@jmruthers/pace-core 0.5.191 → 0.5.193

package/dist/chunk-LMC26NLJ 2.js

@@ -0,0 +1,84 @@
+// src/utils/validation/schema.ts
+import { z } from "zod";
+function pickSchema(schema, keys) {
+  const shape = Object.entries(schema.shape).filter(([key]) => keys.includes(key)).reduce((acc, [key, value]) => {
+    acc[key] = value;
+    return acc;
+  }, {});
+  return z.object(shape);
+}
+function combineSchemas(schemas) {
+  return schemas.reduce(
+    (merged, schema) => merged.merge(schema),
+    z.object({})
+  );
+}
+
+// src/types/validation.ts
+import { z as z2 } from "zod";
+var emailSchema = z2.string().email("Please enter a valid email address");
+var nameSchema = z2.string().min(1, "Name is required").max(100, "Name must be less than 100 characters");
+var phoneSchema = z2.string().regex(/^\+?[\d\s\-\(\)]+$/, "Please enter a valid phone number");
+var urlSchema = z2.string().url("Please enter a valid URL");
+var dateSchema = z2.string().refine((date) => !isNaN(Date.parse(date)), "Please enter a valid date");
+var passwordSchema = z2.string().min(8, "Password must be at least 8 characters").regex(/[A-Z]/, "Password must contain at least one uppercase letter").regex(/[a-z]/, "Password must contain at least one lowercase letter").regex(/[0-9]/, "Password must contain at least one number");
+var securePasswordSchema = passwordSchema.regex(/[!@#$%^&*(),.?":{}|<>]/, "Password must contain at least one special character");
+var loginSchema = z2.object({
+  email: emailSchema,
+  password: z2.string().min(1, "Password is required")
+});
+var registrationSchema = z2.object({
+  email: emailSchema,
+  password: passwordSchema,
+  confirmPassword: z2.string()
+}).refine((data) => data.password === data.confirmPassword, {
+  message: "Passwords don't match",
+  path: ["confirmPassword"]
+});
+var secureLoginSchema = z2.object({
+  email: emailSchema,
+  password: securePasswordSchema
+});
+var passwordResetSchema = z2.object({
+  email: emailSchema
+});
+var changePasswordSchema = z2.object({
+  currentPassword: z2.string().min(1, "Current password is required"),
+  newPassword: securePasswordSchema,
+  confirmPassword: z2.string()
+}).refine((data) => data.newPassword === data.confirmPassword, {
+  message: "Passwords don't match",
+  path: ["confirmPassword"]
+});
+var userProfileSchema = z2.object({
+  name: nameSchema,
+  email: emailSchema,
+  phone: phoneSchema.optional(),
+  website: urlSchema.optional(),
+  bio: z2.string().max(500).optional()
+});
+var contactFormSchema = z2.object({
+  name: nameSchema,
+  email: emailSchema,
+  message: z2.string().min(1, "Message is required").max(1e3, "Message must be less than 1000 characters")
+});
+
+export {
+  pickSchema,
+  combineSchemas,
+  emailSchema,
+  nameSchema,
+  phoneSchema,
+  urlSchema,
+  dateSchema,
+  passwordSchema,
+  securePasswordSchema,
+  loginSchema,
+  registrationSchema,
+  secureLoginSchema,
+  passwordResetSchema,
+  changePasswordSchema,
+  userProfileSchema,
+  contactFormSchema
+};
+//# sourceMappingURL=chunk-LMC26NLJ.js.map

package/dist/{chunk-VKB2CO4Z.js → chunk-NOAYCWCX 5.js }

@@ -25,12 +25,12 @@ import {
   SelectSeparator,
   SelectTrigger,
   SelectValue
-} from "./chunk-ULHIJK66.js";
+} from "./chunk-E3SPN4VZ.js";
 import {
   useCan,
   usePermissions,
   useRBAC
-} from "./chunk-VRGWKHDB.js";
+} from "./chunk-XNXXZ43G.js";
 import {
   createFileReferenceService,
   generateFileUrlsBatch,
@@ -42,7 +42,7 @@ import {
   useFileDisplay,
   usePreventTabReload,
   usePublicFileDisplay
-} from "./chunk-XNYQOL3Z.js";
+} from "./chunk-BC4IJKSL.js";
 import {
   useToast
 } from "./chunk-6C4YBBJM.js";
@@ -53,16 +53,16 @@ import {
   useEvents,
   useIsPublicPage,
   useResolvedScope
-} from "./chunk-OETXORNB.js";
+} from "./chunk-IIELH4DL.js";
 import {
   EventServiceContext,
