npm - @jmruthers/pace-core - Versions diffs - 0.5.109 → 0.5.111 - Mend

@jmruthers/pace-core 0.5.109 → 0.5.111

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (240) hide show

package/CHANGELOG.md +22 -0
package/dist/{AuthService-DrHrvXNZ.d.ts → AuthService-CVgsgtaZ.d.ts} +8 -0
package/dist/{DataTable-5HITILXS.js → DataTable-5W2HVLLV.js} +8 -8
package/dist/{UnifiedAuthProvider-A7I23UCN.js → UnifiedAuthProvider-LUM3QLS5.js} +3 -3
package/dist/{api-5I3E47G2.js → api-SIZPFBFX.js} +5 -3
package/dist/{audit-65VNHEV2.js → audit-5JI5T3SL.js} +2 -2
package/dist/{chunk-P72NKAT5.js → chunk-2BIDKXQU.js} +157 -120
package/dist/chunk-2BIDKXQU.js.map +1 -0
package/dist/{chunk-S4D3Z723.js → chunk-ACYQNYHB.js} +7 -7
package/dist/{chunk-D6MEKC27.js → chunk-EFVQBYFN.js} +2 -2
package/dist/{chunk-EZ64QG2I.js → chunk-I5YM5BGS.js} +2 -2
package/dist/{chunk-Q7APDV6H.js → chunk-IWJYNWXN.js} +13 -5
package/dist/chunk-IWJYNWXN.js.map +1 -0
package/dist/{chunk-YFMENCR4.js → chunk-JE2GFA3O.js} +3 -3
package/dist/{chunk-AUXS7XSO.js → chunk-MW73E7SP.js} +35 -11
package/dist/chunk-MW73E7SP.js.map +1 -0
package/dist/{chunk-F6TSYCKP.js → chunk-PXXS26G5.js} +68 -29
package/dist/chunk-PXXS26G5.js.map +1 -0
package/dist/{chunk-UW2DE6JX.js → chunk-TD4BXGPE.js} +4 -4
package/dist/{chunk-EYSXQ756.js → chunk-TDFBX7KJ.js} +2 -2
package/dist/{chunk-WWNOVFDC.js → chunk-UGVU7L7N.js} +52 -90
package/dist/chunk-UGVU7L7N.js.map +1 -0
package/dist/{chunk-2W4WKJVF.js → chunk-X7SPKHYZ.js} +290 -255
package/dist/chunk-X7SPKHYZ.js.map +1 -0
package/dist/{chunk-3TKTL5AZ.js → chunk-ZL45MG76.js} +60 -60
package/dist/chunk-ZL45MG76.js.map +1 -0
package/dist/components.js +10 -10
package/dist/hooks.d.ts +11 -1
package/dist/hooks.js +9 -7
package/dist/hooks.js.map +1 -1
package/dist/index.d.ts +2 -2
package/dist/index.js +13 -13
package/dist/providers.d.ts +2 -2
package/dist/providers.js +2 -2
package/dist/rbac/index.d.ts +46 -29
package/dist/rbac/index.js +9 -9
package/dist/utils.js +1 -1
package/docs/api/classes/ColumnFactory.md +1 -1
package/docs/api/classes/ErrorBoundary.md +1 -1
package/docs/api/classes/InvalidScopeError.md +4 -4
package/docs/api/classes/MissingUserContextError.md +4 -4
package/docs/api/classes/OrganisationContextRequiredError.md +4 -4
package/docs/api/classes/PermissionDeniedError.md +4 -4
package/docs/api/classes/PublicErrorBoundary.md +1 -1
package/docs/api/classes/RBACAuditManager.md +8 -8
package/docs/api/classes/RBACCache.md +8 -8
package/docs/api/classes/RBACEngine.md +9 -8
package/docs/api/classes/RBACError.md +4 -4
package/docs/api/classes/RBACNotInitializedError.md +4 -4
package/docs/api/classes/SecureSupabaseClient.md +1 -1
package/docs/api/classes/StorageUtils.md +1 -1
package/docs/api/enums/FileCategory.md +1 -1
package/docs/api/interfaces/AggregateConfig.md +1 -1
package/docs/api/interfaces/ButtonProps.md +1 -1
package/docs/api/interfaces/CardProps.md +1 -1
package/docs/api/interfaces/ColorPalette.md +1 -1
package/docs/api/interfaces/ColorShade.md +1 -1
package/docs/api/interfaces/DataAccessRecord.md +1 -1
package/docs/api/interfaces/DataRecord.md +1 -1
package/docs/api/interfaces/DataTableAction.md +1 -1
package/docs/api/interfaces/DataTableColumn.md +1 -1
package/docs/api/interfaces/DataTableProps.md +1 -1
package/docs/api/interfaces/DataTableToolbarButton.md +1 -1
package/docs/api/interfaces/EmptyStateConfig.md +1 -1
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +1 -1
package/docs/api/interfaces/FileDisplayProps.md +1 -1
package/docs/api/interfaces/FileMetadata.md +1 -1
package/docs/api/interfaces/FileReference.md +1 -1
package/docs/api/interfaces/FileSizeLimits.md +1 -1
package/docs/api/interfaces/FileUploadOptions.md +1 -1
package/docs/api/interfaces/FileUploadProps.md +1 -1
package/docs/api/interfaces/FooterProps.md +1 -1
package/docs/api/interfaces/InactivityWarningModalProps.md +1 -1
package/docs/api/interfaces/InputProps.md +1 -1
package/docs/api/interfaces/LabelProps.md +1 -1
package/docs/api/interfaces/LoginFormProps.md +1 -1
package/docs/api/interfaces/NavigationAccessRecord.md +1 -1
package/docs/api/interfaces/NavigationContextType.md +1 -1
package/docs/api/interfaces/NavigationGuardProps.md +1 -1
package/docs/api/interfaces/NavigationItem.md +1 -1
package/docs/api/interfaces/NavigationMenuProps.md +1 -1
package/docs/api/interfaces/NavigationProviderProps.md +1 -1
package/docs/api/interfaces/Organisation.md +1 -1
package/docs/api/interfaces/OrganisationContextType.md +1 -1
package/docs/api/interfaces/OrganisationMembership.md +1 -1
