npm - @jmruthers/pace-core - Versions diffs - 0.5.184 → 0.5.186 - Mend

@jmruthers/pace-core 0.5.184 → 0.5.186

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (319) hide show

package/CHANGELOG.md +38 -0
package/README.md +60 -1
package/core-usage-manifest.json +312 -0
package/dist/{DataTable-QAB34V6K.js → DataTable-IX2NBUTP.js} +6 -6
package/dist/{DataTable-Bz8ffqyA.d.ts → DataTable-Z9NLVJh0.d.ts} +1 -1
package/dist/{index-Bl--n7-T.d.ts → PublicPageProvider-DIzEzwKl.d.ts} +23 -10
package/dist/{UnifiedAuthProvider-7F6T4B6K.js → UnifiedAuthProvider-A4BCQRJY.js} +4 -2
package/dist/{UnifiedAuthProvider-F86d7dSi.d.ts → UnifiedAuthProvider-BG0AL5eE.d.ts} +2 -1
package/dist/{api-ROMBCNKU.js → api-BMFCXVQX.js} +2 -2
package/dist/{chunk-RA3JUFMW.js → chunk-445GEP27.js} +154 -4
package/dist/{chunk-RA3JUFMW.js.map → chunk-445GEP27.js.map} +1 -1
package/dist/{chunk-W22JP75J.js → chunk-DAGICKHT.js} +9 -7
package/dist/chunk-DAGICKHT.js.map +1 -0
package/dist/{chunk-FUEYYMX5.js → chunk-FXFJRTKI.js} +24 -3
package/dist/chunk-FXFJRTKI.js.map +1 -0
package/dist/{chunk-CSOFYHAG.js → chunk-GRIQLQ52.js} +374 -60
package/dist/chunk-GRIQLQ52.js.map +1 -0
package/dist/{chunk-NQPMQGS2.js → chunk-HDCUMOOI.js} +497 -399
package/dist/chunk-HDCUMOOI.js.map +1 -0
package/dist/chunk-HESYZWZW.js +388 -0
package/dist/chunk-HESYZWZW.js.map +1 -0
package/dist/{chunk-QUVSNGIP.js → chunk-HGPQUCBC.js} +34 -9
package/dist/{chunk-QUVSNGIP.js.map → chunk-HGPQUCBC.js.map} +1 -1
package/dist/{chunk-PWAHJW4G.js → chunk-OALXJH4Y.js} +86 -33
package/dist/chunk-OALXJH4Y.js.map +1 -0
package/dist/{chunk-MI7HBHN3.js → chunk-TC7D3CR3.js} +89 -9
package/dist/chunk-TC7D3CR3.js.map +1 -0
package/dist/chunk-THRPYOFK.js +215 -0
package/dist/chunk-THRPYOFK.js.map +1 -0
package/dist/{chunk-M7W4CP3M.js → chunk-U6WNSFX5.js} +2 -1
package/dist/chunk-U6WNSFX5.js.map +1 -0
package/dist/{chunk-UHNYIBXL.js → chunk-UQWSHFVX.js} +1 -1
package/dist/chunk-UQWSHFVX.js.map +1 -0
package/dist/{chunk-QCDXODCA.js → chunk-XAUHJD3L.js} +2 -2
package/dist/components.d.ts +182 -6
package/dist/components.js +157 -11
package/dist/components.js.map +1 -1
package/dist/{database.generated-CBmg2950.d.ts → database.generated-DI89OQeI.d.ts} +63 -9
package/dist/eslint-rules/pace-core-compliance.cjs +406 -0
package/dist/{file-reference-D06mEEWW.d.ts → file-reference-PRTSLxKx.d.ts} +10 -1
package/dist/hooks.d.ts +52 -15
package/dist/hooks.js +12 -22
package/dist/hooks.js.map +1 -1
package/dist/index.d.ts +12 -12
package/dist/index.js +82 -18
package/dist/index.js.map +1 -1
package/dist/providers.d.ts +1 -1
package/dist/providers.js +3 -1
package/dist/rbac/index.d.ts +206 -15
package/dist/rbac/index.js +28 -6
package/dist/timezone-_pgH8qrY.d.ts +530 -0
package/dist/{types-_x1f4QBF.d.ts → types-DUyCRSTj.d.ts} +1 -1
package/dist/types.d.ts +2 -2
package/dist/types.js +1 -1
package/dist/{usePublicRouteParams-JJczomYq.d.ts → usePublicRouteParams-D71QLlg4.d.ts} +114 -3
package/dist/utils.d.ts +110 -152
package/dist/utils.js +128 -138
package/dist/utils.js.map +1 -1
package/docs/api/README.md +60 -1
package/docs/api/classes/ColumnFactory.md +1 -1
package/docs/api/classes/ErrorBoundary.md +1 -1
package/docs/api/classes/InvalidScopeError.md +1 -1
package/docs/api/classes/Logger.md +178 -0
package/docs/api/classes/MissingUserContextError.md +1 -1
package/docs/api/classes/OrganisationContextRequiredError.md +1 -1
package/docs/api/classes/PermissionDeniedError.md +1 -1
package/docs/api/classes/RBACAuditManager.md +2 -2
package/docs/api/classes/RBACCache.md +1 -1
package/docs/api/classes/RBACEngine.md +2 -2
package/docs/api/classes/RBACError.md +1 -1
package/docs/api/classes/RBACNotInitializedError.md +1 -1
package/docs/api/classes/SecureSupabaseClient.md +5 -5
package/docs/api/classes/StorageUtils.md +1 -1
package/docs/api/enums/FileCategory.md +1 -1
package/docs/api/enums/LogLevel.md +54 -0
package/docs/api/enums/RBACErrorCode.md +1 -1
package/docs/api/enums/RPCFunction.md +1 -1
package/docs/api/interfaces/AggregateConfig.md +1 -1
package/docs/api/interfaces/BadgeProps.md +1 -1
package/docs/api/interfaces/ButtonProps.md +1 -1
package/docs/api/interfaces/CalendarProps.md +18 -2
package/docs/api/interfaces/CardProps.md +1 -1
package/docs/api/interfaces/ColorPalette.md +1 -1
package/docs/api/interfaces/ColorShade.md +1 -1
package/docs/api/interfaces/ComplianceResult.md +30 -0
package/docs/api/interfaces/DataAccessRecord.md +1 -1
package/docs/api/interfaces/DataRecord.md +1 -1
package/docs/api/interfaces/DataTableAction.md +1 -1
package/docs/api/interfaces/DataTableColumn.md +1 -1
package/docs/api/interfaces/DataTableProps.md +1 -1
