAU,MAAM;AAEzC,gBAAM,aAAa,IAAI,SAAS,GAAG,IAAI,IAAI,MAAM,GAAG,EAAE,IAAI,IAAK;AAC/D,kBAAQ,MAAM,GAAG,YAAY,KAAK;AAAA,QACpC;AAAA,MACF,CAAC;AAAA,IACH;AAGA,QAAI,SAAS;AAEX,YAAM,gBAAgB,QAAQ,MAAM,GAAG,EAAE,IAAI;AAC7C,UAAI,eAAe;AACjB,gBAAQ,MAAM,MAAM,aAAa;AAAA,MACnC;AAAA,IACF;AAGA,QAAI,OAAO;AACT,cAAQ,MAAM,MAAM,KAAK;AAAA,IAC3B;AAEA,QAAI,QAAQ;AACV,cAAQ,MAAM,MAAM,QAAQ,UAAU,SAAS,MAAM,CAAC;AAAA,IACxD;AAEA,WAAO;AAAA,EACT;AAGA,QAAM,cAAc,OAAkD,YAA8C;AAClH,UAAM,EAAE,OAAO,QAAQ,gBAAgB,OAAO,QAAQ,IAAI;AAE1D,QAAI;AACF,YAAM,QAAQ,iBAAiB;AAAA,QAC7B;AAAA,QACA;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,MACF,CAAC;AAED,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM;AAE9B,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAGA,UAAI,MAAM,QAAQ,IAAI,GAAG;AACvB,eAAO;AAAA,MACT;AAEA,aAAO,CAAC;AAAA,IACV,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,oBAAoB,OAAkD,YAAmD;AAC7H,UAAM,EAAE,OAAO,QAAQ,gBAAgB,OAAO,QAAQ,IAAI;AAE1D,QAAI;AACF,YAAM,QAAQ,iBAAiB;AAAA,QAC7B;AAAA,QACA;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,MACF,CAAC;AAED,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,MAAM,OAAO;AAE3C,UAAI,OAAO;AACT,YAAI,MAAM,SAAS,YAAY;AAE7B,iBAAO;AAAA,QACT;AACA,cAAM;AAAA,MACR;AAGA,UAAI,QAAQ,OAAO,SAAS,YAAY,EAAE,UAAU,OAAO;AACzD,eAAO;AAAA,MACT;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,eAAe,OACnB,OACA,MACAA,oBACsB;AACtB,gCAA4BA,eAAc;AAE1C,QAAI;AACF,YAAM,aAAa;AAAA,QACjB,GAAG;AAAA,QACH,iBAAiBA;AAAA,MACnB;AAEA,YAAM,EAAE,MAAM,QAAQ,MAAM,IAAI,MAAM,SACnC,KAAK,KAAK,EACV,OAAO,UAAU,EACjB,OAAO,EACP,OAAO;AAEV,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,eAAe,OACnB,OACA,MACA,SACAA,oBACsB;AACtB,gCAA4BA,eAAc;AAE1C,QAAI;AACF,UAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO,IAAI;AAGd,UAAI,CAAC,gBAAgB,yBAAyB,KAAK,GAAG;AACpD,gBAAQ,MAAM,GAAG,mBAAmBA,eAAc;AAAA,MACpD;AAGA,UAAI,SAAS;AACX,eAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,cAAI,UAAU,UAAa,UAAU,MAAM;AACzC,oBAAQ,MAAM,GAAG,KAAK,KAAK;AAAA,UAC7B;AAAA,QACF,CAAC;AAAA,MACH;AAEA,YAAM,EAAE,MAAM,QAAQ,MAAM,IAAI,MAAM,MAAM,OAAO,EAAE,OAAO;AAE5D,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,eAAe,OACnB,OACA,SACAA,oBACqB;AACrB,gCAA4BA,eAAc;AAE1C,QAAI;AACF,UAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO;AAGV,UAAI,CAAC,gBAAgB,yBAAyB,KAAK,GAAG;AACpD,gBAAQ,MAAM,GAAG,mBAAmBA,eAAc;AAAA,MACpD;AAGA,UAAI,SAAS;AACX,eAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,cAAI,UAAU,UAAa,UAAU,MAAM;AACzC,oBAAQ,MAAM,GAAG,KAAK,KAAK;AAAA,UAC7B;AAAA,QACF,CAAC;AAAA,MACH;AAEA,YAAM,EAAE,MAAM,IAAI,MAAM;AAExB,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,sBAAsB,OAC1B,OACA,QACAA,iBACA,YACiB;AACjB,WAAO,YAAe;AAAA,MACpB;AAAA,MACA;AAAA,MACA,gBAAAA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;ADjLA;","names":["organisationId"]}
1
+ {"version":3,"sources":["../src/index.ts","../src/utils/secureDataAccess.ts"],"sourcesContent":["/**\n * @file Complete Component Library Export\n * @package @jmruthers/pace-core\n * @module Core\n * @since 0.1.0\n * \n * This file exports the primary components, hooks, and utilities from the PACE Core library.\n * It is the main entry point for developers using the library.