package/docs/api/interfaces/OrganisationProviderProps.md +1 -1
package/docs/api/interfaces/OrganisationSecurityError.md +1 -1
package/docs/api/interfaces/PaceAppLayoutProps.md +27 -27
package/docs/api/interfaces/PaceLoginPageProps.md +4 -4
package/docs/api/interfaces/PageAccessRecord.md +1 -1
package/docs/api/interfaces/PagePermissionContextType.md +1 -1
package/docs/api/interfaces/PagePermissionGuardProps.md +1 -1
package/docs/api/interfaces/PagePermissionProviderProps.md +1 -1
package/docs/api/interfaces/PaletteData.md +1 -1
package/docs/api/interfaces/PermissionEnforcerProps.md +1 -1
package/docs/api/interfaces/ProtectedRouteProps.md +1 -1
package/docs/api/interfaces/PublicErrorBoundaryProps.md +1 -1
package/docs/api/interfaces/PublicErrorBoundaryState.md +1 -1
package/docs/api/interfaces/PublicLoadingSpinnerProps.md +1 -1
package/docs/api/interfaces/PublicPageFooterProps.md +1 -1
package/docs/api/interfaces/PublicPageHeaderProps.md +1 -1
package/docs/api/interfaces/PublicPageLayoutProps.md +1 -1
package/docs/api/interfaces/RBACConfig.md +19 -8
package/docs/api/interfaces/RBACLogger.md +5 -5
package/docs/api/interfaces/RoleBasedRouterContextType.md +8 -8
package/docs/api/interfaces/RoleBasedRouterProps.md +10 -10
package/docs/api/interfaces/RouteAccessRecord.md +10 -10
package/docs/api/interfaces/RouteConfig.md +19 -6
package/docs/api/interfaces/SecureDataContextType.md +1 -1
package/docs/api/interfaces/SecureDataProviderProps.md +1 -1
package/docs/api/interfaces/StorageConfig.md +1 -1
package/docs/api/interfaces/StorageFileInfo.md +1 -1
package/docs/api/interfaces/StorageFileMetadata.md +1 -1
package/docs/api/interfaces/StorageListOptions.md +1 -1
package/docs/api/interfaces/StorageListResult.md +1 -1
package/docs/api/interfaces/StorageUploadOptions.md +1 -1
package/docs/api/interfaces/StorageUploadResult.md +1 -1
package/docs/api/interfaces/StorageUrlOptions.md +1 -1
package/docs/api/interfaces/StyleImport.md +1 -1
package/docs/api/interfaces/SwitchProps.md +1 -1
package/docs/api/interfaces/ToastActionElement.md +1 -1
package/docs/api/interfaces/ToastProps.md +1 -1
package/docs/api/interfaces/UnifiedAuthContextType.md +1 -1
package/docs/api/interfaces/UnifiedAuthProviderProps.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerOptions.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventReturn.md +1 -1
package/docs/api/interfaces/UsePublicFileDisplayOptions.md +1 -1
package/docs/api/interfaces/UsePublicFileDisplayReturn.md +1 -1
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +1 -1
package/docs/api/interfaces/UseResolvedScopeOptions.md +1 -1
package/docs/api/interfaces/UseResolvedScopeReturn.md +1 -1
package/docs/api/interfaces/UserEventAccess.md +1 -1
package/docs/api/interfaces/UserMenuProps.md +1 -1
package/docs/api/interfaces/UserProfile.md +1 -1
package/docs/api/modules.md +44 -43
package/docs/api-reference/hooks.md +8 -4
package/docs/architecture/rpc-function-standards.md +3 -1
package/docs/best-practices/common-patterns.md +3 -3
package/docs/best-practices/deployment.md +10 -4
package/docs/best-practices/performance.md +11 -3
package/docs/core-concepts/organisations.md +8 -8
package/docs/core-concepts/permissions.md +133 -72
package/docs/documentation-index.md +0 -2
package/docs/migration/rbac-migration.md +65 -66
package/docs/rbac/README.md +114 -38
package/docs/rbac/advanced-patterns.md +15 -22
package/docs/rbac/api-reference.md +63 -16
package/docs/rbac/examples.md +12 -12
package/docs/rbac/getting-started.md +19 -19
package/docs/rbac/quick-start.md +110 -35
package/docs/rbac/troubleshooting.md +127 -3
package/package.json +1 -1
package/src/components/DataTable/components/__tests__/ActionButtons.test.tsx +913 -0
package/src/components/DataTable/components/__tests__/ColumnFilter.test.tsx +609 -0
package/src/components/DataTable/components/__tests__/EmptyState.test.tsx +434 -0
package/src/components/DataTable/components/__tests__/LoadingState.test.tsx +120 -0
package/src/components/DataTable/components/__tests__/PaginationControls.test.tsx +519 -0
package/src/components/DataTable/examples/__tests__/HierarchicalActionsExample.test.tsx +316 -0
package/src/components/DataTable/examples/__tests__/InitialPageSizeExample.test.tsx +211 -0
package/src/components/FileUpload/FileUpload.tsx +2 -8
package/src/components/NavigationMenu/NavigationMenu.test.tsx +38 -4
package/src/components/NavigationMenu/NavigationMenu.tsx +71 -6
package/src/components/PaceAppLayout/PaceAppLayout.test.tsx +193 -63
package/src/components/PaceAppLayout/PaceAppLayout.tsx +102 -135
