npm - @jmruthers/pace-core - Versions diffs - 0.5.190 → 0.5.191 - Mend

@jmruthers/pace-core 0.5.190 → 0.5.191

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (249) hide show

package/src/hooks/public/usePublicFileDisplay.ts CHANGED Viewed

@@ -202,7 +202,7 @@ export function usePublicFileDisplay(
             const ids = userData.map((item: any) => item.id);
             if (ids.length > 0) {
               const { data: fullData } = await supabase
-                .from('file_references')
+                .from('core_file_references')
                 .select('id, table_name, record_id, file_path, file_metadata, organisation_id, app_id, is_public, created_at, updated_at')
                 .in('id', ids)
                 .eq('is_public', true);
@@ -320,7 +320,7 @@ export function usePublicFileDisplay(
             // Fetch full file reference data for each ID, but only public files
             const ids = fileIds.map((item: any) => item.id);
             const { data: fullData, error: fetchError } = await supabase
-              .from('file_references')
+              .from('core_file_references')
               .select('id, table_name, record_id, file_path, file_metadata, organisation_id, app_id, is_public, created_at, updated_at')
               .in('id', ids)
               .eq('is_public', true); // Only public files in public context

package/src/hooks/useFileDisplay.ts CHANGED Viewed

@@ -4,7 +4,7 @@
  * @module Hooks
  *
  * A React hook for accessing file references in authenticated contexts.
- * Can handle both public and private files using the file_references system.
+ * Can handle both public and private files using the core_file_references system.
  *
  * Features:
  * - Works in authenticated contexts
@@ -20,7 +20,7 @@
  *
  * function FileView() {
  *   const { fileUrl, fileReference, isLoading, error } = useFileDisplay(
- *     'event',
+ *     'core_events',
  *     eventId,
  *     organisationId,
  *     FileCategory.EVENT_LOGOS
@@ -247,10 +247,9 @@ export function useFileDisplay(
           if (user) {
             // Query user's active organisation memberships
             const { data: memberships, error: membershipError } = await supabase
-              .from('organisation_memberships')
+              .from('core_organisation_memberships')
               .select('organisation_id')
-              .eq('user_id', user.id)
-              .or('status.is.null,status.eq.active');
+              .eq('user_id', user.id);
             if (membershipError) {
               logger.warn('useFileDisplay', 'Error querying organisation memberships:', membershipError);
@@ -292,7 +291,7 @@ export function useFileDisplay(
               try {
                 // Try querying without organisation_id filter - let RLS handle security
                 let fallbackQuery = supabase
-                  .from('file_references')
+                  .from('core_file_references')
                   .select('id, table_name, record_id, file_path, file_metadata, organisation_id, app_id, is_public, created_at, updated_at')
                   .eq('table_name', table_name)
                   .eq('record_id', record_id)
@@ -350,11 +349,11 @@ export function useFileDisplay(
         // If no files found through RPC, try a direct query as fallback
         // This handles cases where RLS policy allows access but RPC security check is too strict
-        // (e.g., pace_person files where user owns the person record but record_id != user_id)
+        // (e.g., core_person files where user owns the person record but record_id != user_id)
         if (files.length === 0) {
           try {
             let directQuery = supabase
-              .from('file_references')
+              .from('core_file_references')
               .select('id, table_name, record_id, file_path, file_metadata, organisation_id, app_id, is_public, created_at, updated_at')
               .eq('table_name', table_name)
               .eq('record_id', record_id)
@@ -444,7 +443,7 @@ export function useFileDisplay(
             const { data: { user } } = await supabase.auth.getUser();
             if (user) {
               const { data: memberships } = await supabase
-                .from('organisation_memberships')
+                .from('core_organisation_memberships')
                 .select('organisation_id')
                 .eq('user_id', user.id)
                 .or('status.is.null,status.eq.active');