\n * \n * @example\n * // Import common components\n * import { Button, Card, useUnifiedAuth } from '@jmruthers/pace-core';\n * \n * // For specialized components, use the complete library import:\n * import { Dialog, NavigationMenu } from '@jmruthers/pace-core/components';\n */\n\n// AUTHENTICATION & AUTHORIZATION\nexport { UnifiedAuthProvider, useUnifiedAuth } from './providers/UnifiedAuthProvider';\nexport type { UnifiedAuthProviderProps, UnifiedAuthContextType, UserEventAccess } from './providers/UnifiedAuthProvider';\nexport { EventProvider, useEvents } from './providers/EventProvider';\nexport type { EventProviderProps, EventContextType } from './providers/EventProvider';\nexport { OrganisationProvider, useOrganisations } from './providers/OrganisationProvider';\nexport type { \n Organisation, \n OrganisationMembership, \n OrganisationContextType, \n OrganisationProviderProps,\n OrganisationSecurityError \n} from './types/organisation';\n\n// INACTIVITY TRACKING\nexport { InactivityWarningModal } from './components/InactivityWarningModal/InactivityWarningModal';\nexport type { InactivityWarningModalProps } from './components/InactivityWarningModal/InactivityWarningModal';\nexport { useInactivityTracker } from './hooks/useInactivityTracker';\nexport type { UseInactivityTrackerOptions, UseInactivityTrackerReturn } from './hooks/useInactivityTracker';\n\n// RBAC SYSTEM - Use the new RBAC module\n// Note: For RBAC functionality, use @jmruthers/pace-core/rbac instead\n// This provides a complete, type-safe RBAC system with organisation context enforcement\n\n// BASIC UI COMPONENTS\nexport { Button } from './components/Button/Button';\nexport type { ButtonProps } from './components/Button/Button';\n\nexport { \n Card, \n CardHeader, \n CardFooter, \n CardTitle, \n CardDescription, \n CardContent,\n CardActions\n} from './components/Card/Card';\nexport type { CardProps } from './components/Card/Card';\n\nexport { Input } from './components/Input/Input';\nexport type { InputProps } from './components/Input/Input';\nexport { Label } from './components/Label/Label';\nexport type { LabelProps } from './components/Label/Label';\n\nexport { Alert, AlertTitle, AlertDescription } from './components/Alert/Alert';\nexport { Avatar, AvatarImage, AvatarFallback } from './components/Avatar/Avatar';\n\nexport { Checkbox } from './components/Checkbox/Checkbox';\nexport { Progress } from './components/Progress/Progress';\n\n// ADVANCED UI COMPONENTS\nexport {\n Dialog,\n DialogPortal,\n DialogOverlay,\n DialogTrigger,\n DialogClose,\n DialogContent,\n DialogHeader,\n DialogBody,\n DialogFooter,\n DialogTitle,\n DialogDescription,\n} from './components/Dialog/Dialog';\n\n// Dropdown Menu exports\n// DropdownMenu components have been merged into Select components\n\n// Select exports\nexport {\n Select,\n SelectGroup,\n SelectValue,\n SelectTrigger,\n SelectContent,\n SelectLabel,\n SelectItem,\n SelectSeparator,\n} from './components/Select';\n\n// Modal functionality is provided by Dialog components\n\nexport {\n Toast,\n Toaster,\n ToastAction,\n ToastProvider,\n ToastViewport,\n ToastTitle,\n ToastDescription,\n ToastClose,\n useToast,\n} from './components/Toast/Toast';\nexport type { ToastActionElement, ToastProps } from './components/Toast/Toast';\n\nexport { Tooltip, TooltipTrigger, TooltipContent, TooltipProvider, TooltipRoot } from './components/Tooltip/Tooltip';\n\n// DATA DISPLAY COMPONENTS\nexport {\n DataTable,\n type DataTableProps,\n type DataTableColumn,\n type DataTableAction,\n type DataTableToolbarButton,\n type AggregateConfig,\n type EmptyStateConfig,\n type GetRowId\n} from './components/DataTable';\n\n// Re-export types from DataTable types\nexport type { DataRecord } from './components/DataTable/types';\n\n// FORM COMPONENTS\nexport { Form } from './components/Form/Form';\nexport { LoginForm } from './components/LoginForm/LoginForm';\nexport type { LoginFormProps } from './components/LoginForm/LoginForm';\n\n// LAYOUT COMPONENTS\nexport { Header } from './components/Header/Header';\nexport { Footer } from './components/Footer/Footer';\nexport type { FooterProps } from './components/Footer/Footer';\n\n// NAVIGATION COMPONENTS\nexport { NavigationMenu } from './components/NavigationMenu/NavigationMenu';\nexport type { NavigationMenuProps, NavigationItem } from './components/NavigationMenu/types';\nexport { UserMenu } from './components/UserMenu/UserMenu';\nexport type { UserMenuProps } from './components/UserMenu/UserMenu';\n\n// Reusable Page/Layout Components\nexport { PaceAppLayout } from './components/PaceAppLayout/PaceAppLayout';\nexport type { PaceAppLayoutProps } from './components/PaceAppLayout/PaceAppLayout';\nexport { PaceLoginPage } from './components/PaceLoginPage/PaceLoginPage';\nexport type { PaceLoginPageProps } from './components/PaceLoginPage/PaceLoginPage';\n\n// UTILITY COMPONENTS\nexport { ErrorBoundary } from './components/ErrorBoundary/ErrorBoundary';\nexport { LoadingSpinner } from './components/LoadingSpinner/LoadingSpinner';\n\n// EVENT MANAGEMENT\nexport { EventSelector } from './components/EventSelector/EventSelector';\n\n// ORGANISATION MANAGEMENT\nexport { OrganisationSelector } from './components/OrganisationSelector/OrganisationSelector';\nexport { useOrganisationPermissions } from './hooks/useOrganisationPermissions';\nexport { useOrganisationSecurity } from './hooks/useOrganisationSecurity';\nexport { createSecureDataAccess } from './utils/secureDataAccess';\n\n// TYPES\nexport type { UserProfile } from './types/organisation';\n\n// AUTHENTICATION FORMS\nexport { PasswordResetForm } from './components/PasswordReset/PasswordResetForm';\nexport { PasswordChangeForm } from './components/PasswordReset/PasswordChangeForm';\n\n// UTILS & HOOKS\nexport { useAppConfig } from './hooks/useAppConfig';\nexport { cn } from './utils/cn';\nexport { setAppConfig, getAppConfig, getCurrentAppName, getCurrentAppId } from './utils/appConfig';\n\n// STORAGE UTILITIES\nexport { FileUpload } from './components/FileUpload/FileUpload';\nexport type { FileUploadProps } from './components/FileUpload/FileUpload';\nexport { useStorage, useFileUpload } from './hooks/useStorage';\nexport * from './utils/storage';\n\n// Table components\nexport {\n Table,\n TableHeader,\n TableBody,\n TableCaption,\n TableCell,\n TableFooter,\n TableHead,\n TableRow,\n} from './components/Table/Table';\n\n// STYLES\nexport * from './styles';\n\n// PUBLIC PAGES\nexport * from './hooks/public';\nexport * from './components/PublicLayout';\n","/**\n * @file Secure Data Access Utility\n * @package @jmruthers/pace-core\n * @module Utils/SecureDataAccess\n * @since 0.4.0\n *\n * Secure data access utilities that enforce organisation context for all database operations.\n * Prevents data leakage between organisations and ensures proper access validation.\n */\n\nimport type { SupabaseClient } from '@supabase/supabase-js';\nimport type { SecureQueryOptions } from '../types/organisation';\n\n// Generic database record type\nexport interface DatabaseRecord {\n id: string;\n organisation_id: string;\n [key: string]: unknown;\n}\n\n// Generic data for insert/update operations\nexport interface DatabaseData {\n [key: string]: unknown;\n}\n\n// Generic filters for queries\nexport interface DatabaseFilters {\n [key: string]: unknown;\n}\n\nexport interface SecureDataAccess {\n // Secure query methods\n secureQuery: <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions) => Promise<T[]>;\n