package/docs/api/interfaces/DataTableToolbarButton.md +1 -1
package/docs/api/interfaces/DatabaseComplianceResult.md +85 -0
package/docs/api/interfaces/DatabaseIssue.md +41 -0
package/docs/api/interfaces/EmptyStateConfig.md +1 -1
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +1 -1
package/docs/api/interfaces/EventAppRoleData.md +6 -6
package/docs/api/interfaces/ExportColumn.md +1 -1
package/docs/api/interfaces/ExportOptions.md +1 -1
package/docs/api/interfaces/FileDisplayProps.md +1 -1
package/docs/api/interfaces/FileMetadata.md +1 -1
package/docs/api/interfaces/FileReference.md +1 -1
package/docs/api/interfaces/FileSizeLimits.md +1 -1
package/docs/api/interfaces/FileUploadOptions.md +48 -8
package/docs/api/interfaces/FileUploadProps.md +46 -13
package/docs/api/interfaces/FooterProps.md +1 -1
package/docs/api/interfaces/FormFieldProps.md +1 -1
package/docs/api/interfaces/FormProps.md +1 -1
package/docs/api/interfaces/GrantEventAppRoleParams.md +9 -9
package/docs/api/interfaces/InactivityWarningModalProps.md +1 -1
package/docs/api/interfaces/InputProps.md +1 -1
package/docs/api/interfaces/LabelProps.md +1 -1
package/docs/api/interfaces/LoggerConfig.md +62 -0
package/docs/api/interfaces/LoginFormProps.md +1 -1
package/docs/api/interfaces/NavigationAccessRecord.md +1 -1
package/docs/api/interfaces/NavigationContextType.md +1 -1
package/docs/api/interfaces/NavigationGuardProps.md +1 -1
package/docs/api/interfaces/NavigationItem.md +1 -1
package/docs/api/interfaces/NavigationMenuProps.md +1 -1
package/docs/api/interfaces/NavigationProviderProps.md +1 -1
package/docs/api/interfaces/Organisation.md +1 -1
package/docs/api/interfaces/OrganisationContextType.md +1 -1
package/docs/api/interfaces/OrganisationMembership.md +1 -1
package/docs/api/interfaces/OrganisationProviderProps.md +1 -1
package/docs/api/interfaces/OrganisationSecurityError.md +1 -1
package/docs/api/interfaces/PaceAppLayoutProps.md +36 -23
package/docs/api/interfaces/PaceLoginPageProps.md +1 -1
package/docs/api/interfaces/PageAccessRecord.md +1 -1
package/docs/api/interfaces/PagePermissionContextType.md +1 -1
package/docs/api/interfaces/PagePermissionGuardProps.md +11 -11
package/docs/api/interfaces/PagePermissionProviderProps.md +1 -1
package/docs/api/interfaces/PaletteData.md +1 -1
package/docs/api/interfaces/PermissionEnforcerProps.md +1 -1
package/docs/api/interfaces/ProgressProps.md +1 -1
package/docs/api/interfaces/ProtectedRouteProps.md +6 -6
package/docs/api/interfaces/PublicPageFooterProps.md +1 -1
package/docs/api/interfaces/PublicPageHeaderProps.md +1 -1
package/docs/api/interfaces/PublicPageLayoutProps.md +1 -1
package/docs/api/interfaces/QuickFix.md +52 -0
package/docs/api/interfaces/RBACAccessValidateParams.md +1 -1
package/docs/api/interfaces/RBACAccessValidateResult.md +1 -1
package/docs/api/interfaces/RBACAuditLogParams.md +1 -1
package/docs/api/interfaces/RBACAuditLogResult.md +1 -1
package/docs/api/interfaces/RBACConfig.md +4 -4
package/docs/api/interfaces/RBACContext.md +1 -1
package/docs/api/interfaces/RBACLogger.md +1 -1
package/docs/api/interfaces/RBACPageAccessCheckParams.md +1 -1
package/docs/api/interfaces/RBACPermissionCheckParams.md +1 -1
package/docs/api/interfaces/RBACPermissionCheckResult.md +1 -1
package/docs/api/interfaces/RBACPermissionsGetParams.md +1 -1
package/docs/api/interfaces/RBACPermissionsGetResult.md +1 -1
package/docs/api/interfaces/RBACResult.md +1 -1
package/docs/api/interfaces/RBACRoleGrantParams.md +1 -1
package/docs/api/interfaces/RBACRoleGrantResult.md +1 -1
package/docs/api/interfaces/RBACRoleRevokeParams.md +1 -1
package/docs/api/interfaces/RBACRoleRevokeResult.md +1 -1
package/docs/api/interfaces/RBACRoleValidateParams.md +1 -1
package/docs/api/interfaces/RBACRoleValidateResult.md +1 -1
package/docs/api/interfaces/RBACRolesListParams.md +1 -1
package/docs/api/interfaces/RBACRolesListResult.md +1 -1
package/docs/api/interfaces/RBACSessionTrackParams.md +1 -1
package/docs/api/interfaces/RBACSessionTrackResult.md +1 -1
package/docs/api/interfaces/ResourcePermissions.md +1 -1
package/docs/api/interfaces/RevokeEventAppRoleParams.md +7 -7
package/docs/api/interfaces/RoleBasedRouterContextType.md +1 -1
package/docs/api/interfaces/RoleBasedRouterProps.md +1 -1
package/docs/api/interfaces/RoleManagementResult.md +5 -5
package/docs/api/interfaces/RouteAccessRecord.md +1 -1
package/docs/api/interfaces/RouteConfig.md +1 -1
package/docs/api/interfaces/RuntimeComplianceResult.md +55 -0
package/docs/api/interfaces/SecureDataContextType.md +1 -1
package/docs/api/interfaces/SecureDataProviderProps.md +1 -1
