npm - @jmruthers/pace-core - Versions diffs - 0.5.189 → 0.5.190 - Mend

@jmruthers/pace-core 0.5.189 → 0.5.190

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (420) hide show

package/core-usage-manifest.json +0 -4
package/dist/{AuthService-B-cd2MA4.d.ts → AuthService-CbP_utw2.d.ts} +7 -3
package/dist/{DataTable-GUFUNZ3N.js → DataTable-ON3IXISJ.js} +8 -8
package/dist/{PublicPageProvider-B8HaLe69.d.ts → PublicPageProvider-C4uxosp6.d.ts} +83 -24
package/dist/{UnifiedAuthProvider-BG0AL5eE.d.ts → UnifiedAuthProvider-BYA9qB-o.d.ts} +4 -3
package/dist/{UnifiedAuthProvider-643PUAIM.js → UnifiedAuthProvider-X5NXANVI.js} +4 -2
package/dist/{api-YP7XD5L6.js → api-I6UCQ5S6.js} +4 -2
package/dist/{chunk-DDM4CCYT.js → chunk-4QYC5L4K.js} +60 -35
package/dist/chunk-4QYC5L4K.js.map +1 -0
package/dist/{chunk-IM4QE42D.js → chunk-73HSNNOQ.js} +141 -326
package/dist/chunk-73HSNNOQ.js.map +1 -0
package/dist/{chunk-YHCN776L.js → chunk-DZWK57KZ.js} +2 -75
package/dist/chunk-DZWK57KZ.js.map +1 -0
package/dist/{chunk-3GOZZZYH.js → chunk-HQVPB5MZ.js} +238 -301
package/dist/chunk-HQVPB5MZ.js.map +1 -0
package/dist/{chunk-THRPYOFK.js → chunk-HW3OVDUF.js} +5 -5
package/dist/chunk-HW3OVDUF.js.map +1 -0
package/dist/{chunk-F2IMUDXZ.js → chunk-I7PSE6JW.js} +75 -2
package/dist/chunk-I7PSE6JW.js.map +1 -0
package/dist/{chunk-VGZZXKBR.js → chunk-J2XXC7R5.js} +280 -52
package/dist/chunk-J2XXC7R5.js.map +1 -0
package/dist/{chunk-UCQSRW7Z.js → chunk-NIU6J6OX.js} +425 -378
package/dist/chunk-NIU6J6OX.js.map +1 -0
package/dist/{chunk-HESYZWZW.js → chunk-QWWZ5CAQ.js} +2 -2
package/dist/{chunk-HEHYGYOX.js → chunk-RUYZKXOD.js} +401 -46
package/dist/chunk-RUYZKXOD.js.map +1 -0
package/dist/{chunk-2UUZZJFT.js → chunk-SDMHPX3X.js} +176 -160
package/dist/{chunk-2UUZZJFT.js.map → chunk-SDMHPX3X.js.map} +1 -1
package/dist/{chunk-MX64ZF6I.js → chunk-STYK4OH2.js} +11 -11
package/dist/chunk-STYK4OH2.js.map +1 -0
package/dist/{chunk-YGPFYGA6.js → chunk-VVBAW5A5.js} +822 -498
package/dist/chunk-VVBAW5A5.js.map +1 -0
package/dist/chunk-Y4BUBBHD.js +614 -0
package/dist/chunk-Y4BUBBHD.js.map +1 -0
package/dist/{chunk-SAUPYVLF.js → chunk-ZSAAAMVR.js} +1 -1
package/dist/chunk-ZSAAAMVR.js.map +1 -0
package/dist/components.d.ts +3 -4
package/dist/components.js +19 -19
package/dist/components.js.map +1 -1
package/dist/eslint-rules/pace-core-compliance.cjs +0 -2
package/dist/{file-reference-D037xOFK.d.ts → file-reference-BavO2eQj.d.ts} +13 -10
package/dist/hooks.d.ts +10 -5
package/dist/hooks.js +14 -8
package/dist/hooks.js.map +1 -1
package/dist/index.d.ts +13 -11
package/dist/index.js +79 -69
package/dist/index.js.map +1 -1
package/dist/providers.d.ts +3 -3
package/dist/providers.js +3 -1
package/dist/rbac/index.d.ts +76 -12
package/dist/rbac/index.js +12 -9
package/dist/types.d.ts +1 -1
package/dist/types.js +1 -1
package/dist/{usePublicRouteParams-CTDELQ7H.d.ts → usePublicRouteParams-DxIDS4bC.d.ts} +16 -9
package/dist/utils.js +16 -16
package/docs/README.md +2 -2
package/docs/api/classes/ColumnFactory.md +1 -1
package/docs/api/classes/ErrorBoundary.md +1 -1
package/docs/api/classes/InvalidScopeError.md +2 -2
package/docs/api/classes/Logger.md +1 -1
package/docs/api/classes/MissingUserContextError.md +2 -2
package/docs/api/classes/OrganisationContextRequiredError.md +1 -1
package/docs/api/classes/PermissionDeniedError.md +1 -1
package/docs/api/classes/RBACAuditManager.md +1 -1
package/docs/api/classes/RBACCache.md +1 -1
package/docs/api/classes/RBACEngine.md +4 -4
package/docs/api/classes/RBACError.md +1 -1
package/docs/api/classes/RBACNotInitializedError.md +2 -2
package/docs/api/classes/SecureSupabaseClient.md +21 -16
package/docs/api/classes/StorageUtils.md +7 -4
package/docs/api/enums/FileCategory.md +1 -1
package/docs/api/enums/LogLevel.md +1 -1
package/docs/api/enums/RBACErrorCode.md +1 -1
package/docs/api/enums/RPCFunction.md +1 -1
package/docs/api/interfaces/AddressFieldProps.md +1 -1
package/docs/api/interfaces/AddressFieldRef.md +1 -1
package/docs/api/interfaces/AggregateConfig.md +1 -1
package/docs/api/interfaces/AutocompleteOptions.md +1 -1
package/docs/api/interfaces/AvatarProps.md +1 -1
package/docs/api/interfaces/BadgeProps.md +1 -1
package/docs/api/interfaces/ButtonProps.md +1 -1
package/docs/api/interfaces/CalendarProps.md +20 -6
package/docs/api/interfaces/CardProps.md +1 -1
package/docs/api/interfaces/ColorPalette.md +1 -1
package/docs/api/interfaces/ColorShade.md +1 -1
package/docs/api/interfaces/ComplianceResult.md +1 -1
package/docs/api/interfaces/DataAccessRecord.md +9 -9
package/docs/api/interfaces/DataRecord.md +1 -1
package/docs/api/interfaces/DataTableAction.md +1 -1
package/docs/api/interfaces/DataTableColumn.md +1 -1
package/docs/api/interfaces/DataTableProps.md +1 -1
package/docs/api/interfaces/DataTableToolbarButton.md +1 -1
package/docs/api/interfaces/DatabaseComplianceResult.md +1 -1
package/docs/api/interfaces/DatabaseIssue.md +1 -1
package/docs/api/interfaces/EmptyStateConfig.md +1 -1
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +1 -1
package/docs/api/interfaces/EventAppRoleData.md +1 -1
package/docs/api/interfaces/ExportColumn.md +1 -1
package/docs/api/interfaces/ExportOptions.md +1 -1
package/docs/api/interfaces/FileDisplayProps.md +62 -16
package/docs/api/interfaces/FileMetadata.md +1 -1
package/docs/api/interfaces/FileReference.md +2 -2
package/docs/api/interfaces/FileSizeLimits.md +1 -1
package/docs/api/interfaces/FileUploadOptions.md +26 -12
package/docs/api/interfaces/FileUploadProps.md +30 -19
package/docs/api/interfaces/FooterProps.md +1 -1
package/docs/api/interfaces/FormFieldProps.md +1 -1
package/docs/api/interfaces/FormProps.md +1 -1
package/docs/api/interfaces/GrantEventAppRoleParams.md +1 -1
package/docs/api/interfaces/InactivityWarningModalProps.md +1 -1
package/docs/api/interfaces/InputProps.md +1 -1
package/docs/api/interfaces/LabelProps.md +1 -1
package/docs/api/interfaces/LoggerConfig.md +1 -1
package/docs/api/interfaces/LoginFormProps.md +1 -1
package/docs/api/interfaces/NavigationAccessRecord.md +10 -10
package/docs/api/interfaces/NavigationContextType.md +9 -9
package/docs/api/interfaces/NavigationGuardProps.md +1 -1
package/docs/api/interfaces/NavigationItem.md +1 -1
package/docs/api/interfaces/NavigationMenuProps.md +1 -1
package/docs/api/interfaces/NavigationProviderProps.md +7 -7
package/docs/api/interfaces/Organisation.md +1 -1
package/docs/api/interfaces/OrganisationContextType.md +1 -1
package/docs/api/interfaces/OrganisationMembership.md +1 -1
package/docs/api/interfaces/OrganisationProviderProps.md +1 -1
package/docs/api/interfaces/OrganisationSecurityError.md +1 -1
package/docs/api/interfaces/PaceAppLayoutProps.md +1 -1
package/docs/api/interfaces/PaceLoginPageProps.md +1 -1
package/docs/api/interfaces/PageAccessRecord.md +8 -8
package/docs/api/interfaces/PagePermissionContextType.md +8 -8
package/docs/api/interfaces/PagePermissionGuardProps.md +1 -1
package/docs/api/interfaces/PagePermissionProviderProps.md +7 -7
