@jmruthers/pace-core 0.5.106 → 0.5.108

package/src/components/NavigationMenu/NavigationMenu.test.tsx

@@ -21,9 +21,11 @@ const mockAuthContext = {
   refreshSession: vi.fn(),
   appName: 'Test App',
   hasErrors: false,
-  selectedOrganisation: null,
+  selectedOrganisation: { id: 'test-org-1', name: 'Test Org', display_name: 'Test Organisation', subscription_tier: 'basic', settings: {}, is_active: true, parent_id: null, created_at: '', updated_at: '' },
   organisations: [],
+  selectedEvent: null,
   events: [],
+  supabase: {},
   // Note: hasPermission, hasRole, hasAccessLevel, permissions, roles, and accessLevel
   // were removed from UnifiedAuthProvider. Use useRBAC() hook for permissions instead.
   // Inactivity context
@@ -39,6 +41,50 @@ vi.mock('../../providers/UnifiedAuthProvider', () => ({
   useUnifiedAuth: vi.fn(() => mockAuthContext),
 }));
 
+// Mock RBAC hooks with hoisted mocks so they can be controlled per test
+const mockUseRBAC = vi.hoisted(() => vi.fn(() => ({
+  user: { id: 'test-user', email: 'test@example.com' },
+  globalRole: null,
+  organisationRole: null,
+  eventAppRole: null,
+  hasPermission: vi.fn(),
+  hasGlobalPermission: vi.fn(),
+  isSuperAdmin: false,
+  isOrgAdmin: false,
+  isEventAdmin: false,
+  canManageOrganisation: false,
+  canManageEvent: false,
+  isLoading: false,
+  error: null,
+})));
+
+const mockUseResolvedScope = vi.hoisted(() => vi.fn(() => ({
+  resolvedScope: { organisationId: 'test-org-1', eventId: undefined, appId: undefined },
+  isLoading: false,
+})));
+
+const mockUsePermissions = vi.hoisted(() => vi.fn(() => ({
+  permissions: {} as any,
+  isLoading: false,
+  error: null,
+  hasPermission: vi.fn(() => false),
+  hasAnyPermission: vi.fn(() => false),
+  hasAllPermissions: vi.fn(() => false),
+  refetch: vi.fn(),
+})));
+
+vi.mock('../../rbac/hooks/useRBAC', () => ({
+  useRBAC: mockUseRBAC,
+}));
+
+vi.mock('../../rbac/hooks', () => ({
+  useResolvedScope: mockUseResolvedScope,
+}));
+
+vi.mock('../../rbac/hooks/usePermissions', () => ({
+  usePermissions: mockUsePermissions,
+}));
+
 // Mock console methods to avoid noise in tests
 const originalConsoleLog = console.log;
 const originalConsoleWarn = console.warn;
@@ -381,15 +427,41 @@ describe('NavigationMenu Component', () => {
   // Permission-based filtering tests
   describe('Permission-Based Filtering', () => {
     beforeEach(() => {
-      // Note: Permission checks are currently disabled in NavigationMenu
-      // until migrated to useRBAC() hook. See NavigationMenu.tsx for TODOs.
       vi.clearAllMocks();
     });
 
