npm - @jmruthers/pace-core - Versions diffs - 0.5.183 → 0.5.185 - Mend

@jmruthers/pace-core 0.5.183 → 0.5.185

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (307) hide show

package/CHANGELOG.md +38 -0
package/README.md +60 -1
package/core-usage-manifest.json +312 -0
package/dist/{DataTable-QAB34V6K.js → DataTable-IX2NBUTP.js} +6 -6
package/dist/{DataTable-Bz8ffqyA.d.ts → DataTable-Z9NLVJh0.d.ts} +1 -1
package/dist/{index-Bl--n7-T.d.ts → PublicPageProvider-BABf6JCh.d.ts} +21 -10
package/dist/{UnifiedAuthProvider-7F6T4B6K.js → UnifiedAuthProvider-A4BCQRJY.js} +4 -2
package/dist/{UnifiedAuthProvider-F86d7dSi.d.ts → UnifiedAuthProvider-BG0AL5eE.d.ts} +2 -1
package/dist/{api-ROMBCNKU.js → api-BMFCXVQX.js} +2 -2
package/dist/{chunk-RA3JUFMW.js → chunk-445GEP27.js} +154 -4
package/dist/{chunk-RA3JUFMW.js.map → chunk-445GEP27.js.map} +1 -1
package/dist/{chunk-CSOFYHAG.js → chunk-AISXLWGZ.js} +374 -60
package/dist/chunk-AISXLWGZ.js.map +1 -0
package/dist/{chunk-FUEYYMX5.js → chunk-FXFJRTKI.js} +24 -3
package/dist/chunk-FXFJRTKI.js.map +1 -0
package/dist/{chunk-QETLRQI6.js → chunk-HC67NW5K.js} +380 -360
package/dist/chunk-HC67NW5K.js.map +1 -0
package/dist/chunk-HESYZWZW.js +388 -0
package/dist/chunk-HESYZWZW.js.map +1 -0
package/dist/{chunk-QUVSNGIP.js → chunk-HGPQUCBC.js} +34 -9
package/dist/{chunk-QUVSNGIP.js.map → chunk-HGPQUCBC.js.map} +1 -1
package/dist/{chunk-UHNYIBXL.js → chunk-IXSNYUCT.js} +1 -1
package/dist/chunk-IXSNYUCT.js.map +1 -0
package/dist/{chunk-MI7HBHN3.js → chunk-MX3EIJGQ.js} +4 -3
package/dist/{chunk-MI7HBHN3.js.map → chunk-MX3EIJGQ.js.map} +1 -1
package/dist/{chunk-PWAHJW4G.js → chunk-OKI34GZD.js} +86 -33
package/dist/chunk-OKI34GZD.js.map +1 -0
package/dist/{chunk-W22JP75J.js → chunk-STTZQK2I.js} +3 -3
package/dist/chunk-THRPYOFK.js +215 -0
package/dist/chunk-THRPYOFK.js.map +1 -0
package/dist/{chunk-M7W4CP3M.js → chunk-U6WNSFX5.js} +2 -1
package/dist/chunk-U6WNSFX5.js.map +1 -0
package/dist/{chunk-QCDXODCA.js → chunk-XAUHJD3L.js} +2 -2
package/dist/components.d.ts +182 -6
package/dist/components.js +157 -11
package/dist/components.js.map +1 -1
package/dist/eslint-rules/pace-core-compliance.cjs +406 -0
package/dist/{file-reference-D06mEEWW.d.ts → file-reference-BjR39ktt.d.ts} +7 -1
package/dist/hooks.d.ts +7 -14
package/dist/hooks.js +10 -22
package/dist/hooks.js.map +1 -1
package/dist/index.d.ts +11 -11
package/dist/index.js +79 -16
package/dist/index.js.map +1 -1
package/dist/providers.d.ts +1 -1
package/dist/providers.js +3 -1
package/dist/rbac/index.d.ts +205 -14
package/dist/rbac/index.js +28 -6
package/dist/timezone-_pgH8qrY.d.ts +530 -0
package/dist/{types-_x1f4QBF.d.ts → types-DUyCRSTj.d.ts} +1 -1
package/dist/types.d.ts +1 -1
package/dist/types.js +1 -1
package/dist/{usePublicRouteParams-JJczomYq.d.ts → usePublicRouteParams-CvnC3d-e.d.ts} +113 -2
package/dist/utils.d.ts +109 -151
package/dist/utils.js +128 -138
package/dist/utils.js.map +1 -1
package/docs/api/README.md +60 -1
package/docs/api/classes/ColumnFactory.md +1 -1
package/docs/api/classes/ErrorBoundary.md +1 -1
package/docs/api/classes/InvalidScopeError.md +1 -1
package/docs/api/classes/Logger.md +178 -0
package/docs/api/classes/MissingUserContextError.md +1 -1
package/docs/api/classes/OrganisationContextRequiredError.md +1 -1
package/docs/api/classes/PermissionDeniedError.md +1 -1
package/docs/api/classes/RBACAuditManager.md +2 -2
package/docs/api/classes/RBACCache.md +1 -1
package/docs/api/classes/RBACEngine.md +2 -2
package/docs/api/classes/RBACError.md +1 -1
package/docs/api/classes/RBACNotInitializedError.md +1 -1
package/docs/api/classes/SecureSupabaseClient.md +5 -5
package/docs/api/classes/StorageUtils.md +1 -1
package/docs/api/enums/FileCategory.md +1 -1
package/docs/api/enums/LogLevel.md +54 -0
package/docs/api/enums/RBACErrorCode.md +1 -1
package/docs/api/enums/RPCFunction.md +1 -1
package/docs/api/interfaces/AggregateConfig.md +1 -1
