npm - @jmruthers/pace-core - Versions diffs - 0.5.188 → 0.5.190 - Mend

@jmruthers/pace-core 0.5.188 → 0.5.190

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (424) hide show

package/core-usage-manifest.json +0 -4
package/dist/{AuthService-B-cd2MA4.d.ts → AuthService-CbP_utw2.d.ts} +7 -3
package/dist/{DataTable-GUFUNZ3N.js → DataTable-ON3IXISJ.js} +8 -8
package/dist/{PublicPageProvider-DrLDztHt.d.ts → PublicPageProvider-C4uxosp6.d.ts} +129 -40
package/dist/{UnifiedAuthProvider-BG0AL5eE.d.ts → UnifiedAuthProvider-BYA9qB-o.d.ts} +4 -3
package/dist/{UnifiedAuthProvider-643PUAIM.js → UnifiedAuthProvider-X5NXANVI.js} +4 -2
package/dist/{api-YP7XD5L6.js → api-I6UCQ5S6.js} +4 -2
package/dist/{chunk-DDM4CCYT.js → chunk-4QYC5L4K.js} +60 -35
package/dist/chunk-4QYC5L4K.js.map +1 -0
package/dist/{chunk-IM4QE42D.js → chunk-73HSNNOQ.js} +141 -326
package/dist/chunk-73HSNNOQ.js.map +1 -0
package/dist/{chunk-YHCN776L.js → chunk-DZWK57KZ.js} +2 -75
package/dist/chunk-DZWK57KZ.js.map +1 -0
package/dist/{chunk-3GOZZZYH.js → chunk-HQVPB5MZ.js} +238 -301
package/dist/chunk-HQVPB5MZ.js.map +1 -0
package/dist/{chunk-THRPYOFK.js → chunk-HW3OVDUF.js} +5 -5
package/dist/chunk-HW3OVDUF.js.map +1 -0
package/dist/{chunk-F2IMUDXZ.js → chunk-I7PSE6JW.js} +75 -2
package/dist/chunk-I7PSE6JW.js.map +1 -0
package/dist/{chunk-VGZZXKBR.js → chunk-J2XXC7R5.js} +280 -52
package/dist/chunk-J2XXC7R5.js.map +1 -0
package/dist/{chunk-UNOTYLQF.js → chunk-NIU6J6OX.js} +772 -725
package/dist/chunk-NIU6J6OX.js.map +1 -0
package/dist/{chunk-HESYZWZW.js → chunk-QWWZ5CAQ.js} +2 -2
package/dist/{chunk-HEHYGYOX.js → chunk-RUYZKXOD.js} +401 -46
package/dist/chunk-RUYZKXOD.js.map +1 -0
package/dist/{chunk-2UUZZJFT.js → chunk-SDMHPX3X.js} +176 -160
package/dist/{chunk-2UUZZJFT.js.map → chunk-SDMHPX3X.js.map} +1 -1
package/dist/{chunk-IPCH26AG.js → chunk-STYK4OH2.js} +11 -11
package/dist/chunk-STYK4OH2.js.map +1 -0
package/dist/{chunk-EFCLXK7F.js → chunk-VVBAW5A5.js} +4201 -3809
package/dist/chunk-VVBAW5A5.js.map +1 -0
package/dist/chunk-Y4BUBBHD.js +614 -0
package/dist/chunk-Y4BUBBHD.js.map +1 -0
package/dist/{chunk-SAUPYVLF.js → chunk-ZSAAAMVR.js} +1 -1
package/dist/chunk-ZSAAAMVR.js.map +1 -0
package/dist/components.d.ts +3 -5
package/dist/components.js +19 -23
package/dist/components.js.map +1 -1
package/dist/eslint-rules/pace-core-compliance.cjs +0 -2
package/dist/{file-reference-D037xOFK.d.ts → file-reference-BavO2eQj.d.ts} +13 -10
package/dist/hooks.d.ts +10 -5
package/dist/hooks.js +14 -8
package/dist/hooks.js.map +1 -1
package/dist/index.d.ts +13 -12
package/dist/index.js +79 -73
package/dist/index.js.map +1 -1
package/dist/providers.d.ts +3 -3
package/dist/providers.js +3 -1
package/dist/rbac/index.d.ts +76 -12
package/dist/rbac/index.js +12 -9
package/dist/types.d.ts +1 -1
package/dist/types.js +1 -1
package/dist/{usePublicRouteParams-CTDELQ7H.d.ts → usePublicRouteParams-DxIDS4bC.d.ts} +16 -9
package/dist/utils.js +16 -16
package/docs/README.md +2 -2
package/docs/api/classes/ColumnFactory.md +1 -1
package/docs/api/classes/ErrorBoundary.md +1 -1
package/docs/api/classes/InvalidScopeError.md +2 -2
package/docs/api/classes/Logger.md +1 -1
package/docs/api/classes/MissingUserContextError.md +2 -2
package/docs/api/classes/OrganisationContextRequiredError.md +1 -1
package/docs/api/classes/PermissionDeniedError.md +1 -1
package/docs/api/classes/RBACAuditManager.md +1 -1
package/docs/api/classes/RBACCache.md +1 -1
package/docs/api/classes/RBACEngine.md +4 -4
package/docs/api/classes/RBACError.md +1 -1
package/docs/api/classes/RBACNotInitializedError.md +2 -2
package/docs/api/classes/SecureSupabaseClient.md +21 -16
package/docs/api/classes/StorageUtils.md +7 -4
package/docs/api/enums/FileCategory.md +1 -1
package/docs/api/enums/LogLevel.md +1 -1
package/docs/api/enums/RBACErrorCode.md +1 -1
package/docs/api/enums/RPCFunction.md +1 -1
package/docs/api/interfaces/AddressFieldProps.md +1 -1
package/docs/api/interfaces/AddressFieldRef.md +1 -1
package/docs/api/interfaces/AggregateConfig.md +1 -1
package/docs/api/interfaces/AutocompleteOptions.md +1 -1
package/docs/api/interfaces/AvatarProps.md +128 -0
package/docs/api/interfaces/BadgeProps.md +1 -1
package/docs/api/interfaces/ButtonProps.md +1 -1
package/docs/api/interfaces/CalendarProps.md +20 -6
package/docs/api/interfaces/CardProps.md +1 -1
package/docs/api/interfaces/ColorPalette.md +1 -1
package/docs/api/interfaces/ColorShade.md +1 -1
package/docs/api/interfaces/ComplianceResult.md +1 -1
package/docs/api/interfaces/DataAccessRecord.md +9 -9
package/docs/api/interfaces/DataRecord.md +1 -1
package/docs/api/interfaces/DataTableAction.md +1 -1
package/docs/api/interfaces/DataTableColumn.md +1 -1
package/docs/api/interfaces/DataTableProps.md +1 -1
package/docs/api/interfaces/DataTableToolbarButton.md +1 -1
package/docs/api/interfaces/DatabaseComplianceResult.md +1 -1
package/docs/api/interfaces/DatabaseIssue.md +1 -1
package/docs/api/interfaces/EmptyStateConfig.md +1 -1
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +1 -1
package/docs/api/interfaces/EventAppRoleData.md +1 -1