-    it.skip('renders items with permission requirements', async () => {
-      // TODO: This test is skipped because NavigationMenu permission filtering is temporarily disabled
-      // until migrated to useRBAC() hook. See NavigationMenu.tsx for TODOs.
+    it('renders items with permission requirements', async () => {
       const user = userEvent.setup();
+      
+      // Mock RBAC hooks to grant permissions and roles
+      mockUseRBAC.mockReturnValue({
+        user: { id: 'test-user', email: 'test@example.com' },
+        globalRole: null,
+        organisationRole: 'org_admin' as any,
+        eventAppRole: 'event_admin' as any,
+        hasPermission: vi.fn(),
+        hasGlobalPermission: vi.fn(),
+        isSuperAdmin: false,
+        isOrgAdmin: true,
+        isEventAdmin: true,
+        canManageOrganisation: true,
+        canManageEvent: true,
+        isLoading: false,
+        error: null,
+      });
+      
+      mockUsePermissions.mockReturnValue({
+        permissions: {
+          'dashboard:read': true,
+        } as any,
+        isLoading: false,
+        error: null,
+        hasPermission: vi.fn((p: any) => p === 'dashboard:read'),
+        hasAnyPermission: vi.fn((ps: any[]) => ps.some((p: any) => p === 'dashboard:read')),
+        hasAllPermissions: vi.fn(() => true),
+        refetch: vi.fn(),
+      });
+      
       renderWithProviders(
         <NavigationMenu
           items={permissionBasedNavItems}
@@ -507,11 +579,38 @@ describe('NavigationMenu Component', () => {
       expect(window.location.href).toBe('/');
     });
 
-    it.skip('handles permission-based navigation', async () => {
-      // TODO: This test is skipped because NavigationMenu permission filtering is temporarily disabled
-      // until migrated to useRBAC() hook. See NavigationMenu.tsx for TODOs.
+    it('handles permission-based navigation', async () => {
       const user = userEvent.setup();
       
+      // Mock RBAC hooks to grant permissions and roles
+      mockUseRBAC.mockReturnValue({
+        user: { id: 'test-user', email: 'test@example.com' },
+        globalRole: null,
+        organisationRole: 'org_admin' as any,
+        eventAppRole: 'event_admin' as any,
+        hasPermission: vi.fn(),
+        hasGlobalPermission: vi.fn(),
+        isSuperAdmin: false,
+        isOrgAdmin: true,
+        isEventAdmin: true,
+        canManageOrganisation: true,
+        canManageEvent: true,
+        isLoading: false,
+        error: null,
+      });
+      
+      mockUsePermissions.mockReturnValue({
+        permissions: {
+          'dashboard:read': true,
+        } as any,
+        isLoading: false,
+        error: null,
+        hasPermission: vi.fn((p: any) => p === 'dashboard:read'),
+        hasAnyPermission: vi.fn((ps: any[]) => ps.some((p: any) => p === 'dashboard:read')),
+        hasAllPermissions: vi.fn(() => true),
+        refetch: vi.fn(),
+      });
+      
       renderWithProviders(
         <NavigationMenu
           items={permissionBasedNavItems}
@@ -530,12 +629,52 @@ describe('NavigationMenu Component', () => {
         expect(screen.getByText('Users')).toBeInTheDocument();
         expect(screen.getByText('Settings')).toBeInTheDocument();
       }, { interval: 10 });
+      
+      // Click on an item to verify navigation works
+      const dashboardItem = screen.getByText('Dashboard');
+      await user.click(dashboardItem);
+      
+      expect(mockNavigate).toHaveBeenCalledWith(
+        expect.objectContaining({
+          id: 'dashboard',
+          label: 'Dashboard',
+          href: '/dashboard',
+        })
+      );
     });
 