package/docs/api/interfaces/SessionRestorationLoaderProps.md +1 -1
package/docs/api/interfaces/SetupIssue.md +41 -0
package/docs/api/interfaces/StorageConfig.md +1 -1
package/docs/api/interfaces/StorageFileInfo.md +1 -1
package/docs/api/interfaces/StorageFileMetadata.md +1 -1
package/docs/api/interfaces/StorageListOptions.md +1 -1
package/docs/api/interfaces/StorageListResult.md +1 -1
package/docs/api/interfaces/StorageUploadOptions.md +1 -1
package/docs/api/interfaces/StorageUploadResult.md +1 -1
package/docs/api/interfaces/StorageUrlOptions.md +1 -1
package/docs/api/interfaces/StyleImport.md +1 -1
package/docs/api/interfaces/SwitchProps.md +1 -1
package/docs/api/interfaces/TabsContentProps.md +1 -1
package/docs/api/interfaces/TabsListProps.md +1 -1
package/docs/api/interfaces/TabsProps.md +1 -1
package/docs/api/interfaces/TabsTriggerProps.md +1 -1
package/docs/api/interfaces/TextareaProps.md +1 -1
package/docs/api/interfaces/ToastActionElement.md +1 -1
package/docs/api/interfaces/ToastProps.md +1 -1
package/docs/api/interfaces/UnifiedAuthContextType.md +1 -1
package/docs/api/interfaces/UnifiedAuthProviderProps.md +1 -1
package/docs/api/interfaces/UseFormDialogOptions.md +62 -0
package/docs/api/interfaces/UseFormDialogReturn.md +117 -0
package/docs/api/interfaces/UseInactivityTrackerOptions.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoOptions.md +2 -2
package/docs/api/interfaces/UsePublicEventLogoReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventReturn.md +1 -1
package/docs/api/interfaces/UsePublicFileDisplayOptions.md +2 -2
package/docs/api/interfaces/UsePublicFileDisplayReturn.md +1 -1
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +1 -1
package/docs/api/interfaces/UseResolvedScopeOptions.md +2 -2
package/docs/api/interfaces/UseResolvedScopeReturn.md +1 -1
package/docs/api/interfaces/UseResourcePermissionsOptions.md +1 -1
package/docs/api/interfaces/UserEventAccess.md +1 -1
package/docs/api/interfaces/UserMenuProps.md +1 -1
package/docs/api/interfaces/UserProfile.md +1 -1
package/docs/api/modules.md +746 -50
package/docs/api-reference/components.md +26 -12
package/docs/api-reference/hooks.md +111 -0
package/docs/api-reference/rpc-functions.md +1 -1
package/docs/api-reference/utilities.md +184 -0
package/docs/getting-started/installation-guide.md +75 -16
package/docs/getting-started/quick-start.md +61 -11
package/docs/implementation-guides/authentication.md +88 -12
package/docs/implementation-guides/file-reference-system.md +26 -3
package/docs/implementation-guides/file-upload-storage.md +30 -1
package/docs/rbac/README.md +1 -0
package/docs/rbac/compliance/compliance-guide.md +544 -0
package/docs/rbac/getting-started.md +158 -33
package/docs/standards/pace-core-compliance.md +432 -0
package/eslint-config-pace-core.cjs +93 -0
package/package.json +15 -3
package/scripts/analyze-bundle.js +232 -0
package/scripts/build-css.js +56 -0
package/scripts/build-docs-incremental.js +1015 -0
package/scripts/check-pace-core-compliance.cjs +2353 -0
package/scripts/check-pace-core-compliance.js +512 -0
package/scripts/generate-docs.js +157 -0
package/scripts/setup-build-cache.js +73 -0
package/scripts/utils/command-runner.js +131 -0
package/scripts/utils/env.js +33 -0
package/scripts/utils/index.js +10 -0
package/scripts/utils/logger.js +88 -0
package/scripts/utils/path-helpers.js +37 -0
package/scripts/validate-formats.js +133 -0
package/scripts/validate-master.js +155 -0
package/scripts/validate-pre-publish.js +140 -0
package/scripts/validate-theme.js +142 -0
package/src/components/Calendar/Calendar.tsx +8 -1
package/src/components/Card/Card.tsx +47 -8
package/src/components/DatePickerWithTimezone/DatePickerWithTimezone.test.tsx +314 -0
package/src/components/DatePickerWithTimezone/DatePickerWithTimezone.tsx +126 -0
package/src/components/DatePickerWithTimezone/README.md +135 -0
package/src/components/DatePickerWithTimezone/index.ts +10 -0
package/src/components/DateTimeField/DateTimeField.test.tsx +358 -0
package/src/components/DateTimeField/DateTimeField.tsx +232 -0
package/src/components/DateTimeField/README.md +148 -0
package/src/components/DateTimeField/index.ts +10 -0
package/src/components/FileUpload/FileUpload.test.tsx +2 -0
package/src/components/FileUpload/FileUpload.tsx +10 -1
package/src/components/Header/Header.test.tsx +47 -18
package/src/components/Header/Header.tsx +22 -7
package/src/components/PaceAppLayout/PaceAppLayout.tsx +29 -20
package/src/components/PaceAppLayout/README.md +9 -0
package/src/components/ProtectedRoute/ProtectedRoute.test.tsx +37 -8
package/src/components/ProtectedRoute/ProtectedRoute.tsx +146 -5