   useOrganisations,
   useSessionRestoration,
   useUnifiedAuth
-} from "./chunk-6LTQQAT6.js";
+} from "./chunk-7FLMSG37.js";
 import {
   isSuperAdmin
-} from "./chunk-ROXMHMY2.js";
+} from "./chunk-KNC55RTG.js";
 import {
   assertAppId
 } from "./chunk-QXHPKYJV.js";
@@ -515,6 +515,7 @@ function FileDisplayContent({
   displayOnly,
   showDelete,
   className,
+  imgClassName,
   children,
   onDelete,
   clearError,
@@ -637,12 +638,12 @@ function FileDisplayContent({
       if (!fileUrl) {
         return /* @__PURE__ */ jsx4("figure", { className: className || "max-w-full h-48", title: "Loading", children: /* @__PURE__ */ jsx4("p", { className: fallbackClasses, children: /* @__PURE__ */ jsx4(LoadingSpinner, {}) }) });
       }
-      return /* @__PURE__ */ jsx4("figure", { className: className || "max-w-full h-auto", children: /* @__PURE__ */ jsx4(
+      return /* @__PURE__ */ jsx4("figure", { className: className || "", children: /* @__PURE__ */ jsx4(
         "img",
         {
           src: fileUrl,
           alt: fileReference.file_metadata.fileName || "File",
-          className: "max-w-full h-auto",
+          className: imgClassName || "object-cover size-full",
           onError: handleImageError
         }
       ) });
@@ -685,7 +686,7 @@ function FileDisplayContent({
         {
           src: fileUrl,
           alt: fileReference.file_metadata.fileName || "File",
-          className: "max-w-full h-auto",
+          className: imgClassName || "object-cover size-full",
           onError: handleImageError
         }
       ),
@@ -782,7 +783,7 @@ function FileDisplayContent({
           {
             src: fileUrl2,
             alt: fileRef.file_metadata.fileName || "File",
-            className: "w-12 h-12 object-cover rounded",
+            className: imgClassName || "object-cover size-full",
             onError: handleImageError
           }
         ) : /* @__PURE__ */ jsx4("span", { className: "text-2xl", children: getFileIcon(fileRef.file_metadata.fileType || "") }),
@@ -832,6 +833,7 @@ function FileDisplayPublic({
   displayOnly = false,
   showDelete = false,
   className = "",
+  imgClassName,
   children,
   loadingComponent,
   errorComponent,
@@ -861,6 +863,7 @@ function FileDisplayPublic({
           displayOnly,
           showDelete: false,
           className,
+          imgClassName,
           children,
           onDelete: void 0,
           organisation_id,
@@ -934,6 +937,7 @@ function FileDisplayPublic({
       displayOnly,
       showDelete: false,
       className,
+      imgClassName,
       children,
       onDelete: showDelete ? handleDelete : void 0,
       organisation_id,
@@ -957,6 +961,7 @@ function FileDisplayAuthenticated({
   displayOnly = false,
   showDelete = false,
   className = "",
+  imgClassName,
   children,
   loadingComponent,
   errorComponent,
@@ -1042,6 +1047,7 @@ function FileDisplayAuthenticated({
       displayOnly,
       showDelete,
       className,
+      imgClassName,
       children,
       onDelete: showDelete ? handleDelete : void 0,
       clearError: refetch,
@@ -1066,6 +1072,7 @@ function FileDisplay({
   displayOnly = false,
   showDelete = false,
   className = "",
+  imgClassName,
   children,
   loadingComponent,
   errorComponent,
@@ -1089,6 +1096,7 @@ function FileDisplay({
         displayOnly,
         showDelete,
         className,
+        imgClassName,
         children,
         loadingComponent,
         errorComponent,
@@ -1112,6 +1120,7 @@ function FileDisplay({
       displayOnly,
       showDelete,
       className,
+      imgClassName,
       children,
       loadingComponent,
       errorComponent,
@@ -2598,7 +2607,6 @@ function OrganisationSelector({
       if (newOrganisation && onOrganisationChange) {
         onOrganisationChange(newOrganisation);
       }
