@jmruthers/pace-core 0.5.67 → 0.5.69

package/src/services/OrganisationService.ts

@@ -0,0 +1,592 @@
+/**
+ * @file Organisation Service
+ * @package @jmruthers/pace-core
+ * @module Services
+ * @since 0.1.0
+ *
+ * Organisation service implementation.
+ * Handles organisation management and selection with security-first approach.
+ */
+
+import { type SupabaseClient, type User, type Session } from '@supabase/supabase-js';
+import { BaseService } from './base/BaseService';
+import { IOrganisationService } from './interfaces/IOrganisationService';
+import type {
+  Organisation,
+  OrganisationMembership,
+  OrganisationSecurityError,
+  OrganisationHierarchy
+} from '../types/organisation';
+import { setOrganisationContext } from '../utils/organisationContext';
+import { DebugLogger } from '../utils/debugLogger';
+
+export class OrganisationService extends BaseService implements IOrganisationService {
+  private _selectedOrganisation: Organisation | null = null;
+  private _organisations: Organisation[] = [];
+  private _userMemberships: OrganisationMembership[] = [];
+  private _roleMapState: Map<string, string> = new Map();
+  private _isLoading = true;
+  private _error: Error | null = null;
+  private _isContextReady = false;
+  private retryCount = 0;
+
+  // Dependencies
+  private supabaseClient: SupabaseClient | null = null;
+  private user: User | null = null;
+  private session: Session | null = null;
+
+  // Internal state management
+  private isLoadingRef = false;
+  private lastLoadTimeRef = 0;
+  private hasFailedRef = false;
+  private abortControllerRef: AbortController | null = null;
+
+  constructor(supabaseClient: SupabaseClient, user: User | null, session: Session | null) {
+    super();
+    this.supabaseClient = supabaseClient;
+    this.user = user;
+    this.session = session;
+  }
+
+  // Interface implementation
+  getSelectedOrganisation(): Organisation | null { return this._selectedOrganisation; }
+  getOrganisations(): Organisation[] { return this._organisations; }
+  getUserMemberships(): OrganisationMembership[] { return this._userMemberships; }
+  isLoading(): boolean { return this._isLoading; }
+  getError(): Error | null { return this._error; }
+  hasValidOrganisationContext(): boolean { return !!(this._selectedOrganisation && !this._isLoading && !this._error && this._isContextReady); }
+  isContextReady(): boolean { return this._isContextReady; }
+
+  // Additional methods for testing
+  setSelectedOrganisation(organisation: Organisation | null): void {
+    this._selectedOrganisation = organisation;
+    if (organisation) {
+      localStorage.setItem('pace-core-selected-organisation', JSON.stringify(organisation));
+      this.setDatabaseOrganisationContext(organisation);
+    } else {
+      localStorage.removeItem('pace-core-selected-organisation');
+      this._isContextReady = false;
+    }
+    this.notify();
+  }
+
+  // For testing: expose dependencies
+  getDependencies(): { user: User | null; session: Session | null; supabaseClient: SupabaseClient | null } {
+    return {
+      user: this.user,
+      session: this.session,
+      supabaseClient: this.supabaseClient
+    };
+  }
+
+  // For testing: manually set state
+  setTestState(
+    organisations: Organisation[],
+    memberships: OrganisationMembership[],
+    roleMap: Map<string, string>,
+    selectedOrg: Organisation | null = null
+  ): void {
+    this._organisations = organisations;
+    this._userMemberships = memberships;
+    this._roleMapState = roleMap;
+    if (selectedOrg) {
+      this._selectedOrganisation = selectedOrg;
+    } else if (organisations.length > 0) {
+      this._selectedOrganisation = organisations[0];
+    }
+    this._isLoading = false;
+    this._error = null;
+    this.notify();
+  }
+
+  // Update dependencies
+  updateDependencies(user: User | null, session: Session | null): void {
+    this.user = user;
+    this.session = session;
+    this.notify();
+  }
+
+  // Organisation methods
+  async switchOrganisation(orgId: string): Promise<void> {
+    DebugLogger.log("OrganisationService", "Switching to organisation:", orgId);
+    
+    // Validate access
+    if (!this.validateOrganisationAccess(orgId)) {
+      throw new Error(`User does not have access to organisation ${orgId}`) as OrganisationSecurityError;
+    }
+    
+    const targetOrg = this._organisations.find(org => org.id === orgId);
+    if (!targetOrg) {
