@jmruthers/pace-core 0.5.110 → 0.5.111

package/src/hooks/__tests__/usePermissionCache.simple.test.ts

@@ -6,15 +6,73 @@ import { useRBAC } from '../../rbac/hooks/useRBAC';
 // Mock the useRBAC hook
 vi.mock('../../rbac/hooks/useRBAC');
 
+// Mock isPermittedCached from RBAC API (used by usePermissionCache)
+vi.mock('../../rbac/api', async () => {
+  const actual = await vi.importActual('../../rbac/api');
+  return {
+    ...actual,
+    isPermittedCached: vi.fn().mockResolvedValue(true),
+  };
+});
+
+// Mock useOrganisations hook (required by usePermissionCache)
+const mockOrganisationContext = {
+  selectedOrganisation: {
+    id: 'test-org-id',
+    name: 'Test Organisation',
+    display_name: 'Test Organisation',
+    slug: 'test-org',
+    description: 'Test organisation',
+    subscription_tier: 'basic',
+    settings: {},
+    is_active: true,
+    created_at: '2023-01-01T00:00:00Z',
+    updated_at: '2023-01-01T00:00:00Z',
+  },
+  organisations: [],
+  userMemberships: [],
+  isLoading: false,
+  error: null,
+  hasValidOrganisationContext: true,
+  setSelectedOrganisation: vi.fn(),
+  switchOrganisation: vi.fn().mockResolvedValue(undefined),
+  getUserRole: vi.fn().mockReturnValue('member'),
+  validateOrganisationAccess: vi.fn().mockReturnValue(true),
+  ensureOrganisationContext: vi.fn().mockReturnValue(null),
+  refreshOrganisations: vi.fn().mockResolvedValue(undefined),
+  getPrimaryOrganisation: vi.fn().mockReturnValue(null),
+  isOrganisationSecure: vi.fn().mockReturnValue(true),
+};
+
+vi.mock('../useOrganisations', () => ({
+  useOrganisations: () => mockOrganisationContext,
+}));
+
+// Mock useEvents hook (optional - wrapped in try/catch in usePermissionCache)
+vi.mock('../useEvents', () => ({
+  useEvents: vi.fn(() => ({
+    selectedEvent: { event_id: 'event-123' },
+    events: [],
+    isLoading: false,
+    error: null,
+  })),
+}));
+
 const mockUseRBAC = vi.mocked(useRBAC);
 
 // Import after mocking
 import { usePermissionCache } from '../usePermissionCache';
+import { isPermittedCached } from '../../rbac/api';
+const mockIsPermittedCached = vi.mocked(isPermittedCached);
 
 describe('usePermissionCache - Simple Tests', () => {
   beforeEach(() => {
     vi.clearAllMocks();
     
+    // Reset isPermittedCached mock
+    mockIsPermittedCached.mockClear();
+    mockIsPermittedCached.mockResolvedValue(true);
+    
     // Mock the useRBAC hook return value
     mockUseRBAC.mockReturnValue({
       hasPermission: vi.fn().mockResolvedValue(true),
@@ -40,9 +98,9 @@ describe('usePermissionCache - Simple Tests', () => {
   });
 
   it('should check permission and return result', async () => {
-    const mockHasPermission = vi.fn().mockResolvedValue(true);
+    mockIsPermittedCached.mockResolvedValueOnce(true);
     mockUseRBAC.mockReturnValue({
-      hasPermission: mockHasPermission,
+      hasPermission: vi.fn().mockResolvedValue(true),
       user: { id: 'test-user-id' }
     });
 