package/docs/api/interfaces/PaletteData.md +1 -1
package/docs/api/interfaces/ParsedAddress.md +1 -1
package/docs/api/interfaces/PermissionEnforcerProps.md +1 -1
package/docs/api/interfaces/ProgressProps.md +3 -11
package/docs/api/interfaces/ProtectedRouteProps.md +1 -1
package/docs/api/interfaces/PublicPageFooterProps.md +1 -1
package/docs/api/interfaces/PublicPageHeaderProps.md +1 -1
package/docs/api/interfaces/PublicPageLayoutProps.md +1 -1
package/docs/api/interfaces/QuickFix.md +1 -1
package/docs/api/interfaces/RBACAccessValidateParams.md +1 -1
package/docs/api/interfaces/RBACAccessValidateResult.md +1 -1
package/docs/api/interfaces/RBACAuditLogParams.md +1 -1
package/docs/api/interfaces/RBACAuditLogResult.md +1 -1
package/docs/api/interfaces/RBACConfig.md +1 -1
package/docs/api/interfaces/RBACContext.md +1 -1
package/docs/api/interfaces/RBACLogger.md +1 -1
package/docs/api/interfaces/RBACPageAccessCheckParams.md +1 -1
package/docs/api/interfaces/RBACPerformanceMetrics.md +1 -1
package/docs/api/interfaces/RBACPermissionCheckParams.md +1 -1
package/docs/api/interfaces/RBACPermissionCheckResult.md +1 -1
package/docs/api/interfaces/RBACPermissionsGetParams.md +1 -1
package/docs/api/interfaces/RBACPermissionsGetResult.md +1 -1
package/docs/api/interfaces/RBACResult.md +1 -1
package/docs/api/interfaces/RBACRoleGrantParams.md +1 -1
package/docs/api/interfaces/RBACRoleGrantResult.md +1 -1
package/docs/api/interfaces/RBACRoleRevokeParams.md +1 -1
package/docs/api/interfaces/RBACRoleRevokeResult.md +1 -1
package/docs/api/interfaces/RBACRoleValidateParams.md +1 -1
package/docs/api/interfaces/RBACRoleValidateResult.md +1 -1
package/docs/api/interfaces/RBACRolesListParams.md +1 -1
package/docs/api/interfaces/RBACRolesListResult.md +1 -1
package/docs/api/interfaces/RBACSessionTrackParams.md +1 -1
package/docs/api/interfaces/RBACSessionTrackResult.md +1 -1
package/docs/api/interfaces/ResourcePermissions.md +1 -1
package/docs/api/interfaces/RevokeEventAppRoleParams.md +1 -1
package/docs/api/interfaces/RoleBasedRouterContextType.md +8 -8
package/docs/api/interfaces/RoleBasedRouterProps.md +10 -10
package/docs/api/interfaces/RoleManagementResult.md +1 -1
package/docs/api/interfaces/RouteAccessRecord.md +10 -10
package/docs/api/interfaces/RouteConfig.md +10 -10
package/docs/api/interfaces/RuntimeComplianceResult.md +1 -1
package/docs/api/interfaces/SecureDataContextType.md +9 -9
package/docs/api/interfaces/SecureDataProviderProps.md +8 -8
package/docs/api/interfaces/SessionRestorationLoaderProps.md +1 -1
package/docs/api/interfaces/SetupIssue.md +1 -1
package/docs/api/interfaces/StorageConfig.md +4 -4
package/docs/api/interfaces/StorageFileInfo.md +7 -7
package/docs/api/interfaces/StorageFileMetadata.md +25 -14
package/docs/api/interfaces/StorageListOptions.md +22 -9
package/docs/api/interfaces/StorageListResult.md +4 -4
package/docs/api/interfaces/StorageUploadOptions.md +21 -8
package/docs/api/interfaces/StorageUploadResult.md +6 -6
package/docs/api/interfaces/StorageUrlOptions.md +19 -6
package/docs/api/interfaces/StyleImport.md +1 -1
package/docs/api/interfaces/SwitchProps.md +1 -1
package/docs/api/interfaces/TabsContentProps.md +1 -1
package/docs/api/interfaces/TabsListProps.md +1 -1
package/docs/api/interfaces/TabsProps.md +1 -1
package/docs/api/interfaces/TabsTriggerProps.md +1 -1
package/docs/api/interfaces/TextareaProps.md +1 -1
package/docs/api/interfaces/ToastActionElement.md +1 -1
package/docs/api/interfaces/ToastProps.md +1 -1
package/docs/api/interfaces/UnifiedAuthContextType.md +53 -53
package/docs/api/interfaces/UnifiedAuthProviderProps.md +13 -13
package/docs/api/interfaces/UseFormDialogOptions.md +1 -1
package/docs/api/interfaces/UseFormDialogReturn.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerOptions.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventReturn.md +1 -1
package/docs/api/interfaces/UsePublicFileDisplayOptions.md +1 -1
package/docs/api/interfaces/UsePublicFileDisplayReturn.md +1 -1
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +1 -1
package/docs/api/interfaces/UseResolvedScopeOptions.md +4 -4
package/docs/api/interfaces/UseResolvedScopeReturn.md +4 -4
package/docs/api/interfaces/UseResourcePermissionsOptions.md +1 -1
package/docs/api/interfaces/UserEventAccess.md +11 -11
package/docs/api/interfaces/UserMenuProps.md +1 -1
package/docs/api/interfaces/UserProfile.md +1 -1
package/docs/api/modules.md +151 -92
package/docs/api-reference/components.md +15 -7
package/docs/api-reference/providers.md +2 -2
package/docs/api-reference/rpc-functions.md +1 -0
package/docs/best-practices/README.md +1 -1
package/docs/best-practices/deployment.md +8 -8
package/docs/getting-started/examples/README.md +2 -2
package/docs/getting-started/installation-guide.md +4 -4
package/docs/getting-started/quick-start.md +3 -3
package/docs/migration/MIGRATION_GUIDE.md +3 -3
package/docs/rbac/compliance/compliance-guide.md +2 -2
package/docs/rbac/event-based-apps.md +2 -2
package/docs/rbac/getting-started.md +2 -2
package/docs/rbac/quick-start.md +2 -2
package/docs/security/README.md +4 -4
package/docs/standards/07-rbac-and-rls-standard.md +430 -7
package/docs/troubleshooting/README.md +2 -2
package/docs/troubleshooting/migration.md +3 -3
package/package.json +1 -3
package/scripts/check-pace-core-compliance.cjs +1 -1
package/scripts/check-pace-core-compliance.js +1 -1
package/src/__tests__/fixtures/supabase.ts +301 -0
package/src/__tests__/public-recipe-view.test.ts +9 -9
package/src/__tests__/rls-policies.test.ts +197 -61
package/src/components/AddressField/AddressField.test.tsx +42 -0
package/src/components/AddressField/AddressField.tsx +71 -60
package/src/components/AddressField/README.md +1 -0
package/src/components/Alert/Alert.test.tsx +50 -10
package/src/components/Alert/Alert.tsx +5 -3
package/src/components/Avatar/Avatar.test.tsx +95 -43
package/src/components/Avatar/Avatar.tsx +16 -16
package/src/components/Button/Button.test.tsx +2 -1
package/src/components/Button/Button.tsx +3 -3
package/src/components/Calendar/Calendar.test.tsx +53 -37
package/src/components/Calendar/Calendar.tsx +409 -82
package/src/components/Card/Card.test.tsx +7 -4
package/src/components/Card/Card.tsx +3 -6
package/src/components/Checkbox/Checkbox.tsx +2 -2
package/src/components/DataTable/components/ActionButtons.tsx +5 -5
package/src/components/DataTable/components/BulkOperationsDropdown.tsx +2 -2
package/src/components/DataTable/components/ColumnFilter.tsx +1 -1
package/src/components/DataTable/components/ColumnVisibilityDropdown.tsx +3 -3
package/src/components/DataTable/components/DataTableBody.tsx +12 -12
package/src/components/DataTable/components/DataTableCore.tsx +3 -3
package/src/components/DataTable/components/DataTableToolbar.tsx +5 -5
package/src/components/DataTable/components/DraggableColumnHeader.tsx +3 -3
package/src/components/DataTable/components/EditableRow.tsx +2 -2
package/src/components/DataTable/components/EmptyState.tsx +3 -3