package/docs/api/interfaces/ExportColumn.md +1 -1
package/docs/api/interfaces/ExportOptions.md +1 -1
package/docs/api/interfaces/FileDisplayProps.md +62 -16
package/docs/api/interfaces/FileMetadata.md +1 -1
package/docs/api/interfaces/FileReference.md +2 -2
package/docs/api/interfaces/FileSizeLimits.md +1 -1
package/docs/api/interfaces/FileUploadOptions.md +26 -12
package/docs/api/interfaces/FileUploadProps.md +30 -19
package/docs/api/interfaces/FooterProps.md +1 -1
package/docs/api/interfaces/FormFieldProps.md +1 -1
package/docs/api/interfaces/FormProps.md +1 -1
package/docs/api/interfaces/GrantEventAppRoleParams.md +1 -1
package/docs/api/interfaces/InactivityWarningModalProps.md +1 -1
package/docs/api/interfaces/InputProps.md +1 -1
package/docs/api/interfaces/LabelProps.md +1 -1
package/docs/api/interfaces/LoggerConfig.md +1 -1
package/docs/api/interfaces/LoginFormProps.md +1 -1
package/docs/api/interfaces/NavigationAccessRecord.md +10 -10
package/docs/api/interfaces/NavigationContextType.md +9 -9
package/docs/api/interfaces/NavigationGuardProps.md +1 -1
package/docs/api/interfaces/NavigationItem.md +1 -1
package/docs/api/interfaces/NavigationMenuProps.md +1 -1
package/docs/api/interfaces/NavigationProviderProps.md +7 -7
package/docs/api/interfaces/Organisation.md +1 -1
package/docs/api/interfaces/OrganisationContextType.md +1 -1
package/docs/api/interfaces/OrganisationMembership.md +1 -1
package/docs/api/interfaces/OrganisationProviderProps.md +1 -1
package/docs/api/interfaces/OrganisationSecurityError.md +1 -1
package/docs/api/interfaces/PaceAppLayoutProps.md +1 -1
package/docs/api/interfaces/PaceLoginPageProps.md +1 -1
package/docs/api/interfaces/PageAccessRecord.md +8 -8
package/docs/api/interfaces/PagePermissionContextType.md +8 -8
package/docs/api/interfaces/PagePermissionGuardProps.md +1 -1
package/docs/api/interfaces/PagePermissionProviderProps.md +7 -7
package/docs/api/interfaces/PaletteData.md +1 -1
package/docs/api/interfaces/ParsedAddress.md +1 -1
package/docs/api/interfaces/PermissionEnforcerProps.md +1 -1
package/docs/api/interfaces/ProgressProps.md +3 -11
package/docs/api/interfaces/ProtectedRouteProps.md +1 -1
package/docs/api/interfaces/PublicPageFooterProps.md +1 -1
package/docs/api/interfaces/PublicPageHeaderProps.md +1 -1
package/docs/api/interfaces/PublicPageLayoutProps.md +1 -1
package/docs/api/interfaces/QuickFix.md +1 -1
package/docs/api/interfaces/RBACAccessValidateParams.md +1 -1
package/docs/api/interfaces/RBACAccessValidateResult.md +1 -1
package/docs/api/interfaces/RBACAuditLogParams.md +1 -1
package/docs/api/interfaces/RBACAuditLogResult.md +1 -1
package/docs/api/interfaces/RBACConfig.md +1 -1
package/docs/api/interfaces/RBACContext.md +1 -1
package/docs/api/interfaces/RBACLogger.md +1 -1
package/docs/api/interfaces/RBACPageAccessCheckParams.md +1 -1
package/docs/api/interfaces/RBACPerformanceMetrics.md +1 -1
package/docs/api/interfaces/RBACPermissionCheckParams.md +1 -1
package/docs/api/interfaces/RBACPermissionCheckResult.md +1 -1
package/docs/api/interfaces/RBACPermissionsGetParams.md +1 -1
package/docs/api/interfaces/RBACPermissionsGetResult.md +1 -1
package/docs/api/interfaces/RBACResult.md +1 -1
package/docs/api/interfaces/RBACRoleGrantParams.md +1 -1
package/docs/api/interfaces/RBACRoleGrantResult.md +1 -1
package/docs/api/interfaces/RBACRoleRevokeParams.md +1 -1
package/docs/api/interfaces/RBACRoleRevokeResult.md +1 -1
package/docs/api/interfaces/RBACRoleValidateParams.md +1 -1
package/docs/api/interfaces/RBACRoleValidateResult.md +1 -1
package/docs/api/interfaces/RBACRolesListParams.md +1 -1
package/docs/api/interfaces/RBACRolesListResult.md +1 -1
package/docs/api/interfaces/RBACSessionTrackParams.md +1 -1
package/docs/api/interfaces/RBACSessionTrackResult.md +1 -1
package/docs/api/interfaces/ResourcePermissions.md +1 -1
package/docs/api/interfaces/RevokeEventAppRoleParams.md +1 -1
package/docs/api/interfaces/RoleBasedRouterContextType.md +8 -8
package/docs/api/interfaces/RoleBasedRouterProps.md +10 -10
package/docs/api/interfaces/RoleManagementResult.md +1 -1
package/docs/api/interfaces/RouteAccessRecord.md +10 -10
package/docs/api/interfaces/RouteConfig.md +10 -10
package/docs/api/interfaces/RuntimeComplianceResult.md +1 -1
package/docs/api/interfaces/SecureDataContextType.md +9 -9
package/docs/api/interfaces/SecureDataProviderProps.md +8 -8
package/docs/api/interfaces/SessionRestorationLoaderProps.md +1 -1
package/docs/api/interfaces/SetupIssue.md +1 -1
package/docs/api/interfaces/StorageConfig.md +4 -4
package/docs/api/interfaces/StorageFileInfo.md +7 -7
package/docs/api/interfaces/StorageFileMetadata.md +25 -14
package/docs/api/interfaces/StorageListOptions.md +22 -9
package/docs/api/interfaces/StorageListResult.md +4 -4
package/docs/api/interfaces/StorageUploadOptions.md +21 -8
package/docs/api/interfaces/StorageUploadResult.md +6 -6
package/docs/api/interfaces/StorageUrlOptions.md +19 -6
package/docs/api/interfaces/StyleImport.md +1 -1
package/docs/api/interfaces/SwitchProps.md +1 -1
package/docs/api/interfaces/TabsContentProps.md +1 -1
