@jmruthers/pace-core 0.5.185 → 0.5.187

package/src/rbac/request-deduplication.ts

@@ -0,0 +1,87 @@
+/**
+ * Request Deduplication for RBAC Permission Checks
+ * @package @jmruthers/pace-core
+ * @module RBAC/RequestDeduplication
+ * @since 2.0.0
+ * 
+ * This module provides request deduplication to prevent multiple identical
+ * permission checks from being made simultaneously. When multiple components
+ * request the same permission at the same time, they share the same promise.
+ */
+
+import { PermissionCheck } from './types';
+import { RBACCache } from './cache';
+
+/**
+ * Map of in-flight permission check requests
+ * Key: cache key string, Value: Promise<boolean>
+ */
+const inFlightRequests = new Map<string, Promise<boolean>>();
+
+/**
+ * Generate a deduplication key from permission check input
+ * 
+ * @param input - Permission check input
+ * @returns Deduplication key string
+ */
+function generateDeduplicationKey(input: PermissionCheck): string {
+  return RBACCache.generatePermissionKey({
+    userId: input.userId,
+    organisationId: input.scope.organisationId!,
+    eventId: input.scope.eventId,
+    appId: input.scope.appId,
+    permission: input.permission,
+    pageId: input.pageId,
+  });
+}
+
+/**
+ * Get or create a deduplicated permission check request
+ * 
+ * If a request for the same permission is already in-flight, returns the existing promise.
+ * Otherwise, creates a new request and tracks it.
+ * 
+ * @param input - Permission check input
+ * @param checkFn - Function to perform the actual permission check
+ * @returns Promise resolving to permission result
+ */
+export async function getOrCreateRequest(
+  input: PermissionCheck,
+  checkFn: (input: PermissionCheck) => Promise<boolean>
+): Promise<boolean> {
+  const key = generateDeduplicationKey(input);
+  
+  // Check if request is already in-flight
+  const existingRequest = inFlightRequests.get(key);
+  if (existingRequest) {
+    return existingRequest;
+  }
+  
+  // Create new request
+  const requestPromise = checkFn(input).finally(() => {
+    // Clean up when request completes (success or failure)
+    inFlightRequests.delete(key);
+  });
+  
+  // Track the request
+  inFlightRequests.set(key, requestPromise);
+  
+  return requestPromise;
+}
+
+/**
+ * Clear all in-flight requests (useful for testing or cleanup)
+ */
+export function clearInFlightRequests(): void {
+  inFlightRequests.clear();
+}
+
+/**
+ * Get count of in-flight requests (useful for monitoring)
+ * 
+ * @returns Number of in-flight requests
+ */
+export function getInFlightRequestCount(): number {
+  return inFlightRequests.size;
+}
+

package/src/rbac/utils/deep-equal.ts

@@ -0,0 +1,93 @@
+/**
+ * Deep equality check utility for RBAC
+ * @package @jmruthers/pace-core
+ * @module RBAC/Utils/DeepEqual
+ * @since 2.0.0
+ * 
+ * Provides deep equality checking for scope objects and other RBAC data structures.
+ */
+
+import { Scope } from '../types';
+
+/**
+ * Deep equality check for two values
+ * 
+ * @param a - First value
+ * @param b - Second value
+ * @returns True if values are deeply equal
+ */
+export function deepEqual(a: unknown, b: unknown): boolean {
+  if (a === b) {
+    return true;
+  }
+
+  if (a == null || b == null) {
+    return a === b;
+  }
+
+  if (typeof a !== typeof b) {
+    return false;
+  }
+
+  if (typeof a !== 'object') {
+    return false;
+  }
+
+  if (Array.isArray(a) !== Array.isArray(b)) {
+    return false;
+  }
+
+  if (Array.isArray(a) && Array.isArray(b)) {
+    if (a.length !== b.length) {
+      return false;
+    }
+    for (let i = 0; i < a.length; i++) {
+      if (!deepEqual(a[i], b[i])) {
+        return false;
+      }
+    }
+    return true;
+  }
+
+  const keysA = Object.keys(a as Record<string, unknown>);
+  const keysB = Object.keys(b as Record<string, unknown>);
+
+  if (keysA.length !== keysB.length) {
+    return false;
+  }
+
+  for (const key of keysA) {
+    if (!keysB.includes(key)) {
+      return false;
+    }
+    if (!deepEqual((a as Record<string, unknown>)[key], (b as Record<string, unknown>)[key])) {
+      return false;
+    }
+  }
+
+  return true;
+}
+
+/**
+ * Deep equality check for Scope objects
+ * 
+ * @param a - First scope
+ * @param b - Second scope
+ * @returns True if scopes are deeply equal
+ */
+export function scopeEqual(a: Scope | null | undefined, b: Scope | null | undefined): boolean {
+  if (a === b) {
+    return true;
+  }
+
+  if (a == null || b == null) {
+    return a === b;
+  }
+
+  return (
+    a.organisationId === b.organisationId &&
+    a.eventId === b.eventId &&
+    a.appId === b.appId
+  );
+}
+