@@ -53,15 +111,15 @@ describe('usePermissionCache - Simple Tests', () => {
     const permission = await result.current.checkPermission('read', 'dashboard');
 
     expect(permission).toBe(true);
-    expect(mockHasPermission).toHaveBeenCalledWith('read', 'dashboard');
+    expect(mockIsPermittedCached).toHaveBeenCalled();
   });
 
   it('should handle permission check errors gracefully', async () => {
     const consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
-    const mockHasPermission = vi.fn().mockRejectedValue(new Error('Database error'));
+    mockIsPermittedCached.mockRejectedValueOnce(new Error('Database error'));
     
     mockUseRBAC.mockReturnValue({
-      hasPermission: mockHasPermission,
+      hasPermission: vi.fn().mockResolvedValue(true),
       user: { id: 'test-user-id' }
     });
 

package/src/hooks/__tests__/usePermissionCache.unit.test.ts

@@ -6,15 +6,86 @@ import { useRBAC } from '../../rbac/hooks/useRBAC';
 // Mock the useRBAC hook
 vi.mock('../../rbac/hooks/useRBAC');
 
+// Mock useUnifiedAuth (required by usePermissionCache for user context)
+vi.mock('../../providers/UnifiedAuthProvider', () => ({
+  useUnifiedAuth: vi.fn(() => ({
+    user: { id: 'test-user-id' },
+    session: null,
+    appName: 'test-app',
+    selectedOrganisationId: undefined,
+    selectedEventId: undefined
+  }))
+}));
+
+// Mock isPermittedCached from RBAC API (used by usePermissionCache)
+vi.mock('../../rbac/api', async () => {
+  const actual = await vi.importActual('../../rbac/api');
+  return {
+    ...actual,
+    isPermittedCached: vi.fn().mockResolvedValue(true),
+  };
+});
+
+// Mock useOrganisations hook (required by usePermissionCache)
+const mockOrganisationContext = {
+  selectedOrganisation: {
+    id: 'test-org-id',
+    name: 'Test Organisation',
+    display_name: 'Test Organisation',
+    slug: 'test-org',
+    description: 'Test organisation',
+    subscription_tier: 'basic',
+    settings: {},
+    is_active: true,
+    created_at: '2023-01-01T00:00:00Z',
+    updated_at: '2023-01-01T00:00:00Z',
+  },
+  organisations: [],
+  userMemberships: [],
+  isLoading: false,
+  error: null,
+  hasValidOrganisationContext: true,
+  setSelectedOrganisation: vi.fn(),
+  switchOrganisation: vi.fn().mockResolvedValue(undefined),
+  getUserRole: vi.fn().mockReturnValue('member'),
+  validateOrganisationAccess: vi.fn().mockReturnValue(true),
+  ensureOrganisationContext: vi.fn().mockReturnValue(null),
+  refreshOrganisations: vi.fn().mockResolvedValue(undefined),
+  getPrimaryOrganisation: vi.fn().mockReturnValue(null),
+  isOrganisationSecure: vi.fn().mockReturnValue(true),
+};
+
+vi.mock('../useOrganisations', () => ({
+  useOrganisations: () => mockOrganisationContext,
+}));
+
+// Mock useEvents hook (optional - wrapped in try/catch in usePermissionCache)
+vi.mock('../useEvents', () => ({
+  useEvents: vi.fn(() => ({
+    selectedEvent: { event_id: 'event-123' },
+    events: [],
+    isLoading: false,
+    error: null,
+  })),
+}));
+
 const mockUseRBAC = vi.mocked(useRBAC);
 
 // Import after mocking
 import { usePermissionCache } from '../usePermissionCache';
+import { isPermittedCached } from '../../rbac/api';
+import { useUnifiedAuth } from '../../providers/UnifiedAuthProvider';
+const mockIsPermittedCached = vi.mocked(isPermittedCached);
+const mockUseUnifiedAuth = vi.mocked(useUnifiedAuth);
 
 describe('usePermissionCache', () => {
   beforeEach(() => {
     vi.clearAllMocks();
     
