@jmruthers/pace-core 0.5.175 → 0.5.177

package/docs/api/interfaces/TextareaProps.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.175](../README.md) / [Exports](../modules.md) / TextareaProps
+[@jmruthers/pace-core - v0.5.177](../README.md) / [Exports](../modules.md) / TextareaProps
 
 # Interface: TextareaProps
 

package/docs/api/interfaces/ToastActionElement.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.175](../README.md) / [Exports](../modules.md) / ToastActionElement
+[@jmruthers/pace-core - v0.5.177](../README.md) / [Exports](../modules.md) / ToastActionElement
 
 # Interface: ToastActionElement
 

package/docs/api/interfaces/ToastProps.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.175](../README.md) / [Exports](../modules.md) / ToastProps
+[@jmruthers/pace-core - v0.5.177](../README.md) / [Exports](../modules.md) / ToastProps
 
 # Interface: ToastProps
 

package/docs/api/interfaces/UnifiedAuthContextType.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.175](../README.md) / [Exports](../modules.md) / UnifiedAuthContextType
+[@jmruthers/pace-core - v0.5.177](../README.md) / [Exports](../modules.md) / UnifiedAuthContextType
 
 # Interface: UnifiedAuthContextType
 

package/docs/api/interfaces/UnifiedAuthProviderProps.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.175](../README.md) / [Exports](../modules.md) / UnifiedAuthProviderProps
+[@jmruthers/pace-core - v0.5.177](../README.md) / [Exports](../modules.md) / UnifiedAuthProviderProps
 
 # Interface: UnifiedAuthProviderProps
 

package/docs/api/interfaces/UseInactivityTrackerOptions.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.175](../README.md) / [Exports](../modules.md) / UseInactivityTrackerOptions
+[@jmruthers/pace-core - v0.5.177](../README.md) / [Exports](../modules.md) / UseInactivityTrackerOptions
 
 # Interface: UseInactivityTrackerOptions
 

package/docs/api/interfaces/UseInactivityTrackerReturn.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.175](../README.md) / [Exports](../modules.md) / UseInactivityTrackerReturn
+[@jmruthers/pace-core - v0.5.177](../README.md) / [Exports](../modules.md) / UseInactivityTrackerReturn
 
 # Interface: UseInactivityTrackerReturn
 

package/docs/api/interfaces/UsePublicEventOptions.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.175](../README.md) / [Exports](../modules.md) / UsePublicEventOptions
+[@jmruthers/pace-core - v0.5.177](../README.md) / [Exports](../modules.md) / UsePublicEventOptions
 
 # Interface: UsePublicEventOptions
 

package/docs/api/interfaces/UsePublicEventReturn.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.175](../README.md) / [Exports](../modules.md) / UsePublicEventReturn
+[@jmruthers/pace-core - v0.5.177](../README.md) / [Exports](../modules.md) / UsePublicEventReturn
 
 # Interface: UsePublicEventReturn
 

package/docs/api/interfaces/UsePublicFileDisplayOptions.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.175](../README.md) / [Exports](../modules.md) / UsePublicFileDisplayOptions
+[@jmruthers/pace-core - v0.5.177](../README.md) / [Exports](../modules.md) / UsePublicFileDisplayOptions
 
 # Interface: UsePublicFileDisplayOptions
 

package/docs/api/interfaces/UsePublicFileDisplayReturn.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.175](../README.md) / [Exports](../modules.md) / UsePublicFileDisplayReturn
+[@jmruthers/pace-core - v0.5.177](../README.md) / [Exports](../modules.md) / UsePublicFileDisplayReturn
 
 # Interface: UsePublicFileDisplayReturn
 

package/docs/api/interfaces/UsePublicRouteParamsReturn.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.175](../README.md) / [Exports](../modules.md) / UsePublicRouteParamsReturn
+[@jmruthers/pace-core - v0.5.177](../README.md) / [Exports](../modules.md) / UsePublicRouteParamsReturn
 
 # Interface: UsePublicRouteParamsReturn
 

package/docs/api/interfaces/UseResolvedScopeOptions.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.175](../README.md) / [Exports](../modules.md) / UseResolvedScopeOptions
+[@jmruthers/pace-core - v0.5.177](../README.md) / [Exports](../modules.md) / UseResolvedScopeOptions
 
 # Interface: UseResolvedScopeOptions
 

package/docs/api/interfaces/UseResolvedScopeReturn.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.175](../README.md) / [Exports](../modules.md) / UseResolvedScopeReturn
+[@jmruthers/pace-core - v0.5.177](../README.md) / [Exports](../modules.md) / UseResolvedScopeReturn
 