package/src/styles/core.css

@@ -240,14 +240,14 @@
   /* Custom utility styles go here */
   
   
-  /* Hide spinner arrows on number inputs in DataTable */
-  .datatable-number-no-spinners::-webkit-inner-spin-button,
-  .datatable-number-no-spinners::-webkit-outer-spin-button {
+  /* Hide spinner arrows on all number inputs (modern UX convention) */
+  input[type="number"]::-webkit-inner-spin-button,
+  input[type="number"]::-webkit-outer-spin-button {
     -webkit-appearance: none;
     margin: 0;
   }
-  
-  .datatable-number-no-spinners {
+
+  input[type="number"] {
     -moz-appearance: textfield;
   }
 }

package/src/types/database.generated.ts

@@ -3320,13 +3320,13 @@ export type Database = {
           },
         ]
       }
-      pace_id_documents: {
+      pace_identification: {
         Row: {
           created_at: string | null
           document_number: string | null
-          document_type: string
           expiry_date: string | null
           id: string
+          identification_type_id: number | null
           issue_city: string | null
           issue_country: string | null
           issue_date: string | null
@@ -3339,9 +3339,9 @@ export type Database = {
         Insert: {
           created_at?: string | null
           document_number?: string | null
-          document_type: string
           expiry_date?: string | null
           id?: string
+          identification_type_id?: number | null
           issue_city?: string | null
           issue_country?: string | null
           issue_date?: string | null
@@ -3354,9 +3354,9 @@ export type Database = {
         Update: {
           created_at?: string | null
           document_number?: string | null
-          document_type?: string
           expiry_date?: string | null
           id?: string
+          identification_type_id?: number | null
           issue_city?: string | null
           issue_country?: string | null
           issue_date?: string | null
@@ -3368,14 +3368,21 @@ export type Database = {
         }
         Relationships: [
           {
-            foreignKeyName: "fk_pace_id_documents_organisation_id"
+            foreignKeyName: "fk_pace_identification_organisation_id"
             columns: ["organisation_id"]
             isOneToOne: false
             referencedRelation: "organisations"
             referencedColumns: ["id"]
           },
           {
-            foreignKeyName: "identification_documents_member_id_fkey"
+            foreignKeyName: "fk_pace_identification_type_id"
+            columns: ["identification_type_id"]
+            isOneToOne: false
+            referencedRelation: "pace_identification_type"
+            referencedColumns: ["id"]
+          },
+          {
+            foreignKeyName: "pace_identification_member_id_fkey"
             columns: ["member_id"]
             isOneToOne: false
             referencedRelation: "pace_member"
@@ -3383,6 +3390,53 @@ export type Database = {
           },
         ]
       }
+      pace_identification_type: {
+        Row: {
+          created_at: string | null
+          created_by: string | null
+          description: string | null
+          id: number
+          is_active: boolean | null
+          name: string
+          organisation_id: string
+          sort_order: number | null
+          updated_at: string | null
+          updated_by: string | null
+        }
+        Insert: {
+          created_at?: string | null
+          created_by?: string | null
+          description?: string | null
+          id?: never
+          is_active?: boolean | null
+          name: string
+          organisation_id: string
+          sort_order?: number | null
+          updated_at?: string | null
+          updated_by?: string | null
+        }
+        Update: {
+          created_at?: string | null
+          created_by?: string | null
+          description?: string | null
+          id?: never
+          is_active?: boolean | null
+          name?: string
+          organisation_id?: string
+          sort_order?: number | null
+          updated_at?: string | null
+          updated_by?: string | null
+        }
+        Relationships: [
+          {
+            foreignKeyName: "pace_identification_type_organisation_id_fkey"
+            columns: ["organisation_id"]
+            isOneToOne: false
+            referencedRelation: "organisations"
+            referencedColumns: ["id"]
+          },
+        ]
+      }
       pace_member: {
         Row: {
           address_id: string | null
@@ -3858,7 +3912,7 @@ export type Database = {
           },
         ]
       }
-      pace_qualifications: {
+      pace_qualification: {
         Row: {
           created_at: string | null
           credential_id: string | null
@@ -3900,14 +3954,14 @@ export type Database = {
         }
         Relationships: [
           {
-            foreignKeyName: "fk_pace_qualifications_organisation_id"
+            foreignKeyName: "fk_pace_qualification_organisation_id"
             columns: ["organisation_id"]
             isOneToOne: false
             referencedRelation: "organisations"
             referencedColumns: ["id"]
           },
           {
-            foreignKeyName: "qualifications_member_id_fkey"
+            foreignKeyName: "pace_qualification_member_id_fkey"
             columns: ["member_id"]
             isOneToOne: false
             referencedRelation: "pace_member"

