@jmruthers/pace-core 0.2.7 → 0.4.1

package/dist/{chunk-HNDFPXUU.js → chunk-IOX76PSM.js}

@@ -1,15 +1,9 @@
 import {
-  usePublicPageContext
-} from "./chunk-VYG4AXYW.js";
-import {
-  init_OrganisationProvider,
-  init_UnifiedAuthProvider,
   useOrganisations,
   useUnifiedAuth
-} from "./chunk-BEZRLNK3.js";
+} from "./chunk-ZJ3UKPIW.js";
 
 // src/hooks/useOrganisationPermissions.ts
-init_OrganisationProvider();
 import { useMemo } from "react";
 function useOrganisationPermissions(orgId) {
   const {
@@ -107,11 +101,9 @@ function useOrganisationPermissions(orgId) {
 }
 
 // src/hooks/useOrganisationSecurity.ts
-init_UnifiedAuthProvider();
-init_OrganisationProvider();
 import { useCallback, useMemo as useMemo2 } from "react";
 var useOrganisationSecurity = () => {
-  const { user, session, supabase } = useUnifiedAuth();
+  const { user, supabase } = useUnifiedAuth();
   const { selectedOrganisation, getUserRole, validateOrganisationAccess: validateAccess } = useOrganisations();
   const globalRole = useMemo2(() => {
     if (!user) return null;
@@ -126,7 +118,7 @@ var useOrganisationSecurity = () => {
     };
   }, [globalRole]);
   const validateOrganisationAccess = useCallback(async (orgId) => {
-    if (!user || !session || !supabase) return false;
+    if (!user || !supabase) return false;
     try {
       if (superAdminContext.isSuperAdmin) {
         return true;
@@ -141,7 +133,7 @@ var useOrganisationSecurity = () => {
       console.error("[useOrganisationSecurity] Exception validating organisation access:", error);
       return false;
     }
-  }, [user, session, supabase, superAdminContext.isSuperAdmin]);
+  }, [user, supabase, superAdminContext.isSuperAdmin]);
   const hasMinimumRole = useCallback((minRole, orgId) => {
     if (superAdminContext.isSuperAdmin) {
       return true;
@@ -170,7 +162,7 @@ var useOrganisationSecurity = () => {
     const targetOrgId = orgId || selectedOrganisation?.id;
     if (!targetOrgId || !user) return false;
     try {
-      const { isPermitted } = await import("./api-ETQ6YJ3C.js");
+      const { isPermitted } = await import("./api-AIJ3IJX3.js");
       const scope = {
         organisationId: targetOrgId,
         eventId: user.user_metadata?.eventId || user.app_metadata?.eventId,
@@ -193,7 +185,7 @@ var useOrganisationSecurity = () => {
     const targetOrgId = orgId || selectedOrganisation?.id;
     if (!targetOrgId || !user) return [];
     try {
-      const { getPermissionMap } = await import("./api-ETQ6YJ3C.js");
+      const { getPermissionMap } = await import("./api-AIJ3IJX3.js");
       const scope = {
         organisationId: targetOrgId,
         eventId: user.user_metadata?.eventId || user.app_metadata?.eventId,
@@ -213,21 +205,19 @@ var useOrganisationSecurity = () => {
   const logOrganisationAccess = useCallback(async (action, details) => {
     if (!user || !selectedOrganisation) return;
     try {
-      if (selectedOrganisation.id) {
-        const { emitAuditEvent } = await import("./audit-BUW3LMJB.js");
-        await emitAuditEvent({
-          type: "permission_check",
-          userId: user.id,
-          organisationId: selectedOrganisation.id,
-          permission: action,
-          decision: true,
-          // Assume access was granted if we're logging it
-          source: "api",
-          duration_ms: 0,
-          // No actual permission check performed here
-          metadata: details || {}
-        });
-      }
+      const { emitAuditEvent } = await import("./audit-PD5L5ZSC.js");
+      await emitAuditEvent({
+        type: "permission_check",
+        userId: user.id,
+        organisationId: selectedOrganisation.id,
+        permission: action,
+        decision: true,
+        // Assume access was granted if we're logging it
+        source: "api",
+        duration_ms: 0,
+        // No actual permission check performed here
+        metadata: details || {}
+      });
     } catch (error) {
       console.error("[useOrganisationSecurity] Error logging organisation access:", error);
     }
@@ -271,252 +261,20 @@ var useOrganisationSecurity = () => {
   };
 };
 
-// src/hooks/public/usePublicEvent.ts
-import { useState, useEffect, useCallback as useCallback2, useMemo as useMemo3 } from "react";
-import { createClient } from "@supabase/supabase-js";
-var publicDataCache = /* @__PURE__ */ new Map();
-function usePublicEvent(eventCode, options = {}) {
-  const {
-    cacheTtl = 5 * 60 * 1e3,
-    // 5 minutes
-    enableCache = true
-  } = options;
-  const [event, setEvent] = useState(null);
-  const [isLoading, setIsLoading] = useState(true);
-  const [error, setError] = useState(null);
-  let environment;
-  try {
-    environment = usePublicPageContext().environment;
-  } catch {
-    environment = {
-      supabaseUrl: import.meta.env?.VITE_SUPABASE_URL || process.env.VITE_SUPABASE_URL || process.env.NEXT_PUBLIC_SUPABASE_URL || null,
-      supabaseKey: import.meta.env?.VITE_SUPABASE_ANON_KEY || process.env.VITE_SUPABASE_ANON_KEY || process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY || null
-    };
-  }
-  const supabase = useMemo3(() => {
-    if (typeof window === "undefined") return null;
-    if (!environment.supabaseUrl || !environment.supabaseKey) {
-      console.warn("[usePublicEvent] Missing Supabase environment variables. Please ensure VITE_SUPABASE_URL and VITE_SUPABASE_ANON_KEY are set in your environment.");
-      return null;
-    }
-    return createClient(environment.supabaseUrl, environment.supabaseKey);
-  }, [environment.supabaseUrl, environment.supabaseKey]);
-  const fetchEvent = useCallback2(async () => {
-    if (!eventCode || !supabase) {
-      setError(new Error("Invalid event code or Supabase client not available"));
-      setIsLoading(false);
-      return;
-    }
-    const cacheKey = `public_event_${eventCode}`;
-    if (enableCache) {
-      const cached = publicDataCache.get(cacheKey);
-      if (cached && Date.now() - cached.timestamp < cached.ttl) {
-        setEvent(cached.data);
-        setIsLoading(false);
-        setError(null);
-        return;
-      }
-    }
-    try {
-      setIsLoading(true);
-      setError(null);
-      const { data, error: rpcError } = await supabase.rpc("get_public_event_by_code", {
-        event_code_param: eventCode
-      });
-      if (rpcError) {
-        throw new Error(rpcError.message || "Failed to fetch event");
-      }
-      if (!data || data.length === 0 || !data[0]) {
-        setEvent(null);
-        setError(new Error("Event not found"));
-        return;
-      }
-      const eventData = data[0];
-      const transformedEvent = {
-        id: eventData.event_id,
-        event_id: eventData.event_id,
-        event_name: eventData.event_name,
-        event_code: eventCode,
-        event_date: eventData.event_date,
-        event_venue: eventData.event_venue,
-        event_participants: eventData.event_participants,
-        event_logo: eventData.event_logo,
-        event_colours: eventData.event_colours,
-        organisation_id: eventData.organisation_id,
-        is_visible: true,
-        created_at: (/* @__PURE__ */ new Date()).toISOString(),
-        updated_at: (/* @__PURE__ */ new Date()).toISOString(),
-        // Legacy compatibility
-        name: eventData.event_name,
-        start_date: eventData.event_date
-      };
-      setEvent(transformedEvent);
-      if (enableCache) {
-        publicDataCache.set(cacheKey, {
-          data: transformedEvent,
-          timestamp: Date.now(),
-          ttl: cacheTtl
-        });
-      }
-    } catch (err) {
-      console.error("[usePublicEvent] Error fetching event:", err);
-      const error2 = err instanceof Error ? err : new Error("Unknown error occurred");
-      setError(error2);
-      setEvent(null);
-    } finally {
-      setIsLoading(false);
-    }
-  }, [eventCode, supabase, cacheTtl, enableCache]);
-  useEffect(() => {
-    fetchEvent();
-  }, [fetchEvent]);
-  const refetch = useCallback2(async () => {
-    if (enableCache) {
-      const cacheKey = `public_event_${eventCode}`;
-      publicDataCache.delete(cacheKey);
-    }
-    await fetchEvent();
-  }, [fetchEvent, eventCode, enableCache]);
-  return {
-    event,
-    isLoading,
-    error,
-    refetch
-  };
-}
-function clearPublicEventCache() {
-  for (const [key] of publicDataCache) {
-    if (key.startsWith("public_event_")) {
-      publicDataCache.delete(key);
-    }
-  }
-}
-function getPublicEventCacheStats() {
-  const keys = Array.from(publicDataCache.keys()).filter((key) => key.startsWith("public_event_"));
-  return {
-    size: keys.length,
-    keys
-  };
-}
-
-// src/hooks/public/usePublicRouteParams.ts
-import { useState as useState2, useEffect as useEffect2, useCallback as useCallback3, useMemo as useMemo4 } from "react";
-import { useParams, useLocation } from "react-router-dom";
-function validateEventCodeFormat(eventCode) {
-  if (!eventCode || typeof eventCode !== "string") return false;
-  const eventCodeRegex = /^[a-zA-Z0-9_-]{3,50}$/;
-  return eventCodeRegex.test(eventCode);
-}
-function usePublicRouteParams(options = {}) {
-  const {
-    fetchEventData = true,
-    eventCodeParam = "eventCode",
-    validateEventCode = true
-  } = options;
-  const params = useParams();
-  const location = useLocation();
-  const [error, setError] = useState2(null);
-  const eventCode = useMemo4(() => {
-    const code = params[eventCodeParam];
-    if (!code) {
-      return null;
-    }
-    if (validateEventCode && !validateEventCodeFormat(code)) {
-      setError(new Error(`Invalid event code format: ${code}`));
-      return null;
-    }
-    setError(null);
-    return code;
-  }, [params, eventCodeParam, validateEventCode]);
-  const {
-    event,
-    isLoading: eventLoading,
-    error: eventError,
-    refetch: refetchEvent
-  } = usePublicEvent(eventCode || "", {
-    enableCache: true,
-    cacheTtl: 5 * 60 * 1e3
-    // 5 minutes
-  });
-  const isLoading = useMemo4(() => {
-    if (!fetchEventData) return false;
-    return eventLoading;
-  }, [fetchEventData, eventLoading]);
-  const finalError = useMemo4(() => {
-    if (error) return error;
-    if (eventError) return eventError;
-    return null;
-  }, [error, eventError]);
-  const eventId = useMemo4(() => {
-    if (!event) return null;
-    return event.event_id || event.id;
-  }, [event]);
-  const refetch = useCallback3(async () => {
-    if (!fetchEventData) return;
-    await refetchEvent();
-  }, [fetchEventData, refetchEvent]);
-  useEffect2(() => {
-    if (eventCode && event) {
-      console.log("[usePublicRouteParams] Public route accessed:", {
-        eventCode,
-        eventId: event.event_id,
-        eventName: event.event_name,
-        path: location.pathname
-      });
-    }
-  }, [eventCode, event, location.pathname]);
-  return {
-    eventCode,
-    eventId,
-    event: fetchEventData ? event : null,
-    isLoading,
-    error: finalError,
-    refetch
-  };
-}
-function usePublicEventCode(eventCodeParam = "eventCode") {
-  const params = useParams();
-  const eventCode = useMemo4(() => {
-    const code = params[eventCodeParam];
-    if (!code) {
-      return null;
-    }
-    if (!validateEventCodeFormat(code)) {
-      return null;
-    }
-    return code;
-  }, [params, eventCodeParam]);
-  const error = useMemo4(() => {
-    if (!eventCode) {
-      return new Error(`Event code parameter '${eventCodeParam}' not found or invalid`);
-    }
-    return null;
-  }, [eventCode, eventCodeParam]);
+// src/hooks/useAppConfig.ts
+function useAppConfig() {
+  const { appConfig, appName } = useUnifiedAuth();
   return {
-    eventCode,
-    error
+    supportsDirectAccess: !(appConfig?.requires_event ?? true),
+    requiresEvent: appConfig?.requires_event ?? true,
+    isLoading: appConfig === null,
+    appName
   };
 }
-function generatePublicRoutePath(eventCode, pageName = "index") {
-  if (!eventCode || !validateEventCodeFormat(eventCode)) {
-    throw new Error("Invalid event code for route generation");
-  }
-  return `/public/event/${eventCode}/${pageName}`;
-}
-function extractEventCodeFromPath(path) {
-  const match = path.match(/^\/public\/event\/([a-zA-Z0-9_-]{3,50})(?:\/.*)?$/);
-  return match ? match[1] : null;
-}
 
