npm - @jmruthers/pace-core - Versions diffs - 0.5.109 → 0.5.110 - Mend

@jmruthers/pace-core 0.5.109 → 0.5.110

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (144) hide show

package/CHANGELOG.md +22 -0
package/dist/{DataTable-5HITILXS.js → DataTable-D3BK2FCN.js} +4 -4
package/dist/{api-5I3E47G2.js → api-PIE4JRFS.js} +2 -2
package/dist/{chunk-P72NKAT5.js → chunk-3J5N2T2N.js} +51 -11
package/dist/chunk-3J5N2T2N.js.map +1 -0
package/dist/{chunk-3TKTL5AZ.js → chunk-7GBEBJLR.js} +26 -34
package/dist/chunk-7GBEBJLR.js.map +1 -0
package/dist/{chunk-S4D3Z723.js → chunk-AWK2FAUN.js} +3 -3
package/dist/{chunk-WWNOVFDC.js → chunk-HADXAZT3.js} +2 -2
package/dist/{chunk-UW2DE6JX.js → chunk-HGZSO43Y.js} +2 -2
package/dist/{chunk-F6TSYCKP.js → chunk-XRSP3H52.js} +12 -7
package/dist/chunk-XRSP3H52.js.map +1 -0
package/dist/components.js +4 -4
package/dist/hooks.js +1 -1
package/dist/index.js +6 -6
package/dist/rbac/index.d.ts +34 -22
package/dist/rbac/index.js +3 -3
package/dist/utils.js +1 -1
package/docs/api/classes/ColumnFactory.md +1 -1
package/docs/api/classes/ErrorBoundary.md +1 -1
package/docs/api/classes/InvalidScopeError.md +1 -1
package/docs/api/classes/MissingUserContextError.md +1 -1
package/docs/api/classes/OrganisationContextRequiredError.md +1 -1
package/docs/api/classes/PermissionDeniedError.md +1 -1
package/docs/api/classes/PublicErrorBoundary.md +1 -1
package/docs/api/classes/RBACAuditManager.md +1 -1
package/docs/api/classes/RBACCache.md +1 -1
package/docs/api/classes/RBACEngine.md +9 -8
package/docs/api/classes/RBACError.md +1 -1
package/docs/api/classes/RBACNotInitializedError.md +1 -1
package/docs/api/classes/SecureSupabaseClient.md +1 -1
package/docs/api/classes/StorageUtils.md +1 -1
package/docs/api/enums/FileCategory.md +1 -1
package/docs/api/interfaces/AggregateConfig.md +1 -1
package/docs/api/interfaces/ButtonProps.md +1 -1
package/docs/api/interfaces/CardProps.md +1 -1
package/docs/api/interfaces/ColorPalette.md +1 -1
package/docs/api/interfaces/ColorShade.md +1 -1
package/docs/api/interfaces/DataAccessRecord.md +1 -1
package/docs/api/interfaces/DataRecord.md +1 -1
package/docs/api/interfaces/DataTableAction.md +1 -1
package/docs/api/interfaces/DataTableColumn.md +1 -1
package/docs/api/interfaces/DataTableProps.md +1 -1
package/docs/api/interfaces/DataTableToolbarButton.md +1 -1
package/docs/api/interfaces/EmptyStateConfig.md +1 -1
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +1 -1
package/docs/api/interfaces/FileDisplayProps.md +1 -1
package/docs/api/interfaces/FileMetadata.md +1 -1
package/docs/api/interfaces/FileReference.md +1 -1
package/docs/api/interfaces/FileSizeLimits.md +1 -1
package/docs/api/interfaces/FileUploadOptions.md +1 -1
package/docs/api/interfaces/FileUploadProps.md +1 -1
package/docs/api/interfaces/FooterProps.md +1 -1
package/docs/api/interfaces/InactivityWarningModalProps.md +1 -1
package/docs/api/interfaces/InputProps.md +1 -1
package/docs/api/interfaces/LabelProps.md +1 -1
package/docs/api/interfaces/LoginFormProps.md +1 -1
package/docs/api/interfaces/NavigationAccessRecord.md +1 -1
package/docs/api/interfaces/NavigationContextType.md +1 -1
package/docs/api/interfaces/NavigationGuardProps.md +1 -1
package/docs/api/interfaces/NavigationItem.md +1 -1
package/docs/api/interfaces/NavigationMenuProps.md +1 -1
package/docs/api/interfaces/NavigationProviderProps.md +1 -1
package/docs/api/interfaces/Organisation.md +1 -1
package/docs/api/interfaces/OrganisationContextType.md +1 -1
package/docs/api/interfaces/OrganisationMembership.md +1 -1
package/docs/api/interfaces/OrganisationProviderProps.md +1 -1
package/docs/api/interfaces/OrganisationSecurityError.md +1 -1
package/docs/api/interfaces/PaceAppLayoutProps.md +1 -1
package/docs/api/interfaces/PaceLoginPageProps.md +1 -1
package/docs/api/interfaces/PageAccessRecord.md +1 -1
