@jmruthers/pace-core 0.5.109 → 0.5.111

package/src/hooks/useFileDisplay.ts

@@ -156,6 +156,33 @@ export function useFileDisplay(
       const cached = authenticatedFileCache.get(cacheKey);
       if (cached && Date.now() - cached.timestamp < cached.ttl) {
         const cachedData = cached.data;
+        
+        // FIX: Regenerate signed URL for private files if missing
+        if (cachedData.fileReference && !cachedData.fileUrl && 
+            cachedData.fileReference.is_public === false && supabase) {
+          // Regenerate signed URL without fetching from database
+          try {
+            const signedUrlResult = await getSignedUrl(supabase, cachedData.fileReference.file_path, {
+              appName: 'pace-core',
+              orgId: organisation_id,
+              expiresIn: 3600
+            });
+            const regeneratedUrl = signedUrlResult?.url || null;
+            setFileUrl(regeneratedUrl);
+            setFileReference(cachedData.fileReference);
+            setFileReferences(cachedData.fileReferences || []);
+            setFileUrls(cachedData.fileUrls || new Map());
+            setFileCount(cachedData.fileCount || 0);
+            setIsLoading(false);
+            setError(null);
+            return;
+          } catch (err) {
+            // If signed URL regeneration fails, fall through to normal fetch
+            console.warn('[useFileDisplay] Failed to regenerate signed URL from cache, falling back to fetch:', err);
+          }
+        }
+        
+        // Normal cache hit for public files or files with URLs
         setFileUrl(cachedData.fileUrl || null);
         setFileReference(cachedData.fileReference || null);
         setFileReferences(cachedData.fileReferences || []);
@@ -387,3 +414,27 @@ export function getFileDisplayCacheStats(): { size: number; keys: string[] } {
   };
 }
 
+/**
+ * Invalidate cache for a specific file display entry
+ * Useful for clearing cache after file uploads or updates
+ * 
+ * @param table_name - The table name containing the file reference
+ * @param record_id - The record ID that owns the file(s)
+ * @param organisation_id - The organisation ID for storage path
+ * @param category - Optional file category to invalidate (if provided, also invalidates 'all' category)
+ */
+export function invalidateFileDisplayCache(
+  table_name: string,
+  record_id: string,
+  organisation_id: string,
+  category?: FileCategory
+): void {
+  const cacheKey = `file_${table_name}_${record_id}_${organisation_id}_${category || 'all'}`;
+  authenticatedFileCache.delete(cacheKey);
+  // Also invalidate 'all' category if specific category invalidated
+  if (category) {
+    const allCategoryKey = `file_${table_name}_${record_id}_${organisation_id}_all`;
+    authenticatedFileCache.delete(allCategoryKey);
+  }
+}
+

package/src/hooks/usePermissionCache.test.ts

@@ -10,33 +10,56 @@
 import { renderHook, waitFor, act } from '@testing-library/react';
 import { vi, describe, it, expect, beforeEach, afterEach } from 'vitest';
 import { usePermissionCache } from './usePermissionCache';
-import { useRBAC } from '../rbac/hooks/useRBAC';
 
-// Mock the RBAC hook
-vi.mock('../rbac/hooks/useRBAC', () => ({
-  useRBAC: vi.fn()
+// Mock the dependencies
+vi.mock('../providers/UnifiedAuthProvider', () => ({
+  useUnifiedAuth: vi.fn()
 }));
 
-describe('usePermissionCache', () => {
-  const mockUseRBAC = vi.mocked(useRBAC);
-  
-  // Create stable mock objects to prevent unnecessary re-renders
-  const stableMockRBAC = {
-    hasPermission: vi.fn().mockResolvedValue(true),
-    isSuperAdmin: vi.fn().mockResolvedValue(false),
-    isOrgAdmin: vi.fn().mockResolvedValue(false),
-    isEventAdmin: vi.fn().mockResolvedValue(false),
-    // Add other required properties
-  } as any;
+vi.mock('./useOrganisations', () => ({
+  useOrganisations: vi.fn()
+}));
+
+vi.mock('./useEvents', () => ({
+  useEvents: vi.fn()
+}));
+
+vi.mock('../rbac/api', () => ({
+  isPermittedCached: vi.fn()
+}));
+
+import { useUnifiedAuth } from '../providers/UnifiedAuthProvider';
+import { useOrganisations } from './useOrganisations';
+import { useEvents } from './useEvents';
+import { isPermittedCached } from '../rbac/api';
+
+const mockUseUnifiedAuth = vi.mocked(useUnifiedAuth);
+const mockUseOrganisations = vi.mocked(useOrganisations);
+const mockUseEvents = vi.mocked(useEvents);
+const mockIsPermittedCached = vi.mocked(isPermittedCached);
 