package/docs/api/interfaces/BadgeProps.md +1 -1
package/docs/api/interfaces/ButtonProps.md +1 -1
package/docs/api/interfaces/CalendarProps.md +18 -2
package/docs/api/interfaces/CardProps.md +1 -1
package/docs/api/interfaces/ColorPalette.md +1 -1
package/docs/api/interfaces/ColorShade.md +1 -1
package/docs/api/interfaces/ComplianceResult.md +30 -0
package/docs/api/interfaces/DataAccessRecord.md +1 -1
package/docs/api/interfaces/DataRecord.md +1 -1
package/docs/api/interfaces/DataTableAction.md +1 -1
package/docs/api/interfaces/DataTableColumn.md +1 -1
package/docs/api/interfaces/DataTableProps.md +1 -1
package/docs/api/interfaces/DataTableToolbarButton.md +1 -1
package/docs/api/interfaces/DatabaseComplianceResult.md +85 -0
package/docs/api/interfaces/DatabaseIssue.md +41 -0
package/docs/api/interfaces/EmptyStateConfig.md +1 -1
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +1 -1
package/docs/api/interfaces/EventAppRoleData.md +6 -6
package/docs/api/interfaces/ExportColumn.md +1 -1
package/docs/api/interfaces/ExportOptions.md +1 -1
package/docs/api/interfaces/FileDisplayProps.md +1 -1
package/docs/api/interfaces/FileMetadata.md +1 -1
package/docs/api/interfaces/FileReference.md +1 -1
package/docs/api/interfaces/FileSizeLimits.md +1 -1
package/docs/api/interfaces/FileUploadOptions.md +24 -8
package/docs/api/interfaces/FileUploadProps.md +24 -13
package/docs/api/interfaces/FooterProps.md +1 -1
package/docs/api/interfaces/FormFieldProps.md +1 -1
package/docs/api/interfaces/FormProps.md +1 -1
package/docs/api/interfaces/GrantEventAppRoleParams.md +9 -9
package/docs/api/interfaces/InactivityWarningModalProps.md +1 -1
package/docs/api/interfaces/InputProps.md +1 -1
package/docs/api/interfaces/LabelProps.md +1 -1
package/docs/api/interfaces/LoggerConfig.md +62 -0
package/docs/api/interfaces/LoginFormProps.md +1 -1
package/docs/api/interfaces/NavigationAccessRecord.md +1 -1
package/docs/api/interfaces/NavigationContextType.md +1 -1
package/docs/api/interfaces/NavigationGuardProps.md +1 -1
package/docs/api/interfaces/NavigationItem.md +1 -1
package/docs/api/interfaces/NavigationMenuProps.md +1 -1
package/docs/api/interfaces/NavigationProviderProps.md +1 -1
package/docs/api/interfaces/Organisation.md +1 -1
package/docs/api/interfaces/OrganisationContextType.md +1 -1
package/docs/api/interfaces/OrganisationMembership.md +1 -1
package/docs/api/interfaces/OrganisationProviderProps.md +1 -1
package/docs/api/interfaces/OrganisationSecurityError.md +1 -1
package/docs/api/interfaces/PaceAppLayoutProps.md +36 -23
package/docs/api/interfaces/PaceLoginPageProps.md +1 -1
package/docs/api/interfaces/PageAccessRecord.md +1 -1
package/docs/api/interfaces/PagePermissionContextType.md +1 -1
package/docs/api/interfaces/PagePermissionGuardProps.md +11 -11
package/docs/api/interfaces/PagePermissionProviderProps.md +1 -1
package/docs/api/interfaces/PaletteData.md +1 -1
package/docs/api/interfaces/PermissionEnforcerProps.md +1 -1
package/docs/api/interfaces/ProgressProps.md +1 -1
package/docs/api/interfaces/ProtectedRouteProps.md +1 -1
package/docs/api/interfaces/PublicPageFooterProps.md +1 -1
package/docs/api/interfaces/PublicPageHeaderProps.md +1 -1
package/docs/api/interfaces/PublicPageLayoutProps.md +1 -1
package/docs/api/interfaces/QuickFix.md +52 -0
package/docs/api/interfaces/RBACAccessValidateParams.md +1 -1
package/docs/api/interfaces/RBACAccessValidateResult.md +1 -1
package/docs/api/interfaces/RBACAuditLogParams.md +1 -1
package/docs/api/interfaces/RBACAuditLogResult.md +1 -1
package/docs/api/interfaces/RBACConfig.md +4 -4
package/docs/api/interfaces/RBACContext.md +1 -1
package/docs/api/interfaces/RBACLogger.md +1 -1
package/docs/api/interfaces/RBACPageAccessCheckParams.md +1 -1
package/docs/api/interfaces/RBACPermissionCheckParams.md +1 -1
package/docs/api/interfaces/RBACPermissionCheckResult.md +1 -1