+      throw new Error(`Organisation ${orgId} not found in user's organisations`) as OrganisationSecurityError;
+    }
+    
+    this._selectedOrganisation = targetOrg;
+    
+    // Persist selection
+    localStorage.setItem('pace-core-selected-organisation', JSON.stringify(targetOrg));
+    
+    // Set database organisation context
+    await this.setDatabaseOrganisationContext(targetOrg);
+    
+    DebugLogger.log("OrganisationService", "Switched to organisation:", targetOrg.display_name);
+    this.notify();
+  }
+
+  getUserRole(orgId?: string): string {
+    const targetOrgId = orgId || this._selectedOrganisation?.id;
+    if (!targetOrgId) return 'no_access';
+    
+    // Use roleMapState to get the role for this organisation
+    return this._roleMapState.get(targetOrgId) || 'no_access';
+  }
+
+  validateOrganisationAccess(orgId: string): boolean {
+    return this._userMemberships.some((m: any) => 
+      m.organisation_id === orgId && 
+      m.status === 'active' &&
+      m.revoked_at === null
+    );
+  }
+
+  async refreshOrganisations(): Promise<void> {
+    if (!this.user || !this.session || !this.supabaseClient) return;
+    
+    // Force reload by triggering the effect
+    this._isLoading = true;
+    this.notify();
+    await this.loadUserOrganisations();
+  }
+
+  ensureOrganisationContext(): Organisation {
+    if (!this._selectedOrganisation) {
+      throw new Error('Organisation context is required but not available') as OrganisationSecurityError;
+    }
+    return this._selectedOrganisation;
+  }
+
+  isOrganisationSecure(): boolean {
+    return !!(this._selectedOrganisation && this.user);
+  }
+
+  getPrimaryOrganisation(): Organisation | null {
+    // Look for org_admin role first, then leader, then member
+    const rolePriority = ['org_admin', 'leader', 'member'];
+    
+    for (const role of rolePriority) {
+      const membership = this._userMemberships.find((m: any) => m.role === role);
+      if (membership) {
+        return this._organisations.find((org: any) => org.id === membership.organisation_id) || null;
+      }
+    }
+    
+    return null;
+  }
+
+  buildOrganisationHierarchy(orgs: Organisation[]): OrganisationHierarchy[] {
+    const orgMap = new Map<string, Organisation>();
+    orgs.forEach(org => orgMap.set(org.id, org));
+    
+    const roots: OrganisationHierarchy[] = [];
+    
+    orgs.forEach(org => {
+      if (!org.parent_id) {
+        // Root organisation
+        roots.push({
+          organisation: org,
+          children: [],
+          depth: 0
+        });
+      }
+    });
+    
+    // For now, return flat structure - hierarchy building can be added later
+    return roots;
+  }
+
+  // Lifecycle methods
+  async initialize(): Promise<void> {
+    await super.initialize();
+    await this.loadUserOrganisations();
+  }
+
+  cleanup(): void {
+    // Cleanup on unmount
+    this.isLoadingRef = false;
+    this.hasFailedRef = false;
+    this.lastLoadTimeRef = 0;
+    // Abort any pending requests
+    if (this.abortControllerRef) {
+      this.abortControllerRef.abort();
+      this.abortControllerRef = null;
+    }
+    // Reset state
+    this._selectedOrganisation = null;
+    this._organisations = [];
+    this._userMemberships = [];
+    this._roleMapState = new Map();
+    this._isLoading = false;
+    this._error = null;
+    this._isContextReady = false;
+    super.cleanup();
+  }
+
+  protected async doInitialize(): Promise<void> {
+    // Initial setup
+  }
+
+  protected doCleanup(): void {
+    // Cleanup any resources
+  }
+
+  private async setDatabaseOrganisationContext(organisation: Organisation): Promise<void> {
+    if (!this.supabaseClient || !this.session) {
+      console.warn('[OrganisationService] No Supabase client or session available for setting organisation context');
+      this._isContextReady = false;
+      this.notify();
+      return;
+    }
+
+    try {
+      await setOrganisationContext(this.supabaseClient, organisation.id);
+      DebugLogger.log('OrganisationService', 'Database organisation context set to:', organisation.display_name);
+      this._isContextReady = true;
+      this.notify();
+    } catch (error) {
+      console.error('[OrganisationService] Failed to set database organisation context:', error);
+      this._isContextReady = false;
+      this.notify();
+      // Don't throw - this is a non-critical operation
+    }
+  }
+
+  private async loadUserOrganisations(): Promise<void> {