-      logger.debug("OrganisationSelector", "Successfully switched to organisation:", orgId);
     } catch (error) {
       logger.error("OrganisationSelector", "Failed to switch organisation:", error);
       setSwitchError(error instanceof Error ? error.message : "Failed to switch organisation");
@@ -2970,7 +2978,7 @@ var NavigationMenu = React15.forwardRef(({
       }
       const userId2 = authContext.user.id;
       const appName = authContext.appName;
-      import("./api-IHKALJZD.js").then(({ resolveAppContext }) => {
+      import("./api-N774RPUA.js").then(({ resolveAppContext }) => {
         resolveAppContext({
           userId: userId2,
           appName
@@ -2979,7 +2987,6 @@ var NavigationMenu = React15.forwardRef(({
             setResolvedAppId(result.appId);
           }
         }).catch((error) => {
-          logger.debug("NavigationMenu", "Failed to resolve appId", error);
         });
       });
     }
@@ -3220,15 +3227,6 @@ var NavigationMenu = React15.forwardRef(({
   };
   const handleItemClick = (item) => {
     if (auditLog) {
-      logger.debug("NavigationMenu", "Navigation access attempt:", {
-        itemId: item.id,
-        label: item.label,
-        href: item.href,
-        permissions: item.permissions,
-        roles: item.roles,
-        accessLevel: item.accessLevel,
-        timestamp: (/* @__PURE__ */ new Date()).toISOString()
-      });
     }
     if (!authContext) {
       if (onNavigate) {
@@ -3574,7 +3572,7 @@ function PaceAppLayout({
   onRouteAccessDenied,
   onRouteStrictModeViolation
 }) {
-  const { user, signOut, updatePassword, supabase, appId: contextAppId } = useUnifiedAuth();
+  const { user, signOut, updatePassword, supabase, appId: contextAppId, selectedOrganisationId } = useUnifiedAuth();
   const {
     selectedOrganisation,
     isContextReady,
@@ -3582,6 +3580,34 @@ function PaceAppLayout({
     ensureOrganisationContext,
     isLoading: organisationLoading
   } = useOrganisations();
+  const { isSuperAdmin: isSuperAdminFromRBAC, isLoading: rbacLoading } = useRBAC();
+  const [isSuperAdminDirect, setIsSuperAdminDirect] = useState12(false);
+  const [isCheckingSuperAdminDirect, setIsCheckingSuperAdminDirect] = useState12(false);
+  useEffect8(() => {
+    const checkSuperAdminDirect = async () => {
+      if (!user?.id) {
+        setIsSuperAdminDirect(false);
+        setIsCheckingSuperAdminDirect(false);
+        return;
+      }
+      if (isSuperAdminFromRBAC) {
+        setIsCheckingSuperAdminDirect(false);
+        return;
+      }
+      setIsCheckingSuperAdminDirect(true);
+      try {
+        const superAdminStatus = await isSuperAdmin(user.id);
+        setIsSuperAdminDirect(superAdminStatus);
+      } catch (error) {
+        logger.error("PaceAppLayout", "Error checking super admin status directly", { userId: user?.id, error });
+        setIsSuperAdminDirect(false);
+      } finally {
+        setIsCheckingSuperAdminDirect(false);
+      }
+    };
+    checkSuperAdminDirect();
+  }, [user?.id, isSuperAdminFromRBAC]);
+  const isSuperAdmin2 = isSuperAdminFromRBAC || isSuperAdminDirect;
   const navigate = useNavigate();
   const location = useLocation();
   useEventTheme();
@@ -3597,23 +3623,22 @@ function PaceAppLayout({
     selectedEventId: selectedEvent?.event_id || null
   });
   const resolvedAppId = contextAppId || resolvedScope?.appId;
+  const scopeOrgId = resolvedScope?.organisationId || selectedOrganisation?.id || "";
+  const scopeEventId = resolvedScope?.eventId || selectedEvent?.event_id || void 0;
+  const scopeAppId = resolvedScope?.appId || resolvedAppId || void 0;
   const scope = useMemo9(() => {
-    if (resolvedScope?.organisationId) {
-      return resolvedScope;
+    const newScope = {};
+    if (scopeOrgId) {
+      newScope.organisationId = scopeOrgId;
     }
