npm - @jmruthers/pace-core - Versions diffs - 0.5.191 → 0.5.193 - Mend

@jmruthers/pace-core 0.5.191 → 0.5.193

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (293) hide show

package/dist/{AuthService-CbP_utw2.d.ts → AuthService-DjnJHDtC.d.ts} +1 -0
package/dist/{DataTable-WKRZD47S.js → DataTable-5FU7IESH.js} +7 -6
package/dist/{PublicPageProvider-ULXC_u6U.d.ts → PublicPageProvider-C0Sm_e5k.d.ts} +3 -1
package/dist/{UnifiedAuthProvider-BYA9qB-o.d.ts → UnifiedAuthProvider-185Ih4dj.d.ts} +2 -0
package/dist/{UnifiedAuthProvider-FTSG5XH7.js → UnifiedAuthProvider-RGJTDE2C.js} +3 -3
package/dist/{api-IHKALJZD.js → api-N774RPUA.js} +2 -2
package/dist/chunk-6C4YBBJM 5.js +628 -0
package/dist/chunk-7D4SUZUM.js 2.map +1 -0
package/dist/{chunk-LOMZXPSN.js → chunk-7EQTDTTJ.js} +47 -74
package/dist/chunk-7EQTDTTJ.js 2.map +1 -0
package/dist/chunk-7EQTDTTJ.js.map +1 -0
package/dist/{chunk-6LTQQAT6.js → chunk-7FLMSG37.js} +336 -137
package/dist/chunk-7FLMSG37.js 2.map +1 -0
package/dist/chunk-7FLMSG37.js.map +1 -0
package/dist/{chunk-XNYQOL3Z.js → chunk-BC4IJKSL.js} +9 -18
package/dist/chunk-BC4IJKSL.js.map +1 -0
package/dist/{chunk-ULHIJK66.js → chunk-E3SPN4VZ 5.js } +146 -36
package/dist/chunk-E3SPN4VZ.js +12917 -0
package/dist/{chunk-ULHIJK66.js.map → chunk-E3SPN4VZ.js.map} +1 -1
package/dist/chunk-E66EQZE6 5.js +37 -0
package/dist/chunk-E66EQZE6.js 2.map +1 -0
package/dist/{chunk-6TQDD426.js → chunk-HWIIPPNI.js} +40 -221
package/dist/chunk-HWIIPPNI.js.map +1 -0
package/dist/chunk-I7PSE6JW 5.js +191 -0
package/dist/chunk-I7PSE6JW.js 2.map +1 -0
package/dist/{chunk-OETXORNB.js → chunk-IIELH4DL.js} +211 -136
package/dist/chunk-IIELH4DL.js.map +1 -0
package/dist/{chunk-ROXMHMY2.js → chunk-KNC55RTG.js} +13 -3
package/dist/{chunk-ROXMHMY2.js.map → chunk-KNC55RTG.js 5.map } +1 -1
package/dist/chunk-KNC55RTG.js.map +1 -0
package/dist/chunk-KQCRWDSA.js 5.map +1 -0
package/dist/{chunk-XYXSXPUK.js → chunk-LFNCN2SP.js} +7 -6
package/dist/chunk-LFNCN2SP.js 2.map +1 -0
package/dist/chunk-LFNCN2SP.js.map +1 -0
package/dist/chunk-LMC26NLJ 2.js +84 -0
package/dist/{chunk-VKB2CO4Z.js → chunk-NOAYCWCX 5.js } +84 -87
package/dist/chunk-NOAYCWCX.js +4993 -0
package/dist/chunk-NOAYCWCX.js.map +1 -0
package/dist/chunk-QWWZ5CAQ.js 3.map +1 -0
package/dist/chunk-QXHPKYJV 3.js +113 -0
package/dist/chunk-R77UEZ4E 3.js +68 -0
package/dist/chunk-VBXEHIUJ.js 6.map +1 -0
package/dist/{chunk-VRGWKHDB.js → chunk-XNXXZ43G.js} +77 -33
package/dist/chunk-XNXXZ43G.js.map +1 -0
package/dist/chunk-ZSAAAMVR 6.js +25 -0
package/dist/components.d.ts +2 -2
package/dist/components.js +7 -7
package/dist/components.js 5.map +1 -0
package/dist/hooks.js +8 -8
package/dist/index.d.ts +5 -5
package/dist/index.js +12 -14
package/dist/index.js.map +1 -1
package/dist/providers.d.ts +3 -3
package/dist/providers.js +2 -2
package/dist/rbac/index.d.ts +1 -19
package/dist/rbac/index.js +7 -9
package/dist/styles/index 2.js +12 -0
package/dist/styles/index.js 5.map +1 -0
package/dist/theming/runtime 5.js +19 -0
package/dist/theming/runtime.js 5.map +1 -0
package/dist/utils.js +1 -1
package/docs/api/classes/ColumnFactory.md +1 -1
package/docs/api/classes/ErrorBoundary.md +1 -1
package/docs/api/classes/InvalidScopeError.md +1 -1
package/docs/api/classes/Logger.md +1 -1
package/docs/api/classes/MissingUserContextError.md +1 -1
package/docs/api/classes/OrganisationContextRequiredError.md +1 -1
