npm - @jmruthers/pace-core - Versions diffs - 0.5.115 → 0.5.117 - Mend

@jmruthers/pace-core 0.5.115 → 0.5.117

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (235) hide show

package/src/hooks/useEventTheme.ts CHANGED Viewed

@@ -26,6 +26,50 @@ import { useEvents } from './useEvents';
 import { applyPalette, clearPalette } from '../theming/runtime';
 import type { PaletteData, ColorPalette } from '../theming/runtime';
+/**
+ * Parse and normalize event_colours to PaletteData (supports ev-* keys and string JSON)
+ * This matches the logic in EventService.parseAndNormalizeEventColours()
+ */
+function parseAndNormalizeEventColours(input: unknown): { main: any; sec: any; acc: any } | null {
+  try {
+    if (!input) return null;
+    let obj: any = input;
+    if (typeof input === 'string') {
+      try {
+        obj = JSON.parse(input);
+      } catch {
+        return null;
+      }
+    } else if (typeof input !== 'object') {
+      return null;
+    }
+    const pick = (o: any, pref: string, plain: string) => (o?.[pref] ?? o?.[plain]) || null;
+    const main = pick(obj, 'ev-main', 'main');
+    const sec  = pick(obj, 'ev-sec',  'sec');
+    const acc  = pick(obj, 'ev-acc',  'acc');
+    if (!main && !sec && !acc) return null;
+    // Fill helper: return palette as-is, only return empty object if null/undefined/empty
+    const fill = (p: any) => {
+      if (!p) return {};
+      // If object is empty or has no actual color values, return empty object
+      const keys = Object.keys(p);
+      if (keys.length === 0) return {};
+      // Check if any values are truthy (not null/undefined)
+      const hasValues = keys.some(k => p[k] != null);
+      if (!hasValues) return {};
+      // Return the object as-is (don't fill missing shades)
+      return p;
+    };
+    return { main: fill(main), sec: fill(sec), acc: fill(acc) };
+  } catch (error) {
+    console.warn('[useEventTheme] Failed to parse/normalize event colours:', error);
+    return null;
+  }
+}
 /**
  * Hook that automatically applies event-specific theming
  *
@@ -62,30 +106,17 @@ export function useEventTheme(): void {
     // Check if the event has theme colors
     const eventColours = selectedEvent.event_colours;
-    if (!eventColours || typeof eventColours !== 'object') {
-      clearPalette();
-      return;
-    }
-    // Validate that event_colours has the expected structure
-    const palette = eventColours as Partial<PaletteData>;
+    // Parse and normalize event_colours (same logic as EventService)
+    const normalized = parseAndNormalizeEventColours(eventColours);
-    // Check if we have at least one valid palette (main, sec, or acc)
-    if (!palette.main && !palette.sec && !palette.acc) {
+    if (!normalized) {
       clearPalette();
       return;
     }
-    // Apply the palette
-    // The system expects main, sec, and acc, so we ensure all are present (empty if needed)
-    const fullPalette: PaletteData = {
-      main: (palette.main as ColorPalette) || {},
-      sec: (palette.sec as ColorPalette) || {},
-      acc: (palette.acc as ColorPalette) || {},
-    };
+    // Apply the normalized palette
     try {
-      applyPalette(fullPalette);
+      applyPalette(normalized);
     } catch (error) {
       console.error('[useEventTheme] Failed to apply event palette:', error);
     }

package/src/hooks/usePermissionCache.ts CHANGED Viewed

@@ -322,7 +322,8 @@ export function usePermissionCache(config: Partial<CacheConfig> = {}) {
       }));
     }
-    const results: PermissionResult[] = [];
+    // Pre-size results array to maintain order and length
+    const results: PermissionResult[] = new Array(permissions.length);
     const startTime = Date.now();
     // Check cache for all permissions first
@@ -334,13 +335,14 @@ export function usePermissionCache(config: Partial<CacheConfig> = {}) {
       const entry = cache.current.get(cacheKey);
       if (entry && isCacheValid(entry)) {
-        results.push({
+        // Use index assignment to maintain order
+        results[i] = {
           operation,
           pageId,
           hasPermission: entry.result,
           cached: true,
           timestamp: entry.timestamp
-        });
+        };
         stats.current.cacheHits++;
       } else {
         uncachedPermissions.push([operation, pageId, i]);