package/docs/api/interfaces/RBACPermissionsGetParams.md +1 -1
package/docs/api/interfaces/RBACPermissionsGetResult.md +1 -1
package/docs/api/interfaces/RBACResult.md +1 -1
package/docs/api/interfaces/RBACRoleGrantParams.md +1 -1
package/docs/api/interfaces/RBACRoleGrantResult.md +1 -1
package/docs/api/interfaces/RBACRoleRevokeParams.md +1 -1
package/docs/api/interfaces/RBACRoleRevokeResult.md +1 -1
package/docs/api/interfaces/RBACRoleValidateParams.md +1 -1
package/docs/api/interfaces/RBACRoleValidateResult.md +1 -1
package/docs/api/interfaces/RBACRolesListParams.md +1 -1
package/docs/api/interfaces/RBACRolesListResult.md +1 -1
package/docs/api/interfaces/RBACSessionTrackParams.md +1 -1
package/docs/api/interfaces/RBACSessionTrackResult.md +1 -1
package/docs/api/interfaces/ResourcePermissions.md +1 -1
package/docs/api/interfaces/RevokeEventAppRoleParams.md +7 -7
package/docs/api/interfaces/RoleBasedRouterContextType.md +1 -1
package/docs/api/interfaces/RoleBasedRouterProps.md +1 -1
package/docs/api/interfaces/RoleManagementResult.md +5 -5
package/docs/api/interfaces/RouteAccessRecord.md +1 -1
package/docs/api/interfaces/RouteConfig.md +1 -1
package/docs/api/interfaces/RuntimeComplianceResult.md +55 -0
package/docs/api/interfaces/SecureDataContextType.md +1 -1
package/docs/api/interfaces/SecureDataProviderProps.md +1 -1
package/docs/api/interfaces/SessionRestorationLoaderProps.md +1 -1
package/docs/api/interfaces/SetupIssue.md +41 -0
package/docs/api/interfaces/StorageConfig.md +1 -1
package/docs/api/interfaces/StorageFileInfo.md +1 -1
package/docs/api/interfaces/StorageFileMetadata.md +1 -1
package/docs/api/interfaces/StorageListOptions.md +1 -1
package/docs/api/interfaces/StorageListResult.md +1 -1
package/docs/api/interfaces/StorageUploadOptions.md +1 -1
package/docs/api/interfaces/StorageUploadResult.md +1 -1
package/docs/api/interfaces/StorageUrlOptions.md +1 -1
package/docs/api/interfaces/StyleImport.md +1 -1
package/docs/api/interfaces/SwitchProps.md +1 -1
package/docs/api/interfaces/TabsContentProps.md +1 -1
package/docs/api/interfaces/TabsListProps.md +1 -1
package/docs/api/interfaces/TabsProps.md +1 -1
package/docs/api/interfaces/TabsTriggerProps.md +1 -1
package/docs/api/interfaces/TextareaProps.md +1 -1
package/docs/api/interfaces/ToastActionElement.md +1 -1
package/docs/api/interfaces/ToastProps.md +1 -1
package/docs/api/interfaces/UnifiedAuthContextType.md +1 -1
package/docs/api/interfaces/UnifiedAuthProviderProps.md +1 -1
package/docs/api/interfaces/UseFormDialogOptions.md +62 -0
package/docs/api/interfaces/UseFormDialogReturn.md +117 -0
package/docs/api/interfaces/UseInactivityTrackerOptions.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoOptions.md +2 -2
package/docs/api/interfaces/UsePublicEventLogoReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventReturn.md +1 -1
package/docs/api/interfaces/UsePublicFileDisplayOptions.md +2 -2
package/docs/api/interfaces/UsePublicFileDisplayReturn.md +1 -1
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +1 -1
package/docs/api/interfaces/UseResolvedScopeOptions.md +2 -2
package/docs/api/interfaces/UseResolvedScopeReturn.md +1 -1
package/docs/api/interfaces/UseResourcePermissionsOptions.md +1 -1
package/docs/api/interfaces/UserEventAccess.md +1 -1
package/docs/api/interfaces/UserMenuProps.md +1 -1
package/docs/api/interfaces/UserProfile.md +1 -1
package/docs/api/modules.md +738 -42
package/docs/api-reference/hooks.md +111 -0
package/docs/api-reference/rpc-functions.md +1 -1
package/docs/api-reference/utilities.md +184 -0
package/docs/getting-started/installation-guide.md +75 -16
package/docs/getting-started/quick-start.md +61 -11
package/docs/implementation-guides/authentication.md +88 -12
package/docs/implementation-guides/file-reference-system.md +2 -1
package/docs/implementation-guides/file-upload-storage.md +21 -0
package/docs/rbac/README.md +1 -0