package/src/components/index.ts +8 -0
package/src/eslint-rules/pace-core-compliance.cjs +406 -0
package/src/eslint-rules/pace-core-compliance.js +640 -0
package/src/hooks/__tests__/useFormDialog.test.ts +478 -0
package/src/hooks/index.ts +5 -0
package/src/hooks/useFileReference.test.ts +2 -0
package/src/hooks/useFormDialog.ts +147 -0
package/src/hooks/usePreventTabReload.ts +106 -0
package/src/hooks/useSecureDataAccess.ts +2 -2
package/src/index.ts +27 -0
package/src/providers/services/OrganisationServiceProvider.tsx +6 -5
package/src/providers/services/UnifiedAuthProvider.tsx +24 -3
package/src/rbac/__tests__/rbac-role-isolation.test.ts +456 -0
package/src/rbac/__tests__/scenarios.user-role.test.tsx +3 -0
package/src/rbac/compliance/database-validator.ts +165 -0
package/src/rbac/compliance/index.ts +38 -0
package/src/rbac/compliance/quick-fix-suggestions.ts +209 -0
package/src/rbac/compliance/runtime-compliance.ts +77 -0
package/src/rbac/compliance/setup-validator.ts +131 -0
package/src/rbac/components/PagePermissionGuard.tsx +8 -64
package/src/rbac/components/__tests__/PagePermissionGuard.test.tsx +35 -21
package/src/rbac/docs/event-based-apps.md +285 -0
package/src/rbac/errors.ts +11 -0
package/src/rbac/hooks/useRoleManagement.ts +292 -12
package/src/rbac/index.ts +30 -0
package/src/services/OrganisationService.ts +4 -0
package/src/styles/core.css +5 -5
package/src/types/database.generated.ts +63 -9
package/src/types/file-reference.ts +9 -0
package/src/utils/__tests__/timezone.test.ts +345 -0
package/src/utils/file-reference/__tests__/file-reference.test.ts +60 -4
package/src/utils/file-reference/index.ts +13 -2
package/src/utils/formatting/formatDateTimeTimezone.test.ts +167 -0
package/src/utils/formatting/formatting.ts +179 -0
package/src/utils/index.ts +27 -1
package/src/utils/location/index.ts +16 -0
package/src/utils/location/location.test.ts +286 -0
package/src/utils/location/location.ts +175 -0
package/src/utils/security/secureDataAccess.ts +1 -1
package/src/utils/storage/helpers.ts +68 -0
package/src/utils/timezone/index.ts +17 -0
package/src/utils/timezone/timezone.test.ts +349 -0
package/src/utils/timezone/timezone.ts +281 -0
package/dist/chunk-CSOFYHAG.js.map +0 -1
package/dist/chunk-FUEYYMX5.js.map +0 -1
package/dist/chunk-HKIT6O7W.js +0 -198
package/dist/chunk-HKIT6O7W.js.map +0 -1
package/dist/chunk-KUEN3HFB.js +0 -94
package/dist/chunk-KUEN3HFB.js.map +0 -1
package/dist/chunk-M7W4CP3M.js.map +0 -1
package/dist/chunk-MI7HBHN3.js.map +0 -1
package/dist/chunk-NQPMQGS2.js.map +0 -1
package/dist/chunk-PWAHJW4G.js.map +0 -1
package/dist/chunk-UHNYIBXL.js.map +0 -1
package/dist/chunk-W22JP75J.js.map +0 -1
package/dist/formatting-5wETwiGF.d.ts +0 -162
/package/dist/{DataTable-QAB34V6K.js.map → DataTable-IX2NBUTP.js.map} +0 -0
/package/dist/{UnifiedAuthProvider-7F6T4B6K.js.map → UnifiedAuthProvider-A4BCQRJY.js.map} +0 -0
/package/dist/{api-ROMBCNKU.js.map → api-BMFCXVQX.js.map} +0 -0
/package/dist/{chunk-QCDXODCA.js.map → chunk-XAUHJD3L.js.map} +0 -0

package/src/components/PaceAppLayout/PaceAppLayout.tsx CHANGED Viewed

@@ -128,6 +128,8 @@ export interface PaceAppLayoutProps {
   navItems?: NavigationItem[];
   /** Show/hide event selector in the header */
   showEventSelector?: boolean;
+  /** Show/hide organisation selector in the header */
+  showOrgSelector?: boolean;
   /** Custom actions to display in the header (between event selector and user menu) */
   headerActions?: React.ReactNode;
   /** Custom logo component (overrides default logo) */
@@ -344,6 +346,7 @@ export function PaceAppLayout({
   appName,
   navItems,
   showEventSelector,
+  showOrgSelector,
   headerActions,
   customLogo,
   logoHref = '/dashboard',
@@ -573,16 +576,25 @@ export function PaceAppLayout({
       const hasOrganisationContext = currentScope.organisationId;
       const hasUser = !!user?.id;
-      // If we have user + organisation, show items immediately (optimistic rendering)
-      // Then filter them when permissions are fully loaded
-      if (hasUser && hasOrganisationContext) {
-        // We have minimum required context - proceed with filtering
-        // Don't wait for appId or eventId - we can filter with organisationId alone
-        // Permission checks will work with resource permissions even without appId
-      } else if (!hasUser || !hasOrganisationContext) {
-        // Missing required context - wait for it
+      // BUG FIX: When showOrgSelector is enabled, show navigation optimistically while waiting
+      // for organisation selection. Only hide navigation if user is not loaded.
