@jmruthers/pace-core 0.5.110 → 0.5.112

package/dist/{chunk-3J5N2T2N.js → chunk-EKVVTPIF.js}

@@ -25,16 +25,16 @@ import {
   SelectSeparator,
   SelectTrigger,
   SelectValue
-} from "./chunk-HGZSO43Y.js";
+} from "./chunk-WMPZY26G.js";
 import {
+  useCan,
   usePermissions,
   useRBAC,
   useResolvedScope
-} from "./chunk-HADXAZT3.js";
+} from "./chunk-I7JC7PTJ.js";
 import {
-  isPermitted,
   isSuperAdmin
-} from "./chunk-XRSP3H52.js";
+} from "./chunk-TAJRS6YB.js";
 import {
   OrganisationProvider_exports,
   PublicErrorBoundary,
@@ -49,18 +49,19 @@ import {
   useIsPublicPage,
   usePublicFileDisplay,
   usePublicPageContext
-} from "./chunk-2W4WKJVF.js";
+} from "./chunk-F6QB26OS.js";
 import {
   useToast
 } from "./chunk-4OX5PXHX.js";
 import {
+  init_useOrganisations,
   useEvents,
   useOrganisations
-} from "./chunk-EZ64QG2I.js";
+} from "./chunk-L36JW4KV.js";
 import {
   UnifiedAuthProvider_exports,
   init_UnifiedAuthProvider as init_UnifiedAuthProvider2
-} from "./chunk-EYSXQ756.js";
+} from "./chunk-7H75SHXZ.js";
 import {
   EventServiceContext,
   EventServiceProvider,
@@ -70,7 +71,7 @@ import {
   useEventService,
   useSessionRestoration,
   useUnifiedAuth
-} from "./chunk-AUXS7XSO.js";
+} from "./chunk-OO3V7W4H.js";
 import {
   LoadingSpinner
 } from "./chunk-CDQ3PX7L.js";
@@ -584,7 +585,23 @@ function EventSelector({
     return [...events].sort((a, b) => getTime(b) - getTime(a));
   }, [events]);
   useEffect(() => {
-    if (!selectedEvent && events.length > 0) {
+    if (!selectedEvent && events.length > 0 && !isLoading) {
+      const persistedEventId = localStorage.getItem("pace-core-selected-event") || sessionStorage.getItem("pace-core-selected-event");
+      if (persistedEventId) {
+        const persistedEvent = events.find((e) => e.event_id === persistedEventId);
+        if (persistedEvent) {
+          console.debug("[EventSelector] Persisted event found in storage but not selected:", persistedEventId);
+          return;
+        } else {
+          localStorage.removeItem("pace-core-selected-event");
+          sessionStorage.removeItem("pace-core-selected-event");
+          autoSelectEvent();
+        }
+      } else {
+        autoSelectEvent();
+      }
+    }
+    function autoSelectEvent() {
       const today = /* @__PURE__ */ new Date();
       const startOfToday = new Date(today.getFullYear(), today.getMonth(), today.getDate()).getTime();
       const next = [...events].filter((e) => e.event_date && new Date(e.event_date).getTime() >= startOfToday).sort((a, b) => new Date(a.event_date).getTime() - new Date(b.event_date).getTime())[0];
@@ -604,7 +621,7 @@ function EventSelector({
         }
       }
     }
-  }, [events, selectedEvent, setSelectedEvent, onEventChange]);
+  }, [events, selectedEvent, setSelectedEvent, onEventChange, isLoading]);
   if (isLoading) {
     return /* @__PURE__ */ jsxs4("div", { className: `flex items-center gap-2 ${className}`, children: [
       /* @__PURE__ */ jsx8(LoadingSpinner, { size: "sm" }),
@@ -919,14 +936,50 @@ var NavigationMenu = React9.forwardRef(({
     selectedOrganisationId: selectedOrganisation?.id || null,
     selectedEventId: selectedEvent?.event_id || null
   });
+  const stableScopeRef = React9.useRef({
+    organisationId: "",
+    eventId: void 0,
+    appId: void 0
+  });
+  if (resolvedScope?.organisationId) {
+    const newOrgId = resolvedScope.organisationId;
+    const newEventId = resolvedScope.eventId;
+    const newAppId = resolvedScope.appId;
+    if (stableScopeRef.current.organisationId !== newOrgId || stableScopeRef.current.eventId !== newEventId || stableScopeRef.current.appId !== newAppId) {
+      stableScopeRef.current = {
+        organisationId: newOrgId,
+        eventId: newEventId,
+        appId: newAppId
+      };
+    }
+  } else if (!resolvedScope) {
+    if (stableScopeRef.current.organisationId !== "") {
+      stableScopeRef.current = {
+        organisationId: "",
+        eventId: void 0,
+        appId: void 0
+      };
+    }
+  }
+  const stableScope = stableScopeRef.current;
   const userId = authContext?.user?.id || "";
-  const scope = resolvedScope || { organisationId: "", eventId: void 0, appId: void 0 };
-  const { permissions: permissionMap, hasAnyPermission, isLoading: permissionsLoading } = usePermissions(