 export {
   useOrganisationPermissions,
   useOrganisationSecurity,
-  usePublicEvent,
-  clearPublicEventCache,
-  getPublicEventCacheStats,
-  usePublicRouteParams,
-  usePublicEventCode,
-  generatePublicRoutePath,
-  extractEventCodeFromPath
+  useAppConfig
 };
-//# sourceMappingURL=chunk-HNDFPXUU.js.map
+//# sourceMappingURL=chunk-IOX76PSM.js.map

package/dist/chunk-IOX76PSM.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/hooks/useOrganisationPermissions.ts","../src/hooks/useOrganisationSecurity.ts","../src/hooks/useAppConfig.ts"],"sourcesContent":["/**\n * @file useOrganisationPermissions Hook\n * @package @jmruthers/pace-core\n * @module Hooks/useOrganisationPermissions\n * @since 0.4.0\n *\n * Hook for managing organisation-specific permissions and role validation.\n * Provides secure access to user's role and permissions within organisations.\n *\n * @example\n * ```tsx\n * function OrganisationComponent() {\n *   const { \n *     isOrgAdmin, \n *     canManageMembers,\n *     userRole,\n *     hasOrganisationAccess\n *   } = useOrganisationPermissions();\n *   \n *   return (\n *     <div>\n *       {isOrgAdmin && <AdminPanel />}\n *       {canManageMembers && <MemberManagement />}\n *       <p>Your role: {userRole}</p>\n *     </div>\n *   );\n * }\n * \n * // For specific organisation\n * function MultiOrgComponent() {\n *   const permissions = useOrganisationPermissions('org-123');\n *   \n *   if (!permissions.hasOrganisationAccess) {\n *     return <div>No access to this organisation</div>;\n *   }\n *   \n *   return <div>Role in org-123: {permissions.userRole}</div>;\n * }\n * ```\n *\n * @security\n * - Validates user membership in organisation\n * - Provides role-based permission checks\n * - Ensures secure access to organisation data\n * - Real-time permission validation\n */\n\nimport { useMemo } from 'react';\nimport { useOrganisations } from '../providers/OrganisationProvider';\nimport type { OrganisationRole, OrganisationPermission } from '../types/organisation';\n\nexport interface UseOrganisationPermissionsReturn {\n  /** User's role in the organisation */\n  userRole: OrganisationRole | 'no_access';\n  \n  /** Whether user has organisation admin role */\n  isOrgAdmin: boolean;\n  \n  /** Whether user is a super admin */\n  isSuperAdmin: boolean;\n  \n  /** Whether user can moderate content */\n  canModerate: boolean;\n  \n  /** Whether user can manage members */\n  canManageMembers: boolean;\n  \n  /** Whether user can manage organisation settings */\n  canManageSettings: boolean;\n  \n  /** Whether user can manage events */\n  canManageEvents: boolean;\n  \n  /** Whether user has any admin privileges */\n  hasAdminPrivileges: boolean;\n  \n  /** Whether user has access to the organisation */\n  hasOrganisationAccess: boolean;\n  \n  /** Check if user has specific permission */\n  hasPermission: (permission: OrganisationPermission) => boolean;\n  \n  /** Get all permissions for the user */\n  getAllPermissions: () => OrganisationPermission[];\n  \n  /** Organisation ID being checked */\n  organisationId: string;\n}\n\n/**\n * Hook to access organisation-specific permissions and roles\n * \n * @param orgId - Optional organisation ID. Defaults to currently selected organisation\n * @returns Organisation permissions and role information\n */\nexport function useOrganisationPermissions(orgId?: string): UseOrganisationPermissionsReturn {\n  const { \n    selectedOrganisation, \n    getUserRole, \n    validateOrganisationAccess,\n    ensureOrganisationContext\n  } = useOrganisations();\n\n  const organisationId = useMemo(() => {\n    if (orgId) {\n      return orgId;\n    }\n    try {\n      const currentOrg = ensureOrganisationContext();\n      return currentOrg.id;\n    } catch {\n      return '';\n    }\n  }, [orgId, ensureOrganisationContext]);\n\n  const userRole = useMemo(() => {\n    if (!organisationId) return 'no_access';\n    return getUserRole(organisationId) as OrganisationRole | 'no_access';\n  }, [organisationId, getUserRole]);\n\n  const hasOrganisationAccess = useMemo(() => {\n    if (!organisationId) return false;\n    return validateOrganisationAccess(organisationId);\n  }, [organisationId, validateOrganisationAccess]);\n\n  const permissions = useMemo(() => {\n    if (!hasOrganisationAccess || userRole === 'no_access') {\n      return {\n        isOrgAdmin: false,\n        isSuperAdmin: false,\n        canModerate: false,\n        canManageMembers: false,\n        canManageSettings: false,\n        canManageEvents: false,\n        hasAdminPrivileges: false\n      };\n    }\n\n    const isOrgAdmin = userRole === 'org_admin';\n    const isLeader = userRole === 'leader';\n    const isMember = userRole === 'member';\n    const isSupporter = userRole === 'supporter';\n\n    // Super admin is handled separately via user profile context\n    // For now, we'll treat org_admin as having super admin privileges within the org\n    const isSuperAdmin = isOrgAdmin; // This should be enhanced with actual super admin check\n\n    return {\n      isOrgAdmin,\n      isSuperAdmin,\n      canModerate: isSuperAdmin || isOrgAdmin || isLeader,\n      canManageMembers: isSuperAdmin || isOrgAdmin,\n      canManageSettings: isSuperAdmin || isOrgAdmin,\n      canManageEvents: isSuperAdmin || isOrgAdmin || isLeader,\n      hasAdminPrivileges: isSuperAdmin || isOrgAdmin\n    };\n  }, [hasOrganisationAccess, userRole]);\n\n  const hasPermission = useMemo(() => {\n    return (permission: OrganisationPermission): boolean => {\n      if (!hasOrganisationAccess || userRole === 'no_access') {\n        return false;\n      }\n\n      // Super admin has all permissions (org_admin acts as super admin within org)\n      if (userRole === 'org_admin' || permission === '*') {\n        return true;\n      }\n\n      // Map permissions to roles using the defined permissions from organisation types\n      const rolePermissions: Record<OrganisationRole, OrganisationPermission[]> = {\n        supporter: ['view_basic'],\n        member: ['view_basic', 'view_details'],\n        leader: ['view_basic', 'view_details', 'moderate_content', 'manage_events'],\n        org_admin: ['view_basic', 'view_details', 'moderate_content', 'manage_events', 'manage_members', 'manage_settings']\n      };\n\n      const userPermissions = rolePermissions[userRole as OrganisationRole] || [];\n      return userPermissions.includes(permission) || userPermissions.includes('*');\n    };\n  }, [hasOrganisationAccess, userRole]);\n\n  const getAllPermissions = useMemo(() => {\n    return (): OrganisationPermission[] => {\n      if (!hasOrganisationAccess || userRole === 'no_access') {\n        return [];\n      }\n\n      const rolePermissions: Record<OrganisationRole, OrganisationPermission[]> = {\n        supporter: ['view_basic'],\n        member: ['view_basic', 'view_details'],\n        leader: ['view_basic', 'view_details', 'moderate_content', 'manage_events'],\n        org_admin: ['view_basic', 'view_details', 'moderate_content', 'manage_events', 'manage_members', 'manage_settings']\n      };\n\n      return rolePermissions[userRole as OrganisationRole] || [];\n    };\n  }, [hasOrganisationAccess, userRole]);\n\n  return {\n    userRole,\n    organisationId,\n    hasOrganisationAccess,\n    hasPermission,\n    getAllPermissions,\n    ...permissions\n  };\n} ","/**\n * @file Organisation Security Hook\n * @package @jmruthers/pace-core\n * @module Hooks/OrganisationSecurity\n * @since 0.4.0\n *\n * Security-focused hook for organisation access validation and super admin functionality.\n * Provides utilities for validating user access to organisations and checking permissions.\n */\n\nimport { useCallback, useMemo } from 'react';\nimport { useUnifiedAuth } from '../providers/UnifiedAuthProvider';\nimport { useOrganisations } from '../providers/OrganisationProvider';\n// Legacy useRBAC hook removed - use new RBAC system instead\nimport type { OrganisationSecurityError, SuperAdminContext } from '../types/organisation';\nimport type { Permission } from '../rbac/types';\n\nexport interface OrganisationSecurityHook {\n  // Super admin context\n  superAdminContext: SuperAdminContext;\n  \n  // Access validation\n  validateOrganisationAccess: (orgId: string) => Promise<boolean>;\n  hasMinimumRole: (minRole: string, orgId?: string) => boolean;\n  canAccessChildOrganisations: (orgId?: string) => boolean;\n  \n  // Permission checks\n  hasPermission: (permission: string, orgId?: string) => Promise<boolean>;\n  getUserPermissions: (orgId?: string) => Promise<string[]>;\n  \n  // Audit logging\n  logOrganisationAccess: (action: string, details?: any) => Promise<void>;\n  \n  // Security utilities\n  ensureOrganisationAccess: (orgId: string) => Promise<void>;\n  validateUserAccess: (userId: string, orgId: string) => Promise<boolean>;\n}\n\nexport const useOrganisationSecurity = (): OrganisationSecurityHook => {\n  const { user, supabase } = useUnifiedAuth();\n  const { selectedOrganisation, getUserRole, validateOrganisationAccess: validateAccess } = useOrganisations();\n  // Get global role directly from user metadata\n  const globalRole = useMemo(() => {\n    if (!user) return null;\n    return user.app_metadata?.globalRole === 'super_admin' || \n           user.user_metadata?.globalRole === 'super_admin' ? 'super_admin' : null;\n  }, [user]);\n\n  // Super admin context\n  const superAdminContext = useMemo((): SuperAdminContext => {\n    const isSuperAdmin = globalRole === 'super_admin';\n    return {\n      isSuperAdmin,\n      hasGlobalAccess: isSuperAdmin,\n      canManageAllOrganisations: isSuperAdmin\n    };\n  }, [globalRole]);\n\n  // Validate organisation access with database check\n  const validateOrganisationAccess = useCallback(async (orgId: string): Promise<boolean> => {\n    if (!user || !supabase) return false;\n    \n    try {\n      // Super admin has access to all organisations\n      if (superAdminContext.isSuperAdmin) {\n        return true;\n      }\n\n      // Check organisation membership using consolidated rbac_organisation_roles table\n      const { data, error } = await supabase\n        .from('rbac_organisation_roles')\n        .select('id')\n        .eq('user_id', user.id)\n        .eq('organisation_id', orgId)\n        .eq('status', 'active')\n        .is('revoked_at', null)\n        .in('role', ['org_admin', 'leader', 'member']) // Only actual members, not supporters\n        .single();\n\n      if (error) {\n        console.error('[useOrganisationSecurity] Error validating organisation access:', error);\n        return false;\n      }\n\n      return !!data;\n    } catch (error) {\n      console.error('[useOrganisationSecurity] Exception validating organisation access:', error);\n      return false;\n    }\n  }, [user, supabase, superAdminContext.isSuperAdmin]);\n\n  // Check if user has minimum role\n  const hasMinimumRole = useCallback((minRole: string, orgId?: string): boolean => {\n    // Super admin has all roles\n    if (superAdminContext.isSuperAdmin) {\n      return true;\n    }\n\n    const targetOrgId = orgId || selectedOrganisation?.id;\n    if (!targetOrgId) return false;\n\n    const userRole = getUserRole(targetOrgId);\n    const roleHierarchy = ['supporter', 'member', 'leader', 'org_admin'];\n    \n    const userRoleIndex = roleHierarchy.indexOf(userRole);\n    const minRoleIndex = roleHierarchy.indexOf(minRole);\n    \n    return userRoleIndex >= minRoleIndex;\n  }, [selectedOrganisation, getUserRole, superAdminContext.isSuperAdmin]);\n\n  // Check if user can access child organisations\n  const canAccessChildOrganisations = useCallback((orgId?: string): boolean => {\n    // Super admin can access all organisations\n    if (superAdminContext.isSuperAdmin) {\n      return true;\n    }\n\n    const targetOrgId = orgId || selectedOrganisation?.id;\n    if (!targetOrgId) return false;\n\n    const userRole = getUserRole(targetOrgId);\n    return userRole === 'org_admin';\n  }, [selectedOrganisation, getUserRole, superAdminContext.isSuperAdmin]);\n\n  // Check