package/src/hooks/useSecureDataAccess.ts CHANGED Viewed

@@ -51,9 +51,10 @@
  * - Type-safe database operations
  */
-import { useCallback, useState } from 'react';
+import { useCallback, useState, useContext } from 'react';
 import { useUnifiedAuth } from '../providers';
 import { useOrganisations } from './useOrganisations';
+import { EventServiceContext } from '../providers/services/EventServiceProvider';
 import { setOrganisationContext } from '../utils/organisationContext';
 import type { Permission } from '../rbac/types';
 import type { OrganisationSecurityError } from '../types/organisation';
@@ -149,6 +150,11 @@ export interface DataAccessRecord {
 export function useSecureDataAccess(): SecureDataAccessReturn {
   const { supabase, user, session } = useUnifiedAuth();
   const { ensureOrganisationContext } = useOrganisations();
+  // Get selected event for event-scoped RPC calls
+  // Use useContext directly to safely check if EventServiceProvider is available
+  const eventServiceContext = useContext(EventServiceContext);
+  const selectedEvent = eventServiceContext?.eventService?.getSelectedEvent() || null;
   const validateContext = useCallback((): void => {
     if (!supabase) {
@@ -459,10 +465,57 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
     await setOrganisationContextInSession(organisationId);
     // Include organisation_id in RPC parameters
+    // Some functions use p_organisation_id instead of organisation_id (to avoid conflicts with RETURNS TABLE columns)
+    const functionsWithPOrganisationId = [
+      'data_cake_diners_list',
+      'data_cake_mealplans_list'
+    ];
+    const paramName = functionsWithPOrganisationId.includes(functionName)
+      ? 'p_organisation_id'
+      : 'organisation_id';
+    // Functions that need p_event_id for event-app role permission checks
+    // Note: Even org-scoped functions (like items, packages, suppliers) need event_id
+    //       for permission checks when users have event-app roles
+    const functionsNeedingEventId = [
+      'data_cake_items_list',
+      'data_cake_packages_list',
+      'data_cake_suppliers_list',
+      'data_cake_diettypes_list',
+      'data_cake_mealtypes_list',
+      'data_cake_diners_list',
+      'data_cake_mealplans_list',
+      'data_cake_dishes_list',
+      'data_cake_recipes_list',
+      'data_cake_meals_list',
+      'data_cake_units_list',
+      'data_cake_orders_list',
+      'app_cake_item_create',
+      'app_cake_item_update',
+      'app_cake_package_create',
+      'app_cake_package_update',
+      'app_cake_supplier_create',
+      'app_cake_supplier_update',
+      'app_cake_supplier_delete',
+      'app_cake_meal_create',
+      'app_cake_meal_update',
+      'app_cake_meal_delete',
+      'app_cake_unit_create',
+      'app_cake_unit_update',
+      'app_cake_unit_delete',
+      'app_cake_delivery_upsert'
+    ];
     const secureParams = {
       ...params,
-      organisation_id: organisationId
+      [paramName]: organisationId
     };
+    // Add p_event_id if function needs it and event is selected
+    if (functionsNeedingEventId.includes(functionName) && selectedEvent?.event_id) {
+      secureParams.p_event_id = selectedEvent.event_id;
+    }
     const { data, error } = await supabase!.rpc(functionName, secureParams);
@@ -476,7 +529,7 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
     });
     return data as T;
-  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);
+  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, selectedEvent?.event_id]);
   // NEW: Phase 1 - Enhanced Security Features
   const [dataAccessHistory, setDataAccessHistory] = useState<DataAccessRecord[]>([]);

package/src/hooks/useToast.ts CHANGED Viewed

@@ -34,7 +34,7 @@ type ToasterToast = ToastProps & {
   /** Unique identifier for the toast */
   id: string
   /** Duration before automatic dismissal in milliseconds */
-  duration: number
+  duration?: number
   /** Optional title content */
   title?: React.ReactNode
   /** Optional description content */

package/src/providers/services/EventServiceProvider.tsx CHANGED Viewed

@@ -52,16 +52,23 @@ export function EventServiceProvider({
   // Update service dependencies and initialize when dependencies change
   useEffect(() => {
-    eventService.updateDependencies(supabaseClient, user, session, appName, selectedOrganisation, setSelectedEventId);
-    // Re-initialize service when dependencies change
     let isMounted = true;
-    eventService.initialize().catch(error => {
-      if (isMounted) {
-        console.error('[EventServiceProvider] Failed to initialize event service:', error);
-      }
-    });
+    const updateAndInitialize = async () => {
+      // Update dependencies (now async to handle user change cleanup)
+      await eventService.updateDependencies(supabaseClient, user, session, appName, selectedOrganisation, setSelectedEventId);
+      if (!isMounted) return;
+      // Re-initialize service when dependencies change
+      await eventService.initialize().catch(error => {
+        if (isMounted) {
+          console.error('[EventServiceProvider] Failed to initialize event service:', error);
+        }
+      });
+    };
+    updateAndInitialize();
     return () => {
       isMounted = false;

