npm - @jmruthers/pace-core - Versions diffs - 0.5.191 → 0.6.1 - Mend

@jmruthers/pace-core 0.5.191 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (380) hide show

package/dist/{chunk-LOMZXPSN.js → chunk-4ZC4GX36.js} RENAMED Viewed

@@ -3,23 +3,23 @@ import {
   useAccessLevel,
   useCan,
   useMultiplePermissions
-} from "./chunk-VRGWKHDB.js";
+} from "./chunk-XM25TVIE.js";
 import {
   useSecureDataAccess
-} from "./chunk-XYXSXPUK.js";
+} from "./chunk-EXUD6RNJ.js";
 import {
   useResolvedScope
-} from "./chunk-OETXORNB.js";
+} from "./chunk-3XTALGJF.js";
 import {
   useUnifiedAuth
-} from "./chunk-6LTQQAT6.js";
+} from "./chunk-BYFSK72L.js";
 import {
   RBACCache,
   RBACNotInitializedError,
   getRBACConfig,
   getRBACLogger,
   rbacCache
-} from "./chunk-ROXMHMY2.js";
+} from "./chunk-KNC55RTG.js";
 import {
   createLogger,
   logger
@@ -435,7 +435,6 @@ function SecureDataProvider({
   useEffect3(() => {
     if (enforceRLS && auditLog) {
       const logger2 = getRBACLogger();
-      logger2.debug("RLS enforcement enabled - all queries will include organisation context");
     }
   }, [enforceRLS, auditLog]);
   return /* @__PURE__ */ jsx3(SecureDataContext.Provider, { value: contextValue, children });
@@ -449,7 +448,7 @@ function useSecureData() {
 }
 // src/rbac/components/PermissionEnforcer.tsx
-import { useMemo as useMemo4, useEffect as useEffect4, useState as useState4 } from "react";
+import { useMemo as useMemo4, useEffect as useEffect4, useState as useState4, useRef as useRef2 } from "react";
 import { Fragment as Fragment2, jsx as jsx4, jsxs as jsxs2 } from "react/jsx-runtime";
 var log2 = createLogger("PermissionEnforcer");
 function PermissionEnforcer({
@@ -471,7 +470,23 @@ function PermissionEnforcer({
     selectedOrganisationId: selectedOrganisation?.id || null,
     selectedEventId: selectedEvent?.event_id || null
   });
-  const effectiveScope = scope || resolvedScope;
+  const scopeToUse = scope || resolvedScope;
+  const scopeOrgId = scopeToUse?.organisationId || "";
+  const scopeEventId = scopeToUse?.eventId || void 0;
+  const scopeAppId = scopeToUse?.appId || void 0;
+  const effectiveScope = useMemo4(() => {
+    const newScope = {};
+    if (scopeOrgId) {
+      newScope.organisationId = scopeOrgId;
+    }
+    if (scopeEventId) {
+      newScope.eventId = scopeEventId;
+    }
+    if (scopeAppId) {
+      newScope.appId = scopeAppId;
+    }
+    return newScope;
+  }, [scopeOrgId, scopeEventId, scopeAppId]);
   const checkError = scopeError;
   const { results: permissionResults, isLoading: permissionsLoading, error: permissionsError } = useMultiplePermissions(
     user?.id || "",
@@ -503,19 +518,25 @@ function PermissionEnforcer({
       setHasChecked(true);
     }
   }, [hasRequiredPermissions, isLoading, error, permissions, operation, onDenied]);
+  const permissionsKey = permissions.join(",");
+  const lastLoggedKeyRef = useRef2(null);
   useEffect4(() => {
     if (auditLog && hasChecked && !isLoading) {
-      log2.debug("Permission check attempt:", {
-        permissions,
-        operation,
-        userId: user?.id,
-        scope: effectiveScope,
-        allowed: hasRequiredPermissions,
-        requireAll,
-        timestamp: (/* @__PURE__ */ new Date()).toISOString()
-      });
+      const logKey = `${operation}-${user?.id}-${permissionsKey}-${hasRequiredPermissions}-${scopeOrgId}-${scopeEventId}-${scopeAppId}`;
+      if (lastLoggedKeyRef.current !== logKey) {
+        lastLoggedKeyRef.current = logKey;
+        log2.debug("Permission check attempt:", {
+          permissions,
+          operation,
+          userId: user?.id,
+          scope: effectiveScope,
+          allowed: hasRequiredPermissions,
+          requireAll,
