@jmruthers/pace-core 0.5.1 → 0.5.4

package/src/rbac/hooks/useRBAC.test.ts

@@ -0,0 +1,551 @@
+/**
+ * @file useRBAC Hook Tests
+ * @package @jmruthers/pace-core
+ * @module Hooks/useRBAC
+ * @since 0.3.0
+ * 
+ * Comprehensive tests for the useRBAC hook covering all critical functionality.
+ */
+
+import { renderHook, waitFor } from '@testing-library/react';
+import { vi, describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { useRBAC } from './useRBAC';
+import { useUnifiedAuth } from '../../providers/UnifiedAuthProvider';
+import { useOrganisations } from '../../providers/OrganisationProvider';
+import { useEvents } from '../../providers/EventProvider';
+
+// Mock the providers
+vi.mock('../../providers/UnifiedAuthProvider', () => ({
+  useUnifiedAuth: vi.fn()
+}));
+
+vi.mock('../../providers/OrganisationProvider', () => ({
+  useOrganisations: vi.fn()
+}));
+
+vi.mock('../../providers/EventProvider', () => ({
+  useEvents: vi.fn()
+}));
+
+// Mock Supabase client
+const mockSupabase = {
+  from: vi.fn(() => ({
+    select: vi.fn(() => ({
+      eq: vi.fn(() => ({
+        eq: vi.fn(() => ({
+          single: vi.fn().mockResolvedValue({ data: { global_role: 'user' }, error: null })
+        }))
+      }))
+    }))
+  })),
+  rpc: vi.fn().mockResolvedValue({ 
+    data: [
+      { 
+        permission_type: 'organisation_access', 
+        role_name: 'user',
+        operation: 'read',
+        resource: 'users'
+      }
+    ], 
+    error: null 
+  })
+};
+
+// Mock data
+const mockUser = {
+  id: 'user-123',
+  email: 'test@example.com',
+  user_metadata: { global_role: 'user' }
+};
+
+const mockSession = {
+  access_token: 'mock-token',
+  user: mockUser
+};
+
+const mockOrganisation = {
+  id: 'org-123',
+  name: 'Test Organisation'
+};
+
+const mockEvent = {
+  event_id: 'event-123',
+  name: 'Test Event'
+};
+
+describe('useRBAC Hook', () => {
+  const mockUseUnifiedAuth = vi.mocked(useUnifiedAuth);
+  const mockUseOrganisations = vi.mocked(useOrganisations);
+  const mockUseEvents = vi.mocked(useEvents);
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+    
+    // Default mock implementations
+    mockUseUnifiedAuth.mockReturnValue({
+      user: mockUser,
+      session: mockSession,
+      supabase: mockSupabase,
+      appName: 'test-app'
+    });
+    
+    mockUseOrganisations.mockReturnValue({
+      selectedOrganisation: mockOrganisation
+    });
+    
+    mockUseEvents.mockReturnValue({
+      selectedEvent: mockEvent
+    });
+  });
+
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  describe('Initialization', () => {
+    it('initializes with loading state', async () => {
+      const { result } = renderHook(() => useRBAC());
+      
+      // Wait for loading to complete
+      await waitFor(() => {
+        expect(result.current.isLoading).toBe(false);
+      });
+      
+      expect(result.current.globalRole).toBeNull();
+      expect(result.current.organisationRole).toBe('user');
+      expect(result.current.eventAppRole).toBeNull();
+      expect(result.current.permissions).toEqual([
+        { 
+          permission_type: 'organisation_access', 
+          role_name: 'user',
+          operation: 'read',
+          resource: 'users'
+        }
+      ]);
+      expect(result.current.error).toBeNull();
+    });
+
+    it('loads RBAC context on mount', async () => {
+      // Mock successful role detection
+      mockSupabase.from.mockReturnValue({
+        select: vi.fn(() => ({
+          eq: vi.fn(() => ({
+            eq: vi.fn(() => ({
+              single: vi.fn().mockResolvedValue({
+                data: { global_role: 'super_admin' },
+                error: null
+              })
+            }))
+          }))
+        }))
+      });
+
+      const { result } = renderHook(() => useRBAC());
+
+      await waitFor(() => {
+        expect(result.current.isLoading).toBe(false);
+      });
+    });
+