package/src/components/PaceAppLayout/__tests__/PaceAppLayout.accessibility.test.tsx +41 -2
package/src/components/PaceAppLayout/__tests__/PaceAppLayout.integration.test.tsx +61 -6
package/src/components/PaceAppLayout/__tests__/PaceAppLayout.performance.test.tsx +71 -21
package/src/components/PaceAppLayout/__tests__/PaceAppLayout.security.test.tsx +113 -41
package/src/components/PaceAppLayout/__tests__/PaceAppLayout.unit.test.tsx +155 -45
package/src/components/PaceLoginPage/PaceLoginPage.tsx +30 -1
package/src/hooks/__tests__/usePermissionCache.simple.test.ts +63 -5
package/src/hooks/__tests__/usePermissionCache.unit.test.ts +156 -72
package/src/hooks/__tests__/useRBAC.unit.test.ts +4 -38
package/src/hooks/index.ts +1 -1
package/src/hooks/useFileDisplay.ts +51 -0
package/src/hooks/usePermissionCache.test.ts +112 -68
package/src/hooks/usePermissionCache.ts +55 -15
package/src/rbac/README.md +81 -39
package/src/rbac/__tests__/adapters.comprehensive.test.tsx +3 -3
package/src/rbac/__tests__/engine.comprehensive.test.ts +15 -6
package/src/rbac/__tests__/rbac-core.test.tsx +1 -1
package/src/rbac/__tests__/rbac-engine-core-logic.test.ts +57 -4
package/src/rbac/__tests__/rbac-engine-simplified.test.ts +3 -2
package/src/rbac/adapters.tsx +4 -4
package/src/rbac/api.test.ts +39 -15
package/src/rbac/api.ts +27 -9
package/src/rbac/audit.test.ts +2 -2
package/src/rbac/audit.ts +14 -5
package/src/rbac/cache.test.ts +12 -0
package/src/rbac/cache.ts +29 -9
package/src/rbac/components/EnhancedNavigationMenu.test.tsx +1 -1
package/src/rbac/components/NavigationGuard.tsx +14 -14
package/src/rbac/components/NavigationProvider.test.tsx +1 -1
package/src/rbac/components/PagePermissionGuard.tsx +22 -38
package/src/rbac/components/PagePermissionProvider.test.tsx +1 -1
package/src/rbac/components/PermissionEnforcer.tsx +19 -15
package/src/rbac/components/RoleBasedRouter.tsx +16 -9
package/src/rbac/components/__tests__/NavigationGuard.test.tsx +123 -107
package/src/rbac/components/__tests__/PagePermissionGuard.test.tsx +2 -2
package/src/rbac/components/__tests__/PermissionEnforcer.test.tsx +121 -103
package/src/rbac/config.ts +2 -0
package/src/rbac/docs/event-based-apps.md +6 -6
package/src/rbac/engine.ts +27 -7
package/src/rbac/hooks/useCan.test.ts +29 -2
package/src/rbac/hooks/usePermissions.test.ts +25 -25
package/src/rbac/hooks/usePermissions.ts +47 -23
package/src/rbac/hooks/useRBAC.simple.test.ts +1 -8
package/src/rbac/hooks/useRBAC.test.ts +3 -40
package/src/rbac/hooks/useRBAC.ts +0 -55
package/src/rbac/hooks/useResolvedScope.ts +23 -31
package/src/rbac/permissions.test.ts +11 -7
package/src/rbac/security.test.ts +2 -2
package/src/rbac/security.ts +23 -8
package/src/rbac/types.test.ts +2 -2
package/src/rbac/types.ts +1 -2
package/src/services/EventService.ts +41 -13
package/src/services/__tests__/EventService.test.ts +25 -4
package/src/services/interfaces/IEventService.ts +1 -0
package/src/utils/file-reference.ts +9 -0
package/dist/chunk-2W4WKJVF.js.map +0 -1
package/dist/chunk-3TKTL5AZ.js.map +0 -1
package/dist/chunk-AUXS7XSO.js.map +0 -1
package/dist/chunk-F6TSYCKP.js.map +0 -1
package/dist/chunk-P72NKAT5.js.map +0 -1
package/dist/chunk-Q7APDV6H.js.map +0 -1
package/dist/chunk-WWNOVFDC.js.map +0 -1
package/docs/rbac/breaking-changes-v3.md +0 -222
package/docs/rbac/migration-guide.md +0 -260
/package/dist/{DataTable-5HITILXS.js.map → DataTable-5W2HVLLV.js.map} +0 -0
/package/dist/{UnifiedAuthProvider-A7I23UCN.js.map → UnifiedAuthProvider-LUM3QLS5.js.map} +0 -0
/package/dist/{api-5I3E47G2.js.map → api-SIZPFBFX.js.map} +0 -0
/package/dist/{audit-65VNHEV2.js.map → audit-5JI5T3SL.js.map} +0 -0
/package/dist/{chunk-S4D3Z723.js.map → chunk-ACYQNYHB.js.map} +0 -0
/package/dist/{chunk-D6MEKC27.js.map → chunk-EFVQBYFN.js.map} +0 -0
/package/dist/{chunk-EZ64QG2I.js.map → chunk-I5YM5BGS.js.map} +0 -0
/package/dist/{chunk-YFMENCR4.js.map → chunk-JE2GFA3O.js.map} +0 -0
/package/dist/{chunk-UW2DE6JX.js.map → chunk-TD4BXGPE.js.map} +0 -0
/package/dist/{chunk-EYSXQ756.js.map → chunk-TDFBX7KJ.js.map} +0 -0

package/src/components/PaceAppLayout/__tests__/PaceAppLayout.security.test.tsx CHANGED Viewed

@@ -91,11 +91,20 @@ const mockOrganisationContext = {
   isOrganisationSecure: vi.fn().mockReturnValue(true)
 };
-vi.mock('../../../providers/OrganisationProvider', () => ({
-  OrganisationProvider: ({ children }: { children: React.ReactNode }) => <>{children}</>,
+vi.mock('../../../hooks/useOrganisations', () => ({
   useOrganisations: () => mockOrganisationContext
 }));
+// Mock useEvents hook (optional - wrapped in try/catch in component)
