@jmruthers/pace-core 0.5.38 → 0.5.41

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jmruthers/pace-core",
-  "version": "0.5.38",
+  "version": "0.5.41",
   "description": "Clean, modern React component library with Tailwind v4 styling and native utilities",
   "private": false,
   "publishConfig": {
@@ -104,6 +104,10 @@
     "./source/rbac": {
       "import": "./src/rbac/index.ts",
       "default": "./src/rbac/index.ts"
+    },
+    "./rbac/cli": {
+      "import": "./dist/rbac/cli/policy-manager.js",
+      "default": "./dist/rbac/cli/policy-manager.js"
     }
   },
   "files": [
@@ -151,7 +155,15 @@
     "docs:generate": "node scripts/generate-docs.js generate",
     "docs:update-index": "node scripts/generate-docs.js update-index",
     "docs:generate-api": "node scripts/generate-docs.js generate-api",
-    "docs:all": "node scripts/generate-docs.js all"
+    "docs:all": "node scripts/generate-docs.js all",
+    "_comment_rbac": "RBAC policy management utilities",
+    "rbac:list": "node dist/rbac/cli/policy-manager.js list",
+    "rbac:register": "node dist/rbac/cli/policy-manager.js register",
+    "rbac:update": "node dist/rbac/cli/policy-manager.js update",
+    "rbac:update-all": "node dist/rbac/cli/policy-manager.js update-all",
+    "rbac:health": "node dist/rbac/cli/policy-manager.js health",
+    "rbac:audit": "node dist/rbac/cli/policy-manager.js audit",
+    "rbac:test": "node dist/rbac/cli/policy-manager.js test"
   },
   "keywords": [
     "react",
@@ -209,6 +221,10 @@
   },
   "dependencies": {
     "@supabase/supabase-js": "^2.49.10",
-    "@tanstack/react-query": "^5.56.2"
+    "@tanstack/react-query": "^5.56.2",
+    "commander": "^12.0.0",
+    "chalk": "^5.3.0",
+    "ora": "^8.0.1",
+    "cli-table3": "^0.6.3"
   }
 }

package/src/components/DataTable/components/ActionButtons.tsx

@@ -135,7 +135,17 @@ export function ActionButtons({
               key={actionIndex}
               variant={action.variant === 'destructive' ? 'destructive' : 'ghost'}
               size="sm"
-              onClick={() => action.onClick(row.original)}
+              onClick={() => {
+                // DEBUG: Log action click
+                if (process.env.NODE_ENV === 'development') {
+                  console.log('[ActionButtons] Action clicked:', {
+                    actionLabel: action.label,
+                    rowOriginal: row.original,
+                    actionOnClick: typeof action.onClick
+                  });
+                }
+                action.onClick(row.original);
+              }}
               disabled={isDisabled}
               aria-disabled={isDisabled}
               data-testid={action.testId}
@@ -183,7 +193,17 @@ export function ActionButtons({
             <SelectItem
               key={actionIndex}
               value={`action-${actionIndex}`}
-              onClick={() => action.onClick(row.original)}
+              onClick={() => {
+                // DEBUG: Log action click
+                if (process.env.NODE_ENV === 'development') {
+                  console.log('[ActionButtons] Dropdown action clicked:', {
+                    actionLabel: action.label,
+                    rowOriginal: row.original,
+                    actionOnClick: typeof action.onClick
+                  });
+                }
+                action.onClick(row.original);
+              }}
               className={action.variant === 'destructive' ? 'text-acc-600' : ''}
             >
               {Icon && <Icon className="mr-2 h-4 w-4" />}

package/src/components/DataTable/components/DataTableCore.tsx

@@ -687,6 +687,25 @@ function DataTableInternal<TData extends DataRecord>({
     // Create a new array to avoid mutating the original
     const result = [...actions];
     
+    // DEBUG: Log action configuration
+    if (process.env.NODE_ENV === 'development') {
+      console.log('[DataTable] Action Configuration Debug:', {
+        originalActions: actions.length,
+        secureFeatures: {
+          editing: secureFeatures.editing,
+          deletion: secureFeatures.deletion
+        },
+        secureHandlers: {
+          onEditRow: !!secureHandlers.onEditRow,
+          onDeleteRow: !!secureHandlers.onDeleteRow
+        },
+        permissions: {
+          canUpdate: permissions.canUpdate.can,
+          canDelete: permissions.canDelete.can
+        }
+      });
+    }
+    
     // Add Edit action with RBAC check
     if (secureFeatures.editing && secureHandlers.onEditRow && !result.some(a => a.label === 'Edit')) {
       result.push({
@@ -723,6 +742,15 @@ function DataTableInternal<TData extends DataRecord>({
       });
     }
 