package/docs/rbac/compliance/compliance-guide.md +544 -0
package/docs/rbac/getting-started.md +158 -33
package/docs/standards/pace-core-compliance.md +432 -0
package/eslint-config-pace-core.cjs +93 -0
package/package.json +15 -3
package/scripts/analyze-bundle.js +232 -0
package/scripts/build-css.js +56 -0
package/scripts/build-docs-incremental.js +1015 -0
package/scripts/check-pace-core-compliance.cjs +2353 -0
package/scripts/generate-docs.js +157 -0
package/scripts/setup-build-cache.js +73 -0
package/scripts/utils/command-runner.js +131 -0
package/scripts/utils/env.js +33 -0
package/scripts/utils/index.js +10 -0
package/scripts/utils/logger.js +88 -0
package/scripts/utils/path-helpers.js +37 -0
package/scripts/validate-formats.js +133 -0
package/scripts/validate-master.js +155 -0
package/scripts/validate-pre-publish.js +140 -0
package/scripts/validate-theme.js +142 -0
package/src/components/Calendar/Calendar.tsx +8 -1
package/src/components/Card/Card.tsx +47 -8
package/src/components/DatePickerWithTimezone/DatePickerWithTimezone.test.tsx +314 -0
package/src/components/DatePickerWithTimezone/DatePickerWithTimezone.tsx +126 -0
package/src/components/DatePickerWithTimezone/README.md +135 -0
package/src/components/DatePickerWithTimezone/index.ts +10 -0
package/src/components/DateTimeField/DateTimeField.test.tsx +358 -0
package/src/components/DateTimeField/DateTimeField.tsx +232 -0
package/src/components/DateTimeField/README.md +148 -0
package/src/components/DateTimeField/index.ts +10 -0
package/src/components/FileUpload/FileUpload.tsx +3 -0
package/src/components/Header/Header.test.tsx +47 -18
package/src/components/Header/Header.tsx +24 -6
package/src/components/PaceAppLayout/PaceAppLayout.tsx +29 -20
package/src/components/PaceAppLayout/README.md +9 -0
package/src/components/PaceLoginPage/PaceLoginPage.tsx +1 -1
package/src/components/ProtectedRoute/ProtectedRoute.test.tsx +37 -8
package/src/components/ProtectedRoute/ProtectedRoute.tsx +12 -4
package/src/components/index.ts +8 -0
package/src/eslint-rules/pace-core-compliance.cjs +406 -0
package/src/eslint-rules/pace-core-compliance.js +640 -0
package/src/hooks/__tests__/useFormDialog.test.ts +478 -0
package/src/hooks/index.ts +2 -0
package/src/hooks/useFileReference.test.ts +1 -0
package/src/hooks/useFormDialog.ts +147 -0
package/src/index.ts +27 -0
package/src/providers/services/OrganisationServiceProvider.tsx +6 -5
package/src/providers/services/UnifiedAuthProvider.tsx +24 -3
package/src/rbac/__tests__/scenarios.user-role.test.tsx +3 -0
package/src/rbac/compliance/database-validator.ts +165 -0
package/src/rbac/compliance/index.ts +38 -0
package/src/rbac/compliance/quick-fix-suggestions.ts +209 -0
package/src/rbac/compliance/runtime-compliance.ts +77 -0
package/src/rbac/compliance/setup-validator.ts +131 -0
package/src/rbac/components/PagePermissionGuard.tsx +8 -64
package/src/rbac/components/__tests__/PagePermissionGuard.test.tsx +35 -21
package/src/rbac/docs/event-based-apps.md +285 -0
package/src/rbac/errors.ts +11 -0
package/src/rbac/hooks/useRoleManagement.ts +292 -12
package/src/rbac/index.ts +30 -0
package/src/services/OrganisationService.ts +4 -0
package/src/types/file-reference.ts +6 -0
package/src/utils/__tests__/timezone.test.ts +345 -0
package/src/utils/file-reference/__tests__/file-reference.test.ts +2 -0
package/src/utils/file-reference/index.ts +1 -0
package/src/utils/formatting/formatDateTimeTimezone.test.ts +167 -0
package/src/utils/formatting/formatting.ts +179 -0
package/src/utils/index.ts +27 -1
package/src/utils/location/index.ts +16 -0
package/src/utils/location/location.test.ts +286 -0
package/src/utils/location/location.ts +175 -0
package/src/utils/timezone/index.ts +17 -0
package/src/utils/timezone/timezone.test.ts +349 -0
package/src/utils/timezone/timezone.ts +281 -0
package/dist/chunk-CSOFYHAG.js.map +0 -1
package/dist/chunk-FUEYYMX5.js.map +0 -1
