@jmruthers/pace-core 0.5.114 → 0.5.116

package/src/hooks/useEventTheme.ts

@@ -26,6 +26,50 @@ import { useEvents } from './useEvents';
 import { applyPalette, clearPalette } from '../theming/runtime';
 import type { PaletteData, ColorPalette } from '../theming/runtime';
 
+/**
+ * Parse and normalize event_colours to PaletteData (supports ev-* keys and string JSON)
+ * This matches the logic in EventService.parseAndNormalizeEventColours()
+ */
+function parseAndNormalizeEventColours(input: unknown): { main: any; sec: any; acc: any } | null {
+  try {
+    if (!input) return null;
+    let obj: any = input;
+    if (typeof input === 'string') {
+      try {
+        obj = JSON.parse(input);
+      } catch {
+        return null;
+      }
+    } else if (typeof input !== 'object') {
+      return null;
+    }
+
+    const pick = (o: any, pref: string, plain: string) => (o?.[pref] ?? o?.[plain]) || null;
+    const main = pick(obj, 'ev-main', 'main');
+    const sec  = pick(obj, 'ev-sec',  'sec');
+    const acc  = pick(obj, 'ev-acc',  'acc');
+    if (!main && !sec && !acc) return null;
+
+    // Fill helper: return palette as-is, only return empty object if null/undefined/empty
+    const fill = (p: any) => {
+      if (!p) return {};
+      // If object is empty or has no actual color values, return empty object
+      const keys = Object.keys(p);
+      if (keys.length === 0) return {};
+      // Check if any values are truthy (not null/undefined)
+      const hasValues = keys.some(k => p[k] != null);
+      if (!hasValues) return {};
+      // Return the object as-is (don't fill missing shades)
+      return p;
+    };
+
+    return { main: fill(main), sec: fill(sec), acc: fill(acc) };
+  } catch (error) {
+    console.warn('[useEventTheme] Failed to parse/normalize event colours:', error);
+    return null;
+  }
+}
+
 /**
  * Hook that automatically applies event-specific theming
  * 
@@ -62,30 +106,17 @@ export function useEventTheme(): void {
     // Check if the event has theme colors
     const eventColours = selectedEvent.event_colours;
 
-    if (!eventColours || typeof eventColours !== 'object') {
-      clearPalette();
-      return;
-    }
-
-    // Validate that event_colours has the expected structure
-    const palette = eventColours as Partial<PaletteData>;
+    // Parse and normalize event_colours (same logic as EventService)
+    const normalized = parseAndNormalizeEventColours(eventColours);
     
-    // Check if we have at least one valid palette (main, sec, or acc)
-    if (!palette.main && !palette.sec && !palette.acc) {
+    if (!normalized) {
       clearPalette();
       return;
     }
 
-    // Apply the palette
-    // The system expects main, sec, and acc, so we ensure all are present (empty if needed)
-    const fullPalette: PaletteData = {
-      main: (palette.main as ColorPalette) || {},
-      sec: (palette.sec as ColorPalette) || {},
-      acc: (palette.acc as ColorPalette) || {},
-    };
-
+    // Apply the normalized palette
     try {
-      applyPalette(fullPalette);
+      applyPalette(normalized);
     } catch (error) {
       console.error('[useEventTheme] Failed to apply event palette:', error);
     }

package/src/hooks/usePermissionCache.ts

@@ -322,7 +322,8 @@ export function usePermissionCache(config: Partial<CacheConfig> = {}) {
       }));
     }
 
-    const results: PermissionResult[] = [];
+    // Pre-size results array to maintain order and length
+    const results: PermissionResult[] = new Array(permissions.length);
     const startTime = Date.now();
     
     // Check cache for all permissions first
@@ -334,13 +335,14 @@ export function usePermissionCache(config: Partial<CacheConfig> = {}) {
       const entry = cache.current.get(cacheKey);
       
       if (entry && isCacheValid(entry)) {
-        results.push({
+        // Use index assignment to maintain order
+        results[i] = {
           operation,
           pageId,
           hasPermission: entry.result,
           cached: true,
           timestamp: entry.timestamp
-        });
+        };
         stats.current.cacheHits++;
       } else {
         uncachedPermissions.push([operation, pageId, i]);

package/src/hooks/useSecureDataAccess.ts

@@ -459,9 +459,19 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
     await setOrganisationContextInSession(organisationId);
 