+    it('handles missing auth context gracefully', () => {
+      mockUseUnifiedAuth.mockReturnValue({
+        user: null,
+        session: null,
+        supabase: null,
+        appName: null
+      });
+
+      const { result } = renderHook(() => useRBAC());
+      
+      expect(result.current.globalRole).toBeNull();
+      expect(result.current.organisationRole).toBeNull();
+      expect(result.current.eventAppRole).toBeNull();
+    });
+  });
+
+  describe('Role Detection', () => {
+    it('detects super admin role', async () => {
+      // Override the rpc mock for this test
+      mockSupabase.rpc.mockResolvedValue({ 
+        data: [
+          { 
+            permission_type: 'all_permissions', 
+            role_name: 'super_admin',
+            operation: 'read',
+            resource: 'users'
+          }
+        ], 
+        error: null 
+      });
+
+      const { result } = renderHook(() => useRBAC());
+
+      await waitFor(() => {
+        expect(result.current.globalRole).toBe('super_admin');
+        expect(result.current.isSuperAdmin).toBe(true);
+      });
+    });
+
+    it('detects organisation roles', async () => {
+      // Override the rpc mock for this test
+      mockSupabase.rpc.mockResolvedValue({ 
+        data: [
+          { 
+            permission_type: 'organisation_access', 
+            role_name: 'org_admin',
+            operation: 'read',
+            resource: 'users'
+          }
+        ], 
+        error: null 
+      });
+
+      const { result } = renderHook(() => useRBAC());
+
+      await waitFor(() => {
+        expect(result.current.organisationRole).toBe('org_admin');
+        expect(result.current.isOrgAdmin).toBe(true);
+      });
+    });
+
+    it('detects event app roles', async () => {
+      // Override the rpc mock for this test
+      mockSupabase.rpc.mockResolvedValue({ 
+        data: [
+          { 
+            permission_type: 'event_app_access', 
+            role_name: 'planner',
+            operation: 'read',
+            resource: 'users'
+          }
+        ], 
+        error: null 
+      });
+
+      const { result } = renderHook(() => useRBAC());
+
+      await waitFor(() => {
+        expect(result.current.eventAppRole).toBe('planner');
+      });
+    });
+
+    it('handles role hierarchy correctly', async () => {
+      // Override the rpc mock for this test
+      mockSupabase.rpc.mockResolvedValue({ 
+        data: [
+          { 
+            permission_type: 'all_permissions', 
+            role_name: 'super_admin',
+            operation: 'read',
+            resource: 'users'
+          },
+          { 
+            permission_type: 'organisation_access', 
+            role_name: 'org_admin',
+            operation: 'read',
+            resource: 'users'
+          }
+        ], 
+        error: null 
+      });
+
+      const { result } = renderHook(() => useRBAC());
+
+      await waitFor(() => {
+        expect(result.current.isSuperAdmin).toBe(true);
+        expect(result.current.isOrgAdmin).toBe(true);
+      });
+    });
+  });
+
+  describe('Permission Checking', () => {
+    it('hasPermission returns true for super admin', async () => {
+      // Override the rpc mock for this test
+      mockSupabase.rpc.mockResolvedValue({ 
+        data: [
+          { 
+            permission_type: 'all_permissions', 
+            role_name: 'super_admin',
+            operation: 'read',
+            resource: 'users'
+          }
+        ], 
+        error: null 
+      });
+
+      const { result } = renderHook(() => useRBAC());
+
+      await waitFor(() => {
+        expect(result.current.isSuperAdmin).toBe(true);
+      });
+
+      // Super admin should have all permissions
+      const hasPermission = await result.current.hasPermission('read', 'dashboard');
+      expect(hasPermission).toBe(true);
+    });
+
+    it('hasPermission checks database for regular users', async () => {
+      // Override the rpc mock for this test