+    // Reset isPermittedCached mock
+    mockIsPermittedCached.mockClear();
+    mockIsPermittedCached.mockResolvedValue(true);
+    
     // Default mock implementation
     mockUseRBAC.mockReturnValue({
       hasPermission: vi.fn().mockResolvedValue(true),
@@ -59,9 +130,9 @@ describe('usePermissionCache', () => {
 
   describe('Single Permission Checking', () => {
     it('checks permission and caches result', async () => {
-      const mockHasPermission = vi.fn().mockResolvedValue(true);
+      mockIsPermittedCached.mockResolvedValueOnce(true);
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
 
@@ -72,13 +143,13 @@ describe('usePermissionCache', () => {
       const permission = await result.current.checkPermission('read', 'dashboard');
 
       expect(permission).toBe(true);
-      expect(mockHasPermission).toHaveBeenCalledWith('read', 'dashboard');
+      expect(mockIsPermittedCached).toHaveBeenCalled();
     });
 
     it('returns cached result for subsequent calls', async () => {
-      const mockHasPermission = vi.fn().mockResolvedValue(true);
+      mockIsPermittedCached.mockResolvedValueOnce(true);
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
 
@@ -92,13 +163,14 @@ describe('usePermissionCache', () => {
       // Second call should use cache
       await result.current.checkPermission('read', 'dashboard');
 
-      expect(mockHasPermission).toHaveBeenCalledTimes(1);
+      // Should only call isPermittedCached once (second call uses cache)
+      expect(mockIsPermittedCached).toHaveBeenCalledTimes(1);
     });
 
     it('respects custom TTL', async () => {
-      const mockHasPermission = vi.fn().mockResolvedValue(true);
+      mockIsPermittedCached.mockResolvedValueOnce(true);
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
 
@@ -108,15 +180,15 @@ describe('usePermissionCache', () => {
 
       await result.current.checkPermission('read', 'dashboard', 2000);
 
-      expect(mockHasPermission).toHaveBeenCalledWith('read', 'dashboard');
+      expect(mockIsPermittedCached).toHaveBeenCalled();
     });
 
     it('handles permission check errors gracefully', async () => {
       const consoleSpy = vi.spyOn(console, 'error').mockImplementation(() => {});
-      const mockHasPermission = vi.fn().mockRejectedValue(new Error('Database error'));
+      mockIsPermittedCached.mockRejectedValueOnce(new Error('Database error'));
       
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
 
@@ -135,14 +207,14 @@ describe('usePermissionCache', () => {
 
   describe('Multiple Permission Checking', () => {
     it('checks multiple permissions efficiently', async () => {
-      const mockHasPermission = vi.fn()
+      mockIsPermittedCached
         .mockResolvedValueOnce(true)
         .mockResolvedValueOnce(false)
         .mockResolvedValueOnce(true)
         .mockResolvedValueOnce(false);
       
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
       
@@ -176,12 +248,12 @@ describe('usePermissionCache', () => {
     });
 
     it('uses cached results for multiple permission checks', async () => {
-      const mockHasPermission = vi.fn()
+      mockIsPermittedCached
         .mockResolvedValueOnce(true)
         .mockResolvedValueOnce(false);
       
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
       
@@ -202,17 +274,19 @@ describe('usePermissionCache', () => {
         ['create', 'dashboard']
       ]);
 
-      expect(mockHasPermission).toHaveBeenCalledTimes(2);
+      // Should only call isPermittedCached twice (once per permission, second call uses cache)
+      expect(mockIsPermittedCached).toHaveBeenCalledTimes(2);
     });
 
     it('handles mixed cached and uncached permissions', async () => {
-      const mockHasPermission = vi.fn()
+      mockIsPermittedCached
         .mockResolvedValueOnce(true)
         .mockResolvedValueOnce(false)
-        .mockResolvedValueOnce(true);
+        .mockResolvedValueOnce(true)
+        .mockResolvedValueOnce(false);
       
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
       
@@ -245,9 +319,9 @@ describe('usePermissionCache', () => {
 
   describe('Cache Management', () => {
     it('enforces maximum cache size', async () => {
-      const mockHasPermission = vi.fn().mockResolvedValue(true);
+      mockIsPermittedCached.mockResolvedValue(true);
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
 