package/src/types/file-reference.ts

@@ -55,6 +55,7 @@ export enum FileCategory {
  * Options for uploading a file with a file reference
  * @property pageContext - The page context where the file upload occurs (e.g., 'configuration', 'forms', 'applications')
  *                          Used for context-aware permission checks. Required to check appropriate page-level permissions.
+ * @property event_id - Optional event ID for event-scoped permission checks. Required for event-based apps.
  */
 export interface FileUploadOptions {
   table_name: string;
@@ -62,7 +63,9 @@ export interface FileUploadOptions {
   organisation_id: string;
   app_id: AppId;
   category: FileCategory;
+  folder: string; // Folder name in storage bucket (e.g., 'profile_photos', 'documents')
   pageContext: string;
+  event_id?: string;
   is_public?: boolean;
   custom_metadata?: Record<string, unknown>;
 }
@@ -84,7 +87,6 @@ export interface FileReferenceService {
 
 export interface StorageUploadOptions {
   orgId: string;
-  category: FileCategory;
   isPublic?: boolean;
   customPath?: string;
 }

package/src/utils/file-reference/__tests__/file-reference.test.ts

@@ -50,6 +50,7 @@ const mockFileUploadOptions = {
   organisation_id: 'test-org-123',
   app_id: 'test-app-123',
   category: FileCategory.GENERAL_DOCUMENTS,
+  folder: 'documents',
   pageContext: 'configuration',
   is_public: false
 };
@@ -105,7 +106,7 @@ describe('[service] FileReferenceServiceImpl', () => {
         testFile,
         expect.objectContaining({
           orgId: mockFileUploadOptions.organisation_id,
-          customPath: mockFileUploadOptions.category,
+          customPath: mockFileUploadOptions.folder,
           isPublic: mockFileUploadOptions.is_public
         })
       );
@@ -448,9 +449,22 @@ describe('[service] FileReferenceServiceImpl', () => {
     });
 
     it('lists all file references for record', async () => {
-      const mockFiles = [mockFileReference];
-      mockSupabase.rpc.mockResolvedValue({ data: [{ id: 'file-ref-123' }], error: null });
-      (mockSupabase.from() as any).in.mockResolvedValue({ data: mockFiles, error: null });
+      // Mock RPC to return full data structure (as per new implementation)
+      // RPC returns: id, file_path, file_metadata, is_public, created_at
+      // The code constructs FileReference objects from this RPC response
+      mockSupabase.rpc.mockResolvedValue({ 
+        data: [{
+          id: 'file-ref-123',
+          file_path: mockFileReference.file_path,
+          file_metadata: {
+            ...mockFileReference.file_metadata,
+            app_id: mockFileReference.app_id // Include app_id in metadata for proper construction
+          },
+          is_public: mockFileReference.is_public,
+          created_at: mockFileReference.created_at
+        }], 
+        error: null 
+      });
       
       const result = await service.listFileReferences(
         'test_table',
@@ -458,7 +472,21 @@ describe('[service] FileReferenceServiceImpl', () => {
         'test-org-123'
       );
       
-      expect(result).toEqual(mockFiles);
+      // Verify result has correct structure (constructed from RPC response)
+      expect(result).toHaveLength(1);
+      expect(result[0].id).toBe('file-ref-123');
+      expect(result[0].table_name).toBe('test_table');
+      expect(result[0].record_id).toBe('test-record-123');
+      expect(result[0].organisation_id).toBe('test-org-123');
+      expect(result[0].file_path).toBe(mockFileReference.file_path);
+      // file_metadata: code extracts fileName and fileType from file_path, then spreads item.file_metadata
+      // Since item.file_metadata has fileName: 'test-document.pdf' and fileType: 'application/pdf',
+      // the spread overwrites the extracted values
+      // So we expect the metadata's values, not the extracted ones
+      expect(result[0].file_metadata.fileName).toBe('test-document.pdf');
+      expect(result[0].file_metadata.fileType).toBe('application/pdf');
+      expect(result[0].is_public).toBe(mockFileReference.is_public);
+      expect(result[0].app_id).toBe(mockFileReference.app_id);
     });
   });
 