specific permission using the new RBAC system\n  const hasPermission = useCallback(async (permission: string, orgId?: string): Promise<boolean> => {\n    // Super admin has all permissions\n    if (superAdminContext.isSuperAdmin) {\n      return true;\n    }\n\n    const targetOrgId = orgId || selectedOrganisation?.id;\n    if (!targetOrgId || !user) return false;\n\n    try {\n      // Use the new RBAC system\n      const { isPermitted } = await import('../rbac/api');\n      \n      const scope = {\n        organisationId: targetOrgId,\n        eventId: user.user_metadata?.eventId || user.app_metadata?.eventId,\n        appId: user.user_metadata?.appId || user.app_metadata?.appId,\n      };\n\n      return await isPermitted({\n        userId: user.id,\n        scope,\n        permission: permission as Permission\n      });\n    } catch (error) {\n      console.error('[useOrganisationSecurity] Exception checking permission:', error);\n      return false;\n    }\n  }, [selectedOrganisation, user, superAdminContext.isSuperAdmin]);\n\n  // Get user's permissions for organisation using the new RBAC system\n  const getUserPermissions = useCallback(async (orgId?: string): Promise<string[]> => {\n    // Super admin has all permissions\n    if (superAdminContext.isSuperAdmin) {\n      return ['*']; // All permissions\n    }\n\n    const targetOrgId = orgId || selectedOrganisation?.id;\n    if (!targetOrgId || !user) return [];\n\n    try {\n      // Use the new RBAC system\n      const { getPermissionMap } = await import('../rbac/api');\n      \n      const scope = {\n        organisationId: targetOrgId,\n        eventId: user.user_metadata?.eventId || user.app_metadata?.eventId,\n        appId: user.user_metadata?.appId || user.app_metadata?.appId,\n      };\n\n      const permissionMap = await getPermissionMap({\n        userId: user.id,\n        scope\n      });\n      \n      // Flatten all permissions from all pages\n      const allPermissions = Object.values(permissionMap).flat();\n      return [...new Set(allPermissions)]; // Remove duplicates\n    } catch (error) {\n      console.error('[useOrganisationSecurity] Exception getting user permissions:', error);\n      return [];\n    }\n  }, [selectedOrganisation, user, getUserRole, superAdminContext.isSuperAdmin]);\n\n  // Log organisation access for audit using the new RBAC audit system\n  const logOrganisationAccess = useCallback(async (action: string, details?: any): Promise<void> => {\n    if (!user || !selectedOrganisation) return;\n\n    try {\n      // Use the new RBAC audit system\n      const { emitAuditEvent } = await import('../rbac/audit');\n      \n      await emitAuditEvent({\n        type: 'permission_check',\n        userId: user.id,\n        organisationId: selectedOrganisation.id,\n        permission: action,\n        decision: true, // Assume access was granted if we're logging it\n        source: 'api',\n        duration_ms: 0, // No actual permission check performed here\n        metadata: details || {}\n      });\n    } catch (error) {\n      console.error('[useOrganisationSecurity] Error logging organisation access:', error);\n    }\n  }, [user, selectedOrganisation]);\n\n  // Ensure organisation access (throws if no access)\n  const ensureOrganisationAccess = useCallback(async (orgId: string): Promise<void> => {\n    const hasAccess = await validateOrganisationAccess(orgId);\n    \n    if (!hasAccess) {\n      const error = new Error(`User does not have access to organisation ${orgId}`) as OrganisationSecurityError;\n      error.name = 'OrganisationSecurityError';\n      error.code = 'ACCESS_DENIED';\n      error.organisationId = orgId;\n      error.userId = user?.id;\n      throw error;\n    }\n  }, [validateOrganisationAccess, user]);\n\n  // Validate user access (for admin functions)\n  const validateUserAccess = useCallback(async (userId: string, orgId: string): Promise<boolean> => {\n    if (!supabase) return false;\n\n    try {\n      // Super admin can validate any user\n      if (superAdminContext.isSuperAdmin) {\n        return true;\n      }\n\n      // Regular users can only validate their own access\n      if (userId !== user?.id) {\n        return false;\n      }\n\n      return await validateOrganisationAccess(orgId);\n    } catch (error) {\n      console.error('[useOrganisationSecurity] Exception validating user access:', error);\n      return false;\n    }\n  }, [supabase, superAdminContext.isSuperAdmin, user, validateOrganisationAccess]);\n\n  return {\n    superAdminContext,\n    validateOrganisationAccess,\n    hasMinimumRole,\n    canAccessChildOrganisations,\n    hasPermission,\n    getUserPermissions,\n    logOrganisationAccess,\n    ensureOrganisationAccess,\n    validateUserAccess\n  };\n}; ","/**\n * @file useAppConfig Hook\n * @package @jmruthers/pace-core\n * @module Hooks/useAppConfig\n * @since 0.4.0\n *\n * Hook for accessing app configuration like direct access support and event requirements.\n * This is a convenience hook that extracts app config from the UnifiedAuthProvider.\n *\n * @example\n * ```tsx\n * function MyComponent() {\n *   const { supportsDirectAccess, requiresEvent, isLoading } = useAppConfig();\n *   \n *   if (isLoading) return <div>Loading...</div>;\n *   \n *   return (\n *     <div>\n *       {supportsDirectAccess && (\n *         <div>This app supports direct access!</div>\n *       )}\n *       {requiresEvent && (\n *         <EventSelector />\n *       )}\n *     </div>\n *   );\n * }\n * ```\n */\n\nimport { useUnifiedAuth } from '../providers/UnifiedAuthProvider';\n\nexport interface UseAppConfigReturn {\n  supportsDirectAccess: boolean;\n  requiresEvent: boolean;\n  isLoading: boolean;\n  appName: string;\n}\n\n/**\n * Hook to access app configuration\n * @returns App configuration and loading state\n */\nexport function useAppConfig(): UseAppConfigReturn {\n  const { appConfig, appName } = useUnifiedAuth();\n\n  return {\n    supportsDirectAccess: !(appConfig?.requires_event ?? true),\n    requiresEvent: appConfig?.requires_event ?? true,\n    isLoading: appConfig === null,\n    appName\n  };\n} "],"mappings":";;;;;;AA+CA,SAAS,eAAe;AAgDjB,SAAS,2BAA2B,OAAkD;AAC3F,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,IAAI,iBAAiB;AAErB,QAAM,iBAAiB,QAAQ,MAAM;AACnC,QAAI,OAAO;AACT,aAAO;AAAA,IACT;AACA,QAAI;AACF,YAAM,aAAa,0BAA0B;AAC7C,aAAO,WAAW;AAAA,IACpB,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF,GAAG,CAAC,OAAO,yBAAyB,CAAC;AAErC,QAAM,WAAW,QAAQ,MAAM;AAC7B,QAAI,CAAC,eAAgB,QAAO;AAC5B,WAAO,YAAY,cAAc;AAAA,EACnC,GAAG,CAAC,gBAAgB,WAAW,CAAC;AAEhC,QAAM,wBAAwB,QAAQ,MAAM;AAC1C,QAAI,CAAC,eAAgB,QAAO;AAC5B,WAAO,2BAA2B,cAAc;AAAA,EAClD,GAAG,CAAC,gBAAgB,0BAA0B,CAAC;AAE/C,QAAM,cAAc,QAAQ,MAAM;AAChC,QAAI,CAAC,yBAAyB,aAAa,aAAa;AACtD,aAAO;AAAA,QACL,YAAY;AAAA,QACZ,cAAc;AAAA,QACd,aAAa;AAAA,QACb,kBAAkB;AAAA,QAClB,mBAAmB;AAAA,QACnB,iBAAiB;AAAA,QACjB,oBAAoB;AAAA,MACtB;AAAA,IACF;AAEA,UAAM,aAAa,aAAa;AAChC,UAAM,WAAW,aAAa;AAC9B,UAAM,WAAW,aAAa;AAC9B,UAAM,cAAc,aAAa;AAIjC,UAAM,eAAe;AAErB,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,aAAa,gBAAgB,cAAc;AAAA,MAC3C,kBAAkB,gBAAgB;AAAA,MAClC,mBAAmB,gBAAgB;AAAA,MACnC,iBAAiB,gBAAgB,cAAc;AAAA,MAC/C,oBAAoB,gBAAgB;AAAA,IACtC;AAAA,EACF,GAAG,CAAC,uBAAuB,QAAQ,CAAC;AAEpC,QAAM,gBAAgB,QAAQ,MAAM;AAClC,WAAO,CAAC,eAAgD;AACtD,UAAI,CAAC,yBAAyB,aAAa,aAAa;AACtD,eAAO;AAAA,MACT;AAGA,UAAI,aAAa,eAAe,eAAe,KAAK;AAClD,eAAO;AAAA,MACT;AAGA,YAAM,kBAAsE;AAAA,QAC1E,WAAW,CAAC,YAAY;AAAA,QACxB,QAAQ,CAAC,cAAc,cAAc;AAAA,QACrC,QAAQ,CAAC,cAAc,gBAAgB,oBAAoB,eAAe;AAAA,QAC1E,WAAW,CAAC,cAAc,gBAAgB,oBAAoB,iBAAiB,kBAAkB,iBAAiB;AAAA,MACpH;AAEA,YAAM,kBAAkB,gBAAgB,QAA4B,KAAK,CAAC;AAC1E,aAAO,gBAAgB,SAAS,UAAU,KAAK,gBAAgB,SAAS,GAAG;AAAA,IAC7E;AAAA,EACF,GAAG,CAAC,uBAAuB,QAAQ,CAAC;AAEpC,QAAM,oBAAoB,QAAQ,MAAM;AACtC,WAAO,MAAgC;AACrC,UAAI,CAAC,yBAAyB,aAAa,aAAa;AACtD,eAAO,CAAC;AAAA,MACV;AAEA,YAAM,kBAAsE;AAAA,QAC1E,WAAW,CAAC,YAAY;AAAA,QACxB,QAAQ,CAAC,cAAc,cAAc;AAAA,QACrC,QAAQ,CAAC,cAAc,gBAAgB,oBAAoB,eAAe;AAAA,QAC1E,WAAW,CAAC,cAAc,gBAAgB,oBAAoB,iBAAiB,kBAAkB,iBAAiB;AAAA,MACpH;AAEA,aAAO,gBAAgB,QAA4B,KAAK,CAAC;AAAA,IAC3D;AAAA,EACF,GAAG,CAAC,uBAAuB,QAAQ,CAAC;AAEpC,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,GAAG;AAAA,EACL;AACF;;;ACrMA,SAAS,aAAa,WAAAA,gBAAe;AA4B9B,IAAM,0BAA0B,MAAgC;AACrE,QAAM,EAAE,MAAM,SAAS,IAAI,eAAe;AAC1C,QAAM,EAAE,sBAAsB,aAAa,4BAA4B,eAAe,IAAI,iBAAiB;AAE3G,QAAM,aAAaC,SAAQ,MAAM;AAC/B,QAAI,CAAC,KAAM,QAAO;AAClB,WAAO,KAAK,cAAc,eAAe,iBAClC,KAAK,eAAe,eAAe,gBAAgB,gBAAgB;AAAA,EAC5E,GAAG,CAAC,IAAI,CAAC;AAGT,QAAM,oBAAoBA,SAAQ,MAAyB;AACzD,UAAM,eAAe,eAAe;AACpC,WAAO;AAAA,MACL;AAAA,MACA,iBAAiB;AAAA,MACjB,2BAA2B;AAAA,IAC7B;AAAA,EACF,GAAG,CAAC,UAAU,CAAC;AAGf,QAAM,6BAA6B,YAAY,OAAO,UAAoC;AACxF,QAAI,CAAC,QAAQ,CAAC,SAAU,QAAO;AAE/B,QAAI;AAEF,UAAI,kBAAkB,cAAc;AAClC,eAAO;AAAA,MACT;AAGA,YAAM,EAAE,MAAM,MAAM,IAAI,MAAM,SAC3B,KAAK,yBAAyB,EAC9B,OAAO,IAAI,EACX,GAAG,WAAW,KAAK,EAAE,EACrB,GAAG,mBAAmB,KAAK,EAC3B,GAAG,UAAU,QAAQ,EACrB,GAAG,cAAc,IAAI,EACrB,GAAG,QAAQ,CAAC,aAAa,UAAU,QAAQ,CAAC,EAC5C,OAAO;AAEV,UAAI,OAAO;AACT,gBAAQ,MAAM,mEAAmE,KAAK;AACtF,eAAO;AAAA,MACT;AAEA,aAAO,CAAC,CAAC;AAAA,IACX,SAAS,OAAO;AACd,cAAQ,MAAM,uEAAuE,KAAK;AAC1F,aAAO;AAAA,IACT;AAAA,EACF,GAAG,CAAC,MAAM,UAAU,kBAAkB,YAAY,CAAC;AAGnD,QAAM,iBAAiB,YAAY,CAAC,SAAiB,UAA4B;AAE/E,QAAI,kBAAkB,cAAc;AAClC,aAAO;AAAA,IACT;AAEA,UAAM,cAAc,SAAS,sBAAsB;AACnD,QAAI,CAAC,YAAa,QAAO;AAEzB,UAAM,WAAW,YAAY,WAAW;AACxC,UAAM,gBAAgB,CAAC,aAAa,UAAU,UAAU,WAAW;AAEnE,UAAM,gBAAgB,cAAc,QAAQ,QAAQ;AACpD,UAAM,eAAe,cAAc,QAAQ,OAAO;AAElD,WAAO,iBAAiB;AAAA,EAC1B,GAAG,CAAC,sBAAsB,aAAa,kBAAkB,YAAY,CAAC;AAGtE,QAAM,8BAA8B,YAAY,CAAC,UAA4B;AAE3E,QAAI,kBAAkB,cAAc;AAClC,aAAO;AAAA,IACT;AAEA,UAAM,cAAc,SAAS,sBAAsB;AACnD,QAAI,CAAC,YAAa,QAAO;AAEzB,UAAM,WAAW,YAAY,WAAW;AACxC,WAAO,aAAa;AAAA,EACtB,GAAG,CAAC,sBAAsB,aAAa,kBAAkB,YAAY,CAAC;AAGtE,QAAM,gBAAgB,YAAY,OAAO,YAAoB,UAAqC;AAEhG,QAAI,kBAAkB,cAAc;AAClC,aAAO;AAAA,IACT;AAEA,UAAM,cAAc,SAAS,sBAAsB;AACnD,QAAI,CAAC,eAAe,CAAC,KAAM,QAAO;AAElC,QAAI;AAEF,YAAM,EAAE,YAAY,IAAI,MAAM,OAAO,mBAAa;AAElD,YAAM,QAAQ;AAAA,QACZ,gBAAgB;AAAA,QAChB,SAAS,KAAK,eAAe,WAAW,KAAK,cAAc;AAAA,QAC3D,OAAO,KAAK,eAAe,SAAS,KAAK,cAAc;AAAA,MACzD;AAEA,aAAO,MAAM,YAAY;AAAA,QACvB,QAAQ,KAAK;AAAA,QACb;AAAA,QACA;AAAA,MACF,CAAC;AAAA,IACH,SAAS,OAAO;AACd,cAAQ,MAAM,4DAA4D,KAAK;AAC/E,aAAO;AAAA,IACT;AAAA,EACF,GAAG,CAAC,sBAAsB,MAAM,kBAAkB,YAAY,CAAC;AAG/D,QAAM,qBAAqB,YAAY,OAAO,UAAsC;AAElF,QAAI,kBAAkB,cAAc;AAClC,aAAO,CAAC,GAAG;AAAA,IACb;AAEA,UAAM,cAAc,SAAS,sBAAsB;AACnD,QAAI,CAAC,eAAe,CAAC,KAAM,QAAO,CAAC;AAEnC,QAAI;AAEF,YAAM,EAAE,iBAAiB,IAAI,MAAM,OAAO,mBAAa;AAEvD,YAAM,QAAQ;AAAA,QACZ,gBAAgB;AAAA,QAChB,SAAS,KAAK,eAAe,WAAW,KAAK,cAAc;AAAA,QAC3D,OAAO,KAAK,eAAe,SAAS,KAAK,cAAc;AAAA,MACzD;AAEA,YAAM,gBAAgB,MAAM,iBAAiB;AAAA,QAC3C,QAAQ,KAAK;AAAA,QACb;AAAA,MACF,CAAC;AAGD,YAAM,iBAAiB,OAAO,OAAO,aAAa,EAAE,KAAK;AACzD,aAAO,CAAC,GAAG,IAAI,IAAI,cAAc,CAAC;AAAA,IACpC,SAAS,OAAO;AACd,cAAQ,MAAM,iEAAiE,KAAK;AACpF,aAAO,CAAC;AAAA,IACV;AAAA,EACF,GAAG,CAAC,sBAAsB,MAAM,aAAa,kBAAkB,YAAY,CAAC;AAG5E,QAAM,wBAAwB,YAAY,OAAO,QAAgB,YAAiC;AAChG,QAAI,CAAC,QAAQ,CAAC,qBAAsB;AAEpC,QAAI;AAEF,YAAM,EAAE,eAAe,IAAI,MAAM,OAAO,qBAAe;AAEvD,YAAM,eAAe;AAAA,QACnB,MAAM;AAAA,QACN,QAAQ,KAAK;AAAA,QACb,gBAAgB,qBAAqB;AAAA,QACrC,YAAY;AAAA,QACZ,UAAU;AAAA;AAAA,QACV,QAAQ;AAAA,QACR,aAAa;AAAA;AAAA,QACb,UAAU,WAAW,CAAC;AAAA,MACxB,CAAC;AAAA,IACH,SAAS,OAAO;AACd,cAAQ,MAAM,gEAAgE,KAAK;AAAA,IACrF;AAAA,EACF,GAAG,CAAC,MAAM,oBAAoB,CAAC;AAG/B,QAAM,2BAA2B,YAAY,OAAO,UAAiC;AACnF,UAAM,YAAY,MAAM,2BAA2B,KAAK;AAExD,QAAI,CAAC,WAAW;AACd,YAAM,QAAQ,IAAI,MAAM,6CAA6C,KAAK,EAAE;AAC5E,YAAM,OAAO;AACb,YAAM,OAAO;AACb,YAAM,iBAAiB;AACvB,YAAM,SAAS,MAAM;AACrB,YAAM;AAAA,IACR;AAAA,EACF,GAAG,CAAC,4BAA4B,IAAI,CAAC;AAGrC,QAAM,qBAAqB,YAAY,OAAO,QAAgB,UAAoC;AAChG,QAAI,CAAC,SAAU,QAAO;AAEtB,QAAI;AAEF,UAAI,kBAAkB,cAAc;AAClC,eAAO;AAAA,MACT;AAGA,UAAI,WAAW,MAAM,IAAI;AACvB,eAAO;AAAA,MACT;AAEA,aAAO,MAAM,2BAA2B,KAAK;AAAA,IAC/C,SAAS,OAAO;AACd,cAAQ,MAAM,+DAA+D,KAAK;AAClF,aAAO;AAAA,IACT;AAAA,EACF,GAAG,CAAC,UAAU,kBAAkB,cAAc,MAAM,0BAA0B,CAAC;AAE/E,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;ACxNO,SAAS,eAAmC;AACjD,QAAM,EAAE,WAAW,QAAQ,IAAI,eAAe;AAE9C,SAAO;AAAA,IACL,sBAAsB,EAAE,WAAW,kBAAkB;AAAA,IACrD,eAAe,WAAW,kBAAkB;AAAA,IAC5C,WAAW,cAAc;AAAA,IACzB;AAAA,EACF;AACF;","names":["useMemo","useMemo"]}