+    // Add call tracking to detect race conditions
+    const callId = Math.random().toString(36).substr(2, 9);
+    console.log(`[OrganisationService] Starting loadUserOrganisations call ${callId}`);
+    
+    if (!this.user || !this.session || !this.supabaseClient) {
+      // Clear state when no user, session, or supabase client
+      DebugLogger.log('OrganisationService', 'Clearing organisation state - no user, session, or supabase client');
+      this._selectedOrganisation = null;
+      this._organisations = [];
+      this._userMemberships = [];
+      this._isLoading = false;
+      this._error = null;
+      this.notify();
+      return;
+    }
+
+    // Additional check to prevent loading during auth state changes
+    if (this.isLoadingRef) {
+      console.log("OrganisationService", "Already loading, skipping duplicate load");
+      return;
+    }
+
+    // Prevent rapid retries - minimum 2 seconds between attempts
+    const now = Date.now();
+    if (now - this.lastLoadTimeRef < 2000) {
+      console.log("OrganisationService", "Too soon since last load, skipping");
+      return;
+    }
+
+    // Cancel any existing request
+    if (this.abortControllerRef) {
+      this.abortControllerRef.abort();
+    }
+
+    // Create new abort controller for this request
+    this.abortControllerRef = new AbortController();
+    const abortSignal = this.abortControllerRef.signal;
+
+    this.lastLoadTimeRef = now;
+    this.isLoadingRef = true;
+    this._isLoading = true;
+    this._error = null;
+    this.notify();
+      
+    try {
+      DebugLogger.log("OrganisationService", "Loading organisations for user:", this.user.id);
+      
+      // Debug: Log Supabase client configuration
+      console.log("[OrganisationService] Supabase client ready:", {
+        isConnected: !!this.supabaseClient,
+        hasAuth: !!this.supabaseClient.auth,
+        hasRpc: !!this.supabaseClient.rpc
+      });
+      
+      // Get user's organisation memberships using secure RPC function
+      // Only get actual members (org_admin, leader, member) - exclude supporters
+      let memberships, membershipError;
+      try {
+        console.log("[OrganisationService] Making RPC call to data_user_organisation_roles_get...");
+        
+        // Add timeout and abort signal to prevent hanging RPC calls
+        const timeoutPromise = new Promise((_, reject) => {
+          const timeoutId = setTimeout(() => reject(new Error('RPC call timeout after 10 seconds')), 10000);
+          abortSignal.addEventListener('abort', () => {
+            clearTimeout(timeoutId);
+            reject(new Error('Request aborted'));
+          });
+        });
+        
+        const rpcPromise = this.supabaseClient.rpc('data_user_organisation_roles_get', {
+          p_user_id: this.user.id,
+          p_organisation_id: null
+        });
+        
+        // Check if request was aborted before making the call
+        if (abortSignal.aborted) {
+          throw new Error('Request aborted');
+        }
+        
+        const result = await Promise.race([rpcPromise, timeoutPromise]) as any;
+        
+        console.log("[OrganisationService] RPC call completed:", {
+          hasData: !!result.data,
+          hasError: !!result.error,
+          dataLength: result.data?.length || 0,
+          errorMessage: result.error?.message || 'No error'
+        });
+        
+        // Filter to only actual members (org_admin, leader, member) - exclude supporters
+        memberships = result.data?.filter((role: any) => 
+          ['org_admin', 'leader', 'member'].includes(role.role)
+        ) || [];
+        membershipError = result.error;
+      } catch (queryError: any) {
+        membershipError = queryError;
+      }
+
+      if (membershipError) {
+        console.error("[OrganisationService] Error loading memberships:", membershipError);
+        
+        // If RPC fails with timeout, try direct database query as fallback
+        if (membershipError.message?.includes('timeout')) {
+          console.log("[OrganisationService] RPC timed out, trying direct database query as fallback...");
+          try {
+            // Check if request was aborted before making fallback query
+            if (abortSignal.aborted) {
+              throw new Error('Request aborted');
+            }
+
+            const { data: fallbackData, error: fallbackError } = await this.supabaseClient