-    it.skip('handles strict mode configuration', async () => {
-      // TODO: This test is skipped because NavigationMenu permission filtering is temporarily disabled
-      // until migrated to useRBAC() hook. See NavigationMenu.tsx for TODOs.
+    it('handles strict mode configuration', async () => {
       const user = userEvent.setup();
+      
+      // Mock RBAC hooks to grant permissions and roles
+      mockUseRBAC.mockReturnValue({
+        user: { id: 'test-user', email: 'test@example.com' },
+        globalRole: null,
+        organisationRole: 'org_admin' as any,
+        eventAppRole: 'event_admin' as any,
+        hasPermission: vi.fn(),
+        hasGlobalPermission: vi.fn(),
+        isSuperAdmin: false,
+        isOrgAdmin: true,
+        isEventAdmin: true,
+        canManageOrganisation: true,
+        canManageEvent: true,
+        isLoading: false,
+        error: null,
+      });
+      
+      mockUsePermissions.mockReturnValue({
+        permissions: {
+          'dashboard:read': true,
+        } as any,
+        isLoading: false,
+        error: null,
+        hasPermission: vi.fn((p: any) => p === 'dashboard:read'),
+        hasAnyPermission: vi.fn((ps: any[]) => ps.some((p: any) => p === 'dashboard:read')),
+        hasAllPermissions: vi.fn(() => true),
+        refetch: vi.fn(),
+      });
+      
       renderWithProviders(
         <NavigationMenu
           items={permissionBasedNavItems}
@@ -555,6 +694,14 @@ describe('NavigationMenu Component', () => {
         expect(screen.getByText('Users')).toBeInTheDocument();
         expect(screen.getByText('Settings')).toBeInTheDocument();
       }, { interval: 10 });
+      
+      // Verify strict mode is working - navigation should proceed with permissions
+      const dashboardItem = screen.getByText('Dashboard');
+      await user.click(dashboardItem);
+      
+      expect(mockNavigate).toHaveBeenCalled();
+      // Should not trigger strict mode violation since user has permissions
+      expect(mockOnStrictModeViolation).not.toHaveBeenCalled();
     });
   });
 
@@ -693,6 +840,35 @@ describe('NavigationMenu Component', () => {
         },
       ];
 
+      // Mock RBAC to grant the valid permission
+      mockUseRBAC.mockReturnValue({
+        user: { id: 'test-user', email: 'test@example.com' },
+        globalRole: null,
+        organisationRole: null,
+        eventAppRole: null,
+        hasPermission: vi.fn(),
+        hasGlobalPermission: vi.fn(),
+        isSuperAdmin: false,
+        isOrgAdmin: false,
+        isEventAdmin: false,
+        canManageOrganisation: false,
+        canManageEvent: false,
+        isLoading: false,
+        error: null,
+      });
+      
+      mockUsePermissions.mockReturnValue({
+        permissions: {
+          'valid-permission': true,
+        } as any,
+        isLoading: false,
+        error: null,
+        hasPermission: vi.fn((p: any) => p === 'valid-permission'),
+        hasAnyPermission: vi.fn((ps: any[]) => ps.some((p: any) => typeof p === 'string' && p === 'valid-permission')),
+        hasAllPermissions: vi.fn(() => true),
+        refetch: vi.fn(),
+      });
+
       renderWithProviders(
         <NavigationMenu
           items={invalidPermissionItems}
@@ -706,7 +882,7 @@ describe('NavigationMenu Component', () => {
       await user.click(trigger);
 
       await waitFor(() => {
-        // Should not crash and should show the item
+        // Should not crash and should show the item (invalid types filtered out, valid permission granted)
         expect(screen.getByText('Test')).toBeInTheDocument();
       }, { interval: 10 });
     });

package/src/components/NavigationMenu/NavigationMenu.tsx

@@ -198,7 +198,10 @@ import { NavigationMenuProps, NavigationItem } from "./types";
 import { Button } from "../Button";
 import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "../Select";
 import { useUnifiedAuth } from "../../providers/UnifiedAuthProvider";
-import { AccessLevel } from "../../types/unified";
+import { useRBAC } from "../../rbac/hooks/useRBAC";
+import { useResolvedScope } from "../../rbac/hooks";
+import { usePermissions } from "../../rbac/hooks/usePermissions";
+import type { Permission, AccessLevel as RBACAccessLevel } from "../../rbac/types";
 
 /**
  * Unified NavigationMenu component that supports both dropdown and hierarchical navigation modes.
@@ -424,10 +427,40 @@ export const NavigationMenu = React.forwardRef<
     console.warn('[NavigationMenu] useUnifiedAuth not available, running in unauthenticated mode');
   }
 