package/src/components/DataTable/components/GroupHeader.tsx +2 -2
package/src/components/DataTable/components/GroupingDropdown.tsx +1 -1
package/src/components/DataTable/components/ImportModal.tsx +4 -4
package/src/components/DataTable/components/LoadingState.tsx +1 -1
package/src/components/DataTable/components/PaginationControls.tsx +11 -11
package/src/components/DataTable/components/UnifiedTableBody.tsx +9 -9
package/src/components/DataTable/components/ViewRowModal.tsx +2 -2
package/src/components/DataTable/components/__tests__/AccessDeniedPage.test.tsx +11 -37
package/src/components/DataTable/components/__tests__/DataTableToolbar.test.tsx +157 -0
package/src/components/DataTable/components/__tests__/LoadingState.test.tsx +2 -1
package/src/components/DataTable/components/__tests__/VirtualizedDataTable.test.tsx +128 -0
package/src/components/DataTable/core/__tests__/ActionManager.test.ts +19 -0
package/src/components/DataTable/core/__tests__/ColumnFactory.test.ts +51 -0
package/src/components/DataTable/core/__tests__/ColumnManager.test.ts +84 -0
package/src/components/DataTable/core/__tests__/DataManager.test.ts +14 -0
package/src/components/DataTable/core/__tests__/DataTableContext.test.tsx +136 -0
package/src/components/DataTable/core/__tests__/LocalDataAdapter.test.ts +16 -0
package/src/components/DataTable/core/__tests__/PluginRegistry.test.ts +18 -0
package/src/components/DataTable/hooks/useDataTablePermissions.ts +28 -7
package/src/components/DataTable/utils/__tests__/hierarchicalUtils.test.ts +30 -1
package/src/components/DataTable/utils/hierarchicalUtils.ts +38 -10
package/src/components/DatePickerWithTimezone/DatePickerWithTimezone.test.tsx +8 -3
package/src/components/DatePickerWithTimezone/DatePickerWithTimezone.tsx +4 -4
package/src/components/Dialog/Dialog.tsx +2 -2
package/src/components/EventSelector/EventSelector.tsx +7 -7
package/src/components/FileDisplay/FileDisplay.tsx +291 -179
package/src/components/FileUpload/FileUpload.tsx +7 -4
package/src/components/Header/Header.test.tsx +28 -0
package/src/components/Header/Header.tsx +22 -9
package/src/components/InactivityWarningModal/InactivityWarningModal.tsx +2 -2
package/src/components/LoadingSpinner/LoadingSpinner.test.tsx +19 -14
package/src/components/LoadingSpinner/LoadingSpinner.tsx +5 -5
package/src/components/NavigationMenu/NavigationMenu.test.tsx +127 -1
package/src/components/OrganisationSelector/OrganisationSelector.tsx +8 -8
package/src/components/PaceAppLayout/PaceAppLayout.integration.test.tsx +4 -0
package/src/components/PaceAppLayout/PaceAppLayout.performance.test.tsx +3 -0
package/src/components/PaceAppLayout/PaceAppLayout.security.test.tsx +3 -0
package/src/components/PaceAppLayout/PaceAppLayout.test.tsx +16 -6
package/src/components/PaceAppLayout/PaceAppLayout.tsx +37 -3
package/src/components/PaceAppLayout/test-setup.tsx +1 -0
package/src/components/PaceLoginPage/PaceLoginPage.test.tsx +66 -45
package/src/components/PaceLoginPage/PaceLoginPage.tsx +6 -4
package/src/components/Progress/Progress.test.tsx +18 -19
package/src/components/Progress/Progress.tsx +31 -32
package/src/components/PublicLayout/PublicLayout.test.tsx +6 -6
package/src/components/PublicLayout/PublicPageProvider.tsx +5 -3
package/src/components/Select/Select.tsx +5 -5
package/src/components/Switch/Switch.test.tsx +2 -1
package/src/components/Switch/Switch.tsx +1 -1
package/src/components/Toast/Toast.tsx +1 -1
package/src/components/Tooltip/Tooltip.test.tsx +8 -2
package/src/components/UserMenu/UserMenu.tsx +3 -3
package/src/eslint-rules/pace-core-compliance.cjs +0 -2
package/src/eslint-rules/pace-core-compliance.js +0 -2
package/src/hooks/__tests__/hooks.integration.test.tsx +4 -1
package/src/hooks/__tests__/useAppConfig.unit.test.ts +76 -5
package/src/hooks/__tests__/useDataTableState.test.ts +76 -0
package/src/hooks/__tests__/useFileUrl.unit.test.ts +25 -69
package/src/hooks/__tests__/useFileUrlCache.test.ts +129 -0
package/src/hooks/__tests__/usePreventTabReload.test.ts +88 -0
package/src/hooks/__tests__/{usePublicEvent.unit.test.ts → usePublicEvent.test.ts} +28 -1
package/src/hooks/__tests__/useQueryCache.test.ts +144 -0
package/src/hooks/__tests__/useSecureDataAccess.unit.test.tsx +58 -16
package/src/hooks/index.ts +1 -1
package/src/hooks/public/usePublicEvent.ts +2 -2
package/src/hooks/public/usePublicFileDisplay.ts +173 -87
package/src/hooks/useAppConfig.ts +24 -5
package/src/hooks/useFileDisplay.ts +297 -34
package/src/hooks/useFileReference.ts +56 -11
package/src/hooks/useFileUrl.ts +1 -1
package/src/hooks/useInactivityTracker.ts +16 -7
package/src/hooks/usePermissionCache.test.ts +85 -8
package/src/hooks/useQueryCache.ts +21 -0
package/src/hooks/useSecureDataAccess.test.ts +80 -35
package/src/hooks/useSecureDataAccess.ts +80 -37
package/src/providers/services/EventServiceProvider.tsx +37 -17
package/src/providers/services/InactivityServiceProvider.tsx +4 -4
package/src/providers/services/OrganisationServiceProvider.tsx +8 -1
package/src/providers/services/UnifiedAuthProvider.tsx +115 -29
package/src/rbac/__tests__/auth-rbac.e2e.test.tsx +451 -0
package/src/rbac/__tests__/engine.comprehensive.test.ts +12 -0
package/src/rbac/__tests__/rbac-engine-core-logic.test.ts +8 -0
package/src/rbac/__tests__/rbac-engine-simplified.test.ts +4 -0
package/src/rbac/api.ts +240 -36
package/src/rbac/cache-invalidation.ts +21 -7
package/src/rbac/compliance/quick-fix-suggestions.ts +1 -1
package/src/rbac/components/NavigationGuard.tsx +23 -63
package/src/rbac/components/NavigationProvider.test.tsx +52 -23
package/src/rbac/components/NavigationProvider.tsx +13 -11
package/src/rbac/components/PagePermissionGuard.tsx +77 -203
package/src/rbac/components/PagePermissionProvider.tsx +13 -11
package/src/rbac/components/PermissionEnforcer.tsx +24 -62
package/src/rbac/components/RoleBasedRouter.tsx +14 -12
package/src/rbac/components/SecureDataProvider.tsx +13 -11
package/src/rbac/components/__tests__/NavigationGuard.test.tsx +104 -41
package/src/rbac/components/__tests__/NavigationProvider.test.tsx +49 -12
package/src/rbac/components/__tests__/PagePermissionGuard.race-condition.test.tsx +22 -1
package/src/rbac/components/__tests__/PagePermissionGuard.test.tsx +161 -82
package/src/rbac/components/__tests__/PagePermissionGuard.verification.test.tsx +22 -1
package/src/rbac/components/__tests__/PermissionEnforcer.test.tsx +77 -30
package/src/rbac/components/__tests__/RoleBasedRouter.test.tsx +39 -5
package/src/rbac/components/__tests__/SecureDataProvider.test.tsx +47 -4
package/src/rbac/engine.ts +4 -2
package/src/rbac/hooks/__tests__/useSecureSupabase.test.ts +144 -52
package/src/rbac/hooks/index.ts +3 -0
package/src/rbac/hooks/useCan.test.ts +101 -53
package/src/rbac/hooks/usePermissions.ts +108 -41
package/src/rbac/hooks/useRBAC.test.ts +11 -3
package/src/rbac/hooks/useRBAC.ts +83 -40
package/src/rbac/hooks/useResolvedScope.test.ts +189 -63
package/src/rbac/hooks/useResolvedScope.ts +128 -70
package/src/rbac/hooks/useSecureSupabase.ts +36 -19