 # Interface: UseResolvedScopeReturn
 

package/docs/api/interfaces/UseResourcePermissionsOptions.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.175](../README.md) / [Exports](../modules.md) / UseResourcePermissionsOptions
+[@jmruthers/pace-core - v0.5.177](../README.md) / [Exports](../modules.md) / UseResourcePermissionsOptions
 
 # Interface: UseResourcePermissionsOptions
 

package/docs/api/interfaces/UserEventAccess.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.175](../README.md) / [Exports](../modules.md) / UserEventAccess
+[@jmruthers/pace-core - v0.5.177](../README.md) / [Exports](../modules.md) / UserEventAccess
 
 # Interface: UserEventAccess
 

package/docs/api/interfaces/UserMenuProps.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.175](../README.md) / [Exports](../modules.md) / UserMenuProps
+[@jmruthers/pace-core - v0.5.177](../README.md) / [Exports](../modules.md) / UserMenuProps
 
 # Interface: UserMenuProps
 

package/docs/api/interfaces/UserProfile.md

@@ -1,4 +1,4 @@
-[@jmruthers/pace-core - v0.5.175](../README.md) / [Exports](../modules.md) / UserProfile
+[@jmruthers/pace-core - v0.5.177](../README.md) / [Exports](../modules.md) / UserProfile
 
 # Interface: UserProfile
 

package/docs/api/modules.md

@@ -1,6 +1,6 @@
-[@jmruthers/pace-core - v0.5.175](README.md) / Exports
+[@jmruthers/pace-core - v0.5.177](README.md) / Exports
 
-# @jmruthers/pace-core - v0.5.175
+# @jmruthers/pace-core - v0.5.177
 
 **`File`**
 
@@ -7019,11 +7019,22 @@ This hook encapsulates the common pattern of checking create/update/delete/read
 permissions for a resource type. It handles scope resolution, user context,
 and provides a simple API for permission checking.
 
+**Page Permission Support:**
+When an `appId` is available in the resolved scope, the resource name is passed
+as `pageId` to enable page-based permission checks. This allows the hook to work
+with both resource-based permissions (when appId is not available) and page-based
+permissions (when appId is available and the resource is a registered page).
+
+The RPC function `rbac_check_permission_simplified` will automatically resolve
+the page name to a page ID and check page permissions if the resource matches
+a registered page in `rbac_app_pages`. If the resource is not a registered page,
+it will fall back to resource-based permission checking.
+
 #### Parameters
 
 | Name | Type | Description |
 | :------ | :------ | :------ |
-| `resource` | `string` | The resource name (e.g., 'contacts', 'risks', 'journal') |
+| `resource` | `string` | The resource name (e.g., 'contacts', 'risks', 'planning') Can be a resource name or a page name registered in rbac_app_pages |
 | `options` | [`UseResourcePermissionsOptions`](interfaces/UseResourcePermissionsOptions.md) | Optional configuration |
 