@@ -757,22 +785,75 @@ describe('[utility] createFileReferenceService', () => {
 describe('[utility] uploadFileWithReference', () => {
   it('uploads file and creates reference successfully', async () => {
     const testFile = createTestFile();
+    
+    // Mock successful RPC call that returns file reference ID
+    mockSupabase.rpc.mockResolvedValue({
+      data: 'file-ref-123',
+      error: null
+    });
+
+    // Mock successful file reference fetch - using the same pattern as other tests
+    (mockSupabase.from() as any).select().eq().eq().eq().single.mockResolvedValue({
+      data: mockFileReference,
+      error: null
+    });
+
+    // Mock storage signed URL generation
+    mockSupabase.storage = {
+      from: vi.fn().mockReturnValue({
+        createSignedUrl: vi.fn().mockResolvedValue({
+          data: { signedUrl: 'https://example.com/signed-url' },
+          error: null
+        })
+      })
+    } as any;
+
     const result = await uploadFileWithReference(mockSupabase, mockFileUploadOptions, testFile);
     expect(result).toHaveProperty('file_reference');
     expect('file_url' in result).toBe(true);
   });
 
   it('handles upload failures gracefully', async () => {
-    // This path is covered by service tests; here just ensure function returns structured result on success path
+    // Mock upload failure
+    mockUploadFile.mockResolvedValue({
+      success: false,
+      error: 'Upload failed'
+    });
+
     const testFile = createTestFile();
-    const result = await uploadFileWithReference(mockSupabase, mockFileUploadOptions, testFile);
-    expect(result).toHaveProperty('file_reference');
+    await expect(uploadFileWithReference(mockSupabase, mockFileUploadOptions, testFile))
+      .rejects.toThrow('Upload failed');
   });
 
   it('handles URL generation failures gracefully', async () => {
     const testFile = createTestFile();
+    
+    // Mock successful RPC call
+    mockSupabase.rpc.mockResolvedValue({
+      data: 'file-ref-123',
+      error: null
+    });
+
+    // Mock successful file reference fetch
+    (mockSupabase.from() as any).select().eq().eq().eq().single.mockResolvedValue({
+      data: mockFileReference,
+      error: null
+    });
+    
+    // Mock storage to fail on signed URL generation
+    mockSupabase.storage = {
+      from: vi.fn().mockReturnValue({
+        createSignedUrl: vi.fn().mockResolvedValue({
+          data: null,
+          error: { message: 'URL generation failed' }
+        })
+      })
+    } as any;
+
     const result = await uploadFileWithReference(mockSupabase, mockFileUploadOptions, testFile);
     expect(result).toHaveProperty('file_reference');
+    // URL should be empty string when generation fails
+    expect(result.file_url).toBe('');
   });
 
   it('validates required parameters', async () => {

package/src/utils/file-reference/index.ts

@@ -26,7 +26,7 @@ export class FileReferenceServiceImpl implements FileReferenceService {
    * 
    * Storage Flow:
    * 1. Upload file to storage bucket first (files or public-files based on is_public flag)
-   *    - Path format: {orgId}/{category}/{timestamp-uuid-filename}
+   *    - Path format: {orgId}/{folder}/{timestamp-uuid-filename}
    *    - Bucket selection: 'files' (private) or 'public-files' (public)
    * 2. Extract file metadata (dimensions, hash, etc.)
    * 3. Set organisation context for RLS policies
@@ -48,15 +48,18 @@ export class FileReferenceServiceImpl implements FileReferenceService {
       if (!options.record_id) {
         throw new Error('record_id is required for file upload');
       }
+      if (!options.folder) {
+        throw new Error('folder is required for file upload. The folder prop determines the storage path.');
+      }
 
       // Step 1: Upload file to storage bucket first
-      // This generates a unique path: {orgId}/{category}/{timestamp-uuid-filename}
+      // This generates a unique path: {orgId}/{folder}/{timestamp-uuid-filename}
       // Bucket is automatically selected based on is_public flag
       const uploadResult = await uploadFile(this.supabase, file, {
         appName: 'file-reference',
         orgId: options.organisation_id,
         isPublic: options.is_public || false,
-        customPath: options.category // Use category as the custom path segment
+        customPath: options.folder // Use folder prop as the custom path segment
       });
       if (!uploadResult.success) {
         throw new Error(`Failed to upload file: ${uploadResult.error}`);
@@ -89,6 +92,7 @@ export class FileReferenceServiceImpl implements FileReferenceService {
           p_organisation_id: options.organisation_id,
           p_app_id: options.app_id,
           p_page_context: options.pageContext,
+          p_event_id: options.event_id || null, // Pass event_id for event-based apps
           p_file_metadata: {
             fileName: file.name,
             fileType: file.type,
@@ -106,14 +110,23 @@ export class FileReferenceServiceImpl implements FileReferenceService {
         throw new Error(`Failed to create file reference: ${error.message}`);
       }
 