secureSingleQuery: <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions) => Promise<T | null>;\n \n // Secure mutation methods\n secureInsert: <T extends DatabaseRecord = DatabaseRecord>(table: string, data: DatabaseData, organisationId: string) => Promise<T | null>;\n secureUpdate: <T extends DatabaseRecord = DatabaseRecord>(table: string, data: DatabaseData, filters: DatabaseFilters, organisationId: string) => Promise<T | null>;\n secureDelete: (table: string, filters: DatabaseFilters, organisationId: string) => Promise<boolean>;\n \n // Organisation-scoped queries\n queryByOrganisation: <T extends DatabaseRecord = DatabaseRecord>(table: string, select: string, organisationId: string, filters?: DatabaseFilters) => Promise<T[]>;\n \n // Validation helpers\n validateOrganisationContext: (organisationId: string) => void;\n ensureOrganisationColumn: (table: string) => boolean;\n}\n\nexport interface SecureQueryBuilder {\n table: string;\n select: string;\n organisationId: string;\n filters?: DatabaseFilters;\n orderBy?: string;\n limit?: number;\n offset?: number;\n}\n\n/**\n * Create a secure data access instance\n * @param supabase - Supabase client instance\n * @param organisationId - Current organisation context\n * @param isSuperAdmin - Whether user has super admin privileges\n * @returns Secure data access utilities\n */\nexport const createSecureDataAccess = (\n supabase: SupabaseClient,\n organisationId: string,\n isSuperAdmin: boolean = false\n): SecureDataAccess => {\n \n // Validate organisation context\n const validateOrganisationContext = (orgId: string): void => {\n if (!orgId) {\n throw new Error('Organisation context is required for secure data access');\n }\n \n if (!isSuperAdmin && !orgId) {\n throw new Error('Organisation context is mandatory for non-super admin users');\n }\n };\n\n // Check if table has organisation_id column\n const ensureOrganisationColumn = (table: string): boolean => {\n // This is a simplified check - in production you might want to cache this\n const tablesWithOrganisation = [\n 'event', 'organisation_settings',\n 'rbac_event_app_roles', 'rbac_organisation_roles',\n // SECURITY: Phase 2 additions - complete organisation table mapping\n 'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',\n // SECURITY: Emergency additions for Phase 1 fixes\n 'cake_meal', 'cake_mealtype', 'pace_person', 'pace_member',\n // SECURITY: Phase 3A additions - medical and personal data\n 'medi_profile', 'medi_condition', 'medi_diet', 'medi_action_plan', 'medi_profile_versions',\n 'pace_consent', 'pace_contact', 'pace_id_documents', 'pace_qualifications',\n 'form_responses', 'form_response_values', 'forms',\n // SECURITY: Phase 3B additions - remaining critical tables\n 'invoice', 'line_item', 'credit_balance', 'payment_method',\n 'form_contexts', 'form_field_config', 'form_fields',\n 'cake_delivery', 'cake_diettype', 'cake_diner', 'cake_dish', 'cake_item', \n 'cake_logistics', 'cake_mealplan', 'cake_package', 'cake_recipe', 'cake_supplier', \n 'cake_supply', 'cake_unit', 'event_app_access', 'base_application', 'base_questions'\n ];\n \n return tablesWithOrganisation.includes(table);\n };\n\n // Build secure query with organisation context\n const buildSecureQuery = (options: SecureQueryBuilder) => {\n const { table, select, organisationId: orgId, filters, orderBy, limit, offset } = options;\n \n validateOrganisationContext(orgId);\n \n let query = supabase\n .from(table)\n .select(select);\n \n // Add organisation filter (unless super admin)\n if (!isSuperAdmin && ensureOrganisationColumn(table)) {\n query = query.eq('organisation_id', orgId);\n }\n \n // Add additional filters\n if (filters) {\n Object.entries(filters).forEach(([key, value]) => {\n if (value !