 #### Returns
@@ -7047,9 +7058,27 @@ function useContacts() {
 }
 ```
 
+**`Example`**
+
+```tsx
+// Works with page names when appId is available in scope
+function usePlanning() {
+  const { canCreate, canUpdate, canDelete } = useResourcePermissions('planning');
+  
+  // Will check page permissions if 'planning' is registered in rbac_app_pages
+  // Falls back to resource permissions if not a registered page
+  const deleteItem = async (id: string) => {
+    if (!canDelete('planning')) {
+      throw new Error("Permission denied");
+    }
+    // ... perform deletion
+  };
+}
+```
+
 #### Defined in
 
-[packages/core/src/rbac/hooks/useResourcePermissions.ts:102](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/hooks/useResourcePermissions.ts#L102)
+[packages/core/src/rbac/hooks/useResourcePermissions.ts:131](https://github.com/jmruthers/pace-core/blob/main/packages/core/src/rbac/hooks/useResourcePermissions.ts#L131)
 
 ___
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jmruthers/pace-core",
-  "version": "0.5.175",
+  "version": "0.5.177",
   "description": "Clean, modern React component library with Tailwind v4 styling and native utilities",
   "private": false,
   "publishConfig": {

package/src/rbac/hooks/useRBAC.ts

@@ -232,7 +232,7 @@ export function useRBAC(pageId?: string): UserRBACContext {
     } finally {
       setIsLoading(false);
     }
-  }, [appName, logger, resetState, selectedEvent, selectedEvent?.event_id, selectedOrganisation, selectedOrganisation?.id, session, user, requiresEvent, eventLoading, appConfig, orgContextReady, orgLoading]);
+  }, [appName, logger, resetState, selectedEvent?.event_id, selectedOrganisation?.id, session, user, requiresEvent, eventLoading, appConfig, orgContextReady, orgLoading]);
 
   const hasGlobalPermission = useCallback(
     (permission: string): boolean => {
@@ -266,6 +266,7 @@ export function useRBAC(pageId?: string): UserRBACContext {
       requiresEvent,
       eventLoading,
       hasSelectedEvent: !!selectedEvent,
+      selectedEventId: selectedEvent?.event_id,
       hasUser: !!user,
       hasSession: !!session,
       hasSelectedOrganisation: !!selectedOrganisation,
@@ -274,7 +275,7 @@ export function useRBAC(pageId?: string): UserRBACContext {
       orgLoading
     });
     loadRBACContext();
-  }, [loadRBACContext, appName, requiresEvent, eventLoading, selectedEvent, user, session, selectedOrganisation, orgContextReady, orgLoading]);
+  }, [loadRBACContext, appName, requiresEvent, eventLoading, selectedEvent?.event_id, user, session, selectedOrganisation?.id, orgContextReady, orgLoading]);
 
   return {
     user,

package/src/rbac/hooks/useResourcePermissions.test.ts

@@ -137,32 +137,33 @@ describe('useResourcePermissions Hook', () => {
       renderHook(() => useResourcePermissions('contacts'));
 
       expect(mockUseCan).toHaveBeenCalledTimes(4); // create, update, delete, read
+      // When appId is available in scope, resource name is passed as pageId to enable page permission checks
       expect(mockUseCan).toHaveBeenCalledWith(
         'user-123',
         mockScope,
         'create:contacts',
-        undefined,
+        'contacts', // pageId is resource name when appId is available
         true
       );
       expect(mockUseCan).toHaveBeenCalledWith(
         'user-123',
         mockScope,
         'update:contacts',
-        undefined,
+        'contacts', // pageId is resource name when appId is available
         true
       );
       expect(mockUseCan).toHaveBeenCalledWith(
         'user-123',
         mockScope,
         'delete:contacts',
-        undefined,
+        'contacts', // pageId is resource name when appId is available
         true
       );
       expect(mockUseCan).toHaveBeenCalledWith(
         'user-123',
         mockScope,
         'read:contacts',
-        undefined,
+        'contacts', // pageId is resource name when appId is available
         true
       );
     });
@@ -294,7 +295,7 @@ describe('useResourcePermissions Hook', () => {
         expect.any(String),
         resolvedScope,
         expect.any(String),
-        undefined,
+        'contacts', // pageId is resource name when appId is available
         true
       );
     });
@@ -589,7 +590,7 @@ describe('useResourcePermissions Hook', () => {
         expect.any(String),
         expect.any(Object),
         'read:contacts',
-        undefined,
+        'contacts', // pageId is resource name when appId is available
         true
       );
     });
@@ -610,21 +611,75 @@ describe('useResourcePermissions Hook', () => {
         expect.any(String),
         expect.any(Object),
         'create:risks',
-        undefined,
+        'risks', // pageId is resource name when appId is available
         true
       );
       expect(mockUseCan).toHaveBeenCalledWith(
         expect.any(String),
         expect.any(Object),
         'update:risks',
-        undefined,
+        'risks', // pageId is resource name when appId is available
         true
       );
       expect(mockUseCan).toHaveBeenCalledWith(
         expect.any(String),
         expect.any(Object),
         'delete:risks',
-        undefined,
+        'risks', // pageId is resource name when appId is available
+        true
+      );
+    });
+  });
+
+  describe('Page Permission Support', () => {
+    it('passes resource name as pageId when appId is available in scope', () => {
+      const scopeWithAppId: Scope = {
+        organisationId: 'org-123',
+        eventId: 'event-123',
+        appId: 'app-123',
+      };
+
+      mockUseResolvedScope.mockReturnValue({
+        resolvedScope: scopeWithAppId,
+        isLoading: false,
+        error: null,
+      });
+
+      renderHook(() => useResourcePermissions('planning'));
+
+      // When appId is available, resource name should be passed as pageId
+      // This enables the RPC function to check page permissions
+      expect(mockUseCan).toHaveBeenCalledWith(
+        'user-123',
+        scopeWithAppId,
+        'create:planning',
+        'planning', // Resource name passed as pageId to enable page permission checks
+        true
+      );
+    });
+
+    it('does not pass pageId when appId is not available', () => {
+      const scopeWithoutAppId: Scope = {
+        organisationId: 'org-123',
+        eventId: 'event-123',
+        appId: undefined,
+      };
+
+      mockUseResolvedScope.mockReturnValue({
+        resolvedScope: scopeWithoutAppId,
+        isLoading: false,
+        error: null,
+      });
+
+      renderHook(() => useResourcePermissions('planning'));
+
+      // When appId is not available, pageId should be undefined
+      // This falls back to resource-based permission checking
+      expect(mockUseCan).toHaveBeenCalledWith(
+        'user-123',
+        scopeWithoutAppId,
+        'create:planning',
+        undefined, // No pageId when appId is not available
         true
       );
     });

package/src/rbac/hooks/useResourcePermissions.ts

@@ -79,7 +79,19 @@ export interface ResourcePermissions {
  * permissions for a resource type. It handles scope resolution, user context,
  * and provides a simple API for permission checking.
  * 
- * @param resource - The resource name (e.g., 'contacts', 'risks', 'journal')
+ * **Page Permission Support:**
+ * When an `appId` is available in the resolved scope, the resource name is passed
+ * as `pageId` to enable page-based permission checks. This allows the hook to work
+ * with both resource-based permissions (when appId is not available) and page-based
+ * permissions (when appId is available and the resource is a registered page).
+ * 
+ * The RPC function `rbac_check_permission_simplified` will automatically resolve
+ * the page name to a page ID and check page permissions if the resource matches
+ * a registered page in `rbac_app_pages`. If the resource is not a registered page,
+ * it will fall back to resource-based permission checking.
+ * 
+ * @param resource - The resource name (e.g., 'contacts', 'risks', 'planning')
+ *                   Can be a resource name or a page name registered in rbac_app_pages
  * @param options - Optional configuration
  * @param options.enableRead - Whether to check read permissions (default: false)
  * @param options.requireScope - Whether scope resolution is required (default: true)
@@ -98,6 +110,23 @@ export interface ResourcePermissions {
  *   };
  * }
  * ```
+ * 
+ * @example
+ * ```tsx
+ * // Works with page names when appId is available in scope
+ * function usePlanning() {
+ *   const { canCreate, canUpdate, canDelete } = useResourcePermissions('planning');
+ *   
+ *   // Will check page permissions if 'planning' is registered in rbac_app_pages
+ *   // Falls back to resource permissions if not a registered page
+ *   const deleteItem = async (id: string) => {
+ *     if (!canDelete('planning')) {
+ *       throw new Error("Permission denied");
+ *     }
+ *     // ... perform deletion
+ *   };
+ * }
+ * ```
  */
 export function useResourcePermissions(
   resource: string,
@@ -135,12 +164,18 @@ export function useResourcePermissions(
     appId: undefined
   };
 