+      // This prevents navigation from disappearing after initial render while waiting for org selection.
+      if (!hasUser) {
+        // User not loaded yet - show all items until user is ready
+        if (isMounted) {
+          setFilteredMenuItems(baseMenuItems);
+        }
+        return;
+      }
+      // If no organisation context yet, show items optimistically if org selector is enabled
+      // This allows users to see navigation while they select an organisation
+      // Only proceed with permission filtering once organisation is selected
+      if (!hasOrganisationContext) {
         if (isMounted) {
-          setFilteredMenuItems([]);
+          // Show items optimistically when org selector is enabled, otherwise show all items
+          // This prevents navigation from disappearing while waiting for organisation selection
+          setFilteredMenuItems(baseMenuItems);
         }
         return;
       }
@@ -612,15 +624,6 @@ export function PaceAppLayout({
         }
       }
-      // If no organisation context yet, show all items until context is ready
-      // This prevents navigation from being empty while context loads
-      if (!currentScope.organisationId) {
-        if (isMounted) {
-          setFilteredMenuItems(baseMenuItems);
-        }
-        return;
-      }
       // Organisation context is ready - now filter items based on permissions
       // OPTIMIZATION: Use batch permission map instead of individual checks to avoid rate limits
       // This makes 1 call instead of N calls (where N = number of navigation items)
@@ -645,7 +648,9 @@ export function PaceAppLayout({
         const filtered = baseMenuItems.map((item) => {
           if (!item.href) return { item, hasAccess: true };
-          const pageId = pageIdMapping[item.href] || item.href.slice(1) || 'home';
+          // Extract page ID from href: remove leading slash, fallback to 'dashboard' for root
+          // This matches database page names in rbac_app_pages
+          const pageId = pageIdMapping[item.href] || (item.href === '/' ? 'dashboard' : item.href.slice(1)) || 'dashboard';
           const permission = routePermissions[item.href] || defaultPermission;
           const fullPermission: Permission = permission.includes(':')
             ? (permission as Permission)
@@ -663,6 +668,9 @@ export function PaceAppLayout({
           .filter(({ hasAccess }) => hasAccess)
           .map(({ item }) => item);
+        // SECURITY: Never show all items if permission check fails - this would be a security risk
+        // If all items are filtered out, it means the user doesn't have permission to see any navigation
+        // This is the correct behavior - better to show nothing than show unauthorized items
         setFilteredMenuItems(accessibleItems);
       } catch (error) {
         // On error, fall back to showing all items (graceful degradation)
@@ -679,7 +687,7 @@ export function PaceAppLayout({
     return () => {
       isMounted = false;
     };
-  }, [baseMenuItems, pageIdMapping, routePermissions, defaultPermission, can, user?.id, scope, scopeLoading, contextAppId, resolvedScope?.appId]);
+  }, [baseMenuItems, pageIdMapping, routePermissions, defaultPermission, can, user?.id, scope, scopeLoading, contextAppId, resolvedScope?.appId, selectedOrganisation?.id]);
   // NEW: Phase 2 - Enhanced Routing Features
   // Check route access for role-based routing
@@ -883,6 +891,7 @@ export function PaceAppLayout({
           }
         }}
         showEventSelector={showEventSelector}
+        showOrgSelector={showOrgSelector}
         showUserMenu={showUserMenu}
         className={headerClassName || "sticky top-0 z-[40] w-full"}
       />

package/src/components/PaceAppLayout/README.md CHANGED Viewed

@@ -17,6 +17,7 @@ A comprehensive application layout component that provides a consistent structur
 - Flexible content area
 - Branding support
 - **Event selector control** - can be hidden for non-event applications
+- **Organisation selector control** - can be shown for multi-organisation applications
 - **Header customization** - custom logo, actions, user menu, and styling
 - **Clickable logo** - logo automatically routes to dashboard page (configurable)
@@ -27,6 +28,7 @@ A comprehensive application layout component that provides a consistent structur
 | `appName` | `string` | required | The name of the application to be displayed in the header |
 | `navItems` | `NavigationItem[]` | optional | Navigation items for the header menu. If not provided, uses default navigation |
 | `showEventSelector` | `boolean` | `true` | Show/hide event selector in the header |
+| `showOrgSelector` | `boolean` | `false` | Show/hide organisation selector in the header |
 | `headerActions` | `React.ReactNode` | optional | Custom actions to display in the header (between event selector and user menu) |
 | `customLogo` | `React.ReactNode` | optional | Custom logo component (overrides default logo) |
 | `logoHref` | `string` | `'/dashboard'` | URL to navigate to when logo is clicked (e.g., '/dashboard', '/home') |
@@ -243,6 +245,13 @@ function App() {
 - Single-tenant applications
 - Administrative dashboards that don't depend on events
+### Show Organisation Selector (`showOrgSelector={true}`)
+- Multi-organisation applications
+- Apps where users need to switch between organisations
+- Organisation management tools
+- Multi-tenant applications with organisation context
+- Apps requiring organisation-scoped data access
 ### Custom Header Components
 - Applications requiring custom branding
 - Apps with specific header actions (search, notifications, etc.)