+describe('usePermissionCache', () => {
   beforeEach(() => {
     vi.clearAllMocks();
-    // Reset the mock functions to return the expected values
-    stableMockRBAC.hasPermission.mockResolvedValue(true);
-    stableMockRBAC.isSuperAdmin.mockResolvedValue(false);
-    stableMockRBAC.isOrgAdmin.mockResolvedValue(false);
-    stableMockRBAC.isEventAdmin.mockResolvedValue(false);
-    mockUseRBAC.mockReturnValue(stableMockRBAC);
+    
+    // Setup default mocks
+    mockUseUnifiedAuth.mockReturnValue({
+      user: { id: 'user-123' },
+      session: null,
+      appName: 'test-app',
+      selectedOrganisationId: 'org-123',
+      selectedEventId: undefined
+    } as any);
+    
+    mockUseOrganisations.mockReturnValue({
+      selectedOrganisation: { id: 'org-123' }
+    } as any);
+    
+    mockUseEvents.mockReturnValue({
+      selectedEvent: null
+    } as any);
+    
+    mockIsPermittedCached.mockResolvedValue(true);
   });
 
     describe('Hook Initialization', () => {
@@ -65,9 +88,10 @@ describe('usePermissionCache', () => {
       expect(result.current.getDebugInfo).toBeDefined();
     });
 
-    it('depends on useRBAC hook', () => {
+    it('depends on auth and organisation hooks', () => {
       renderHook(() => usePermissionCache());
-      expect(mockUseRBAC).toHaveBeenCalled();
+      expect(mockUseUnifiedAuth).toHaveBeenCalled();
+      expect(mockUseOrganisations).toHaveBeenCalled();
     });
   });
 
@@ -77,7 +101,14 @@ describe('usePermissionCache', () => {
 
       const hasPermission = await result.current.checkPermission('read', 'users');
       expect(hasPermission).toBe(true);
-      expect(mockUseRBAC().hasPermission).toHaveBeenCalledWith('read', 'users');
+      expect(mockIsPermittedCached).toHaveBeenCalledWith(
+        expect.objectContaining({
+          userId: 'user-123',
+          scope: expect.objectContaining({ organisationId: 'org-123' }),
+          permission: 'read:page.users',
+          pageId: 'users'
+        })
+      );
 
       // Check that result is cached
       const cachedResult = await result.current.checkPermission('read', 'users');
@@ -100,13 +131,7 @@ describe('usePermissionCache', () => {
     });
 
     it('handles permission check errors gracefully', async () => {
-      mockUseRBAC.mockReturnValue({
-        hasPermission: vi.fn().mockRejectedValue(new Error('Permission check failed')),
-        isSuperAdmin: vi.fn().mockResolvedValue(false),
-        isOrgAdmin: vi.fn().mockResolvedValue(false),
-        isEventAdmin: vi.fn().mockResolvedValue(false),
-        // Add other required properties
-      } as any);
+      mockIsPermittedCached.mockRejectedValueOnce(new Error('Permission check failed'));
 
       const { result } = renderHook(() => usePermissionCache());
 
@@ -114,8 +139,14 @@ describe('usePermissionCache', () => {
       expect(hasPermission).toBe(false);
     });
 