package/src/rbac/hooks/useSuperAdminBypass.ts +126 -0
package/src/rbac/request-deduplication.ts +1 -1
package/src/rbac/secureClient.ts +72 -12
package/src/rbac/security.ts +29 -23
package/src/rbac/types.ts +10 -0
package/src/rbac/utils/__tests__/contextValidator.test.ts +150 -0
package/src/rbac/utils/__tests__/deep-equal.test.ts +53 -0
package/src/rbac/utils/__tests__/eventContext.test.ts +6 -1
package/src/rbac/utils/contextValidator.ts +288 -0
package/src/rbac/utils/eventContext.ts +48 -2
package/src/services/EventService.ts +165 -21
package/src/services/OrganisationService.ts +37 -2
package/src/services/__tests__/EventService.test.ts +26 -21
package/src/types/file-reference.ts +13 -10
package/src/utils/app/appNameResolver.test.ts +346 -73
package/src/utils/context/superAdminOverride.ts +58 -0
package/src/utils/file-reference/index.ts +61 -33
package/src/utils/google-places/googlePlacesUtils.test.ts +98 -0
package/src/utils/google-places/loadGoogleMapsScript.test.ts +83 -0
package/src/utils/storage/helpers.test.ts +1 -1
package/src/utils/storage/helpers.ts +38 -19
package/src/utils/storage/types.ts +15 -8
package/src/utils/validation/__tests__/csrf.test.ts +105 -0
package/src/utils/validation/__tests__/sqlInjectionProtection.test.ts +92 -0
package/src/vite-env.d.ts +2 -2
package/dist/chunk-3GOZZZYH.js.map +0 -1
package/dist/chunk-DDM4CCYT.js.map +0 -1
package/dist/chunk-E7UAOUMY.js +0 -75
package/dist/chunk-E7UAOUMY.js.map +0 -1
package/dist/chunk-F2IMUDXZ.js.map +0 -1
package/dist/chunk-HEHYGYOX.js.map +0 -1
package/dist/chunk-IM4QE42D.js.map +0 -1
package/dist/chunk-MX64ZF6I.js.map +0 -1
package/dist/chunk-SAUPYVLF.js.map +0 -1
package/dist/chunk-THRPYOFK.js.map +0 -1
package/dist/chunk-UCQSRW7Z.js.map +0 -1
package/dist/chunk-VGZZXKBR.js.map +0 -1
package/dist/chunk-YGPFYGA6.js.map +0 -1
package/dist/chunk-YHCN776L.js.map +0 -1
package/src/hooks/__tests__/usePermissionCache.simple.test.ts +0 -192
package/src/hooks/__tests__/usePermissionCache.unit.test.ts +0 -741
package/src/hooks/__tests__/usePublicEvent.simple.test.ts +0 -703
package/src/rbac/hooks/useRBAC.simple.test.ts +0 -95
package/src/rbac/utils/__tests__/eventContext.unit.test.ts +0 -428
/package/dist/{DataTable-GUFUNZ3N.js.map → DataTable-ON3IXISJ.js.map} +0 -0
/package/dist/{UnifiedAuthProvider-643PUAIM.js.map → UnifiedAuthProvider-X5NXANVI.js.map} +0 -0
/package/dist/{api-YP7XD5L6.js.map → api-I6UCQ5S6.js.map} +0 -0
/package/dist/{chunk-HESYZWZW.js.map → chunk-QWWZ5CAQ.js.map} +0 -0

package/dist/{chunk-IM4QE42D.js → chunk-73HSNNOQ.js} RENAMED Viewed

@@ -1,23 +1,25 @@
 import {
-  createScopeFromEvent,
   scopeEqual,
   useAccessLevel,
   useCan,
   useMultiplePermissions
-} from "./chunk-3GOZZZYH.js";
+} from "./chunk-HQVPB5MZ.js";
+import {
+  useSecureDataAccess
+} from "./chunk-4QYC5L4K.js";
+import {
+  useResolvedScope
+} from "./chunk-Y4BUBBHD.js";
+import {
+  useUnifiedAuth
+} from "./chunk-J2XXC7R5.js";
 import {
   RBACCache,
   RBACNotInitializedError,
   getRBACConfig,
   getRBACLogger,
   rbacCache
-} from "./chunk-HEHYGYOX.js";
-import {
-  useSecureDataAccess
-} from "./chunk-DDM4CCYT.js";
-import {
-  useUnifiedAuth
-} from "./chunk-VGZZXKBR.js";
+} from "./chunk-RUYZKXOD.js";
 import {
   createLogger,
   logger
@@ -74,17 +76,15 @@ function PagePermissionProvider({
   onStrictModeViolation,
   maxHistorySize = 1e3
 }) {
-  const { user, selectedOrganisation, selectedEvent } = useUnifiedAuth();
+  const { user, selectedOrganisation, selectedEvent, supabase } = useUnifiedAuth();
   const [pageAccessHistory, setPageAccessHistory] = useState([]);
   const [isEnabled, setIsEnabled] = useState(true);
-  const currentScope = useMemo(() => {
-    if (!selectedOrganisation) return null;
-    return {
-      organisationId: selectedOrganisation.id,
-      eventId: selectedEvent?.event_id || void 0,
-      appId: void 0
-    };
-  }, [selectedOrganisation, selectedEvent]);
+  const { resolvedScope } = useResolvedScope({
+    supabase,
+    selectedOrganisationId: selectedOrganisation?.id || null,
+    selectedEventId: selectedEvent?.event_id || null
+  });
+  const currentScope = resolvedScope;
   const hasPagePermission = useCallback((pageName, operation, pageId, scope) => {
     if (!isEnabled) return true;
     if (!user?.id) return false;
@@ -175,156 +175,28 @@ var PagePermissionGuardComponent = ({
   const renderCountRef = useRef(0);
   renderCountRef.current += 1;
   const instanceId = useMemo2(() => Math.random().toString(36).substr(2, 9), []);
-  const { user, selectedOrganisation, selectedEvent, supabase, appId: contextAppId } = useUnifiedAuth();
+  const { user, selectedOrganisation, selectedEvent, supabase, appId: contextAppId, appName } = useUnifiedAuth();
   const [hasChecked, setHasChecked] = useState2(false);
-  const [checkError, setCheckError] = useState2(null);
-  const [resolvedScope, setResolvedScope] = useState2(null);
-  const scopeResolutionAbortRef = useRef(null);
-  const supabaseRef = useRef(supabase);
-  supabaseRef.current = supabase;
-  useEffect2(() => {
-    const abortController = new AbortController();
-    scopeResolutionAbortRef.current?.abort();
-    scopeResolutionAbortRef.current = abortController;
-    const { signal } = abortController;
-    const safeSetResolvedScope = (value) => {
-      if (!signal.aborted) {
-        setResolvedScope(value);
-      }
-    };
-    const safeSetCheckError = (value) => {
-      if (!signal.aborted) {
-        setCheckError(value);
-      }
-    };
-    const resolveScope = async () => {
-      if (signal.aborted) {
-        return;
-      }
-      if (scope) {
-        safeSetResolvedScope(scope);
-        safeSetCheckError(null);
-        return;
-      }
-      const appId = contextAppId;
-      if (signal.aborted) {
-        return;
-      }
-      if (selectedOrganisation && selectedEvent) {
-        if (!appId) {
-          const logger3 = getRBACLogger();
-          if (import.meta.env.MODE === "test") {
-            logger3.warn("App ID not resolved in test environment, proceeding without it");
-          } else {
-            logger3.error("CRITICAL: App ID not resolved. Check console for details.");
-            safeSetCheckError(new Error("App ID not resolved. Check console for database errors."));
-            safeSetResolvedScope(null);
-            return;
-          }
-        }
-        if (import.meta.env.MODE === "production" && appId) {
-          const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
-          if (!uuidRegex.test(appId)) {
-            const logger3 = getRBACLogger();
-            logger3.error("CRITICAL: App ID is not a valid UUID:", appId);
-            safeSetCheckError(new Error(`Invalid app ID format: ${appId}. Expected UUID.`));
-            safeSetResolvedScope(null);
-            return;
-          }
-        }
-        const resolvedContext = {
-          organisationId: selectedOrganisation.id,
-          eventId: selectedEvent.event_id,
-          appId