package/docs/api/interfaces/PagePermissionContextType.md +1 -1
package/docs/api/interfaces/PagePermissionGuardProps.md +1 -1
package/docs/api/interfaces/PagePermissionProviderProps.md +1 -1
package/docs/api/interfaces/PaletteData.md +1 -1
package/docs/api/interfaces/PermissionEnforcerProps.md +1 -1
package/docs/api/interfaces/ProtectedRouteProps.md +1 -1
package/docs/api/interfaces/PublicErrorBoundaryProps.md +1 -1
package/docs/api/interfaces/PublicErrorBoundaryState.md +1 -1
package/docs/api/interfaces/PublicLoadingSpinnerProps.md +1 -1
package/docs/api/interfaces/PublicPageFooterProps.md +1 -1
package/docs/api/interfaces/PublicPageHeaderProps.md +1 -1
package/docs/api/interfaces/PublicPageLayoutProps.md +1 -1
package/docs/api/interfaces/RBACConfig.md +19 -8
package/docs/api/interfaces/RBACLogger.md +5 -5
package/docs/api/interfaces/RoleBasedRouterContextType.md +1 -1
package/docs/api/interfaces/RoleBasedRouterProps.md +1 -1
package/docs/api/interfaces/RouteAccessRecord.md +1 -1
package/docs/api/interfaces/RouteConfig.md +1 -1
package/docs/api/interfaces/SecureDataContextType.md +1 -1
package/docs/api/interfaces/SecureDataProviderProps.md +1 -1
package/docs/api/interfaces/StorageConfig.md +1 -1
package/docs/api/interfaces/StorageFileInfo.md +1 -1
package/docs/api/interfaces/StorageFileMetadata.md +1 -1
package/docs/api/interfaces/StorageListOptions.md +1 -1
package/docs/api/interfaces/StorageListResult.md +1 -1
package/docs/api/interfaces/StorageUploadOptions.md +1 -1
package/docs/api/interfaces/StorageUploadResult.md +1 -1
package/docs/api/interfaces/StorageUrlOptions.md +1 -1
package/docs/api/interfaces/StyleImport.md +1 -1
package/docs/api/interfaces/SwitchProps.md +1 -1
package/docs/api/interfaces/ToastActionElement.md +1 -1
package/docs/api/interfaces/ToastProps.md +1 -1
package/docs/api/interfaces/UnifiedAuthContextType.md +1 -1
package/docs/api/interfaces/UnifiedAuthProviderProps.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerOptions.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventReturn.md +1 -1
package/docs/api/interfaces/UsePublicFileDisplayOptions.md +1 -1
package/docs/api/interfaces/UsePublicFileDisplayReturn.md +1 -1
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +1 -1
package/docs/api/interfaces/UseResolvedScopeOptions.md +1 -1
package/docs/api/interfaces/UseResolvedScopeReturn.md +1 -1
package/docs/api/interfaces/UserEventAccess.md +1 -1
package/docs/api/interfaces/UserMenuProps.md +1 -1
package/docs/api/interfaces/UserProfile.md +1 -1
package/docs/api/modules.md +21 -20
package/docs/documentation-index.md +0 -2
package/docs/rbac/README.md +114 -38
package/docs/rbac/api-reference.md +63 -16
package/docs/rbac/getting-started.md +16 -16
package/docs/rbac/quick-start.md +110 -35
package/docs/rbac/troubleshooting.md +125 -2
package/package.json +1 -1
package/src/components/NavigationMenu/NavigationMenu.test.tsx +38 -4
package/src/components/NavigationMenu/NavigationMenu.tsx +71 -6
package/src/rbac/api.test.ts +2 -2
package/src/rbac/api.ts +2 -1
package/src/rbac/components/PagePermissionGuard.tsx +21 -38
package/src/rbac/components/__tests__/PagePermissionGuard.test.tsx +1 -1
package/src/rbac/config.ts +2 -0
package/src/rbac/engine.ts +15 -5
package/src/rbac/security.ts +1 -1
package/dist/chunk-3TKTL5AZ.js.map +0 -1
package/dist/chunk-F6TSYCKP.js.map +0 -1
package/dist/chunk-P72NKAT5.js.map +0 -1
package/docs/rbac/breaking-changes-v3.md +0 -222
package/docs/rbac/migration-guide.md +0 -260
/package/dist/{DataTable-5HITILXS.js.map → DataTable-D3BK2FCN.js.map} +0 -0
/package/dist/{api-5I3E47G2.js.map → api-PIE4JRFS.js.map} +0 -0
/package/dist/{chunk-S4D3Z723.js.map → chunk-AWK2FAUN.js.map} +0 -0
/package/dist/{chunk-WWNOVFDC.js.map → chunk-HADXAZT3.js.map} +0 -0
/package/dist/{chunk-UW2DE6JX.js.map → chunk-HGZSO43Y.js.map} +0 -0