+          timestamp: (/* @__PURE__ */ new Date()).toISOString()
+        });
+      }
     }
-  }, [auditLog, hasChecked, isLoading, permissions, operation, user?.id, effectiveScope, hasRequiredPermissions, requireAll]);
+  }, [auditLog, hasChecked, isLoading, permissionsKey, operation, user?.id, scopeOrgId, scopeEventId, scopeAppId, hasRequiredPermissions]);
   useEffect4(() => {
     if (strictMode && hasChecked && !isLoading && !hasRequiredPermissions) {
       const logger2 = getRBACLogger();
@@ -849,7 +870,6 @@ function NavigationProvider({
   useEffect6(() => {
     if (strictMode && auditLog) {
       const logger2 = getRBACLogger();
-      logger2.debug("Strict mode enabled - all navigation access attempts will be logged and enforced");
     }
   }, [strictMode, auditLog]);
   return /* @__PURE__ */ jsx6(NavigationContext.Provider, { value: contextValue, children });
@@ -914,16 +934,6 @@ function NavigationGuard({
   }, [hasRequiredPermissions, isLoading, error, navigationItem, onDenied]);
   useEffect7(() => {
     if (auditLog && hasChecked && !isLoading) {
-      const logger2 = getRBACLogger();
-      logger2.debug("Navigation access attempt:", {
-        navigationItem: navigationItem.id,
-        permissions: navigationItem.permissions,
-        userId: user?.id,
-        scope: effectiveScope,
-        allowed: hasRequiredPermissions,
-        requireAll,
-        timestamp: (/* @__PURE__ */ new Date()).toISOString()
-      });
     }
   }, [auditLog, hasChecked, isLoading, navigationItem, user?.id, effectiveScope, hasRequiredPermissions, requireAll]);
   useEffect7(() => {
@@ -1031,13 +1041,6 @@ function EnhancedNavigationMenu({
       onItemClick(item);
     }
     if (auditLog) {
-      const logger2 = getRBACLogger();
-      logger2.debug("Navigation item clicked:", {
-        item: item.id,
-        path: item.path,
-        permissions: item.permissions,
-        timestamp: (/* @__PURE__ */ new Date()).toISOString()
-      });
     }
     setNavigationHistory((prev) => {
       const newHistory = [item, ...prev.filter((i) => i.id !== item.id)];
@@ -1089,18 +1092,10 @@ function EnhancedNavigationMenu({
   useEffect8(() => {
     if (strictMode && auditLog) {
       const logger2 = getRBACLogger();
-      logger2.debug("Strict mode enabled - all navigation access attempts will be logged and enforced");
     }
   }, [strictMode, auditLog]);
   useEffect8(() => {
     if (auditLog) {
-      const logger2 = getRBACLogger();
-      logger2.debug("Navigation menu initialized:", {
-        totalItems: items.length,
-        filteredItems: filteredItems.length,
-        strictMode,
-        timestamp: (/* @__PURE__ */ new Date()).toISOString()
-      });
     }
   }, [items.length, filteredItems.length, strictMode, auditLog]);
   return /* @__PURE__ */ jsx8("nav", { className, children: filteredItems.map((item) => {
@@ -1151,26 +1146,11 @@ function PermissionGuard({
   if (error) {
     logger2.error("Permission check failed:", error);
     if (auditLog) {
-      logger2.info(`[PermissionGuard] Permission check failed:`, {
-        userId: effectiveUserId,
-        scope,
-        permission,
-        pageId,
-        error: error.message,
-        timestamp: (/* @__PURE__ */ new Date()).toISOString()
-      });
     }
     return fallback;
   }
   if (!can) {
     if (auditLog) {
-      logger2.info(`[PermissionGuard] Permission denied:`, {
-        userId: effectiveUserId,
-        scope,
-        permission,
-        pageId,
-        timestamp: (/* @__PURE__ */ new Date()).toISOString()
-      });
     }
     if (strictMode) {
       logger2.error(`[PermissionGuard] STRICT MODE VIOLATION: User attempted to access protected resource without permission`, {