+vi.mock('../../../providers/EventsProvider', () => ({
+  useEvents: vi.fn(() => ({
+    selectedEvent: { event_id: 'event-123' },
+    events: [],
+    isLoading: false,
+    error: null,
+  })),
+}));
 // Mock the new RBAC system for security testing
 const mockIsPermitted = vi.fn().mockResolvedValue(true);
 const mockCheckPermission = vi.fn().mockResolvedValue(true);
@@ -108,6 +117,38 @@ vi.mock('../../../rbac/api', () => ({
   setupRBAC: vi.fn()
 }));
+// Mock RBAC hooks
+const mockHasPermissionRBAC = vi.fn().mockResolvedValue(true);
+const mockUseRBAC = vi.fn(() => ({
+  hasPermission: mockHasPermissionRBAC,
+  isLoading: false,
+  error: null,
+  hasGlobalPermission: vi.fn().mockResolvedValue(true),
+  hasOrganisationPermission: vi.fn().mockResolvedValue(true),
+  hasEventPermission: vi.fn().mockResolvedValue(true),
+  globalRole: null,
+  organisationRoles: [],
+  eventRoles: [],
+  permissionMap: {},
+}));
+const mockUseCan = vi.fn(() => ({
+  can: true,
+  isLoading: false,
+  error: null,
+  refetch: vi.fn().mockResolvedValue(undefined),
+}));
+vi.mock('../../../rbac/hooks', () => ({
+  useRBAC: () => mockUseRBAC(),
+  useCan: (...args: any[]) => mockUseCan(...args),
+  useResolvedScope: vi.fn(() => ({
+    resolvedScope: { organisationId: 'org-123', eventId: 'event-123', appId: 'app-123' },
+    isLoading: false,
+    error: null,
+  })),
+}));
 // Mock child components
 vi.mock('../../Header', () => ({
   Header: vi.fn(({ appName, user, onSignOut, onChangePassword, onNavigate, currentPath, logo, userMenu, actions }) => (
@@ -186,6 +227,28 @@ describe('PaceAppLayout Security', () => {
     mockIsPermitted.mockClear();
     mockIsPermitted.mockResolvedValue(true);
+    // Reset RBAC hook mocks
+    mockHasPermissionRBAC.mockClear();
+    mockHasPermissionRBAC.mockResolvedValue(true);
+    mockUseCan.mockReturnValue({
+      can: true,
+      isLoading: false,
+      error: null,
+      refetch: vi.fn().mockResolvedValue(undefined),
+    });
+    mockUseRBAC.mockReturnValue({
+      hasPermission: mockHasPermissionRBAC,
+      isLoading: false,
+      error: null,
+      hasGlobalPermission: vi.fn().mockResolvedValue(true),
+      hasOrganisationPermission: vi.fn().mockResolvedValue(true),
+      hasEventPermission: vi.fn().mockResolvedValue(true),
+      globalRole: null,
+      organisationRoles: [],
+      eventRoles: [],
+      permissionMap: {},
+    });
     // Reset the mocked function
     const { isPermitted } = await import('../../../rbac/api');
     vi.mocked(isPermitted).mockClear();
@@ -221,9 +284,13 @@ describe('PaceAppLayout Security', () => {
     });
     it('prevents access when user lacks permission', async () => {
-      // Mock the RBAC system to deny permission
-      const { isPermitted } = await import('../../../rbac/api');
-      vi.mocked(isPermitted).mockResolvedValue(false);
+      // Mock useCan to return false (deny access)
+      mockUseCan.mockReturnValueOnce({
+        can: false,
+        isLoading: false,
+        error: null,
+        refetch: vi.fn().mockResolvedValue(undefined),
+      });
       render(
         <TestWrapper>
@@ -235,8 +302,8 @@ describe('PaceAppLayout Security', () => {
       await waitFor(() => {
         expect(screen.getByText('Access Denied')).toBeInTheDocument();
         expect(screen.getByText("You don't have permission to access this page.")).toBeInTheDocument();
-      });
-    });
+      }, { timeout: 5000 });
+    }, { timeout: 6000 });
     it('enforces route-specific permissions', async () => {
       const routePermissions: Record<string, Operation> = {
@@ -263,9 +330,13 @@ describe('PaceAppLayout Security', () => {
     });
     it('handles permission check failures securely', async () => {
-      // Mock the RBAC system to throw an error
-      const { isPermitted } = await import('../../../rbac/api');
-      vi.mocked(isPermitted).mockRejectedValue(new Error('Permission check failed'));
+      // Mock useCan to return an error state
+      mockUseCan.mockReturnValueOnce({
+        can: false,
+        isLoading: false,
+        error: new Error('Permission check failed'),
+        refetch: vi.fn().mockResolvedValue(undefined),
+      });
       render(
         <TestWrapper>
@@ -277,8 +348,8 @@ describe('PaceAppLayout Security', () => {
         // When permission check throws an error, should show Permission Error page
         expect(screen.getByText('Permission Error')).toBeInTheDocument();
         expect(screen.getByText('Permission check failed')).toBeInTheDocument();