+      mockSupabase.rpc.mockResolvedValue({ 
+        data: [
+          { 
+            permission_type: 'organisation_access', 
+            role_name: 'user',
+            operation: 'read',
+            resource: 'users'
+          }
+        ], 
+        error: null 
+      });
+
+      const { result } = renderHook(() => useRBAC());
+
+      await waitFor(() => {
+        expect(result.current.organisationRole).toBe('user');
+      });
+
+      // Mock the app lookup
+      mockSupabase.from.mockReturnValue({
+        select: vi.fn(() => ({
+          eq: vi.fn(() => ({
+            eq: vi.fn(() => ({
+              single: vi.fn().mockResolvedValue({
+                data: { id: 'app-123' },
+                error: null
+              })
+            }))
+          }))
+        }))
+      });
+
+      // Mock the permission check
+      mockSupabase.rpc.mockResolvedValue({
+        data: true,
+        error: null
+      });
+
+      const hasPermission = await result.current.hasPermission('read', 'dashboard');
+      expect(hasPermission).toBe(true);
+      expect(mockSupabase.rpc).toHaveBeenCalledWith('check_page_permission', {
+        p_user_id: 'user-123',
+        p_app_id: 'app-123',
+        p_page_id: 'dashboard',
+        p_operation: 'read',
+        p_event_id: 'event-123',
+        p_organisation_id: 'org-123'
+      });
+    });
+
+    it('hasPermission handles errors gracefully', async () => {
+      // Override the rpc mock for this test
+      mockSupabase.rpc.mockResolvedValue({ 
+        data: [
+          { 
+            permission_type: 'organisation_access', 
+            role_name: 'user',
+            operation: 'read',
+            resource: 'users'
+          }
+        ], 
+        error: null 
+      });
+
+      const { result } = renderHook(() => useRBAC());
+
+      await waitFor(() => {
+        expect(result.current.organisationRole).toBe('user');
+      });
+
+      // Mock the app lookup
+      mockSupabase.from.mockReturnValue({
+        select: vi.fn(() => ({
+          eq: vi.fn(() => ({
+            eq: vi.fn(() => ({
+              single: vi.fn().mockResolvedValue({
+                data: { id: 'app-123' },
+                error: null
+              })
+            }))
+          }))
+        }))
+      });
+
+      // Mock the permission check to fail
+      mockSupabase.rpc.mockRejectedValue(new Error('Database error'));
+
+      const hasPermission = await result.current.hasPermission('read', 'dashboard');
+      expect(hasPermission).toBe(false);
+    });
+
+    it('hasGlobalPermission works for global roles', () => {
+      mockSupabase.from.mockReturnValue({
+        select: vi.fn(() => ({
+          eq: vi.fn(() => ({
+            eq: vi.fn(() => ({
+              single: vi.fn().mockResolvedValue({
+                data: { global_role: 'super_admin' },
+                error: null
+              })
+            }))
+          }))
+        }))
+      });
+
+      const { result } = renderHook(() => useRBAC());
+
+      // Test after role is loaded
+      waitFor(() => {
+        expect(result.current.hasGlobalPermission('super_admin')).toBe(true);
+        expect(result.current.hasGlobalPermission('org_admin')).toBe(true);
+        expect(result.current.hasGlobalPermission('invalid_permission')).toBe(false);
+      });
+    });
+  });
+
+  describe('Context Integration', () => {
+    it('integrates with organisation context', async () => {
+      const { result } = renderHook(() => useRBAC());
+
+      await waitFor(() => {
+        expect(result.current.organisationRole).toBeDefined();
+      });
+    });
+
+    it('integrates with event context', async () => {
+      const { result } = renderHook(() => useRBAC());
+
+      await waitFor(() => {
+        expect(result.current.eventAppRole).toBeDefined();
+      });
+    });
+
+    it('handles missing event context gracefully', () => {