     // Include organisation_id in RPC parameters
+    // Some functions use p_organisation_id instead of organisation_id (to avoid conflicts with RETURNS TABLE columns)
+    const functionsWithPOrganisationId = [
+      'data_cake_diners_list',
+      'data_cake_mealplans_list'
+    ];
+    
+    const paramName = functionsWithPOrganisationId.includes(functionName) 
+      ? 'p_organisation_id' 
+      : 'organisation_id';
+    
     const secureParams = {
       ...params,
-      organisation_id: organisationId
+      [paramName]: organisationId
     };
 
     const { data, error } = await supabase!.rpc(functionName, secureParams);

package/src/hooks/useToast.ts

@@ -4,9 +4,9 @@
  * @package @jmruthers/pace-core
  * @module Hooks
  * @since 0.1.0
- * 
+ *
  * Toast notifications automatically dismiss after 10 seconds by default.
- * You can customize the duration by providing a `duration` prop (in milliseconds).
+ * The duration is fixed to the pace-core default to ensure consistent behaviour.
  */
 
 import * as React from "react"
@@ -22,7 +22,6 @@ export interface ToastProps {
   title?: React.ReactNode;
   description?: React.ReactNode;
   variant?: 'default' | 'destructive' | 'success';
-  duration?: number;
   onClose?: () => void;
   action?: React.ReactElement;
 }
@@ -34,6 +33,8 @@ export interface ToastProps {
 type ToasterToast = ToastProps & {
   /** Unique identifier for the toast */
   id: string
+  /** Duration before automatic dismissal in milliseconds */
+  duration?: number
   /** Optional title content */
   title?: React.ReactNode
   /** Optional description content */
@@ -181,32 +182,30 @@ function reducer(state: State, action: {
 
 /**
  * Toast configuration without ID
+ * Duration is fixed to DEFAULT_TOAST_DURATION and cannot be overridden
  */
-type Toast = Omit<ToasterToast, "id">
+type Toast = Omit<ToasterToast, "id" | "duration">
 
 /**
  * Creates a new toast notification
- * @param props - Toast configuration. Duration defaults to 10 seconds (10000ms) if not provided.
+ * @param props - Toast configuration. Duration is automatically set to 10 seconds (10000ms) and cannot be customized.
  * @returns Object with toast ID and control methods
  */
-function toast({ duration, ...props }: Toast) {
+function toast(props: Toast) {
   const id = genId()
 
-  const update = (props: Partial<Omit<ToasterToast, "id">>) =>
+  const update = (props: Partial<Omit<ToasterToast, "id" | "duration">>) =>
     dispatch({
       type: "UPDATE_TOAST",
-      toast: { ...props, id },
+      toast: { ...props, duration: DEFAULT_TOAST_DURATION, id },
     })
   const dismiss = () => dispatch({ type: "DISMISS_TOAST", toastId: id })
 
-  // Use provided duration or default to 10 seconds
-  const toastDuration = duration ?? DEFAULT_TOAST_DURATION
-
   dispatch({
     type: "ADD_TOAST",
     toast: {
       ...props,
-      duration: toastDuration,
+      duration: DEFAULT_TOAST_DURATION,
       id,
       open: true,
       dismiss,

package/src/providers/services/EventServiceProvider.tsx

@@ -52,16 +52,23 @@ export function EventServiceProvider({
 
   // Update service dependencies and initialize when dependencies change
   useEffect(() => {
-    eventService.updateDependencies(supabaseClient, user, session, appName, selectedOrganisation, setSelectedEventId);
-    
-    // Re-initialize service when dependencies change
     let isMounted = true;
     
-    eventService.initialize().catch(error => {
-      if (isMounted) {
-        console.error('[EventServiceProvider] Failed to initialize event service:', error);
-      }
-    });
+    const updateAndInitialize = async () => {
+      // Update dependencies (now async to handle user change cleanup)
+      await eventService.updateDependencies(supabaseClient, user, session, appName, selectedOrganisation, setSelectedEventId);
+      
+      if (!isMounted) return;
+      
+      // Re-initialize service when dependencies change
+      await eventService.initialize().catch(error => {
+        if (isMounted) {
+          console.error('[EventServiceProvider] Failed to initialize event service:', error);
+        }
+      });
+    };
+
+    updateAndInitialize();
 
     return () => {
       isMounted = false;

