@jmruthers/pace-core 0.5.189 → 0.5.190

package/core-usage-manifest.json

@@ -213,10 +213,6 @@
       "module": "@radix-ui/react-label",
       "reason": "Use Label component from pace-core instead"
     },
-    {
-      "module": "@radix-ui/react-progress",
-      "reason": "Use Progress component from pace-core instead"
-    },
     {
       "module": "@radix-ui/react-slot",
       "reason": "Use Button component from pace-core which handles slot composition"

package/dist/{AuthService-B-cd2MA4.d.ts → AuthService-CbP_utw2.d.ts}

@@ -103,6 +103,8 @@ declare class EventService extends BaseService implements IEventService {
     private appName;
     private selectedOrganisation;
     private setSelectedEventId;
+    private isSuperAdmin;
+    private appConfig;
     private isInitializedRef;
     private isFetchingRef;
     private hasAutoSelectedRef;
@@ -349,11 +351,13 @@ interface InactivityServiceProviderProps {
     supabaseClient: SupabaseClient;
     user: User | null;
     session: Session | null;
-    idleTimeoutMs?: number;
-    warnBeforeMs?: number;
+    idleTimeoutMs: number;
+    warnBeforeMs: number;
     onIdleLogout: (reason: 'inactivity') => void;
 }
-declare function InactivityServiceProvider({ children, supabaseClient, user, session, idleTimeoutMs, warnBeforeMs, onIdleLogout }: InactivityServiceProviderProps): react_jsx_runtime.JSX.Element;
+declare function InactivityServiceProvider({ children, supabaseClient, user, session, idleTimeoutMs, // REQUIRED: No default - must be explicitly provided
+warnBeforeMs, // REQUIRED: No default - must be explicitly provided
+onIdleLogout }: InactivityServiceProviderProps): react_jsx_runtime.JSX.Element;
 
 /**
  * @file Authentication Service Interface

package/dist/{DataTable-GUFUNZ3N.js → DataTable-ON3IXISJ.js}

@@ -60,10 +60,8 @@ import {
   sum,
   validateHierarchicalData,
   validatePaginationConfig
-} from "./chunk-2UUZZJFT.js";
-import "./chunk-3GOZZZYH.js";
-import "./chunk-HEHYGYOX.js";
-import "./chunk-63FOKYGO.js";
+} from "./chunk-SDMHPX3X.js";
+import "./chunk-HQVPB5MZ.js";
 import {
   CircuitBreaker,
   DEFAULT_FALLBACK_CONFIG,
@@ -82,11 +80,13 @@ import {
   throttle,
   useDataTablePerformance
 } from "./chunk-6C4YBBJM.js";
-import "./chunk-E7UAOUMY.js";
-import "./chunk-VGZZXKBR.js";
+import "./chunk-Y4BUBBHD.js";
+import "./chunk-J2XXC7R5.js";
+import "./chunk-RUYZKXOD.js";
+import "./chunk-63FOKYGO.js";
 import "./chunk-QXHPKYJV.js";
 import "./chunk-R77UEZ4E.js";
-import "./chunk-F2IMUDXZ.js";
+import "./chunk-I7PSE6JW.js";
 import "./chunk-VBXEHIUJ.js";
 import "./chunk-PWLANIRT.js";
 import "./chunk-7D4SUZUM.js";
@@ -169,4 +169,4 @@ export {
   validateHierarchicalData,
   validatePaginationConfig
 };
-//# sourceMappingURL=DataTable-GUFUNZ3N.js.map
+//# sourceMappingURL=DataTable-ON3IXISJ.js.map

package/dist/{PublicPageProvider-B8HaLe69.d.ts → PublicPageProvider-C4uxosp6.d.ts}