package/src/hooks/useQueryCache.ts CHANGED Viewed

@@ -112,12 +112,12 @@ export interface UseQueryCacheReturn {
  * const { getCachedQuery } = useQueryCache(supabase);
  *
  * const person = await getCachedQuery(
- *   'pace_person',
+ *   'core_person',
  *   'user_id',
  *   userId,
  *   async () => {
  *     const { data } = await supabase
- *       .from('pace_person')
+ *       .from('core_person')
  *       .select('id, first_name, last_name, email')
  *       .eq('user_id', userId)
  *       .single();
@@ -220,7 +220,7 @@ export function useQueryCache(supabase?: SupabaseClient<Database>): UseQueryCach
  */
 export const queryCacheHelpers = {
   /**
-   * Cache pace_person queries by user_id
+   * Cache core_person queries by user_id
    * TTL: 5 minutes
    */
   pacePersonByUserId: <T>(
@@ -228,7 +228,7 @@ export const queryCacheHelpers = {
     userId: string,
     fetchFn: () => Promise<T>
   ): Promise<T> => {
-    const cacheKey = `pace_person:user_id:${userId}`;
+    const cacheKey = `core_person:user_id:${userId}`;
     const now = Date.now();
     const ttl = 300 * 1000; // 5 minutes
@@ -258,7 +258,7 @@ export const queryCacheHelpers = {
   },
   /**
-   * Cache pace_member queries by person_id
+   * Cache core_member queries by person_id
    * TTL: 5 minutes
    */
   paceMemberByPersonId: <T>(
@@ -266,7 +266,7 @@ export const queryCacheHelpers = {
     personId: string,
     fetchFn: () => Promise<T>
   ): Promise<T> => {
-    const cacheKey = `pace_member:person_id:${personId}`;
+    const cacheKey = `core_member:person_id:${personId}`;
     const now = Date.now();
     const ttl = 300 * 1000; // 5 minutes

package/src/hooks/useSecureDataAccess.test.ts CHANGED Viewed

@@ -154,9 +154,9 @@ describe('useSecureDataAccess', () => {
     it('executes secure query with organisation filtering', async () => {
       const { result } = renderHook(() => useSecureDataAccess());
-      const data = await result.current.secureQuery('event', '*', { active: true });
+      const data = await result.current.secureQuery('core_events', '*', { active: true });
-      expect(freshMockSupabase.from).toHaveBeenCalledWith('event');
+      expect(freshMockSupabase.from).toHaveBeenCalledWith('core_events');
       expect(freshMockQueryBuilder.select).toHaveBeenCalledWith('*');
       expect(freshMockQueryBuilder.eq).toHaveBeenCalledWith('organisation_id', 'org-123');
       expect(freshMockQueryBuilder.eq).toHaveBeenCalledWith('active', true);
@@ -270,9 +270,9 @@ describe('useSecureDataAccess', () => {
     it('executes secure update with organisation filtering', async () => {
       const { result } = renderHook(() => useSecureDataAccess());
-      const data = await result.current.secureUpdate('event', { event_name: 'Updated Event' }, { id: 'event-123' });
+      const data = await result.current.secureUpdate('core_events', { event_name: 'Updated Event' }, { id: 'event-123' });
-      expect(freshMockSupabase.from).toHaveBeenCalledWith('event');
+      expect(freshMockSupabase.from).toHaveBeenCalledWith('core_events');
       expect(freshMockQueryBuilder.update).toHaveBeenCalledWith({ event_name: 'Updated Event' });
       expect(freshMockQueryBuilder.eq).toHaveBeenCalledWith('id', 'event-123');
       expect(freshMockQueryBuilder.eq).toHaveBeenCalledWith('organisation_id', 'org-123');
@@ -307,9 +307,9 @@ describe('useSecureDataAccess', () => {
     it('executes secure delete with organisation filtering', async () => {
       const { result } = renderHook(() => useSecureDataAccess());
-      await result.current.secureDelete('event', { id: 'event-123' });
+      await result.current.secureDelete('core_events', { id: 'event-123' });
-      expect(freshMockSupabase.from).toHaveBeenCalledWith('event');
+      expect(freshMockSupabase.from).toHaveBeenCalledWith('core_events');
       expect(freshMockQueryBuilder.delete).toHaveBeenCalled();
       expect(freshMockQueryBuilder.eq).toHaveBeenCalledWith('id', 'event-123');
       expect(freshMockQueryBuilder.eq).toHaveBeenCalledWith('organisation_id', 'org-123');
@@ -387,7 +387,7 @@ describe('useSecureDataAccess', () => {
       const { result } = renderHook(() => useSecureDataAccess());
       // Use 'event' table which is in the tablesWithOrganisation list
-      await result.current.secureQuery('event', '*');
+      await result.current.secureQuery('core_events', '*');
       // Verify that the query was executed with organisation filter
       expect(freshMockQueryBuilder.eq).toHaveBeenCalledWith('organisation_id', 'org-123');
@@ -443,7 +443,7 @@ describe('useSecureDataAccess', () => {
     it('prevents data leaks between organisations', async () => {
       const { result } = renderHook(() => useSecureDataAccess());
-      await result.current.secureQuery('event', '*');
+      await result.current.secureQuery('core_events', '*');
       // Verify organisation_id filter is always applied
       expect(freshMockQueryBuilder.eq).toHaveBeenCalledWith('organisation_id', 'org-123');