package/src/rbac/__tests__/cache-invalidation.test.ts ADDED Viewed

@@ -0,0 +1,385 @@
+/**
+ * @file RBAC Cache Invalidation Tests
+ * @package @jmruthers/pace-core
+ * @module RBAC/CacheInvalidation
+ * @since 1.0.0
+ *
+ * Comprehensive tests for the RBAC cache invalidation system.
+ */
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
+import { createMockSupabaseClient } from '@test/helpers';
+import type { SupabaseClient } from '@supabase/supabase-js';
+import type { Database } from '../types/database';
+import {
+  RBACCacheInvalidationManager,
+  INVALIDATION_PATTERNS,
+  initializeCacheInvalidation,
+  getCacheInvalidationManager,
+} from '../cache-invalidation';
+import { rbacCache, CACHE_PATTERNS } from '../cache';
+import { emitAuditEvent } from '../audit';
+// Mock the cache module
+vi.mock('../cache', () => ({
+  rbacCache: {
+    invalidate: vi.fn(),
+    clear: vi.fn(),
+  },
+  CACHE_PATTERNS: {
+    USER: (userId: string) => `user:${userId}`,
+    ORGANISATION: (orgId: string) => `org:${orgId}`,
+    EVENT: (eventId: string) => `event:${eventId}`,
+    APP: (appId: string) => `app:${appId}`,
+  },
+}));
+// Mock the audit module
+vi.mock('../audit', () => ({
+  emitAuditEvent: vi.fn(() => Promise.resolve(undefined)),
+}));
+describe('RBAC Cache Invalidation', () => {
+  let mockSupabase: ReturnType<typeof createMockSupabaseClient>;
+  let manager: RBACCacheInvalidationManager;
+  beforeEach(() => {
+    vi.clearAllMocks();
+    mockSupabase = createMockSupabaseClient();
+    manager = new RBACCacheInvalidationManager(mockSupabase as unknown as SupabaseClient<Database>);
+  });
+  afterEach(() => {
+    vi.clearAllMocks();
+  });
+  describe('INVALIDATION_PATTERNS', () => {
+    describe('USER_ROLES_CHANGED', () => {
+      it('generates correct patterns for user invalidation', () => {
+        const userId = 'user-123' as const;
+        const patterns = INVALIDATION_PATTERNS.USER_ROLES_CHANGED(userId);
+        expect(patterns).toContain('user:user-123');
+        expect(patterns).toContain('perm:user-123:*');
+        expect(patterns).toContain('access:user-123:*');
+        expect(patterns).toContain('map:user-123:*');
+      });
+    });
+    describe('ORGANISATION_PERMISSIONS_CHANGED', () => {
+      it('generates correct patterns for organisation invalidation', () => {
+        const orgId = 'org-456' as const;
+        const patterns = INVALIDATION_PATTERNS.ORGANISATION_PERMISSIONS_CHANGED(orgId);
+        expect(patterns).toContain('org:org-456');
+        expect(patterns).toContain('perm:*:org-456:*');
+        expect(patterns).toContain('access:*:org-456:*');
+        expect(patterns).toContain('map:*:org-456:*');
+      });
+    });
+    describe('EVENT_PERMISSIONS_CHANGED', () => {
+      it('generates correct patterns for event invalidation', () => {
+        const eventId = 'event-789';
+        const patterns = INVALIDATION_PATTERNS.EVENT_PERMISSIONS_CHANGED(eventId);
+        expect(patterns).toContain('event:event-789');
+        expect(patterns).toContain('perm:*:*:event-789:*');
+        expect(patterns).toContain('access:*:*:event-789:*');
+        expect(patterns).toContain('map:*:*:event-789:*');
+      });
+    });
+    describe('APP_PERMISSIONS_CHANGED', () => {
+      it('generates correct patterns for app invalidation', () => {
+        const appId = 'app-abc' as const;
+        const patterns = INVALIDATION_PATTERNS.APP_PERMISSIONS_CHANGED(appId);
+        expect(patterns).toContain('app:app-abc');
+        expect(patterns).toContain('perm:*:*:*:app-abc:*');
+        expect(patterns).toContain('access:*:*:*:app-abc');
+        expect(patterns).toContain('map:*:*:*:app-abc');
+      });
+    });
+    describe('PAGE_PERMISSIONS_CHANGED', () => {
+      it('generates correct patterns for page invalidation', () => {
+        const pageId = 'page-xyz' as const;
+        const patterns = INVALIDATION_PATTERNS.PAGE_PERMISSIONS_CHANGED(pageId);
+        expect(patterns).toContain('perm:*:*:*:*:page-xyz');
+        expect(patterns).toContain('map:*:*:*:*');
+      });
+    });
+  });
+  describe('RBACCacheInvalidationManager', () => {
+    describe('onInvalidation', () => {
+      it('adds callback and returns unsubscribe function', () => {
+        const callback = vi.fn();
+        const unsubscribe = manager.onInvalidation(callback);
+        expect(typeof unsubscribe).toBe('function');
+        // Trigger invalidation
+        manager.invalidateUser('user-123' as const, 'test');
+        expect(callback).toHaveBeenCalled();
+        // Unsubscribe
+        unsubscribe();
+        // Clear mocks