+  const { permissions: permissionMap, hasAnyPermission, isLoading: permissionsLoading, error: permissionsError } = usePermissions(
     userId,
-    scope
+    stableScope
   );
   const filteredItems = React9.useMemo(() => {
-    if (!filterByPermissions || !authContext || !rbacContext || scopeLoading || permissionsLoading || !resolvedScope?.organisationId) {
+    if (filterByPermissions) {
+      if (!authContext || !rbacContext || scopeLoading || permissionsLoading || !resolvedScope?.organisationId) {
+        return [];
+      }
+      if (permissionsError || !permissionMap || Object.keys(permissionMap).length === 0) {
+        console.warn("[NavigationMenu] Permission map is empty or has error - showing no items for security", {
+          permissionsError: permissionsError?.message,
+          permissionMapSize: permissionMap ? Object.keys(permissionMap).length : 0
+        });
+        return [];
+      }
+    } else {
       return (items || []).filter((item) => !item.meta?.hidden);
     }
     const getPageIdFromHref = (href) => {
@@ -990,19 +1043,25 @@ var NavigationMenu = React9.forwardRef(({
           }
         }
       }
-      if (item.href && !item.permissions && !item.roles && !item.accessLevel) {
+      if (item.href) {
         const pageId = item.pageId || getPageIdFromHref(item.href);
         if (pageId) {
           const pagePermission = `read:page.${pageId}`;
-          const hasPagePermission = permissionMap["*"] === true || permissionMap[pagePermission] === true;
-          if (!hasPagePermission) {
+          const isSuperAdmin2 = permissionMap["*"] === true;
+          const hasPagePermission = permissionMap[pagePermission] === true;
+          const finalHasPermission = isSuperAdmin2 || hasPagePermission;
+          if (!finalHasPermission) {
             if (auditLog) {
               console.log(`[NavigationMenu] Filtering out navigation item "${item.label}" - no page permission:`, {
                 itemId: item.id,
                 href: item.href,
                 pageId,
                 permission: pagePermission,
-                hasPermission: hasPagePermission
+                hasPermission: finalHasPermission,
+                isSuperAdmin: isSuperAdmin2,
+                permissionMapValue: permissionMap[pagePermission],
+                permissionMapKeys: Object.keys(permissionMap).slice(0, 10)
+                // Show first 10 keys for debugging
               });
             }
             return false;
@@ -1026,7 +1085,8 @@ var NavigationMenu = React9.forwardRef(({
         children: filteredChildren
       };
     };
-    return (items || []).map((item) => filterItem(item)).filter((item) => item !== null);
+    const filtered = (items || []).map((item) => filterItem(item)).filter((item) => item !== null);
+    return filtered;
   }, [
     items,
     filterByPermissions,
@@ -1372,7 +1432,8 @@ Footer.displayName = "Footer";
 
 // src/components/PaceAppLayout/PaceAppLayout.tsx
 init_UnifiedAuthProvider2();
-import { useState as useState5, useEffect as useEffect3, useMemo as useMemo5, useCallback as useCallback3 } from "react";
+init_useOrganisations();
+import { useState as useState5, useEffect as useEffect3, useMemo as useMemo5 } from "react";
 import { Outlet, useNavigate, useLocation } from "react-router-dom";
 import { Fragment as Fragment4, jsx as jsx14, jsxs as jsxs10 } from "react/jsx-runtime";
 var EMPTY_PAGE_ID_MAPPING = {};
@@ -1407,48 +1468,31 @@ function PaceAppLayout({
   onRouteAccessDenied,
   onRouteStrictModeViolation
 }) {
-  const { user, signOut, updatePassword } = useUnifiedAuth();
+  const { user, signOut, updatePassword, supabase } = useUnifiedAuth();
+  const { selectedOrganisation } = useOrganisations();
   const navigate = useNavigate();
   const location = useLocation();
-  const checkPermission = useCallback3(async (permission, pageId) => {
-    try {
-      if (!user?.id) return false;
-      const scope = {
-        organisationId: user.user_metadata?.organisationId || user.app_metadata?.organisationId,
-        eventId: user.user_metadata?.eventId || user.app_metadata?.eventId,
-        appId: user.user_metadata?.appId || user.app_metadata?.appId
+  let selectedEvent = null;
+  try {