package/src/hooks/useSecureDataAccess.ts CHANGED Viewed

@@ -15,7 +15,7 @@
  *   const loadData = async () => {
  *     try {
  *       // Automatically includes organisation_id filter
- *       const events = await secureQuery('event', '*', { is_visible: true });
+ *       const events = await secureQuery('core_events', '*', { is_visible: true });
  *       console.log('Organisation events:', events);
  *     } catch (error) {
  *       console.error('Failed to load data:', error);
@@ -25,7 +25,7 @@
  *   const createEvent = async (eventData) => {
  *     try {
  *       // Automatically sets organisation_id
- *       const newEvent = await secureInsert('event', eventData);
+ *       const newEvent = await secureInsert('core_events', eventData);
  *       console.log('Created event:', newEvent);
  *     } catch (error) {
  *       console.error('Failed to create event:', error);
@@ -231,15 +231,19 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
     // - RLS policies are the primary security layer (cannot be bypassed)
     // - Application-level filtering adds an additional layer of protection
     const tablesWithOrganisation = [
-      'event',  'organisation_settings',
+      'core_events',  'organisation_settings',
       'rbac_event_app_roles', 'rbac_organisation_roles',
       // SECURITY: Phase 2 additions - complete organisation table mapping
       'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',
       // SECURITY: Emergency additions for Phase 1 fixes
-      'cake_meal', 'cake_mealtype', 'pace_person', 'pace_member',
+      'cake_meal', 'cake_mealtype', 'core_person',
+      // NOTE: core_member, medi_profile, core_contact, core_consent, core_identification, core_qualification
+      // are now person-scoped (not organisation-scoped) - removed from this list
       // SECURITY: Phase 3A additions - medical and personal data
-      'medi_profile', 'medi_condition', 'medi_diet', 'medi_action_plan', 'medi_profile_versions',
-      'pace_consent', 'pace_contact', 'pace_identification', 'pace_identification_type', 'pace_qualification',
+      // NOTE: medi_condition, medi_diet, medi_action_plan, medi_profile_versions are now person-scoped
+      // (via medi_profile) - removed from this list
+      // core_identification_type remains organisation-scoped (lookup table)
+      'core_identification_type',
       'form_responses', 'form_response_values', 'forms',
       // SECURITY: Phase 3B additions - remaining critical tables
       'invoice', 'line_item', 'credit_balance', 'payment_method',
@@ -360,12 +364,12 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
     // Add organisation filter only if table has organisation_id column
     const tablesWithOrganisation = [
-      'event',  'organisation_settings',
+      'core_events',  'organisation_settings',
       'rbac_event_app_roles', 'rbac_organisation_roles',
       // SECURITY: Phase 2 additions - complete organisation table mapping
       'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',
       // SECURITY: Emergency additions for Phase 1 fixes
-      'cake_meal', 'cake_mealtype', 'pace_person', 'pace_member'
+      'cake_meal', 'cake_mealtype', 'core_person', 'core_member'
     ];
     if (!bypassOrganisationFilter && organisationId && tablesWithOrganisation.includes(table)) {
@@ -407,15 +411,15 @@ export function useSecureDataAccess(): SecureDataAccessReturn {
     // Add organisation filter only if table has organisation_id column
     const tablesWithOrganisation = [
-      'event',  'organisation_settings',
+      'core_events',  'organisation_settings',
       'rbac_event_app_roles', 'rbac_organisation_roles',
       // SECURITY: Phase 2 additions - complete organisation table mapping
       'organisation_audit_log', 'organisation_invitations', 'organisation_app_access',
       // SECURITY: Emergency additions for Phase 1 fixes
-      'cake_meal', 'cake_mealtype', 'pace_person', 'pace_member',
+      'cake_meal', 'cake_mealtype', 'core_person', 'core_member',
       // SECURITY: Phase 3A additions - medical and personal data
       'medi_profile', 'medi_condition', 'medi_diet', 'medi_action_plan', 'medi_profile_versions',
-      'pace_consent', 'pace_contact', 'pace_identification', 'pace_identification_type', 'pace_qualification',
+      'core_consent', 'core_contact', 'core_identification', 'core_identification_type', 'core_qualification',
       'form_responses', 'form_response_values', 'forms',
       // SECURITY: Phase 3B additions - remaining critical tables
       'invoice', 'line_item', 'credit_balance', 'payment_method',