+        vi.clearAllMocks();
+        // Trigger again - callback should not be called
+        manager.invalidateUser('user-123' as const, 'test');
+        expect(callback).not.toHaveBeenCalled();
+      });
+      it('handles multiple callbacks', () => {
+        const callback1 = vi.fn();
+        const callback2 = vi.fn();
+        manager.onInvalidation(callback1);
+        manager.onInvalidation(callback2);
+        manager.invalidateUser('user-123' as const, 'test');
+        expect(callback1).toHaveBeenCalled();
+        expect(callback2).toHaveBeenCalled();
+      });
+    });
+    describe('invalidateUser', () => {
+      it('invalidates cache for user with correct patterns', () => {
+        const userId = 'user-123' as const;
+        manager.invalidateUser(userId, 'test-reason');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('user:user-123');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('perm:user-123:*');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('access:user-123:*');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('map:user-123:*');
+      });
+      it('emits audit event for user invalidation', async () => {
+        const userId = 'user-123' as const;
+        manager.invalidateUser(userId, 'test-reason');
+        await vi.waitFor(() => {
+          expect(emitAuditEvent).toHaveBeenCalled();
+        });
+        const auditCall = vi.mocked(emitAuditEvent).mock.calls[0][0];
+        expect(auditCall.type).toBe('permission_check');
+        expect(auditCall.permission).toBe('cache:invalidate');
+        expect(auditCall.metadata?.reason).toBe('test-reason');
+      });
+    });
+    describe('invalidateOrganisation', () => {
+      it('invalidates cache for organisation with correct patterns', () => {
+        const orgId = 'org-456' as const;
+        manager.invalidateOrganisation(orgId, 'test-reason');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('org:org-456');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('perm:*:org-456:*');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('access:*:org-456:*');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('map:*:org-456:*');
+      });
+    });
+    describe('invalidateEvent', () => {
+      it('invalidates cache for event with correct patterns', () => {
+        const eventId = 'event-789';
+        manager.invalidateEvent(eventId, 'test-reason');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('event:event-789');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('perm:*:*:event-789:*');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('access:*:*:event-789:*');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('map:*:*:event-789:*');
+      });
+    });
+    describe('invalidateApp', () => {
+      it('invalidates cache for app with correct patterns', () => {
+        const appId = 'app-abc' as const;
+        manager.invalidateApp(appId, 'test-reason');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('app:app-abc');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('perm:*:*:*:app-abc:*');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('access:*:*:*:app-abc');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('map:*:*:*:app-abc');
+      });
+    });
+    describe('invalidatePage', () => {
+      it('invalidates cache for page with correct patterns', () => {
+        const pageId = 'page-xyz' as const;
+        manager.invalidatePage(pageId, 'test-reason');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('perm:*:*:*:*:page-xyz');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('map:*:*:*:*');
+      });
+    });
+    describe('invalidateAllUsersInOrganisation', () => {
+      it('invalidates cache for all users in organisation', async () => {
+        const orgId = 'org-456' as const;
+        const mockUsers = [
+          { user_id: 'user-1' as const },
+          { user_id: 'user-2' as const },
+        ];
+        mockSupabase.from.mockReturnValue({
+          select: vi.fn().mockReturnValue({
+            eq: vi.fn().mockReturnValue({
+              eq: vi.fn().mockResolvedValue({
+                data: mockUsers,
+                error: null,
+              }),
+            }),
+          }),
+        } as any);
+        await manager.invalidateAllUsersInOrganisation(orgId, 'test-reason');
+        // Should invalidate each user
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('user:user-1');
+        expect(rbacCache.invalidate).toHaveBeenCalledWith('user:user-2');
+      });
+      it('handles empty user list gracefully', async () => {
+        const orgId = 'org-456' as const;