-    it('handles missing RBAC hook gracefully', () => {
-      mockUseRBAC.mockReturnValue(null as any);
+    it('handles missing user context gracefully', () => {
+      mockUseUnifiedAuth.mockReturnValueOnce({
+        user: null,
+        session: null,
+        appName: 'test-app',
+        selectedOrganisationId: undefined,
+        selectedEventId: undefined
+      } as any);
 
       const { result } = renderHook(() => usePermissionCache());
 
@@ -134,7 +165,7 @@ describe('usePermissionCache', () => {
       // Second check should use cache
       await result.current.checkPermission('read', 'users');
       
-      expect(mockUseRBAC().hasPermission).toHaveBeenCalledTimes(1);
+      expect(mockIsPermittedCached).toHaveBeenCalledTimes(1);
     });
 
     it('expires cached results after TTL', async () => {
@@ -151,7 +182,7 @@ describe('usePermissionCache', () => {
       // Second check should not use cache
       await result.current.checkPermission('read', 'users');
       
-      expect(mockUseRBAC().hasPermission).toHaveBeenCalledTimes(2);
+      expect(mockIsPermittedCached).toHaveBeenCalledTimes(2);
     });
 
     it('invalidates cache correctly', async () => {
@@ -166,7 +197,7 @@ describe('usePermissionCache', () => {
       // Check again - should not use cache
       await result.current.checkPermission('read', 'users');
       
-      expect(mockUseRBAC().hasPermission).toHaveBeenCalledTimes(2);
+      expect(mockIsPermittedCached).toHaveBeenCalledTimes(2);
     });
 
     it('respects max cache size', async () => {
@@ -219,15 +250,9 @@ describe('usePermissionCache', () => {
       const { result } = renderHook(() => usePermissionCache());
 
       // Mock slow permission check
-      mockUseRBAC.mockReturnValue({
-        hasPermission: vi.fn().mockImplementation(() => 
-          new Promise(resolve => setTimeout(() => resolve(true), 100))
-        ),
-        isSuperAdmin: vi.fn().mockResolvedValue(false),
-        isOrgAdmin: vi.fn().mockResolvedValue(false),
-        isEventAdmin: vi.fn().mockResolvedValue(false),
-        // Add other required properties
-      } as any);
+      mockIsPermittedCached.mockImplementation(() => 
+        new Promise(resolve => setTimeout(() => resolve(true), 100))
+      );
 
       await result.current.checkPermission('read', 'users');
       
@@ -313,14 +338,8 @@ describe('usePermissionCache', () => {
   });
 
   describe('Error Handling', () => {
-    it('handles RBAC hook errors gracefully', async () => {
-      mockUseRBAC.mockReturnValue({
-        hasPermission: vi.fn().mockRejectedValue(new Error('RBAC error')),
-        isSuperAdmin: vi.fn().mockResolvedValue(false),
-        isOrgAdmin: vi.fn().mockResolvedValue(false),
-        isEventAdmin: vi.fn().mockResolvedValue(false),
-        // Add other required properties
-      } as any);
+    it('handles permission API errors gracefully', async () => {
+      mockIsPermittedCached.mockRejectedValueOnce(new Error('RBAC error'));
 
       const { result } = renderHook(() => usePermissionCache());
 
@@ -357,7 +376,7 @@ describe('usePermissionCache', () => {
       // Should not use cache
       await result.current.checkPermission('read', 'users');
       
-      expect(mockUseRBAC().hasPermission).toHaveBeenCalledTimes(2);
+      expect(mockIsPermittedCached).toHaveBeenCalledTimes(2);
     });
 
     it('respects max cache size configuration', async () => {
@@ -374,34 +393,59 @@ describe('usePermissionCache', () => {
     });
   });
 
-  describe('Integration with RBAC', () => {
-    it('integrates with useRBAC hook correctly', () => {
+  describe('Integration with RBAC API', () => {
+    it('integrates with auth and organisation hooks correctly', () => {
       renderHook(() => usePermissionCache());
-      expect(mockUseRBAC).toHaveBeenCalled();
+      expect(mockUseUnifiedAuth).toHaveBeenCalled();
+      expect(mockUseOrganisations).toHaveBeenCalled();
     });
 