+  // Get RBAC context for permission and role checks
+  let rbacContext = null;
+  try {
+    rbacContext = useRBAC();
+  } catch (error) {
+    // RBAC not available - permission filtering will be disabled
+    console.warn('[NavigationMenu] useRBAC not available, permission filtering disabled');
+  }
+
+  // Get resolved scope for permission checks
+  const { supabase } = authContext || {};
+  const { selectedOrganisation } = authContext || {};
+  const selectedEvent = authContext?.selectedEvent || null;
+  const { resolvedScope, isLoading: scopeLoading } = useResolvedScope({
+    supabase: supabase || null,
+    selectedOrganisationId: selectedOrganisation?.id || null,
+    selectedEventId: selectedEvent?.event_id || null
+  });
+
+  // Get permissions map for synchronous permission checks
+  const userId = authContext?.user?.id || '';
+  const scope = resolvedScope || { organisationId: '', eventId: undefined, appId: undefined };
+  const { permissions: permissionMap, hasAnyPermission, isLoading: permissionsLoading } = usePermissions(
+    userId as any,
+    scope as any
+  );
+
   // NEW: Phase 2 - Enhanced Security Features
-  // Filter navigation items based on permissions
+  // Filter navigation items based on permissions using RBAC hooks
   const filteredItems = React.useMemo(() => {
-    if (!filterByPermissions || !authContext) return items || [];
+    // If filtering disabled, auth unavailable, RBAC unavailable, scope/permissions loading, or no org context: show all items (except hidden)
+    if (!filterByPermissions || !authContext || !rbacContext || scopeLoading || permissionsLoading || !resolvedScope?.organisationId) {
+      return (items || []).filter(item => !item.meta?.hidden);
+    }
     
     return (items || []).filter(item => {
       // Check if item should be hidden
@@ -435,44 +468,98 @@ export const NavigationMenu = React.forwardRef<
       
       // Check permissions if available
       if (item.permissions && item.permissions.length > 0) {
-        const hasPermission = item.permissions.some(permission => {
-          // Only check string permissions, ignore invalid types
-          if (typeof permission !== 'string') return true;
-          // TODO: Migrate to useRBAC() hook for permission checks
-          // RBAC properties were removed from UnifiedAuthProvider
-          return false; // Default to no permission until migrated
-        });
-        if (!hasPermission) return false;
+        // Convert string permissions to Permission type and check
+        const permissions = item.permissions
+          .filter((p): p is string => typeof p === 'string')
+          .map(p => p as Permission);
+        
+        if (permissions.length > 0) {
+          const hasPermission = hasAnyPermission(permissions);
+          if (!hasPermission) return false;
+        }
       }
       
       // Check roles if available
       if (item.roles && item.roles.length > 0) {
         const hasRole = item.roles.some(role => {
-          // Only check string roles, ignore invalid types
           if (typeof role !== 'string') return true;
-          // TODO: Migrate to useRBAC() hook for role checks
-          // RBAC properties were removed from UnifiedAuthProvider
-          return false; // Default to no role until migrated
+          
+          // Map role strings to RBAC role checks
+          switch (role.toLowerCase()) {
+            case 'super_admin':
+            case 'super admin':
+              return rbacContext.isSuperAdmin;
+            case 'org_admin':
+            case 'org admin':
+            case 'admin':
+              return rbacContext.isOrgAdmin || rbacContext.isSuperAdmin;
+            case 'event_admin':
+            case 'event admin':
+              return rbacContext.isEventAdmin || rbacContext.isSuperAdmin;
+            default:
+              // For other roles, check against organisationRole or eventAppRole
+              return (
+                rbacContext.organisationRole === role ||
+                rbacContext.eventAppRole === role ||
+                rbacContext.isSuperAdmin
+              );
+          }
         });
         if (!hasRole) return false;
       }
       