package/docs/api/interfaces/TabsListProps.md +1 -1
package/docs/api/interfaces/TabsProps.md +1 -1
package/docs/api/interfaces/TabsTriggerProps.md +1 -1
package/docs/api/interfaces/TextareaProps.md +1 -1
package/docs/api/interfaces/ToastActionElement.md +1 -1
package/docs/api/interfaces/ToastProps.md +1 -1
package/docs/api/interfaces/UnifiedAuthContextType.md +53 -53
package/docs/api/interfaces/UnifiedAuthProviderProps.md +13 -13
package/docs/api/interfaces/UseFormDialogOptions.md +1 -1
package/docs/api/interfaces/UseFormDialogReturn.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerOptions.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventReturn.md +1 -1
package/docs/api/interfaces/UsePublicFileDisplayOptions.md +1 -1
package/docs/api/interfaces/UsePublicFileDisplayReturn.md +1 -1
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +1 -1
package/docs/api/interfaces/UseResolvedScopeOptions.md +4 -4
package/docs/api/interfaces/UseResolvedScopeReturn.md +4 -4
package/docs/api/interfaces/UseResourcePermissionsOptions.md +1 -1
package/docs/api/interfaces/UserEventAccess.md +11 -11
package/docs/api/interfaces/UserMenuProps.md +1 -1
package/docs/api/interfaces/UserProfile.md +1 -1
package/docs/api/modules.md +155 -135
package/docs/api-reference/components.md +72 -29
package/docs/api-reference/providers.md +2 -2
package/docs/api-reference/rpc-functions.md +1 -0
package/docs/best-practices/README.md +1 -1
package/docs/best-practices/deployment.md +8 -8
package/docs/getting-started/examples/README.md +2 -2
package/docs/getting-started/installation-guide.md +4 -4
package/docs/getting-started/quick-start.md +3 -3
package/docs/migration/MIGRATION_GUIDE.md +3 -3
package/docs/rbac/compliance/compliance-guide.md +2 -2
package/docs/rbac/event-based-apps.md +2 -2
package/docs/rbac/getting-started.md +2 -2
package/docs/rbac/quick-start.md +2 -2
package/docs/security/README.md +4 -4
package/docs/standards/07-rbac-and-rls-standard.md +430 -7
package/docs/troubleshooting/README.md +2 -2
package/docs/troubleshooting/migration.md +3 -3
package/package.json +1 -4
package/scripts/check-pace-core-compliance.cjs +1 -1
package/scripts/check-pace-core-compliance.js +1 -1
package/src/__tests__/fixtures/supabase.ts +301 -0
package/src/__tests__/public-recipe-view.test.ts +9 -9
package/src/__tests__/rls-policies.test.ts +197 -61
package/src/components/AddressField/AddressField.test.tsx +42 -0
package/src/components/AddressField/AddressField.tsx +71 -60
package/src/components/AddressField/README.md +1 -0
package/src/components/Alert/Alert.test.tsx +50 -10
package/src/components/Alert/Alert.tsx +5 -3
package/src/components/Avatar/Avatar.test.tsx +252 -226
package/src/components/Avatar/Avatar.tsx +179 -53
package/src/components/Avatar/index.ts +1 -1
package/src/components/Button/Button.test.tsx +2 -1
package/src/components/Button/Button.tsx +3 -3
package/src/components/Calendar/Calendar.test.tsx +53 -37
package/src/components/Calendar/Calendar.tsx +409 -82
package/src/components/Card/Card.test.tsx +7 -4
package/src/components/Card/Card.tsx +3 -6
package/src/components/Checkbox/Checkbox.tsx +2 -2
package/src/components/DataTable/components/ActionButtons.tsx +5 -5
package/src/components/DataTable/components/BulkOperationsDropdown.tsx +2 -2
package/src/components/DataTable/components/ColumnFilter.tsx +1 -1
package/src/components/DataTable/components/ColumnVisibilityDropdown.tsx +3 -3
package/src/components/DataTable/components/DataTableBody.tsx +12 -12
package/src/components/DataTable/components/DataTableCore.tsx +3 -3
package/src/components/DataTable/components/DataTableToolbar.tsx +5 -5
package/src/components/DataTable/components/DraggableColumnHeader.tsx +3 -3
package/src/components/DataTable/components/EditableRow.tsx +2 -2
package/src/components/DataTable/components/EmptyState.tsx +3 -3
package/src/components/DataTable/components/GroupHeader.tsx +2 -2
package/src/components/DataTable/components/GroupingDropdown.tsx +1 -1
package/src/components/DataTable/components/ImportModal.tsx +4 -4
package/src/components/DataTable/components/LoadingState.tsx +1 -1
package/src/components/DataTable/components/PaginationControls.tsx +11 -11
package/src/components/DataTable/components/UnifiedTableBody.tsx +9 -9
package/src/components/DataTable/components/ViewRowModal.tsx +2 -2
package/src/components/DataTable/components/__tests__/AccessDeniedPage.test.tsx +11 -37
package/src/components/DataTable/components/__tests__/DataTableToolbar.test.tsx +157 -0
package/src/components/DataTable/components/__tests__/LoadingState.test.tsx +2 -1
package/src/components/DataTable/components/__tests__/VirtualizedDataTable.test.tsx +128 -0
package/src/components/DataTable/core/__tests__/ActionManager.test.ts +19 -0
package/src/components/DataTable/core/__tests__/ColumnFactory.test.ts +51 -0
package/src/components/DataTable/core/__tests__/ColumnManager.test.ts +84 -0
package/src/components/DataTable/core/__tests__/DataManager.test.ts +14 -0
package/src/components/DataTable/core/__tests__/DataTableContext.test.tsx +136 -0