+        mockSupabase.from.mockReturnValue({
+          select: vi.fn().mockReturnValue({
+            eq: vi.fn().mockReturnValue({
+              eq: vi.fn().mockResolvedValue({
+                data: [],
+                error: null,
+              }),
+            }),
+          }),
+        } as any);
+        await manager.invalidateAllUsersInOrganisation(orgId, 'test-reason');
+        // Should not throw, but should not call invalidate for users
+        expect(rbacCache.invalidate).not.toHaveBeenCalledWith(expect.stringContaining('user:'));
+      });
+      it('handles null data gracefully', async () => {
+        const orgId = 'org-456' as const;
+        mockSupabase.from.mockReturnValue({
+          select: vi.fn().mockReturnValue({
+            eq: vi.fn().mockReturnValue({
+              eq: vi.fn().mockResolvedValue({
+                data: null,
+                error: null,
+              }),
+            }),
+          }),
+        } as any);
+        await manager.invalidateAllUsersInOrganisation(orgId, 'test-reason');
+        // Should not throw
+        expect(rbacCache.invalidate).not.toHaveBeenCalledWith(expect.stringContaining('user:'));
+      });
+    });
+    describe('clearAllCache', () => {
+      it('clears all cache entries', () => {
+        manager.clearAllCache();
+        expect(rbacCache.clear).toHaveBeenCalled();
+      });
+    });
+    describe('setupRealtimeSubscriptions', () => {
+      it('skips subscriptions when realtime is not available', () => {
+        const mockSupabaseNoRealtime = createMockSupabaseClient();
+        mockSupabaseNoRealtime.channel = undefined;
+        const managerNoRealtime = new RBACCacheInvalidationManager(
+          mockSupabaseNoRealtime as unknown as SupabaseClient<Database>
+        );
+        // Should not throw and should log that realtime is not available
+        expect(managerNoRealtime).toBeDefined();
+      });
+      it('sets up subscriptions when realtime is available', () => {
+        const mockChannel = {
+          on: vi.fn().mockReturnThis(),
+          subscribe: vi.fn(),
+        };
+        const mockSupabaseWithRealtime = createMockSupabaseClient();
+        mockSupabaseWithRealtime.channel = vi.fn(() => mockChannel);
+        const managerWithRealtime = new RBACCacheInvalidationManager(
+          mockSupabaseWithRealtime as unknown as SupabaseClient<Database>
+        );
+        expect(mockSupabaseWithRealtime.channel).toHaveBeenCalled();
+        expect(mockChannel.on).toHaveBeenCalled();
+        expect(mockChannel.subscribe).toHaveBeenCalled();
+      });
+    });
+  });
+  describe('Global Functions', () => {
+    describe('initializeCacheInvalidation', () => {
+      it('initializes and returns cache invalidation manager', () => {
+        const manager = initializeCacheInvalidation(mockSupabase as unknown as SupabaseClient<Database>);
+        expect(manager).toBeInstanceOf(RBACCacheInvalidationManager);
+      });
+      it('sets global manager instance', () => {
+        initializeCacheInvalidation(mockSupabase as unknown as SupabaseClient<Database>);
+        const globalManager = getCacheInvalidationManager();
+        expect(globalManager).toBeInstanceOf(RBACCacheInvalidationManager);
+      });
+    });
+    describe('getCacheInvalidationManager', () => {
+      it('returns null when manager is not initialized', () => {
+        // Reset global state by creating new instance without initialize
+        const manager = getCacheInvalidationManager();
+        // May be null or the previous instance
+        expect(manager === null || manager instanceof RBACCacheInvalidationManager).toBe(true);
+      });
+      it('returns manager instance after initialization', () => {
+        const manager = initializeCacheInvalidation(mockSupabase as unknown as SupabaseClient<Database>);
+        const retrieved = getCacheInvalidationManager();
+        expect(retrieved).toBe(manager);
+      });
+    });
+  });
+  describe('Error Handling', () => {
+    it('handles audit event errors gracefully', async () => {
+      vi.mocked(emitAuditEvent).mockRejectedValue(new Error('Audit error'));
+      const consoleWarnSpy = vi.spyOn(console, 'warn').mockImplementation(() => {});
+      manager.invalidateUser('user-123' as const, 'test');
+      await vi.waitFor(() => {
+        expect(consoleWarnSpy).toHaveBeenCalledWith(
+          expect.stringContaining('[RBAC Cache] Failed to log cache invalidation audit event'),
+          expect.any(Error)
+        );
+      });
+      consoleWarnSpy.mockRestore();
+    });
+  });
+});