@@ -2,14 +2,13 @@ import * as React$1 from 'react';
 import React__default, { Component, ReactNode } from 'react';
 import { P as ParsedAddress, A as AutocompleteOptions } from './types-Bwgl--Xo.js';
 import * as LabelPrimitive from '@radix-ui/react-label';
-import { F as FileCategory, e as FileUploadResult, U as UploadProgress, c as FileUploadOptions, a as FileReference } from './file-reference-D037xOFK.js';
+import { F as FileCategory, e as FileUploadResult, U as UploadProgress, c as FileUploadOptions, a as FileReference } from './file-reference-BavO2eQj.js';
 import * as CheckboxPrimitive from '@radix-ui/react-checkbox';
 import * as SwitchPrimitive from '@radix-ui/react-switch';
-import * as ProgressPrimitive from '@radix-ui/react-progress';
 import * as react_jsx_runtime from 'react/jsx-runtime';
 import * as DialogPrimitive from '@radix-ui/react-dialog';
 import * as TabsPrimitive from '@radix-ui/react-tabs';
-import { DayPickerProps } from 'react-day-picker';
+import { DayPickerProps, DateRange } from 'react-day-picker';
 import * as ToastPrimitives from '@radix-ui/react-toast';
 import * as TooltipPrimitive from '@radix-ui/react-tooltip';
 import { FieldValues, DefaultValues, SubmitHandler, SubmitErrorHandler, UseFormReturn, FieldPath, ControllerRenderProps, ControllerFieldState, UseFormStateReturn } from 'react-hook-form';
@@ -296,8 +295,15 @@ interface AddressFieldRef {
  * - Debounced input with caching
  * - Keyboard navigation (Arrow keys, Enter, Escape)
  * - Accessible ARIA attributes
+ * - Semantic HTML (description list for suggestions)
  * - Loading and error states
  * - place_id storage for later retrieval
+ *
+ * @accessibility
+ * - Uses semantic HTML: `<dl>`, `<dt>`, `<dd>` for address suggestions
+ * - Proper ARIA attributes for combobox pattern
+ * - Keyboard navigation support
+ * - Screen reader friendly
  */
 
 /**
@@ -532,6 +538,7 @@ declare const Textarea: React$1.ForwardRefExoticComponent<TextareaProps & React$
  * Features:
  * - Multiple visual variants (default, destructive, inline)
  * - Title and description support
+ * - Semantic HTML: renders as `<aside>` element
  * - ARIA role="alert" for accessibility
  * - Keyboard and screen reader accessible
  * - Composable with icons and actions
@@ -562,14 +569,15 @@ declare const Textarea: React$1.ForwardRefExoticComponent<TextareaProps & React$
  * ```
  *
  * @accessibility
+ * - Uses semantic HTML: `<aside>` element for better semantic meaning
  * - Uses role="alert" for screen reader announcement
  * - Title and description are semantically structured
  * - Supports keyboard navigation and focus
  */
 
-declare const Alert: React$1.ForwardRefExoticComponent<React$1.HTMLAttributes<HTMLDivElement> & {
+declare const Alert: React$1.ForwardRefExoticComponent<React$1.HTMLAttributes<HTMLElement> & {
     variant?: "default" | "destructive" | "inline";
-} & React$1.RefAttributes<HTMLDivElement>>;
+} & React$1.RefAttributes<HTMLElement>>;
 declare const AlertTitle: React$1.ForwardRefExoticComponent<React$1.HTMLAttributes<HTMLHeadingElement> & React$1.RefAttributes<HTMLHeadingElement>>;
 declare const AlertDescription: React$1.ForwardRefExoticComponent<React$1.HTMLAttributes<HTMLParagraphElement> & React$1.RefAttributes<HTMLParagraphElement>>;
 
@@ -862,16 +870,16 @@ declare const Switch: React$1.ForwardRefExoticComponent<SwitchProps & React$1.Re
  * @module Components/Progress
  * @since 0.1.0
  *
- * An accessible progress bar component built on top of Radix UI primitives.
+ * An accessible progress bar component built on the native HTML `<progress>` element.
  * Provides smooth animations and proper ARIA attributes for screen readers.
  *
  * Features:
  * - Smooth progress animations
  * - Customizable value and max range
- * - Proper ARIA attributes for accessibility
+ * - Native accessibility support (role="progressbar" automatically applied)
  * - Customizable styling and appearance
  * - Responsive design
- * - Keyboard accessible
+ * - Indeterminate state support
  *
  * @example
  * ```tsx
@@ -898,22 +906,23 @@ declare const Switch: React$1.ForwardRefExoticComponent<SwitchProps & React$1.Re
  * }, []);
  *
  * <Progress value={progress} />
+ *
+ * // Indeterminate progress (no value)
+ * <Progress />
  * ```
  *
  * @accessibility
  * - WCAG 2.1 AA compliant
- * - Proper ARIA attributes (aria-valuenow, aria-valuemax, aria-valuemin)
+ * - Native `<progress>` element provides role="progressbar" automatically
  * - Screen reader announcements for progress changes
- * - Keyboard navigation support
  * - High contrast support
  *
  * @performance
  * - CSS transitions for smooth animations
  * - Efficient re-rendering
- * - Minimal DOM structure
+ * - Minimal DOM structure (native HTML element)
  *
  * @dependencies
- * - @radix-ui/react-progress - Core progress functionality
  * - React 18+ - Hooks and refs
  * - Tailwind CSS - Styling
  */
@@ -921,15 +930,15 @@ declare const Switch: React$1.ForwardRefExoticComponent<SwitchProps & React$1.Re
 /**
  * Props for the Progress component
  */
-interface ProgressProps extends React$1.ComponentPropsWithoutRef<typeof ProgressPrimitive.Root> {
-    /** Current progress value (0 to max) */
+interface ProgressProps extends React$1.HTMLAttributes<HTMLProgressElement> {
+    /** Current progress value (0 to max). Omit for indeterminate state. */
     value?: number;
     /** Maximum progress value (default: 100) */
     max?: number;
 }
 /**
  * Progress component
- * An accessible progress bar with smooth animations
+ * An accessible progress bar with smooth animations using native HTML `<progress>` element
  *
  * @param props - Progress configuration and styling
  * @param ref - Forwarded ref to the progress element
@@ -940,7 +949,7 @@ interface ProgressProps extends React$1.ComponentPropsWithoutRef<typeof Progress
  * <Progress value={75} max={100} />
  * ```
  */
-declare const Progress: React$1.ForwardRefExoticComponent<ProgressProps & React$1.RefAttributes<HTMLDivElement>>;
+declare const Progress: React$1.ForwardRefExoticComponent<ProgressProps & React$1.RefAttributes<HTMLProgressElement>>;
 