== undefined && value !== null) {\n // Handle qualified column names (e.g., 'users.role')\n const columnName = key.includes('.') ? key.split('.').pop()! : key;\n query = query.eq(columnName, value);\n }\n });\n }\n \n // Add ordering\n if (orderBy) {\n // Only use the column name, not a qualified name\n const orderByColumn = orderBy.split('.').pop();\n if (orderByColumn) {\n query = query.order(orderByColumn);\n }\n }\n \n // Add pagination\n if (limit) {\n query = query.limit(limit);\n }\n \n if (offset) {\n query = query.range(offset, offset + (limit || 10) - 1);\n }\n \n return query;\n };\n\n // Secure query for multiple results\n const secureQuery = async <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions): Promise<T[]> => {\n const { table, select, organisationId: orgId, filters } = options;\n \n try {\n const query = buildSecureQuery({\n table,\n select,\n organisationId: orgId,\n filters\n });\n \n const { data, error } = await query;\n \n if (error) {\n throw error;\n }\n \n // Ensure data is an array and not an error type\n if (Array.isArray(data)) {\n return data as unknown as T[];\n }\n \n return [];\n } catch (error) {\n throw error;\n }\n };\n\n // Secure query for single result\n const secureSingleQuery = async <T extends DatabaseRecord = DatabaseRecord>(options: SecureQueryOptions): Promise<T | null> => {\n const { table, select, organisationId: orgId, filters } = options;\n \n try {\n const query = buildSecureQuery({\n table,\n select,\n organisationId: orgId,\n filters\n });\n \n const { data, error } = await query.single();\n \n if (error) {\n if (error.code === 'PGRST116') {\n // No rows returned\n return null;\n }\n throw error;\n }\n \n // Ensure data is not an error type\n if (data && typeof data === 'object' && !('code' in data)) {\n return data as unknown as T;\n }\n \n return null;\n } catch (error) {\n throw error;\n }\n };\n\n // Secure insert with organisation context\n const secureInsert = async <T extends DatabaseRecord = DatabaseRecord>(\n table: string, \n data: DatabaseData, \n organisationId: string\n ): Promise<T | null> => {\n validateOrganisationContext(organisationId);\n \n try {\n const insertData = {\n ...data,\n organisation_id: organisationId\n };\n \n const { data: result, error } = await supabase\n .from(table)\n .insert(insertData)\n .select()\n .single();\n \n if (error) {\n throw error;\n }\n \n return result;\n } catch (error) {\n throw error;\n }\n };\n\n // Secure update with organisation context\n const secureUpdate = async <T extends DatabaseRecord = DatabaseRecord>(\n table: string, \n data: DatabaseData, \n filters: DatabaseFilters, \n organisationId: string\n ): Promise<T | null> => {\n validateOrganisationContext(organisationId);\n \n try {\n let query = supabase\n .from(table)\n .update(data);\n \n // Add organisation filter (unless super admin)\n if (!isSuperAdmin && ensureOrganisationColumn(table)) {\n query = query.eq('organisation_id', organisationId);\n }\n \n // Add additional filters\n if (filters) {\n Object.entries(filters).forEach(([key, value]) => {\n if (value !== undefined && value !