-        };
-        safeSetResolvedScope(resolvedContext);
-        safeSetCheckError(null);
-        return;
-      }
-      if (signal.aborted) {
-        return;
-      }
-      if (selectedOrganisation) {
-        if (!appId) {
-          const logger3 = getRBACLogger();
-          if (import.meta.env.MODE === "test") {
-            logger3.warn("App ID not resolved in test environment, proceeding without it");
-          } else {
-            logger3.error("CRITICAL: App ID not resolved. Check console for details.");
-            safeSetCheckError(new Error("App ID not resolved. Check console for database errors."));
-            safeSetResolvedScope(null);
-            return;
-          }
-        }
-        if (import.meta.env.MODE === "production" && appId) {
-          const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
-          if (!uuidRegex.test(appId)) {
-            const logger3 = getRBACLogger();
-            logger3.error("CRITICAL: App ID is not a valid UUID:", appId);
-            safeSetCheckError(new Error(`Invalid app ID format: ${appId}. Expected UUID.`));
-            safeSetResolvedScope(null);
-            return;
-          }
-        }
-        const resolvedContext = {
-          organisationId: selectedOrganisation.id,
-          eventId: selectedEvent?.event_id || void 0,
-          appId
-        };
-        safeSetResolvedScope(resolvedContext);
-        safeSetCheckError(null);
-        return;
-      }
-      if (signal.aborted) {
-        return;
-      }
-      if (selectedEvent && supabaseRef.current) {
-        try {
-          const eventScope = await createScopeFromEvent(supabaseRef.current, selectedEvent.event_id);
-          if (signal.aborted) {
-            return;
-          }
-          if (!eventScope) {
-            safeSetCheckError(new Error("Could not resolve organization from event context"));
-            safeSetResolvedScope(null);
-            return;
-          }
-          safeSetResolvedScope({
-            ...eventScope,
-            appId: appId || eventScope.appId
-          });
-          safeSetCheckError(null);
-        } catch (error2) {
-          if (signal.aborted) {
-            return;
-          }
-          safeSetCheckError(error2);
-          safeSetResolvedScope(null);
-        }
-        return;
-      }
-      if (signal.aborted) {
-        return;
-      }
-      const errorMessage = !selectedOrganisation && !selectedEvent ? "Either organisation context or event context is required for page permission checking" : "Insufficient context for permission checking. Please ensure you are properly authenticated and have selected an organisation or event.";
-      const logger2 = getRBACLogger();
-      logger2.error("Context resolution failed:", {
-        selectedOrganisation: selectedOrganisation ? selectedOrganisation.id : null,
-        selectedEvent: selectedEvent ? selectedEvent.event_id : null,
-        appId,
-        error: errorMessage
-      });
-      safeSetCheckError(new Error(errorMessage));
-      safeSetResolvedScope(null);
-    };
-    resolveScope();
-    return () => {
-      abortController.abort();
-      if (scopeResolutionAbortRef.current === abortController) {
-        scopeResolutionAbortRef.current = null;
-      }
-    };
-  }, [scope, selectedOrganisation, selectedEvent]);
+  const { resolvedScope: hookResolvedScope, isLoading: scopeLoading, error: scopeError } = useResolvedScope({
+    supabase,
+    selectedOrganisationId: selectedOrganisation?.id || null,
+    selectedEventId: selectedEvent?.event_id || null
+  });
+  const allowsOptionalContexts = appName === "PORTAL" || appName === "ADMIN";
+  const effectiveScope = scope || (hookResolvedScope ? {
+    ...hookResolvedScope,
+    appId: hookResolvedScope.appId || (allowsOptionalContexts ? contextAppId : void 0)
+  } : allowsOptionalContexts && contextAppId ? {
+    organisationId: void 0,
+    eventId: void 0,
+    appId: contextAppId
+  } : selectedEvent?.event_id ? {
+    organisationId: void 0,
+    // Will be derived from event
+    eventId: selectedEvent.event_id,
+    appId: contextAppId || void 0
+  } : null);
+  const checkError = scopeError;
   const effectivePageId = useMemo2(() => {
     return pageId || pageName;
   }, [pageId, pageName]);
@@ -333,36 +205,52 @@ var PagePermissionGuardComponent = ({
   }, [operation, pageName]);
   const prevScopeRef = useRef(null);
   const stableScope = useMemo2(() => {
-    const newScope = resolvedScope && resolvedScope.organisationId ? {
-      organisationId: resolvedScope.organisationId,
-      appId: resolvedScope.appId || void 0,
-      eventId: resolvedScope.eventId || void 0
-    } : { organisationId: void 0, appId: void 0, eventId: void 0 };
+    if (allowsOptionalContexts && effectiveScope) {
+      const newScope2 = {
+        organisationId: effectiveScope.organisationId,
+        appId: effectiveScope.appId || contextAppId || void 0,
+        eventId: effectiveScope.eventId
+      };
+      if (scopeEqual(prevScopeRef.current, newScope2)) {
+        return prevScopeRef.current;
+      }
+      prevScopeRef.current = newScope2;
+      return newScope2;
+    }
+    const newScope = effectiveScope && effectiveScope.organisationId ? {
+      organisationId: effectiveScope.organisationId,
+      appId: effectiveScope.appId || contextAppId || void 0,
+      eventId: effectiveScope.eventId || void 0
+    } : {
+      organisationId: effectiveScope?.organisationId || void 0,
+      appId: effectiveScope?.appId || contextAppId || void 0,
+      eventId: effectiveScope?.eventId || selectedEvent?.event_id || void 0
+    };
     if (scopeEqual(prevScopeRef.current, newScope)) {
       return prevScopeRef.current;
     }
     prevScopeRef.current = newScope;
     return newScope;
-  }, [resolvedScope]);
+  }, [effectiveScope, appName, contextAppId, selectedEvent?.event_id]);
   const { can, isLoading: canIsLoading, error: canError } = useCan(
     user?.id || "",
     stableScope,
     permission,
     effectivePageId,
-    true
+    true,
     // Use cache
+    appName
+    // Pass appName for PORTAL/ADMIN special case
   );
-  const isLoading = !resolvedScope || canIsLoading;
+  const isLoading = scopeLoading || canIsLoading;
   const error = checkError || canError;
   useEffect2(() => {
     if (!isLoading && !error) {
       setHasChecked(true);
-      setCheckError(null);
       if (!can && onDenied) {
         onDenied(pageName, operation);
       }
     } else if (error) {
-      setCheckError(error);
       setHasChecked(true);
     }
   }, [can, isLoading, error, pageName, operation, onDenied]);
@@ -373,12 +261,12 @@ var PagePermissionGuardComponent = ({
         pageName,
         operation,
         userId: user?.id,
-        scope: resolvedScope,
+        scope: effectiveScope,
         allowed: can,
         timestamp: (/* @__PURE__ */ new Date()).toISOString()
       });
     }