-      });
-    });
+      }, { timeout: 5000 });
+    }, { timeout: 6000 });
     it('prevents bypassing permission checks', async () => {
       // Test that permission checks cannot be bypassed by manipulating props
@@ -309,12 +380,8 @@ describe('PaceAppLayout Security', () => {
   describe('Navigation Security', () => {
     it('filters navigation items based on permissions', async () => {
-      // Mock permission check to deny access to admin
-      mockIsPermitted.mockImplementation((userId, scope, operation, pageId) => {
-        if (pageId === 'admin') return Promise.resolve(false);
-        return Promise.resolve(true);
-      });
+      // Mock permission check to allow all permissions for navigation filtering
+      // The navigation filtering uses getPermissionMap which is already mocked
       render(
         <TestWrapper>
           <PaceAppLayout
@@ -333,8 +400,8 @@ describe('PaceAppLayout Security', () => {
         // With permission enforcement enabled, the component should render normally
         expect(screen.getByTestId('mock-header')).toBeInTheDocument();
         expect(screen.getByTestId('mock-outlet')).toBeInTheDocument();
-      });
-    });
+      }, { timeout: 5000 });
+    }, { timeout: 6000 });
     it('prevents navigation to unauthorized routes', () => {
       render(
@@ -596,9 +663,13 @@ describe('PaceAppLayout Security', () => {
     });
     it('handles permission errors securely', async () => {
-      // Mock the RBAC system to deny permission (secure behavior)
-      const { isPermitted } = await import('../../../rbac/api');
-      vi.mocked(isPermitted).mockResolvedValue(false);
+      // Mock useCan to return false (deny access)
+      mockUseCan.mockReturnValueOnce({
+        can: false,
+        isLoading: false,
+        error: null,
+        refetch: vi.fn().mockResolvedValue(undefined),
+      });
       render(
         <TestWrapper>
@@ -608,15 +679,18 @@ describe('PaceAppLayout Security', () => {
       await waitFor(() => {
         expect(screen.getByText('Access Denied')).toBeInTheDocument();
-      });
-    });
+      }, { timeout: 5000 });
+    }, { timeout: 6000 });
     it('prevents information leakage in error messages', async () => {
-      // Mock the RBAC system to throw an error with sensitive information
-      const { isPermitted } = await import('../../../rbac/api');
+      // Mock useCan to return an error with sensitive information
       const sensitiveError = new Error('Database connection failed: password=secret123');
-      vi.mocked(isPermitted).mockClear();
-      vi.mocked(isPermitted).mockRejectedValue(sensitiveError);
+      mockUseCan.mockReturnValueOnce({
+        can: false,
+        isLoading: false,
+        error: sensitiveError,
+        refetch: vi.fn().mockResolvedValue(undefined),
+      });
       render(
         <TestWrapper>
@@ -634,8 +708,8 @@ describe('PaceAppLayout Security', () => {
         expect(screen.getByText('Permission Error')).toBeInTheDocument();
         // Should not expose sensitive information
         expect(screen.queryByText('password=secret123')).not.toBeInTheDocument();
-      });
-    });
+      }, { timeout: 5000 });
+    }, { timeout: 6000 });
   });
   describe('Session Security', () => {
@@ -712,16 +786,6 @@ describe('PaceAppLayout Security', () => {
     it('prevents privilege escalation', async () => {
       // Test that users cannot escalate their privileges
-      const { isPermitted } = await import('../../../rbac/api');
-      vi.mocked(isPermitted).mockImplementation(({ userId, scope, permission, pageId }) => {
-        // Simulate user trying to access admin with read permission
-        // Permission is now formatted as "operation:page.pageId"
-        if (pageId === 'admin' && permission === 'read:page.admin') {
-          return Promise.resolve(false);
-        }
-        return Promise.resolve(true);
-      });
       // Create a test wrapper with admin path for privilege escalation test
       const AdminTestWrapper = ({ children }: { children: React.ReactNode }) => (
         <BrowserRouter>
@@ -734,6 +798,14 @@ describe('PaceAppLayout Security', () => {
       // Mock the location to be /admin for this test
       mockLocation.pathname = '/admin';
+      // Mock useCan to return false (deny admin access)
+      mockUseCan.mockReturnValueOnce({
+        can: false,
+        isLoading: false,
+        error: null,
+        refetch: vi.fn().mockResolvedValue(undefined),
+      });
       render(
         <AdminTestWrapper>