+    // DEBUG: Log final actions
+    if (process.env.NODE_ENV === 'development') {
+      console.log('[DataTable] Final Actions:', {
+        totalActions: result.length,
+        actionLabels: result.map(a => a.label),
+        hiddenActions: result.filter(a => a.hidden).map(a => a.label)
+      });
+    }
+
     return result;
   }, [actions, secureFeatures, permissions, secureHandlers, getRowId, tableActions]);
 

package/src/components/DataTable/components/EditableRow.tsx

@@ -28,6 +28,12 @@ const renderEditField = (
 ) => {
   const columnDef = column.columnDef;
   
+  // Check if column is editable (default: true)
+  if (columnDef.editable === false) {
+    // Return the original value as text if column is not editable
+    return <span className="text-sm text-gray-600">{value || ''}</span>;
+  }
+  
   // Check for custom field type
   if (columnDef.fieldType === 'select' && columnDef.fieldOptions) {
     // Use editAccessorKey if specified, otherwise use the column id

package/src/components/DataTable/components/FilterRow.tsx

@@ -16,8 +16,14 @@ export function FilterRow<TData>({ table, visibleColumns }: FilterRowProps<TData
     const column = table.getColumn(columnId);
     if (!column) return [];
 
-    // Check if column has explicit field options
     const columnDef = column.columnDef as any;
+    
+    // Check for filterSelectOptions first (preferred for filters)
+    if (columnDef.filterSelectOptions && Array.isArray(columnDef.filterSelectOptions)) {
+      return columnDef.filterSelectOptions;
+    }
+    
+    // Check if column has explicit field options
     if (columnDef.fieldOptions && Array.isArray(columnDef.fieldOptions)) {
       return columnDef.fieldOptions;
     }
@@ -41,11 +47,17 @@ export function FilterRow<TData>({ table, visibleColumns }: FilterRowProps<TData
     const column = table.getColumn(columnId);
     if (!column) return 'text';
 
-    // Check if column has explicit filter type configuration
     const columnDef = column.columnDef as any;
+    
+    // Check if column has explicit filter type configuration
     if (columnDef.filterType) {
       return columnDef.filterType;
     }
+    
+    // Auto-detect select filter if filterSelectOptions is provided
+    if (columnDef.filterSelectOptions && Array.isArray(columnDef.filterSelectOptions)) {
+      return 'select';
+    }
 
     // Check if it's a date column
     if (columnId.toLowerCase().includes('date') || columnId.toLowerCase().includes('time')) {

package/src/components/DataTable/components/UnifiedTableBody.tsx

@@ -156,6 +156,12 @@ const renderEditField = (
 ) => {
   const columnDef = column.columnDef;
   
+  // Check if column is editable (default: true)
+  if (columnDef.editable === false) {
+    // Return the original value as text if column is not editable
+    return <span className="text-sm text-gray-600">{value || ''}</span>;
+  }
+  
   // Check for custom field type
   if (columnDef.fieldType === 'select' && columnDef.fieldOptions) {
     // Use editAccessorKey if specified, otherwise use the column id

package/src/components/DataTable/types.ts

@@ -234,6 +234,10 @@ export interface DataTableColumn<TData extends DataRecord = DataRecord> extends
   fieldOptions?: Array<{ value: string | number; label: string }>;
   /** Filter type for column filtering (text, select, number, date) */
   filterType?: 'text' | 'select' | 'number' | 'date';
+  /** Options for select filters (alternative to fieldOptions) */
+  filterSelectOptions?: Array<{ value: string | number; label: string }>;
+  /** Whether this column is editable in edit mode (default: true) */
+  editable?: boolean;
   
