@jmruthers/pace-core 0.2.6 → 0.4.1

package/dist/chunk-ZJ3UKPIW.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/providers/UnifiedAuthProvider.tsx","../src/providers/OrganisationProvider.tsx"],"sourcesContent":["/**\n * @file Unified Authentication Provider\n * @package @jmruthers/pace-core\n * @module Providers/UnifiedAuth\n * @since 0.1.0\n *\n * A comprehensive authentication and RBAC provider that combines user authentication,\n * role-based access control, and permission management in a single unified context.\n *\n * Features:\n * - Supabase authentication integration\n * - Role-based access control (RBAC)\n * - Permission management with database integration\n * - Access level hierarchy (VIEWER, PARTICIPANT, EDITOR, PLANNER, ADMIN, SUPER)\n * - Event-specific permissions\n * - Cross-device state persistence\n * - Loading state management\n * - Error handling and recovery\n * - Session management\n * - Admin role detection via user metadata\n * - Permission validation and caching\n * - Event selection and context switching\n *\n * @example\n * ```tsx\n * // Basic setup with Supabase\n * import { createClient } from '@supabase/supabase-js';\n * import { UnifiedAuthProvider } from '@jmruthers/pace-core';\n * \n * const supabase = createClient(url, key);\n * \n * function App() {\n *   return (\n *     <UnifiedAuthProvider supabaseClient={supabase} appName=\"My App\">\n *       <Router>\n *         <Routes>\n *           <Route path=\"/login\" element={<LoginPage />} />\n *           <Route path=\"/\" element={<Dashboard />} />\n *         </Routes>\n *       </Router>\n *     </UnifiedAuthProvider>\n *   );\n * }\n * \n * // Using authentication in components\n * function Dashboard() {\n *   const { user, isAuthenticated, signOut } = useUnifiedAuth();\n *   \n *   if (!isAuthenticated) {\n *     return <Navigate to=\"/login\" />;\n *   }\n *   \n *   return (\n *     <div>\n *       <h1>Welcome, {user?.email}</h1>\n *       <button onClick={signOut}>Sign Out</button>\n *     </div>\n *   );\n * }\n * \n * // Using RBAC permissions\n * function EventManager() {\n *   const { \n *     hasPermission, \n *     hasRole, \n *     hasAccessLevel, \n *     setSelectedEventId \n *   } = useUnifiedAuth();\n *   \n *   // Set event context for permissions\n *   useEffect(() => {\n *     setSelectedEventId('event-123');\n *   }, []);\n *   \n *   return (\n *     <div>\n *       {hasPermission('events:read') && (\n *         <EventList />\n *       )}\n *       {hasPermission('events:write') && (\n *         <CreateEventButton />\n *       )}\n *       {hasRole('admin') && (\n *         <AdminPanel />\n *       )}\n *       {hasAccessLevel(AccessLevel.PLANNER) && (\n *         <EventPlanningTools />\n *       )}\n *     </div>\n *   );\n * }\n * \n * // Advanced permission validation\n * function SecureComponent() {\n *   const { validatePermission, canAccess } = useUnifiedAuth();\n *   \n *   const handleSensitiveAction = async () => {\n *     const canPerform = await validatePermission('admin:system');\n *     if (canPerform) {\n *       // Perform action\n *     }\n *   };\n *   \n *   const canEditUsers = canAccess('users', 'write');\n *   \n *   return (\n *     <div>\n *       {canEditUsers && <UserEditor />}\n *       <button onClick={handleSensitiveAction}>\n *         Sensitive Action\n *       </button>\n *     </div>\n *   );\n * }\n * ```\n *\n * @accessibility\n * - No direct accessibility concerns (context provider)\n * - Enables accessible permission-based UI rendering\n * - Supports screen reader friendly conditional content\n * - Maintains focus management during auth state changes\n *\n * @security\n * - Secure authentication via Supabase\n * - Permission-based access control\n * - Event-specific permission isolation\n * - Admin role validation via user metadata\n * - Session management and validation\n * - Error handling without exposure of sensitive data\n * - Database-backed permission validation\n *\n * @performance\n * - Optimized with useMemo and useCallback\n * - Permission caching and batching\n * - Minimal re-renders with stable references\n * - Lazy loading of permissions\n * - Event-based permission updates\n *\n * @dependencies\n * - React 18+ - Context, hooks, and effects\n * - @supabase/supabase-js - Authentication backend\n * - AccessLevel enum - Permission levels\n * - Event types - Event context\n * - Local storage - State persistence\n */\n\nimport React, { createContext, useContext, useState, useEffect, useMemo, useCallback } from 'react';\nimport { type SupabaseClient, type User, type Session, AuthError } from '@supabase/supabase-js';\nimport { AccessLevel } from '../types/unified';\n\n\n// App configuration type\ninterface AppConfig {\n  supports_direct_access: boolean;\n  requires_event: boolean;\n}\n\n// User event access type - now includes organisation context for security\nexport interface UserEventAccess {\n  event_id: string;\n  event_name: string;\n  event_description?: string | null;\n  start_date: string;\n  end_date: string;\n  event_status: string;\n  app_name: string;\n  access_level: string;\n  granted_at: string;\n  organisation_id: string; // MANDATORY for security\n}\n\n// Combined context type - now organisation-aware and secure\nexport interface UnifiedAuthContextType {\n  // Auth state\n  user: User | null;\n  session: Session | null;\n  isAuthenticated: boolean;\n  authLoading: boolean;\n  authError: AuthError | null;\n  supabase: SupabaseClient | null;\n  appName: string;\n  \n  // Auth methods\n  signIn: (email: string, password?: string) => Promise<{ error: AuthError | null }>;\n  signUp: (email: string, password: string) => Promise<{ error: AuthError | null }>;\n  signOut: () => Promise<{ error: AuthError | null }>;\n  resetPassword: (email: string) => Promise<{ error: AuthError | null }>;\n  updatePassword: (password: string) => Promise<{ error: AuthError | null }>;\n  refreshSession: () => Promise<{ error: AuthError | null }>;\n  \n  // RBAC state - now organisation-scoped\n  permissions: Record<string, boolean>;\n  roles: string[];\n  accessLevel: AccessLevel;\n  rbacLoading: boolean;\n  rbacError: Error | null;\n  selectedEventId: string | null;\n  appConfig: AppConfig | null;\n  userEventAccess: UserEventAccess[];\n  eventAccessLoading: boolean;\n  \n  // Organisation context integration\n  selectedOrganisationId: string | null;\n  requireOrganisationContext: () => string; // Throws if no organisation context\n  \n  // RBAC methods - now organisation-aware\n  hasPermission: (permission: string, orgId?: string) => boolean;\n  hasAnyPermission: (permissions: string[], orgId?: string) => boolean;\n  hasAllPermissions: (permissions: string[], orgId?: string) => boolean;\n  hasRole: (role: string) => boolean;\n  hasAccessLevel: (level: AccessLevel) => boolean;\n  canAccess: (resource: string, action: string, orgId?: string) => boolean;\n  validatePermission: (permission: string, orgId?: string) => Promise<boolean>;\n  validateAccess: (resource: string, action: string, orgId?: string) => Promise<boolean>;\n  refreshPermissions: (eventId?: string, orgId?: string) => Promise<void>;\n  setSelectedEventId: (eventId: string | null) => void;\n  loadUserEventAccess: (orgId?: string) => Promise<void>;\n  getUserEventAccess: (eventId: string) => UserEventAccess | undefined;\n  \n  // New RBAC system support\n  rbacEnabled: boolean;\n  rbacContext?: any; // Will be populated by useRBAC hook when enabled\n  \n  // Combined states\n  isLoading: boolean;\n  hasErrors: boolean;\n}\n\nconst UnifiedAuthContext = createContext<UnifiedAuthContextType | undefined>(undefined);\n\nexport const useUnifiedAuth = () => {\n  const context = useContext(UnifiedAuthContext);\n  if (!context) {\n    throw new Error('useUnifiedAuth must be used within a UnifiedAuthProvider');\n  }\n  return context;\n};\n\nexport interface UnifiedAuthProviderProps {\n  children: React.ReactNode;\n  supabaseClient?: SupabaseClient;\n  appName: string;\n  persistState?: boolean;\n  enablePersistence?: boolean;\n  requireOrganisationContext?: boolean; // Default: true for security\n  enableRBAC?: boolean; // New prop for RBAC support\n}\n\n// Storage keys for persistence\nconst STORAGE_KEYS = {\n  SELECTED_EVENT: 'pace-core-selected-event',\n} as const;\n\n// Helper function to transform RBAC permissions to the format expected by UnifiedAuthProvider\nconst transformRBACPermissions = (rbacData: any[], _appName: string) => {\n  const permissions: Record<string, boolean> = {};\n  let roles: string[] = [];\n  let access_level: AccessLevel = AccessLevel.VIEWER;\n\n  if (!rbacData || !Array.isArray(rbacData)) {\n    return { permissions: {}, roles: ['viewer'], access_level: AccessLevel.VIEWER };\n  }\n\n  // Check for super admin first\n  const superAdminPerm = rbacData.find((p: any) => p.permission_type === 'all_permissions');\n  if (superAdminPerm) {\n    return { \n      permissions: { 'all:all': true } as