 /**
  * Dialog size variants
@@ -1359,7 +1368,7 @@ declare const TabsContent: React$1.ForwardRefExoticComponent<TabsContentProps &
  * Features:
  * - Single, range, and multiple date selection modes
  * - Date disabling (past dates, weekends, etc.)
- * - Localization support
+ * - Localization support (defaults to Australian locale with Monday as first day of week)
  * - Keyboard navigation
  * - Accessible date selection
  * - Customizable styling
@@ -1406,13 +1415,18 @@ declare const TabsContent: React$1.ForwardRefExoticComponent<TabsContentProps &
 
 interface CalendarProps extends Omit<DayPickerProps, 'className' | 'classNames' | 'styles' | 'onSelect'> {
     /**
-     * Additional CSS classes to apply to the calendar wrapper
+     * Additional CSS classes to apply to the calendar table
      */
     className?: string;
     /**
      * Custom classNames for DayPicker sub-components
      */
     classNames?: DayPickerProps['classNames'];
+    /**
+     * Currently selected value; mirrors DayPicker's `selected` prop so callers
+     * can control the selection state.
+     */
+    selected?: Date | Date[] | DateRange | undefined;
     /**
      * Date selection handler. Signature depends on mode:
      * - mode="single": (date: Date | undefined) => void
@@ -1429,13 +1443,22 @@ interface CalendarProps extends Omit<DayPickerProps, 'className' | 'classNames'
  * A flexible, accessible calendar component for date selection.
  * Built on react-day-picker with pace-core styling.
  *
+ * Defaults to Australian locale (en-AU) with Monday as the first day of the week.
+ * The locale can be overridden by passing a `locale` prop.
+ *
+ * Month navigation is automatically managed internally when `month` and `onMonthChange` props
+ * are not provided. The displayed month will sync with the selected date when available,
+ * or default to the current month. Navigation buttons (prev/next) work automatically.
+ *
+ * For controlled month state, pass `month` and `onMonthChange` props.
+ *
  * @param props - Calendar configuration and styling
  * @param ref - Forwarded ref (not used directly, but maintained for API consistency)
  * @returns JSX.Element - The rendered calendar element
  *
  * @example
  * ```tsx
- * // Single date selection
+ * // Single date selection (uses default Australian locale)
  * <Calendar
  *   mode="single"
  *   selected={date}
@@ -1449,9 +1472,28 @@ interface CalendarProps extends Omit<DayPickerProps, 'className' | 'classNames'
  *   onSelect={setDate}
  *   disabled={(date) => date < new Date()}
  * />
+ *
+ * // Override locale (e.g., US locale with Sunday as first day)
+ * import { enUS } from 'date-fns/locale';
+ * <Calendar
+ *   mode="single"
+ *   selected={date}
+ *   onSelect={setDate}
+ *   locale={enUS}
+ * />
+ *
+ * // Controlled month state (optional - month is auto-managed if not provided)
+ * const [month, setMonth] = useState(new Date());
+ * <Calendar
+ *   mode="single"
+ *   selected={date}
+ *   onSelect={setDate}
+ *   month={month}
+ *   onMonthChange={setMonth}
+ * />
  * ```
  */
-declare const Calendar: React$1.ForwardRefExoticComponent<CalendarProps & React$1.RefAttributes<HTMLDivElement>>;
+declare const Calendar: React$1.ForwardRefExoticComponent<CalendarProps & React$1.RefAttributes<HTMLTableElement>>;
 