       // Check access level if available
       if (item.accessLevel) {
-        // Only check string access levels, ignore invalid types
         if (typeof item.accessLevel === 'string') {
-          // Convert string to AccessLevel enum
-          const accessLevel = item.accessLevel as AccessLevel;
-          // TODO: Migrate to useRBAC() hook for access level checks
-          // RBAC properties were removed from UnifiedAuthProvider
-          const hasAccessLevel = false; // Default to no access until migrated
-          if (!hasAccessLevel) return false;
+          // Map access level string to RBAC access level
+          const accessLevel = item.accessLevel.toLowerCase() as RBACAccessLevel;
+          const userEventRole = rbacContext.eventAppRole;
+          
+          // If user is super admin, they have all access levels
+          if (rbacContext.isSuperAdmin) {
+            // Super admin has access
+          } else {
+            // Map eventAppRole to access level for comparison
+            // eventAppRole: 'viewer' | 'participant' | 'planner' | 'event_admin'
+            const roleToAccessLevel: Record<string, RBACAccessLevel> = {
+              'viewer': 'viewer',
+              'participant': 'participant',
+              'planner': 'planner',
+              'event_admin': 'admin',
+            };
+            const userAccessLevel = userEventRole ? (roleToAccessLevel[userEventRole] || 'viewer') : null;
+            
+            // Check if user's access level meets the required access level
+            const levelHierarchy: Record<RBACAccessLevel, number> = {
+              viewer: 1,
+              participant: 2,
+              planner: 3,
+              admin: 4,
+              super: 5
+            };
+            const requiredLevel = levelHierarchy[accessLevel] || 0;
+            const userLevel = userAccessLevel ? levelHierarchy[userAccessLevel] || 0 : 0;
+            
+            if (userLevel < requiredLevel) {
+              return false;
+            }
+          }
         }
       }
       
       return true;
     });
-  }, [items, filterByPermissions, authContext]);
+  }, [
+    items, 
+    filterByPermissions, 
+    authContext, 
+    rbacContext, 
+    permissionMap, 
+    hasAnyPermission, 
+    scopeLoading, 
+    permissionsLoading,
+    resolvedScope
+  ]);
 
   // Log navigation access attempts for debugging
   React.useEffect(() => {
@@ -552,26 +639,46 @@ export const NavigationMenu = React.forwardRef<
     // Check if item should be visible (already filtered)
     const isItemVisible = filteredItems.some(filtered => filtered.id === item.id);
     
-    // Check permissions if the item requires them
+    // Check permissions if the item requires them using RBAC hooks
     let hasPermission = true; // Default to true if no permission requirements
     
-    if (item.permissions && item.permissions.length > 0) {
-      hasPermission = item.permissions.some(permission => {
-        if (typeof permission !== 'string') return true;
-        // TODO: Migrate to useRBAC() hook for permission checks
-        // RBAC properties were removed from UnifiedAuthProvider
-        return false; // Default to no permission until migrated
-      });
+    if (item.permissions && item.permissions.length > 0 && rbacContext && hasAnyPermission) {
+      // Convert string permissions to Permission type and check
+      const permissions = item.permissions
+        .filter((p): p is string => typeof p === 'string')
+        .map(p => p as Permission);
+      
+      if (permissions.length > 0) {
+        hasPermission = hasAnyPermission(permissions);
+      }
     }
     