package/dist/{chunk-TIVL4UQ7.js → chunk-JUUNUW3O.js}

@@ -1,35 +1,26 @@
 import {
-  init_OrganisationProvider,
-  init_UnifiedAuthProvider,
   useOrganisations,
   useUnifiedAuth
-} from "./chunk-BEZRLNK3.js";
+} from "./chunk-ZJ3UKPIW.js";
 import {
-  init_organisationContext,
   setOrganisationContext
-} from "./chunk-2V3Y6YBC.js";
+} from "./chunk-KK6WIDK6.js";
 
 // src/hooks/useSecureDataAccess.ts
-init_UnifiedAuthProvider();
-init_OrganisationProvider();
-init_organisationContext();
 import { useCallback, useState } from "react";
 function useSecureDataAccess() {
-  const { supabase, user, session } = useUnifiedAuth();
+  const { supabase, user } = useUnifiedAuth();
   const { ensureOrganisationContext } = useOrganisations();
   const validateContext = useCallback(() => {
     if (!supabase) {
       throw new Error("No Supabase client available");
     }
-    if (!user || !session) {
-      throw new Error("User must be authenticated with valid session");
-    }
     try {
       ensureOrganisationContext();
     } catch (error) {
       throw new Error("Organisation context is required for data access");
     }
-  }, [supabase, user, session, ensureOrganisationContext]);
+  }, [supabase, ensureOrganisationContext]);
   const getCurrentOrganisationId = useCallback(() => {
     validateContext();
     const currentOrg = ensureOrganisationContext();
@@ -379,4 +370,4 @@ function useSecureDataAccess() {
 export {
   useSecureDataAccess
 };
-//# sourceMappingURL=chunk-TIVL4UQ7.js.map
+//# sourceMappingURL=chunk-JUUNUW3O.js.map