== null) {\n query = query.eq(key, value);\n }\n });\n }\n \n const { data: result, error } = await query.select().single();\n \n if (error) {\n throw error;\n }\n \n return result;\n } catch (error) {\n throw error;\n }\n };\n\n // Secure delete with organisation context\n const secureDelete = async (\n table: string, \n filters: DatabaseFilters, \n organisationId: string\n ): Promise<boolean> => {\n validateOrganisationContext(organisationId);\n \n try {\n let query = supabase\n .from(table)\n .delete();\n \n // Add organisation filter (unless super admin)\n if (!isSuperAdmin && ensureOrganisationColumn(table)) {\n query = query.eq('organisation_id', organisationId);\n }\n \n // Add additional filters\n if (filters) {\n Object.entries(filters).forEach(([key, value]) => {\n if (value !== undefined && value !== null) {\n query = query.eq(key, value);\n }\n });\n }\n \n const { error } = await query;\n \n if (error) {\n throw error;\n }\n \n return true;\n } catch (error) {\n throw error;\n }\n };\n\n // Organisation-scoped query helper\n const queryByOrganisation = async <T extends DatabaseRecord = DatabaseRecord>(\n table: string, \n select: string, \n organisationId: string, \n filters?: DatabaseFilters\n ): Promise<T[]> => {\n return secureQuery<T>({\n table,\n select,\n organisationId,\n filters\n });\n };\n\n return {\n secureQuery,\n secureSingleQuery,\n secureInsert,\n secureUpdate,\n secureDelete,\n queryByOrganisation,\n validateOrganisationContext,\n ensureOrganisationColumn\n };\n};\n\n/**\n * Hook for secure data access\n * @returns Secure data access utilities\n */\nexport const useSecureDataAccess = (): SecureDataAccess => {\n // This would typically get the context from providers\n // For now, we'll create a placeholder that can be used with explicit parameters\n throw new Error('useSecureDataAccess must be used with explicit parameters. Use createSecureDataAccess instead.');\n}; "],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkBA;AAEA;AAEA;AAUA;AAEA;AAQA;AA0BA;AA4CA;;;AC/CO,IAAM,yBAAyB,CACpC,UACA,gBACA,eAAwB,UACH;AAGrB,QAAM,8BAA8B,CAAC,UAAwB;AAC3D,QAAI,CAAC,OAAO;AACV,YAAM,IAAI,MAAM,yDAAyD;AAAA,IAC3E;AAEA,QAAI,CAAC,gBAAgB,CAAC,OAAO;AAC3B,YAAM,IAAI,MAAM,6DAA6D;AAAA,IAC/E;AAAA,EACF;AAGA,QAAM,2BAA2B,CAAC,UAA2B;AAE3D,UAAM,yBAAyB;AAAA,MAC7B;AAAA,MAAU;AAAA,MACV;AAAA,MAAwB;AAAA;AAAA,MAExB;AAAA,MAA0B;AAAA,MAA4B;AAAA;AAAA,MAEtD;AAAA,MAAa;AAAA,MAAiB;AAAA,MAAe;AAAA;AAAA,MAE7C;AAAA,MAAgB;AAAA,MAAkB;AAAA,MAAa;AAAA,MAAoB;AAAA,MACnE;AAAA,MAAgB;AAAA,MAAgB;AAAA,MAAqB;AAAA,MACrD;AAAA,MAAkB;AAAA,MAAwB;AAAA;AAAA,MAE1C;AAAA,MAAW;AAAA,MAAa;AAAA,MAAkB;AAAA,MAC1C;AAAA,MAAiB;AAAA,MAAqB;AAAA,MACtC;AAAA,MAAiB;AAAA,MAAiB;AAAA,MAAc;AAAA,MAAa;AAAA,MAC7D;AAAA,MAAkB;AAAA,MAAiB;AAAA,MAAgB;AAAA,MAAe;AAAA,MAClE;AAAA,MAAe;AAAA,MAAa;AAAA,MAAoB;AAAA,MAAoB;AAAA,IACtE;AAEA,WAAO,uBAAuB,SAAS,KAAK;AAAA,EAC9C;AAGA,QAAM,mBAAmB,CAAC,YAAgC;AACxD,UAAM,EAAE,OAAO,QAAQ,gBAAgB,OAAO,SAAS,SAAS,OAAO,OAAO,IAAI;AAElF,gCAA4B,KAAK;AAEjC,QAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO,MAAM;AAGhB,QAAI,CAAC,gBAAgB,yBAAyB,KAAK,GAAG;AACpD,cAAQ,MAAM,GAAG,mBAAmB,KAAK;AAAA,IAC3C;AAGA,QAAI,SAAS;AACX,aAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,YAAI,UAAU,UAAa,UAAU,MAAM;AAEzC,gBAAM,aAAa,IAAI,SAAS,GAAG,IAAI,IAAI,MAAM,GAAG,EAAE,IAAI,IAAK;AAC/D,kBAAQ,MAAM,GAAG,YAAY,KAAK;AAAA,QACpC;AAAA,MACF,CAAC;AAAA,IACH;AAGA,QAAI,SAAS;AAEX,YAAM,gBAAgB,QAAQ,MAAM,GAAG,EAAE,IAAI;AAC7C,UAAI,eAAe;AACjB,gBAAQ,MAAM,MAAM,aAAa;AAAA,MACnC;AAAA,IACF;AAGA,QAAI,OAAO;AACT,cAAQ,MAAM,MAAM,KAAK;AAAA,IAC3B;AAEA,QAAI,QAAQ;AACV,cAAQ,MAAM,MAAM,QAAQ,UAAU,SAAS,MAAM,CAAC;AAAA,IACxD;AAEA,WAAO;AAAA,EACT;AAGA,QAAM,cAAc,OAAkD,YAA8C;AAClH,UAAM,EAAE,OAAO,QAAQ,gBAAgB,OAAO,QAAQ,IAAI;AAE1D,QAAI;AACF,YAAM,QAAQ,iBAAiB;AAAA,QAC7B;AAAA,QACA;