package/src/providers/__tests__/OrganisationProvider.test.tsx CHANGED Viewed

@@ -40,24 +40,7 @@ const createMockSupabaseClient = () => {
   const orgId = '123e4567-e89b-12d3-a456-426614174000'; // Valid UUID format
   const userId = '123e4567-e89b-12d3-a456-426614174001'; // Valid UUID format
-  return {
-    rpc: vi.fn().mockResolvedValue({
-      data: [
-        {
-          user_id: userId,
-          organisation_id: orgId,
-          role: 'org_admin',
-          status: 'active',
-        },
-      ],
-      error: null,
-    }),
-    from: vi.fn((table: string) => {
-      if (table === 'organisations') {
-        return {
-          select: vi.fn().mockResolvedValue({
-            data: [
-              {
+  const mockOrganisation = {
                 id: orgId,
                 name: 'Test Organisation 1',
                 display_name: 'Test Organisation 1',
@@ -67,11 +50,34 @@ const createMockSupabaseClient = () => {
                 parent_id: null,
                 created_at: '2023-01-01T00:00:00Z',
                 updated_at: '2023-01-01T00:00:00Z',
-              },
-            ],
+  };
+  const mockQueryBuilder = {
+    select: vi.fn().mockReturnThis(),
+    eq: vi.fn().mockReturnThis(),
+    is: vi.fn().mockResolvedValue({
+      data: [{
+        id: 'membership-1',
+        user_id: userId,
+        organisation_id: orgId,
+        role: 'org_admin',
+        status: 'active',
+        granted_at: '2023-01-01T00:00:00Z',
+        revoked_at: null,
+        core_organisations: mockOrganisation
+      }],
+      error: null
+    })
+  };
+  return {
+    rpc: vi.fn().mockResolvedValue({
+      data: [],
             error: null,
           }),
-        };
+    from: vi.fn((table: string) => {
+      if (table === 'rbac_organisation_roles') {
+        return mockQueryBuilder;
       }
       return {
         select: vi.fn().mockResolvedValue({ data: [], error: null }),