+    const eventsContext = useEvents();
+    selectedEvent = eventsContext.selectedEvent;
+  } catch (error) {
+  }
+  const { resolvedScope } = useResolvedScope({
+    supabase: supabase || null,
+    selectedOrganisationId: selectedOrganisation?.id || null,
+    selectedEventId: selectedEvent?.event_id || null
+  });
+  const scope = useMemo5(() => {
+    if (!resolvedScope?.organisationId) {
+      return {
+        organisationId: selectedOrganisation?.id || "",
+        eventId: selectedEvent?.event_id || void 0,
+        appId: void 0
       };
-      try {
-        const { isSuperAdmin: isSuperAdmin2 } = await import("./api-PIE4JRFS.js");
-        const isSuper = await isSuperAdmin2(user.id);
-        if (isSuper) {
-          return true;
-        }
-      } catch (error) {
-        if (error && typeof error === "object" && "code" in error && error.code === "RBAC_NOT_INITIALIZED") {
-        } else {
-          throw error;
-        }
-      }
-      if (!scope.organisationId) {
-        console.warn("No organisation context available for permission check, denying access");
-        return false;
-      }
-      const fullPermission = permission.includes(":") ? permission : pageId ? `${permission}:page.${pageId}` : permission;
-      return await isPermitted({
-        userId: user.id,
-        scope,
-        permission: fullPermission,
-        pageId
-      });
-    } catch (error) {
-      console.error("Permission check failed:", error);
-      throw error;
     }
-  }, [user?.id]);
-  const [hasPermission, setHasPermission] = useState5(null);
-  const [isCheckingPermission, setIsCheckingPermission] = useState5(false);
-  const [permissionError, setPermissionError] = useState5(null);
+    return resolvedScope;
+  }, [resolvedScope, selectedOrganisation?.id, selectedEvent?.event_id]);
   const defaultNavItems = useMemo5(() => [
     { id: "home", label: "Home", href: "/", icon: "Home" },
     { id: "dashboard", label: "Dashboard", href: "/dashboard", icon: "LayoutDashboard" },
@@ -1465,60 +1509,54 @@ function PaceAppLayout({
     const currentPath = location.pathname;
     return pageIdMapping[currentPath] || currentPath.slice(1) || "home";
   }, [location.pathname, pageIdMapping]);
+  const currentPermission = useMemo5(() => {
+    if (!enforcePermissions) {
+      return "read:page.home";
+    }
+    const permissionString = `${currentRoutePermission}:page.${currentPageId}`;
+    return permissionString;
+  }, [enforcePermissions, currentRoutePermission, currentPageId]);
+  const { can, isLoading: isCheckingPermission, error: permissionError } = useCan(
+    user?.id || "",
+    scope,
+    currentPermission,
+    currentPageId,
+    true
+    // useCache
+  );
+  const hasPermission = enforcePermissions ? can : true;
   useEffect3(() => {
     if (!enforcePermissions) {
-      setHasPermission(true);
       return;
     }
-    let isMounted = true;
-    const checkRoutePermission = async () => {
-      if (!isMounted) return;
-      setIsCheckingPermission(true);
-      setPermissionError(null);
-      try {
-        const hasAccess = await checkPermission(currentRoutePermission, currentPageId);
-        if (!isMounted) return;
-        setHasPermission(hasAccess);
-        if (auditLog) {
-          console.log(`[PaceAppLayout] Page access attempt:`, {
-            pageName: currentPageId,
-            operation: currentRoutePermission,
-            userId: user?.id,
-            allowed: hasAccess,
-            strictMode,
-            timestamp: (/* @__PURE__ */ new Date()).toISOString()
-          });
-        }
-        if (strictMode && !hasAccess) {
-          console.error(`[PaceAppLayout] STRICT MODE VIOLATION: User attempted to access protected page without permission`, {
-            pageName: currentPageId,
-            operation: currentRoutePermission,
-            userId: user?.id,
-            timestamp: (/* @__PURE__ */ new Date()).toISOString()
-          });
-          if (onStrictModeViolation) {
-            onStrictModeViolation(currentPageId, currentRoutePermission);
-          }
-        }
-        if (!hasAccess && onPageAccessDenied) {
-          onPageAccessDenied(currentPageId, currentRoutePermission);
-        }
-      } catch (error) {
-        if (!isMounted) return;