+              .from('rbac_organisation_roles')
+              .select(`
+                id,
+                user_id,
+                organisation_id,
+                role,
+                status,
+                granted_at,
+                granted_by,
+                revoked_at,
+                revoked_by,
+                notes,
+                created_at,
+                updated_at,
+                organisations!inner(
+                  id,
+                  name,
+                  display_name,
+                  subscription_tier,
+                  settings,
+                  is_active,
+                  parent_id,
+                  created_at,
+                  updated_at
+                )
+              `)
+              .eq('user_id', this.user.id)
+              .eq('status', 'active')
+              .is('revoked_at', null)
+              .in('role', ['org_admin', 'leader', 'member']);
+            
+            if (fallbackError) {
+              console.error("[OrganisationService] Fallback query also failed:", fallbackError);
+              throw membershipError; // Throw original error
+            }
+            
+            console.log("[OrganisationService] Fallback query successful, got", fallbackData?.length || 0, "memberships");
+            memberships = fallbackData || [];
+            membershipError = null;
+          } catch (fallbackErr) {
+            console.error("[OrganisationService] Fallback query failed:", fallbackErr);
+            throw membershipError; // Throw original error
+          }
+        } else {
+          throw membershipError;
+        }
+      }
+      
+      DebugLogger.log("OrganisationService", "Raw memberships data:", memberships);
+      
+      if (!memberships || memberships.length === 0) {
+        throw new Error('User has no active organisation memberships') as OrganisationSecurityError;
+      }
+
+      // Get organisation details for the memberships
+      const organisationIds = memberships
+        .map((m: any) => m.organisation_id)
+        .filter((id: string) => {
+          // Better validation to prevent empty string UUID errors
+          if (!id || typeof id !== 'string') {
+            console.warn("[OrganisationService] Invalid organisation ID (not string):", id);
+            return false;
+          }
+          const trimmedId = id.trim();
+          if (trimmedId === '') {
+            console.warn("[OrganisationService] Empty organisation ID found");
+            return false;
+          }
+          // Validate UUID format
+          const isValidUuid = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(trimmedId);
+          if (!isValidUuid) {
+            console.warn("[OrganisationService] Invalid UUID format:", trimmedId);
+          }
+          return isValidUuid;
+        });
+      
+      if (organisationIds.length === 0) {
+        console.warn("[OrganisationService] No valid organisation IDs found in memberships:", memberships);
+        throw new Error('No valid organisation IDs found in memberships') as OrganisationSecurityError;
+      }
+      
+      DebugLogger.log("OrganisationService", "Valid organisation IDs:", organisationIds);
+      
+      // Check if request was aborted before making organisations query
+      if (abortSignal.aborted) {
+        throw new Error('Request aborted');
+      }
+      
+      const { data: allOrganisations, error: orgError } = await this.supabaseClient
+        .from('organisations')
+        .select('id, name, display_name, subscription_tier, settings, is_active, parent_id, created_at, updated_at');
+      
+      if (orgError) {
+        console.error("[OrganisationService] Error loading organisations:", orgError);
+        throw orgError;
+      }
+      
+      // Filter manually on the client side
+      const organisations = allOrganisations?.filter(org => 
+        organisationIds.includes(org.id)
+      ) || [];
+
+      // Create a map of organisation_id to role from the memberships data
+      const roleMap = new Map<string, string>();
+      memberships?.forEach((membership: any) => {
+        roleMap.set(membership.organisation_id, membership.role);
+      });
+
+      // Extract organisations and memberships
+      const orgs = organisations as Organisation[];
+      const activeOrgs = orgs.filter(org => org.is_active);
+      
+      if (activeOrgs.length === 0) {
+        throw new Error('User has no access to active organisations') as OrganisationSecurityError;