-    it('passes correct parameters to RBAC hook', async () => {
+    it('passes correct parameters to isPermittedCached', async () => {
       const { result } = renderHook(() => usePermissionCache());
 
       await result.current.checkPermission('read', 'users');
       
-      expect(mockUseRBAC().hasPermission).toHaveBeenCalledWith('read', 'users');
+      expect(mockIsPermittedCached).toHaveBeenCalledWith(
+        expect.objectContaining({
+          userId: 'user-123',
+          scope: expect.objectContaining({ organisationId: 'org-123' }),
+          permission: 'read:page.users',
+          pageId: 'users'
+        })
+      );
     });
 
-    it('handles RBAC hook state changes', async () => {
-      const mockHasPermission = vi.fn().mockResolvedValue(true);
-      mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
-        isSuperAdmin: vi.fn().mockResolvedValue(false),
-        isOrgAdmin: vi.fn().mockResolvedValue(false),
-        isEventAdmin: vi.fn().mockResolvedValue(false),
-        // Add other required properties
+    it('handles permission API state changes', async () => {
+      mockIsPermittedCached.mockResolvedValueOnce(true);
+      mockUseUnifiedAuth.mockReturnValueOnce({
+        user: { id: 'user-456' },
+        session: null,
+        appName: 'test-app',
+        selectedOrganisationId: undefined,
+        selectedEventId: undefined
+      } as any);
+      
+      // The hook uses useOrganisations() for organisationId, not useUnifiedAuth
+      // The mock for useOrganisations returns 'org-123' by default
+      mockUseOrganisations.mockReturnValueOnce({
+        selectedOrganisation: { id: 'org-123' },
+        organisations: [],
+        userMemberships: [],
+        isLoading: false,
+        error: null
       } as any);
 
       const { result } = renderHook(() => usePermissionCache());
 
       await result.current.checkPermission('read', 'users');
-      expect(mockHasPermission).toHaveBeenCalledWith('read', 'users');
+      expect(mockIsPermittedCached).toHaveBeenCalledWith(
+        expect.objectContaining({
+          userId: 'user-456',
+          scope: expect.objectContaining({ organisationId: 'org-123' }),
+          permission: 'read:page.users',
+          pageId: 'users'
+        })
+      );
     });
   });
 });

package/src/hooks/usePermissionCache.ts

@@ -47,13 +47,19 @@
  *
  * @dependencies
  * - React 18+ - Hooks and effects
- * - useRBAC hook - Base permission checking
+ * - RBAC API functions - isPermittedCached for permission checking
  * - RBAC types - Type definitions
+ * 
+ * @deprecated Consider using useCan() or usePermissions() hooks directly instead.
+ * This hook provides additional caching on top of the built-in caching in useCan/usePermissions.
  */
 
 import { useState, useCallback, useMemo, useEffect, useRef } from 'react';
-import { useRBAC } from '../rbac/hooks/useRBAC';
-import type { Operation } from '../rbac/types';
+import { useUnifiedAuth } from '../providers/UnifiedAuthProvider';
+import { useOrganisations } from './useOrganisations';
+import { useEvents } from './useEvents';
+import { isPermittedCached } from '../rbac/api';
+import type { Operation, Permission, Scope, UUID } from '../rbac/types';
 
 // Cache entry interface
 interface CacheEntry {
@@ -124,9 +130,24 @@ export function usePermissionCache(config: Partial<CacheConfig> = {}) {
     userId?: string;
   }>>([]);
 
-  // Get base RBAC hook
-  const rbacHook = useRBAC();
-  const { hasPermission: baseHasPermission, user } = rbacHook || {};
+  // Get auth context for userId and scope
+  const { user } = useUnifiedAuth();
+  const { selectedOrganisation } = useOrganisations();
+  
+  let selectedEvent: { event_id: string } | null = null;
+  try {
+    const eventsContext = useEvents();
+    selectedEvent = eventsContext.selectedEvent;
+  } catch (error) {
+    // Event provider not available - continue without event context
+  }
+  
+  // Build scope for permission checks
+  const scope: Scope = useMemo(() => ({
+    organisationId: selectedOrganisation?.id || '',
+    eventId: selectedEvent?.event_id || undefined,
+    appId: undefined
+  }), [selectedOrganisation?.id, selectedEvent?.event_id]);
 