   // Hierarchical rendering
   /** Custom renderer for parent rows */

package/src/rbac/cli/policy-manager.ts

@@ -0,0 +1,443 @@
+#!/usr/bin/env node
+
+/**
+ * RBAC Policy Manager CLI Tool
+ * 
+ * This tool provides command-line interface for managing RBAC-RLS integration policies.
+ * It allows developers and administrators to easily manage dynamic permission policies.
+ */
+
+import { createClient } from '@supabase/supabase-js';
+import { Command } from 'commander';
+import chalk from 'chalk';
+import ora from 'ora';
+import Table from 'cli-table3';
+
+interface PolicyConfig {
+  table_name: string;
+  page_name: string;
+  app_name: string;
+  organisation_column: string;
+  event_column?: string;
+  operations: string[];
+  is_active: boolean;
+}
+
+interface PolicyAudit {
+  table_name: string;
+  policy_name: string;
+  operation: string;
+  action: string;
+  changed_at: string;
+  success: boolean;
+  error_message?: string;
+}
+
+interface HealthCheck {
+  table_name: string;
+  policy_name: string;
+  operation: string;
+  is_healthy: boolean;
+  issues: string[];
+}
+
+class PolicyManager {
+  private supabase: any;
+
+  constructor(url: string, key: string) {
+    this.supabase = createClient(url, key);
+  }
+
+  /**
+   * List all registered tables
+   */
+  async listTables(): Promise<void> {
+    const spinner = ora('Fetching registered tables...').start();
+    
+    try {
+      const { data, error } = await this.supabase
+        .from('rbac_policy_configs')
+        .select('*')
+        .eq('is_active', true)
+        .order('table_name');
+
+      if (error) throw error;
+
+      spinner.succeed('Fetched registered tables');
+
+      if (data.length === 0) {
+        console.log(chalk.yellow('No tables registered for RBAC policy management.'));
+        return;
+      }
+
+      const table = new Table({
+        head: ['Table', 'Page', 'App', 'Org Column', 'Event Column', 'Operations'],
+        colWidths: [20, 15, 10, 15, 15, 30]
+      });
+
+      data.forEach((config: PolicyConfig) => {
+        table.push([
+          config.table_name,
+          config.page_name,
+          config.app_name,
+          config.organisation_column,
+          config.event_column || 'N/A',
+          config.operations.join(', ')
+        ]);
+      });
+
+      console.log(table.toString());
+    } catch (error) {
+      spinner.fail('Failed to fetch tables');
+      console.error(chalk.red('Error:'), error instanceof Error ? error.message : String(error));
+    }
+  }
+
+  /**
+   * Register a new table for RBAC policy management
+   */
+  async registerTable(
+    tableName: string,
+    pageName: string,
+    appName: string = 'CAKE',
+    orgColumn: string = 'organisation_id',
+    eventColumn?: string,
+    operations: string[] = ['read', 'create', 'update', 'delete']
+  ): Promise<void> {
+    const spinner = ora(`Registering table ${tableName}...`).start();
+
+    try {
+      const { data, error } = await this.supabase
+        .rpc('register_rbac_table', {
+          p_table_name: tableName,
+          p_page_name: pageName,
+          p_app_name: appName,
+          p_organisation_column: orgColumn,
+          p_event_column: eventColumn,
+          p_operations: operations
+        });
+
+      if (error) throw error;
+
+      if (data) {
+        spinner.succeed(`Successfully registered table ${tableName}`);
+      } else {
+        spinner.fail(`Failed to register table ${tableName}`);
+      }
+    } catch (error) {
+      spinner.fail(`Failed to register table ${tableName}`);
+      console.error(chalk.red('Error:'), error instanceof Error ? error.message : String(error));
+    }
+  }
+
+  /**
+   * Update policies for a specific table
+   */
+  async updateTable(tableName: string, pageName: string, appName: string = 'CAKE'): Promise<void> {
+    const spinner = ora(`Updating policies for ${tableName}...`).start();
+
+    try {
+      const { data, error } = await this.supabase
+        .rpc('update_rbac_policies_for_table', {
+          p_table_name: tableName,
+          p_page_name: pageName,
+          p_app_name: appName
+        });
+
+      if (error) throw error;
+
+      if (data) {
+        spinner.succeed(`Successfully updated policies for ${tableName}`);
+      } else {
+        spinner.fail(`Failed to update policies for ${tableName}`);
+      }
+    } catch (error) {
+      spinner.fail(`Failed to update policies for ${tableName}`);
+      console.error(chalk.red('Error:'), error instanceof Error ? error.message : String(error));
+    }
+  }
+
+  /**
+   * Update all RBAC policies
+   */