Record<string, boolean>, \n      roles: ['super'], \n      access_level: AccessLevel.SUPER \n    };\n  }\n\n  // Process event-app permissions\n  const eventAppPerms = rbacData.filter((p: any) => p.permission_type === 'event_app_access');\n  if (eventAppPerms.length > 0) {\n    const role = eventAppPerms[0].role_name;\n    \n    // Map RBAC roles to AccessLevel\n    switch (role) {\n      case 'event_admin':\n        access_level = AccessLevel.ADMIN;\n        roles = ['admin'];\n        break;\n      case 'planner':\n        access_level = AccessLevel.PLANNER;\n        roles = ['planner'];\n        break;\n      case 'participant':\n        access_level = AccessLevel.PARTICIPANT;\n        roles = ['participant'];\n        break;\n      case 'editor':\n        access_level = AccessLevel.EDITOR;\n        roles = ['editor'];\n        break;\n      case 'viewer':\n      default:\n        access_level = AccessLevel.VIEWER;\n        roles = ['viewer'];\n        break;\n    }\n\n    // For now, we'll set basic permissions based on role\n    // In a full implementation, you'd want to fetch page-specific permissions\n    const basePermissions = ['read'];\n    if (['event_admin', 'planner'].includes(role)) {\n      basePermissions.push('create', 'update');\n    }\n    if (role === 'event_admin') {\n      basePermissions.push('delete');\n    }\n\n    // Set permissions for all pages (simplified approach)\n    // In a real implementation, you'd want to get actual page permissions\n    basePermissions.forEach(operation => {\n      permissions[`default:${operation}`] = true;\n    });\n  }\n\n  // Process organisation permissions\n  const orgPerms = rbacData.filter((p: any) => p.permission_type === 'organisation_access');\n  if (orgPerms.length > 0) {\n    const role = orgPerms[0].role_name;\n    if (role === 'org_admin') {\n      access_level = AccessLevel.ADMIN;\n      roles = ['admin'];\n      // Org admins get all permissions\n      ['create', 'read', 'update', 'delete'].forEach(operation => {\n        permissions[`default:${operation}`] = true;\n      });\n    }\n  }\n\n  return { permissions, roles, access_level };\n};\n\nexport function UnifiedAuthProvider({\n  children,\n  supabaseClient,\n  appName,\n  persistState = true,\n  enablePersistence,\n  requireOrganisationContext: _requireOrganisationContext = true,\n  enableRBAC = false // New prop for RBAC support\n}: UnifiedAuthProviderProps) {\n  // Use enablePersistence if provided, otherwise use persistState\n  const shouldPersist = enablePersistence !== undefined ? enablePersistence : persistState;\n\n  // Auth state\n  const [user, setUser] = useState<User | null>(null);\n  const [session, setSession] = useState<Session | null>(null);\n  const [authLoading, setAuthLoading] = useState(true);\n  const [authError, setAuthError] = useState<AuthError | null>(null);\n\n  // RBAC state\n  const [permissions, setPermissions] = useState<Record<string, boolean>>({});\n  const [roles, setRoles] = useState<string[]>([]);\n  const [accessLevel, setAccessLevel] = useState<AccessLevel>(AccessLevel.VIEWER);\n  const [rbacLoading, setRbacLoading] = useState(false);\n  const [rbacError, setRbacError] = useState<Error | null>(null);\n  const [selectedEventId, setSelectedEventId] = useState<string | null>(null);\n  const [appConfig, setAppConfig] = useState<AppConfig | null>(null);\n  const [userEventAccess, setUserEventAccess] = useState<UserEventAccess[]>([]);\n  const [eventAccessLoading, setEventAccessLoading] = useState(false);\n  \n  // Organisation context state\n  const [selectedOrganisationId, _setSelectedOrganisationId] = useState<string | null>(null);\n\n  // Load app configuration on mount and when appName changes\n  useEffect(() => {\n    if (!supabaseClient) return;\n\n    const loadAppConfig = async () => {\n      try {\n        const { data } = await supabaseClient.rpc('get_app_config', {\n          p_app_name: appName\n        });\n\n        if (data && data.length > 0) {\n          setAppConfig({\n            supports_direct_access: data[0].supports_direct_access,\n            requires_event: data[0].requires_event\n          });\n        } else {\n          // Default configuration if app not found\n          setAppConfig({\n            supports_direct_access: false,\n            requires_event: true\n          });\n        }\n      } catch (error) {\n      console.warn(\"Clearing corrupted localStorage data\");\n      localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);\n        console.warn('Failed to load app configuration:', error);\n        // Default configuration on error\n        setAppConfig({\n          supports_direct_access: false,\n          requires_event: true\n        });\n      }\n    };\n\n    loadAppConfig();\n  }, [supabaseClient, appName]);\n\n  // Set super admin roles based on user metadata\n  useEffect(() => {\n    // Check if user has super admin role in metadata\n    const isSuperAdmin = user?.user_metadata?.globalRole === 'super_admin';\n    if (isSuperAdmin) {\n      setRoles(['super_admin']);\n    } else {\n      setRoles([]);\n    }\n  }, [user]);\n\n  // Load persisted auth state on mount\n  useEffect(() => {\n    if (!shouldPersist) return;\n\n    try {\n      const persistedEvent = localStorage.getItem(STORAGE_KEYS.SELECTED_EVENT);\n      if (persistedEvent) {\n        setSelectedEventId(JSON.parse(persistedEvent));\n      }\n    } catch (error) {\n      console.warn(\"Clearing corrupted localStorage data\");\n      localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);\n    }\n  }, [shouldPersist]);\n\n  // Load initial user if no session but supabase client exists\n  useEffect(() => {\n    if (!supabaseClient) return;\n\n    const loadInitialUser = async () => {\n      try {\n        const { data: { user: initialUser }, error } = await supabaseClient.auth.getUser();\n        if (error) {\n          console.warn('Failed to get initial user:', error);\n          setAuthLoading(false);\n          return;\n        }\n        \n        if (initialUser) {\n          setUser(initialUser);\n        }\n        setAuthLoading(false);\n      } catch (error) {\n      console.warn(\"Clearing corrupted localStorage data\");\n      localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);\n        console.error('Error loading initial user:', error);\n        setAuthLoading(false);\n      }\n    };\n\n    // Only load initial user if we haven't set up the auth state change listener yet\n    // This prevents race conditions between loadInitialUser and auth state change\n    const timeoutId = setTimeout(() => {\n      if (authLoading && !user && !session) {\n        loadInitialUser();\n      }\n    }, 100);\n\n    return () => clearTimeout(timeoutId);\n  }, [supabaseClient, authLoading, user, session]);\n\n  // Auth state change listener\n  useEffect(() => {\n    if (!supabaseClient) {\n      setAuthLoading(false);\n      return;\n    }\n\n    const timeoutId = setTimeout(() => {\n      if (authLoading) {\n        console.warn('UnifiedAuthProvider: Auth loading timeout reached');\n        setAuthLoading(false);\n      }\n    }, 5000);\n\n    try {\n      console.log('[UnifiedAuthProvider] Setting up auth state change listener...');\n      const authStateChange = supabaseClient.auth.onAuthStateChange(\n        (event, session) => {\n          console.log('[UnifiedAuthProvider] Auth state changed:', event, session?.user?.email);\n          setSession(session);\n          setUser(session?.user ?? null);\n          setAuthLoading(false);\n          setAuthError(null);\n        }\n      );\n\n      const subscription = authStateChange?.data?.subscription || authStateChange;\n      \n      return () => {\n        clearTimeout(timeoutId);\n        if (subscription && typeof subscription.unsubscribe === 'function') {\n          console.log('[UnifiedAuthProvider] Cleaning up auth state listener');\n          subscription.unsubscribe();\n        }\n      };\n    } catch (error) {\n      console.warn(\"Clearing corrupted localStorage data\");\n      localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);\n      console.error('UnifiedAuthProvider: Error setting up auth state change listener:', error);\n      // Don't set authError for connection issues - this is expected when credentials are missing\n      if (error instanceof Error && !error.message.includes('No API key found')) {\n        setAuthError(error as AuthError);\n      }\n      setAuthLoading(false);\n      clearTimeout(timeoutId);\n      return () => {};\n    }\n  }, [supabaseClient]);\n\n  // Persist auth state changes\n  useEffect(() => {\n    if (!shouldPersist) return;\n\n    try {\n      if (selectedEventId) {\n        localStorage.setItem(\n          STORAGE_KEYS.SELECTED_EVENT,\n          JSON.stringify(selectedEventId),\n        );\n      } else {\n        localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);\n      }\n    } catch (error) {\n      console.warn(\"Clearing corrupted