package/src/components/DataTable/core/__tests__/LocalDataAdapter.test.ts +16 -0
package/src/components/DataTable/core/__tests__/PluginRegistry.test.ts +18 -0
package/src/components/DataTable/hooks/useDataTablePermissions.ts +28 -7
package/src/components/DataTable/utils/__tests__/hierarchicalUtils.test.ts +30 -1
package/src/components/DataTable/utils/hierarchicalUtils.ts +38 -10
package/src/components/DatePickerWithTimezone/DatePickerWithTimezone.test.tsx +8 -3
package/src/components/DatePickerWithTimezone/DatePickerWithTimezone.tsx +4 -4
package/src/components/Dialog/Dialog.tsx +2 -2
package/src/components/EventSelector/EventSelector.tsx +7 -7
package/src/components/FileDisplay/FileDisplay.tsx +291 -179
package/src/components/FileUpload/FileUpload.tsx +7 -4
package/src/components/Header/Header.test.tsx +28 -0
package/src/components/Header/Header.tsx +22 -9
package/src/components/InactivityWarningModal/InactivityWarningModal.tsx +2 -2
package/src/components/LoadingSpinner/LoadingSpinner.test.tsx +19 -14
package/src/components/LoadingSpinner/LoadingSpinner.tsx +5 -5
package/src/components/NavigationMenu/NavigationMenu.test.tsx +127 -1
package/src/components/OrganisationSelector/OrganisationSelector.tsx +8 -8
package/src/components/PaceAppLayout/PaceAppLayout.integration.test.tsx +4 -0
package/src/components/PaceAppLayout/PaceAppLayout.performance.test.tsx +3 -0
package/src/components/PaceAppLayout/PaceAppLayout.security.test.tsx +3 -0
package/src/components/PaceAppLayout/PaceAppLayout.test.tsx +16 -6
package/src/components/PaceAppLayout/PaceAppLayout.tsx +37 -3
package/src/components/PaceAppLayout/test-setup.tsx +1 -0
package/src/components/PaceLoginPage/PaceLoginPage.test.tsx +66 -45
package/src/components/PaceLoginPage/PaceLoginPage.tsx +6 -4
package/src/components/Progress/Progress.test.tsx +18 -19
package/src/components/Progress/Progress.tsx +31 -32
package/src/components/PublicLayout/PublicLayout.test.tsx +6 -6
package/src/components/PublicLayout/PublicPageProvider.tsx +5 -3
package/src/components/Select/Select.tsx +5 -5
package/src/components/Switch/Switch.test.tsx +2 -1
package/src/components/Switch/Switch.tsx +1 -1
package/src/components/Toast/Toast.tsx +1 -1
package/src/components/Tooltip/Tooltip.test.tsx +8 -2
package/src/components/UserMenu/UserMenu.test.tsx +7 -9
package/src/components/UserMenu/UserMenu.tsx +10 -8
package/src/components/index.ts +2 -1
package/src/eslint-rules/pace-core-compliance.cjs +0 -2
package/src/eslint-rules/pace-core-compliance.js +0 -2
package/src/hooks/__tests__/hooks.integration.test.tsx +4 -1
package/src/hooks/__tests__/useAppConfig.unit.test.ts +76 -5
package/src/hooks/__tests__/useDataTableState.test.ts +76 -0
package/src/hooks/__tests__/useFileUrl.unit.test.ts +25 -69
package/src/hooks/__tests__/useFileUrlCache.test.ts +129 -0
package/src/hooks/__tests__/usePreventTabReload.test.ts +88 -0
package/src/hooks/__tests__/{usePublicEvent.unit.test.ts → usePublicEvent.test.ts} +28 -1
package/src/hooks/__tests__/useQueryCache.test.ts +144 -0
package/src/hooks/__tests__/useSecureDataAccess.unit.test.tsx +58 -16
package/src/hooks/index.ts +1 -1
package/src/hooks/public/usePublicEvent.ts +2 -2
package/src/hooks/public/usePublicFileDisplay.ts +173 -87
package/src/hooks/useAppConfig.ts +24 -5
package/src/hooks/useFileDisplay.ts +297 -34
package/src/hooks/useFileReference.ts +56 -11
package/src/hooks/useFileUrl.ts +1 -1
package/src/hooks/useInactivityTracker.ts +16 -7
package/src/hooks/usePermissionCache.test.ts +85 -8
package/src/hooks/useQueryCache.ts +21 -0
package/src/hooks/useSecureDataAccess.test.ts +80 -35
package/src/hooks/useSecureDataAccess.ts +80 -37
package/src/index.ts +2 -1
package/src/providers/services/EventServiceProvider.tsx +37 -17
package/src/providers/services/InactivityServiceProvider.tsx +4 -4
package/src/providers/services/OrganisationServiceProvider.tsx +8 -1
package/src/providers/services/UnifiedAuthProvider.tsx +115 -29
package/src/rbac/__tests__/auth-rbac.e2e.test.tsx +451 -0
package/src/rbac/__tests__/engine.comprehensive.test.ts +12 -0
package/src/rbac/__tests__/rbac-engine-core-logic.test.ts +8 -0
package/src/rbac/__tests__/rbac-engine-simplified.test.ts +4 -0
package/src/rbac/api.ts +240 -36
package/src/rbac/cache-invalidation.ts +21 -7
package/src/rbac/compliance/quick-fix-suggestions.ts +1 -1
package/src/rbac/components/NavigationGuard.tsx +23 -63
package/src/rbac/components/NavigationProvider.test.tsx +52 -23
package/src/rbac/components/NavigationProvider.tsx +13 -11
package/src/rbac/components/PagePermissionGuard.tsx +77 -203
package/src/rbac/components/PagePermissionProvider.tsx +13 -11
package/src/rbac/components/PermissionEnforcer.tsx +24 -62
package/src/rbac/components/RoleBasedRouter.tsx +14 -12
package/src/rbac/components/SecureDataProvider.tsx +13 -11
package/src/rbac/components/__tests__/NavigationGuard.test.tsx +104 -41
package/src/rbac/components/__tests__/NavigationProvider.test.tsx +49 -12
package/src/rbac/components/__tests__/PagePermissionGuard.race-condition.test.tsx +22 -1
package/src/rbac/components/__tests__/PagePermissionGuard.test.tsx +161 -82