+  async updateAll(): Promise<void> {
+    const spinner = ora('Updating all RBAC policies...').start();
+
+    try {
+      const { data, error } = await this.supabase
+        .rpc('update_all_rbac_policies');
+
+      if (error) throw error;
+
+      spinner.succeed('Updated all RBAC policies');
+
+      // Display results
+      const table = new Table({
+        head: ['Table', 'Page', 'App', 'Success', 'Error'],
+        colWidths: [20, 15, 10, 10, 30]
+      });
+
+      data.forEach((result: any) => {
+        table.push([
+          result.table_name,
+          result.page_name,
+          result.app_name,
+          result.success ? chalk.green('✓') : chalk.red('✗'),
+          result.error_message || ''
+        ]);
+      });
+
+      console.log(table.toString());
+    } catch (error) {
+      spinner.fail('Failed to update all policies');
+      console.error(chalk.red('Error:'), error instanceof Error ? error.message : String(error));
+    }
+  }
+
+  /**
+   * Check policy health
+   */
+  async checkHealth(): Promise<void> {
+    const spinner = ora('Checking policy health...').start();
+
+    try {
+      const { data, error } = await this.supabase
+        .rpc('check_rbac_policy_health');
+
+      if (error) throw error;
+
+      spinner.succeed('Policy health check complete');
+
+      if (data.length === 0) {
+        console.log(chalk.yellow('No policies found.'));
+        return;
+      }
+
+      const healthyPolicies = data.filter((h: HealthCheck) => h.is_healthy);
+      const unhealthyPolicies = data.filter((h: HealthCheck) => !h.is_healthy);
+
+      console.log(chalk.green(`✓ ${healthyPolicies.length} healthy policies`));
+      console.log(chalk.red(`✗ ${unhealthyPolicies.length} unhealthy policies`));
+
+      if (unhealthyPolicies.length > 0) {
+        console.log('\n' + chalk.red('Unhealthy Policies:'));
+        const table = new Table({
+          head: ['Table', 'Policy', 'Operation', 'Issues'],
+          colWidths: [20, 25, 10, 40]
+        });
+
+        unhealthyPolicies.forEach((policy: HealthCheck) => {
+          table.push([
+            policy.table_name,
+            policy.policy_name,
+            policy.operation,
+            policy.issues.join(', ')
+          ]);
+        });
+
+        console.log(table.toString());
+      }
+    } catch (error) {
+      spinner.fail('Failed to check policy health');
+      console.error(chalk.red('Error:'), error instanceof Error ? error.message : String(error));
+    }
+  }
+
+  /**
+   * Show policy audit log
+   */
+  async showAudit(limit: number = 20): Promise<void> {
+    const spinner = ora('Fetching audit log...').start();
+
+    try {
+      const { data, error } = await this.supabase
+        .from('rbac_policy_audit')
+        .select('*')
+        .order('changed_at', { ascending: false })
+        .limit(limit);
+
+      if (error) throw error;
+
+      spinner.succeed('Fetched audit log');
+
+      if (data.length === 0) {
+        console.log(chalk.yellow('No audit entries found.'));
+        return;
+      }
+
+      const table = new Table({
+        head: ['Table', 'Policy', 'Operation', 'Action', 'Success', 'Changed At'],
+        colWidths: [15, 20, 10, 10, 8, 20]
+      });
+
+      data.forEach((audit: PolicyAudit) => {
+        table.push([
+          audit.table_name,
+          audit.policy_name,
+          audit.operation,
+          audit.action,
+          audit.success ? chalk.green('✓') : chalk.red('✗'),
+          new Date(audit.changed_at).toLocaleString()
+        ]);
+      });
+
+      console.log(table.toString());
+    } catch (error) {
+      spinner.fail('Failed to fetch audit log');
+      console.error(chalk.red('Error:'), error instanceof Error ? error.message : String(error));
+    }
+  }
+
+  /**
+   * Test permission check
+   */
+  async testPermission(
+    operation: string,
+    pageName: string,
+    orgId: string,
+    eventId?: string,
+    appName: string = 'CAKE'
+  ): Promise<void> {
+    const spinner = ora('Testing permission check...').start();
+
+    try {
+      const { data, error } = await this.supabase
+        .rpc('check_rbac_permission_with_context', {
+          p_operation: operation,
+          p_page_name: pageName,
+          p_resource_organisation_id: orgId,
+          p_resource_event_id: eventId,
+          p_app_name: appName
+        });
+
+      if (error) throw error;
+
+      spinner.succeed('Permission check complete');
+
+      const result = data ? chalk.green('ALLOWED') : chalk.red('DENIED');
+      console.log(`Permission: ${operation} on ${pageName} = ${result}`);