localStorage data\");\n      localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);\n      console.warn('Failed to persist auth state:', error);\n    }\n  }, [selectedEventId, shouldPersist]);\n\n  // Load RBAC data when user is authenticated\n  const refreshPermissions = useCallback(async (eventId?: string) => {\n    if (!supabaseClient || !user || !appConfig) {\n      setPermissions({});\n      setRoles([]);\n      setAccessLevel(AccessLevel.VIEWER);\n      return;\n    }\n\n    // Check for super admin first - admin override should happen regardless of app configuration\n    const isSuperAdmin = user?.user_metadata?.globalRole === 'super_admin';\n    if (isSuperAdmin) {\n      setPermissions({\n        'admin:create': true,\n        'admin:read': true,\n        'admin:update': true,\n        'admin:delete': true,\n        'users:create': true,\n        'users:read': true,\n        'users:update': true,\n        'users:delete': true,\n        'events:create': true,\n        'events:read': true,\n        'events:update': true,\n        'events:delete': true\n      });\n      setRoles(['super_admin']);\n      setAccessLevel(AccessLevel.ADMIN);\n      return;\n    }\n\n    // Determine if we should load permissions without an event\n    const shouldLoadDirectPermissions = !eventId && !appConfig.requires_event;\n    const shouldLoadEventPermissions = eventId;\n    const shouldClearPermissions = !eventId && appConfig.requires_event;\n\n    // If no eventId and app requires events, clear permissions\n    if (shouldClearPermissions) {\n      setPermissions({});\n      setRoles([]);\n      setAccessLevel(AccessLevel.VIEWER);\n      return;\n    }\n\n    // Only proceed if we should load permissions\n    if (!shouldLoadDirectPermissions && !shouldLoadEventPermissions) {\n      return;\n    }\n\n    setRbacLoading(true);\n    setRbacError(null);\n\n    try {\n      const { data, error } = await supabaseClient.rpc('get_rbac_permissions', {\n        p_user_id: user.id,\n        p_app_name: appName,\n        p_event_id: eventId || null,\n        p_organisation_id: selectedOrganisationId || null\n      });\n\n      if (error) {\n        throw error;\n      }\n\n      const { permissions, roles, access_level } = transformRBACPermissions(data, appName);\n\n      setPermissions(permissions);\n      setRoles(roles);\n      setAccessLevel(access_level);\n    } catch (err: any) {\n      setRbacError(err);\n    } finally {\n      setRbacLoading(false);\n    }\n  }, [supabaseClient, user, appName, appConfig, selectedOrganisationId]);\n\n  // Load user event access data\n  const loadUserEventAccess = useCallback(async () => {\n    if (!supabaseClient || !user) {\n      setUserEventAccess([]);\n      return;\n    }\n\n    setEventAccessLoading(true);\n    try {\n      const { data, error } = await supabaseClient\n        .from('rbac_event_app_roles')\n        .select(`\n          event_id,\n          role,\n          granted_at\n        `)\n        .eq('user_id', user.id)\n        .eq('app_name', appName);\n\n      if (error) {\n        console.error('Failed to load user event access:', error);\n        setUserEventAccess([]);\n        return;\n      }\n\n      const eventAccess = data?.map(item => ({\n        event_id: item.event_id,\n        event_name: 'Unknown Event', // Event details not available in this query\n        event_description: null, // Not available in this schema\n        start_date: '', // Event date not available in this query\n        end_date: '', // Event date not available in this query\n        event_status: 'unknown', // Not available in this schema\n        app_name: appName,\n        access_level: item.role, // Map role to access_level\n        granted_at: item.granted_at,\n        organisation_id: '' // Will be populated from event's organisation_id if needed\n      })) || [];\n\n      setUserEventAccess(eventAccess);\n    } catch (error) {\n      console.warn(\"Clearing corrupted localStorage data\");\n      localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);\n      console.error('Error loading user event access:', error);\n      setUserEventAccess([]);\n    } finally {\n      setEventAccessLoading(false);\n    }\n  }, [supabaseClient, user, appName]);\n\n  // Helper function to get access for a specific event\n  const getUserEventAccess = useCallback((eventId: string) => {\n    return userEventAccess.find(access => access.event_id === eventId);\n  }, [userEventAccess]);\n\n  // When the selected event ID changes, user logs in, or app config loads, refresh permissions\n  useEffect(() => {\n    if (!user || !appConfig) return;\n\n    // Check for super admin first - admin override should happen regardless of app configuration\n    const isSuperAdmin = user?.user_metadata?.globalRole === 'super_admin';\n    if (isSuperAdmin) {\n      setPermissions({\n        'admin:create': true,\n        'admin:read': true,\n        'admin:update': true,\n        'admin:delete': true,\n        'users:create': true,\n        'users:read': true,\n        'users:update': true,\n        'users:delete': true,\n        'events:create': true,\n        'events:read': true,\n        'events:update': true,\n        'events:delete': true\n      });\n      setRoles(['super_admin']);\n      setAccessLevel(AccessLevel.ADMIN);\n      return;\n    }\n\n    if (selectedEventId) {\n      // Event-based permissions\n      refreshPermissions(selectedEventId);\n    } else if (!appConfig.requires_event) {\n      // Direct app permissions (no event needed)\n      refreshPermissions();\n    } else {\n      // No event and app requires events - clear permissions\n      setPermissions({});\n      setRoles([]);\n      setAccessLevel(AccessLevel.VIEWER);\n    }\n  }, [selectedEventId, user, appConfig, refreshPermissions]);\n\n  // Load user event access when user changes\n  useEffect(() => {\n    if (user) {\n      loadUserEventAccess();\n    } else {\n      setUserEventAccess([]);\n    }\n  }, [user, loadUserEventAccess]);\n\n  // Auth methods\n  const signIn = useCallback(async (email: string, password?: string) => {\n    if (!supabaseClient) {\n      const error = new Error('No Supabase client provided') as AuthError;\n      setAuthError(error);\n      return { error };\n    }\n\n    setAuthLoading(true);\n    setAuthError(null);\n    \n    try {\n      const { error } = await supabaseClient.auth.signInWithPassword({ email, password: password || '' });\n      if (error) {\n        setAuthError(error);\n      }\n      return { error };\n    } catch (err: any) {\n      const authError = err as AuthError;\n      setAuthError(authError);\n      return { error: authError };\n    } finally {\n      setAuthLoading(false);\n    }\n  }, [supabaseClient]);\n\n  const signUp = useCallback(async (email: string, password: string) => {\n    if (!supabaseClient) {\n      const error = new Error('No Supabase client provided') as AuthError;\n      setAuthError(error);\n      return { error };\n    }\n\n    setAuthError(null);\n    try {\n      const { error } = await supabaseClient.auth.signUp({ email, password });\n      if (error) {\n        setAuthError(error);\n      }\n      return { error };\n    } catch (err: any) {\n      const authError = err as AuthError;\n      setAuthError(authError);\n      return { error: authError };\n    }\n  }, [supabaseClient]);\n\n  const signOut = useCallback(async () => {\n    if (!supabaseClient) {\n      setUser(null);\n      setSession(null);\n      setUserEventAccess([]);\n      setPermissions({});\n      setRoles([]);\n      setAccessLevel(AccessLevel.VIEWER);\n      setSelectedEventId(null);\n      return { error: null };\n    }\n    const { error } = await supabaseClient.auth.signOut();\n    if (error) {\n      setAuthError(error);\n    } else {\n      // Immediately clear user-related state on successful sign out\n      setUserEventAccess([]);\n      setPermissions({});\n      setRoles([]);\n      setAccessLevel(AccessLevel.VIEWER);\n      setSelectedEventId(null);\n    }\n    return { error };\n  }, [supabaseClient]);\n\n  const resetPassword = useCallback(async (email: string) => {\n    if (!supabaseClient) {\n      const error = new Error('No Supabase client provided') as AuthError;\n      setAuthError(error);\n      return { error };\n    }\n\n    setAuthError(null);\n    try {\n      const { error } = await supabaseClient.auth.resetPasswordForEmail(email);\n      if (error) {\n        setAuthError(error);\n      }\n      return { error };\n    } catch (err: any) {\n      const authError = err as AuthError;\n      setAuthError(authError);\n      return { error: authError };\n    }\n  }, [supabaseClient]);\n\n  const updatePassword = useCallback(async (password: string) => {\n    if (!supabaseClient) return { error: new AuthError('Supabase client not available.', 500) };\n    const { error } = await supabaseClient.auth.updateUser({ password });\n    if (error) {\n      setAuthError(error);\n    }\n    