package/dist/chunk-JUUNUW3O.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/hooks/useSecureDataAccess.ts"],"sourcesContent":["/**\n * @file useSecureDataAccess Hook\n * @package @jmruthers/pace-core\n * @module Hooks/useSecureDataAccess\n * @since 0.4.0\n *\n * Hook for secure database operations with mandatory organisation context.\n * Ensures all data access is properly scoped to the user's current organisation.\n *\n * @example\n * ```tsx\n * function DataComponent() {\n *   const { secureQuery, secureInsert, secureUpdate, secureDelete } = useSecureDataAccess();\n *   \n *   const loadData = async () => {\n *     try {\n *       // Automatically includes organisation_id filter\n *       const events = await secureQuery('event', '*', { is_visible: true });\n *       console.log('Organisation events:', events);\n *     } catch (error) {\n *       console.error('Failed to load data:', error);\n *     }\n *   };\n *   \n *   const createEvent = async (eventData) => {\n *     try {\n *       // Automatically sets organisation_id\n *       const newEvent = await secureInsert('event', eventData);\n *       console.log('Created event:', newEvent);\n *     } catch (error) {\n *       console.error('Failed to create event:', error);\n *     }\n *   };\n *   \n *   return (\n *     <div>\n *       <button onClick={loadData}>Load Data</button>\n *       <button onClick={() => createEvent({ event_name: 'New Event' })}>\n *         Create Event\n *       </button>\n *     </div>\n *   );\n * }\n * ```\n *\n * @security\n * - All queries automatically include organisation_id filter\n * - Validates organisation context before any operation\n * - Prevents data leaks between organisations\n * - Error handling for security violations\n * - Type-safe database operations\n */\n\nimport { useCallback, useState } from 'react';\nimport { useUnifiedAuth } from '../providers/UnifiedAuthProvider';\nimport { useOrganisations } from '../providers/OrganisationProvider';\nimport { setOrganisationContext } from '../utils/organisationContext';\nimport type { Permission } from '../rbac/types';\nimport type { OrganisationSecurityError } from '../types/organisation';\n\nexport interface SecureDataAccessReturn {\n  /** Execute a secure query with organisation filtering */\n  secureQuery: <T = any>(\n    table: string,\n    columns: string,\n    filters?: Record<string, any>,\n    options?: {\n      orderBy?: string;\n      ascending?: boolean;\n      limit?: number;\n      offset?: number;\n    }\n  ) => Promise<T[]>;\n  \n  /** Execute a secure insert with organisation context */\n  secureInsert: <T = any>(\n    table: string,\n    data: Record<string, any>\n  ) => Promise<T>;\n  \n  /** Execute a secure update with organisation filtering */\n  secureUpdate: <T = any>(\n    table: string,\n    data: Record<string, any>,\n    filters: Record<string, any>\n  ) => Promise<T[]>;\n  \n  /** Execute a secure delete with organisation filtering */\n  secureDelete: (\n    table: string,\n    filters: Record<string, any>\n  ) => Promise<void>;\n  \n  /** Execute a secure RPC call with organisation context */\n  secureRpc: <T = any>(\n    functionName: string,\n    params?: Record<string, any>\n  ) => Promise<T>;\n  \n  /** Get current organisation ID */\n  getCurrentOrganisationId: () => string;\n  \n  /** Validate organisation context */\n  validateContext: () => void;\n  \n  // NEW: Phase 1 - Enhanced Security Features\n  /** Check if data access is allowed for a table and operation */\n  isDataAccessAllowed: (table: string, operation: string) => boolean;\n  \n  /** Get all data access permissions for current user */\n  getDataAccessPermissions: () => Record<string, string[]>;\n  \n  /** Check if strict mode is enabled */\n  isStrictMode: boolean;\n  \n  /** Check if audit logging is enabled */\n  isAuditLogEnabled: boolean;\n  \n  /** Get data access history */\n  getDataAccessHistory: () => DataAccessRecord[];\n  \n  /** Clear data access history */\n  clearDataAccessHistory: () => void;\n  \n  /** Validate data access attempt */\n  validateDataAccess: (table: string, operation: string) => boolean;\n}\n\nexport interface DataAccessRecord {\n  table: string;\n  operation: string;\n  userId: string;\n  organisationId: string;\n  allowed: boolean;\n  timestamp: string;\n  query?: string;\n  filters?: Record<string, any>;\n}\n\n/**\n * Hook for secure data access with automatic organisation filtering\n * \n * All database operations automatically include organisation context:\n * - Queries filter by organisation_id\n * - Inserts include organisation_id\n * - Updates/deletes are scoped to organisation\n * - RPC calls include organisation_id parameter\n */\nexport function useSecureDataAccess(): SecureDataAccessReturn {\n  const { supabase, user } = useUnifiedAuth();\n  const { ensureOrganisationContext } = useOrganisations();\n\n  const validateContext = useCallback((): void => {\n    if (!supabase) {\n      throw new Error('No Supabase client available') as OrganisationSecurityError;\n    }\n    \n    try {\n      ensureOrganisationContext();\n    } catch (error) {\n      throw new Error('Organisation context is required for data access') as OrganisationSecurityError;\n    }\n  }, [supabase, ensureOrganisationContext]);\n\n  const getCurrentOrganisationId = useCallback((): string => {\n    validateContext();\n    const currentOrg = ensureOrganisationContext();\n    return currentOrg.id;\n  }, [validateContext, ensureOrganisationContext]);\n\n  // Set organisation context in database session\n  const setOrganisationContextInSession = useCallback(async (organisationId: string): Promise<void> => {\n    if (!supabase) {\n      throw new Error('No Supabase client available') as OrganisationSecurityError;\n    }\n\n    await setOrganisationContext(supabase, organisationId);\n  }, [supabase]);\n\n  const secureQuery = useCallback(async <T = any>(\n    table: string,\n    columns: string,\n    filters: Record<string, any> = {},\n    options: {\n      orderBy?: string;\n      ascending?: boolean;\n      limit?: number;\n      offset?: number;\n    } = {}\n  ): Promise<T[]> => {\n    validateContext();\n    const organisationId = getCurrentOrganisationId();\n    \n    console.log('[useSecureDataAccess] Executing secure query:', {\n      table,\n      organisationId,\n      filters\n    });\n\n    // Set organisation context in database session\n    await setOrganisationContextInSession(organisationId);\n\n    // Build query with organisation filter\n    let query = supabase!\n      .from(table)\n      .select(columns);\n\n    // Add organisation filter only if table has organisation_id column\n    const tablesWithOrganisation = [\n      'event',  'organisation_settings',\n      'rbac_event_app_roles', 'rbac_organisation_roles',\n      // SECURITY: Phase 2 additions - complete organisation table mapping\n      'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',\n      // SECURITY: Emergency additions for Phase 1 fixes\n      'cake_meal', 'cake_mealtype', 'pace_person', 'pace_member',\n      // SECURITY: Phase 3A additions - medical and personal data\n      'medi_profile', 'medi_condition', 'medi_diet', 'medi_action_plan', 'medi_profile_versions',\n      'pace_consent', 'pace_contact', 'pace_id_documents', 'pace_qualifications',\n      'form_responses', 'form_response_values', 'forms',\n      // SECURITY: Phase 3B additions - remaining critical tables\n      'invoice', 'line_item', 'credit_balance', 'payment_method',\n      'form_contexts', 'form_field_config', 'form_fields',\n      'cake_delivery', 'cake_diettype', 'cake_diner', 'cake_dish', 'cake_item', \n      'cake_logistics', 'cake_mealplan', 'cake_package', 'cake_recipe', 'cake_supplier', \n      'cake_supply', 'cake_unit', 'event_app_access', 'base_application', 'base_questions'\n    ];\n    \n    if (tablesWithOrganisation.includes(table)) {\n      query = query.eq('organisation_id', organisationId);\n    }\n\n    // Apply additional filters\n    Object.entries(filters).forEach(([key, value]) => {\n      if (value !== undefined && value !