+    } catch (error) {
+      spinner.fail('Failed to test permission');
+      console.error(chalk.red('Error:'), error instanceof Error ? error.message : String(error));
+    }
+  }
+}
+
+// CLI Setup
+const program = new Command();
+
+program
+  .name('rbac-policy-manager')
+  .description('CLI tool for managing RBAC-RLS integration policies')
+  .version('1.0.0');
+
+// Global options
+program
+  .option('-u, --url <url>', 'Supabase URL', process.env.SUPABASE_URL)
+  .option('-k, --key <key>', 'Supabase service key', process.env.SUPABASE_SERVICE_ROLE_KEY)
+  .option('--verbose', 'Enable verbose output');
+
+// List tables command
+program
+  .command('list')
+  .description('List all registered tables')
+  .action(async (options) => {
+    const url = options.parent?.url || process.env.SUPABASE_URL;
+    const key = options.parent?.key || process.env.SUPABASE_SERVICE_ROLE_KEY;
+    const manager = new PolicyManager(url, key);
+    await manager.listTables();
+  });
+
+// Register table command
+program
+  .command('register <tableName> <pageName>')
+  .description('Register a table for RBAC policy management')
+  .option('-a, --app <appName>', 'App name', 'CAKE')
+  .option('-o, --org-column <column>', 'Organisation column name', 'organisation_id')
+  .option('-e, --event-column <column>', 'Event column name')
+  .option('--operations <operations>', 'Comma-separated operations', 'read,create,update,delete')
+  .action(async (tableName, pageName, options) => {
+    const operations = options.operations.split(',').map((op: string) => op.trim());
+    const url = options.parent?.url || process.env.SUPABASE_URL;
+    const key = options.parent?.key || process.env.SUPABASE_SERVICE_ROLE_KEY;
+    const manager = new PolicyManager(url, key);
+    await manager.registerTable(
+      tableName,
+      pageName,
+      options.app,
+      options.orgColumn,
+      options.eventColumn,
+      operations
+    );
+  });
+
+// Update table command
+program
+  .command('update <tableName> <pageName>')
+  .description('Update policies for a specific table')
+  .option('-a, --app <appName>', 'App name', 'CAKE')
+  .action(async (tableName, pageName, options) => {
+    const url = options.parent?.url || process.env.SUPABASE_URL;
+    const key = options.parent?.key || process.env.SUPABASE_SERVICE_ROLE_KEY;
+    const manager = new PolicyManager(url, key);
+    await manager.updateTable(tableName, pageName, options.app);
+  });
+
+// Update all command
+program
+  .command('update-all')
+  .description('Update all RBAC policies')
+  .action(async (options) => {
+    const url = options.url || process.env.SUPABASE_URL;
+    const key = options.key || process.env.SUPABASE_SERVICE_ROLE_KEY;
+    const manager = new PolicyManager(url, key);
+    await manager.updateAll();
+  });
+
+// Health check command
+program
+  .command('health')
+  .description('Check policy health')
+  .action(async (options) => {
+    const url = options.url || process.env.SUPABASE_URL;
+    const key = options.key || process.env.SUPABASE_SERVICE_ROLE_KEY;
+    const manager = new PolicyManager(url, key);
+    await manager.checkHealth();
+  });
+
+// Audit command
+program
+  .command('audit')
+  .description('Show policy audit log')
+  .option('-l, --limit <number>', 'Number of entries to show', '20')
+  .action(async (options) => {
+    const url = options.parent?.url || process.env.SUPABASE_URL;
+    const key = options.parent?.key || process.env.SUPABASE_SERVICE_ROLE_KEY;
+    const manager = new PolicyManager(url, key);
+    await manager.showAudit(parseInt(options.limit));
+  });
+
+// Test permission command
+program
+  .command('test <operation> <pageName> <orgId>')
+  .description('Test a permission check')
+  .option('-e, --event-id <eventId>', 'Event ID')
+  .option('-a, --app <appName>', 'App name', 'CAKE')
+  .action(async (operation, pageName, orgId, options) => {
+    const url = options.parent?.url || process.env.SUPABASE_URL;
+    const key = options.parent?.key || process.env.SUPABASE_SERVICE_ROLE_KEY;
+    const manager = new PolicyManager(url, key);
+    await manager.testPermission(operation, pageName, orgId, options.eventId, options.app);
+  });
+
+// Parse command line arguments
+program.parse(process.argv);
+
+// Handle missing required options
+if (!process.env.SUPABASE_URL || !process.env.SUPABASE_SERVICE_ROLE_KEY) {
+  console.error(chalk.red('Error: Missing required environment variables'));
+  console.error('Please set SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY');
+  process.exit(1);
+}
+
+export { PolicyManager };