 declare const ToastProvider: React$1.FC<ToastPrimitives.ToastProviderProps>;
 /**
@@ -3625,7 +3667,8 @@ interface FileUploadProps {
     supabase: SupabaseClient;
     table_name: string;
     record_id: string;
-    organisation_id: string;
+    organisation_id?: string | null;
+    userId?: string;
     app_id?: string;
     category: FileCategory;
     folder: string;
@@ -3644,13 +3687,19 @@ interface FileUploadProps {
     onProgress?: (progress: UploadProgress) => void;
     children?: React__default.ReactNode;
 }
-declare function FileUpload({ supabase, table_name, record_id, organisation_id, app_id, category, folder, pageContext, event_id, accept, maxSize, // 10MB default
+declare function FileUpload({ supabase, table_name, record_id, organisation_id, userId, app_id, category, folder, pageContext, event_id, accept, maxSize, // 10MB default
 multiple, disabled, isPublic, className, showPreview, showProgress, onUploadSuccess, onUploadError, onProgress, children }: FileUploadProps): react_jsx_runtime.JSX.Element;
 
 interface FileDisplayProps {
     table_name: string;
     record_id: string;
-    organisation_id: string;
+    /**
+     * Optional organisation ID. When not provided (undefined), the component will automatically
+     * search for files in both user-scoped (organisation_id = null) and organisation-scoped contexts.
+     * If both types of files exist, organisation-scoped files are preferred.
+     * When explicitly set to null, only user-scoped files are searched.
+     */
+    organisation_id?: string;
     category?: FileCategory;
     /** Display only a single file instead of all files. Uses first file (prefers images) from all files, without category filtering */
     displayOnly?: boolean;
@@ -3670,8 +3719,18 @@ interface FileDisplayProps {
     generateFallbackText?: (fileName?: string) => string;
     /** Explicit fallback text to display (overrides generateFallbackText) */
     fallbackText?: string;
+    /** Source text to use for generating fallback text (overrides filename) */
+    fallbackSourceText?: string;
     /** Size variant for fallback display (only applies when showFallback is true) */
     fallbackSize?: 'xs' | 'sm' | 'md' | 'lg' | 'xl' | '2xl';
+    /**
+     * Enable children rendering in displayOnly mode. When true, uses standard display path
+     * (with children support) even if showDelete is false. The delete button will only appear
+     * if showDelete is also true.
+     */
+    enableChildren?: boolean;
+    /** Whether to show metadata (filename, filesize, mimetype) in figcaption. Defaults to true. */
+    showMetadata?: boolean;
 }
 /**
  * Component for displaying file references with context-awareness
@@ -3691,7 +3750,7 @@ interface FileDisplayProps {
  * @param props.category - Optional category filter. When specified, only displays files matching this category and uses single file display variant.
  * @returns React element with file display
  */
-declare function FileDisplay({ table_name, record_id, organisation_id, category, displayOnly, showDelete, className, children, loadingComponent, errorComponent, showFallback, generateFallbackText, fallbackText, fallbackSize }: FileDisplayProps): react_jsx_runtime.JSX.Element;
+declare function FileDisplay({ table_name, record_id, organisation_id, category, displayOnly, showDelete, className, children, loadingComponent, errorComponent, showFallback, generateFallbackText, fallbackText, fallbackSourceText, fallbackSize, enableChildren, showMetadata }: FileDisplayProps): react_jsx_runtime.JSX.Element;
 
 declare function useFileReference(supabase: SupabaseClient): {
     isLoading: boolean;

package/dist/{UnifiedAuthProvider-BG0AL5eE.d.ts → UnifiedAuthProvider-BYA9qB-o.d.ts}