== null) {\n        // Handle qualified column names (e.g., 'users.role')\n        const columnName = key.includes('.') ? key.split('.').pop()! : key;\n        query = query.eq(columnName, value);\n      }\n    });\n\n    // Apply options\n    if (options.orderBy) {\n      // Only use the column name, not a qualified name\n      const orderByColumn = options.orderBy.split('.').pop();\n      if (orderByColumn) {\n        query = query.order(orderByColumn, { ascending: options.ascending ?? true });\n      }\n    }\n    \n    if (options.limit) {\n      query = query.limit(options.limit);\n    }\n    \n    if (options.offset) {\n      query = query.range(options.offset, options.offset + (options.limit || 100) - 1);\n    }\n\n    const { data, error } = await query;\n    \n    if (error) {\n      console.error('[useSecureDataAccess] Query failed:', error);\n      // NEW: Phase 1 - Record failed data access attempt\n      recordDataAccess(table, 'read', false, `SELECT ${columns} FROM ${table}`, filters);\n      throw error;\n    }\n\n    console.log('[useSecureDataAccess] Query successful:', {\n      table,\n      resultCount: data?.length || 0\n    });\n\n    // NEW: Phase 1 - Record successful data access attempt\n    recordDataAccess(table, 'read', true, `SELECT ${columns} FROM ${table}`, filters);\n\n    return (data as T[]) || [];\n  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);\n\n  const secureInsert = useCallback(async <T = any>(\n    table: string,\n    data: Record<string, any>\n  ): Promise<T> => {\n    validateContext();\n    const organisationId = getCurrentOrganisationId();\n    \n    console.log('[useSecureDataAccess] Executing secure insert:', {\n      table,\n      organisationId\n    });\n\n    // Set organisation context in database session\n    await setOrganisationContextInSession(organisationId);\n\n    // Ensure organisation_id is set\n    const secureData = {\n      ...data,\n      organisation_id: organisationId\n    };\n\n    const { data: insertData, error } = await supabase!\n      .from(table)\n      .insert(secureData)\n      .select()\n      .single();\n\n    if (error) {\n      console.error('[useSecureDataAccess] Insert failed:', error);\n      throw error;\n    }\n\n    console.log('[useSecureDataAccess] Insert successful:', {\n      table,\n      id: insertData?.id\n    });\n\n    return insertData as T;\n  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);\n\n  const secureUpdate = useCallback(async <T = any>(\n    table: string,\n    data: Record<string, any>,\n    filters: Record<string, any>\n  ): Promise<T[]> => {\n    validateContext();\n    const organisationId = getCurrentOrganisationId();\n    \n    console.log('[useSecureDataAccess] Executing secure update:', {\n      table,\n      organisationId,\n      filters\n    });\n\n    // Set organisation context in database session\n    await setOrganisationContextInSession(organisationId);\n\n    // Build update query with organisation filter\n    let query = supabase!\n      .from(table)\n      .update(data);\n\n    // Add organisation filter only if table has organisation_id column\n    const tablesWithOrganisation = [\n      'event',  'organisation_settings',\n      'rbac_event_app_roles', 'rbac_organisation_roles',\n      // SECURITY: Phase 2 additions - complete organisation table mapping\n      'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',\n      // SECURITY: Emergency additions for Phase 1 fixes\n      'cake_meal', 'cake_mealtype', 'pace_person', 'pace_member'\n    ];\n    \n    if (tablesWithOrganisation.includes(table)) {\n      query = query.eq('organisation_id', organisationId);\n    }\n\n    // Apply filters\n    Object.entries(filters).forEach(([key, value]) => {\n      if (value !== undefined && value !== null) {\n        query = query.eq(key, value);\n      }\n    });\n\n    const { data: updateData, error } = await query.select();\n\n    if (error) {\n      console.error('[useSecureDataAccess] Update failed:', error);\n      throw error;\n    }\n\n    console.log('[useSecureDataAccess] Update successful:', {\n      table,\n      updatedCount: updateData?.length || 0\n    });\n\n    return (updateData as T[]) || [];\n  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);\n\n  const secureDelete = useCallback(async (\n    table: string,\n    filters: Record<string, any>\n  ): Promise<void> => {\n    validateContext();\n    const organisationId = getCurrentOrganisationId();\n    \n    console.log('[useSecureDataAccess] Executing secure delete:', {\n      table,\n      organisationId,\n      filters\n    });\n\n    // Set organisation context in database session\n    await setOrganisationContextInSession(organisationId);\n\n    // Build delete query with organisation filter\n    let query = supabase!\n      .from(table)\n      .delete();\n\n    // Add organisation filter only if table has organisation_id column\n    const tablesWithOrganisation = [\n      'event',  'organisation_settings',\n      'rbac_event_app_roles', 'rbac_organisation_roles',\n      // SECURITY: Phase 2 additions - complete organisation table mapping\n      'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',\n      // SECURITY: Emergency additions for Phase 1 fixes\n      'cake_meal', 'cake_mealtype', 'pace_person', 'pace_member',\n      // SECURITY: Phase 3A additions - medical and personal data\n      'medi_profile', 'medi_condition', 'medi_diet', 'medi_action_plan', 'medi_profile_versions',\n      'pace_consent', 'pace_contact', 'pace_id_documents', 'pace_qualifications',\n      'form_responses', 'form_response_values', 'forms',\n      // SECURITY: Phase 3B additions - remaining critical tables\n      'invoice', 'line_item', 'credit_balance', 'payment_method',\n      'form_contexts', 'form_field_config', 'form_fields',\n      'cake_delivery', 'cake_diettype', 'cake_diner', 'cake_dish', 'cake_item', \n      'cake_logistics', 'cake_mealplan', 'cake_package', 'cake_recipe', 'cake_supplier', \n      'cake_supply', 'cake_unit', 'event_app_access', 'base_application', 'base_questions'\n    ];\n    \n    if (tablesWithOrganisation.includes(table)) {\n      query = query.eq('organisation_id', organisationId);\n    }\n\n    // Apply filters\n    Object.entries(filters).forEach(([key, value]) => {\n      if (value !== undefined && value !== null) {\n        query = query.eq(key, value);\n      }\n    });\n\n    const { error } = await query;\n\n    if (error) {\n      console.error('[useSecureDataAccess] Delete failed:', error);\n      throw error;\n    }\n\n    console.log('[useSecureDataAccess] Delete successful:', {\n      table\n    });\n  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);\n\n  const secureRpc = useCallback(async <T = any>(\n    functionName: string,\n    params: Record<string, any> = {}\n  ): Promise<T> => {\n    validateContext();\n    const organisationId = getCurrentOrganisationId();\n    \n    console.log('[useSecureDataAccess] Executing secure RPC:', {\n      functionName,\n      organisationId\n    });\n\n    // Set organisation context in database session\n    await setOrganisationContextInSession(organisationId);\n\n    // Include organisation_id in RPC parameters\n    const secureParams = {\n      ...params,\n      organisation_id: organisationId\n    };\n\n    const { data, error } = await supabase!.rpc(functionName, secureParams);\n\n    if (error) {\n      console.error('[useSecureDataAccess] RPC failed:', error);\n      throw error;\n    }\n\n    console.log('[useSecureDataAccess] RPC successful:', {\n      functionName\n    });\n\n    return data as T;\n  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);\n\n  // NEW: Phase 1 - Enhanced Security Features\n  const [dataAccessHistory, setDataAccessHistory] = useState<DataAccessRecord[]>([]);\n  const [isStrictMode] = useState(true); // Always enabled in Phase 1\n  const [isAuditLogEnabled] = useState(true); // Always enabled in Phase 1\n\n  // Check if data access is allowed for a table and operation\n  const isDataAccessAllowed = useCallback((table: string, operation: string): boolean => {\n    if (!user?.id) return false;\n    \n    // Use the existing RBAC system to check data access permissions\n    // This is a synchronous check for the context - actual permission checking\n    // happens in the secure data operations using the RBAC engine\n    const permission = `${operation}:data.