package/docs/api/classes/PermissionDeniedError.md +2 -2
package/docs/api/classes/RBACAuditManager.md +2 -2
package/docs/api/classes/RBACCache.md +1 -1
package/docs/api/classes/RBACEngine.md +2 -2
package/docs/api/classes/RBACError.md +1 -1
package/docs/api/classes/RBACNotInitializedError.md +1 -1
package/docs/api/classes/SecureSupabaseClient.md +10 -10
package/docs/api/classes/StorageUtils.md +1 -1
package/docs/api/enums/FileCategory.md +1 -1
package/docs/api/enums/LogLevel.md +1 -1
package/docs/api/enums/RBACErrorCode.md +1 -1
package/docs/api/enums/RPCFunction.md +1 -1
package/docs/api/interfaces/AddressFieldProps.md +1 -1
package/docs/api/interfaces/AddressFieldRef.md +1 -1
package/docs/api/interfaces/AggregateConfig.md +1 -1
package/docs/api/interfaces/AutocompleteOptions.md +1 -1
package/docs/api/interfaces/AvatarProps.md +1 -1
package/docs/api/interfaces/BadgeProps.md +1 -1
package/docs/api/interfaces/ButtonProps.md +1 -1
package/docs/api/interfaces/CalendarProps.md +1 -1
package/docs/api/interfaces/CardProps.md +1 -1
package/docs/api/interfaces/ColorPalette.md +1 -1
package/docs/api/interfaces/ColorShade.md +1 -1
package/docs/api/interfaces/ComplianceResult.md +1 -1
package/docs/api/interfaces/DataAccessRecord.md +1 -1
package/docs/api/interfaces/DataRecord.md +1 -1
package/docs/api/interfaces/DataTableAction.md +1 -1
package/docs/api/interfaces/DataTableColumn.md +1 -1
package/docs/api/interfaces/DataTableProps.md +1 -1
package/docs/api/interfaces/DataTableToolbarButton.md +1 -1
package/docs/api/interfaces/DatabaseComplianceResult.md +1 -1
package/docs/api/interfaces/DatabaseIssue.md +1 -1
package/docs/api/interfaces/EmptyStateConfig.md +1 -1
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +1 -1
package/docs/api/interfaces/EventAppRoleData.md +1 -1
package/docs/api/interfaces/ExportColumn.md +1 -1
package/docs/api/interfaces/ExportOptions.md +1 -1
package/docs/api/interfaces/FileDisplayProps.md +24 -11
package/docs/api/interfaces/FileMetadata.md +1 -1
package/docs/api/interfaces/FileReference.md +1 -1
package/docs/api/interfaces/FileSizeLimits.md +1 -1
package/docs/api/interfaces/FileUploadOptions.md +1 -1
package/docs/api/interfaces/FileUploadProps.md +1 -1
package/docs/api/interfaces/FooterProps.md +1 -1
package/docs/api/interfaces/FormFieldProps.md +1 -1
package/docs/api/interfaces/FormProps.md +1 -1
package/docs/api/interfaces/GrantEventAppRoleParams.md +1 -1
package/docs/api/interfaces/InactivityWarningModalProps.md +1 -1
package/docs/api/interfaces/InputProps.md +1 -1
package/docs/api/interfaces/LabelProps.md +1 -1
package/docs/api/interfaces/LoggerConfig.md +1 -1
package/docs/api/interfaces/LoginFormProps.md +1 -1
package/docs/api/interfaces/NavigationAccessRecord.md +2 -2
package/docs/api/interfaces/NavigationContextType.md +1 -1
package/docs/api/interfaces/NavigationGuardProps.md +1 -1
package/docs/api/interfaces/NavigationItem.md +1 -1
package/docs/api/interfaces/NavigationMenuProps.md +1 -1
package/docs/api/interfaces/NavigationProviderProps.md +1 -1
package/docs/api/interfaces/Organisation.md +1 -1
package/docs/api/interfaces/OrganisationContextType.md +1 -1
package/docs/api/interfaces/OrganisationMembership.md +1 -1
package/docs/api/interfaces/OrganisationProviderProps.md +1 -1
package/docs/api/interfaces/OrganisationSecurityError.md +1 -1