package/dist/chunk-HKIT6O7W.js +0 -198
package/dist/chunk-HKIT6O7W.js.map +0 -1
package/dist/chunk-KUEN3HFB.js +0 -94
package/dist/chunk-KUEN3HFB.js.map +0 -1
package/dist/chunk-M7W4CP3M.js.map +0 -1
package/dist/chunk-PWAHJW4G.js.map +0 -1
package/dist/chunk-QETLRQI6.js.map +0 -1
package/dist/chunk-UHNYIBXL.js.map +0 -1
package/dist/formatting-5wETwiGF.d.ts +0 -162
/package/dist/{DataTable-QAB34V6K.js.map → DataTable-IX2NBUTP.js.map} +0 -0
/package/dist/{UnifiedAuthProvider-7F6T4B6K.js.map → UnifiedAuthProvider-A4BCQRJY.js.map} +0 -0
/package/dist/{api-ROMBCNKU.js.map → api-BMFCXVQX.js.map} +0 -0
/package/dist/{chunk-W22JP75J.js.map → chunk-STTZQK2I.js.map} +0 -0
/package/dist/{chunk-QCDXODCA.js.map → chunk-XAUHJD3L.js.map} +0 -0

package/src/rbac/errors.ts CHANGED Viewed

@@ -4,6 +4,7 @@ import {
   OrganisationContextRequiredError,
   InvalidScopeError,
   MissingUserContextError,
+  RBACNotInitializedError,
 } from './types';
 export enum RBACErrorCategory {
@@ -154,3 +155,13 @@ export function mapErrorCategoryToSecurityEventType(category: RBACErrorCategory)
       return 'unknown_error';
   }
 }
+// Re-export error classes for convenience
+export {
+  RBACError,
+  PermissionDeniedError,
+  OrganisationContextRequiredError,
+  InvalidScopeError,
+  MissingUserContextError,
+  RBACNotInitializedError,
+};

package/src/rbac/hooks/useRoleManagement.ts CHANGED Viewed

@@ -13,25 +13,46 @@
  * import { useRoleManagement } from '@jmruthers/pace-core/rbac';
  *
  * function UserRolesComponent() {
- *   const { revokeEventAppRole, grantEventAppRole, isLoading, error } = useRoleManagement();
+ *   const {
+ *     revokeEventAppRole,
+ *     grantEventAppRole,
+ *     grantGlobalRole,
+ *     revokeGlobalRole,
+ *     grantOrganisationRole,
+ *     revokeOrganisationRole,
+ *     isLoading,
+ *     error
+ *   } = useRoleManagement();
  *
- *   const handleRevokeRole = async (roleId: string, roleData: EventAppRoleData) => {
- *     const result = await revokeEventAppRole({
- *       userId: roleData.user_id,
- *       organisationId: roleData.organisation_id,
- *       eventId: roleData.event_id,
- *       appId: roleData.app_id,
- *       role: roleData.role
+ *   // Grant a global role
+ *   const handleGrantGlobalRole = async () => {
+ *     const result = await grantGlobalRole({
+ *       user_id: userId,
+ *       role: 'super_admin'
  *     });
+ *     if (result.success) {
+ *       toast({ title: 'Role granted successfully' });
+ *     }
+ *   };
  *
+ *   // Grant an organisation role
+ *   const handleGrantOrgRole = async () => {
+ *     const result = await grantOrganisationRole({
+ *       user_id: userId,
+ *       organisation_id: orgId,
+ *       role: 'org_admin'
+ *     });
  *     if (result.success) {
- *       toast({ title: 'Role revoked successfully' });
- *     } else {
- *       toast({ title: 'Failed to revoke role', variant: 'destructive' });
+ *       toast({ title: 'Role granted successfully' });
  *     }
  *   };
  *
- *   return <button onClick={() => handleRevokeRole(roleId, roleData)}>Revoke Role</button>;
+ *   return (
+ *     <div>
+ *       <button onClick={handleGrantGlobalRole}>Grant Super Admin</button>
+ *       <button onClick={handleGrantOrgRole}>Grant Org Admin</button>
+ *     </div>
+ *   );
  * }
  * ```
  */
@@ -48,6 +69,17 @@ export interface EventAppRoleData {
   role: 'viewer' | 'participant' | 'planner' | 'event_admin';
 }
+export interface OrganisationRoleData {
+  user_id: UUID;
+  organisation_id: UUID;
+  role: 'supporter' | 'member' | 'leader' | 'org_admin';
+}
+export interface GlobalRoleData {
+  user_id: UUID;
+  role: 'super_admin';
+}
 export interface RevokeEventAppRoleParams extends EventAppRoleData {
   revoked_by?: UUID;
 }
@@ -58,6 +90,26 @@ export interface GrantEventAppRoleParams extends EventAppRoleData {
   valid_to?: string | null;
 }