package/src/rbac/__tests__/cache-invalidation.test.ts

@@ -0,0 +1,385 @@
+/**
+ * @file RBAC Cache Invalidation Tests
+ * @package @jmruthers/pace-core
+ * @module RBAC/CacheInvalidation
+ * @since 1.0.0
+ * 
+ * Comprehensive tests for the RBAC cache invalidation system.
+ */
+
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
+import { createMockSupabaseClient } from '@test/helpers';
+import type { SupabaseClient } from '@supabase/supabase-js';
+import type { Database } from '../types/database';
+import {
+  RBACCacheInvalidationManager,
+  INVALIDATION_PATTERNS,
+  initializeCacheInvalidation,
+  getCacheInvalidationManager,
+} from '../cache-invalidation';
+import { rbacCache, CACHE_PATTERNS } from '../cache';
+import { emitAuditEvent } from '../audit';
+
+// Mock the cache module
+vi.mock('../cache', () => ({
+  rbacCache: {
+    invalidate: vi.fn(),
+    clear: vi.fn(),
+  },
+  CACHE_PATTERNS: {
+    USER: (userId: string) => `user:${userId}`,
+    ORGANISATION: (orgId: string) => `org:${orgId}`,
+    EVENT: (eventId: string) => `event:${eventId}`,
+    APP: (appId: string) => `app:${appId}`,
+  },
+}));
+
+// Mock the audit module
+vi.mock('../audit', () => ({
+  emitAuditEvent: vi.fn(() => Promise.resolve(undefined)),
+}));
+
+describe('RBAC Cache Invalidation', () => {
+  let mockSupabase: ReturnType<typeof createMockSupabaseClient>;
+  let manager: RBACCacheInvalidationManager;
+
+  beforeEach(() => {
+    vi.clearAllMocks();
+    mockSupabase = createMockSupabaseClient();
+    manager = new RBACCacheInvalidationManager(mockSupabase as unknown as SupabaseClient<Database>);
+  });
+
+  afterEach(() => {
+    vi.clearAllMocks();
+  });
+
+  describe('INVALIDATION_PATTERNS', () => {
+    describe('USER_ROLES_CHANGED', () => {
+      it('generates correct patterns for user invalidation', () => {
+        const userId = 'user-123' as const;
+        const patterns = INVALIDATION_PATTERNS.USER_ROLES_CHANGED(userId);
+        
+        expect(patterns).toContain('user:user-123');
+        expect(patterns).toContain('perm:user-123:*');
+        expect(patterns).toContain('access:user-123:*');
+        expect(patterns).toContain('map:user-123:*');
+      });
+    });
+
+    describe('ORGANISATION_PERMISSIONS_CHANGED', () => {
+      it('generates correct patterns for organisation invalidation', () => {
+        const orgId = 'org-456' as const;
+        const patterns = INVALIDATION_PATTERNS.ORGANISATION_PERMISSIONS_CHANGED(orgId);
+        
+        expect(patterns).toContain('org:org-456');
+        expect(patterns).toContain('perm:*:org-456:*');
+        expect(patterns).toContain('access:*:org-456:*');
+        expect(patterns).toContain('map:*:org-456:*');
+      });
+    });
+
+    describe('EVENT_PERMISSIONS_CHANGED', () => {
+      it('generates correct patterns for event invalidation', () => {
+        const eventId = 'event-789';
+        const patterns = INVALIDATION_PATTERNS.EVENT_PERMISSIONS_CHANGED(eventId);
+        
+        expect(patterns).toContain('event:event-789');
+        expect(patterns).toContain('perm:*:*:event-789:*');
+        expect(patterns).toContain('access:*:*:event-789:*');
+        expect(patterns).toContain('map:*:*:event-789:*');
+      });
+    });
+
+    describe('APP_PERMISSIONS_CHANGED', () => {
+      it('generates correct patterns for app invalidation', () => {
+        const appId = 'app-abc' as const;
+        const patterns = INVALIDATION_PATTERNS.APP_PERMISSIONS_CHANGED(appId);
+        
+        expect(patterns).toContain('app:app-abc');
+        expect(patterns).toContain('perm:*:*:*:app-abc:*');
+        expect(patterns).toContain('access:*:*:*:app-abc');
+        expect(patterns).toContain('map:*:*:*:app-abc');
+      });
+    });
+
+    describe('PAGE_PERMISSIONS_CHANGED', () => {
+      it('generates correct patterns for page invalidation', () => {
+        const pageId = 'page-xyz' as const;
+        const patterns = INVALIDATION_PATTERNS.PAGE_PERMISSIONS_CHANGED(pageId);
+        
+        expect(patterns).toContain('perm:*:*:*:*:page-xyz');
+        expect(patterns).toContain('map:*:*:*:*');
+      });
+    });
+  });
+
+  describe('RBACCacheInvalidationManager', () => {
+    describe('onInvalidation', () => {
+      it('adds callback and returns unsubscribe function', () => {
+        const callback = vi.fn();
+        const unsubscribe = manager.onInvalidation(callback);
+        
+        expect(typeof unsubscribe).toBe('function');
+        
+        // Trigger invalidation
+        manager.invalidateUser('user-123' as const, 'test');
+        
+        expect(callback).toHaveBeenCalled();
+        
+        // Unsubscribe
+        unsubscribe();
+        
+        // Clear mocks
+        vi.clearAllMocks();
+        