           <PaceAppLayout

package/src/components/PaceAppLayout/__tests__/PaceAppLayout.unit.test.tsx CHANGED Viewed

@@ -78,11 +78,20 @@ const mockOrganisationContext = {
   isOrganisationSecure: vi.fn().mockReturnValue(true)
 };
-vi.mock('../../../providers/OrganisationProvider', () => ({
-  OrganisationProvider: ({ children }: { children: React.ReactNode }) => <>{children}</>,
+vi.mock('../../../hooks/useOrganisations', () => ({
   useOrganisations: () => mockOrganisationContext
 }));
+// Mock useEvents hook (optional - wrapped in try/catch in component)
+vi.mock('../../../providers/EventsProvider', () => ({
+  useEvents: vi.fn(() => ({
+    selectedEvent: { event_id: 'event-123' },
+    events: [],
+    isLoading: false,
+    error: null,
+  })),
+}));
 // Mock the new RBAC system
 const mockIsPermitted = vi.fn().mockImplementation((input) => {
   console.log('[PaceAppLayout] Page access attempt:', {
@@ -104,6 +113,38 @@ vi.mock('../../../rbac/api', () => ({
   setupRBAC: vi.fn()
 }));
+// Mock RBAC hooks
+const mockHasPermissionRBAC = vi.fn().mockResolvedValue(true);
+const mockUseRBAC = vi.fn(() => ({
+  hasPermission: mockHasPermissionRBAC,
+  isLoading: false,
+  error: null,
+  hasGlobalPermission: vi.fn().mockResolvedValue(true),
+  hasOrganisationPermission: vi.fn().mockResolvedValue(true),
+  hasEventPermission: vi.fn().mockResolvedValue(true),
+  globalRole: null,
+  organisationRoles: [],
+  eventRoles: [],
+  permissionMap: {},
+}));
+const mockUseCan = vi.fn(() => ({
+  can: true,
+  isLoading: false,
+  error: null,
+  refetch: vi.fn().mockResolvedValue(undefined),
+}));
+vi.mock('../../../rbac/hooks', () => ({
+  useRBAC: () => mockUseRBAC(),
+  useCan: (...args: any[]) => mockUseCan(...args),
+  useResolvedScope: vi.fn(() => ({
+    resolvedScope: { organisationId: 'org-123', eventId: 'event-123', appId: 'app-123' },
+    isLoading: false,
+    error: null,
+  })),
+}));
 // Mock Footer (static, doesn't depend on props)
 vi.mock('../../Footer', () => ({
   Footer: vi.fn(() => <footer data-testid="mock-footer" role="contentinfo">Mock Footer</footer>)
@@ -194,6 +235,27 @@ describe('PaceAppLayout Component', () => {
     // Explicitly re-mock updatePassword to always return { error: null }
     mockUpdatePassword.mockResolvedValue({ error: null });
+    // Reset RBAC mocks to default state
+    mockHasPermissionRBAC.mockResolvedValue(true);
+    mockUseCan.mockReturnValue({
+      can: true,
+      isLoading: false,
+      error: null,
+      refetch: vi.fn().mockResolvedValue(undefined),
+    });
+    mockUseRBAC.mockReturnValue({
+      hasPermission: mockHasPermissionRBAC,
+      isLoading: false,
+      error: null,
+      hasGlobalPermission: vi.fn().mockResolvedValue(true),
+      hasOrganisationPermission: vi.fn().mockResolvedValue(true),
+      hasEventPermission: vi.fn().mockResolvedValue(true),
+      globalRole: null,
+      organisationRoles: [],
+      eventRoles: [],
+      permissionMap: {},
+    });
     // Reset location mock
     Object.defineProperty(window, 'location', {
       value: { pathname: '/test-path' },
@@ -519,7 +581,11 @@ describe('PaceAppLayout Component', () => {
         </TestWrapper>
       );
-      expect(mockIsPermitted).not.toHaveBeenCalled();
+      // useCan is always called for consistency, but when enforcePermissions is false,
+      // the result is ignored (hasPermission = enforcePermissions ? can : true)
+      // So the component should render normally regardless of permission check result
+      expect(screen.getByTestId('mock-header')).toBeInTheDocument();
+      expect(screen.getByTestId('mock-outlet')).toBeInTheDocument();
     });
     it('enables permission enforcement when enforcePermissions is true', async () => {
@@ -569,13 +635,15 @@ describe('PaceAppLayout Component', () => {
       );
       await waitFor(() => {
-        expect(mockIsPermitted).toHaveBeenCalledWith({
-          userId: 'test-user-id',
-          scope: expect.objectContaining({ organisationId: 'test-org-123' }),
-          permission: 'delete:page.test-path',
-          pageId: 'test-path'
-        });
-      });
+        // useCan is called with userId, scope, permission, pageId, useCache
+        expect(mockUseCan).toHaveBeenCalledWith(
+          'test-user-id',
+          expect.objectContaining({ organisationId: 'org-123' }),
+          'delete:page.test-path',
+          'test-path',
+          true
+        );
+      }, { timeout: 2000 });
     });
     it('uses custom page ID mapping when provided', async () => {