-    if (!hasPermission) {
+    if (!hasPermission && rbacContext) {
       // Check roles if permissions check failed or item has role requirements
       if (item.roles && item.roles.length > 0) {
         hasPermission = item.roles.some(role => {
           if (typeof role !== 'string') return true;
-          // TODO: Migrate to useRBAC() hook for role checks
-          // RBAC properties were removed from UnifiedAuthProvider
-          return false; // Default to no role until migrated
+          
+          // Map role strings to RBAC role checks (same logic as filtering)
+          switch (role.toLowerCase()) {
+            case 'super_admin':
+            case 'super admin':
+              return rbacContext.isSuperAdmin;
+            case 'org_admin':
+            case 'org admin':
+            case 'admin':
+              return rbacContext.isOrgAdmin || rbacContext.isSuperAdmin;
+            case 'event_admin':
+            case 'event admin':
+              return rbacContext.isEventAdmin || rbacContext.isSuperAdmin;
+            default:
+              // For other roles, check against organisationRole or eventAppRole
+              return (
+                rbacContext.organisationRole === role ||
+                rbacContext.eventAppRole === role ||
+                rbacContext.isSuperAdmin
+              );
+          }
         });
       }
     }

package/src/components/PaceAppLayout/PaceAppLayout.tsx

@@ -243,7 +243,7 @@ export interface PaceAppLayoutProps {
  * 
  * 
  * @example
- * Custom navigation items with permission filtering:
+ * Custom navigation items with permission filtering (works independently of route enforcement):
  * ```tsx
  * import { NavigationItem } from '@jmruthers/pace-core';
  * 
@@ -261,13 +261,15 @@ export interface PaceAppLayoutProps {
  *           <PaceAppLayout 
  *             appName="My Custom App" 
  *             navItems={customNavItems}
- *             enforcePermissions={true}
+ *             // Navigation filtering works independently - no need for enforcePermissions
  *             filterNavigationByPermissions={true}
  *             routePermissions={{
  *               '/components': 'read',
  *               '/styles': 'read',
  *               '/meals': 'read'
  *             }}
+ *             // Optionally enable route-level enforcement (separate from navigation filtering)
+ *             // enforcePermissions={true}
  *           />
  *         }>
  *           <Route path="components" element={<ComponentsPage />} />
@@ -367,12 +369,24 @@ export function PaceAppLayout({
       
       // Check if user is super admin first - super admins can access everything
       // regardless of organisation context
-      const { isSuperAdmin } = await import('../../rbac/api');
-      const isSuper = await isSuperAdmin(user.id);
-      
-      if (isSuper) {
-        // Super admin bypass - allow access regardless of organisation context
-        return true;
+      // Gracefully handle RBAC not being initialized (e.g., in tests)
+      try {
+        const { isSuperAdmin } = await import('../../rbac/api');
+        const isSuper = await isSuperAdmin(user.id);
+        
+        if (isSuper) {
+          // Super admin bypass - allow access regardless of organisation context
+          return true;
+        }
+      } catch (error) {
+        // If RBAC is not initialized (e.g., in tests), continue with normal permission check
+        // This prevents errors from breaking permission checks when RBAC isn't available
+        if (error && typeof error === 'object' && 'code' in error && error.code === 'RBAC_NOT_INITIALIZED') {
+          // RBAC not available - proceed with normal permission check
+        } else {
+          // Re-throw unexpected errors
+          throw error;
+        }
       }
       
       // For non-super admins, ensure we have at least organisationId for RBAC
@@ -498,10 +512,12 @@ export function PaceAppLayout({
   }, [enforcePermissions, currentRoutePermission, currentPageId, strictMode, user?.id]);
 
   // Filter navigation items based on permissions
+  // This works independently of route enforcement - navigation filtering doesn't require enforcePermissions
   const [filteredMenuItems, setFilteredMenuItems] = useState<NavigationItem[]>(baseMenuItems);
 
   useEffect(() => {
-    if (!filterNavigationByPermissions || !enforcePermissions) {
+    // Allow navigation filtering without route enforcement