package/src/components/ProtectedRoute/ProtectedRoute.test.tsx CHANGED Viewed

@@ -83,6 +83,7 @@ describe('ProtectedRoute Component', () => {
   const defaultAuthState = {
     isAuthenticated: true,
     authLoading: false,
+    isLoading: false, // Combined loading state used by component
   };
   const defaultSessionState = {
@@ -142,7 +143,7 @@ describe('ProtectedRoute Component', () => {
       expect(screen.queryByTestId('navigate')).not.toBeInTheDocument();
     });
-    it('renders outlet when events exist but none selected (allows event selector visibility)', () => {
+    it('renders outlet when events exist but none selected (allows event selector visibility)', async () => {
       const consoleDebugSpy = vi.spyOn(console, 'debug').mockImplementation(() => {});
       mockUseEvents.mockReturnValue({
@@ -151,12 +152,25 @@ describe('ProtectedRoute Component', () => {
         isLoading: false,
       });
-      renderWithProviders(<ProtectedRoute />);
+      // Wait for logger to be configured
+      await import('../../utils/core/logger').then(({ Logger, LogLevel }) => {
+        Logger.configure({
+          level: LogLevel.DEBUG,
+          includeTimestamp: false,
+          includeComponent: true,
+        });
+      });
+      renderWithProviders(<ProtectedRoute requireEvent={true} />);
       expect(screen.getByTestId('outlet')).toBeInTheDocument();
-      expect(consoleDebugSpy).toHaveBeenCalledWith(
-        expect.stringContaining('[DEBUG] [ProtectedRoute] Events available but none selected - allowing render so selector is visible')
-      );
+      // Wait a bit for the logger to be called (it's called during render)
+      await waitFor(() => {
+        expect(consoleDebugSpy).toHaveBeenCalledWith(
+          expect.stringContaining('[DEBUG] [ProtectedRoute] Events available but none selected - allowing render so selector is visible')
+        );
+      }, { timeout: 1000 });
     });
     it('renders session restoration loader when session is restoring', () => {
@@ -178,6 +192,7 @@ describe('ProtectedRoute Component', () => {
       mockUseUnifiedAuth.mockReturnValue({
         isAuthenticated: false,
         authLoading: true,
+        isLoading: true, // Component uses isLoading, not authLoading
       });
       renderWithProviders(<ProtectedRoute />);
@@ -193,6 +208,7 @@ describe('ProtectedRoute Component', () => {
       mockUseUnifiedAuth.mockReturnValue({
         isAuthenticated: false,
         authLoading: true,
+        isLoading: true, // Component uses isLoading, not authLoading
       });
       renderWithProviders(<ProtectedRoute loadingFallback={customLoader} />);
@@ -207,6 +223,7 @@ describe('ProtectedRoute Component', () => {
       mockUseUnifiedAuth.mockReturnValue({
         isAuthenticated: false,
         authLoading: false,
+        isLoading: false,
       });
       renderWithProviders(<ProtectedRoute />);
@@ -222,6 +239,7 @@ describe('ProtectedRoute Component', () => {
       mockUseUnifiedAuth.mockReturnValue({
         isAuthenticated: false,
         authLoading: false,
+        isLoading: false,
       });
       renderWithProviders(<ProtectedRoute loginPath="/custom-login" />);
@@ -234,6 +252,7 @@ describe('ProtectedRoute Component', () => {
       mockUseUnifiedAuth.mockReturnValue({
         isAuthenticated: false,
         authLoading: false,
+        isLoading: false,
       });
       renderWithProviders(<ProtectedRoute />);
@@ -248,6 +267,7 @@ describe('ProtectedRoute Component', () => {
       mockUseUnifiedAuth.mockReturnValue({
         isAuthenticated: false,
         authLoading: false,
+        isLoading: false,
       });
       mockUseSessionRestoration.mockReturnValue({
@@ -273,6 +293,7 @@ describe('ProtectedRoute Component', () => {
       mockUseUnifiedAuth.mockReturnValue({
         isAuthenticated: false,
         authLoading: false,
+        isLoading: false,
       });
       mockUseSessionRestoration.mockReturnValue({
@@ -328,6 +349,7 @@ describe('ProtectedRoute Component', () => {
       mockUseUnifiedAuth.mockReturnValue({
         isAuthenticated: false,
         authLoading: true,
+        isLoading: true,
       });
       mockUseSessionRestoration.mockReturnValue({
@@ -347,6 +369,7 @@ describe('ProtectedRoute Component', () => {
       mockUseUnifiedAuth.mockReturnValue({
         isAuthenticated: false,
         authLoading: true,
+        isLoading: true,
       });
       mockUseSessionRestoration.mockReturnValue({
@@ -508,6 +531,7 @@ describe('ProtectedRoute Component', () => {
       mockUseUnifiedAuth.mockReturnValue({
         isAuthenticated: true,
         authLoading: false,
+        isLoading: false,
       });
       mockUseSessionRestoration.mockReturnValue({
@@ -527,6 +551,7 @@ describe('ProtectedRoute Component', () => {
       mockUseUnifiedAuth.mockReturnValue({
         isAuthenticated: true,
         authLoading: false,
+        isLoading: false,
       });
       mockUseSessionRestoration.mockReturnValue({
@@ -546,6 +571,7 @@ describe('ProtectedRoute Component', () => {
       mockUseUnifiedAuth.mockReturnValue({
         isAuthenticated: true,
         authLoading: true,
+        isLoading: true,
       });
       mockUseEvents.mockReturnValue({