@@ -268,9 +342,9 @@ describe('usePermissionCache', () => {
     });
 
     it('invalidates cache entries', async () => {
-      const mockHasPermission = vi.fn().mockResolvedValue(true);
+      mockIsPermittedCached.mockResolvedValue(true);
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
 
@@ -289,13 +363,14 @@ describe('usePermissionCache', () => {
       await result.current.checkPermission('read', 'dashboard');
       await result.current.checkPermission('create', 'dashboard');
 
-      expect(mockHasPermission).toHaveBeenCalledTimes(4);
+      // Should be called 4 times (2 initial + 2 after invalidation)
+      expect(mockIsPermittedCached).toHaveBeenCalledTimes(4);
     });
 
     it('invalidates cache entries by pattern', async () => {
-      const mockHasPermission = vi.fn().mockResolvedValue(true);
+      mockIsPermittedCached.mockResolvedValue(true);
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
 
@@ -316,15 +391,16 @@ describe('usePermissionCache', () => {
       await result.current.checkPermission('read', 'admin');
 
       // dashboard should be called again, admin should use cache
-      expect(mockHasPermission).toHaveBeenCalledTimes(4);
+      // 3 initial calls + 1 for dashboard after invalidation = 4 total
+      expect(mockIsPermittedCached).toHaveBeenCalledTimes(4);
     });
 
     it('cleans up expired cache entries', async () => {
       vi.useFakeTimers();
       
-      const mockHasPermission = vi.fn().mockResolvedValue(true);
+      mockIsPermittedCached.mockResolvedValue(true);
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
 
@@ -348,12 +424,12 @@ describe('usePermissionCache', () => {
 
   describe('Debug Information', () => {
     it('provides accurate debug information', async () => {
-      const mockHasPermission = vi.fn()
+      mockIsPermittedCached
         .mockResolvedValueOnce(true)
         .mockResolvedValueOnce(false);
       
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
       
@@ -378,9 +454,9 @@ describe('usePermissionCache', () => {
     });
 
     it('tracks response times accurately', async () => {
-      const mockHasPermission = vi.fn().mockResolvedValue(true);
+      mockIsPermittedCached.mockResolvedValue(true);
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
       
@@ -400,9 +476,17 @@ describe('usePermissionCache', () => {
 
   describe('Audit Trail', () => {
     it('records audit trail when enabled', async () => {
-      const mockHasPermission = vi.fn().mockResolvedValue(true);
+      mockIsPermittedCached.mockResolvedValue(true);
+      // The hook uses useUnifiedAuth for user, not useRBAC
+      mockUseUnifiedAuth.mockReturnValue({
+        user: { id: 'test-user-id' },
+        session: null,
+        appName: 'test-app',
+        selectedOrganisationId: undefined,
+        selectedEventId: undefined
+      } as any);
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
 
@@ -416,28 +500,28 @@ describe('usePermissionCache', () => {
       const auditTrail = result.current.getAuditTrail();
 
       expect(auditTrail).toHaveLength(2);
-      expect(auditTrail[0]).toEqual({
-        timestamp: expect.any(Number),
-        operation: 'read',
-        pageId: 'dashboard',
-        result: true,
-        cached: false,
-        userId: 'test-user-id'
-      });
-      expect(auditTrail[1]).toEqual({
-        timestamp: expect.any(Number),
-        operation: 'create',
-        pageId: 'admin',
-        result: true,
-        cached: false,
-        userId: 'test-user-id'
-      });
+      // Check all properties including timestamp
+      expect(auditTrail[0]).toHaveProperty('timestamp');
+      expect(auditTrail[0]).toHaveProperty('operation', 'read');
+      expect(auditTrail[0]).toHaveProperty('pageId', 'dashboard');
+      expect(auditTrail[0]).toHaveProperty('result', true);
+      expect(auditTrail[0]).toHaveProperty('cached', false);
+      expect(auditTrail[0]).toHaveProperty('userId', 'test-user-id');
+      expect(typeof auditTrail[0].timestamp).toBe('number');
+      
+      expect(auditTrail[1]).toHaveProperty('timestamp');
+      expect(auditTrail[1]).toHaveProperty('operation', 'create');
+      expect(auditTrail[1]).toHaveProperty('pageId', 'admin');
+      expect(auditTrail[1]).toHaveProperty('result', true);
+      expect(auditTrail[1]).toHaveProperty('cached', false);
+      expect(auditTrail[1]).toHaveProperty('userId', 'test-user-id');
+      expect(typeof auditTrail[1].timestamp).toBe('number');
     });
 