-  }, [auditLog, hasChecked, isLoading, pageName, operation, user?.id, resolvedScope, can]);
+  }, [auditLog, hasChecked, isLoading, pageName, operation, user?.id, effectiveScope, can]);
   useEffect2(() => {
     if (strictMode && hasChecked && !isLoading && !can) {
       const logger2 = getRBACLogger();
@@ -388,22 +276,23 @@ var PagePermissionGuardComponent = ({
         permission: `${operation}:page.${pageName}`,
         pageId: effectivePageId,
         userId: user?.id,
-        scope: resolvedScope,
-        scopeValid: resolvedScope && resolvedScope.organisationId ? true : false,
+        scope: effectiveScope,
+        scopeValid: allowsOptionalContexts ? true : effectiveScope !== null,
+        // PORTAL/ADMIN allow scope without org/event
         checkError,
         canError,
         timestamp: (/* @__PURE__ */ new Date()).toISOString()
       });
     }
-  }, [strictMode, hasChecked, isLoading, can, pageName, operation, effectivePageId, user?.id, resolvedScope, checkError, canError]);
-  const hasValidScope = resolvedScope && resolvedScope.organisationId;
+  }, [strictMode, hasChecked, isLoading, can, pageName, operation, effectivePageId, user?.id, effectiveScope, allowsOptionalContexts, checkError, canError]);
+  const hasValidScopeForPagePermissions = allowsOptionalContexts ? true : effectiveScope !== null;
   const hasValidUser = user && user.id;
   const isPermissionCheckComplete = hasChecked && !isLoading;
-  const shouldShowAccessDenied = isPermissionCheckComplete && hasValidScope && hasValidUser && !checkError && !can;
-  const shouldShowContent = isPermissionCheckComplete && hasValidScope && hasValidUser && !checkError && can;
-  const scopeKey = resolvedScope ? `${resolvedScope.organisationId}-${resolvedScope.eventId}-${resolvedScope.appId}` : "no-scope";
+  const shouldShowAccessDenied = isPermissionCheckComplete && hasValidScopeForPagePermissions && hasValidUser && !checkError && !can;
+  const shouldShowContent = isPermissionCheckComplete && hasValidScopeForPagePermissions && hasValidUser && !checkError && can;
+  const scopeKey = effectiveScope ? `${effectiveScope.organisationId}-${effectiveScope.eventId}-${effectiveScope.appId}` : "no-scope";
   const permissionKey = `${scopeKey}-${can}-${isLoading}-${!!checkError}-${hasChecked}`;
-  if (isLoading || !hasValidScope || !hasValidUser || !hasChecked) {
+  if (isLoading || !hasValidUser || !hasChecked) {
     return loading || /* @__PURE__ */ jsx2("div", { children: "Checking permissions..." });
   }
   if (checkError && !can) {
@@ -434,7 +323,7 @@ function DefaultAccessDenied() {
 }
 function DefaultLoading() {
   return /* @__PURE__ */ jsx2("div", { className: "flex items-center justify-center min-h-[200px] p-8", children: /* @__PURE__ */ jsxs("div", { className: "flex items-center space-x-2", children: [
-    /* @__PURE__ */ jsx2("div", { className: "animate-spin rounded-full h-8 w-8 border-b-2 border-main-600" }),
+    /* @__PURE__ */ jsx2("div", { className: "animate-spin rounded-full size-8 border-b-2 border-main-600" }),
     /* @__PURE__ */ jsx2("span", { className: "text-sec-600", children: "Checking permissions..." })
   ] }) });
 }
@@ -453,18 +342,16 @@ function SecureDataProvider({
   maxHistorySize = 1e3,
   enforceRLS = true
 }) {
-  const { user, selectedOrganisation, selectedEvent } = useUnifiedAuth();
+  const { user, selectedOrganisation, selectedEvent, supabase } = useUnifiedAuth();
   const { validateContext } = useSecureDataAccess();
   const [dataAccessHistory, setDataAccessHistory] = useState3([]);
   const [isEnabled, setIsEnabled] = useState3(true);
-  const currentScope = useMemo3(() => {
-    if (!selectedOrganisation) return null;
-    return {
-      organisationId: selectedOrganisation.id,
-      eventId: selectedEvent?.event_id || void 0,
-      appId: void 0
-    };
-  }, [selectedOrganisation, selectedEvent]);
+  const { resolvedScope } = useResolvedScope({
+    supabase,
+    selectedOrganisationId: selectedOrganisation?.id || null,
+    selectedEventId: selectedEvent?.event_id || null
+  });
+  const currentScope = resolvedScope;
   const isDataAccessAllowed = useCallback3((table, operation, scope) => {
     if (!isEnabled) return true;
     if (!user?.id) return false;
@@ -579,54 +466,22 @@ function PermissionEnforcer({
 }) {
   const { user, selectedOrganisation, selectedEvent, supabase } = useUnifiedAuth();
   const [hasChecked, setHasChecked] = useState4(false);
-  const [checkError, setCheckError] = useState4(null);
-  const [resolvedScope, setResolvedScope] = useState4(null);
-  useEffect4(() => {
-    const resolveScope = async () => {
-      if (scope) {
-        setResolvedScope(scope);
-        return;
-      }
-      if (selectedOrganisation && selectedEvent) {
-        setResolvedScope({
-          organisationId: selectedOrganisation.id,
-          eventId: selectedEvent.event_id,
-          appId: void 0
-        });
-        return;
-      }
-      if (selectedOrganisation) {
-        setResolvedScope({
-          organisationId: selectedOrganisation.id,
-          eventId: selectedEvent?.event_id || void 0,
-          appId: void 0
-        });
-        return;
-      }
-      if (selectedEvent && supabase) {
-        try {
-          const eventScope = await createScopeFromEvent(supabase, selectedEvent.event_id);
-          if (!eventScope) {
-            setCheckError(new Error("Could not resolve organization from event context"));
-            return;
-          }
-          setResolvedScope(eventScope);
-        } catch (error2) {
-          setCheckError(error2);
-        }
-        return;
-      }
-      setCheckError(new Error("Either organisation context or event context is required for permission checking"));
-    };
-    resolveScope();
-  }, [scope, selectedOrganisation, selectedEvent, supabase]);
-  const { results: permissionResults, isLoading, error } = useMultiplePermissions(
+  const { resolvedScope, isLoading: scopeLoading, error: scopeError } = useResolvedScope({
+    supabase,
+    selectedOrganisationId: selectedOrganisation?.id || null,
+    selectedEventId: selectedEvent?.event_id || null
+  });
+  const effectiveScope = scope || resolvedScope;
+  const checkError = scopeError;
+  const { results: permissionResults, isLoading: permissionsLoading, error: permissionsError } = useMultiplePermissions(
     user?.id || "",
-    resolvedScope || { eventId: selectedEvent?.event_id || void 0 },
+    effectiveScope || { eventId: selectedEvent?.event_id || void 0 },
     permissions,
     true
     // Use cache
   );
+  const isLoading = scopeLoading || permissionsLoading;
+  const error = checkError || permissionsError;
   const hasRequiredPermissions = useMemo4(() => {
     if (permissions.length === 0) return true;
     if (!permissionResults || Object.keys(permissionResults).length === 0) {
@@ -641,12 +496,10 @@ function PermissionEnforcer({
   useEffect4(() => {
     if (!isLoading && !error) {
       setHasChecked(true);
-      setCheckError(null);