+  // If we have an appId in scope, pass the resource name as pageId to enable page permission checks
+  // The RPC function rbac_check_permission_simplified will resolve the page name to a page ID
+  // and check page permissions if the resource is a registered page
+  // This allows useResourcePermissions to work with both resource-based and page-based permissions
+  const pageId = scope.appId ? resource : undefined;
+
   // Permission checks for create, update, delete
   const { can: canCreateResult, isLoading: createLoading, error: createError } = useCan(
     user?.id || '',
     scope,
     `create:${resource}` as const,
-    undefined, // pageId
+    pageId, // Pass resource name as pageId when appId is available to enable page permission checks
     true // useCache
   );
 
@@ -148,7 +183,7 @@ export function useResourcePermissions(
     user?.id || '',
     scope,
     `update:${resource}` as const,
-    undefined, // pageId
+    pageId, // Pass resource name as pageId when appId is available to enable page permission checks
     true // useCache
   );
 
@@ -156,7 +191,7 @@ export function useResourcePermissions(
     user?.id || '',
     scope,
     `delete:${resource}` as const,
-    undefined, // pageId
+    pageId, // Pass resource name as pageId when appId is available to enable page permission checks
     true // useCache
   );
 
@@ -165,7 +200,7 @@ export function useResourcePermissions(
     user?.id || '',
     scope,
     `read:${resource}` as const,
-    undefined, // pageId
+    pageId, // Pass resource name as pageId when appId is available to enable page permission checks
     true // useCache
   );