@@ -594,18 +662,25 @@ describe('PaceAppLayout Component', () => {
       );
       await waitFor(() => {
-        expect(mockIsPermitted).toHaveBeenCalledWith({
-          userId: 'test-user-id',
-          scope: expect.objectContaining({ organisationId: 'test-org-123' }),
-          permission: 'read:page.custom-page-id',
-          pageId: 'custom-page-id'
-        });
-      });
+        // useCan is called with userId, scope, permission, pageId, useCache
+        expect(mockUseCan).toHaveBeenCalledWith(
+          'test-user-id',
+          expect.objectContaining({ organisationId: 'org-123' }),
+          'read:page.custom-page-id',
+          'custom-page-id',
+          true
+        );
+      }, { timeout: 2000 });
     });
     it('shows loading state while checking permissions', async () => {
-      // Make permission check take time
-      mockIsPermitted.mockImplementation((input) => new Promise(resolve => setTimeout(() => resolve(true), 100)));
+      // Mock useCan to return loading state
+      mockUseCan.mockReturnValueOnce({
+        can: false,
+        isLoading: true,
+        error: null,
+        refetch: vi.fn().mockResolvedValue(undefined),
+      });
       render(
         <TestWrapper>
@@ -618,7 +693,14 @@ describe('PaceAppLayout Component', () => {
     it('shows permission error when checkPermission throws', async () => {
       const mockError = new Error('Permission check failed');
-      mockIsPermitted.mockRejectedValue(mockError);
+      // Mock useCan to return an error state
+      mockUseCan.mockReturnValueOnce({
+        can: false,
+        isLoading: false,
+        error: mockError,
+        refetch: vi.fn().mockResolvedValue(undefined),
+      });
       render(
         <TestWrapper>
@@ -629,11 +711,17 @@ describe('PaceAppLayout Component', () => {
       await waitFor(() => {
         expect(screen.getByText('Permission Error')).toBeInTheDocument();
         expect(screen.getByText('Permission check failed')).toBeInTheDocument();
-      }, { timeout: 2000 });
-    });
+      }, { timeout: 5000 });
+    }, { timeout: 6000 });
     it('shows access denied when user lacks permission', async () => {
-      mockIsPermitted.mockResolvedValue(false);
+      // Mock useCan to return false (user lacks permission)
+      mockUseCan.mockReturnValueOnce({
+        can: false,
+        isLoading: false,
+        error: null,
+        refetch: vi.fn().mockResolvedValue(undefined),
+      });
       render(
         <TestWrapper>
@@ -644,11 +732,18 @@ describe('PaceAppLayout Component', () => {
       await waitFor(() => {
         expect(screen.getByText('Access Denied')).toBeInTheDocument();
         expect(screen.getByText("You don't have permission to access this page.")).toBeInTheDocument();
-      });
-    });
+      }, { timeout: 5000 });
+    }, { timeout: 6000 });
     it('shows custom permission fallback when provided', async () => {
-      mockIsPermitted.mockResolvedValue(false);
+      // Mock useCan to return false
+      mockUseCan.mockReturnValueOnce({
+        can: false,
+        isLoading: false,
+        error: null,
+        refetch: vi.fn().mockResolvedValue(undefined),
+      });
       const CustomFallback = () => <div data-testid="custom-fallback">Custom Access Denied</div>;
       render(
@@ -663,11 +758,17 @@ describe('PaceAppLayout Component', () => {
       await waitFor(() => {
         expect(screen.getByTestId('custom-fallback')).toBeInTheDocument();
-      });
-    });
+      }, { timeout: 5000 });
+    }, { timeout: 6000 });
     it('provides go home button in access denied state', async () => {
-      mockIsPermitted.mockResolvedValue(false);
+      // Mock useCan to return false
+      mockUseCan.mockReturnValueOnce({
+        can: false,
+        isLoading: false,
+        error: null,
+        refetch: vi.fn().mockResolvedValue(undefined),
+      });
       render(
         <TestWrapper>
@@ -681,12 +782,19 @@ describe('PaceAppLayout Component', () => {
         fireEvent.click(goHomeButton);
         expect(mockNavigate).toHaveBeenCalledWith('/');
-      }, { timeout: 2000 });
-    });
+      }, { timeout: 5000 });
+    }, { timeout: 6000 });
     it('provides go home button in permission error state', async () => {
       const mockError = new Error('Permission check failed');
-      mockIsPermitted.mockRejectedValue(mockError);
+      // Mock useCan to return an error state
+      mockUseCan.mockReturnValueOnce({
+        can: false,
+        isLoading: false,
+        error: mockError,