package/CHANGELOG.md CHANGED Viewed

@@ -7,6 +7,28 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
+## [0.5.110] - 2025-01-27
+### Added
+- **Automatic Page Permission Checking in NavigationMenu**: Navigation items with `href` but no explicit permissions/roles/accessLevel now automatically check for `read:page.{pageId}` permission, making navigation filtering more intuitive
+- **RBAC Security Configuration Support**: `RBACEngine` and `createRBACEngine` now accept an optional `securityConfig` parameter, allowing customization of rate limits and security settings per instance
+### Changed
+- **RBAC Rate Limit Increase**: Increased default `maxPermissionChecksPerMinute` from 100 to 1000 to accommodate normal application usage patterns
+- **NavigationMenu Filtering Improvements**: Enhanced recursive filtering of navigation items with proper parent/child handling - parents without accessible children are now properly hidden
+- **RBAC Documentation Updates**: Improved RBAC documentation with better examples, troubleshooting guides, and API references
+- **PagePermissionGuard Scope Handling**: Replaced ref-based scope tracking with `useMemo` for better React compatibility and performance, with improved handling of undefined `appId` values
+### Fixed
+- **PagePermissionGuard Infinite Loop Prevention**: Fixed potential infinite loops by improving scope stability and ensuring `useCan` only runs with valid scopes
+- **PagePermissionGuard Error Logging**: Enhanced error logging with more context (permission strings, page IDs, scope validation status)
+- **NavigationMenu Test Mocks**: Updated test mocks to default to permissive permissions (super admin access) for better test isolation and clearer test intent
+- **RBAC API Test Assertions**: Fixed test assertions to correctly match `createRBACEngine` function signature with optional parameters
+### Removed
+- **pace-core-devtools Package**: Removed the entire `pace-core-devtools` package and all related devtools functionality (AuditInspector, PerformanceMonitor, PermissionDebugger, RoleSimulator, etc.)
+- **Outdated RBAC Documentation**: Removed deprecated `breaking-changes-v3.md` and `migration-guide.md` files that are no longer relevant
 ## [0.5.109] - 2025-11-03
 ### Added

package/dist/{DataTable-5HITILXS.js → DataTable-D3BK2FCN.js} RENAMED Viewed

@@ -54,9 +54,9 @@ import {
   sortHierarchicalDataWithSorting,
   validateHierarchicalData,
   validatePaginationConfig
-} from "./chunk-UW2DE6JX.js";
-import "./chunk-WWNOVFDC.js";
-import "./chunk-F6TSYCKP.js";
+} from "./chunk-HGZSO43Y.js";
+import "./chunk-HADXAZT3.js";
+import "./chunk-XRSP3H52.js";
 import "./chunk-Q7APDV6H.js";
 import {
   CircuitBreaker,
@@ -157,4 +157,4 @@ export {
   validateHierarchicalData,
   validatePaginationConfig
 };
-//# sourceMappingURL=DataTable-5HITILXS.js.map
+//# sourceMappingURL=DataTable-D3BK2FCN.js.map

package/dist/{api-5I3E47G2.js → api-PIE4JRFS.js} RENAMED Viewed

@@ -19,7 +19,7 @@ import {
   isSuperAdmin,
   resolveAppContext,
   setupRBAC
-} from "./chunk-F6TSYCKP.js";
+} from "./chunk-XRSP3H52.js";
 import "./chunk-Q7APDV6H.js";
 import "./chunk-PLDDJCW6.js";
 export {
@@ -44,4 +44,4 @@ export {
   resolveAppContext,
   setupRBAC
 };
-//# sourceMappingURL=api-5I3E47G2.js.map
+//# sourceMappingURL=api-PIE4JRFS.js.map