+      mockUseEvents.mockImplementation(() => {
+        throw new Error('EventProvider not available');
+      });
+
+      const { result } = renderHook(() => useRBAC());
+      
+      // Should not throw error and continue without event context
+      expect(result.current.eventAppRole).toBeNull();
+    });
+
+    it('handles missing organisation context gracefully', () => {
+      mockUseOrganisations.mockReturnValue({
+        selectedOrganisation: null
+      });
+
+      const { result } = renderHook(() => useRBAC());
+      
+      expect(result.current.organisationRole).toBeNull();
+    });
+  });
+
+  describe('Error Handling', () => {
+    it('handles database errors during role detection', async () => {
+      mockSupabase.from.mockReturnValue({
+        select: vi.fn(() => ({
+          eq: vi.fn(() => ({
+            eq: vi.fn(() => ({
+              single: vi.fn().mockRejectedValue(new Error('Database error'))
+            }))
+          }))
+        }))
+      });
+
+      const { result } = renderHook(() => useRBAC());
+
+      await waitFor(() => {
+        expect(result.current.error).toBeDefined();
+        expect(result.current.isLoading).toBe(false);
+      });
+    });
+
+    it('handles missing app data gracefully', async () => {
+      mockSupabase.from.mockReturnValue({
+        select: vi.fn(() => ({
+          eq: vi.fn(() => ({
+            eq: vi.fn(() => ({
+              single: vi.fn().mockResolvedValue({
+                data: null,
+                error: { message: 'App not found' }
+              })
+            }))
+          }))
+        }))
+      });
+
+      const { result } = renderHook(() => useRBAC());
+
+      await waitFor(() => {
+        expect(result.current.globalRole).toBeNull();
+      });
+    });
+  });
+
+  describe('Performance', () => {
+    it('maintains stable references for same inputs', () => {
+      const { result, rerender } = renderHook(() => useRBAC());
+      
+      const firstRender = result.current;
+      rerender();
+      const secondRender = result.current;
+      
+      // Functions should be stable
+      expect(firstRender.hasPermission).toBe(secondRender.hasPermission);
+      expect(firstRender.hasGlobalPermission).toBe(secondRender.hasGlobalPermission);
+    });
+
+    it('handles rapid re-renders efficiently', () => {
+      const { result, rerender } = renderHook(() => useRBAC());
+      
+      // Rapid re-renders should not cause issues
+      for (let i = 0; i < 10; i++) {
+        rerender();
+      }
+      
+      expect(result.current).toBeDefined();
+    });
+  });
+
+  describe('Edge Cases', () => {
+    it('handles null user gracefully', () => {
+      mockUseUnifiedAuth.mockReturnValue({
+        user: null,
+        session: null,
+        supabase: mockSupabase,
+        appName: 'test-app'
+      });
+
+      const { result } = renderHook(() => useRBAC());
+      
+      expect(result.current.globalRole).toBeNull();
+    });
+
+    it('handles missing session gracefully', () => {
+      mockUseUnifiedAuth.mockReturnValue({
+        user: mockUser,
+        session: null,
+        supabase: mockSupabase,
+        appName: 'test-app'
+      });
+
+      const { result } = renderHook(() => useRBAC());
+      
+      expect(result.current.globalRole).toBeNull();
+    });
+
+    it('handles missing supabase client gracefully', () => {
+      mockUseUnifiedAuth.mockReturnValue({
+        user: mockUser,
+        session: mockSession,
+        supabase: null,
+        appName: 'test-app'
+      });
+
+      const { result } = renderHook(() => useRBAC());
+      
+      expect(result.current.globalRole).toBeNull();
+    });
+  });
+});

package/src/{hooks → rbac/hooks}/useRBAC.ts

@@ -1,7 +1,7 @@
 /**
  * @file RBAC Hook
  * @package @jmruthers/pace-core
- * @module Hooks/RBAC
+ * @module RBAC/Hooks
  * @since 0.3.0
  *
  * A React hook that provides access to the new RBAC (Role-Based Access Control) system.