@@ -107,8 +107,9 @@ interface UnifiedAuthProviderProps {
     dangerouslyDisableInactivity?: boolean;
 }
 declare function UnifiedAuthProvider({ children, supabaseClient, appName, appConfig, // Default to requiring events
-persistState, enablePersistence, requireOrganisationContext, idleTimeoutMs, // 30 minutes
-warnBeforeMs, // 60 seconds
-onIdleLogout, renderInactivityWarning, dangerouslyDisableInactivity }: UnifiedAuthProviderProps): react_jsx_runtime.JSX.Element;
+persistState, enablePersistence, requireOrganisationContext, idleTimeoutMs, // REQUIRED: No default - must be explicitly provided
+warnBeforeMs, // REQUIRED: No default - must be explicitly provided
+onIdleLogout, // REQUIRED: No default - must be explicitly provided
+renderInactivityWarning, dangerouslyDisableInactivity }: UnifiedAuthProviderProps): react_jsx_runtime.JSX.Element;
 
 export { type UserEventAccess as U, type UnifiedAuthContextType as a, UnifiedAuthContext as b, type UnifiedAuthProviderProps as c, UnifiedAuthProvider as d, useUnifiedAuth as u };

package/dist/{UnifiedAuthProvider-643PUAIM.js → UnifiedAuthProvider-X5NXANVI.js}

@@ -2,7 +2,9 @@ import {
   UnifiedAuthContext,
   UnifiedAuthProvider,
   useUnifiedAuth
-} from "./chunk-VGZZXKBR.js";
+} from "./chunk-J2XXC7R5.js";
+import "./chunk-RUYZKXOD.js";
+import "./chunk-63FOKYGO.js";
 import "./chunk-QXHPKYJV.js";
 import "./chunk-VBXEHIUJ.js";
 import "./chunk-PWLANIRT.js";
@@ -12,4 +14,4 @@ export {
   UnifiedAuthProvider,
   useUnifiedAuth
 };
-//# sourceMappingURL=UnifiedAuthProvider-643PUAIM.js.map
+//# sourceMappingURL=UnifiedAuthProvider-X5NXANVI.js.map

package/dist/{api-YP7XD5L6.js → api-I6UCQ5S6.js}

@@ -3,6 +3,7 @@ import {
   clearCache,
   getAccessLevel,
   getAppConfig,
+  getAppConfigByName,
   getAppConfigWithClient,
   getPermissionMap,
   getRoleContext,
@@ -20,7 +21,7 @@ import {
   isSuperAdmin,
   resolveAppContext,
   setupRBAC
-} from "./chunk-HEHYGYOX.js";
+} from "./chunk-RUYZKXOD.js";
 import "./chunk-63FOKYGO.js";
 import "./chunk-PWLANIRT.js";
 import "./chunk-7D4SUZUM.js";
@@ -29,6 +30,7 @@ export {
   clearCache,
   getAccessLevel,
   getAppConfig,
+  getAppConfigByName,
   getAppConfigWithClient,
   getPermissionMap,
   getRoleContext,
@@ -47,4 +49,4 @@ export {
   resolveAppContext,
   setupRBAC
 };
-//# sourceMappingURL=api-YP7XD5L6.js.map
+//# sourceMappingURL=api-I6UCQ5S6.js.map