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,MACF,CAAC;AAED,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM;AAE9B,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAGA,UAAI,MAAM,QAAQ,IAAI,GAAG;AACvB,eAAO;AAAA,MACT;AAEA,aAAO,CAAC;AAAA,IACV,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,oBAAoB,OAAkD,YAAmD;AAC7H,UAAM,EAAE,OAAO,QAAQ,gBAAgB,OAAO,QAAQ,IAAI;AAE1D,QAAI;AACF,YAAM,QAAQ,iBAAiB;AAAA,QAC7B;AAAA,QACA;AAAA,QACA,gBAAgB;AAAA,QAChB;AAAA,MACF,CAAC;AAED,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,MAAM,OAAO;AAE3C,UAAI,OAAO;AACT,YAAI,MAAM,SAAS,YAAY;AAE7B,iBAAO;AAAA,QACT;AACA,cAAM;AAAA,MACR;AAGA,UAAI,QAAQ,OAAO,SAAS,YAAY,EAAE,UAAU,OAAO;AACzD,eAAO;AAAA,MACT;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,eAAe,OACnB,OACA,MACAA,oBACsB;AACtB,gCAA4BA,eAAc;AAE1C,QAAI;AACF,YAAM,aAAa;AAAA,QACjB,GAAG;AAAA,QACH,iBAAiBA;AAAA,MACnB;AAEA,YAAM,EAAE,MAAM,QAAQ,MAAM,IAAI,MAAM,SACnC,KAAK,KAAK,EACV,OAAO,UAAU,EACjB,OAAO,EACP,OAAO;AAEV,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,eAAe,OACnB,OACA,MACA,SACAA,oBACsB;AACtB,gCAA4BA,eAAc;AAE1C,QAAI;AACF,UAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO,IAAI;AAGd,UAAI,CAAC,gBAAgB,yBAAyB,KAAK,GAAG;AACpD,gBAAQ,MAAM,GAAG,mBAAmBA,eAAc;AAAA,MACpD;AAGA,UAAI,SAAS;AACX,eAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,cAAI,UAAU,UAAa,UAAU,MAAM;AACzC,oBAAQ,MAAM,GAAG,KAAK,KAAK;AAAA,UAC7B;AAAA,QACF,CAAC;AAAA,MACH;AAEA,YAAM,EAAE,MAAM,QAAQ,MAAM,IAAI,MAAM,MAAM,OAAO,EAAE,OAAO;AAE5D,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,eAAe,OACnB,OACA,SACAA,oBACqB;AACrB,gCAA4BA,eAAc;AAE1C,QAAI;AACF,UAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO;AAGV,UAAI,CAAC,gBAAgB,yBAAyB,KAAK,GAAG;AACpD,gBAAQ,MAAM,GAAG,mBAAmBA,eAAc;AAAA,MACpD;AAGA,UAAI,SAAS;AACX,eAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,cAAI,UAAU,UAAa,UAAU,MAAM;AACzC,oBAAQ,MAAM,GAAG,KAAK,KAAK;AAAA,UAC7B;AAAA,QACF,CAAC;AAAA,MACH;AAEA,YAAM,EAAE,MAAM,IAAI,MAAM;AAExB,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAEA,aAAO;AAAA,IACT,SAAS,OAAO;AACd,YAAM;AAAA,IACR;AAAA,EACF;AAGA,QAAM,sBAAsB,OAC1B,OACA,QACAA,iBACA,YACiB;AACjB,WAAO,YAAe;AAAA,MACpB;AAAA,MACA;AAAA,MACA,gBAAAA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;ADjLA;","names":["organisationId"]}
package/dist/rbac/index.d.ts CHANGED
@@ -55,6 +55,8 @@ interface PermissionCacheKey {
55
55
  organisationId?: UUID;
56
56
  eventId?: string;
57
57
  appId?: UUID;
58
+ permission?: Permission;
59
+ pageId?: UUID | string;
58
60
  }
59
61
  interface UsePermissionsReturn {
60
62
  permissions: PermissionMap;
package/dist/rbac/index.js CHANGED
@@ -1,7 +1,5 @@
1
1
  import {
2
- CACHE_PATTERNS,
3
2
  OrganisationContextRequiredError,
4
- RBACCache,
5
3
  RBACEngine,
6
4
  createRBACConfig,
7
5
  createRBACEngine,
@@ -16,9 +14,13 @@ import {
16
14
  isDevelopmentMode,
17
15
  isPermitted,
18
16
  isPermittedCached,
19
- rbacCache,
20
17
  setupRBAC
21
- } from "../chunk-6ZQVSHKL.js";
18
+ } from "../chunk-ANE4PDC2.js";
19
+ import {
20
+ CACHE_PATTERNS,
21
+ RBACCache,
22
+ rbacCache
23
+ } from "../chunk-MRRFJ6SA.js";
22
24
  import {
23
25
  RBACAuditManager,
24
26
  createAuditManager,
@@ -210,6 +212,11 @@ function useCan(userId, scope, permission, pageId, useCache = true) {
210
212
  const check = useCallback(async () => {
211
213
  console.log("[useCan] check() called with:", { userId, scope, permission, pageId });
212
214
  console.log("[useCan] Hook parameters:", { userId, scope, permission, pageId, useCache });
215
+ if (typeof window !== "undefined") {
216