@@ -1187,13 +1167,6 @@ function PermissionGuard({
     return /* @__PURE__ */ jsx9(Fragment4, { children: fallback });
   }
   if (auditLog) {
-    logger2.info(`[PermissionGuard] Permission granted:`, {
-      userId: effectiveUserId,
-      scope,
-      permission,
-      pageId,
-      timestamp: (/* @__PURE__ */ new Date()).toISOString()
-    });
   }
   return /* @__PURE__ */ jsx9(Fragment4, { children });
 }
@@ -1247,7 +1220,7 @@ function withPermissionGuard(config, handler) {
     if (!userId || !organisationId) {
       throw new Error("User context required for permission check");
     }
-    const { isPermitted: isPermitted2 } = await import("./api-IHKALJZD.js");
+    const { isPermitted: isPermitted2 } = await import("./api-N774RPUA.js");
     const hasPermission2 = await isPermitted2({
       userId,
       scope: { organisationId, eventId, appId },
@@ -1270,7 +1243,7 @@ function withAccessLevelGuard(minLevel, handler) {
     if (!userId || !organisationId) {
       throw new Error("User context required for access level check");
     }
-    const { getAccessLevel: getAccessLevel2 } = await import("./api-IHKALJZD.js");
+    const { getAccessLevel: getAccessLevel2 } = await import("./api-N774RPUA.js");
     const accessLevel = await getAccessLevel2({
       userId,
       scope: { organisationId, eventId, appId }
@@ -1295,7 +1268,7 @@ function withRoleGuard(config, handler) {
       throw new Error("User context required for role check");
     }
     if (config.globalRoles && config.globalRoles.length > 0) {
-      const { isSuperAdmin } = await import("./api-IHKALJZD.js");
+      const { isSuperAdmin } = await import("./api-N774RPUA.js");
       const isSuper = await isSuperAdmin(userId);
       if (isSuper) {
         if (organisationId) {
@@ -1321,14 +1294,14 @@ function withRoleGuard(config, handler) {
       }
     }
     if (config.organisationRoles && config.organisationRoles.length > 0) {
-      const { isOrganisationAdmin } = await import("./api-IHKALJZD.js");
+      const { isOrganisationAdmin } = await import("./api-N774RPUA.js");
       const isOrgAdmin = await isOrganisationAdmin(userId, organisationId);
       if (!isOrgAdmin && config.requireAll !== false) {
         throw new Error(`Organisation admin role required`);
       }
     }
     if (config.eventAppRoles && config.eventAppRoles.length > 0 && eventId && appId) {
-      const { isEventAdmin } = await import("./api-IHKALJZD.js");
+      const { isEventAdmin } = await import("./api-N774RPUA.js");
       const isEventAdminUser = await isEventAdmin(userId, { organisationId, eventId, appId });
       if (!isEventAdminUser && config.requireAll !== false) {
         throw new Error(`Event admin role required`);
@@ -1368,7 +1341,7 @@ function createRBACMiddleware(config) {
     );
     if (protectedRoute) {
       try {
-        const { isPermitted: isPermitted2 } = await import("./api-IHKALJZD.js");
+        const { isPermitted: isPermitted2 } = await import("./api-N774RPUA.js");
         const hasPermission2 = await isPermitted2({
           userId,
           scope: { organisationId },
@@ -1395,7 +1368,7 @@ function createRBACExpressMiddleware(config) {
       return res.status(401).json({ error: "User context required" });
     }
     try {
-      const { isPermitted: isPermitted2 } = await import("./api-IHKALJZD.js");
+      const { isPermitted: isPermitted2 } = await import("./api-N774RPUA.js");
       const hasPermission2 = await isPermitted2({
         userId,
         scope: { organisationId, eventId, appId },
@@ -1924,4 +1897,4 @@ export {
   getDirectSupabaseAuthFixes,
   getQuickFixes
 };
-//# sourceMappingURL=chunk-LOMZXPSN.js.map
+//# sourceMappingURL=chunk-4ZC4GX36.js.map