@@ -17,7 +17,7 @@
  *
  * @example
  * ```tsx
- * import { useRBAC } from '@jmruthers/pace-core';
+ * import { useRBAC } from '@jmruthers/pace-core/rbac';
  * 
  * function MyComponent() {
  *   const {
@@ -67,9 +67,9 @@
  */
 
 import { useState, useEffect, useCallback, useMemo } from 'react';
-import { useUnifiedAuth } from '../providers/UnifiedAuthProvider';
-import { useOrganisations } from '../providers/OrganisationProvider';
-import { useEvents } from '../providers/EventProvider';
+import { useUnifiedAuth } from '../../providers/UnifiedAuthProvider';
+import { useOrganisations } from '../../providers/OrganisationProvider';
+import { useEvents } from '../../providers/EventProvider';
 import type { 
   UserRBACContext, 
   GlobalRole, 
@@ -77,7 +77,7 @@ import type {
   EventAppRole, 
   Operation,
   RBACPermission 
-} from '../rbac/types';
+} from '../types';
 
 export function useRBAC(pageId?: string): UserRBACContext {
   const { user, session, supabase, appName } = useUnifiedAuth();
@@ -259,4 +259,4 @@ export function useRBAC(pageId?: string): UserRBACContext {
     isLoading,
     error
   };
-} 
+}

package/src/rbac/index.ts

@@ -74,16 +74,11 @@ export {
 // Components (NEW - Phase 1 & 2)
 export * from './components';
 
-// Hooks
-export {
-  usePermissions,
-  useCan,
-  useAccessLevel,
-  useMultiplePermissions,
-  useHasAnyPermission,
-  useHasAllPermissions,
-  useCachedPermissions,
-} from './hooks';
+// Hooks - Consolidated from rbac/hooks/
+export * from './hooks';
+
+// Providers - Consolidated from rbac/providers/
+export * from './providers';
 
 // Adapters
 export {

package/src/{providers → rbac/providers}/RBACProvider.tsx

@@ -1,7 +1,7 @@
 /**
  * @file RBAC Provider
  * @package @jmruthers/pace-core
- * @module Providers/RBAC
+ * @module RBAC/Providers
  * @since 0.1.0
  *
  * Handles role-based access control, permissions, and event access management.
@@ -10,8 +10,8 @@
 
 import React, { createContext, useContext, useState, useEffect, useCallback, useMemo } from 'react';
 import { type SupabaseClient, type User, type Session } from '@supabase/supabase-js';
-import { AccessLevel } from '../types/unified';
-import { DebugLogger } from '../utils/debugLogger';
+import { AccessLevel } from '../../types/unified';
+import { DebugLogger } from '../../utils/debugLogger';
 
 // App configuration type
 interface AppConfig {
@@ -215,7 +215,7 @@ export function RBACProvider({
     const loadAppConfig = async () => {
       try {
         // Use the same app name resolution as PagePermissionGuard
-        const { getCurrentAppName } = await import('../utils/appNameResolver');
+        const { getCurrentAppName } = await import('../../utils/appNameResolver');
         const resolvedAppName = getCurrentAppName() || appName;
         
         // First resolve app name to app_id
@@ -371,7 +371,7 @@ export function RBACProvider({
 
     try {
       // Use the same app name resolution as PagePermissionGuard
-      const { getCurrentAppName } = await import('../utils/appNameResolver');
+      const { getCurrentAppName } = await import('../../utils/appNameResolver');
       const resolvedAppName = getCurrentAppName() || appName;
       
       // First resolve app name to app_id
@@ -422,7 +422,7 @@ export function RBACProvider({
     setEventAccessLoading(true);
     try {
       // Use the same app name resolution as PagePermissionGuard
-      const { getCurrentAppName } = await import('../utils/appNameResolver');
+      const { getCurrentAppName } = await import('../../utils/appNameResolver');
       const resolvedAppName = getCurrentAppName() || appName;
       
       // First resolve app name to app_id