   // Generate cache key
   const getCacheKey = useCallback((operation: Operation, pageId: string): string => {
@@ -204,8 +225,8 @@ export function usePermissionCache(config: Partial<CacheConfig> = {}) {
       return false;
     }
 
-    if (!baseHasPermission) {
-      console.warn('[PermissionCache] RBAC not available - permission check failed');
+    if (!user?.id || !scope.organisationId) {
+      console.warn('[PermissionCache] User or organisation context not available - permission check failed');
       return false;
     }
 
@@ -229,7 +250,17 @@ export function usePermissionCache(config: Partial<CacheConfig> = {}) {
     // Create new promise for this permission check
     const permissionPromise = (async () => {
       try {
-        const result = await baseHasPermission(operation, pageId);
+        // Build permission string: operation:page.pageId
+        const permission: Permission = pageId 
+          ? `${operation}:page.${pageId}` as Permission
+          : `${operation}:${pageId || ''}` as Permission;
+        
+        const result = await isPermittedCached({
+          userId: user.id as UUID,
+          scope,
+          permission,
+          pageId: pageId as UUID | undefined
+        });
         const responseTime = Date.now() - startTime;
         
         // Cache the result
@@ -267,7 +298,7 @@ export function usePermissionCache(config: Partial<CacheConfig> = {}) {
     promiseCache.current.set(cacheKey, permissionPromise);
     
     return permissionPromise;
-  }, [baseHasPermission, getCacheKey, isCacheValid, logPermissionCheck, mergedConfig.defaultTTL, mergedConfig.maxCacheSize, triggerCleanup]);
+  }, [user?.id, scope, getCacheKey, isCacheValid, logPermissionCheck, mergedConfig.defaultTTL, mergedConfig.maxCacheSize, triggerCleanup]);
 
   // Check multiple permissions efficiently
   const checkMultiplePermissions = useCallback(async (
@@ -280,14 +311,13 @@ export function usePermissionCache(config: Partial<CacheConfig> = {}) {
       return [];
     }
 
-    if (!baseHasPermission) {
-      console.warn('[PermissionCache] RBAC not available - permission checks failed');
+    if (!user?.id || !scope.organisationId) {
+      console.warn('[PermissionCache] User or organisation context not available - permission checks failed');
       return permissions.map(([operation, pageId]) => ({
         operation,
         pageId,
         hasPermission: false,
         cached: false,
-        responseTime: 0,
         timestamp: Date.now()
       }));
     }
@@ -324,7 +354,17 @@ export function usePermissionCache(config: Partial<CacheConfig> = {}) {
       // For now, check them individually (could be optimized with batch RPC)
       for (const [operation, pageId, originalIndex] of uncachedPermissions) {
         try {
-          const result = await baseHasPermission(operation, pageId);
+          // Build permission string: operation:page.pageId
+          const permission: Permission = pageId 
+            ? `${operation}:page.${pageId}` as Permission
+            : `${operation}:${pageId || ''}` as Permission;
+          
+          const result = await isPermittedCached({
+            userId: user.id as UUID,
+            scope,
+            permission,
+            pageId: pageId as UUID | undefined
+          });
           const cacheKey = getCacheKey(operation, pageId);
           
           // Cache the result
@@ -376,7 +416,7 @@ export function usePermissionCache(config: Partial<CacheConfig> = {}) {
     stats.current.totalResponseTime += Date.now() - startTime;
     
     return results;
-  }, [baseHasPermission, getCacheKey, isCacheValid, logPermissionCheck, mergedConfig.defaultTTL, mergedConfig.maxCacheSize, triggerCleanup]);
+  }, [user?.id, scope, getCacheKey, isCacheValid, logPermissionCheck, mergedConfig.defaultTTL, mergedConfig.maxCacheSize, triggerCleanup]);
 
   // Get cached permissions for a page
   const getCachedPermissions = useCallback((pageId: string): Array<{ operation: Operation; hasPermission: boolean }> => {