       if (!hasRequiredPermissions && onDenied) {
         onDenied(permissions, operation);
       }
     } else if (error) {
-      setCheckError(error);
       setHasChecked(true);
     }
   }, [hasRequiredPermissions, isLoading, error, permissions, operation, onDenied]);
@@ -656,13 +509,13 @@ function PermissionEnforcer({
         permissions,
         operation,
         userId: user?.id,
-        scope: resolvedScope,
+        scope: effectiveScope,
         allowed: hasRequiredPermissions,
         requireAll,
         timestamp: (/* @__PURE__ */ new Date()).toISOString()
       });
     }
-  }, [auditLog, hasChecked, isLoading, permissions, operation, user?.id, resolvedScope, hasRequiredPermissions, requireAll]);
+  }, [auditLog, hasChecked, isLoading, permissions, operation, user?.id, effectiveScope, hasRequiredPermissions, requireAll]);
   useEffect4(() => {
     if (strictMode && hasChecked && !isLoading && !hasRequiredPermissions) {
       const logger2 = getRBACLogger();
@@ -670,12 +523,12 @@ function PermissionEnforcer({
         permissions,
         operation,
         userId: user?.id,
-        scope: resolvedScope,
+        scope: effectiveScope,
         requireAll,
         timestamp: (/* @__PURE__ */ new Date()).toISOString()
       });
     }
-  }, [strictMode, hasChecked, isLoading, hasRequiredPermissions, permissions, operation, user?.id, resolvedScope, requireAll]);
+  }, [strictMode, hasChecked, isLoading, hasRequiredPermissions, permissions, operation, user?.id, effectiveScope, requireAll]);
   if (isLoading || !hasChecked) {
     return /* @__PURE__ */ jsx4(Fragment2, { children: loading });
   }
@@ -706,7 +559,7 @@ function DefaultAccessDenied2() {
 }
 function DefaultLoading2() {
   return /* @__PURE__ */ jsx4("div", { className: "flex items-center justify-center min-h-[200px] p-8", children: /* @__PURE__ */ jsxs2("div", { className: "flex items-center space-x-2", children: [
-    /* @__PURE__ */ jsx4("div", { className: "animate-spin rounded-full h-8 w-8 border-b-2 border-main-600" }),
+    /* @__PURE__ */ jsx4("div", { className: "animate-spin rounded-full size-8 border-b-2 border-main-600" }),
     /* @__PURE__ */ jsx4("span", { className: "text-sec-600", children: "Checking permissions..." })
   ] }) });
 }
@@ -727,19 +580,17 @@ function RoleBasedRouter({
   maxHistorySize = 1e3,
   unauthorizedComponent: UnauthorizedComponent = DefaultUnauthorizedComponent
 }) {
-  const { user, selectedOrganisation, selectedEvent } = useUnifiedAuth();
+  const { user, selectedOrganisation, selectedEvent, supabase } = useUnifiedAuth();
   const location = useLocation();
   const navigate = useNavigate();
   const [routeAccessHistory, setRouteAccessHistory] = useState5([]);
   const [currentRoute, setCurrentRoute] = useState5("");
-  const currentScope = useMemo5(() => {
-    if (!selectedOrganisation) return null;
-    return {
-      organisationId: selectedOrganisation.id,
-      eventId: selectedEvent?.event_id || void 0,
-      appId: void 0
-    };
-  }, [selectedOrganisation, selectedEvent]);
+  const { resolvedScope } = useResolvedScope({
+    supabase,
+    selectedOrganisationId: selectedOrganisation?.id || null,
+    selectedEventId: selectedEvent?.event_id || null
+  });
+  const currentScope = resolvedScope;
   const currentRouteConfig = useMemo5(() => {
     const currentPath = location.pathname;
     return routes.find((route) => route.path === currentPath) || null;
@@ -846,7 +697,7 @@ function RoleBasedRouter({
   ]);
   if (finalLoading && !isPublicRoute) {
     return /* @__PURE__ */ jsx5("div", { className: "flex items-center justify-center min-h-screen", children: /* @__PURE__ */ jsxs3("div", { className: "text-center", children: [
-      /* @__PURE__ */ jsx5("div", { className: "animate-spin rounded-full h-8 w-8 border-b-2 border-main-600 mx-auto mb-4" }),
+      /* @__PURE__ */ jsx5("div", { className: "animate-spin rounded-full size-8 border-b-2 border-main-600 mx-auto mb-4" }),
       /* @__PURE__ */ jsx5("p", { className: "text-sec-600", children: "Checking permissions..." })
     ] }) });
   }
@@ -906,17 +757,15 @@ function NavigationProvider({
   onStrictModeViolation,
   maxHistorySize = 1e3
 }) {
-  const { user, selectedOrganisation, selectedEvent } = useUnifiedAuth();
+  const { user, selectedOrganisation, selectedEvent, supabase } = useUnifiedAuth();
   const [navigationAccessHistory, setNavigationAccessHistory] = useState6([]);
   const [isEnabled, setIsEnabled] = useState6(true);
-  const currentScope = useMemo6(() => {
-    if (!selectedOrganisation) return null;
-    return {
-      organisationId: selectedOrganisation.id,
-      eventId: selectedEvent?.event_id || void 0,
-      appId: void 0
-    };
-  }, [selectedOrganisation, selectedEvent]);
+  const { resolvedScope } = useResolvedScope({
+    supabase,
+    selectedOrganisationId: selectedOrganisation?.id || null,
+    selectedEventId: selectedEvent?.event_id || null
+  });
+  const currentScope = resolvedScope;
   const hasNavigationPermission = useCallback6((item) => {
     if (!isEnabled) return true;
     if (!user?.id) return false;
@@ -1029,54 +878,22 @@ function NavigationGuard({
 }) {
   const { user, selectedOrganisation, selectedEvent, supabase } = useUnifiedAuth();
   const [hasChecked, setHasChecked] = useState7(false);
-  const [checkError, setCheckError] = useState7(null);
-  const [resolvedScope, setResolvedScope] = useState7(null);
-  useEffect7(() => {
-    const resolveScope = async () => {
-      if (scope) {
-        setResolvedScope(scope);
-        return;
-      }
-      if (selectedOrganisation && selectedEvent) {
-        setResolvedScope({
-          organisationId: selectedOrganisation.id,
-          eventId: selectedEvent.event_id,
-          appId: void 0
-        });
-        return;
-      }
-      if (selectedOrganisation) {
-        setResolvedScope({
-          organisationId: selectedOrganisation.id,
-          eventId: selectedEvent?.event_id || void 0,
-          appId: void 0
-        });
-        return;
-      }
-      if (selectedEvent && supabase) {
-        try {
-          const eventScope = await createScopeFromEvent(supabase, selectedEvent.event_id);
-          if (!eventScope) {
-            setCheckError(new Error("Could not resolve organization from event context"));
-            return;
-          }
-          setResolvedScope(eventScope);
-        } catch (error2) {
-          setCheckError(error2);
-        }
-        return;
-      }
-      setCheckError(new Error("Either organisation context or event context is required for navigation permission checking"));
-    };
-    resolveScope();
-  }, [scope, selectedOrganisation, selectedEvent, supabase]);
-  const { results: permissionResults, isLoading, error } = useMultiplePermissions(
+  const { resolvedScope: hookResolvedScope, isLoading: scopeLoading, error: scopeError } = useResolvedScope({
+    supabase,