+        refetch: vi.fn().mockResolvedValue(undefined),
+      });
       render(
         <TestWrapper>
@@ -700,8 +808,8 @@ describe('PaceAppLayout Component', () => {
         fireEvent.click(goHomeButton);
         expect(mockNavigate).toHaveBeenCalledWith('/');
-      });
-    });
+      }, { timeout: 5000 });
+    }, { timeout: 6000 });
   });
   describe('Navigation Filtering by Permissions', () => {
@@ -736,9 +844,9 @@ describe('PaceAppLayout Component', () => {
       // Wait a bit to see if the component renders
       await new Promise(resolve => setTimeout(resolve, 100));
-      // Note: The filtering is async, so we need to wait with a timeout
+      // Note: The filtering uses getPermissionMap which is mocked, so just verify rendering
       await waitFor(() => {
-        expect(mockIsPermitted).toHaveBeenCalled();
+        expect(screen.getByTestId('mock-header')).toBeInTheDocument();
       }, { timeout: 2000 });
       // Verify the component rendered successfully
@@ -826,13 +934,15 @@ describe('PaceAppLayout Component', () => {
       );
       await waitFor(() => {
-        expect(mockIsPermitted).toHaveBeenCalledWith({
-          userId: 'test-user-id',
-          scope: expect.objectContaining({ organisationId: 'test-org-123' }),
-          permission: 'read:page.new-path',
-          pageId: 'new-path'
-        });
-      });
+        // useCan is called with userId, scope, permission, pageId, useCache
+        expect(mockUseCan).toHaveBeenCalledWith(
+          'test-user-id',
+          expect.objectContaining({ organisationId: 'org-123' }),
+          'read:page.new-path',
+          'new-path',
+          true
+        );
+      }, { timeout: 2000 });
       // Reset for other tests
       mockLocation.pathname = '/test-path';
@@ -894,8 +1004,8 @@ describe('PaceAppLayout Component', () => {
       );
       await waitFor(() => {
-        expect(mockIsPermitted).toHaveBeenCalledTimes(1);
-      });
+        expect(mockUseCan).toHaveBeenCalled();
+      }, { timeout: 2000 });
     });
   });
 });

package/src/components/PaceLoginPage/PaceLoginPage.tsx CHANGED Viewed

@@ -121,13 +121,14 @@
  * - Tailwind CSS - Styling
  */
-import React, { useEffect, useState } from 'react';
+import React, { useEffect, useState, useContext } from 'react';
 import { useNavigate } from 'react-router-dom';
 import { useUnifiedAuth } from '../../providers';
 import { isSuperAdmin } from '../../rbac/api';
 import { LoginForm } from '../LoginForm';
 import { Button, Input, Label } from '..';
 import { clearPalette } from '../../theming/runtime';
+import { EventServiceContext } from '../../providers/services/EventServiceProvider';
 export interface PaceLoginPageProps {
   /** The name of the application to be displayed on the login form. */
@@ -174,12 +175,40 @@ export const PaceLoginPage: React.FC<PaceLoginPageProps> = ({
   const [accessError, setAccessError] = useState<string | null>(null);
   const [isCheckingAccess, setIsCheckingAccess] = useState(false);
+  // Get event service context (may not be available if outside EventServiceProvider)
+  // Using useContext directly allows graceful handling when provider is not available
+  const eventServiceContext = useContext(EventServiceContext);
+  const eventService = eventServiceContext?.eventService || null;
   // Clear any active event theme when login page mounts
   // This ensures the login screen always uses default colors
   useEffect(() => {
     clearPalette();
   }, []);
+  // Restore persisted event after login screen has rendered
+  // This happens after the login page is fully rendered, allowing events to be loaded first
+  useEffect(() => {
+    const restoreEvent = async () => {
+      try {
+        const isOnLoginPage = window.location.pathname === '/login' || window.location.pathname.startsWith('/login');
+        if (isOnLoginPage && eventService) {
+          await eventService.restorePersistedEvent();
+        }
+      } catch (error) {
+        // Service may not be available yet or events not loaded - that's okay
+        console.debug('[PaceLoginPage] Could not restore persisted event (service may not be ready):', error);
+      }
+    };
+    // Small delay to ensure login page is fully rendered before restoring
+    const timeoutId = setTimeout(() => {
+      restoreEvent();
+    }, 100);
+    return () => clearTimeout(timeoutId);
+  }, [eventService]);
   // Check app access after authentication using RBAC
   useEffect(() => {
     if (!requireAppAccess || !isAuthenticated || isLoading || !user || !supabase) {