+ console.log("[useCan] Clearing cache for debugging...");
217
+ const { rbacCache: rbacCache2 } = await import("../cache-I72HKDOA.js");
218
+ rbacCache2.clear();
219
+ }
213
220
  if (!userId) {
214
221
  console.log("[useCan] No userId, denying access");
215
222
  setCan(false);
@@ -577,7 +584,7 @@ function withPermissionGuard(config, handler) {
577
584
  if (!userId || !organisationId) {
578
585
  throw new Error("User context required for permission check");
579
586
  }
580
- const { isPermitted: isPermitted2 } = await import("../api-GZHIDA4X.js");
587
+ const { isPermitted: isPermitted2 } = await import("../api-T6CBS7IO.js");
581
588
  const hasPermission2 = await isPermitted2({
582
589
  userId,
583
590
  scope: { organisationId, eventId, appId },
@@ -600,7 +607,7 @@ function withAccessLevelGuard(minLevel, handler) {
600
607
  if (!userId || !organisationId) {
601
608
  throw new Error("User context required for access level check");
602
609
  }
603
- const { getAccessLevel: getAccessLevel2 } = await import("../api-GZHIDA4X.js");
610
+ const { getAccessLevel: getAccessLevel2 } = await import("../api-T6CBS7IO.js");
604
611
  const accessLevel = await getAccessLevel2({
605
612
  userId,
606
613
  scope: { organisationId, eventId, appId }
@@ -625,7 +632,7 @@ function withRoleGuard(config, handler) {
625
632
  throw new Error("User context required for role check");
626
633
  }
627
634
  if (config.globalRoles && config.globalRoles.length > 0) {
628
- const { isSuperAdmin } = await import("../api-GZHIDA4X.js");
635
+ const { isSuperAdmin } = await import("../api-T6CBS7IO.js");
629
636
  const isSuper = await isSuperAdmin(userId);
630
637
  if (isSuper) {
631
638
  if (organisationId) {
@@ -651,14 +658,14 @@ function withRoleGuard(config, handler) {
651
658
  }
652
659
  }
653
660
  if (config.organisationRoles && config.organisationRoles.length > 0) {
654
- const { isOrganisationAdmin } = await import("../api-GZHIDA4X.js");
661
+ const { isOrganisationAdmin } = await import("../api-T6CBS7IO.js");
655
662
  const isOrgAdmin = await isOrganisationAdmin(userId, organisationId);
656
663
  if (!isOrgAdmin && config.requireAll !== false) {
657
664
  throw new Error(`Organisation admin role required`);
658
665
  }
659
666
  }
660
667
  if (config.eventAppRoles && config.eventAppRoles.length > 0 && eventId && appId) {
661
- const { isEventAdmin } = await import("../api-GZHIDA4X.js");
668
+ const { isEventAdmin } = await import("../api-T6CBS7IO.js");
662
669
  const isEventAdminUser = await isEventAdmin(userId, { organisationId, eventId, appId });
663
670
  if (!isEventAdminUser && config.requireAll !== false) {
664
671
  throw new Error(`Event admin role required`);
@@ -698,7 +705,7 @@ function createRBACMiddleware(config) {
698
705
  );
699
706
  if (protectedRoute) {
700
707
  try {
701
- const { isPermitted: isPermitted2 } = await import("../api-GZHIDA4X.js");
708
+ const { isPermitted: isPermitted2 } = await import("../api-T6CBS7IO.js");
702
709
  const hasPermission2 = await isPermitted2({
703
710
  userId,
704
711
  scope: { organisationId },
@@ -725,7 +732,7 @@ function createRBACExpressMiddleware(config) {
725
732
  return res.status(401).json({ error: "User context required" });
726
733
  }
727
734
  try {
728
- const { isPermitted: isPermitted2 } = await import("../api-GZHIDA4X.js");
735
+ const { isPermitted: isPermitted2 } = await import("../api-T6CBS7IO.js");
729
736
  const hasPermission2 = await isPermitted2({
730
737
  userId,
731
738
  scope: { organisationId, eventId, appId },