+    selectedOrganisationId: selectedOrganisation?.id || null,
+    selectedEventId: selectedEvent?.event_id || null
+  });
+  const effectiveScope = scope || hookResolvedScope;
+  const checkError = scopeError;
+  const { results: permissionResults, isLoading: permissionsLoading, error: permissionsError } = useMultiplePermissions(
     user?.id || "",
-    resolvedScope || { eventId: selectedEvent?.event_id || void 0 },
+    effectiveScope || { eventId: selectedEvent?.event_id || void 0 },
     navigationItem.permissions || [],
     true
     // Use cache
   );
+  const isLoading = scopeLoading || permissionsLoading;
+  const error = checkError || permissionsError;
   const hasRequiredPermissions = useMemo7(() => {
     if (!navigationItem.permissions || navigationItem.permissions.length === 0) return true;
     if (requireAll) {
@@ -1088,12 +905,10 @@ function NavigationGuard({
   useEffect7(() => {
     if (!isLoading && !error) {
       setHasChecked(true);
-      setCheckError(null);
       if (!hasRequiredPermissions && onDenied) {
         onDenied(navigationItem);
       }
     } else if (error) {
-      setCheckError(error);
       setHasChecked(true);
     }
   }, [hasRequiredPermissions, isLoading, error, navigationItem, onDenied]);
@@ -1104,13 +919,13 @@ function NavigationGuard({
         navigationItem: navigationItem.id,
         permissions: navigationItem.permissions,
         userId: user?.id,
-        scope: resolvedScope,
+        scope: effectiveScope,
         allowed: hasRequiredPermissions,
         requireAll,
         timestamp: (/* @__PURE__ */ new Date()).toISOString()
       });
     }
-  }, [auditLog, hasChecked, isLoading, navigationItem, user?.id, resolvedScope, hasRequiredPermissions, requireAll]);
+  }, [auditLog, hasChecked, isLoading, navigationItem, user?.id, effectiveScope, hasRequiredPermissions, requireAll]);
   useEffect7(() => {
     if (strictMode && hasChecked && !isLoading && !hasRequiredPermissions) {
       const logger2 = getRBACLogger();
@@ -1118,13 +933,13 @@ function NavigationGuard({
         navigationItem: navigationItem.id,
         permissions: navigationItem.permissions,
         userId: user?.id,
-        scope: resolvedScope,
+        scope: effectiveScope,
         requireAll,
         timestamp: (/* @__PURE__ */ new Date()).toISOString()
       });
     }
-  }, [strictMode, hasChecked, isLoading, hasRequiredPermissions, navigationItem, user?.id, resolvedScope, requireAll]);
-  if (isLoading || !resolvedScope || !hasChecked) {
+  }, [strictMode, hasChecked, isLoading, hasRequiredPermissions, navigationItem, user?.id, effectiveScope, requireAll]);
+  if (isLoading || !effectiveScope || !hasChecked) {
     return /* @__PURE__ */ jsx7(Fragment3, { children: loading });
   }
   if (checkError) {
@@ -1145,7 +960,7 @@ function DefaultAccessDenied3() {
 }
 function DefaultLoading3() {
   return /* @__PURE__ */ jsx7("div", { className: "flex items-center justify-center p-2", children: /* @__PURE__ */ jsxs4("div", { className: "flex items-center space-x-2", children: [
-    /* @__PURE__ */ jsx7("div", { className: "animate-spin rounded-full h-4 w-4 border-b-2 border-main-600" }),
+    /* @__PURE__ */ jsx7("div", { className: "animate-spin rounded-full size-4 border-b-2 border-main-600" }),
     /* @__PURE__ */ jsx7("span", { className: "text-sm text-sec-600", children: "Checking..." })
   ] }) });
 }
@@ -1432,7 +1247,7 @@ function withPermissionGuard(config, handler) {
     if (!userId || !organisationId) {
       throw new Error("User context required for permission check");
     }
-    const { isPermitted: isPermitted2 } = await import("./api-YP7XD5L6.js");
+    const { isPermitted: isPermitted2 } = await import("./api-I6UCQ5S6.js");
     const hasPermission2 = await isPermitted2({
       userId,
       scope: { organisationId, eventId, appId },
@@ -1455,7 +1270,7 @@ function withAccessLevelGuard(minLevel, handler) {
     if (!userId || !organisationId) {
       throw new Error("User context required for access level check");
     }
-    const { getAccessLevel: getAccessLevel2 } = await import("./api-YP7XD5L6.js");
+    const { getAccessLevel: getAccessLevel2 } = await import("./api-I6UCQ5S6.js");
     const accessLevel = await getAccessLevel2({
       userId,
       scope: { organisationId, eventId, appId }
@@ -1480,7 +1295,7 @@ function withRoleGuard(config, handler) {
       throw new Error("User context required for role check");
     }
     if (config.globalRoles && config.globalRoles.length > 0) {
-      const { isSuperAdmin } = await import("./api-YP7XD5L6.js");
+      const { isSuperAdmin } = await import("./api-I6UCQ5S6.js");
       const isSuper = await isSuperAdmin(userId);
       if (isSuper) {
         if (organisationId) {
@@ -1506,14 +1321,14 @@ function withRoleGuard(config, handler) {
       }
     }
     if (config.organisationRoles && config.organisationRoles.length > 0) {
-      const { isOrganisationAdmin } = await import("./api-YP7XD5L6.js");
+      const { isOrganisationAdmin } = await import("./api-I6UCQ5S6.js");
       const isOrgAdmin = await isOrganisationAdmin(userId, organisationId);
       if (!isOrgAdmin && config.requireAll !== false) {
         throw new Error(`Organisation admin role required`);
       }
     }
     if (config.eventAppRoles && config.eventAppRoles.length > 0 && eventId && appId) {
-      const { isEventAdmin } = await import("./api-YP7XD5L6.js");
+      const { isEventAdmin } = await import("./api-I6UCQ5S6.js");
       const isEventAdminUser = await isEventAdmin(userId, { organisationId, eventId, appId });
       if (!isEventAdminUser && config.requireAll !== false) {
         throw new Error(`Event admin role required`);
@@ -1553,7 +1368,7 @@ function createRBACMiddleware(config) {
     );
     if (protectedRoute) {
       try {
-        const { isPermitted: isPermitted2 } = await import("./api-YP7XD5L6.js");
+        const { isPermitted: isPermitted2 } = await import("./api-I6UCQ5S6.js");
         const hasPermission2 = await isPermitted2({
           userId,
           scope: { organisationId },
@@ -1580,7 +1395,7 @@ function createRBACExpressMiddleware(config) {
       return res.status(401).json({ error: "User context required" });
     }
     try {
-      const { isPermitted: isPermitted2 } = await import("./api-YP7XD5L6.js");
+      const { isPermitted: isPermitted2 } = await import("./api-I6UCQ5S6.js");
       const hasPermission2 = await isPermitted2({
         userId,
         scope: { organisationId, eventId, appId },
@@ -1984,7 +1799,7 @@ export const supabase = createClient(url, key);
 // src/lib/supabase.ts
 export const supabase = createClient(
   import.meta.env.VITE_SUPABASE_URL,
-  import.meta.env.VITE_SUPABASE_ANON_KEY
+  import.meta.env.VITE_SUPABASE_PUBLISHABLE_KEY
 );
 // src/utils/api.ts
@@ -2109,4 +1924,4 @@ export {
   getDirectSupabaseAuthFixes,
   getQuickFixes
 };
-//# sourceMappingURL=chunk-IM4QE42D.js.map
+//# sourceMappingURL=chunk-73HSNNOQ.js.map