package/docs/api/interfaces/PaceAppLayoutProps.md +1 -1
package/docs/api/interfaces/PaceLoginPageProps.md +1 -1
package/docs/api/interfaces/PageAccessRecord.md +1 -1
package/docs/api/interfaces/PagePermissionContextType.md +1 -1
package/docs/api/interfaces/PagePermissionGuardProps.md +2 -2
package/docs/api/interfaces/PagePermissionProviderProps.md +1 -1
package/docs/api/interfaces/PaletteData.md +1 -1
package/docs/api/interfaces/ParsedAddress.md +1 -1
package/docs/api/interfaces/PermissionEnforcerProps.md +4 -4
package/docs/api/interfaces/ProgressProps.md +1 -1
package/docs/api/interfaces/ProtectedRouteProps.md +1 -1
package/docs/api/interfaces/PublicPageFooterProps.md +1 -1
package/docs/api/interfaces/PublicPageHeaderProps.md +1 -1
package/docs/api/interfaces/PublicPageLayoutProps.md +1 -1
package/docs/api/interfaces/QuickFix.md +1 -1
package/docs/api/interfaces/RBACAccessValidateParams.md +1 -1
package/docs/api/interfaces/RBACAccessValidateResult.md +1 -1
package/docs/api/interfaces/RBACAuditLogParams.md +1 -1
package/docs/api/interfaces/RBACAuditLogResult.md +1 -1
package/docs/api/interfaces/RBACConfig.md +2 -2
package/docs/api/interfaces/RBACContext.md +1 -1
package/docs/api/interfaces/RBACLogger.md +1 -1
package/docs/api/interfaces/RBACPageAccessCheckParams.md +1 -1
package/docs/api/interfaces/RBACPerformanceMetrics.md +1 -1
package/docs/api/interfaces/RBACPermissionCheckParams.md +1 -1
package/docs/api/interfaces/RBACPermissionCheckResult.md +2 -2
package/docs/api/interfaces/RBACPermissionsGetParams.md +1 -1
package/docs/api/interfaces/RBACPermissionsGetResult.md +1 -1
package/docs/api/interfaces/RBACResult.md +1 -1
package/docs/api/interfaces/RBACRoleGrantParams.md +2 -2
package/docs/api/interfaces/RBACRoleGrantResult.md +1 -1
package/docs/api/interfaces/RBACRoleRevokeParams.md +2 -2
package/docs/api/interfaces/RBACRoleRevokeResult.md +1 -1
package/docs/api/interfaces/RBACRoleValidateParams.md +2 -2
package/docs/api/interfaces/RBACRoleValidateResult.md +1 -1
package/docs/api/interfaces/RBACRolesListParams.md +1 -1
package/docs/api/interfaces/RBACRolesListResult.md +2 -2
package/docs/api/interfaces/RBACSessionTrackParams.md +1 -1
package/docs/api/interfaces/RBACSessionTrackResult.md +1 -1
package/docs/api/interfaces/ResourcePermissions.md +1 -1
package/docs/api/interfaces/RevokeEventAppRoleParams.md +1 -1
package/docs/api/interfaces/RoleBasedRouterContextType.md +1 -1
package/docs/api/interfaces/RoleBasedRouterProps.md +1 -1
package/docs/api/interfaces/RoleManagementResult.md +1 -1
package/docs/api/interfaces/RouteAccessRecord.md +2 -2
package/docs/api/interfaces/RouteConfig.md +2 -2
package/docs/api/interfaces/RuntimeComplianceResult.md +1 -1
package/docs/api/interfaces/SecureDataContextType.md +1 -1
package/docs/api/interfaces/SecureDataProviderProps.md +1 -1
package/docs/api/interfaces/SessionRestorationLoaderProps.md +1 -1
package/docs/api/interfaces/SetupIssue.md +1 -1
package/docs/api/interfaces/StorageConfig.md +1 -1
package/docs/api/interfaces/StorageFileInfo.md +1 -1
package/docs/api/interfaces/StorageFileMetadata.md +1 -1
package/docs/api/interfaces/StorageListOptions.md +1 -1
package/docs/api/interfaces/StorageListResult.md +1 -1
package/docs/api/interfaces/StorageUploadOptions.md +1 -1
package/docs/api/interfaces/StorageUploadResult.md +1 -1
package/docs/api/interfaces/StorageUrlOptions.md +1 -1