+    if (!filterNavigationByPermissions) {
       setFilteredMenuItems(baseMenuItems);
       return;
     }
@@ -509,6 +525,58 @@ export function PaceAppLayout({
     let isMounted = true;
 
     const filterItems = async () => {
+      // Wait for organisation context to be ready before filtering
+      // This prevents blocking navigation while context is loading
+      if (!user?.id) {
+        // User not loaded yet - show all items until context is ready
+        if (isMounted) {
+          setFilteredMenuItems(baseMenuItems);
+        }
+        return;
+      }
+
+      // Check if organisation context is available
+      const scope = {
+        organisationId: user.user_metadata?.organisationId || user.app_metadata?.organisationId,
+        eventId: user.user_metadata?.eventId || user.app_metadata?.eventId,
+        appId: user.user_metadata?.appId || user.app_metadata?.appId,
+      };
+
+      // For super admins, show all items (they bypass permission checks)
+      // Gracefully handle RBAC not being initialized (e.g., in tests)
+      try {
+        const { isSuperAdmin } = await import('../../rbac/api');
+        const isSuper = await isSuperAdmin(user.id);
+        
+        if (isSuper) {
+          // Super admins see all navigation items
+          if (isMounted) {
+            setFilteredMenuItems(baseMenuItems);
+          }
+          return;
+        }
+      } catch (error) {
+        // If RBAC is not initialized (e.g., in tests), continue with normal filtering
+        // This prevents errors from breaking navigation when RBAC isn't available
+        if (error && typeof error === 'object' && 'code' in error && error.code === 'RBAC_NOT_INITIALIZED') {
+          // RBAC not available - proceed with normal filtering without super admin check
+          // In this case, we'll filter items normally based on permissions
+        } else {
+          // Re-throw unexpected errors
+          throw error;
+        }
+      }
+
+      // If no organisation context yet, show all items until context is ready
+      // This prevents navigation from being empty while context loads
+      if (!scope.organisationId) {
+        if (isMounted) {
+          setFilteredMenuItems(baseMenuItems);
+        }
+        return;
+      }
+
+      // Organisation context is ready - now filter items based on permissions
       const filtered = await Promise.all(
         baseMenuItems.map(async (item) => {
           if (!item.href) return { item, hasAccess: true };
@@ -520,6 +588,7 @@ export function PaceAppLayout({
             const hasAccess = await checkPermission(permission, pageId);
             return { item, hasAccess };
           } catch {
+            // On error, default to hiding the item (fail-safe)
             return { item, hasAccess: false };
           }
         })
@@ -539,7 +608,7 @@ export function PaceAppLayout({
     return () => {
       isMounted = false;
     };
-  }, [baseMenuItems, filterNavigationByPermissions, enforcePermissions, pageIdMapping, routePermissions, defaultPermission]);
+  }, [baseMenuItems, filterNavigationByPermissions, pageIdMapping, routePermissions, defaultPermission, checkPermission, user?.id, user?.user_metadata, user?.app_metadata]);
 
   // NEW: Phase 2 - Enhanced Routing Features
   // Check route access for role-based routing

package/src/components/PublicLayout/__tests__/PublicPageHeader.test.tsx

@@ -48,12 +48,12 @@ vi.mock('../../../hooks/useAppConfig', () => ({
 
 // Mock the FileDisplay component
 vi.mock('../../FileDisplay/FileDisplay', () => ({
-  FileDisplay: vi.fn(({ table_name, record_id, organisation_id, category, className }) => (
+  FileDisplay: vi.fn(({ table_name, record_id, organisation_id, category, className, size = 'md' }) => (
     <div 
       data-testid="event-logo" 
-      data-event-id={eventId}
-      data-event-name={eventName}
-      data-organisation-id={organisationId}
+      data-table-name={table_name}
+      data-record-id={record_id}
+      data-organisation-id={organisation_id}
       data-size={size}
       className={className}
     >

package/src/components/Toast/Toast.tsx

@@ -12,7 +12,7 @@
  * - Customizable positioning and styling
  * - Swipe gestures for dismissal
  * - Keyboard navigation support
- * - Auto-dismiss with configurable duration
+ * - Auto-dismiss with default 10 second duration (configurable)
  * - Action buttons and close functionality
  * - Responsive design
  * - Accessibility compliant