+export interface RevokeOrganisationRoleParams extends OrganisationRoleData {
+  revoked_by?: UUID;
+}
+export interface GrantOrganisationRoleParams extends OrganisationRoleData {
+  granted_by?: UUID;
+  valid_from?: string;
+  valid_to?: string | null;
+}
+export interface RevokeGlobalRoleParams extends GlobalRoleData {
+  revoked_by?: UUID;
+}
+export interface GrantGlobalRoleParams extends GlobalRoleData {
+  granted_by?: UUID;
+  valid_from?: string;
+  valid_to?: string | null;
+}
 export interface RoleManagementResult {
   success: boolean;
   message?: string;
@@ -244,10 +296,238 @@ export function useRoleManagement() {
     }
   }, [user?.id, supabase]);
+  /**
+   * Grant a global role using the unified RPC function
+   *
+   * This function uses the `rbac_role_grant` RPC which:
+   * - Runs with SECURITY DEFINER privileges
+   * - Includes proper permission checks
+   * - Automatically populates audit fields (granted_by, timestamps)
+   * - Complies with Row-Level Security policies
+   *
+   * @param params - Role grant parameters
+   * @returns Promise resolving to operation result with role ID
+   */
+  const grantGlobalRole = useCallback(async (
+    params: GrantGlobalRoleParams
+  ): Promise<RoleManagementResult> => {
+    setIsLoading(true);
+    setError(null);
+    try {
+      const { data, error: rpcError } = await supabase.rpc('rbac_role_grant', {
+        p_user_id: params.user_id,
+        p_role_type: 'global',
+        p_role_name: params.role,
+        p_context_id: null, // Global roles don't need context
+        p_granted_by: params.granted_by || user?.id || undefined
+      });
+      if (rpcError) {
+        throw new Error(rpcError.message || 'Failed to grant role');
+      }
+      // rbac_role_grant returns a table with success, message, role_id, error_code
+      const result = Array.isArray(data) && data.length > 0 ? data[0] : null;
+      if (!result || !result.success) {
+        return {
+          success: false,
+          error: result?.message || result?.error_code || 'Failed to grant role',
+          message: result?.message
+        };
+      }
+      return {
+        success: true,
+        message: result.message || 'Role granted successfully',
+        roleId: result.role_id
+      };
+    } catch (err) {
+      const errorMessage = err instanceof Error ? err.message : 'Unknown error occurred';
+      setError(err instanceof Error ? err : new Error(errorMessage));
+      return {
+        success: false,
+        error: errorMessage
+      };
+    } finally {
+      setIsLoading(false);
+    }
+  }, [user?.id, supabase]);
+  /**
+   * Revoke a global role using the unified RPC function
+   *
+   * This function uses the `rbac_role_revoke` RPC which:
+   * - Runs with SECURITY DEFINER privileges
+   * - Includes proper permission checks
+   * - Automatically populates audit fields (revoked_by, timestamps)
+   * - Complies with Row-Level Security policies
+   *
+   * @param params - Role revocation parameters
+   * @returns Promise resolving to operation result
+   */
+  const revokeGlobalRole = useCallback(async (
+    params: RevokeGlobalRoleParams
+  ): Promise<RoleManagementResult> => {
+    setIsLoading(true);
+    setError(null);
+    try {
+      const { data, error: rpcError } = await supabase.rpc('rbac_role_revoke', {
+        p_user_id: params.user_id,
+        p_role_type: 'global',
+        p_role_name: params.role,
+        p_context_id: null, // Global roles don't need context
+        p_revoked_by: params.revoked_by || user?.id || undefined
+      });
+      if (rpcError) {
+        throw new Error(rpcError.message || 'Failed to revoke role');
+      }
+      // rbac_role_revoke returns a table with success, message, revoked_count, error_code
+      const result = Array.isArray(data) && data.length > 0 ? data[0] : null;
+      return {