package/src/rbac/components/__tests__/PagePermissionGuard.verification.test.tsx +22 -1
package/src/rbac/components/__tests__/PermissionEnforcer.test.tsx +77 -30
package/src/rbac/components/__tests__/RoleBasedRouter.test.tsx +39 -5
package/src/rbac/components/__tests__/SecureDataProvider.test.tsx +47 -4
package/src/rbac/engine.ts +4 -2
package/src/rbac/hooks/__tests__/useSecureSupabase.test.ts +144 -52
package/src/rbac/hooks/index.ts +3 -0
package/src/rbac/hooks/useCan.test.ts +101 -53
package/src/rbac/hooks/usePermissions.ts +108 -41
package/src/rbac/hooks/useRBAC.test.ts +11 -3
package/src/rbac/hooks/useRBAC.ts +83 -40
package/src/rbac/hooks/useResolvedScope.test.ts +189 -63
package/src/rbac/hooks/useResolvedScope.ts +128 -70
package/src/rbac/hooks/useSecureSupabase.ts +36 -19
package/src/rbac/hooks/useSuperAdminBypass.ts +126 -0
package/src/rbac/request-deduplication.ts +1 -1
package/src/rbac/secureClient.ts +72 -12
package/src/rbac/security.ts +29 -23
package/src/rbac/types.ts +10 -0
package/src/rbac/utils/__tests__/contextValidator.test.ts +150 -0
package/src/rbac/utils/__tests__/deep-equal.test.ts +53 -0
package/src/rbac/utils/__tests__/eventContext.test.ts +6 -1
package/src/rbac/utils/contextValidator.ts +288 -0
package/src/rbac/utils/eventContext.ts +48 -2
package/src/services/EventService.ts +165 -21
package/src/services/OrganisationService.ts +37 -2
package/src/services/__tests__/EventService.test.ts +26 -21
package/src/types/file-reference.ts +13 -10
package/src/utils/app/appNameResolver.test.ts +346 -73
package/src/utils/context/superAdminOverride.ts +58 -0
package/src/utils/file-reference/index.ts +61 -33
package/src/utils/google-places/googlePlacesUtils.test.ts +98 -0
package/src/utils/google-places/loadGoogleMapsScript.test.ts +83 -0
package/src/utils/storage/helpers.test.ts +1 -1
package/src/utils/storage/helpers.ts +38 -19
package/src/utils/storage/types.ts +15 -8
package/src/utils/validation/__tests__/csrf.test.ts +105 -0
package/src/utils/validation/__tests__/sqlInjectionProtection.test.ts +92 -0
package/src/vite-env.d.ts +2 -2
package/dist/chunk-3GOZZZYH.js.map +0 -1
package/dist/chunk-DDM4CCYT.js.map +0 -1
package/dist/chunk-E7UAOUMY.js +0 -75
package/dist/chunk-E7UAOUMY.js.map +0 -1
package/dist/chunk-EFCLXK7F.js.map +0 -1
package/dist/chunk-F2IMUDXZ.js.map +0 -1
package/dist/chunk-HEHYGYOX.js.map +0 -1
package/dist/chunk-IM4QE42D.js.map +0 -1
package/dist/chunk-IPCH26AG.js.map +0 -1
package/dist/chunk-SAUPYVLF.js.map +0 -1
package/dist/chunk-THRPYOFK.js.map +0 -1
package/dist/chunk-UNOTYLQF.js.map +0 -1
package/dist/chunk-VGZZXKBR.js.map +0 -1
package/dist/chunk-YHCN776L.js.map +0 -1
package/src/hooks/__tests__/usePermissionCache.simple.test.ts +0 -192
package/src/hooks/__tests__/usePermissionCache.unit.test.ts +0 -741
package/src/hooks/__tests__/usePublicEvent.simple.test.ts +0 -703
package/src/rbac/hooks/useRBAC.simple.test.ts +0 -95
package/src/rbac/utils/__tests__/eventContext.unit.test.ts +0 -428
/package/dist/{DataTable-GUFUNZ3N.js.map → DataTable-ON3IXISJ.js.map} +0 -0
/package/dist/{UnifiedAuthProvider-643PUAIM.js.map → UnifiedAuthProvider-X5NXANVI.js.map} +0 -0
/package/dist/{api-YP7XD5L6.js.map → api-I6UCQ5S6.js.map} +0 -0
/package/dist/{chunk-HESYZWZW.js.map → chunk-QWWZ5CAQ.js.map} +0 -0

package/src/rbac/utils/contextValidator.ts ADDED Viewed

@@ -0,0 +1,288 @@
+/**
+ * Context Validator for RBAC
+ * @package @jmruthers/pace-core
+ * @module RBAC/ContextValidator
+ * @since 1.0.0
+ *
+ * Centralized validation for RBAC context requirements based on app configuration.
+ * Enforces app-specific context rules with single primary context:
+ * - requires_event = TRUE: Event is PRIMARY context, org derived from event (org not required in input)
+ * - requires_event = FALSE: Organisation is PRIMARY context, event optional
+ * - PORTAL/ADMIN apps: Both contexts optional (allows users to view/edit own profiles, super admin access)
+ *
+ * Key principle: Only one primary context is required based on app config. The other is derived or optional.
+ */
+import { SupabaseClient } from '@supabase/supabase-js';
+import { Database } from '../../types/database';
+import { UUID, Scope } from '../types';
+import { EventContextRequiredError, OrganisationContextRequiredError } from '../types';
+import { getOrganisationFromEvent } from './eventContext';
+import { createLogger } from '../../utils/core/logger';
+const log = createLogger('ContextValidator');
+export interface AppConfig {
+  requires_event: boolean;
+}
+/**
+ * Check if an app allows optional contexts (both organisation and event optional)
+ * @param appName - App name to check
+ * @returns True if app allows optional contexts
+ */
+function allowsOptionalContexts(appName?: string): boolean {
+  return appName === 'PORTAL' || appName === 'ADMIN';
+}
+export interface ContextValidationResult {
+  isValid: boolean;
+  resolvedScope: Scope | null;
+  error: Error | null;
+}
+/**
+ * Context Validator class
+ *
+ * Validates and resolves RBAC scope based on app configuration requirements.