package/docs/api/interfaces/StyleImport.md +1 -1
package/docs/api/interfaces/SwitchProps.md +1 -1
package/docs/api/interfaces/TabsContentProps.md +1 -1
package/docs/api/interfaces/TabsListProps.md +1 -1
package/docs/api/interfaces/TabsProps.md +1 -1
package/docs/api/interfaces/TabsTriggerProps.md +1 -1
package/docs/api/interfaces/TextareaProps.md +1 -1
package/docs/api/interfaces/ToastActionElement.md +1 -1
package/docs/api/interfaces/ToastProps.md +1 -1
package/docs/api/interfaces/UnifiedAuthContextType.md +60 -38
package/docs/api/interfaces/UnifiedAuthProviderProps.md +13 -13
package/docs/api/interfaces/UseFormDialogOptions.md +1 -1
package/docs/api/interfaces/UseFormDialogReturn.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerOptions.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoOptions.md +2 -2
package/docs/api/interfaces/UsePublicEventLogoReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventReturn.md +1 -1
package/docs/api/interfaces/UsePublicFileDisplayOptions.md +2 -2
package/docs/api/interfaces/UsePublicFileDisplayReturn.md +1 -1
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +1 -1
package/docs/api/interfaces/UseResolvedScopeOptions.md +2 -2
package/docs/api/interfaces/UseResolvedScopeReturn.md +1 -1
package/docs/api/interfaces/UseResourcePermissionsOptions.md +1 -1
package/docs/api/interfaces/UserEventAccess.md +1 -1
package/docs/api/interfaces/UserMenuProps.md +1 -1
package/docs/api/interfaces/UserProfile.md +1 -1
package/docs/api/modules.md +194 -209
package/docs/migration/database-changes-december-2025.md +2 -1
package/docs/rbac/event-based-apps.md +124 -6
package/package.json +1 -1
package/scripts/check-pace-core-compliance.cjs +292 -57
package/src/__tests__/rls-policies.test.ts +3 -1
package/src/components/DataTable/__tests__/DataTable.default-state.test.tsx +172 -45
package/src/components/DataTable/__tests__/DataTable.grouping-aggregation.test.tsx +121 -28
package/src/components/DataTable/__tests__/DataTableCore.test-setup.ts +9 -8
package/src/components/DataTable/__tests__/DataTableCore.test.tsx +20 -52
package/src/components/DataTable/__tests__/a11y.basic.test.tsx +170 -34
package/src/components/DataTable/__tests__/keyboard.test.tsx +75 -12
package/src/components/DataTable/__tests__/pagination.modes.test.tsx +75 -11
package/src/components/DataTable/components/UnifiedTableBody.tsx +85 -14
package/src/components/DataTable/hooks/useDataTablePermissions.ts +75 -10
package/src/components/FileDisplay/FileDisplay.test.tsx +2 -1
package/src/components/FileDisplay/FileDisplay.tsx +16 -4
package/src/components/NavigationMenu/NavigationMenu.test.tsx +6 -4
package/src/components/NavigationMenu/NavigationMenu.tsx +1 -10
package/src/components/OrganisationSelector/OrganisationSelector.tsx +0 -1
package/src/components/PaceAppLayout/PaceAppLayout.test.tsx +25 -2
package/src/components/PaceAppLayout/PaceAppLayout.tsx +97 -68
package/src/components/PaceLoginPage/PaceLoginPage.tsx +0 -7
package/src/components/ProtectedRoute/ProtectedRoute.test.tsx +5 -9
package/src/components/ProtectedRoute/ProtectedRoute.tsx +0 -1
package/src/components/PublicLayout/PublicPageProvider.tsx +0 -1
package/src/hooks/__tests__/useSecureDataAccess.unit.test.tsx +14 -7
package/src/hooks/services/useAuthService.ts +21 -3
package/src/hooks/services/useEventService.ts +21 -3
package/src/hooks/services/useInactivityService.ts +21 -3