-    if (selectedOrganisation?.id) {
-      return {
-        organisationId: selectedOrganisation.id,
-        eventId: selectedEvent?.event_id || void 0,
-        appId: resolvedAppId || resolvedScope?.appId || void 0
-      };
+    if (scopeEventId) {
+      newScope.eventId = scopeEventId;
     }
-    return {
-      organisationId: selectedOrganisation?.id || "",
-      eventId: selectedEvent?.event_id || void 0,
-      appId: resolvedAppId || resolvedScope?.appId || void 0
-    };
-  }, [resolvedScope, selectedOrganisation?.id, selectedEvent?.event_id, resolvedAppId]);
+    if (scopeAppId) {
+      newScope.appId = scopeAppId;
+    }
+    return newScope;
+  }, [scopeOrgId, scopeEventId, scopeAppId]);
   const defaultNavItems = useMemo9(() => [
     { id: "home", label: "Home", href: "/", icon: "Home" },
     { id: "dashboard", label: "Dashboard", href: "/dashboard", icon: "LayoutDashboard" },
@@ -3632,72 +3657,51 @@ function PaceAppLayout({
       return pageIdMapping[currentPath];
     }
     const pathSegments = currentPath.slice(1).split("/").filter(Boolean);
-    return pathSegments[0] || "home";
+    return pathSegments[0] || "";
   }, [location.pathname, pageIdMapping]);
   const currentPermission = useMemo9(() => {
-    if (!enforcePermissions) {
-      return "read:page.home";
+    if (!enforcePermissions || !currentPageId) {
+      return "";
     }
     const permissionString = `${currentRoutePermission}:page.${currentPageId}`;
     return permissionString;
   }, [enforcePermissions, currentRoutePermission, currentPageId]);
-  const [isSuperAdminUser, setIsSuperAdminUser] = useState12(false);
-  const [isCheckingSuperAdmin, setIsCheckingSuperAdmin] = useState12(false);
-  useEffect8(() => {
-    const checkSuperAdminStatus = async () => {
-      if (!user?.id) {
-        setIsSuperAdminUser(false);
-        setIsCheckingSuperAdmin(false);
-        return;
-      }
-      setIsCheckingSuperAdmin(true);
-      try {
-        const superAdminStatus = await isSuperAdmin(user.id);
-        setIsSuperAdminUser(superAdminStatus);
-      } catch (error) {
-        logger.error("PaceAppLayout", "Error checking super admin status", { userId: user?.id, error });
-        setIsSuperAdminUser(false);
-      } finally {
-        setIsCheckingSuperAdmin(false);
-      }
-    };
-    checkSuperAdminStatus();
-  }, [user?.id]);
+  const shouldCheckPermission = enforcePermissions && !!currentPermission && !!currentPageId;
   const { can: canFromHook, isLoading: isCheckingPermission, error: permissionError } = useCan(
     user?.id || "",
     scope,
-    currentPermission,
-    currentPageId,
+    shouldCheckPermission ? currentPermission : "",
+    shouldCheckPermission ? currentPageId : "",
     true,
     // useCache
     appName
     // Pass appName for PORTAL/ADMIN special case
   );
-  const can = isSuperAdminUser ? true : canFromHook;
+  const can = isSuperAdmin2 ? true : canFromHook;
   const hasPermission = enforcePermissions ? can : true;
   useEffect8(() => {
     if (!enforcePermissions) {
       return;
     }
-    if (isCheckingSuperAdmin || isCheckingPermission) {
+    if (isCheckingPermission) {
       return;
     }
-    if (strictMode && !isSuperAdminUser && !can) {
+    if (strictMode && !isSuperAdmin2 && !can) {
       logger.error("PaceAppLayout", "STRICT MODE VIOLATION: User attempted to access protected page without permission", {
         pageName: currentPageId,
         operation: currentRoutePermission,
         userId: user?.id,
-        isSuperAdmin: isSuperAdminUser,
+        isSuperAdmin: isSuperAdmin2,
         timestamp: (/* @__PURE__ */ new Date()).toISOString()
       });
       if (onStrictModeViolation) {
         onStrictModeViolation(currentPageId, currentRoutePermission);
       }
     }
-    if (!isSuperAdminUser && !can && onPageAccessDenied) {