+      // Check if RPC returned null (permission denied or other failure)
+      if (!data || data === null) {
+        // Clean up the uploaded file since DB insert failed
+        await deleteFile(this.supabase, filePath, options.is_public || false);
+        throw new Error(`File upload denied: insufficient permissions. You need 'create:page.${options.pageContext}' or 'update:page.${options.pageContext}' permission for the '${options.pageContext}' page. Make sure the page exists in rbac_app_pages table.`);
+      }
+
       // Get the created file reference
       const { data: fileRef, error: fetchError } = await this.supabase
         .from('file_references')
-        .select('*')
+        .select('id, table_name, record_id, file_path, file_metadata, organisation_id, app_id, is_public, created_at, updated_at')
         .eq('id', data)
         .single();
 
       if (fetchError || !fileRef) {
+        // Clean up uploaded file if we can't fetch the reference
+        await deleteFile(this.supabase, filePath, options.is_public || false);
         throw new Error(`Failed to fetch created file reference: ${fetchError?.message}`);
       }
 
@@ -136,7 +149,7 @@ export class FileReferenceServiceImpl implements FileReferenceService {
     try {
       const { data, error } = await this.supabase
         .from('file_references')
-        .select('*')
+        .select('id, table_name, record_id, file_path, file_metadata, organisation_id, app_id, is_public, created_at, updated_at')
         .eq('table_name', table_name)
         .eq('record_id', record_id)
         .eq('organisation_id', organisation_id)
@@ -284,24 +297,50 @@ export class FileReferenceServiceImpl implements FileReferenceService {
         throw new Error(`Failed to list file references: ${error.message}`);
       }
 
-      // RPC returns partial data, need to fetch full file references
+      // RPC returns: id, file_path, file_metadata, is_public, created_at
+      // We can construct FileReference objects directly from RPC response + function parameters
+      // This avoids a second query and reduces network requests
       if (!data || data.length === 0) {
         return [];
       }
 
-      // Fetch full file reference data for each ID
-      // RPC returns array of objects with at least an 'id' property
-      const ids = data.map((item: { id: string }) => item.id);
-      const { data: fullData, error: fetchError } = await this.supabase
-        .from('file_references')
-        .select('*')
-        .in('id', ids);
-
-      if (fetchError) {
-        throw new Error(`Failed to fetch file references: ${fetchError.message}`);
+      // Construct FileReference objects from RPC response
+      // This avoids RLS issues with direct queries - the RPC already validated permissions
+      interface RpcFileItem {
+        id: string;
+        file_path: string;
+        file_metadata: { app_id?: string; [key: string]: unknown };
+        is_public?: boolean;
+        created_at?: string;
       }
+      const fileReferences: FileReference[] = data
+        .filter((item: RpcFileItem) => item.id && item.file_path && item.file_metadata)
+        .map((item: RpcFileItem) => {
+          // Extract file name and type from file_path
+          const fileName = item.file_path.split('/').pop() || 'unknown';
+          const fileType = fileName.split('.').pop() || 'unknown';
+          
+          // Construct complete FileReference from RPC response + function parameters
+          const fileRef: FileReference = {
+            id: item.id,
+            table_name: table_name,
+            record_id: record_id,
+            file_path: item.file_path,
+            file_metadata: {
+              fileName,
+              fileType,
+              ...(item.file_metadata || {}),
+            } as FileMetadata,
+            organisation_id: organisation_id,
+            app_id: item.file_metadata?.app_id ? assertAppId(item.file_metadata.app_id) : assertAppId(''), // May not be in metadata, use empty string
+            is_public: item.is_public ?? false,
+            created_at: item.created_at || new Date().toISOString(),
+            updated_at: item.created_at || new Date().toISOString() // RPC doesn't return updated_at, use created_at
+          };
+          return fileRef;
+        });
 
-      return (fullData || []) as FileReference[];
+      return fileReferences;
     } catch (error) {
       log.error('Error listing file references:', error);
       throw error;