package/src/hooks/services/useOrganisationService.ts +21 -3
package/src/hooks/useFileDisplay.ts +10 -17
package/src/hooks/useSecureDataAccess.test.ts +16 -9
package/src/hooks/useSecureDataAccess.ts +3 -2
package/src/providers/services/EventServiceProvider.tsx +0 -8
package/src/providers/services/UnifiedAuthProvider.tsx +174 -24
package/src/rbac/__tests__/adapters.comprehensive.test.tsx +10 -16
package/src/rbac/__tests__/isSuperAdmin.real.test.ts +82 -0
package/src/rbac/adapters.tsx +3 -22
package/src/rbac/api.test.ts +2 -2
package/src/rbac/api.ts +7 -1
package/src/rbac/components/EnhancedNavigationMenu.tsx +2 -15
package/src/rbac/components/NavigationGuard.tsx +1 -10
package/src/rbac/components/NavigationProvider.tsx +0 -1
package/src/rbac/components/PermissionEnforcer.tsx +45 -12
package/src/rbac/components/SecureDataProvider.tsx +0 -1
package/src/rbac/components/__tests__/EnhancedNavigationMenu.test.tsx +7 -43
package/src/rbac/components/__tests__/NavigationGuard.test.tsx +4 -11
package/src/rbac/components/__tests__/NavigationProvider.test.tsx +3 -3
package/src/rbac/components/__tests__/SecureDataProvider.fixed.test.tsx +1 -1
package/src/rbac/components/__tests__/SecureDataProvider.test.tsx +1 -1
package/src/rbac/engine.ts +14 -2
package/src/rbac/hooks/index.ts +0 -3
package/src/rbac/hooks/usePermissions.ts +51 -11
package/src/rbac/hooks/useRBAC.ts +3 -13
package/src/rbac/hooks/useResolvedScope.test.ts +75 -54
package/src/rbac/hooks/useResolvedScope.ts +58 -33
package/src/rbac/hooks/useSecureSupabase.ts +4 -9
package/src/rbac/secureClient.ts +31 -0
package/src/services/EventService.ts +4 -57
package/src/services/InactivityService.ts +127 -34
package/src/services/OrganisationService.ts +68 -10
package/dist/chunk-6LTQQAT6.js.map +0 -1
package/dist/chunk-6TQDD426.js.map +0 -1
package/dist/chunk-LOMZXPSN.js.map +0 -1
package/dist/chunk-OETXORNB.js.map +0 -1
package/dist/chunk-VKB2CO4Z.js.map +0 -1
package/dist/chunk-VRGWKHDB.js.map +0 -1
package/dist/chunk-XNYQOL3Z.js.map +0 -1
package/dist/chunk-XYXSXPUK.js.map +0 -1
package/scripts/check-pace-core-compliance.js +0 -512
package/src/rbac/hooks/useSuperAdminBypass.ts +0 -126
package/src/utils/context/superAdminOverride.ts +0 -58
/package/dist/{DataTable-WKRZD47S.js.map → DataTable-5FU7IESH.js.map} +0 -0
/package/dist/{UnifiedAuthProvider-FTSG5XH7.js.map → UnifiedAuthProvider-RGJTDE2C.js.map} +0 -0
/package/dist/{api-IHKALJZD.js.map → api-N774RPUA.js.map} +0 -0

package/docs/migration/database-changes-december-2025.md CHANGED Viewed

@@ -260,9 +260,10 @@ The following RPC functions have been updated to use the new table names:
 - `app_cake_unit_create` - Now queries `core_events`
 - `app_base_application_create` - Now queries `core_person` and `core_events`
 - `app_pace_contact_update` - Now queries `core_contact`, `core_person`, `core_member`, `core_phone`
-- `set_super_admin_override` - Now queries `core_organisations`
 - `get_organisation_members` - Now uses `core_organisation_memberships` view
+**Note**: `set_super_admin_override` function has been **removed** (as of migration `20251208133718_remove_super_admin_override_mechanism.sql`). Super admin access is now determined solely by the `is_super_admin()` function in RLS policies. If you were using this function, remove those calls as they are no longer needed or available.