return { error };\n  }, [supabaseClient]);\n\n  const refreshSession = useCallback(async () => {\n    if (!supabaseClient) {\n      const error = new Error('No Supabase client provided') as AuthError;\n      setAuthError(error);\n      return { error };\n    }\n\n    setAuthError(null);\n    try {\n      const { error } = await supabaseClient.auth.refreshSession();\n      if (error) {\n        setAuthError(error);\n      }\n      return { error };\n    } catch (err: any) {\n      const authError = err as AuthError;\n      setAuthError(authError);\n      return { error: authError };\n    }\n  }, [supabaseClient]);\n\n  // Memoized derived values\n  const isAuthenticated = useMemo(() => !!user, [user]);\n  const isLoading = authLoading || rbacLoading;\n  const hasErrors = !!authError || !!rbacError;\n\n  // Permission methods\n  const hasPermission = useCallback((permission: string) => {\n    const hasPerm = !!permissions[permission];\n    return hasPerm;\n  }, [permissions]);\n  const hasAnyPermission = useCallback((perms: string[]) => perms.some(p => !!permissions[p]), [permissions]);\n  const hasAllPermissions = useCallback((perms: string[]) => perms.every(p => !!permissions[p]), [permissions]);\n  const hasRole = useCallback((role: string) => {\n    const isSuperAdmin = user?.user_metadata?.globalRole === 'super_admin';\n    if (role.toLowerCase() === 'super_admin') {\n      return isSuperAdmin;\n    }\n    return roles.includes(role);\n  }, [roles, user]);\n  const hasAccessLevel = useCallback((level: AccessLevel) => {\n    const levels = Object.values(AccessLevel);\n    return levels.indexOf(accessLevel) >= levels.indexOf(level);\n  }, [accessLevel]);\n  const canAccess = useCallback((resource: string, action: string) => {\n    const permission = `${resource}:${action}`;\n    const hasAccess = hasPermission(permission);\n    return hasAccess;\n  }, [hasPermission]);\n  const validatePermission = useCallback(async (permission: string) => hasPermission(permission), [hasPermission]);\n  const validateAccess = useCallback(async (resource: string, action: string) => {\n    // Placeholder for more complex logic, e.g., re-validating with backend\n    return Promise.resolve(canAccess(resource, action));\n  }, [canAccess]);\n\n  // Memoized context value\n  const contextValue = useMemo<UnifiedAuthContextType>(() => ({\n    user,\n    session,\n    isAuthenticated,\n    authLoading,\n    authError,\n    supabase: supabaseClient || null,\n    appName,\n\n    signIn,\n    signUp,\n    signOut,\n    resetPassword,\n    updatePassword,\n    refreshSession,\n\n    permissions,\n    roles,\n    accessLevel,\n    rbacLoading,\n    rbacError,\n    selectedEventId,\n    appConfig,\n    userEventAccess,\n    eventAccessLoading,\n\n    // Organisation context\n    selectedOrganisationId,\n    requireOrganisationContext: () => {\n      if (!selectedOrganisationId) {\n        throw new Error('Organisation context is required but not available');\n      }\n      return selectedOrganisationId;\n    },\n\n    hasPermission,\n    hasAnyPermission,\n    hasAllPermissions,\n    hasRole,\n    hasAccessLevel,\n    canAccess,\n    validatePermission,\n    validateAccess,\n    refreshPermissions,\n    setSelectedEventId,\n    \n    // New RBAC system support\n    rbacEnabled: enableRBAC,\n    rbacContext: undefined, // Will be populated by useRBAC hook when enabled\n    \n    isLoading,\n    hasErrors,\n\n    loadUserEventAccess,\n    getUserEventAccess\n  }), [\n    user, session, isAuthenticated, authLoading, authError, supabaseClient, appName,\n    signIn, signUp, signOut, resetPassword, updatePassword, refreshSession,\n    permissions, roles, accessLevel, rbacLoading, rbacError, selectedEventId, appConfig,\n    userEventAccess, eventAccessLoading, selectedOrganisationId,\n    hasPermission, hasAnyPermission, hasAllPermissions, hasRole, hasAccessLevel, canAccess,\n    validatePermission, validateAccess, refreshPermissions, setSelectedEventId,\n    enableRBAC, isLoading, hasErrors,\n    loadUserEventAccess, getUserEventAccess\n  ]);\n\n  return (\n    <UnifiedAuthContext.Provider value={contextValue}>\n      {children}\n    </UnifiedAuthContext.Provider>\n  );\n} ","/**\n * @file Organisation Provider\n * @package @jmruthers/pace-core\n * @module Providers/Organisation\n * @since 0.4.0\n *\n * Security-first organisation provider that enforces mandatory organisation context.\n * No data operations can proceed without valid organisation context.\n * \n * Features:\n * - Mandatory organisation selection for all operations\n * - User organisation membership validation\n * - Role-based access within organisations\n * - Secure organisation switching\n * - Hierarchy support for parent/child organisations\n * - Error handling for security violations\n * - Persistent organisation selection\n *\n * @example\n * ```tsx\n * // Basic setup - organisation context is mandatory\n * import { UnifiedAuthProvider, OrganisationProvider } from '@jmruthers/pace-core';\n * \n * function App() {\n *   return (\n *     <UnifiedAuthProvider supabaseClient={supabase} appName=\"MY_APP\">\n *       <OrganisationProvider>\n *         <YourAppContent />\n *       </OrganisationProvider>\n *     </UnifiedAuthProvider>\n *   );\n * }\n * \n * // Using in components\n * function MyComponent() {\n *   const { \n *     selectedOrganisation, \n *     getUserRole, \n *     switchOrganisation \n *   } = useOrganisations();\n *   \n *   // selectedOrganisation is guaranteed to be non-null when this renders\n *   return (\n *     <div>\n *       <h1>{selectedOrganisation.display_name}</h1>\n *       <p>Your role: {getUserRole()}</p>\n *     </div>\n *   );\n * }\n * ```\n *\n * @security\n * - All data access requires valid organisation context\n * - User membership validation on organisation load\n * - Role-based access control within organisations\n * - Secure organisation switching with validation\n * - Error states for security violations\n * - No fallback to default organisation - explicit selection required\n *\n * @dependencies\n * - React 18+ - Context, hooks, and effects\n * - UnifiedAuthProvider - Authentication context\n * - Supabase - Database operations\n * - Organisation types - Type definitions\n */\n\nimport React, { createContext, useContext, useState, useEffect, useCallback, useMemo } from 'react';\nimport { useUnifiedAuth } from './UnifiedAuthProvider';\nimport { setOrganisationContext } from '../utils/organisationContext';\nimport type {\n  Organisation,\n  OrganisationMembership,\n  OrganisationContextType,\n  OrganisationProviderProps,\n  OrganisationSecurityError,\n  OrganisationHierarchy\n} from '../types/organisation';\n\n// Create the context\nconst OrganisationContext = createContext<OrganisationContextType | undefined>(undefined);\n\n// Storage keys for persistence\nconst STORAGE_KEYS = {\n  SELECTED_ORGANISATION: 'pace-core-selected-organisation',\n  ORGANISATION_CONTEXT: 'pace-core-organisation-context',\n} as const;\n\n/**\n * Organisation Provider component that enforces mandatory organisation context\n * \n * This provider:\n * - Loads user's organisation memberships on authentication\n * - Validates user has at least one active organisation\n * - Auto-selects primary organisation or first available\n * - Provides security helpers for organisation validation\n * - Handles organisation switching with validation\n * - Persists organisation selection across sessions\n * \n * SECURITY: No children are rendered without valid organisation context\n */\nexport function OrganisationProvider({ children }: OrganisationProviderProps) {\n  const [selectedOrganisation, setSelectedOrganisation] = useState<Organisation | null>(null);\n  const [organisations, setOrganisations] = useState<Organisation[]>([]);\n  const [userMemberships, setUserMemberships] = useState<OrganisationMembership[]>([]);\n  const [roleMapState, setRoleMapState] = useState<Map<string, string>>(new Map());\n  const [isLoading, setIsLoading] = useState(true);\n  const [error, setError] = useState<Error | null>(null);\n  const [isContextReady, setIsContextReady] = useState(false);\n  \n  const { user, supabase } = useUnifiedAuth();\n\n  // Set organisation context in database session\n  const setDatabaseOrganisationContext = useCallback(async (organisation: Organisation): Promise<void> => {\n    if (!supabase) {\n      console.warn('[OrganisationProvider] No Supabase client available for setting organisation context');\n      setIsContextReady(false);\n      return;\n    }\n\n    try {\n      await setOrganisationContext(supabase, organisation.id);\n      console.log('[OrganisationProvider] Database organisation context set to:', organisation.display_name);\n      setIsContextReady(true);\n    } catch (error) {\n      console.error('[OrganisationProvider] Failed to set database organisation context:', error);\n      setIsContextReady(false);\n      // Don't throw - this is a non-critical operation\n    }\n  }, [supabase]);\n\n  // CRITICAL: Set database organisation context when organisation changes\n  useEffect(() => {\n    if (selectedOrganisation && supabase) {\n      // Reset context ready state when organisation changes\n      setIsContextReady(false);\n      \n      // Use an async IIFE to properly handle the async operation\n      (async () => {\n        await setDatabaseOrganisationContext(selectedOrganisation);\n      })();\n    } else {\n      setIsContextReady(false);\n    }\n  }, [selectedOrganisation, setDatabaseOrganisationContext, supabase]);\n\n  // CRITICAL: Load user organisations and validate access\n  useEffect(() => {\n    if (!user || !supabase) {\n      // Clear state when no user\n      setSelectedOrganisation(null);\n      setOrganisations([]);\n      setUserMemberships([]);\n      setIsLoading(false);\n      return;\n    }\n\n    const loadUserOrganisations = async () => {\n      setIsLoading(true);\n      setError(null);\n      \n      try {\n        console.log(\"[OrganisationProvider] Loading organisations for user:\", user.id);\n        \n        // Get user's organisation memberships from consolidated rbac_organisation_roles table\n        // Only get actual members (org_admin, leader, member) - exclude supporters\n        let memberships, membershipError;\n        try {\n          const result = await supabase\n            .from('rbac_organisation_roles')\n            .select(`\n              id,\n              user_id,\n              organisation_id,\n              role,\n              status,\n              granted_at,\n              granted_by,\n              revoked_at,\n              revoked_by,\n              notes,\n              created_at,\n              updated_at\n            `)\n            .eq('user_id', user.id)\n            .eq('status', 'active')\n            .is('revoked_at', null)\n            .in('role', ['org_admin', 'leader', 'member']); // Only actual members, not supporters\n          \n          memberships = result.data;\n          membershipError = result.error;\n        } catch (queryError: any) {\n          membershipError = queryError;\n        }\n\n        if (membershipError) {\n          console.error(\"[OrganisationProvider] Error loading memberships:\", membershipError);\n          throw membershipError;\n        }\n        \n        console.log(\"[OrganisationProvider] Raw memberships data:\", memberships);\n        \n        if (!memberships || memberships.length === 0) {\n          throw new Error('User has no active organisation memberships') as OrganisationSecurityError;\n        }\n\n        // Get organisation details for the memberships\n        const organisationIds = memberships.map((m: any) => m.organisation_id);\n        const { data: organisations, error: orgError } = await supabase\n          .from('organisations')\n          .select('id, name, display_name, subscription_tier, settings, is_active, parent_id, created_at, updated_at')\n          .in('id', organisationIds);\n\n        if (orgError) {\n          console.error(\"[OrganisationProvider] Error loading organisations:\", orgError);\n          throw orgError;\n        }\n\n        // Create a map of organisation_id to role from the memberships data\n        // Since we're now getting roles directly from the consolidated table\n        const roleMap = new Map<string, string>();\n        memberships?.forEach((membership: any) => {\n          roleMap.set(membership.organisation_id, membership.role);\n        });\n\n        // Extract organisations and memberships\n        const orgs = organisations as Organisation[];\n        const activeOrgs = orgs.filter(org => org.is_active);\n        \n        if (activeOrgs.length === 0) {\n          throw new Error('User has no access to active organisations') as OrganisationSecurityError;\n        }\n\n        console.log(\"[OrganisationProvider] Active organisations:\", activeOrgs);\n        \n        setOrganisations(activeOrgs);\n        setUserMemberships(memberships as OrganisationMembership[]);\n        \n        // Store role map in component state for later use\n        setRoleMapState(roleMap);\n        \n        // Auto-select organisation: try persisted, then primary, then first\n        let initialOrg: Organisation | null = null;\n        \n        // 1. Try to restore from localStorage\n        try {\n          const persistedOrgString = localStorage.getItem(STORAGE_KEYS.SELECTED_ORGANISATION);\n          if (persistedOrgString) {\n            const persistedOrg = JSON.parse(persistedOrgString) as Organisation;\n            const validPersistedOrg = activeOrgs.find(org => org.id === persistedOrg.id);\n            if (validPersistedOrg) {\n              initialOrg = validPersistedOrg;\n              console.log(\"[OrganisationProvider] Restored persisted organisation:\", initialOrg.display_name);\n            }\n          }\n        } catch (storageError) {\n          console.warn(\"[OrganisationProvider] Failed to restore persisted organisation:\", storageError);\n        }\n        \n        // 2. Fall back to org_admin role organisation (highest privilege)\n        if (!initialOrg) {\n          const adminMembership = memberships.find((m: any) => m.role === 'org_admin');\n          if (adminMembership) {\n            const foundOrg = organisations.find((org: any) => org.id === adminMembership.organisation_id);\n            if (foundOrg) {\n              initialOrg = foundOrg;\n              console.log(\"[OrganisationProvider] Selected org_admin organisation:\", initialOrg.display_name);\n            }\n          }\n        }\n        \n        // 3. Fall back to first organisation\n        if (!initialOrg) {\n          initialOrg = activeOrgs[0];\n          console.log(\"[OrganisationProvider] Selected first organisation:\", initialOrg.display_name);\n        }\n        \n        if (!initialOrg) {\n          throw new Error('No valid organisation found for user') as OrganisationSecurityError;\n        }\n\n        setSelectedOrganisation(initialOrg);\n        \n        // Persist selection\n        localStorage.setItem(STORAGE_KEYS.SELECTED_ORGANISATION, JSON.stringify(initialOrg));\n        \n        console.log(\"[OrganisationProvider] Organisation context established:\", {\n          selectedOrganisation: initialOrg.display_name,\n          totalOrganisations: activeOrgs.length,\n          userRole: roleMap.get(initialOrg.id)\n        });\n        \n      } catch (err) {\n        console.error(\"[OrganisationProvider] Failed to load organisations:\", err);\n        setError(err as Error);\n        // SECURITY: Clear all state on error\n        setSelectedOrganisation(null);\n        setOrganisations([]);\n        setUserMemberships([]);\n        localStorage.removeItem(STORAGE_KEYS.SELECTED_ORGANISATION);\n      } finally {\n        setIsLoading(false);\n      }\n    };\n\n    loadUserOrganisations();\n  }, [user, supabase]);\n\n  // Security validation helper\n  const ensureOrganisationContext = useCallback((): Organisation => {\n    if (!selectedOrganisation) {\n      throw new Error('Organisation context is required but not available') as OrganisationSecurityError;\n    }\n    return selectedOrganisation;\n  }, [selectedOrganisation]);\n\n  // Get user's role in specified organisation (defaults to current)\n  const getUserRole = useCallback((orgId?: string): string => {\n    const targetOrgId = orgId || selectedOrganisation?.id;\n    if (!targetOrgId) return 'no_access';\n    \n    // Use roleMapState to get the role for this organisation\n    return roleMapState.get(targetOrgId) || 'no_access';\n  }, [roleMapState, selectedOrganisation]);\n\n  // Validate user has access to organisation\n  const validateOrganisationAccess = useCallback((orgId: string): boolean => {\n    return userMemberships.some((m: any) => \n      m.organisation_id === orgId && \n      m.status === 'active' &&\n      m.revoked_at === null\n    );\n  }, [userMemberships]);\n\n  // Secure organisation switching\n  const switchOrganisation = useCallback(async (orgId: string): Promise<void> => {\n    console.log(\"[OrganisationProvider] Switching to organisation:\", orgId);\n    \n    // Validate access\n    if (!validateOrganisationAccess(orgId)) {\n      throw new Error(`User does not have access to organisation ${orgId}`) as OrganisationSecurityError;\n    }\n    \n    const targetOrg = organisations.find(org => org.id === orgId);\n    if (!targetOrg) {\n      throw new Error(`Organisation ${orgId} not found in user's organisations`) as OrganisationSecurityError;\n    }\n    \n    setSelectedOrganisation(targetOrg);\n    \n    // Persist selection\n    localStorage.setItem(STORAGE_KEYS.SELECTED_ORGANISATION, JSON.stringify(targetOrg));\n    \n    // Set database organisation context\n    await setDatabaseOrganisationContext(targetOrg);\n    \n    console.log(\"[OrganisationProvider] Switched to organisation:\", targetOrg.display_name);\n  }, [organisations, validateOrganisationAccess, setDatabaseOrganisationContext]);\n\n  // Refresh organisations data\n  const refreshOrganisations = useCallback(async (): Promise<void> => {\n    if (!user || !supabase) return;\n    \n    // Force reload by triggering the effect\n    setIsLoading(true);\n    // The useEffect will handle the actual reload\n  }, [user, supabase]);\n\n  // Get primary organisation (highest privilege role)\n  const getPrimaryOrganisation = useCallback((): Organisation | null => {\n    // Look for org_admin role first, then leader, then member\n    const rolePriority = ['org_admin', 'leader', 'member'];\n    \n    for (const role of rolePriority) {\n      const membership = userMemberships.find((m: any) => m.role === role);\n      if (membership) {\n        return organisations.find((org: any) => org.id === membership.organisation_id) || null;\n      }\n    }\n    \n    return null;\n  }, [userMemberships, organisations]);\n\n  // Security status\n  const isOrganisationSecure = useCallback((): boolean => {\n    return !!