package/dist/{chunk-DDM4CCYT.js → chunk-4QYC5L4K.js}

@@ -1,10 +1,11 @@
 import {
-  useOrganisations
-} from "./chunk-E7UAOUMY.js";
+  useResolvedScope,
+  useSuperAdminBypass
+} from "./chunk-Y4BUBBHD.js";
 import {
   EventServiceContext,
   useUnifiedAuth
-} from "./chunk-VGZZXKBR.js";
+} from "./chunk-J2XXC7R5.js";
 import {
   setOrganisationContext
 } from "./chunk-VBXEHIUJ.js";
@@ -15,10 +16,16 @@ import {
 // src/hooks/useSecureDataAccess.ts
 import { useCallback, useState, useContext } from "react";
 function useSecureDataAccess() {
-  const { supabase, user, session } = useUnifiedAuth();
-  const { ensureOrganisationContext } = useOrganisations();
+  const { supabase, user, session, selectedOrganisation, selectedEvent } = useUnifiedAuth();
   const eventServiceContext = useContext(EventServiceContext);
-  const selectedEvent = eventServiceContext?.eventService?.getSelectedEvent() || null;
+  const eventFromContext = eventServiceContext?.eventService?.getSelectedEvent() || null;
+  const effectiveSelectedEvent = selectedEvent || eventFromContext;
+  const { isSuperAdmin } = useSuperAdminBypass();
+  const { resolvedScope } = useResolvedScope({
+    supabase,
+    selectedOrganisationId: selectedOrganisation?.id || null,
+    selectedEventId: effectiveSelectedEvent?.event_id || null
+  });
   const validateContext = useCallback(() => {
     if (!supabase) {
       throw new Error("No Supabase client available");
@@ -26,26 +33,30 @@ function useSecureDataAccess() {
     if (!user || !session) {
       throw new Error("User must be authenticated with valid session");
     }
-    try {
-      ensureOrganisationContext();
-    } catch (error) {
+    if (isSuperAdmin) {
+      return;
+    }
+    if (!resolvedScope?.organisationId) {
       throw new Error("Organisation context is required for data access");
     }
-  }, [supabase, user, session, ensureOrganisationContext]);
+  }, [supabase, user, session, resolvedScope, isSuperAdmin]);
   const getCurrentOrganisationId = useCallback(() => {
+    if (isSuperAdmin) {
+      return resolvedScope?.organisationId || selectedOrganisation?.id || "";
+    }
     validateContext();
-    const currentOrg = ensureOrganisationContext();
-    return currentOrg.id;
-  }, [validateContext, ensureOrganisationContext]);
+    return resolvedScope?.organisationId || "";
+  }, [validateContext, resolvedScope, selectedOrganisation, isSuperAdmin]);
   const setOrganisationContextInSession = useCallback(async (organisationId) => {
-    if (!supabase) {
-      throw new Error("No Supabase client available");
+    if (!supabase || !organisationId) {
+      return;
     }
     await setOrganisationContext(supabase, organisationId);
   }, [supabase]);
   const secureQuery = useCallback(async (table, columns, filters = {}, options = {}) => {
     validateContext();
-    const organisationId = getCurrentOrganisationId();
+    const bypassOrganisationFilter = isSuperAdmin;
+    const organisationId = bypassOrganisationFilter ? void 0 : getCurrentOrganisationId();
     await setOrganisationContextInSession(organisationId);
     let query = supabase.from(table).select(columns);
     const tablesWithOrganisation = [
@@ -98,10 +109,15 @@ function useSecureDataAccess() {
       "cake_unit",
       "event_app_access",
       "base_application",
-      "base_questions"
+      "base_questions",
+      // rbac_user_profiles has organisation_id but uses conditional filtering
+      "rbac_user_profiles"
     ];
-    if (tablesWithOrganisation.includes(table)) {
-      query = query.eq("organisation_id", organisationId);
+    if (!bypassOrganisationFilter && organisationId && tablesWithOrganisation.includes(table)) {
+      if (table === "rbac_user_profiles" && isSuperAdmin) {
+      } else {
+        query = query.eq("organisation_id", organisationId);
+      }
     }
     Object.entries(filters).forEach(([key, value]) => {
       if (value !== void 0 && value !== null) {
@@ -129,12 +145,13 @@ function useSecureDataAccess() {
     }
     recordDataAccess(table, "read", true, `SELECT ${columns} FROM ${table}`, filters);
     return data || [];
-  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);
+  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, isSuperAdmin]);
   const secureInsert = useCallback(async (table, data) => {
     validateContext();
-    const organisationId = getCurrentOrganisationId();
+    const bypassOrganisationFilter = isSuperAdmin;
+    const organisationId = bypassOrganisationFilter ? void 0 : getCurrentOrganisationId();
     await setOrganisationContextInSession(organisationId);
-    const secureData = {
+    const secureData = bypassOrganisationFilter ? { ...data } : {
       ...data,
       organisation_id: organisationId
     };
@@ -144,10 +161,11 @@ function useSecureDataAccess() {
       throw error;
     }
     return insertData;