+        // Trigger again - callback should not be called
+        manager.invalidateUser('user-123' as const, 'test');
+        expect(callback).not.toHaveBeenCalled();
+      });
+
+      it('handles multiple callbacks', () => {
+        const callback1 = vi.fn();
+        const callback2 = vi.fn();
+        
+        manager.onInvalidation(callback1);
+        manager.onInvalidation(callback2);
+        
+        manager.invalidateUser('user-123' as const, 'test');
+        
+        expect(callback1).toHaveBeenCalled();
+        expect(callback2).toHaveBeenCalled();
+      });
+    });
+
+    describe('invalidateUser', () => {
+      it('invalidates cache for user with correct patterns', () => {
+        const userId = 'user-123' as const;
+        manager.invalidateUser(userId, 'test-reason');
+        
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('user:user-123');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('perm:user-123:*');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('access:user-123:*');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('map:user-123:*');
+      });
+
+      it('emits audit event for user invalidation', async () => {
+        const userId = 'user-123' as const;
+        manager.invalidateUser(userId, 'test-reason');
+        
+        await vi.waitFor(() => {
+          expect(emitAuditEvent).toHaveBeenCalled();
+        });
+        
+        const auditCall = vi.mocked(emitAuditEvent).mock.calls[0][0];
+        expect(auditCall.type).toBe('permission_check');
+        expect(auditCall.permission).toBe('cache:invalidate');
+        expect(auditCall.metadata?.reason).toBe('test-reason');
+      });
+    });
+
+    describe('invalidateOrganisation', () => {
+      it('invalidates cache for organisation with correct patterns', () => {
+        const orgId = 'org-456' as const;
+        manager.invalidateOrganisation(orgId, 'test-reason');
+        
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('org:org-456');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('perm:*:org-456:*');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('access:*:org-456:*');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('map:*:org-456:*');
+      });
+    });
+
+    describe('invalidateEvent', () => {
+      it('invalidates cache for event with correct patterns', () => {
+        const eventId = 'event-789';
+        manager.invalidateEvent(eventId, 'test-reason');
+        
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('event:event-789');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('perm:*:*:event-789:*');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('access:*:*:event-789:*');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('map:*:*:event-789:*');
+      });
+    });
+
+    describe('invalidateApp', () => {
+      it('invalidates cache for app with correct patterns', () => {
+        const appId = 'app-abc' as const;
+        manager.invalidateApp(appId, 'test-reason');
+        
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('app:app-abc');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('perm:*:*:*:app-abc:*');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('access:*:*:*:app-abc');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('map:*:*:*:app-abc');
+      });
+    });
+
+    describe('invalidatePage', () => {
+      it('invalidates cache for page with correct patterns', () => {
+        const pageId = 'page-xyz' as const;
+        manager.invalidatePage(pageId, 'test-reason');
+        
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('perm:*:*:*:*:page-xyz');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('map:*:*:*:*');
+      });
+    });
+
+    describe('invalidateAllUsersInOrganisation', () => {
+      it('invalidates cache for all users in organisation', async () => {
+        const orgId = 'org-456' as const;
+        const mockUsers = [
+          { user_id: 'user-1' as const },
+          { user_id: 'user-2' as const },
+        ];
+        
+        mockSupabase.from.mockReturnValue({
+          select: vi.fn().mockReturnValue({
+            eq: vi.fn().mockReturnValue({
+              eq: vi.fn().mockResolvedValue({
+                data: mockUsers,
+                error: null,
+              }),
+            }),
+          }),
+        } as any);
+        
+        await manager.invalidateAllUsersInOrganisation(orgId, 'test-reason');
+        
+        // Should invalidate each user
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('user:user-1');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('user:user-2');
+      });
+
+      it('handles empty user list gracefully', async () => {
+        const orgId = 'org-456' as const;
+        