+        success: result?.success === true,
+        message: result?.message || undefined,
+        error: result?.success === false ? (result?.message || result?.error_code || 'Unknown error') : undefined
+      };
+    } catch (err) {
+      const errorMessage = err instanceof Error ? err.message : 'Unknown error occurred';
+      setError(err instanceof Error ? err : new Error(errorMessage));
+      return {
+        success: false,
+        error: errorMessage
+      };
+    } finally {
+      setIsLoading(false);
+    }
+  }, [user?.id, supabase]);
+  /**
+   * Grant an organisation role using the unified RPC function
+   *
+   * This function uses the `rbac_role_grant` RPC which:
+   * - Runs with SECURITY DEFINER privileges
+   * - Includes proper permission checks
+   * - Automatically populates audit fields (granted_by, timestamps)
+   * - Complies with Row-Level Security policies
+   *
+   * @param params - Role grant parameters
+   * @returns Promise resolving to operation result with role ID
+   */
+  const grantOrganisationRole = useCallback(async (
+    params: GrantOrganisationRoleParams
+  ): Promise<RoleManagementResult> => {
+    setIsLoading(true);
+    setError(null);
+    try {
+      const { data, error: rpcError } = await supabase.rpc('rbac_role_grant', {
+        p_user_id: params.user_id,
+        p_role_type: 'organisation',
+        p_role_name: params.role,
+        p_context_id: params.organisation_id, // Organisation ID as context
+        p_granted_by: params.granted_by || user?.id || undefined
+      });
+      if (rpcError) {
+        throw new Error(rpcError.message || 'Failed to grant role');
+      }
+      // rbac_role_grant returns a table with success, message, role_id, error_code
+      const result = Array.isArray(data) && data.length > 0 ? data[0] : null;
+      if (!result || !result.success) {
+        return {
+          success: false,
+          error: result?.message || result?.error_code || 'Failed to grant role',
+          message: result?.message
+        };
+      }
+      return {
+        success: true,
+        message: result.message || 'Role granted successfully',
+        roleId: result.role_id
+      };
+    } catch (err) {
+      const errorMessage = err instanceof Error ? err.message : 'Unknown error occurred';
+      setError(err instanceof Error ? err : new Error(errorMessage));
+      return {
+        success: false,
+        error: errorMessage
+      };
+    } finally {
+      setIsLoading(false);
+    }
+  }, [user?.id, supabase]);
+  /**
+   * Revoke an organisation role using the unified RPC function
+   *
+   * This function uses the `rbac_role_revoke` RPC which:
+   * - Runs with SECURITY DEFINER privileges
+   * - Includes proper permission checks
+   * - Automatically populates audit fields (revoked_by, timestamps)
+   * - Complies with Row-Level Security policies
+   *
+   * @param params - Role revocation parameters
+   * @returns Promise resolving to operation result
+   */
+  const revokeOrganisationRole = useCallback(async (
+    params: RevokeOrganisationRoleParams
+  ): Promise<RoleManagementResult> => {
+    setIsLoading(true);
+    setError(null);
+    try {
+      const { data, error: rpcError } = await supabase.rpc('rbac_role_revoke', {
+        p_user_id: params.user_id,
+        p_role_type: 'organisation',
+        p_role_name: params.role,
+        p_context_id: params.organisation_id, // Organisation ID as context
+        p_revoked_by: params.revoked_by || user?.id || undefined
+      });
+      if (rpcError) {
+        throw new Error(rpcError.message || 'Failed to revoke role');
+      }
+      // rbac_role_revoke returns a table with success, message, revoked_count, error_code
+      const result = Array.isArray(data) && data.length > 0 ? data[0] : null;
+      return {
+        success: result?.success === true,