+ */
+export class ContextValidator {
+  /**
+   * Validate scope against app requirements
+   *
+   * @param scope - Current scope
+   * @param appConfig - App configuration (requires_event flag)
+   * @param appName - App name (for PORTAL/ADMIN special case)
+   * @returns Validation result with resolved scope
+   */
+  static async validateScope(
+    scope: Scope,
+    appConfig: AppConfig | null,
+    appName?: string
+  ): Promise<ContextValidationResult> {
+    // PORTAL/ADMIN special case: both contexts optional
+    if (allowsOptionalContexts(appName)) {
+      return {
+        isValid: true,
+        resolvedScope: {
+          organisationId: scope.organisationId,
+          eventId: scope.eventId,
+          appId: scope.appId
+        },
+        error: null
+      };
+    }
+    // If no app config, default to requiring org context
+    if (!appConfig) {
+      if (!scope.organisationId) {
+        return {
+          isValid: false,
+          resolvedScope: null,
+          error: new OrganisationContextRequiredError()
+        };
+      }
+      return {
+        isValid: true,
+        resolvedScope: scope,
+        error: null
+      };
+    }
+    // Event-required apps: must have eventId, derive org from event
+    if (appConfig.requires_event) {
+      if (!scope.eventId) {
+        return {
+          isValid: false,
+          resolvedScope: null,
+          error: new EventContextRequiredError()
+        };
+      }
+      // If org is not provided, we'll need to derive it from event
+      // But for validation, we just check that eventId exists
+      // The actual derivation happens in resolveRequiredContext
+      return {
+        isValid: true,
+        resolvedScope: scope,
+        error: null
+      };
+    }
+    // Org-required apps: must have organisationId, eventId optional
+    if (!scope.organisationId) {
+      return {
+        isValid: false,
+        resolvedScope: null,
+        error: new OrganisationContextRequiredError()
+      };
+    }
+    return {
+      isValid: true,
+      resolvedScope: scope,
+      error: null
+    };
+  }
+  /**
+   * Resolve required context and derive missing values
+   *
+   * @param scope - Current scope
+   * @param appConfig - App configuration
+   * @param appName - App name (for PORTAL/ADMIN special case)
+   * @param supabase - Supabase client (for deriving org from event)
+   * @returns Resolved scope with all required context
+   */
+  static async resolveRequiredContext(
+    scope: Scope,
+    appConfig: AppConfig | null,
+    appName?: string,
+    supabase?: SupabaseClient<Database> | null
+  ): Promise<ContextValidationResult> {
+    // PORTAL/ADMIN special case: both contexts optional
+    if (allowsOptionalContexts(appName)) {
+      return {
+        isValid: true,
+        resolvedScope: {
+          organisationId: scope.organisationId,
+          eventId: scope.eventId,
+          appId: scope.appId
+        },
+        error: null
+      };
+    }
+    // If no app config, default to requiring org context
+    if (!appConfig) {
+      if (!scope.organisationId) {
+        return {
+          isValid: false,
+          resolvedScope: null,
+          error: new OrganisationContextRequiredError()
+        };
+      }
+      return {
+        isValid: true,
+        resolvedScope: scope,
+        error: null
+      };
+    }
+    // Event-required apps: must have eventId, derive org from event
+    if (appConfig.requires_event) {
+      if (!scope.eventId) {
+        return {
+          isValid: false,
+          resolvedScope: null,
+          error: new EventContextRequiredError()
+        };
+      }
+      // Derive organisationId from event if not provided
+      let organisationId: UUID | undefined = scope.organisationId;
+      if (!organisationId && supabase && scope.eventId) {
+        try {
+          const derivedOrgId = await this.deriveOrgFromEvent(supabase, scope.eventId);
+          organisationId = derivedOrgId || undefined;
+          if (!organisationId) {
+            return {
+              isValid: false,
+              resolvedScope: null,
+              error: new Error('Could not resolve organisation from event context')
+            };
+          }
+        } catch (error) {
+          log.error('Failed to derive org from event:', error);
+          return {
+            isValid: false,
+            resolvedScope: null,
+            error: error instanceof Error ? error : new Error('Failed to derive organisation from event')
+          };
+        }
+      } else if (!organisationId) {
+        return {
+          isValid: false,
+          resolvedScope: null,
+          error: new Error('Event context requires organisationId but it could not be derived (supabase client not available)')
+        };
+      }
+      return {
+        isValid: true,
+        resolvedScope: {
+          organisationId,
+          eventId: scope.eventId,
+          appId: scope.appId
+        },
+        error: null
+      };
+    }
+    // Org-required apps: must have organisationId, eventId optional
+    if (!scope.organisationId) {
+      return {
+        isValid: false,
+        resolvedScope: null,
+        error: new OrganisationContextRequiredError()
+      };
+    }
+    return {
+      isValid: true,
+      resolvedScope: scope,
+      error: null
+    };
+  }
+  /**
+   * Derive organisation ID from event ID
+   *
+   * @param supabase - Supabase client
+   * @param eventId - Event ID
+   * @returns Organisation ID or null
+   */
+  static async deriveOrgFromEvent(
+    supabase: SupabaseClient<Database>,
+    eventId: string
+  ): Promise<UUID | null> {
+    return getOrganisationFromEvent(supabase, eventId);
+  }
+  /**
+   * Check if context is ready for permission checks
+   *
+   * @param scope - Current scope
+   * @param appConfig - App configuration
+   * @param appName - App name
+   * @param hasSelectedEvent - Whether event is selected
+   * @param hasSelectedOrganisation - Whether organisation is selected
+   * @returns True if context is ready
+   */
+  static isContextReady(
+    scope: Scope,
+    appConfig: AppConfig | null,
+    appName?: string,
+    hasSelectedEvent?: boolean,
+    hasSelectedOrganisation?: boolean
+  ): boolean {
+    // PORTAL/ADMIN special case: context is always ready
+    if (allowsOptionalContexts(appName)) {
+      return true;
+    }
+    // If no app config, default to requiring org context
+    if (!appConfig) {
+      return !!hasSelectedOrganisation || !!scope.organisationId;
+    }
+    // Event-required apps: need event context
+    if (appConfig.requires_event) {
+      return !!hasSelectedEvent || !!scope.eventId;
+    }
+    // Org-required apps: need org context
+    return !!hasSelectedOrganisation || !!scope.organisationId;
+  }
+}

package/src/rbac/utils/eventContext.ts CHANGED Viewed

@@ -12,9 +12,35 @@ import { SupabaseClient } from '@supabase/supabase-js';
 import { Database } from '../../types/database';
 import { UUID, Scope } from '../types';
+/**
+ * Cache for organisation derivation from event
+ * Key: eventId, Value: organisationId | null
+ * Maximum cache size to prevent memory leaks
+ */
+const orgDerivationCache = new Map<string, UUID | null>();
+const MAX_CACHE_SIZE = 100; // Limit cache to 100 entries
+/**
+ * Clear cache entry for a specific event (useful if event's org changes)
+ * @param eventId - Event ID to clear from cache
+ */
+export function clearOrgDerivationCache(eventId: string): void {
+  orgDerivationCache.delete(eventId);
+}
+/**
+ * Clear all cached organisation derivations
+ */
+export function clearAllOrgDerivationCache(): void {
+  orgDerivationCache.clear();
+}
 /**
  * Get organization ID from event ID
  *
+ * Uses caching to avoid repeated database queries for the same event.