@@ -576,7 +602,7 @@ describe('ProtectedRoute Component', () => {
   });
   describe('Props Configuration', () => {
-    it('defaults requireEvent to true when not provided', () => {
+    it('defaults requireEvent to false when not provided', () => {
       mockUseEvents.mockReturnValue({
         selectedEvent: null,
         events: [],
@@ -585,8 +611,8 @@ describe('ProtectedRoute Component', () => {
       renderWithProviders(<ProtectedRoute />);
-      // Should show no events error since requireEvent defaults to true
-      expect(screen.getByTestId('alert')).toBeInTheDocument();
+      // Should render outlet since requireEvent defaults to false
+      expect(screen.getByTestId('outlet')).toBeInTheDocument();
     });
     it('respects requireEvent prop when set to false', () => {
@@ -607,6 +633,7 @@ describe('ProtectedRoute Component', () => {
       mockUseUnifiedAuth.mockReturnValue({
         isAuthenticated: false,
         authLoading: false,
+        isLoading: false,
       });
       renderWithProviders(<ProtectedRoute />);
@@ -619,6 +646,7 @@ describe('ProtectedRoute Component', () => {
       mockUseUnifiedAuth.mockReturnValue({
         isAuthenticated: false,
         authLoading: false,
+        isLoading: false,
       });
       renderWithProviders(<ProtectedRoute loginPath="/auth/login" />);
@@ -633,6 +661,7 @@ describe('ProtectedRoute Component', () => {
       mockUseUnifiedAuth.mockReturnValue({
         isAuthenticated: false,
         authLoading: true,
+        isLoading: true,
       });
       renderWithProviders(<ProtectedRoute />);

package/src/components/ProtectedRoute/ProtectedRoute.tsx CHANGED Viewed

@@ -68,7 +68,7 @@
  * - LoadingSpinner - Loading state UI
  */
-import React, { useMemo } from 'react';
+import React, { useMemo, useEffect, useRef, useState } from 'react';
 import { Navigate, Outlet } from 'react-router-dom';
 import { useUnifiedAuth } from '../../providers/services/UnifiedAuthProvider';
 import { useSessionRestoration } from '../../hooks/useSessionRestoration';
@@ -77,6 +77,7 @@ import { LoadingSpinner } from '../LoadingSpinner/LoadingSpinner';
 import { SessionRestorationLoader } from '../SessionRestorationLoader';
 import { Alert, AlertDescription, AlertTitle } from '../Alert/Alert';
 import { logger } from '../../utils/core/logger';
+import { usePreventTabReload } from '../../hooks/usePreventTabReload';
 export interface ProtectedRouteProps {
   /**
@@ -131,16 +132,113 @@ export interface ProtectedRouteProps {
  * @returns React element with route protection logic
  */
 export function ProtectedRoute({
-  requireEvent = true,
+  requireEvent = false,
   allowSuperAdminBypass = false,
   noEventsFallback,
   loadingFallback,
   loginPath = '/login'
 }: ProtectedRouteProps) {
-  const { isAuthenticated, authLoading } = useUnifiedAuth();
-  const { selectedEvent, events, isLoading: eventLoading } = useEvents();
+  const { isAuthenticated, isLoading } = useUnifiedAuth();
+  // Always call useEvents() - UnifiedAuthProvider always includes EventServiceProvider
+  // Only use the values when requireEvent is true
+  const eventsContext = useEvents();
+  const selectedEvent = requireEvent ? eventsContext.selectedEvent : null;
+  const events = requireEvent ? (eventsContext.events || []) : [];
+  const eventLoading = requireEvent ? (eventsContext.isLoading || false) : false;
   const sessionRestoration = useSessionRestoration();
+  // Prevent full page reloads when switching tabs (handles bfcache and visibility changes)
+  usePreventTabReload({ enabled: true, gracePeriodMs: 2000 });
+  // Track if user was previously authenticated to prevent redirects during session refresh
+  const wasAuthenticatedRef = useRef(false);
+  const [shouldRedirect, setShouldRedirect] = useState(false);
+  const tabJustBecameVisibleRef = useRef(false);
+  // Track authentication state to detect when user was previously logged in
+  useEffect(() => {
+    if (isAuthenticated) {
+      wasAuthenticatedRef.current = true;
+      setShouldRedirect(false);
+      tabJustBecameVisibleRef.current = false; // Clear visibility flag when authenticated
+    }
+  }, [isAuthenticated]);
+  // Handle tab visibility changes - prevent immediate redirects when tab becomes visible
+  // This prevents the page from refreshing when switching back to the tab
+  useEffect(() => {
+    if (typeof document === 'undefined') return;
+    let timeoutId: ReturnType<typeof setTimeout> | null = null;
+    let wasHidden = document.hidden;
+    const handleVisibilityChange = () => {
+      const isNowVisible = !document.hidden;
+      // When tab becomes visible, immediately prevent redirects and give session refresh time
+      if (isNowVisible && wasHidden) {
+        // Tab just became visible - immediately prevent redirects
+        if (!isAuthenticated && wasAuthenticatedRef.current) {
+          tabJustBecameVisibleRef.current = true;
+          setShouldRedirect(false); // Immediately clear redirect flag
+          // Clear any existing timeout
+          if (timeoutId) {
+            clearTimeout(timeoutId);
+          }
+          // Wait a bit to see if session refresh completes
+          timeoutId = setTimeout(() => {
+            // Only allow redirect if still not authenticated after delay