-  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);
+  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, isSuperAdmin]);
   const secureUpdate = useCallback(async (table, data, filters) => {
     validateContext();
-    const organisationId = getCurrentOrganisationId();
+    const bypassOrganisationFilter = isSuperAdmin;
+    const organisationId = bypassOrganisationFilter ? void 0 : getCurrentOrganisationId();
     await setOrganisationContextInSession(organisationId);
     const { organisation_id, ...secureData } = data;
     let query = supabase.from(table).update(secureData);
@@ -166,7 +184,7 @@ function useSecureDataAccess() {
       "pace_person",
       "pace_member"
     ];
-    if (tablesWithOrganisation.includes(table)) {
+    if (!bypassOrganisationFilter && organisationId && tablesWithOrganisation.includes(table)) {
       query = query.eq("organisation_id", organisationId);
     }
     Object.entries(filters).forEach(([key, value]) => {
@@ -180,10 +198,11 @@ function useSecureDataAccess() {
       throw error;
     }
     return updateData || [];
-  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);
+  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, isSuperAdmin]);
   const secureDelete = useCallback(async (table, filters) => {
     validateContext();
-    const organisationId = getCurrentOrganisationId();
+    const bypassOrganisationFilter = isSuperAdmin;
+    const organisationId = bypassOrganisationFilter ? void 0 : getCurrentOrganisationId();
     await setOrganisationContextInSession(organisationId);
     let query = supabase.from(table).delete();
     const tablesWithOrganisation = [
@@ -238,7 +257,7 @@ function useSecureDataAccess() {
       "base_application",
       "base_questions"
     ];
-    if (tablesWithOrganisation.includes(table)) {
+    if (!bypassOrganisationFilter && organisationId && tablesWithOrganisation.includes(table)) {
       query = query.eq("organisation_id", organisationId);
     }
     Object.entries(filters).forEach(([key, value]) => {
@@ -251,10 +270,11 @@ function useSecureDataAccess() {
       logger.error("useSecureDataAccess", "Delete failed", { table, filters, error });
       throw error;
     }
-  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase]);
+  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, isSuperAdmin]);
   const secureRpc = useCallback(async (functionName, params = {}) => {
     validateContext();
-    const organisationId = getCurrentOrganisationId();
+    const bypassOrganisationFilter = isSuperAdmin;
+    const organisationId = bypassOrganisationFilter ? void 0 : getCurrentOrganisationId();
     await setOrganisationContextInSession(organisationId);
     const functionsWithPOrganisationId = [
       "data_cake_diners_list",
@@ -297,7 +317,11 @@ function useSecureDataAccess() {
     if (user?.id) {
       secureParams.p_user_id = user.id;
     }
-    secureParams[paramName] = organisationId;
+    if (!bypassOrganisationFilter && organisationId) {
+      secureParams[paramName] = organisationId;
+    } else if (organisationId && !(paramName in params)) {
+      secureParams[paramName] = organisationId;
+    }
     if (functionsNeedingEventId.includes(functionName) && selectedEvent?.event_id) {
       secureParams.p_event_id = selectedEvent.event_id;
     }
@@ -311,7 +335,7 @@ function useSecureDataAccess() {
       throw error;
     }
     return data;
-  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, selectedEvent?.event_id, user?.id]);
+  }, [validateContext, getCurrentOrganisationId, setOrganisationContextInSession, supabase, selectedEvent?.event_id, user?.id, isSuperAdmin]);
   const [dataAccessHistory, setDataAccessHistory] = useState([]);
   const [isStrictMode] = useState(true);
   const [isAuditLogEnabled] = useState(true);
@@ -342,11 +366,12 @@ function useSecureDataAccess() {
   }, [user?.id, validateContext, isDataAccessAllowed]);
   const recordDataAccess = useCallback((table, operation, allowed, query, filters) => {
     if (!isAuditLogEnabled || !user?.id) return;
+    const auditOrganisationId = getCurrentOrganisationId() || "super-admin-bypass";
     const record = {
       table,
       operation,
       userId: user.id,
-      organisationId: getCurrentOrganisationId(),
+      organisationId: auditOrganisationId,
       allowed,
       timestamp: (/* @__PURE__ */ new Date()).toISOString(),
       query,
@@ -361,7 +386,7 @@ function useSecureDataAccess() {
         table,
         operation,
         userId: user.id,
-        organisationId: getCurrentOrganisationId(),
+        organisationId: auditOrganisationId,
         timestamp: (/* @__PURE__ */ new Date()).toISOString()
       });
     }
@@ -388,4 +413,4 @@ function useSecureDataAccess() {
 export {
   useSecureDataAccess
 };
-//# sourceMappingURL=chunk-DDM4CCYT.js.map
+//# sourceMappingURL=chunk-4QYC5L4K.js.map