+ * Cache is limited to prevent memory leaks.
+ *
  * @param supabase - Supabase client
  * @param eventId - Event ID
  * @returns Promise resolving to organization ID or null
@@ -23,17 +49,37 @@ export async function getOrganisationFromEvent(
   supabase: SupabaseClient<Database>,
   eventId: string
 ): Promise<UUID | null> {
+  // Check cache first
+  if (orgDerivationCache.has(eventId)) {
+    return orgDerivationCache.get(eventId) ?? null;
+  }
+  // Query database
   const { data, error } = await supabase
     .from('event')
     .select('organisation_id')
     .eq('event_id', eventId)
     .single() as { data: { organisation_id: string } | null; error: any };
+  let organisationId: UUID | null = null;
   if (error || !data) {
-    return null;
+    organisationId = null;
+  } else {
+    organisationId = data.organisation_id;
+  }
+  // Cache the result (with size limit to prevent memory leaks)
+  if (orgDerivationCache.size >= MAX_CACHE_SIZE) {
+    // Remove oldest entry (first key in Map)
+    const firstKey = orgDerivationCache.keys().next().value;
+    if (firstKey) {
+      orgDerivationCache.delete(firstKey);
+    }
   }
+  orgDerivationCache.set(eventId, organisationId);
-  return data.organisation_id;
+  return organisationId;
 }
 /**

package/src/services/EventService.ts CHANGED Viewed

@@ -16,6 +16,9 @@ import { Organisation } from '../types/organisation';
 import { assertOrganisationId } from '../types/core';
 import { logger } from '../utils/core/logger';
 import { secureStorage } from '../utils/security/secureStorage';
+import { isSuperAdmin, getAppConfigByName } from '../rbac/api';
+import type { UUID } from '../rbac/types';
+import type { AppConfig } from '../rbac/utils/contextValidator';
 export class EventService extends BaseService implements IEventService {
   private events: Event[] = [];
@@ -30,6 +33,8 @@ export class EventService extends BaseService implements IEventService {
   private appName: string = '';
   private selectedOrganisation: Organisation | null = null;
   private setSelectedEventId: ((eventId: string | null) => void) | null = null;
+  private isSuperAdmin: boolean = false; // Track super admin status for conditional validation
+  private appConfig: AppConfig | null = null; // Cache app config to avoid repeated lookups
   // Internal state management
   private isInitializedRef = false;
@@ -76,6 +81,7 @@ export class EventService extends BaseService implements IEventService {
     const newOrgId = selectedOrganisation?.id;
     const previousUserId = this.user?.id || null;
     const newUserId = user?.id || null;
+    const previousAppName = this.appName;
     // If user changed, clear previous user's event selection from storage
     if (previousUserId !== newUserId) {
@@ -87,6 +93,10 @@ export class EventService extends BaseService implements IEventService {
         this.selectedEvent = null;
         this.setSelectedEventId?.(null);
       }
+      // Reset initialization when user changes
+      this.resetInitialization();
+      this.isInitializedRef = false;
+      this.isFetchingRef = false;
     }
     this.supabaseClient = supabaseClient;
@@ -96,8 +106,31 @@ export class EventService extends BaseService implements IEventService {
     this.selectedOrganisation = selectedOrganisation;
     this.setSelectedEventId = setSelectedEventId;
-    // If organisation changed (from null to value, or different org), reset initialization
-    // This ensures events are re-fetched when organisation context becomes available
+    // Clear app config cache when app name changes
+    if (previousAppName !== appName) {
+      this.appConfig = null;
+    }
+    // Update super admin status when user changes
+    // This allows super admins to select events from any organisation
+    if (user?.id) {
+      try {
+        this.isSuperAdmin = await isSuperAdmin(user.id as UUID);
+        logger.debug('EventService', 'Updated super admin status', {
+          userId: user.id,
+          isSuperAdmin: this.isSuperAdmin
+        });
+      } catch (error) {
+        logger.warn('EventService', 'Failed to check super admin status', { error });
+        this.isSuperAdmin = false; // Default to false on error
+      }
+    } else {
+      this.isSuperAdmin = false;
+    }
+    // If organisation changed (from null to value, or different org, or value to null), reset initialization
+    // This ensures events are re-fetched when organisation context changes
+    // For event-required apps, selectedOrganisation will be null, so we need to reset when it changes from undefined/null to null
     if (previousOrgId !== newOrgId) {
       this.resetInitialization(); // Reset BaseService's isInitialized flag
       this.isInitializedRef = false;
@@ -138,20 +171,9 @@ export class EventService extends BaseService implements IEventService {
   // Event methods
   setSelectedEvent(event: Event | null): void {
     if (event) {
-      // SECURITY: Validate event belongs to current organisation
-      try {
-        if (this.selectedOrganisation && event.organisation_id !== this.selectedOrganisation.id) {
-          logger.error('EventService', 'Event organisation_id does not match selected organisation', {
-            eventOrganisationId: event.organisation_id,
-            selectedOrganisationId: this.selectedOrganisation.id,
-            eventName: event.event_name
-          });
-          return;
-        }
-      } catch (error) {
-        logger.error('EventService', 'Error during event validation:', error);
-      }
+      // No validation needed: For event-required apps, org is derived from event
+      // For org-required apps, event is optional and doesn't need validation
+      // RLS policies handle security at the database level
       this.selectedEvent = event;
       this.setSelectedEventId?.(event.event_id);
       // Persist asynchronously (don't await to avoid blocking)
@@ -286,6 +308,12 @@ export class EventService extends BaseService implements IEventService {
   async initialize(): Promise<void> {
     // Only call super.initialize() which will call doInitialize() and fetchEvents()
     // Don't call fetchEvents() again here to avoid double-fetching
+    logger.debug('EventService', 'initialize() called', {
+      isInitializedRef: this.isInitializedRef,
+      hasUser: !!this.user,
+      hasSession: !!this.session,
+      appName: this.appName
+    });
     await super.initialize();
   }
@@ -294,13 +322,23 @@ export class EventService extends BaseService implements IEventService {
   }
   protected async doInitialize(): Promise<void> {
+    logger.debug('EventService', 'doInitialize() called', {
+      isInitializedRef: this.isInitializedRef,
+      isFetchingRef: this.isFetchingRef,
+      hasUser: !!this.user,
+      hasSession: !!this.session,
+      appName: this.appName
+    });
     // Skip if already initialized
     if (this.isInitializedRef) {
+      logger.debug('EventService', 'Skipping initialization - already initialized');