(selectedOrganisation && user);\n  }, [selectedOrganisation, user]);\n\n  // Build organisation hierarchy (for future use)\n  const buildOrganisationHierarchy = useCallback((orgs: Organisation[]): OrganisationHierarchy[] => {\n    const orgMap = new Map<string, Organisation>();\n    orgs.forEach(org => orgMap.set(org.id, org));\n    \n    const roots: OrganisationHierarchy[] = [];\n    \n    orgs.forEach(org => {\n      if (!org.parent_id) {\n        // Root organisation\n        roots.push({\n          organisation: org,\n          children: [],\n          depth: 0\n        });\n      }\n    });\n    \n    // For now, return flat structure - hierarchy building can be added later\n    return roots;\n  }, []);\n\n  // Computed values\n  const hasValidOrganisationContext = useMemo(() => {\n    return !!(selectedOrganisation && !isLoading && !error && isContextReady);\n  }, [selectedOrganisation, isLoading, error, isContextReady]);\n\n  // Memoized context value\n  const contextValue = useMemo<OrganisationContextType>(() => {\n    // SECURITY: Only provide full context if we have valid organisation\n    if (!selectedOrganisation) {\n      // This will never be accessed due to the render guards above,\n      // but TypeScript requires the interface to be satisfied\n      const placeholderOrg: Organisation = {\n        id: '',\n        name: '',\n        display_name: '',\n        subscription_tier: 'standard',\n        settings: {},\n        is_active: false,\n        created_at: '',\n        updated_at: ''\n      };\n      \n      return {\n        selectedOrganisation: placeholderOrg,\n        organisations: [],\n        userMemberships: [],\n        isLoading,\n        error,\n        hasValidOrganisationContext: false,\n        setSelectedOrganisation: () => {},\n        switchOrganisation: async () => {},\n        getUserRole: () => 'no_access',\n        validateOrganisationAccess: () => false,\n        refreshOrganisations: async () => {},\n        ensureOrganisationContext: () => { throw new Error('No organisation context') as OrganisationSecurityError; },\n        isOrganisationSecure: () => false,\n        getPrimaryOrganisation: () => null\n      };\n    }\n\n    return {\n      selectedOrganisation,\n      organisations,\n      userMemberships,\n      isLoading,\n      error,\n      hasValidOrganisationContext,\n      setSelectedOrganisation,\n      switchOrganisation,\n      getUserRole,\n      validateOrganisationAccess,\n      refreshOrganisations,\n      ensureOrganisationContext,\n      isOrganisationSecure,\n      getPrimaryOrganisation\n    };\n  }, [\n    selectedOrganisation,\n    organisations,\n    userMemberships,\n    isLoading,\n    error,\n    hasValidOrganisationContext,\n    switchOrganisation,\n    getUserRole,\n    validateOrganisationAccess,\n    refreshOrganisations,\n    ensureOrganisationContext,\n    isOrganisationSecure,\n    getPrimaryOrganisation\n  ]);\n\n  // SECURITY: Only render children when we have valid organisation context\n  if (isLoading || (selectedOrganisation && !isContextReady)) {\n    return (\n      <div className=\"organisation-loading\" role=\"status\" aria-label=\"Loading organisation context\">\n        <div className=\"flex items-center justify-center min-h-screen\">\n          <div className=\"text-center\">\n            <div className=\"animate-spin rounded-full h-8 w-8 border-b-2 border-primary mx-auto mb-4\"></div>\n            <p className=\"text-muted-foreground\">\n              {isLoading ? 'Loading organisation context...' : 'Setting up organisation context...'}\n            </p>\n          </div>\n        </div>\n      </div>\n    );\n  }\n\n  if (error || (user && !selectedOrganisation)) {\n    return (\n      <div className=\"organisation-error\" role=\"alert\">\n        <div className=\"flex items-center justify-center min-h-screen\">\n          <div className=\"text-center max-w-md mx-auto p-6\">\n            <div className=\"text-destructive mb-4\">\n              <svg className=\"h-12 w-12 mx-auto\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\">\n                <path strokeLinecap=\"round\" strokeLinejoin=\"round\" strokeWidth={2} d=\"M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-2.5L13.732 4c-.77-.833-1.732-.833-2.464 0L4.35 16.5c-.77.833.192 2.5 1.732 2.5z\" />\n              </svg>\n            </div>\n            <h2 className=\"text-xl font-semibold text-foreground mb-2\">\n              Organisation Access Required\n            </h2>\n            <p className=\"text-muted-foreground mb-4\">\n              {error?.message || 'No valid organisation context available. Please contact your administrator to be added to an organisation.'}\n            </p>\n            <button \n              onClick={() => window.location.reload()}\n              className=\"px-4 py-2 bg-primary text-primary-foreground rounded-md hover:bg-primary/90\"\n            >\n              Retry\n            </button>\n          </div>\n        </div>\n      </div>\n    );\n  }\n\n  return (\n    <OrganisationContext.Provider value={contextValue}>\n      {children}\n    </OrganisationContext.Provider>\n  );\n}\n\n/**\n * Hook to access organisation context\n * \n * @returns Organisation context with guaranteed non-null selectedOrganisation\n * @throws {Error} If used outside OrganisationProvider\n */\nexport const useOrganisations = (): OrganisationContextType => {\n  const context = useContext(OrganisationContext);\n  if (!context) {\n    throw new Error('useOrganisations must be used within an OrganisationProvider');\n  }\n  return context;\n};\n\n// Re-export types for convenience\nexport type { \n  Organisation, \n  OrganisationMembership, \n  OrganisationContextType,\n  OrganisationSecurityError\n}; "],"mappings":";;;;;;;;AAkJA,SAAgB,eAAe,YAAY,UAAU,WAAW,SAAS,mBAAmB;AAC5F,SAAuD,iBAAiB;AA0xBpE;AAzsBJ,IAAM,qBAAqB,cAAkD,MAAS;AAE/E,IAAM,iBAAiB,MAAM;AAClC,QAAM,UAAU,WAAW,kBAAkB;AAC7C,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,0DAA0D;AAAA,EAC5E;AACA,SAAO;AACT;AAaA,IAAM,eAAe;AAAA,EACnB,gBAAgB;AAClB;AAGA,IAAM,2BAA2B,CAAC,UAAiB,aAAqB;AACtE,QAAM,cAAuC,CAAC;AAC9C,MAAI,QAAkB,CAAC;AACvB,MAAI;AAEJ,MAAI,CAAC,YAAY,CAAC,MAAM,QAAQ,QAAQ,GAAG;AACzC,WAAO,EAAE,aAAa,CAAC,GAAG,OAAO,CAAC,QAAQ,GAAG,oCAAiC;AAAA,EAChF;AAGA,QAAM,iBAAiB,SAAS,KAAK,CAAC,MAAW,EAAE,oBAAoB,iBAAiB;AACxF,MAAI,gBAAgB;AAClB,WAAO;AAAA,MACL,aAAa,EAAE,WAAW,KAAK;AAAA,MAC/B,OAAO,CAAC,OAAO;AAAA,MACf;AAAA,IACF;AAAA,EACF;AAGA,QAAM,gBAAgB,SAAS,OAAO,CAAC,MAAW,EAAE,oBAAoB,kBAAkB;AAC1F,MAAI,cAAc,SAAS,GAAG;AAC5B,UAAM,OAAO,cAAc,CAAC,EAAE;AAG9B,YAAQ,MAAM;AAAA,MACZ,KAAK;AACH;AACA,gBAAQ,CAAC,OAAO;AAChB;AAAA,MACF,KAAK;AACH;AACA,gBAAQ,CAAC,SAAS;AAClB;AAAA,MACF,KAAK;AACH;AACA,gBAAQ,CAAC,aAAa;AACtB;AAAA,MACF,KAAK;AACH;AACA,gBAAQ,CAAC,QAAQ;AACjB;AAAA,MACF,KAAK;AAAA,MACL;AACE;AACA,gBAAQ,CAAC,QAAQ;AACjB;AAAA,IACJ;AAIA,UAAM,kBAAkB,CAAC,MAAM;AAC/B,QAAI,CAAC,eAAe,SAAS,EAAE,SAAS,IAAI,GAAG;AAC7C,sBAAgB,KAAK,UAAU,QAAQ;AAAA,IACzC;AACA,QAAI,SAAS,eAAe;AAC1B,sBAAgB,KAAK,QAAQ;AAAA,IAC/B;AAIA,oBAAgB,QAAQ,eAAa;AACnC,kBAAY,WAAW,SAAS,EAAE,IAAI;AAAA,IACxC,CAAC;AAAA,EACH;AAGA,QAAM,WAAW,SAAS,OAAO,CAAC,MAAW,EAAE,oBAAoB,qBAAqB;AACxF,MAAI,SAAS,SAAS,GAAG;AACvB,UAAM,OAAO,SAAS,CAAC,EAAE;AACzB,QAAI,SAAS,aAAa;AACxB;AACA,cAAQ,CAAC,OAAO;AAEhB,OAAC,UAAU,QAAQ,UAAU,QAAQ,EAAE,QAAQ,eAAa;AAC1D,oBAAY,WAAW,SAAS,EAAE,IAAI;AAAA,MACxC,CAAC;AAAA,IACH;AAAA,EACF;AAEA,SAAO,EAAE,aAAa,OAAO,aAAa;AAC5C;AAEO,SAAS,oBAAoB;AAAA,EAClC;AAAA,EACA;AAAA,EACA;AAAA,EACA,eAAe;AAAA,EACf;AAAA,EACA,4BAA4B,8BAA8B;AAAA,EAC1D,aAAa;AAAA;AACf,GAA6B;AAE3B,QAAM,gBAAgB,sBAAsB,SAAY,oBAAoB;AAG5E,QAAM,CAAC,MAAM,OAAO,IAAI,SAAsB,IAAI;AAClD,QAAM,CAAC,SAAS,UAAU,IAAI,SAAyB,IAAI;AAC3D,QAAM,CAAC,aAAa,cAAc,IAAI,SAAS,IAAI;AACnD,QAAM,CAAC,WAAW,YAAY,IAAI,SAA2B,IAAI;AAGjE,QAAM,CAAC,aAAa,cAAc,IAAI,SAAkC,CAAC,CAAC;AAC1E,QAAM,CAAC,OAAO,QAAQ,IAAI,SAAmB,CAAC,CAAC;AAC/C,QAAM,CAAC,aAAa,cAAc,IAAI,8BAAwC;AAC9E,QAAM,CAAC,aAAa,cAAc,IAAI,SAAS,KAAK;AACpD,QAAM,CAAC,WAAW,YAAY,IAAI,SAAuB,IAAI;AAC7D,QAAM,CAAC,iBAAiB,kBAAkB,IAAI,SAAwB,IAAI;AAC1E,QAAM,CAAC,WAAW,YAAY,IAAI,SAA2B,IAAI;AACjE,QAAM,CAAC,iBAAiB,kBAAkB,IAAI,SAA4B,CAAC,CAAC;AAC5E,QAAM,CAAC,oBAAoB,qBAAqB,IAAI,SAAS,KAAK;AAGlE,QAAM,CAAC,wBAAwB,0BAA0B,IAAI,SAAwB,IAAI;AAGzF,YAAU,MAAM;AACd,QAAI,CAAC,eAAgB;AAErB,UAAM,gBAAgB,YAAY;AAChC,UAAI;AACF,cAAM,EAAE,KAAK,IAAI,MAAM,eAAe,IAAI,kBAAkB;AAAA,UAC1D,YAAY;AAAA,QACd,CAAC;AAED,YAAI,QAAQ,KAAK,SAAS,GAAG;AAC3B,uBAAa;AAAA,YACX,wBAAwB,KAAK,CAAC,EAAE;AAAA,YAChC,gBAAgB,KAAK,CAAC,EAAE;AAAA,UAC1B,CAAC;AAAA,QACH,OAAO;AAEL,uBAAa;AAAA,YACX,wBAAwB;AAAA,YACxB,gBAAgB;AAAA,UAClB,CAAC;AAAA,QACH;AAAA,MACF,SAAS,OAAO;AAChB,gBAAQ,KAAK,sCAAsC;AACnD,qBAAa,WAAW,aAAa,cAAc;AACjD,gBAAQ,KAAK,qCAAqC,KAAK;AAEvD,qBAAa;AAAA,UACX,wBAAwB;AAAA,UACxB,gBAAgB;AAAA,QAClB,CAAC;AAAA,MACH;AAAA,IACF;AAEA,kBAAc;AAAA,EAChB,GAAG,CAAC,gBAAgB,OAAO,CAAC;AAG5B,YAAU,MAAM;AAEd,UAAM,eAAe,MAAM,eAAe,eAAe;AACzD,QAAI,cAAc;AAChB,eAAS,CAAC,aAAa,CAAC;AAAA,IAC1B,OAAO;AACL,eAAS,CAAC,CAAC;AAAA,IACb;AAAA,EACF,GAAG,CAAC,IAAI,CAAC;AAGT,YAAU,MAAM;AACd,QAAI,CAAC,cAAe;AAEpB,QAAI;AACF,YAAM,iBAAiB,aAAa,QAAQ,aAAa,cAAc;AACvE,UAAI,gBAAgB;AAClB,2BAAmB,KAAK,MAAM,cAAc,CAAC;AAAA,MAC/C;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,KAAK,sCAAsC;AACnD,mBAAa,WAAW,aAAa,cAAc;AAAA,IACrD;AAAA,EACF,GAAG,CAAC,aAAa,CAAC;AAGlB,YAAU,MAAM;AACd,QAAI,CAAC,eAAgB;AAErB,UAAM,kBAAkB,YAAY;AAClC,UAAI;AACF,cAAM,EAAE,MAAM,EAAE,MAAM,YAAY,GAAG,MAAM,IAAI,MAAM,eAAe,KAAK,QAAQ;AACjF,YAAI,OAAO;AACT,kBAAQ,KAAK,+BAA+B,KAAK;AACjD,yBAAe,KAAK;AACpB;AAAA,QACF;AAEA,YAAI,aAAa;AACf,kBAAQ,WAAW;AAAA,QACrB;AACA,uBAAe,KAAK;AAAA,MACtB,SAAS,OAAO;AAChB,gBAAQ,KAAK,sCAAsC;AACnD,qBAAa,WAAW,aAAa,cAAc;AACjD,gBAAQ,MAAM,+BAA+B,KAAK;AAClD,uBAAe,KAAK;AAAA,MACtB;AAAA,IACF;AAIA,UAAM,YAAY,WAAW,MAAM;AACjC,UAAI,eAAe,CAAC,QAAQ,CAAC,SAAS;AACpC,wBAAgB;AAAA,MAClB;AAAA,IACF,GAAG,GAAG;AAEN,WAAO,MAAM,aAAa,SAAS;AAAA,EACrC,GAAG,CAAC,gBAAgB,aAAa,MAAM,OAAO,CAAC;AAG/C,YAAU,MAAM;AACd,QAAI,CAAC,gBAAgB;AACnB,qBAAe,KAAK;AACpB;AAAA,IACF;AAEA,UAAM,YAAY,WAAW,MAAM;AACjC,UAAI,aAAa;AACf,gBAAQ,KAAK,mDAAmD;AAChE,uBAAe,KAAK;AAAA,MACtB;AAAA,IACF,GAAG,GAAI;AAEP,QAAI;AACF,cAAQ,IAAI,gEAAgE;AAC5E,YAAM,kBAAkB,eAAe,KAAK;AAAA,QAC1C,CAAC,OAAOA,aAAY;AAClB,kBAAQ,IAAI,6CAA6C,OAAOA,UAAS,MAAM,KAAK;AACpF,qBAAWA,QAAO;AAClB,kBAAQA,UAAS,QAAQ,IAAI;AAC7B,yBAAe,KAAK;AACpB,uBAAa,IAAI;AAAA,QACnB;AAAA,MACF;AAEA,YAAM,eAAe,iBAAiB,MAAM,gBAAgB;AAE5D,aAAO,MAAM;AACX,qBAAa,SAAS;AACtB,YAAI,gBAAgB,OAAO,aAAa,gBAAgB,YAAY;AAClE,kBAAQ,IAAI,uDAAuD;AACnE,uBAAa,YAAY;AAAA,QAC3B;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,KAAK,sCAAsC;AACnD,mBAAa,WAAW,aAAa,cAAc;AACnD,cAAQ,MAAM,qEAAqE,KAAK;AAExF,UAAI,iBAAiB,SAAS,CAAC,MAAM,QAAQ,SAAS,kBAAkB,GAAG;AACzE,qBAAa,KAAkB;AAAA,MACjC;AACA,qBAAe,KAAK;AACpB,mBAAa,SAAS;AACtB,aAAO,MAAM;AAAA,MAAC;AAAA,IAChB;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAGnB,YAAU,MAAM;AACd,QAAI,CAAC,cAAe;AAEpB,QAAI;AACF,UAAI,iBAAiB;AACnB,qBAAa;AAAA,UACX,aAAa;AAAA,UACb,KAAK,UAAU,eAAe;AAAA,QAChC;AAAA,MACF,OAAO;AACL,qBAAa,WAAW,aAAa,cAAc;AAAA,MACrD;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,KAAK,sCAAsC;AACnD,mBAAa,WAAW,aAAa,cAAc;AACnD,cAAQ,KAAK,iCAAiC,KAAK;AAAA,IACrD;AAAA,EACF,GAAG,CAAC,iBAAiB,aAAa,CAAC;AAGnC,QAAM,qBAAqB,YAAY,OAAO,YAAqB;AACjE,QAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,WAAW;AAC1C,qBAAe,CAAC,CAAC;AACjB,eAAS,CAAC,CAAC;AACX,0CAAiC;AACjC;AAAA,IACF;AAGA,UAAM,eAAe,MAAM,eAAe,eAAe;AACzD,QAAI,cAAc;AAChB,qBAAe;AAAA,QACb,gBAAgB;AAAA,QAChB,cAAc;AAAA,QACd,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,cAAc;AAAA,QACd,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,iBAAiB;AAAA,QACjB,eAAe;AAAA,QACf,iBAAiB;AAAA,QACjB,iBAAiB;AAAA,MACnB,CAAC;AACD,eAAS,CAAC,aAAa,CAAC;AACxB,wCAAgC;AAChC;AAAA,IACF;AAGA,UAAM,8BAA8B,CAAC,WAAW,CAAC,UAAU;AAC3D,UAAM,6BAA6B;AACnC,UAAM,yBAAyB,CAAC,WAAW,UAAU;AAGrD,QAAI,wBAAwB;AAC1B,qBAAe,CAAC,CAAC;AACjB,eAAS,CAAC,CAAC;AACX,0CAAiC;AACjC;AAAA,IACF;AAGA,QAAI,CAAC,+BAA+B,CAAC,4BAA4B;AAC/D;AAAA,IACF;AAEA,mBAAe,IAAI;AACnB,iBAAa,IAAI;AAEjB,QAAI;AACF,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,eAAe,IAAI,wBAAwB;AAAA,QACvE,WAAW,KAAK;AAAA,QAChB,YAAY;AAAA,QACZ,YAAY,WAAW;AAAA,QACvB,mBAAmB,0BAA0B;AAAA,MAC/C,CAAC;AAED,UAAI,OAAO;AACT,cAAM;AAAA,MACR;AAEA,YAAM,EAAE,aAAAC,cAAa,OAAAC,QAAO,aAAa,IAAI,yBAAyB,MAAM,OAAO;AAEnF,qBAAeD,YAAW;AAC1B,eAASC,MAAK;AACd,qBAAe,YAAY;AAAA,IAC7B,SAAS,KAAU;AACjB,mBAAa,GAAG;AAAA,IAClB,UAAE;AACA,qBAAe,KAAK;AAAA,IACtB;AAAA,EACF,GAAG,CAAC,gBAAgB,MAAM,SAAS,WAAW,sBAAsB,CAAC;AAGrE,QAAM,sBAAsB,YAAY,YAAY;AAClD,QAAI,CAAC,kBAAkB,CAAC,MAAM;AAC5B,yBAAmB,CAAC,CAAC;AACrB;AAAA,IACF;AAEA,0BAAsB,IAAI;AAC1B,QAAI;AACF,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,eAC3B,KAAK,sBAAsB,EAC3B,OAAO;AAAA;AAAA;AAAA;AAAA,SAIP,EACA,GAAG,WAAW,KAAK,EAAE,EACrB,GAAG,YAAY,OAAO;AAEzB,UAAI,OAAO;AACT,gBAAQ,MAAM,qCAAqC,KAAK;AACxD,2BAAmB,CAAC,CAAC;AACrB;AAAA,MACF;AAEA,YAAM,cAAc,MAAM,IAAI,WAAS;AAAA,QACrC,UAAU,KAAK;AAAA,QACf,YAAY;AAAA;AAAA,QACZ,mBAAmB;AAAA;AAAA,QACnB,YAAY;AAAA;AAAA,QACZ,UAAU;AAAA;AAAA,QACV,cAAc;AAAA;AAAA,QACd,UAAU;AAAA,QACV,cAAc,KAAK;AAAA;AAAA,QACnB,YAAY,KAAK;AAAA,QACjB,iBAAiB;AAAA;AAAA,MACnB,EAAE,KAAK,CAAC;AAER,yBAAmB,WAAW;AAAA,IAChC,SAAS,OAAO;AACd,cAAQ,KAAK,sCAAsC;AACnD,mBAAa,WAAW,aAAa,cAAc;AACnD,cAAQ,MAAM,oCAAoC,KAAK;AACvD,yBAAmB,CAAC,CAAC;AAAA,IACvB,UAAE;AACA,4BAAsB,KAAK;AAAA,IAC7B;AAAA,EACF,GAAG,CAAC,gBAAgB,MAAM,OAAO,CAAC;AAGlC,QAAM,qBAAqB,YAAY,CAAC,YAAoB;AAC1D,WAAO,gBAAgB,KAAK,YAAU,OAAO,aAAa,OAAO;AAAA,EACnE,GAAG,CAAC,eAAe,CAAC;AAGpB,YAAU,MAAM;AACd,QAAI,CAAC,QAAQ,CAAC,UAAW;AAGzB,UAAM,eAAe,MAAM,eAAe,eAAe;AACzD,QAAI,cAAc;AAChB,qBAAe;AAAA,QACb,gBAAgB;AAAA,QAChB,cAAc;AAAA,QACd,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,cAAc;AAAA,QACd,gBAAgB;AAAA,QAChB,gBAAgB;AAAA,QAChB,iBAAiB;AAAA,QACjB,eAAe;AAAA,QACf,iBAAiB;AAAA,QACjB,iBAAiB;AAAA,MACnB,CAAC;AACD,eAAS,CAAC,aAAa,CAAC;AACxB,wCAAgC;AAChC;AAAA,IACF;AAEA,QAAI,iBAAiB;AAEnB,yBAAmB,eAAe;AAAA,IACpC,WAAW,CAAC,UAAU,gBAAgB;AAEpC,yBAAmB;AAAA,IACrB,OAAO;AAEL,qBAAe,CAAC,CAAC;AACjB,eAAS,CAAC,CAAC;AACX,0CAAiC;AAAA,IACnC;AAAA,EACF,GAAG,CAAC,iBAAiB,MAAM,WAAW,kBAAkB,CAAC;AAGzD,YAAU,MAAM;AACd,QAAI,MAAM;AACR,0BAAoB;AAAA,IACtB,OAAO;AACL,yBAAmB,CAAC,CAAC;AAAA,IACvB;AAAA,EACF,GAAG,CAAC,MAAM,mBAAmB,CAAC;AAG9B,QAAM,SAAS,YAAY,OAAO,OAAe,aAAsB;AACrE,QAAI,CAAC,gBAAgB;AACnB,YAAM,QAAQ,IAAI,MAAM,6BAA6B;AACrD,mBAAa,KAAK;AAClB,aAAO,EAAE,MAAM;AAAA,IACjB;AAEA,mBAAe,IAAI;AACnB,iBAAa,IAAI;AAEjB,QAAI;AACF,YAAM,EAAE,MAAM,IAAI,MAAM,eAAe,KAAK,mBAAmB,EAAE,OAAO,UAAU,YAAY,GAAG,CAAC;AAClG,UAAI,OAAO;AACT,qBAAa,KAAK;AAAA,MACpB;AACA,aAAO,EAAE,MAAM;AAAA,IACjB,SAAS,KAAU;AACjB,YAAMC,aAAY;AAClB,mBAAaA,UAAS;AACtB,aAAO,EAAE,OAAOA,WAAU;AAAA,IAC5B,UAAE;AACA,qBAAe,KAAK;AAAA,IACtB;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAEnB,QAAM,SAAS,YAAY,OAAO,OAAe,aAAqB;AACpE,QAAI,CAAC,gBAAgB;AACnB,YAAM,QAAQ,IAAI,MAAM,6BAA6B;AACrD,mBAAa,KAAK;AAClB,aAAO,EAAE,MAAM;AAAA,IACjB;AAEA,iBAAa,IAAI;AACjB,QAAI;AACF,YAAM,EAAE,MAAM,IAAI,MAAM,eAAe,KAAK,OAAO,EAAE,OAAO,SAAS,CAAC;AACtE,UAAI,OAAO;AACT,qBAAa,KAAK;AAAA,MACpB;AACA,aAAO,EAAE,MAAM;AAAA,IACjB,SAAS,KAAU;AACjB,YAAMA,aAAY;AAClB,mBAAaA,UAAS;AACtB,aAAO,EAAE,OAAOA,WAAU;AAAA,IAC5B;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAEnB,QAAM,UAAU,YAAY,YAAY;AACtC,QAAI,CAAC,gBAAgB;AACnB,cAAQ,IAAI;AACZ,iBAAW,IAAI;AACf,yBAAmB,CAAC,CAAC;AACrB,qBAAe,CAAC,CAAC;AACjB,eAAS,CAAC,CAAC;AACX,0CAAiC;AACjC,yBAAmB,IAAI;AACvB,aAAO,EAAE,OAAO,KAAK;AAAA,IACvB;AACA,UAAM,EAAE,MAAM,IAAI,MAAM,eAAe,KAAK,QAAQ;AACpD,QAAI,OAAO;AACT,mBAAa,KAAK;AAAA,IACpB,OAAO;AAEL,yBAAmB,CAAC,CAAC;AACrB,qBAAe,CAAC,CAAC;AACjB,eAAS,CAAC,CAAC;AACX,0CAAiC;AACjC,yBAAmB,IAAI;AAAA,IACzB;AACA,WAAO,EAAE,MAAM;AAAA,EACjB,GAAG,CAAC,cAAc,CAAC;AAEnB,QAAM,gBAAgB,YAAY,OAAO,UAAkB;AACzD,QAAI,CAAC,gBAAgB;AACnB,YAAM,QAAQ,IAAI,MAAM,6BAA6B;AACrD,mBAAa,KAAK;AAClB,aAAO,EAAE,MAAM;AAAA,IACjB;AAEA,iBAAa,IAAI;AACjB,QAAI;AACF,YAAM,EAAE,MAAM,IAAI,MAAM,eAAe,KAAK,sBAAsB,KAAK;AACvE,UAAI,OAAO;AACT,qBAAa,KAAK;AAAA,MACpB;AACA,aAAO,EAAE,MAAM;AAAA,IACjB,SAAS,KAAU;AACjB,YAAMA,aAAY;AAClB,mBAAaA,UAAS;AACtB,aAAO,EAAE,OAAOA,WAAU;AAAA,IAC5B;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAEnB,QAAM,iBAAiB,YAAY,OAAO,aAAqB;AAC7D,QAAI,CAAC,eAAgB,QAAO,EAAE,OAAO,IAAI,UAAU,kCAAkC,GAAG,EAAE;AAC1F,UAAM,EAAE,MAAM,IAAI,MAAM,eAAe,KAAK,WAAW,EAAE,SAAS,CAAC;AACnE,QAAI,OAAO;AACT,mBAAa,KAAK;AAAA,IACpB;AACA,WAAO,EAAE,MAAM;AAAA,EACjB,GAAG,CAAC,cAAc,CAAC;AAEnB,QAAM,iBAAiB,YAAY,YAAY;AAC7C,QAAI,CAAC,gBAAgB;AACnB,YAAM,QAAQ,IAAI,MAAM,6BAA6B;AACrD,mBAAa,KAAK;AAClB,aAAO,EAAE,MAAM;AAAA,IACjB;AAEA,iBAAa,IAAI;AACjB,QAAI;AACF,YAAM,EAAE,MAAM,IAAI,MAAM,eAAe,KAAK,eAAe;AAC3D,UAAI,OAAO;AACT,qBAAa,KAAK;AAAA,MACpB;AACA,aAAO,EAAE,MAAM;AAAA,IACjB,SAAS,KAAU;AACjB,YAAMA,aAAY;AAClB,mBAAaA,UAAS;AACtB,aAAO,EAAE,OAAOA,WAAU;AAAA,IAC5B;AAAA,EACF,GAAG,CAAC,cAAc,CAAC;AAGnB,QAAM,kBAAkB,QAAQ,MAAM,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC;AACpD,QAAM,YAAY,eAAe;AACjC,QAAM,YAAY,CAAC,CAAC,aAAa,CAAC,CAAC;AAGnC,QAAM,gBAAgB,YAAY,CAAC,eAAuB;AACxD,UAAM,UAAU,CAAC,CAAC,YAAY,UAAU;AACxC,WAAO;AAAA,EACT,GAAG,CAAC,WAAW,CAAC;AAChB,QAAM,mBAAmB,YAAY,CAAC,UAAoB,MAAM,KAAK,OAAK,CAAC,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC;AAC1G,QAAM,oBAAoB,YAAY,CAAC,UAAoB,MAAM,MAAM,OAAK,CAAC,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC;AAC5G,QAAM,UAAU,YAAY,CAAC,SAAiB;AAC5C,UAAM,eAAe,MAAM,eAAe,eAAe;AACzD,QAAI,KAAK,YAAY,MAAM,eAAe;AACxC,aAAO;AAAA,IACT;AACA,WAAO,MAAM,SAAS,IAAI;AAAA,EAC5B,GAAG,CAAC,OAAO,IAAI,CAAC;AAChB,QAAM,iBAAiB,YAAY,CAAC,UAAuB;AACzD,UAAM,SAAS,OAAO,OAAO,WAAW;AACxC,WAAO,OAAO,QAAQ,WAAW,KAAK,OAAO,QAAQ,KAAK;AAAA,EAC5D,GAAG,CAAC,WAAW,CAAC;AAChB,QAAM,YAAY,YAAY,CAAC,UAAkB,WAAmB;AAClE,UAAM,aAAa,GAAG,QAAQ,IAAI,MAAM;AACxC,UAAM,YAAY,cAAc,UAAU;AAC1C,WAAO;AAAA,EACT,GAAG,CAAC,aAAa,CAAC;AAClB,QAAM,qBAAqB,YAAY,OAAO,eAAuB,cAAc,UAAU,GAAG,CAAC,aAAa,CAAC;AAC/G,QAAM,iBAAiB,YAAY,OAAO,UAAkB,WAAmB;AAE7E,WAAO,QAAQ,QAAQ,UAAU,UAAU,MAAM,CAAC;AAAA,EACpD,GAAG,CAAC,SAAS,CAAC;AAGd,QAAM,eAAe,QAAgC,OAAO;AAAA,IAC1D;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,UAAU,kBAAkB;AAAA,IAC5B;AAAA,IAEA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IAEA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA;AAAA,IAGA;AAAA,IACA,4BAA4B,MAAM;AAChC,UAAI,CAAC,wBAAwB;AAC3B,cAAM,IAAI,MAAM,oDAAoD;AAAA,MACtE;AACA,aAAO;AAAA,IACT;AAAA,IAEA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA;AAAA,IAGA,aAAa;AAAA,IACb,aAAa;AAAA;AAAA,IAEb;AAAA,IACA;AAAA,IAEA;AAAA,IACA;AAAA,EACF,IAAI;AAAA,IACF;AAAA,IAAM;AAAA,IAAS;AAAA,IAAiB;AAAA,IAAa;AAAA,IAAW;AAAA,IAAgB;AAAA,IACxE;AAAA,IAAQ;AAAA,IAAQ;AAAA,IAAS;AAAA,IAAe;AAAA,IAAgB;AAAA,IACxD;AAAA,IAAa;AAAA,IAAO;AAAA,IAAa;AAAA,IAAa;AAAA,IAAW;AAAA,IAAiB;AAAA,IAC1E;AAAA,IAAiB;AAAA,IAAoB;AAAA,IACrC;AAAA,IAAe;AAAA,IAAkB;AAAA,IAAmB;AAAA,IAAS;AAAA,IAAgB;AAAA,IAC7E;AAAA,IAAoB;AAAA,IAAgB;AAAA,IAAoB;AAAA,IACxD;AAAA,IAAY;AAAA,IAAW;AAAA,IACvB;AAAA,IAAqB;AAAA,EACvB,CAAC;AAED,SACE,oBAAC,mBAAmB,UAAnB,EAA4B,OAAO,cACjC,UACH;AAEJ;;;AC/2BA,SAAgB,iBAAAC,gBAAe,cAAAC,aAAY,YAAAC,WAAU,aAAAC,YAAW,eAAAC,cAAa,WAAAC,gBAAe;AAoalF,SACE,OAAAC,MADF;AAvZV,IAAM,sBAAsBC,eAAmD,MAAS;AAGxF,IAAMC,gBAAe;AAAA,EACnB,uBAAuB;AAAA,EACvB,sBAAsB;AACxB;AAeO,SAAS,qBAAqB,EAAE,SAAS,GAA8B;AAC5E,QAAM,CAAC,sBAAsB,uBAAuB,IAAIC,UAA8B,IAAI;AAC1F,QAAM,CAAC,eAAe,gBAAgB,IAAIA,UAAyB,CAAC,CAAC;AACrE,QAAM,CAAC,iBAAiB,kBAAkB,IAAIA,UAAmC,CAAC,CAAC;AACnF,QAAM,CAAC,cAAc,eAAe,IAAIA,UAA8B,oBAAI,IAAI,CAAC;AAC/E,QAAM,CAAC,WAAW,YAAY,IAAIA,UAAS,IAAI;AAC/C,QAAM,CAAC,OAAO,QAAQ,IAAIA,UAAuB,IAAI;AACrD,QAAM,CAAC,gBAAgB,iBAAiB,IAAIA,UAAS,KAAK;AAE1D,QAAM,EAAE,MAAM,SAAS,IAAI,eAAe;AAG1C,QAAM,iCAAiCC,aAAY,OAAO,iBAA8C;AACtG,QAAI,CAAC,UAAU;AACb,cAAQ,KAAK,sFAAsF;AACnG,wBAAkB,KAAK;AACvB;AAAA,IACF;AAEA,QAAI;AACF,YAAM,uBAAuB,UAAU,aAAa,EAAE;AACtD,cAAQ,IAAI,gEAAgE,aAAa,YAAY;AACrG,wBAAkB,IAAI;AAAA,IACxB,SAASC,QAAO;AACd,cAAQ,MAAM,uEAAuEA,MAAK;AAC1F,wBAAkB,KAAK;AAAA,IAEzB;AAAA,EACF,GAAG,CAAC,QAAQ,CAAC;AAGb,EAAAC,WAAU,MAAM;AACd,QAAI,wBAAwB,UAAU;AAEpC,wBAAkB,KAAK;AAGvB,OAAC,YAAY;AACX,cAAM,+BAA+B,oBAAoB;AAAA,MAC3D,GAAG;AAAA,IACL,OAAO;AACL,wBAAkB,KAAK;AAAA,IACzB;AAAA,EACF,GAAG,CAAC,sBAAsB,gCAAgC,QAAQ,CAAC;AAGnE,EAAAA,WAAU,MAAM;AACd,QAAI,CAAC,QAAQ,CAAC,UAAU;AAEtB,8BAAwB,IAAI;AAC5B,uBAAiB,CAAC,CAAC;AACnB,yBAAmB,CAAC,CAAC;AACrB,mBAAa,KAAK;AAClB;AAAA,IACF;AAEA,UAAM,wBAAwB,YAAY;AACxC,mBAAa,IAAI;AACjB,eAAS,IAAI;AAEb,UAAI;AACF,gBAAQ,IAAI,0DAA0D,KAAK,EAAE;AAI7E,YAAI,aAAa;AACjB,YAAI;AACF,gBAAM,SAAS,MAAM,SAClB,KAAK,yBAAyB,EAC9B,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,aAaP,EACA,GAAG,WAAW,KAAK,EAAE,EACrB,GAAG,UAAU,QAAQ,EACrB,GAAG,cAAc,IAAI,EACrB,GAAG,QAAQ,CAAC,aAAa,UAAU,QAAQ,CAAC;AAE/C,wBAAc,OAAO;AACrB,4BAAkB,OAAO;AAAA,QAC3B,SAAS,YAAiB;AACxB,4BAAkB;AAAA,QACpB;AAEA,YAAI,iBAAiB;AACnB,kBAAQ,MAAM,qDAAqD,eAAe;AAClF,gBAAM;AAAA,QACR;AAEA,gBAAQ,IAAI,gDAAgD,WAAW;AAEvE,YAAI,CAAC,eAAe,YAAY,WAAW,GAAG;AAC5C,gBAAM,IAAI,MAAM,6CAA6C;AAAA,QAC/D;AAGA,cAAM,kBAAkB,YAAY,IAAI,CAAC,MAAW,EAAE,eAAe;AACrE,cAAM,EAAE,MAAMC,gBAAe,OAAO,SAAS,IAAI,MAAM,SACpD,KAAK,eAAe,EACpB,OAAO,mGAAmG,EAC1G,GAAG,MAAM,eAAe;AAE3B,YAAI,UAAU;AACZ,kBAAQ,MAAM,uDAAuD,QAAQ;AAC7E,gBAAM;AAAA,QACR;AAIA,cAAM,UAAU,oBAAI,IAAoB;AACxC,qBAAa,QAAQ,CAAC,eAAoB;AACxC,kBAAQ,IAAI,WAAW,iBAAiB,WAAW,IAAI;AAAA,QACzD,CAAC;AAGD,cAAM,OAAOA;AACb,cAAM,aAAa,KAAK,OAAO,SAAO,IAAI,SAAS;AAEnD,YAAI,WAAW,WAAW,GAAG;AAC3B,gBAAM,IAAI,MAAM,4CAA4C;AAAA,QAC9D;AAEA,gBAAQ,IAAI,gDAAgD,UAAU;AAEtE,yBAAiB,UAAU;AAC3B,2BAAmB,WAAuC;AAG1D,wBAAgB,OAAO;AAGvB,YAAI,aAAkC;AAGtC,YAAI;AACF,gBAAM,qBAAqB,aAAa,QAAQL,cAAa,qBAAqB;AAClF,cAAI,oBAAoB;AACtB,kBAAM,eAAe,KAAK,MAAM,kBAAkB;AAClD,kBAAM,oBAAoB,WAAW,KAAK,SAAO,IAAI,OAAO,aAAa,EAAE;AAC3E,gBAAI,mBAAmB;AACrB,2BAAa;AACb,sBAAQ,IAAI,2DAA2D,WAAW,YAAY;AAAA,YAChG;AAAA,UACF;AAAA,QACF,SAAS,cAAc;AACrB,kBAAQ,KAAK,oEAAoE,YAAY;AAAA,QAC/F;AAGA,YAAI,CAAC,YAAY;AACf,gBAAM,kBAAkB,YAAY,KAAK,CAAC,MAAW,EAAE,SAAS,WAAW;AAC3E,cAAI,iBAAiB;AACnB,kBAAM,WAAWK,eAAc,KAAK,CAAC,QAAa,IAAI,OAAO,gBAAgB,eAAe;AAC5F,gBAAI,UAAU;AACZ,2BAAa;AACb,sBAAQ,IAAI,2DAA2D,WAAW,YAAY;AAAA,YAChG;AAAA,UACF;AAAA,QACF;AAGA,YAAI,CAAC,YAAY;AACf,uBAAa,WAAW,CAAC;AACzB,kBAAQ,IAAI,uDAAuD,WAAW,YAAY;AAAA,QAC5F;AAEA,YAAI,CAAC,YAAY;AACf,gBAAM,IAAI,MAAM,sCAAsC;AAAA,QACxD;AAEA,gCAAwB,UAAU;AAGlC,qBAAa,QAAQL,cAAa,uBAAuB,KAAK,UAAU,UAAU,CAAC;AAEnF,gBAAQ,IAAI,4DAA4D;AAAA,UACtE,sBAAsB,WAAW;AAAA,UACjC,oBAAoB,WAAW;AAAA,UAC/B,UAAU,QAAQ,IAAI,WAAW,EAAE;AAAA,QACrC,CAAC;AAAA,MAEH,SAAS,KAAK;AACZ,gBAAQ,MAAM,wDAAwD,GAAG;AACzE,iBAAS,GAAY;AAErB,gCAAwB,IAAI;AAC5B,yBAAiB,CAAC,CAAC;AACnB,2BAAmB,CAAC,CAAC;AACrB,qBAAa,WAAWA,cAAa,qBAAqB;AAAA,MAC5D,UAAE;AACA,qBAAa,KAAK;AAAA,MACpB;AAAA,IACF;AAEA,0BAAsB;AAAA,EACxB,GAAG,CAAC,MAAM,QAAQ,CAAC;AAGnB,QAAM,4BAA4BE,aAAY,MAAoB;AAChE,QAAI,CAAC,sBAAsB;AACzB,YAAM,IAAI,MAAM,oDAAoD;AAAA,IACtE;AACA,WAAO;AAAA,EACT,GAAG,CAAC,oBAAoB,CAAC;AAGzB,QAAM,cAAcA,aAAY,CAAC,UAA2B;AAC1D,UAAM,cAAc,SAAS,sBAAsB;AACnD,QAAI,CAAC,YAAa,QAAO;AAGzB,WAAO,aAAa,IAAI,WAAW,KAAK;AAAA,EAC1C,GAAG,CAAC,cAAc,oBAAoB,CAAC;AAGvC,QAAM,6BAA6BA,aAAY,CAAC,UAA2B;AACzE,WAAO,gBAAgB;AAAA,MAAK,CAAC,MAC3B,EAAE,oBAAoB,SACtB,EAAE,WAAW,YACb,EAAE,eAAe;AAAA,IACnB;AAAA,EACF,GAAG,CAAC,eAAe,CAAC;AAGpB,QAAM,qBAAqBA,aAAY,OAAO,UAAiC;AAC7E,YAAQ,IAAI,qDAAqD,KAAK;AAGtE,QAAI,CAAC,2BAA2B,KAAK,GAAG;AACtC,YAAM,IAAI,MAAM,6CAA6C,KAAK,EAAE;AAAA,IACtE;AAEA,UAAM,YAAY,cAAc,KAAK,SAAO,IAAI,OAAO,KAAK;AAC5D,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,MAAM,gBAAgB,KAAK,oCAAoC;AAAA,IAC3E;AAEA,4BAAwB,SAAS;AAGjC,iBAAa,QAAQF,cAAa,uBAAuB,KAAK,UAAU,SAAS,CAAC;AAGlF,UAAM,+BAA+B,SAAS;AAE9C,YAAQ,IAAI,oDAAoD,UAAU,YAAY;AAAA,EACxF,GAAG,CAAC,eAAe,4BAA4B,8BAA8B,CAAC;AAG9E,QAAM,uBAAuBE,aAAY,YAA2B;AAClE,QAAI,CAAC,QAAQ,CAAC,SAAU;AAGxB,iBAAa,IAAI;AAAA,EAEnB,GAAG,CAAC,MAAM,QAAQ,CAAC;AAGnB,QAAM,yBAAyBA,aAAY,MAA2B;AAEpE,UAAM,eAAe,CAAC,aAAa,UAAU,QAAQ;AAErD,eAAW,QAAQ,cAAc;AAC/B,YAAM,aAAa,gBAAgB,KAAK,CAAC,MAAW,EAAE,SAAS,IAAI;AACnE,UAAI,YAAY;AACd,eAAO,cAAc,KAAK,CAAC,QAAa,IAAI,OAAO,WAAW,eAAe,KAAK;AAAA,MACpF;AAAA,IACF;AAEA,WAAO;AAAA,EACT,GAAG,CAAC,iBAAiB,aAAa,CAAC;AAGnC,QAAM,uBAAuBA,aAAY,MAAe;AACtD,WAAO,CAAC,EAAE,wBAAwB;AAAA,EACpC,GAAG,CAAC,sBAAsB,IAAI,CAAC;AAG/B,QAAM,6BAA6BA,aAAY,CAAC,SAAkD;AAChG,UAAM,SAAS,oBAAI,IAA0B;AAC7C,SAAK,QAAQ,SAAO,OAAO,IAAI,IAAI,IAAI,GAAG,CAAC;AAE3C,UAAM,QAAiC,CAAC;AAExC,SAAK,QAAQ,SAAO;AAClB,UAAI,CAAC,IAAI,WAAW;AAElB,cAAM,KAAK;AAAA,UACT,cAAc;AAAA,UACd,UAAU,CAAC;AAAA,UACX,OAAO;AAAA,QACT,CAAC;AAAA,MACH;AAAA,IACF,CAAC;AAGD,WAAO;AAAA,EACT,GAAG,CAAC,CAAC;AAGL,QAAM,8BAA8BI,SAAQ,MAAM;AAChD,WAAO,CAAC,EAAE,wBAAwB,CAAC,aAAa,CAAC,SAAS;AAAA,EAC5D,GAAG,CAAC,sBAAsB,WAAW,OAAO,cAAc,CAAC;AAG3D,QAAM,eAAeA,SAAiC,MAAM;AAE1D,QAAI,CAAC,sBAAsB;AAGzB,YAAM,iBAA+B;AAAA,QACnC,IAAI;AAAA,QACJ,MAAM;AAAA,QACN,cAAc;AAAA,QACd,mBAAmB;AAAA,QACnB,UAAU,CAAC;AAAA,QACX,WAAW;AAAA,QACX,YAAY;AAAA,QACZ,YAAY;AAAA,MACd;AAEA,aAAO;AAAA,QACL,sBAAsB;AAAA,QACtB,eAAe,CAAC;AAAA,QAChB,iBAAiB,CAAC;AAAA,QAClB;AAAA,QACA;AAAA,QACA,6BAA6B;AAAA,QAC7B,yBAAyB,MAAM;AAAA,QAAC;AAAA,QAChC,oBAAoB,YAAY;AAAA,QAAC;AAAA,QACjC,aAAa,MAAM;AAAA,QACnB,4BAA4B,MAAM;AAAA,QAClC,sBAAsB,YAAY;AAAA,QAAC;AAAA,QACnC,2BAA2B,MAAM;AAAE,gBAAM,IAAI,MAAM,yBAAyB;AAAA,QAAgC;AAAA,QAC5G,sBAAsB,MAAM;AAAA,QAC5B,wBAAwB,MAAM;AAAA,MAChC;AAAA,IACF;AAEA,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF,GAAG;AAAA,IACD;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AAGD,MAAI,aAAc,wBAAwB,CAAC,gBAAiB;AAC1D,WACE,gBAAAR,KAAC,SAAI,WAAU,wBAAuB,MAAK,UAAS,cAAW,gCAC7D,0BAAAA,KAAC,SAAI,WAAU,iDACb,+BAAC,SAAI,WAAU,eACb;AAAA,sBAAAA,KAAC,SAAI,WAAU,4EAA2E;AAAA,MAC1F,gBAAAA,KAAC,OAAE,WAAU,yBACV,sBAAY,oCAAoC,sCACnD;AAAA,OACF,GACF,GACF;AAAA,EAEJ;AAEA,MAAI,SAAU,QAAQ,CAAC,sBAAuB;AAC5C,WACE,gBAAAA,KAAC,SAAI,WAAU,sBAAqB,MAAK,SACvC,0BAAAA,KAAC,SAAI,WAAU,iDACb,+BAAC,SAAI,WAAU,oCACb;AAAA,sBAAAA,KAAC,SAAI,WAAU,yBACb,0BAAAA,KAAC,SAAI,WAAU,qBAAoB,MAAK,QAAO,SAAQ,aAAY,QAAO,gBACxE,0BAAAA,KAAC,UAAK,eAAc,SAAQ,gBAAe,SAAQ,aAAa,GAAG,GAAE,4IAA2I,GAClN,GACF;AAAA,MACA,gBAAAA,KAAC,QAAG,WAAU,8CAA6C,0CAE3D;AAAA,MACA,gBAAAA,KAAC,OAAE,WAAU,8BACV,iBAAO,WAAW,8GACrB;AAAA,MACA,gBAAAA;AAAA,QAAC;AAAA;AAAA,UACC,SAAS,MAAM,OAAO,SAAS,OAAO;AAAA,UACtC,WAAU;AAAA,UACX;AAAA;AAAA,MAED;AAAA,OACF,GACF,GACF;AAAA,EAEJ;AAEA,SACE,gBAAAA,KAAC,oBAAoB,UAApB,EAA6B,OAAO,cAClC,UACH;AAEJ;AAQO,IAAM,mBAAmB,MAA+B;AAC7D,QAAM,UAAUS,YAAW,mBAAmB;AAC9C,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,8DAA8D;AAAA,EAChF;AACA,SAAO;AACT;","names":["session","permissions","roles","authError","createContext","useContext","useState","useEffect","useCallback","useMemo","jsx","createContext","STORAGE_KEYS","useState","useCallback","error","useEffect","organisations","useMemo","useContext"]}