package/dist/{chunk-P72NKAT5.js → chunk-3J5N2T2N.js} RENAMED Viewed

@@ -25,16 +25,16 @@ import {
   SelectSeparator,
   SelectTrigger,
   SelectValue
-} from "./chunk-UW2DE6JX.js";
+} from "./chunk-HGZSO43Y.js";
 import {
   usePermissions,
   useRBAC,
   useResolvedScope
-} from "./chunk-WWNOVFDC.js";
+} from "./chunk-HADXAZT3.js";
 import {
   isPermitted,
   isSuperAdmin
-} from "./chunk-F6TSYCKP.js";
+} from "./chunk-XRSP3H52.js";
 import {
   OrganisationProvider_exports,
   PublicErrorBoundary,
@@ -929,8 +929,12 @@ var NavigationMenu = React9.forwardRef(({
     if (!filterByPermissions || !authContext || !rbacContext || scopeLoading || permissionsLoading || !resolvedScope?.organisationId) {
       return (items || []).filter((item) => !item.meta?.hidden);
     }
-    return (items || []).filter((item) => {
-      if (item.meta?.hidden) return false;
+    const getPageIdFromHref = (href) => {
+      if (!href) return null;
+      const path = href.split("?")[0].split("#")[0].replace(/^\//, "");
+      return path || "home";
+    };
+    const hasItemPermission = (item) => {
       if (item.permissions && item.permissions.length > 0) {
         const permissions = item.permissions.filter((p) => typeof p === "string").map((p) => p);
         if (permissions.length > 0) {
@@ -986,8 +990,43 @@ var NavigationMenu = React9.forwardRef(({
           }
         }
       }
+      if (item.href && !item.permissions && !item.roles && !item.accessLevel) {
+        const pageId = item.pageId || getPageIdFromHref(item.href);
+        if (pageId) {
+          const pagePermission = `read:page.${pageId}`;
+          const hasPagePermission = permissionMap["*"] === true || permissionMap[pagePermission] === true;
+          if (!hasPagePermission) {
+            if (auditLog) {
+              console.log(`[NavigationMenu] Filtering out navigation item "${item.label}" - no page permission:`, {
+                itemId: item.id,
+                href: item.href,
+                pageId,
+                permission: pagePermission,
+                hasPermission: hasPagePermission
+              });
+            }
+            return false;
+          }
+        }
+      }
       return true;
-    });
+    };
+    const filterItem = (item) => {
+      if (item.meta?.hidden) return null;
+      if (!hasItemPermission(item)) return null;
+      let filteredChildren;
+      if (item.children && item.children.length > 0) {
+        filteredChildren = item.children.map((child) => filterItem(child)).filter((child) => child !== null);
+        if (filteredChildren.length === 0 && !item.href) {
+          return null;
+        }
+      }
+      return {
+        ...item,
+        children: filteredChildren
+      };
+    };
+    return (items || []).map((item) => filterItem(item)).filter((item) => item !== null);
   }, [
     items,
     filterByPermissions,
@@ -997,7 +1036,8 @@ var NavigationMenu = React9.forwardRef(({
     hasAnyPermission,
     scopeLoading,
     permissionsLoading,
-    resolvedScope
+    resolvedScope,
+    auditLog
   ]);
   React9.useEffect(() => {
     if (auditLog && authContext) {
@@ -1379,7 +1419,7 @@ function PaceAppLayout({
         appId: user.user_metadata?.appId || user.app_metadata?.appId
       };
       try {
-        const { isSuperAdmin: isSuperAdmin2 } = await import("./api-5I3E47G2.js");
+        const { isSuperAdmin: isSuperAdmin2 } = await import("./api-PIE4JRFS.js");
         const isSuper = await isSuperAdmin2(user.id);
         if (isSuper) {
           return true;
@@ -1499,7 +1539,7 @@ function PaceAppLayout({
         appId: user.user_metadata?.appId || user.app_metadata?.appId
       };
       try {
-        const { isSuperAdmin: isSuperAdmin2 } = await import("./api-5I3E47G2.js");
+        const { isSuperAdmin: isSuperAdmin2 } = await import("./api-PIE4JRFS.js");
         const isSuper = await isSuperAdmin2(user.id);
         if (isSuper) {
           if (isMounted) {
@@ -1520,7 +1560,7 @@ function PaceAppLayout({
         return;
       }
       try {
-        const { getPermissionMap } = await import("./api-5I3E47G2.js");
+        const { getPermissionMap } = await import("./api-PIE4JRFS.js");
         const permissionMap = await getPermissionMap({
           userId: user.id,
           scope
@@ -4413,4 +4453,4 @@ export {
   PublicPageDiagnostic,
   PublicPageContextChecker
 };
-//# sourceMappingURL=chunk-P72NKAT5.js.map
+//# sourceMappingURL=chunk-3J5N2T2N.js.map