${table}` as Permission;\n    \n    // For now, we'll return true and let the secure data operations\n    // handle the actual permission checking asynchronously\n    // This context is mainly for tracking and audit purposes\n    return true;\n  }, [user?.id]);\n\n  // Get all data access permissions for current user\n  const getDataAccessPermissions = useCallback((): Record<string, string[]> => {\n    if (!user?.id) return {};\n    \n    // For now, return empty object - this will be enhanced with actual permission checking\n    // when we integrate with the existing RBAC system\n    return {};\n  }, [user?.id]);\n\n  // Get data access history\n  const getDataAccessHistory = useCallback((): DataAccessRecord[] => {\n    return [...dataAccessHistory];\n  }, [dataAccessHistory]);\n\n  // Clear data access history\n  const clearDataAccessHistory = useCallback(() => {\n    setDataAccessHistory([]);\n  }, []);\n\n  // Validate data access attempt\n  const validateDataAccess = useCallback((table: string, operation: string): boolean => {\n    if (!user?.id) return false;\n    \n    // Validate organisation context\n    try {\n      validateContext();\n    } catch (error) {\n      console.error(`[useSecureDataAccess] Organisation context validation failed:`, error);\n      return false;\n    }\n    \n    return isDataAccessAllowed(table, operation);\n  }, [user?.id, validateContext, isDataAccessAllowed]);\n\n  // Record data access attempt\n  const recordDataAccess = useCallback((\n    table: string,\n    operation: string,\n    allowed: boolean,\n    query?: string,\n    filters?: Record<string, any>\n  ) => {\n    if (!isAuditLogEnabled || !user?.id) return;\n    \n    const record: DataAccessRecord = {\n      table,\n      operation,\n      userId: user.id,\n      organisationId: getCurrentOrganisationId(),\n      allowed,\n      timestamp: new Date().toISOString(),\n      query,\n      filters\n    };\n    \n    setDataAccessHistory(prev => {\n      const newHistory = [record, ...prev];\n      return newHistory.slice(0, 1000); // Keep last 1000 records\n    });\n    \n    if (isStrictMode && !allowed) {\n      console.error(`[useSecureDataAccess] STRICT MODE VIOLATION: User attempted data access without permission`, {\n        table,\n        operation,\n        userId: user.id,\n        organisationId: getCurrentOrganisationId(),\n        timestamp: new Date().toISOString()\n      });\n    }\n  }, [isAuditLogEnabled, isStrictMode, user?.id, getCurrentOrganisationId]);\n\n  return {\n    secureQuery,\n    secureInsert,\n    secureUpdate,\n    secureDelete,\n    secureRpc,\n    getCurrentOrganisationId,\n    validateContext,\n    // NEW: Phase 1 - Enhanced Security Features\n    isDataAccessAllowed,\n    getDataAccessPermissions,\n    isStrictMode,\n    isAuditLogEnabled,\n    getDataAccessHistory,\n    clearDataAccessHistory,\n    validateDataAccess\n  };\n} "],"mappings":";;;;;;;;;AAqDA,SAAS,aAAa,gBAAgB;AA+F/B,SAAS,sBAA8C;AAC5D,QAAM,EAAE,UAAU,KAAK,IAAI,eAAe;AAC1C,QAAM,EAAE,0BAA0B,IAAI,iBAAiB;AAEvD,QAAM,kBAAkB,YAAY,MAAY;AAC9C,QAAI,CAAC,UAAU;AACb,YAAM,IAAI,MAAM,8BAA8B;AAAA,IAChD;AAEA,QAAI;AACF,gCAA0B;AAAA,IAC5B,SAAS,OAAO;AACd,YAAM,IAAI,MAAM,kDAAkD;AAAA,IACpE;AAAA,EACF,GAAG,CAAC,UAAU,yBAAyB,CAAC;AAExC,QAAM,2BAA2B,YAAY,MAAc;AACzD,oBAAgB;AAChB,UAAM,aAAa,0BAA0B;AAC7C,WAAO,WAAW;AAAA,EACpB,GAAG,CAAC,iBAAiB,yBAAyB,CAAC;AAG/C,QAAM,kCAAkC,YAAY,OAAO,mBAA0C;AACnG,QAAI,CAAC,UAAU;AACb,YAAM,IAAI,MAAM,8BAA8B;AAAA,IAChD;AAEA,UAAM,uBAAuB,UAAU,cAAc;AAAA,EACvD,GAAG,CAAC,QAAQ,CAAC;AAEb,QAAM,cAAc,YAAY,OAC9B,OACA,SACA,UAA+B,CAAC,GAChC,UAKI,CAAC,MACY;AACjB,oBAAgB;AAChB,UAAM,iBAAiB,yBAAyB;AAEhD,YAAQ,IAAI,iDAAiD;AAAA,MAC3D;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAGD,UAAM,gCAAgC,cAAc;AAGpD,QAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO,OAAO;AAGjB,UAAM,yBAAyB;AAAA,MAC7B;AAAA,MAAU;AAAA,MACV;AAAA,MAAwB;AAAA;AAAA,MAExB;AAAA,MAA0B;AAAA,MAA4B;AAAA;AAAA,MAEtD;AAAA,MAAa;AAAA,MAAiB;AAAA,MAAe;AAAA;AAAA,MAE7C;AAAA,MAAgB;AAAA,MAAkB;AAAA,MAAa;AAAA,MAAoB;AAAA,MACnE;AAAA,MAAgB;AAAA,MAAgB;AAAA,MAAqB;AAAA,MACrD;AAAA,MAAkB;AAAA,MAAwB;AAAA;AAAA,MAE1C;AAAA,MAAW;AAAA,MAAa;AAAA,MAAkB;AAAA,MAC1C;AAAA,MAAiB;AAAA,MAAqB;AAAA,MACtC;AAAA,MAAiB;AAAA,MAAiB;AAAA,MAAc;AAAA,MAAa;AAAA,MAC7D;AAAA,MAAkB;AAAA,MAAiB;AAAA,MAAgB;AAAA,MAAe;AAAA,MAClE;AAAA,MAAe;AAAA,MAAa;AAAA,MAAoB;AAAA,MAAoB;AAAA,IACtE;AAEA,QAAI,uBAAuB,SAAS,KAAK,GAAG;AAC1C,cAAQ,MAAM,GAAG,mBAAmB,cAAc;AAAA,IACpD;AAGA,WAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,UAAI,UAAU,UAAa,UAAU,MAAM;AAEzC,cAAM,aAAa,IAAI,SAAS,GAAG,IAAI,IAAI,MAAM,GAAG,EAAE,IAAI,IAAK;AAC/D,gBAAQ,MAAM,GAAG,YAAY,KAAK;AAAA,MACpC;AAAA,IACF,CAAC;AAGD,QAAI,QAAQ,SAAS;AAEnB,YAAM,gBAAgB,QAAQ,QAAQ,MAAM,GAAG,EAAE,IAAI;AACrD,UAAI,eAAe;AACjB,gBAAQ,MAAM,MAAM,eAAe,EAAE,WAAW,QAAQ,aAAa,KAAK,CAAC;AAAA,MAC7E;AAAA,IACF;AAEA,QAAI,QAAQ,OAAO;AACjB,cAAQ,MAAM,MAAM,QAAQ,KAAK;AAAA,IACnC;AAEA,QAAI,QAAQ,QAAQ;AAClB,cAAQ,MAAM,MAAM,QAAQ,QAAQ,QAAQ,UAAU,QAAQ,SAAS,OAAO,CAAC;AAAA,IACjF;AAEA,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM;AAE9B,QAAI,OAAO;AACT,cAAQ,MAAM,uCAAuC,KAAK;AAE1D,uBAAiB,OAAO,QAAQ,OAAO,UAAU,OAAO,SAAS,KAAK,IAAI,OAAO;AACjF,YAAM;AAAA,IACR;AAEA,YAAQ,IAAI,2CAA2C;AAAA,MACrD;AAAA,MACA,aAAa,MAAM,UAAU;AAAA,IAC/B,CAAC;AAGD,qBAAiB,OAAO,QAAQ,MAAM,UAAU,OAAO,SAAS,KAAK,IAAI,OAAO;AAEhF,WAAQ,QAAgB,CAAC;AAAA,EAC3B,GAAG,CAAC,iBAAiB,0BAA0B,iCAAiC,QAAQ,CAAC;AAEzF,QAAM,eAAe,YAAY,OAC/B,OACA,SACe;AACf,oBAAgB;AAChB,UAAM,iBAAiB,yBAAyB;AAEhD,YAAQ,IAAI,kDAAkD;AAAA,MAC5D;AAAA,MACA;AAAA,IACF,CAAC;AAGD,UAAM,gCAAgC,cAAc;AAGpD,UAAM,aAAa;AAAA,MACjB,GAAG;AAAA,MACH,iBAAiB;AAAA,IACnB;AAEA,UAAM,EAAE,MAAM,YAAY,MAAM,IAAI,MAAM,SACvC,KAAK,KAAK,EACV,OAAO,UAAU,EACjB,OAAO,EACP,OAAO;AAEV,QAAI,OAAO;AACT,cAAQ,MAAM,wCAAwC,KAAK;AAC3D,YAAM;AAAA,IACR;AAEA,YAAQ,IAAI,4CAA4C;AAAA,MACtD;AAAA,MACA,IAAI,YAAY;AAAA,IAClB,CAAC;AAED,WAAO;AAAA,EACT,GAAG,CAAC,iBAAiB,0BAA0B,iCAAiC,QAAQ,CAAC;AAEzF,QAAM,eAAe,YAAY,OAC/B,OACA,MACA,YACiB;AACjB,oBAAgB;AAChB,UAAM,iBAAiB,yBAAyB;AAEhD,YAAQ,IAAI,kDAAkD;AAAA,MAC5D;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAGD,UAAM,gCAAgC,cAAc;AAGpD,QAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO,IAAI;AAGd,UAAM,yBAAyB;AAAA,MAC7B;AAAA,MAAU;AAAA,MACV;AAAA,MAAwB;AAAA;AAAA,MAExB;AAAA,MAA0B;AAAA,MAA4B;AAAA;AAAA,MAEtD;AAAA,MAAa;AAAA,MAAiB;AAAA,MAAe;AAAA,IAC/C;AAEA,QAAI,uBAAuB,SAAS,KAAK,GAAG;AAC1C,cAAQ,MAAM,GAAG,mBAAmB,cAAc;AAAA,IACpD;AAGA,WAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,UAAI,UAAU,UAAa,UAAU,MAAM;AACzC,gBAAQ,MAAM,GAAG,KAAK,KAAK;AAAA,MAC7B;AAAA,IACF,CAAC;AAED,UAAM,EAAE,MAAM,YAAY,MAAM,IAAI,MAAM,MAAM,OAAO;AAEvD,QAAI,OAAO;AACT,cAAQ,MAAM,wCAAwC,KAAK;AAC3D,YAAM;AAAA,IACR;AAEA,YAAQ,IAAI,4CAA4C;AAAA,MACtD;AAAA,MACA,cAAc,YAAY,UAAU;AAAA,IACtC,CAAC;AAED,WAAQ,cAAsB,CAAC;AAAA,EACjC,GAAG,CAAC,iBAAiB,0BAA0B,iCAAiC,QAAQ,CAAC;AAEzF,QAAM,eAAe,YAAY,OAC/B,OACA,YACkB;AAClB,oBAAgB;AAChB,UAAM,iBAAiB,yBAAyB;AAEhD,YAAQ,IAAI,kDAAkD;AAAA,MAC5D;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAGD,UAAM,gCAAgC,cAAc;AAGpD,QAAI,QAAQ,SACT,KAAK,KAAK,EACV,OAAO;AAGV,UAAM,yBAAyB;AAAA,MAC7B;AAAA,MAAU;AAAA,MACV;AAAA,MAAwB;AAAA;AAAA,MAExB;AAAA,MAA0B;AAAA,MAA4B;AAAA;AAAA,MAEtD;AAAA,MAAa;AAAA,MAAiB;AAAA,MAAe;AAAA;AAAA,MAE7C;AAAA,MAAgB;AAAA,MAAkB;AAAA,MAAa;AAAA,MAAoB;AAAA,MACnE;AAAA,MAAgB;AAAA,MAAgB;AAAA,MAAqB;AAAA,MACrD;AAAA,MAAkB;AAAA,MAAwB;AAAA;AAAA,MAE1C;AAAA,MAAW;AAAA,MAAa;AAAA,MAAkB;AAAA,MAC1C;AAAA,MAAiB;AAAA,MAAqB;AAAA,MACtC;AAAA,MAAiB;AAAA,MAAiB;AAAA,MAAc;AAAA,MAAa;AAAA,MAC7D;AAAA,MAAkB;AAAA,MAAiB;AAAA,MAAgB;AAAA,MAAe;AAAA,MAClE;AAAA,MAAe;AAAA,MAAa;AAAA,MAAoB;AAAA,MAAoB;AAAA,IACtE;AAEA,QAAI,uBAAuB,SAAS,KAAK,GAAG;AAC1C,cAAQ,MAAM,GAAG,mBAAmB,cAAc;AAAA,IACpD;AAGA,WAAO,QAAQ,OAAO,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAChD,UAAI,UAAU,UAAa,UAAU,MAAM;AACzC,gBAAQ,MAAM,GAAG,KAAK,KAAK;AAAA,MAC7B;AAAA,IACF,CAAC;AAED,UAAM,EAAE,MAAM,IAAI,MAAM;AAExB,QAAI,OAAO;AACT,cAAQ,MAAM,wCAAwC,KAAK;AAC3D,YAAM;AAAA,IACR;AAEA,YAAQ,IAAI,4CAA4C;AAAA,MACtD;AAAA,IACF,CAAC;AAAA,EACH,GAAG,CAAC,iBAAiB,0BAA0B,iCAAiC,QAAQ,CAAC;AAEzF,QAAM,YAAY,YAAY,OAC5B,cACA,SAA8B,CAAC,MAChB;AACf,oBAAgB;AAChB,UAAM,iBAAiB,yBAAyB;AAEhD,YAAQ,IAAI,+CAA+C;AAAA,MACzD;AAAA,MACA;AAAA,IACF,CAAC;AAGD,UAAM,gCAAgC,cAAc;AAGpD,UAAM,eAAe;AAAA,MACnB,GAAG;AAAA,MACH,iBAAiB;AAAA,IACnB;AAEA,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,SAAU,IAAI,cAAc,YAAY;AAEtE,QAAI,OAAO;AACT,cAAQ,MAAM,qCAAqC,KAAK;AACxD,YAAM;AAAA,IACR;AAEA,YAAQ,IAAI,yCAAyC;AAAA,MACnD;AAAA,IACF,CAAC;AAED,WAAO;AAAA,EACT,GAAG,CAAC,iBAAiB,0BAA0B,iCAAiC,QAAQ,CAAC;AAGzF,QAAM,CAAC,mBAAmB,oBAAoB,IAAI,SAA6B,CAAC,CAAC;AACjF,QAAM,CAAC,YAAY,IAAI,SAAS,IAAI;AACpC,QAAM,CAAC,iBAAiB,IAAI,SAAS,IAAI;AAGzC,QAAM,sBAAsB,YAAY,CAAC,OAAe,cAA+B;AACrF,QAAI,CAAC,MAAM,GAAI,QAAO;AAKtB,UAAM,aAAa,GAAG,SAAS,SAAS,KAAK;AAK7C,WAAO;AAAA,EACT,GAAG,CAAC,MAAM,EAAE,CAAC;AAGb,QAAM,2BAA2B,YAAY,MAAgC;AAC3E,QAAI,CAAC,MAAM,GAAI,QAAO,CAAC;AAIvB,WAAO,CAAC;AAAA,EACV,GAAG,CAAC,MAAM,EAAE,CAAC;AAGb,QAAM,uBAAuB,YAAY,MAA0B;AACjE,WAAO,CAAC,GAAG,iBAAiB;AAAA,EAC9B,GAAG,CAAC,iBAAiB,CAAC;AAGtB,QAAM,yBAAyB,YAAY,MAAM;AAC/C,yBAAqB,CAAC,CAAC;AAAA,EACzB,GAAG,CAAC,CAAC;AAGL,QAAM,qBAAqB,YAAY,CAAC,OAAe,cAA+B;AACpF,QAAI,CAAC,MAAM,GAAI,QAAO;AAGtB,QAAI;AACF,sBAAgB;AAAA,IAClB,SAAS,OAAO;AACd,cAAQ,MAAM,iEAAiE,KAAK;AACpF,aAAO;AAAA,IACT;AAEA,WAAO,oBAAoB,OAAO,SAAS;AAAA,EAC7C,GAAG,CAAC,MAAM,IAAI,iBAAiB,mBAAmB,CAAC;AAGnD,QAAM,mBAAmB,YAAY,CACnC,OACA,WACA,SACA,OACA,YACG;AACH,QAAI,CAAC,qBAAqB,CAAC,MAAM,GAAI;AAErC,UAAM,SAA2B;AAAA,MAC/B;AAAA,MACA;AAAA,MACA,QAAQ,KAAK;AAAA,MACb,gBAAgB,yBAAyB;AAAA,MACzC;AAAA,MACA,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,MAClC;AAAA,MACA;AAAA,IACF;AAEA,yBAAqB,UAAQ;AAC3B,YAAM,aAAa,CAAC,QAAQ,GAAG,IAAI;AACnC,aAAO,WAAW,MAAM,GAAG,GAAI;AAAA,IACjC,CAAC;AAED,QAAI,gBAAgB,CAAC,SAAS;AAC5B,cAAQ,MAAM,8FAA8F;AAAA,QAC1G;AAAA,QACA;AAAA,QACA,QAAQ,KAAK;AAAA,QACb,gBAAgB,yBAAyB;AAAA,QACzC,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,MACpC,CAAC;AAAA,IACH;AAAA,EACF,GAAG,CAAC,mBAAmB,cAAc,MAAM,IAAI,wBAAwB,CAAC;AAExE,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA;AAAA,IAEA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;","names":[]}