+      }
+
+      DebugLogger.log("OrganisationService", "Active organisations:", activeOrgs);
+      
+      this._organisations = activeOrgs;
+      this._userMemberships = memberships as OrganisationMembership[];
+      
+      // Store role map in component state for later use
+      this._roleMapState = roleMap;
+      
+      // Auto-select organisation: try persisted, then primary, then first
+      let initialOrg: Organisation | null = null;
+      
+      // 1. Try to restore from localStorage
+      try {
+        const persistedOrgString = localStorage.getItem('pace-core-selected-organisation');
+        if (persistedOrgString) {
+          const persistedOrg = JSON.parse(persistedOrgString) as Organisation;
+          // Validate persisted org ID before using it
+          if (persistedOrg.id && typeof persistedOrg.id === 'string' && persistedOrg.id.trim() !== '') {
+            const validPersistedOrg = activeOrgs.find(org => org.id === persistedOrg.id);
+            if (validPersistedOrg) {
+              initialOrg = validPersistedOrg;
+              DebugLogger.log("OrganisationService", "Restored persisted organisation:", initialOrg.display_name);
+            } else {
+              console.warn("[OrganisationService] Persisted organisation not found in active orgs, clearing cache");
+              localStorage.removeItem('pace-core-selected-organisation');
+            }
+          } else {
+            console.warn("[OrganisationService] Invalid persisted organisation ID, clearing cache");
+            localStorage.removeItem('pace-core-selected-organisation');
+          }
+        }
+      } catch (storageError) {
+        console.warn("[OrganisationService] Failed to restore persisted organisation:", storageError);
+        // Clear potentially corrupted cache
+        localStorage.removeItem('pace-core-selected-organisation');
+      }
+      
+      // 2. Fall back to org_admin role organisation (highest privilege)
+      if (!initialOrg) {
+        const adminMembership = memberships.find((m: any) => m.role === 'org_admin');
+        if (adminMembership) {
+          const foundOrg = organisations.find((org: any) => org.id === adminMembership.organisation_id);
+          if (foundOrg) {
+            initialOrg = foundOrg;
+            DebugLogger.log("OrganisationService", "Selected org_admin organisation:", initialOrg.display_name);
+          }
+        }
+      }
+      
+      // 3. Fall back to first organisation
+      if (!initialOrg) {
+        initialOrg = activeOrgs[0];
+        DebugLogger.log("OrganisationService", "Selected first organisation:", initialOrg.display_name);
+      }
+      
+      if (!initialOrg) {
+        throw new Error('No valid organisation found for user') as OrganisationSecurityError;
+      }
+
+      this._selectedOrganisation = initialOrg;
+      
+      // Persist selection
+      localStorage.setItem('pace-core-selected-organisation', JSON.stringify(initialOrg));
+      
+      DebugLogger.log("OrganisationService", "Organisation context established:", {
+        selectedOrganisation: initialOrg.display_name,
+        totalOrganisations: activeOrgs.length,
+        userRole: roleMap.get(initialOrg.id)
+      });
+      
+      // Reset retry count and failed flag on success
+      this.retryCount = 0;
+      this.hasFailedRef = false;
+      
+    } catch (err) {
+      console.error("[OrganisationService] Failed to load organisations:", err);
+      this._error = err as Error;
+      // Increment retry count on error
+      this.retryCount = this.retryCount + 1;
+      // Set failed flag to prevent further attempts
+      this.hasFailedRef = true;
+      // Clear all cached data on error to prevent corruption
+      this.clearAllCachedData();
+    } finally {
+      // Always cleanup refs and abort controller
+      this.isLoadingRef = false;
+      this._isLoading = false;
+      this.abortControllerRef = null;
+      this.notify();
+    }
+  }
+
+  private clearAllCachedData(): void {
+    localStorage.removeItem('pace-core-selected-organisation');
+    localStorage.removeItem('pace-core-organisation-context');
+    this._selectedOrganisation = null;
+    this._organisations = [];
+    this._userMemberships = [];
+    this._roleMapState = new Map();
+    this.retryCount = 0;
+    this._isContextReady = false;
+    // Don't clear _error here - let it persist for error reporting
+  }
+}