+            tabJustBecameVisibleRef.current = false;
+            // Use a function to get the latest state
+            setShouldRedirect((prev) => {
+              // Only set to true if we're still not authenticated
+              // This will be checked again in the render logic
+              return prev;
+            });
+          }, 2000); // 2 second grace period for session refresh
+        }
+      } else if (!isNowVisible) {
+        // Tab became hidden - clear the visibility flag
+        tabJustBecameVisibleRef.current = false;
+        if (timeoutId) {
+          clearTimeout(timeoutId);
+          timeoutId = null;
+        }
+      }
+      wasHidden = !isNowVisible;
+    };
+    // Check initial state - if tab is visible and user appears logged out, give grace period
+    if (!document.hidden && !isAuthenticated && wasAuthenticatedRef.current) {
+      tabJustBecameVisibleRef.current = true;
+      setShouldRedirect(false);
+      timeoutId = setTimeout(() => {
+        tabJustBecameVisibleRef.current = false;
+      }, 2000);
+    }
+    document.addEventListener('visibilitychange', handleVisibilityChange);
+    return () => {
+      document.removeEventListener('visibilitychange', handleVisibilityChange);
+      if (timeoutId) {
+        clearTimeout(timeoutId);
+      }
+    };
+  }, [isAuthenticated]);
+  // Reset redirect flag when authenticated
+  useEffect(() => {
+    if (isAuthenticated) {
+      setShouldRedirect(false);
+      tabJustBecameVisibleRef.current = false;
+    }
+  }, [isAuthenticated]);
   const isRestoringSession = useMemo(() => {
     return sessionRestoration.isRestoring &&
       !sessionRestoration.restorationComplete &&
@@ -165,7 +263,8 @@ export function ProtectedRoute({
   }
   // Show loading state while auth is being determined (but not organisation/event loading)
-  if (authLoading && !sessionRestoration.hasTimedOut) {
+  // Use isLoading (combined loading state) for consistency with simpler implementations
+  if (isLoading && !sessionRestoration.hasTimedOut) {
     return loadingFallback || (
       <div style={{ display: 'flex', justifyContent: 'center', alignItems: 'center', height: '100vh' }}>
         <LoadingSpinner />
@@ -174,13 +273,55 @@ export function ProtectedRoute({
   }
   // Redirect to login if not authenticated
+  // Priority order:
+  // 1. If session restoration has timed out or errored → redirect immediately (even if loading)
+  // 2. If user was never authenticated → redirect immediately (even if loading)
+  // 3. If tab just became visible → show loading (prevent redirect during grace period)
+  // 4. If we've confirmed they should redirect (after visibility change grace period) → redirect
+  // 5. Otherwise, if loading → show loading spinner (session might be refreshing)
+  // 6. Otherwise → redirect (user is not authenticated and not loading)
   if (!isAuthenticated) {
+    // Session restoration timeout/error always redirects immediately
     if (sessionRestoration.hasTimedOut || sessionRestoration.restorationError) {
       logger.warn('ProtectedRoute', 'Session restoration failed, redirecting to login', {
         timedOut: sessionRestoration.hasTimedOut,
         error: sessionRestoration.restorationError?.message
       });
+      return <Navigate to={loginPath} replace />;
+    }
+    // User was never authenticated → redirect immediately
+    if (!wasAuthenticatedRef.current) {
+      return <Navigate to={loginPath} replace />;
+    }
+    // Tab just became visible - show loading to prevent redirect during grace period
+    // Also check document visibility state directly as a fallback
+    const isTabVisible = typeof document !== 'undefined' && !document.hidden;
+    if (tabJustBecameVisibleRef.current || (isTabVisible && wasAuthenticatedRef.current && isLoading)) {
+      return loadingFallback || (
+        <div style={{ display: 'flex', justifyContent: 'center', alignItems: 'center', height: '100vh' }}>
+          <LoadingSpinner />
+        </div>
+      );
     }
+    // We've confirmed redirect after grace period → redirect
+    if (shouldRedirect) {
+      return <Navigate to={loginPath} replace />;
+    }
+    // User was authenticated before but now appears logged out
+    // Show loading state while we wait for session refresh (unless we're not loading)
+    if (isLoading) {
+      return loadingFallback || (
+        <div style={{ display: 'flex', justifyContent: 'center', alignItems: 'center', height: '100vh' }}>
+          <LoadingSpinner />
+        </div>
+      );
+    }
+    // Not loading and not authenticated → redirect
     return <Navigate to={loginPath} replace />;
   }

package/src/components/index.ts CHANGED Viewed

@@ -126,6 +126,14 @@ export type { TabsProps, TabsListProps, TabsTriggerProps, TabsContentProps } fro
 export { Calendar } from './Calendar';
 export type { CalendarProps } from './Calendar';
+// DateTimeField exports
+export { DateTimeField } from './DateTimeField';
+export type { DateTimeFieldProps } from './DateTimeField';
+// DatePickerWithTimezone exports
+export { DatePickerWithTimezone } from './DatePickerWithTimezone';
+export type { DatePickerWithTimezoneProps } from './DatePickerWithTimezone';
 // Toast exports
 export {
   Toast,