package/src/rbac/hooks/useRBAC.simple.test.ts ADDED Viewed

@@ -0,0 +1,95 @@
+/**
+ * @file useRBAC Hook Simple Tests
+ * @package @jmruthers/pace-core
+ * @module RBAC/Hooks/useRBAC
+ * @since 0.3.0
+ *
+ * Simple tests for the useRBAC hook to verify basic functionality.
+ */
+import { renderHook } from '@testing-library/react';
+import { vi, describe, it, expect, beforeEach } from 'vitest';
+// Mock the providers with simple mocks
+vi.mock('../../providers/UnifiedAuthProvider', () => ({
+  useUnifiedAuth: vi.fn(() => ({
+    user: { id: 'user-123' },
+    session: { access_token: 'mock-token' },
+    supabase: {
+      // Ensure realtime init is skipped
+      channel: undefined,
+      from: vi.fn(() => ({
+        select: vi.fn(() => ({
+          eq: vi.fn(() => ({
+            eq: vi.fn(() => ({
+              single: vi.fn().mockResolvedValue({
+                data: { global_role: 'user' },
+                error: null
+              })
+            }))
+          }))
+        }))
+      }))
+    },
+    appName: 'test-app'
+  }))
+}));
+vi.mock('../../providers/OrganisationProvider', () => ({
+  useOrganisations: vi.fn(() => ({
+    selectedOrganisation: { id: 'org-123', name: 'Test Org' }
+  }))
+}));
+vi.mock('../../providers/EventProvider', () => ({
+  useEvents: vi.fn(() => ({
+    selectedEvent: { event_id: 'event-123', name: 'Test Event' }
+  }))
+}));
+// Import after mocking
+vi.mock('./useRBAC', () => ({
+  useRBAC: () => ({
+    isLoading: false,
+    isAuthenticated: true,
+    globalRole: 'user',
+    organisationRole: 'member',
+    eventAppRole: 'participant',
+    isSuperAdmin: false,
+    isOrgAdmin: false,
+    hasGlobalPermission: () => true,
+    error: null,
+  }),
+}));
+import { useRBAC } from './useRBAC';
+describe('useRBAC Hook - Simple Tests', () => {
+    it('renders without crashing', () => {
+    const { result } = renderHook(() => useRBAC());
+    expect(result.current).toBeDefined();
+    expect(result.current.globalRole).toBeDefined();
+    expect(result.current.organisationRole).toBeDefined();
+    expect(result.current.eventAppRole).toBeDefined();
+  });
+  it('has required properties', () => {
+    const { result } = renderHook(() => useRBAC());
+    expect(result.current).toHaveProperty('globalRole');
+    expect(result.current).toHaveProperty('organisationRole');
+    expect(result.current).toHaveProperty('eventAppRole');
+    expect(result.current).toHaveProperty('hasGlobalPermission');
+    expect(result.current).toHaveProperty('isSuperAdmin');
+    expect(result.current).toHaveProperty('isOrgAdmin');
+    expect(result.current).toHaveProperty('isLoading');
+    expect(result.current).toHaveProperty('error');
+    // Note: hasPermission was removed - use useCan() hook instead
+  });
+  it('hasGlobalPermission is a function', () => {
+    const { result } = renderHook(() => useRBAC());
+    expect(typeof result.current.hasGlobalPermission).toBe('function');
+  });
+});

package/src/rbac/utils/__tests__/eventContext.test.ts CHANGED Viewed

@@ -41,7 +41,7 @@ describe('Event Context Utilities', () => {
     // Clear cache before each test to prevent test interference
     clearAllOrgDerivationCache();
     mockSupabase = createMockSupabaseClient();
-    mockQuery = mockSupabase.from('event');
+    mockQuery = mockSupabase.from('core_events');
   });
   afterEach(() => {
@@ -63,7 +63,7 @@ describe('Event Context Utilities', () => {
       const result = await getOrganisationFromEvent(mockSupabase, eventId);
       expect(result).toBe(organisationId);
-      expect(mockSupabase.from).toHaveBeenCalledWith('event');
+      expect(mockSupabase.from).toHaveBeenCalledWith('core_events');
       expect(mockQuery.select).toHaveBeenCalledWith('organisation_id');
       expect(mockQuery.eq).toHaveBeenCalledWith('event_id', eventId);
       expect(mockQuery.single).toHaveBeenCalled();