+    if (!isSuperAdmin2 && !can && onPageAccessDenied) {
       onPageAccessDenied(currentPageId, currentRoutePermission);
     }
-  }, [enforcePermissions, can, isCheckingPermission, isCheckingSuperAdmin, isSuperAdminUser, currentPageId, currentRoutePermission, user?.id, strictMode, auditLog, onPageAccessDenied, onStrictModeViolation]);
+  }, [enforcePermissions, can, isCheckingPermission, isSuperAdmin2, currentPageId, currentRoutePermission, user?.id, strictMode, auditLog, onPageAccessDenied, onStrictModeViolation]);
   const [filteredMenuItems, setFilteredMenuItems] = useState12(baseMenuItems);
   useEffect8(() => {
     let isMounted = true;
@@ -3725,8 +3729,8 @@ function PaceAppLayout({
         return;
       }
       try {
-        const { isSuperAdmin: isSuperAdmin2 } = await import("./api-IHKALJZD.js");
-        const isSuper = await isSuperAdmin2(user.id);
+        const { isSuperAdmin: checkSuperAdminDynamic } = await import("./api-N774RPUA.js");
+        const isSuper = await checkSuperAdminDynamic(user.id);
         if (isSuper) {
           if (isMounted) {
             setFilteredMenuItems(baseMenuItems);
@@ -3740,7 +3744,7 @@ function PaceAppLayout({
         }
       }
       try {
-        const { getPermissionMap } = await import("./api-IHKALJZD.js");
+        const { getPermissionMap } = await import("./api-N774RPUA.js");
         const permissionScope = {
           organisationId: currentScope.organisationId,
           eventId: currentScope.eventId,
@@ -3796,7 +3800,7 @@ function PaceAppLayout({
       let hasAccess = true;
       if (currentRoute.pageId && currentRoute.permissions && currentRoute.permissions.length > 0) {
         try {
-          const { isPermittedCached } = await import("./api-IHKALJZD.js");
+          const { isPermittedCached } = await import("./api-N774RPUA.js");
           const hasPagePermission = await isPermittedCached({
             userId: user?.id || "",
             scope,
@@ -3812,7 +3816,7 @@ function PaceAppLayout({
         }
       }
       if (hasAccess && currentRoute.roles && currentRoute.roles.length > 0 && user?.id) {
-        const { useUnifiedAuth: useUnifiedAuth2 } = await import("./UnifiedAuthProvider-FTSG5XH7.js");
+        const { useUnifiedAuth: useUnifiedAuth2 } = await import("./UnifiedAuthProvider-RGJTDE2C.js");
         hasAccess = true;
       }
       if (!isMounted) return;
@@ -3858,26 +3862,26 @@ function PaceAppLayout({
     }
     return {};
   };
-  if (user?.id && organisationLoading) {
+  if (user?.id && organisationLoading && !isSuperAdmin2 && !isCheckingSuperAdminDirect && !rbacLoading && !selectedOrganisationId) {
     return /* @__PURE__ */ jsx20("div", { className: "flex items-center justify-center min-h-screen", children: /* @__PURE__ */ jsxs15("div", { className: "text-center", children: [
       /* @__PURE__ */ jsx20("div", { className: "animate-spin rounded-full size-8 border-b-2 border-sec-900 mx-auto mb-4" }),
       /* @__PURE__ */ jsx20("p", { className: "text-sec-600", children: "Loading organisation context..." })
     ] }) });
   }
-  if (enforcePermissions && (isCheckingSuperAdmin || isCheckingPermission)) {
+  if (enforcePermissions && isCheckingPermission) {
     return /* @__PURE__ */ jsx20("div", { className: "flex items-center justify-center min-h-screen", children: /* @__PURE__ */ jsxs15("div", { className: "text-center", children: [
       /* @__PURE__ */ jsx20("div", { className: "animate-spin rounded-full size-8 border-b-2 border-sec-900 mx-auto mb-4" }),
       /* @__PURE__ */ jsx20("p", { className: "text-sec-600", children: "Checking permissions..." })
     ] }) });
   }
-  if (enforcePermissions && permissionError && !isSuperAdminUser) {
+  if (enforcePermissions && permissionError && !isSuperAdmin2) {