     it('does not record audit trail when disabled', async () => {
-      const mockHasPermission = vi.fn().mockResolvedValue(true);
+      mockIsPermittedCached.mockResolvedValue(true);
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
 
@@ -452,9 +536,9 @@ describe('usePermissionCache', () => {
     });
 
     it('limits audit trail size', async () => {
-      const mockHasPermission = vi.fn().mockResolvedValue(true);
+      mockIsPermittedCached.mockResolvedValue(true);
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
 
@@ -476,9 +560,9 @@ describe('usePermissionCache', () => {
     it('logs permission checks when enabled', async () => {
       const consoleSpy = vi.spyOn(console, 'log').mockImplementation(() => {});
       
-      const mockHasPermission = vi.fn().mockResolvedValue(true);
+      mockIsPermittedCached.mockResolvedValue(true);
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
 
@@ -498,9 +582,9 @@ describe('usePermissionCache', () => {
     it('does not log when disabled', async () => {
       const consoleSpy = vi.spyOn(console, 'log').mockImplementation(() => {});
       
-      const mockHasPermission = vi.fn().mockResolvedValue(true);
+      mockIsPermittedCached.mockResolvedValue(true);
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
 
@@ -520,14 +604,14 @@ describe('usePermissionCache', () => {
 
   describe('Cached Permissions', () => {
     it('returns cached permissions for a page', async () => {
-      const mockHasPermission = vi.fn()
+      mockIsPermittedCached
         .mockResolvedValueOnce(true)
         .mockResolvedValueOnce(false)
         .mockResolvedValueOnce(true)
         .mockResolvedValueOnce(false);
       
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
       
@@ -554,9 +638,9 @@ describe('usePermissionCache', () => {
     });
 
     it('returns empty array for uncached page', async () => {
-      const mockHasPermission = vi.fn().mockResolvedValue(true);
+      mockIsPermittedCached.mockResolvedValue(true);
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
 
@@ -572,9 +656,9 @@ describe('usePermissionCache', () => {
 
   describe('Edge Cases', () => {
     it('handles concurrent permission checks', async () => {
-      const mockHasPermission = vi.fn().mockResolvedValue(true);
+      mockIsPermittedCached.mockResolvedValue(true);
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
 
@@ -592,13 +676,13 @@ describe('usePermissionCache', () => {
       const results = await Promise.all(promises);
 
       expect(results).toEqual([true, true, true]);
-      expect(mockHasPermission).toHaveBeenCalledTimes(1); // Should only call once due to caching
+      expect(mockIsPermittedCached).toHaveBeenCalledTimes(1); // Should only call once due to caching
     });
 
     it('handles rapid cache invalidation', async () => {
-      const mockHasPermission = vi.fn().mockResolvedValue(true);
+      mockIsPermittedCached.mockResolvedValue(true);
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
 
@@ -610,13 +694,13 @@ describe('usePermissionCache', () => {
       result.current.invalidateCache();
       await result.current.checkPermission('read', 'dashboard');
 
-      expect(mockHasPermission).toHaveBeenCalledTimes(2);
+      expect(mockIsPermittedCached).toHaveBeenCalledTimes(2);
     });
 
     it('handles empty permission arrays', async () => {
-      const mockHasPermission = vi.fn().mockResolvedValue(true);
+      mockIsPermittedCached.mockResolvedValue(true);
       mockUseRBAC.mockReturnValue({
-        hasPermission: mockHasPermission,
+        hasPermission: vi.fn().mockResolvedValue(true),
         user: { id: 'test-user-id' }
       });
 