-        console.error(`[PaceAppLayout] Permission check failed for ${currentPageId}:`, error);
-        setPermissionError(error instanceof Error ? error : new Error("Permission check failed"));
-        setHasPermission(false);
-      } finally {
-        if (isMounted) {
-          setIsCheckingPermission(false);
-        }
+    if (isCheckingPermission) {
+      return;
+    }
+    if (auditLog) {
+      console.log(`[PaceAppLayout] Page access attempt:`, {
+        pageName: currentPageId,
+        operation: currentRoutePermission,
+        userId: user?.id,
+        allowed: can,
+        strictMode,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      });
+    }
+    if (strictMode && !can) {
+      console.error(`[PaceAppLayout] STRICT MODE VIOLATION: User attempted to access protected page without permission`, {
+        pageName: currentPageId,
+        operation: currentRoutePermission,
+        userId: user?.id,
+        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      });
+      if (onStrictModeViolation) {
+        onStrictModeViolation(currentPageId, currentRoutePermission);
       }
-    };
-    checkRoutePermission();
-    return () => {
-      isMounted = false;
-    };
-  }, [enforcePermissions, currentRoutePermission, currentPageId, strictMode, user?.id]);
+    }
+    if (!can && onPageAccessDenied) {
+      onPageAccessDenied(currentPageId, currentRoutePermission);
+    }
+  }, [enforcePermissions, can, isCheckingPermission, currentPageId, currentRoutePermission, user?.id, strictMode, auditLog, onPageAccessDenied, onStrictModeViolation]);
   const [filteredMenuItems, setFilteredMenuItems] = useState5(baseMenuItems);
   useEffect3(() => {
     if (!filterNavigationByPermissions) {
@@ -1533,13 +1571,13 @@ function PaceAppLayout({
         }
         return;
       }
-      const scope = {
+      const scope2 = {
         organisationId: user.user_metadata?.organisationId || user.app_metadata?.organisationId,
         eventId: user.user_metadata?.eventId || user.app_metadata?.eventId,
         appId: user.user_metadata?.appId || user.app_metadata?.appId
       };
       try {
-        const { isSuperAdmin: isSuperAdmin2 } = await import("./api-PIE4JRFS.js");
+        const { isSuperAdmin: isSuperAdmin2 } = await import("./api-QPMBZZUZ.js");
         const isSuper = await isSuperAdmin2(user.id);
         if (isSuper) {
           if (isMounted) {
@@ -1553,17 +1591,17 @@ function PaceAppLayout({
           throw error;
         }
       }
-      if (!scope.organisationId) {
+      if (!scope2.organisationId) {
         if (isMounted) {
           setFilteredMenuItems(baseMenuItems);
         }
         return;
       }
       try {
-        const { getPermissionMap } = await import("./api-PIE4JRFS.js");
+        const { getPermissionMap } = await import("./api-QPMBZZUZ.js");
         const permissionMap = await getPermissionMap({
           userId: user.id,
-          scope
+          scope: scope2
         });
         const filtered = baseMenuItems.map((item) => {
           if (!item.href) return { item, hasAccess: true };
@@ -1596,7 +1634,7 @@ function PaceAppLayout({
     return () => {
       isMounted = false;
     };
-  }, [baseMenuItems, filterNavigationByPermissions, pageIdMapping, routePermissions, defaultPermission, checkPermission, user?.id, user?.user_metadata, user?.app_metadata]);
+  }, [baseMenuItems, filterNavigationByPermissions, pageIdMapping, routePermissions, defaultPermission, can, user?.id, user?.user_metadata, user?.app_metadata]);
   useEffect3(() => {
     if (!roleBasedRouting || routeConfig.length === 0) return;
     let isMounted = true;
@@ -1619,7 +1657,13 @@ function PaceAppLayout({
       let hasAccess = true;
       if (currentRoute.pageId && currentRoute.permissions && currentRoute.permissions.length > 0) {
         try {
-          const hasPagePermission = await checkPermission(currentRoute.permissions[0], currentRoute.pageId);
+          const { isPermittedCached } = await import("./api-QPMBZZUZ.js");
+          const hasPagePermission = await isPermittedCached({
+            userId: user?.id || "",
+            scope,
+            permission: currentRoute.permissions[0],
+            pageId: currentRoute.pageId
+          });