       return;
     }
     // Skip if already fetching
     if (this.isFetchingRef) {
+      logger.debug('EventService', 'Skipping initialization - already fetching');
       return;
     }
@@ -313,13 +351,25 @@ export class EventService extends BaseService implements IEventService {
       logger.warn('EventService', 'Failed to clean up old storage keys:', error);
     }
-    // Skip if no user or organisation
-    if (!this.user || !this.selectedOrganisation) {
+    // Skip if no user
+    // For event-required apps, selectedOrganisation may be null (org derived from event)
+    // For org-required apps, selectedOrganisation is required
+    if (!this.user) {
+      logger.debug('EventService', 'Skipping initialization - missing user');
       return;
     }
+    logger.debug('EventService', 'Initializing - fetching events', {
+      userId: this.user.id,
+      organisationId: this.selectedOrganisation?.id || 'derived-from-event',
+      appName: this.appName
+    });
     // Initial setup - fetch events on initialization
     await this.fetchEvents(false);
+    // Mark as initialized after successful fetch
+    this.isInitializedRef = true;
   }
   protected doCleanup(): void {
@@ -327,7 +377,15 @@ export class EventService extends BaseService implements IEventService {
   }
   private async fetchEvents(skipLoadPersisted: boolean = false): Promise<void> {
-    if (!this.user || !this.session || !this.supabaseClient || !this.appName || !this.selectedOrganisation) {
+    // For event-required apps, selectedOrganisation may be null (org derived from event)
+    // For org-required apps, selectedOrganisation is required
+    if (!this.user || !this.session || !this.supabaseClient || !this.appName) {
+      logger.debug('EventService', 'Skipping fetchEvents - missing dependencies', {
+        hasUser: !!this.user,
+        hasSession: !!this.session,
+        hasSupabaseClient: !!this.supabaseClient,
+        appName: this.appName
+      });
       // Already false from initialization, just notify
       this.notify();
       return;
@@ -339,6 +397,7 @@ export class EventService extends BaseService implements IEventService {
     // Prevent multiple simultaneous fetches
     if (this.isFetchingRef) {
+      logger.debug('EventService', 'Skipping fetchEvents - already fetching');
       return;
     }
@@ -346,12 +405,97 @@ export class EventService extends BaseService implements IEventService {
     let isMounted = true;
     try {
+      // Load app config if not already cached (only once per app)
+      if (!this.appConfig && this.appName) {
+        try {
+          this.appConfig = await getAppConfigByName(this.appName);
+        } catch (configError) {
+          logger.warn('EventService', 'Failed to load app config, defaulting to event-required', {
+            error: configError
+          });
+          // Default to event-required for safety
+          this.appConfig = { requires_event: true };
+        }
+      }
+      // Determine organisationId for RPC call
+      // For event-required apps: org is derived from selectedEvent (if available), or null to get all accessible events
+      // For org-required apps: org comes from selectedOrganisation
+      // Super admins: pass null to see all events
+      let organisationIdForRpc: string | null = null;
+      // Check if user is super admin first
+      let userIsSuperAdmin = false;
+      try {
+        userIsSuperAdmin = await isSuperAdmin(this.user.id as UUID);
+        if (userIsSuperAdmin) {
+          // Super admin: Pass null to see all events across all organisations
+          organisationIdForRpc = null;
+          logger.debug('EventService', 'Super admin detected - fetching all events', {
+            userId: this.user.id
+          });
+        } else {
+          // Not super admin: determine org from context based on app type
+          if (this.selectedEvent) {
+            // If event is already selected, use its organisation
+            organisationIdForRpc = this.selectedEvent.organisation_id;
+          } else if (this.appConfig?.requires_event === true) {
+            // Event-required app with no selected event yet: pass null to get all accessible events
+            // The RPC will filter by event app roles, returning all events the user has access to
+            organisationIdForRpc = null;
+            logger.debug('EventService', 'Event-required app: fetching all accessible events (no event selected yet)', {
+              userId: this.user.id,
+              appName: this.appName
+            });
+          } else if (this.selectedOrganisation) {
+            // Org-required app: use selected organisation
+            organisationIdForRpc = this.selectedOrganisation.id;
+          } else {
+            // No context available - this shouldn't happen for authenticated users
+            logger.warn('EventService', 'No organisation context available for event fetch', {
+              hasSelectedEvent: !!this.selectedEvent,
+              hasSelectedOrganisation: !!this.selectedOrganisation,
+              appRequiresEvent: this.appConfig?.requires_event
+            });
+            organisationIdForRpc = null; // Will return empty list
+          }
+        }
+      } catch (superAdminCheckError) {
+        // If super admin check fails, fall back to organisation-scoped query
+        logger.warn('EventService', 'Failed to check super admin status, using organisation-scoped query', {
+          error: superAdminCheckError
+        });
+        // Fallback: use available context
+        if (this.selectedEvent) {
+          organisationIdForRpc = this.selectedEvent.organisation_id;
+        } else if (this.appConfig?.requires_event === true) {
+          // Event-required app: pass null to get all accessible events
+          organisationIdForRpc = null;
+        } else if (this.selectedOrganisation) {
+          organisationIdForRpc = this.selectedOrganisation.id;
+        }
+      }
+      logger.debug('EventService', 'Fetching events via RPC', {
+        userId: this.user.id,
+        organisationId: organisationIdForRpc,
+        appName: this.appName
+      });
       // Call the RPC function following the established pattern
-      const { data, error: rpcError } = await this.supabaseClient.rpc('data_user_events_get', {
+      // For super admins, pass null for p_organisation_id to see all events
+      let { data, error: rpcError } = await this.supabaseClient.rpc('data_user_events_get', {
         p_user_id: this.user.id,
-        p_organisation_id: this.selectedOrganisation.id,
+        p_organisation_id: organisationIdForRpc,
         p_app_name: this.appName
       });
+      logger.debug('EventService', 'RPC response received', {
+        hasData: !!data,
+        dataLength: Array.isArray(data) ? data.length : 'not array',
+        hasError: !!rpcError,
+        error: rpcError
+      });
       if (rpcError) {
         logger.error('EventService', 'RPC error fetching events:', rpcError);