 **Note**: RPC function signatures have not changed - only internal table references. Your RPC calls should continue to work, but ensure you're using the correct table names in any direct queries.
 ### TypeScript Type Updates

package/docs/rbac/event-based-apps.md CHANGED Viewed

@@ -29,7 +29,9 @@ A simple event management app that demonstrates:
 4. **ALWAYS set up providers correctly** in the exact order shown below
 5. **Use the exact app name** from your environment variable (must match database exactly, case-sensitive)
 6. **Ensure database setup is complete** before starting the app - App must be registered with `requires_event = true`
-7. **User must have organisation role** - Users need roles assigned in `rbac_organisation_roles` table
+7. **User must have organisation role OR event access** - Users need either:
+   - Explicit roles in `rbac_organisation_roles` table, OR
+   - Event access via `rbac_event_app_roles` (organisation access is automatically inferred)
 8. **Event must be selected** - `selectedEventId` must be set in UnifiedAuth context before permission checks
 9. **Event must belong to organisation** - The event's `organisation_id` must match the user's organisation
@@ -200,6 +202,8 @@ RETURNING event_id, event_name, event_code, organisation_id;
 #### 5.5 Assign User Roles
+**Option 1: Explicit Organisation Membership (Traditional)**
 ```sql
 -- Grant a user the org_admin role (replace with actual user and organisation IDs)
 INSERT INTO rbac_organisation_roles (user_id, organisation_id, role, status, granted_at)
@@ -216,6 +220,42 @@ ON CONFLICT (user_id, organisation_id) DO UPDATE SET
   updated_at = NOW();
 ```
+**Option 2: Event-Based Access (Automatic Organisation Inference)**
+For event-based apps, you can grant access via event roles. The system will automatically infer organisation access from event access:
+```sql
+-- Grant a user event access (organisation access is automatically inferred)
+-- Replace with actual user, event, app, and organisation IDs
+INSERT INTO rbac_event_app_roles (
+  user_id,
+  event_id,
+  app_id,
+  organisation_id,
+  role,
+  status,
+  granted_at
+)
+VALUES (
+  'your-user-id'::uuid,
+  'your-event-id'::text,
+  (SELECT id FROM rbac_apps WHERE name = 'pace-trac'),
+  'your-organisation-id'::uuid,  -- Must match event's organisation_id
+  'planner',  -- or 'event_admin', 'participant', etc.
+  'active',
+  NOW()
+)
+ON CONFLICT (user_id, event_id, app_id, role) DO UPDATE SET
+  status = EXCLUDED.status,
+  updated_at = NOW();
+```
+**Important Notes:**
+- When a user has event access via `rbac_event_app_roles`, they automatically get implicit organisation access
+- The system grants an implicit 'member' role for permission checks
+- Explicit organisation memberships take precedence over inferred access
+- This eliminates the need to maintain duplicate organisation memberships for event-only users
 ### 6. Create Supabase Client
 Create `src/lib/supabase.ts`:
@@ -640,7 +680,9 @@ Your event-based RBAC setup is working correctly if:
 - [ ] App is registered in `rbac_apps` table with `requires_event = true` and `is_active = true`
 - [ ] Pages exist in `rbac_app_pages` for your app
 - [ ] Page permissions exist in `rbac_page_permissions` for your pages, roles, and organisation
-- [ ] User has an active role in `rbac_organisation_roles` for the organisation
+- [ ] User has either:
+  - An active role in `rbac_organisation_roles` for the organisation, OR
+  - Event access via `rbac_event_app_roles` (organisation access is automatically inferred)
 - [ ] At least one event exists in the `event` table for your organisation
 - [ ] `VITE_APP_NAME` environment variable matches database `rbac_apps.name` exactly
 - [ ] `EventProvider` wraps your app content
@@ -762,15 +804,40 @@ WHERE event_id = 'your-event-id'::uuid;
    ```
    - Must have pages for `dashboard`, `participants`, etc.