           if (!isMounted) return;
           hasAccess = hasPagePermission;
         } catch (error) {
@@ -1629,7 +1673,7 @@ function PaceAppLayout({
         }
       }
       if (hasAccess && currentRoute.roles && currentRoute.roles.length > 0 && user?.id) {
-        const { useUnifiedAuth: useUnifiedAuth2 } = await import("./UnifiedAuthProvider-A7I23UCN.js");
+        const { useUnifiedAuth: useUnifiedAuth2 } = await import("./UnifiedAuthProvider-KZZUO27W.js");
         hasAccess = true;
       }
       if (!isMounted) return;
@@ -1669,7 +1713,7 @@ function PaceAppLayout({
     return () => {
       isMounted = false;
     };
-  }, [roleBasedRouting, routeConfig, location.pathname, strictMode, user?.id, fallbackRoute, checkPermission, navigate, auditLog, onRouteAccessDenied, onRouteStrictModeViolation]);
+  }, [roleBasedRouting, routeConfig, location.pathname, strictMode, user?.id, fallbackRoute, scope, navigate, auditLog, onRouteAccessDenied, onRouteStrictModeViolation]);
   const handleSignOut = async () => {
     await signOut();
   };
@@ -1737,9 +1781,10 @@ function PaceAppLayout({
 }
 
 // src/components/PaceLoginPage/PaceLoginPage.tsx
-import { useEffect as useEffect4, useState as useState6 } from "react";
+import { useEffect as useEffect4, useState as useState6, useContext } from "react";
 import { useNavigate as useNavigate2 } from "react-router-dom";
 init_runtime();
+init_EventServiceProvider();
 import { jsx as jsx15, jsxs as jsxs11 } from "react/jsx-runtime";
 var PaceLoginPage = ({
   appName = "Pace",
@@ -1751,9 +1796,27 @@ var PaceLoginPage = ({
   const [isSigningIn, setIsSigningIn] = useState6(false);
   const [accessError, setAccessError] = useState6(null);
   const [isCheckingAccess, setIsCheckingAccess] = useState6(false);
+  const eventServiceContext = useContext(EventServiceContext);
+  const eventService = eventServiceContext?.eventService || null;
   useEffect4(() => {
     clearPalette();
   }, []);
+  useEffect4(() => {
+    const restoreEvent = async () => {
+      try {
+        const isOnLoginPage = window.location.pathname === "/login" || window.location.pathname.startsWith("/login");
+        if (isOnLoginPage && eventService) {
+          await eventService.restorePersistedEvent();
+        }
+      } catch (error) {
+        console.debug("[PaceLoginPage] Could not restore persisted event (service may not be ready):", error);
+      }
+    };
+    const timeoutId = setTimeout(() => {
+      restoreEvent();
+    }, 100);
+    return () => clearTimeout(timeoutId);
+  }, [eventService]);
   useEffect4(() => {
     if (!requireAppAccess || !isAuthenticated || isLoading || !user || !supabase) {
       return;
@@ -2990,13 +3053,6 @@ function FileUpload({
           };
           onProgress?.(finalProgress);
           onUploadSuccess?.(result);
-          setTimeout(() => {
-            setUploadStates((prev) => {
-              const updated = new Map(prev);
-              updated.delete(fileId);
-              return updated;
-            });
-          }, 3e3);
         } else {
           setUploadStates((prev) => {
             const updated = new Map(prev);
@@ -3191,7 +3247,7 @@ function FileUpload({
 }
 
 // src/components/FileDisplay/FileDisplay.tsx
-import { useState as useState12, useEffect as useEffect8, useRef as useRef5, useContext, useMemo as useMemo9 } from "react";
+import { useState as useState12, useEffect as useEffect8, useRef as useRef5, useContext as useContext2, useMemo as useMemo9 } from "react";
 
 // src/hooks/useFileUrl.ts
 import { useState as useState11, useEffect as useEffect7, useCallback as useCallback7, useRef as useRef4 } from "react";
@@ -3571,7 +3627,7 @@ function FileDisplayPublic({
   fallbackText,
   fallbackSize
 }) {
-  const publicPageContext = useContext(PublicPageContext);
+  const publicPageContext = useContext2(PublicPageContext);
   const supabase = publicPageContext?.supabase ?? null;
   if (!supabase) {
     return /* @__PURE__ */ jsx22("div", { className: `text-sec-500 text-center p-4 ${className}`, children: "Supabase client not available in public context" });
@@ -4453,4 +4509,4 @@ export {
   PublicPageDiagnostic,
   PublicPageContextChecker
 };
-//# sourceMappingURL=chunk-3J5N2T2N.js.map
+//# sourceMappingURL=chunk-EKVVTPIF.js.map