+        message: result?.message || undefined,
+        error: result?.success === false ? (result?.message || result?.error_code || 'Unknown error') : undefined
+      };
+    } catch (err) {
+      const errorMessage = err instanceof Error ? err.message : 'Unknown error occurred';
+      setError(err instanceof Error ? err : new Error(errorMessage));
+      return {
+        success: false,
+        error: errorMessage
+      };
+    } finally {
+      setIsLoading(false);
+    }
+  }, [user?.id, supabase]);
   return {
+    // Event app roles (existing)
     revokeEventAppRole,
     grantEventAppRole,
     revokeRoleById,
+    // Global roles (new)
+    grantGlobalRole,
+    revokeGlobalRole,
+    // Organisation roles (new)
+    grantOrganisationRole,
+    revokeOrganisationRole,
+    // Shared state
     isLoading,
     error
   };

package/src/rbac/index.ts CHANGED Viewed

@@ -113,3 +113,33 @@ export {
 // Permissions
 export * from './permissions';
+// Compliance
+export {
+  isRBACInitialized,
+  validateRBACSetup,
+  getSetupIssues,
+  type SetupIssue,
+  type ComplianceResult,
+} from './compliance/setup-validator';
+export {
+  checkRuntimeCompliance,
+  validateAndWarn,
+  type RuntimeComplianceResult,
+} from './compliance/runtime-compliance';
+export {
+  validateDatabaseConfiguration,
+  type DatabaseComplianceResult,
+  type DatabaseIssue,
+} from './compliance/database-validator';
+export {
+  getQuickFixes,
+  getCustomAuthCodeFixes,
+  getDuplicateConfigFixes,
+  getUnprotectedPageFixes,
+  getDirectSupabaseAuthFixes,
+  type QuickFix,
+} from './compliance/quick-fix-suggestions';

package/src/services/OrganisationService.ts CHANGED Viewed

@@ -519,6 +519,7 @@ export class OrganisationService extends BaseService implements IOrganisationSer
       // Auto-select organisation: try persisted, then primary, then first
       let initialOrg: Organisation | null = null;
+      let selectionMethod: 'persisted' | 'admin' | 'first' = 'first';
       // 1. Try to restore from localStorage
       try {
@@ -530,6 +531,7 @@ export class OrganisationService extends BaseService implements IOrganisationSer
             const validPersistedOrg = activeOrgs.find(org => org.id === persistedOrg.id);
             if (validPersistedOrg) {
               initialOrg = validPersistedOrg;
+              selectionMethod = 'persisted';
             } else {
               logger.warn("OrganisationService", "Persisted organisation not found in active orgs, clearing cache");
               localStorage.removeItem('pace-core-selected-organisation');
@@ -552,6 +554,7 @@ export class OrganisationService extends BaseService implements IOrganisationSer
           const foundOrg = organisations.find((org) => org.id === adminMembership.organisation_id);
           if (foundOrg) {
             initialOrg = foundOrg;
+            selectionMethod = 'admin';
           }
         }
       }
@@ -559,6 +562,7 @@ export class OrganisationService extends BaseService implements IOrganisationSer
       // 3. Fall back to first organisation
       if (!initialOrg) {
         initialOrg = activeOrgs[0];
+        selectionMethod = 'first';
       }
       if (!initialOrg) {

package/src/types/file-reference.ts CHANGED Viewed

@@ -51,12 +51,18 @@ export enum FileCategory {
   TRAC_TRANSPORT = 'trac_transport'
 }
+/**
+ * Options for uploading a file with a file reference
+ * @property pageContext - The page context where the file upload occurs (e.g., 'configuration', 'forms', 'applications')
+ *                          Used for context-aware permission checks. Required to check appropriate page-level permissions.
+ */
 export interface FileUploadOptions {
   table_name: string;
   record_id: string;
   organisation_id: string;
   app_id: AppId;
   category: FileCategory;
+  pageContext: string;
   is_public?: boolean;
   custom_metadata?: Record<string, unknown>;
 }