-5. **Verify user has organisation role**:
+5. **Verify user has organisation role OR event access**:
    ```sql
-   SELECT ror.*, u.email
+   -- Check explicit organisation roles
+   SELECT ror.*, u.email, 'explicit' as access_type
    FROM rbac_organisation_roles ror
    JOIN auth.users u ON ror.user_id = u.id
    WHERE ror.user_id = 'your-user-id'::uuid
-     AND ror.status = 'active';
+     AND ror.status = 'active'
+   UNION ALL
+   -- Check event-based access (which infers organisation access)
+   SELECT
+     rear.id,
+     rear.user_id,
+     e.organisation_id as organisation_id,
+     'member' as role,  -- Implicit role granted from event access
+     rear.status,
+     rear.granted_at,
+     rear.granted_by,
+     rear.revoked_at,
+     rear.revoked_by,
+     u.email,
+     'inferred' as access_type
+   FROM rbac_event_app_roles rear
+   JOIN event e ON e.event_id = rear.event_id
+   JOIN auth.users u ON rear.user_id = u.id
+   WHERE rear.user_id = 'your-user-id'::uuid
+     AND rear.status = 'active'
+     AND e.organisation_id = 'your-organisation-id'::uuid;
    ```
-   - User must have at least one active role
+   - User must have either:
+     - At least one active explicit organisation role, OR
+     - Event access via `rbac_event_app_roles` (organisation access is automatically inferred)
    - Must be for the organisation that owns the event
 6. **Verify event belongs to user's organisation**:
@@ -847,8 +914,59 @@ WHERE event_id = 'your-event-id'::uuid;
 | **Context Required** | `organisationId` | `eventId` (org auto-resolved) |
 | **PagePermissionGuard** | Needs `organisationId` | Needs `eventId` (org auto-resolved) |
 | **Scope Resolution** | Direct from context | Organisation resolved from event |
+| **User Access** | Requires explicit `rbac_organisation_roles` | Can use `rbac_event_app_roles` (org access inferred) |
 | **Use Case** | User management, org settings | Event registration, event management |
+## 🎯 Organisation Access Inference from Events
+**New Feature:** The RBAC system can now automatically infer organisation access from event access, eliminating the need for explicit organisation memberships when users have event access.
+### How It Works
+1. **User has event access** via `rbac_event_app_roles` table
+2. **System derives organisation** from the event's `organisation_id`
+3. **System grants implicit 'member' role** for permission checks
+4. **Permission checks proceed** as if user had explicit organisation membership
+### Benefits
+- **Eliminates data duplication** - No need to maintain both event and organisation memberships
+- **Simplifies onboarding** - Grant event access, organisation access is automatic
+- **Maintains security** - Still validates that user has valid event access
+- **Backward compatible** - Explicit organisation memberships still work and take precedence
+### Example
+```sql
+-- User has event access but no explicit organisation membership
+INSERT INTO rbac_event_app_roles (
+  user_id,
+  event_id,
+  app_id,
+  organisation_id,
+  role,
+  status
+)
+VALUES (
+  'user-123'::uuid,
+  'event-456'::text,
+  (SELECT id FROM rbac_apps WHERE name = 'pace-trac'),
+  'org-789'::uuid,
+  'planner',
+  'active'
+);
+-- System automatically allows organisation access for permission checks
+-- User can now access pages that require organisation context
+-- Implicit role: 'member' (for permission matching)
+```
+### When Explicit Membership is Still Required
+- Users who need organisation-level access without event context
+- Users who need specific organisation roles (org_admin, leader) that aren't granted via events
+- Organisation management features that don't require event context
 ## 🚀 Next Steps
 - **[RBAC Overview](./README.md)** - Complete RBAC system documentation

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@jmruthers/pace-core",
-  "version": "0.5.191",
+  "version": "0.5.193",
   "description": "Clean, modern React component library with Tailwind v4 styling and native utilities",
   "private": false,
   "publishConfig": {