+        mockSupabase.from.mockReturnValue({
+          select: vi.fn().mockReturnValue({
+            eq: vi.fn().mockReturnValue({
+              eq: vi.fn().mockResolvedValue({
+                data: [],
+                error: null,
+              }),
+            }),
+          }),
+        } as any);
+        
+        await manager.invalidateAllUsersInOrganisation(orgId, 'test-reason');
+        
+        // Should not throw, but should not call invalidate for users
+        expect(rbacCache.invalidate).not.toHaveBeenCalledWith(expect.stringContaining('user:'));
+      });
+
+      it('handles null data gracefully', async () => {
+        const orgId = 'org-456' as const;
+        
+        mockSupabase.from.mockReturnValue({
+          select: vi.fn().mockReturnValue({
+            eq: vi.fn().mockReturnValue({
+              eq: vi.fn().mockResolvedValue({
+                data: null,
+                error: null,
+              }),
+            }),
+          }),
+        } as any);
+        
+        await manager.invalidateAllUsersInOrganisation(orgId, 'test-reason');
+        
+        // Should not throw
+        expect(rbacCache.invalidate).not.toHaveBeenCalledWith(expect.stringContaining('user:'));
+      });
+    });
+
+    describe('clearAllCache', () => {
+      it('clears all cache entries', () => {
+        manager.clearAllCache();
+        expect(rbacCache.clear).toHaveBeenCalled();
+      });
+    });
+
+    describe('setupRealtimeSubscriptions', () => {
+      it('skips subscriptions when realtime is not available', () => {
+        const mockSupabaseNoRealtime = createMockSupabaseClient();
+        mockSupabaseNoRealtime.channel = undefined;
+        
+        const managerNoRealtime = new RBACCacheInvalidationManager(
+          mockSupabaseNoRealtime as unknown as SupabaseClient<Database>
+        );
+        
+        // Should not throw and should log that realtime is not available
+        expect(managerNoRealtime).toBeDefined();
+      });
+
+      it('sets up subscriptions when realtime is available', () => {
+        const mockChannel = {
+          on: vi.fn().mockReturnThis(),
+          subscribe: vi.fn(),
+        };
+        
+        const mockSupabaseWithRealtime = createMockSupabaseClient();
+        mockSupabaseWithRealtime.channel = vi.fn(() => mockChannel);
+        
+        const managerWithRealtime = new RBACCacheInvalidationManager(
+          mockSupabaseWithRealtime as unknown as SupabaseClient<Database>
+        );
+        
+        expect(mockSupabaseWithRealtime.channel).toHaveBeenCalled();
+        expect(mockChannel.on).toHaveBeenCalled();
+        expect(mockChannel.subscribe).toHaveBeenCalled();
+      });
+    });
+  });
+
+  describe('Global Functions', () => {
+    describe('initializeCacheInvalidation', () => {
+      it('initializes and returns cache invalidation manager', () => {
+        const manager = initializeCacheInvalidation(mockSupabase as unknown as SupabaseClient<Database>);
+        
+        expect(manager).toBeInstanceOf(RBACCacheInvalidationManager);
+      });
+
+      it('sets global manager instance', () => {
+        initializeCacheInvalidation(mockSupabase as unknown as SupabaseClient<Database>);
+        
+        const globalManager = getCacheInvalidationManager();
+        expect(globalManager).toBeInstanceOf(RBACCacheInvalidationManager);
+      });
+    });
+
+    describe('getCacheInvalidationManager', () => {
+      it('returns null when manager is not initialized', () => {
+        // Reset global state by creating new instance without initialize
+        const manager = getCacheInvalidationManager();
+        // May be null or the previous instance
+        expect(manager === null || manager instanceof RBACCacheInvalidationManager).toBe(true);
+      });
+
+      it('returns manager instance after initialization', () => {
+        const manager = initializeCacheInvalidation(mockSupabase as unknown as SupabaseClient<Database>);
+        const retrieved = getCacheInvalidationManager();
+        
+        expect(retrieved).toBe(manager);
+      });
+    });
+  });
+
+  describe('Error Handling', () => {
+    it('handles audit event errors gracefully', async () => {
+      vi.mocked(emitAuditEvent).mockRejectedValue(new Error('Audit error'));
+      
+      const consoleWarnSpy = vi.spyOn(console, 'warn').mockImplementation(() => {});
+      
+      manager.invalidateUser('user-123' as const, 'test');
+      
+      await vi.waitFor(() => {
+        expect(consoleWarnSpy).toHaveBeenCalledWith(
+          expect.stringContaining('[RBAC Cache] Failed to log cache invalidation audit event'),
+          expect.any(Error)
+        );
+      });
+      
+      consoleWarnSpy.mockRestore();
+    });
+  });
+});
+