@@ -627,7 +711,7 @@ describe('usePermissionCache', () => {
       const permissions = await result.current.checkMultiplePermissions([]);
 
       expect(permissions).toHaveLength(0);
-      expect(mockHasPermission).not.toHaveBeenCalled();
+      expect(mockIsPermittedCached).not.toHaveBeenCalled();
     });
   });
 }); 

package/src/hooks/__tests__/useRBAC.unit.test.ts

@@ -139,45 +139,11 @@ describe('useRBAC (unit)', () => {
     await waitFor(() => expect(result.current.isLoading).toBe(false));
 
     expect(result.current.isSuperAdmin).toBe(true);
-    expect(await result.current.hasPermission('delete', 'users')).toBe(true);
+    // Note: Permission checking tests moved to useCan.test.ts
   });
 
-  it('uses cached permission map when checking permissions', async () => {
-    mockUseUnifiedAuth.mockReturnValue({
-      user: { id: 'user-1' },
-      session: { access_token: 'token' },
-      appName: 'console',
-    });
-    mockUseOrganisations.mockReturnValue({ selectedOrganisation: { id: 'org-1' } });
-    mockGetPermissionMap.mockResolvedValue({ 'read:users': true, 'write:users': false });
-
-    const { result } = renderHook(() => useRBAC());
-
-    await waitFor(() => expect(result.current.isLoading).toBe(false));
-
-    mockIsPermittedCached.mockClear();
-    expect(await result.current.hasPermission('read:users')).toBe(true);
-    expect(await result.current.hasPermission('write:users')).toBe(false);
-    expect(mockIsPermittedCached).not.toHaveBeenCalled();
-  });
-
-  it('falls back to engine when permission not cached', async () => {
-    mockUseUnifiedAuth.mockReturnValue({
-      user: { id: 'user-1' },
-      session: { access_token: 'token' },
-      appName: 'console',
-    });
-    mockUseOrganisations.mockReturnValue({ selectedOrganisation: { id: 'org-1' } });
-    mockGetPermissionMap.mockResolvedValue({});
-    mockIsPermittedCached.mockResolvedValue(true);
-
-    const { result } = renderHook(() => useRBAC());
-
-    await waitFor(() => expect(result.current.isLoading).toBe(false));
-
-    expect(await result.current.hasPermission('read', 'users')).toBe(true);
-    expect(mockIsPermittedCached).toHaveBeenCalled();
-  });
+  // Note: Permission checking tests have been moved to useCan.test.ts
+  // useRBAC now focuses on role information and context, not permission checks
 
   it('returns true for hasGlobalPermission when organisation admin', async () => {
     mockUseUnifiedAuth.mockReturnValue({
@@ -213,6 +179,6 @@ describe('useRBAC (unit)', () => {
 
     expect(result.current.error).toBeInstanceOf(Error);
     expect(result.current.globalRole).toBeNull();
-    expect(await result.current.hasPermission('read', 'users')).toBe(false);
+    // Note: Permission checking moved to useCan hook
   });
 });

package/src/hooks/index.ts

@@ -52,7 +52,7 @@ export { useDataTablePerformance } from './useDataTablePerformance';
 export type { UseDataTablePerformanceOptions, UseDataTablePerformanceReturn } from './useDataTablePerformance';
 
 // === FILE DISPLAY HOOKS ===
-export { useFileDisplay, clearFileDisplayCache, getFileDisplayCacheStats } from './useFileDisplay';
+export { useFileDisplay, clearFileDisplayCache, getFileDisplayCacheStats, invalidateFileDisplayCache } from './useFileDisplay';
 export type { UseFileDisplayReturn, UseFileDisplayOptions } from './useFileDisplay';
 
 // === PUBLIC DATA ACCESS HOOKS ===