     return /* @__PURE__ */ jsx20("div", { className: "flex items-center justify-center min-h-screen", children: /* @__PURE__ */ jsxs15("div", { className: "text-center", children: [
       /* @__PURE__ */ jsx20("h2", { className: "text-xl font-semibold text-acc-600 mb-2", children: "Permission Error" }),
       /* @__PURE__ */ jsx20("p", { className: "text-sec-600 mb-4", children: permissionError.message }),
       /* @__PURE__ */ jsx20(Button, { onClick: () => navigate("/"), children: "Go Home" })
     ] }) });
   }
-  if (enforcePermissions && hasPermission === false && !isCheckingSuperAdmin && !isSuperAdminUser) {
+  if (enforcePermissions && hasPermission === false && !isCheckingSuperAdminDirect && !isSuperAdmin2) {
     if (enforcePagePermissions && pagePermissionFallback) {
       return /* @__PURE__ */ jsx20(Fragment7, { children: pagePermissionFallback });
     }
@@ -3968,7 +3972,6 @@ var PaceLoginPage = ({
           await eventService.restorePersistedEvent();
         }
       } catch (error) {
-        logger.debug("PaceLoginPage", "Could not restore persisted event (service may not be ready):", error);
       }
     };
     const timeoutId = setTimeout(() => {
@@ -4002,7 +4005,6 @@ var PaceLoginPage = ({
         }
         const { data: pagesData, error: pagesError } = await supabase.from("rbac_app_pages").select("id, page_name").eq("app_id", appData.id);
         if (pagesError || !pagesData || pagesData.length === 0) {
-          logger.debug("PaceLoginPage", "No pages configured for app:", appName);
           setAccessError(`You do not have permission to access ${appName}. This application is currently unavailable. Please contact your administrator if you believe you should have access.`);
           setIsCheckingAccess(false);
           return;
@@ -4010,7 +4012,6 @@ var PaceLoginPage = ({
         const { data: orgRow } = await supabase.from("rbac_organisation_roles").select("organisation_id").eq("user_id", userId).eq("status", "active").is("revoked_at", null).limit(1).maybeSingle();
         const organisationId = orgRow?.organisation_id;
         if (!organisationId) {
-          logger.debug("PaceLoginPage", "User has no organisation access");
           setAccessError(`You do not have permission to access ${appName}. You are not assigned to any organisation. Please contact your administrator.`);
           setIsCheckingAccess(false);
           return;
@@ -4027,19 +4028,16 @@ var PaceLoginPage = ({
             p_page_id: page.page_name
             // Page name to resolve to UUID
           });
-          logger.debug("PaceLoginPage", "Permission check for page:", { pageName: page.page_name, hasPermission, error: permError });
           if (!permError && hasPermission === true) {
             hasAnyAccess = true;
             break;
           }
         }
         if (hasAnyAccess) {
-          logger.debug("PaceLoginPage", "User has access to app");
           setIsCheckingAccess(false);
           navigate(onSuccessRedirectPath, { replace: true });
           return;
         }
-        logger.debug("PaceLoginPage", "Access denied - no permissions");
         setAccessError(`You do not have permission to access ${appName}. This application is restricted to authorized users only. Please contact your administrator if you believe you should have access.`);
         setIsCheckingAccess(false);
       } catch (error) {
@@ -4251,7 +4249,6 @@ function ProtectedRoute({
     ] }) });
   }
   if (!selectedEvent) {
-    logger.debug("ProtectedRoute", "Events available but none selected - allowing render so selector is visible");
     return /* @__PURE__ */ jsx23(Outlet2, {});
   }
   return /* @__PURE__ */ jsx23(Outlet2, {});
@@ -4993,4 +4990,4 @@ export {
   PublicPageFooter,
   PublicPageLayout
 };
-//# sourceMappingURL=chunk-VKB2CO4Z.js.map
+//# sourceMappingURL=chunk-NOAYCWCX.js.map