package/dist/chunk-KK6WIDK6.js

@@ -0,0 +1,63 @@
+// src/utils/organisationContext.ts
+async function setOrganisationContext(supabase, organisationId) {
+  if (!supabase || !organisationId) {
+    return;
+  }
+  try {
+    const { error } = await supabase.rpc("set_organisation_context", {
+      org_id: organisationId
+    });
+    if (error) {
+    } else {
+    }
+  } catch (error) {
+  }
+}
+async function clearOrganisationContext(supabase) {
+  if (!supabase) {
+    return;
+  }
+  try {
+    const { error } = await supabase.rpc("clear_organisation_context");
+    if (error) {
+    } else {
+    }
+  } catch (error) {
+  }
+}
+async function getOrganisationContext(supabase) {
+  if (!supabase) {
+    return null;
+  }
+  try {
+    const { data, error } = await supabase.rpc("get_organisation_context");
+    if (error) {
+      return null;
+    }
+    return data;
+  } catch (error) {
+    return null;
+  }
+}
+async function isOrganisationContextAvailable(supabase) {
+  if (!supabase) {
+    return false;
+  }
+  try {
+    const { error } = await supabase.rpc("get_organisation_context");
+    if (error) {
+      return false;
+    }
+    return true;
+  } catch (error) {
+    return false;
+  }
+}
+
+export {
+  setOrganisationContext,
+  clearOrganisationContext,
+  getOrganisationContext,
+  isOrganisationContextAvailable
+};
+//# sourceMappingURL=chunk-KK6WIDK6.js.map

package/dist/chunk-KK6WIDK6.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/utils/organisationContext.ts"],"sourcesContent":["/**\n * @file Organisation Context Utility\n * @package @jmruthers/pace-core\n * @module Utils/OrganisationContext\n * @since 0.4.0\n *\n * Utility functions for managing organisation context in database sessions.\n * Provides fallback mechanisms for when database functions are not available.\n */\n\nimport type { SupabaseClient } from '@supabase/supabase-js';\n\n/**\n * Set organisation context in the database session\n * \n * This function attempts to set the organisation context using a database function.\n * If the function is not available, it falls back gracefully without throwing errors.\n * \n * @param supabase - Supabase client instance\n * @param organisationId - The organisation ID to set as context\n * @returns Promise that resolves when context is set (or falls back gracefully)\n */\nexport async function setOrganisationContext(\n  supabase: SupabaseClient,\n  organisationId: string\n): Promise<void> {\n  if (!supabase || !organisationId) {\n    // TODO: Replace with proper logging service integration\n    return;\n  }\n\n  try {\n    // Try to call the database function to set organisation context\n    const { error } = await supabase.rpc('set_organisation_context', {\n      org_id: organisationId\n    });\n\n    if (error) {\n      // Function might not exist yet - this is expected during migration\n      // Silent fail - will fall back to client-side filtering\n      // TODO: Replace with proper logging service integration\n    } else {\n      // TODO: Replace with proper logging service integration\n    }\n  } catch (error) {\n    // Handle any other errors gracefully\n    // Silent fail - will fall back to client-side filtering\n    // TODO: Replace with proper logging service integration\n  }\n}\n\n/**\n * Clear organisation context from the database session\n * \n * @param supabase - Supabase client instance\n * @returns Promise that resolves when context is cleared\n */\nexport async function clearOrganisationContext(\n  supabase: SupabaseClient\n): Promise<void> {\n  if (!supabase) {\n    // TODO: Replace with proper logging service integration\n    return;\n  }\n\n  try {\n    const { error } = await supabase.rpc('clear_organisation_context');\n    \n    if (error) {\n      // Silent fail - function not available\n      // TODO: Replace with proper logging service integration\n    } else {\n      // TODO: Replace with proper logging service integration\n    }\n  } catch (error) {\n    // Silent fail - error occurred\n    // TODO: Replace with proper logging service integration\n  }\n}\n\n/**\n * Get current organisation context from the database session\n * \n * @param supabase - Supabase client instance\n * @returns Promise that resolves to the current organisation ID or null\n */\nexport async function getOrganisationContext(\n  supabase: SupabaseClient\n): Promise<string | null> {\n  if (!supabase) {\n    // TODO: Replace with proper logging service integration\n    return null;\n  }\n\n  try {\n    const { data, error } = await supabase.rpc('get_organisation_context');\n    \n    if (error) {\n      // TODO: Replace with proper logging service integration\n      return null;\n    }\n    \n    // TODO: Replace with proper logging service integration\n    return data;\n  } catch (error) {\n    // TODO: Replace with proper logging service integration\n    return null;\n  }\n}\n\n/**\n * Check if organisation context functions are available in the database\n * \n * @param supabase - Supabase client instance\n * @returns Promise that resolves to true if functions are available\n */\nexport async function isOrganisationContextAvailable(\n  supabase: SupabaseClient\n): Promise<boolean> {\n  if (!supabase) {\n    return false;\n  }\n\n  try {\n    const { error } = await supabase.rpc('get_organisation_context');\n    \n    if (error) {\n      return false;\n    }\n    \n    return true;\n  } catch (error) {\n    return false;\n  }\n} "],"mappings":";AAsBA,eAAsB,uBACpB,UACA,gBACe;AACf,MAAI,CAAC,YAAY,CAAC,gBAAgB;AAEhC;AAAA,EACF;AAEA,MAAI;AAEF,UAAM,EAAE,MAAM,IAAI,MAAM,SAAS,IAAI,4BAA4B;AAAA,MAC/D,QAAQ;AAAA,IACV,CAAC;AAED,QAAI,OAAO;AAAA,IAIX,OAAO;AAAA,IAEP;AAAA,EACF,SAAS,OAAO;AAAA,EAIhB;AACF;AAQA,eAAsB,yBACpB,UACe;AACf,MAAI,CAAC,UAAU;AAEb;AAAA,EACF;AAEA,MAAI;AACF,UAAM,EAAE,MAAM,IAAI,MAAM,SAAS,IAAI,4BAA4B;AAEjE,QAAI,OAAO;AAAA,IAGX,OAAO;AAAA,IAEP;AAAA,EACF,SAAS,OAAO;AAAA,EAGhB;AACF;AAQA,eAAsB,uBACpB,UACwB;AACxB,MAAI,CAAC,UAAU;AAEb,WAAO;AAAA,EACT;AAEA,MAAI;AACF,UAAM,EAAE,MAAM,MAAM,IAAI,MAAM,SAAS,IAAI,0BAA0B;AAErE,QAAI,OAAO;AAET,aAAO;AAAA,IACT;AAGA,WAAO;AAAA,EACT,SAAS,OAAO;AAEd,WAAO;AAAA,EACT;AACF;AAQA,eAAsB,+BACpB,UACkB;AAClB,MAAI,CAAC,UAAU;AACb,WAAO;AAAA,EACT;AAEA,MAAI;AACF,UAAM,EAAE,MAAM,IAAI,MAAM,SAAS,IAAI,0BAA0B;AAE/D,QAAI,OAAO;AACT,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT,SAAS,OAAO;AACd,WAAO;AAAA,EACT;AACF;","names":[]}

package/dist/chunk-U7DY5T33.js

@@ -0,0 +1,11 @@
+// src/utils/cn.ts
+import { clsx } from "clsx";
+import { twMerge } from "tailwind-merge";
+function cn(...inputs) {
+  return twMerge(clsx(inputs));
+}
+
+export {
+  cn
+};
+//# sourceMappingURL=chunk-U7DY5T33.js.map

package/dist/chunk-U7DY5T33.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/utils/cn.ts"],"sourcesContent":["\nimport { type ClassValue, clsx } from \"clsx\";\nimport { twMerge } from \"tailwind-merge\";\n\nexport function cn(...inputs: ClassValue[]) {\n  return twMerge(clsx(inputs));\n}\n"],"mappings":";AACA,SAA0B,YAAY;AACtC,SAAS,eAAe;AAEjB,SAAS,MAAM,QAAsB;AAC1C,SAAO,QAAQ,KAAK,MAAM,CAAC;AAC7B;","names":[]}