@jmruthers/pace-core 0.5.73 → 0.5.75

package/src/providers/OrganisationProvider.tsx

@@ -1,898 +1,19 @@
 /**
- * @file Organisation Provider
+ * @file Re-export for OrganisationProvider
  * @package @jmruthers/pace-core
- * @module Providers/Organisation
- * @since 0.4.0
- *
- * Security-first organisation provider that enforces mandatory organisation context.
- * No data operations can proceed without valid organisation context.
+ * @module Providers
+ * @since 0.1.0
  * 
- * Features:
- * - Mandatory organisation selection for all operations
- * - User organisation membership validation
- * - Role-based access within organisations
- * - Secure organisation switching
- * - Hierarchy support for parent/child organisations
- * - Error handling for security violations
- * - Persistent organisation selection
- *
- * @example
- * ```tsx
- * // Basic setup - organisation context is mandatory
- * import { UnifiedAuthProvider, OrganisationProvider } from '@jmruthers/pace-core';
- * 
- * function App() {
- *   return (
- *     <UnifiedAuthProvider supabaseClient={supabase} appName="MY_APP">
- *       <OrganisationProvider>
- *         <YourAppContent />
- *       </OrganisationProvider>
- *     </UnifiedAuthProvider>
- *   );
- * }
- * 
- * // Using in components
- * function MyComponent() {
- *   const { 
- *     selectedOrganisation, 
- *     getUserRole, 
- *     switchOrganisation 
- *   } = useOrganisations();
- *   
- *   // selectedOrganisation is guaranteed to be non-null when this renders
- *   return (
- *     <div>
- *       <h1>{selectedOrganisation.display_name}</h1>
- *       <p>Your role: {getUserRole()}</p>
- *     </div>
- *   );
- * }
- * ```
- *
- * @security
- * - All data access requires valid organisation context
- * - User membership validation on organisation load
- * - Role-based access control within organisations
- * - Secure organisation switching with validation
- * - Error states for security violations
- * - No fallback to default organisation - explicit selection required
- *
- * @dependencies
- * - React 18+ - Context, hooks, and effects
- * - UnifiedAuthProvider - Authentication context
- * - Supabase - Database operations
- * - Organisation types - Type definitions
- */
-
-import React, { createContext, useContext, useState, useEffect, useCallback, useMemo, useRef } from 'react';
-import { useNavigate } from 'react-router-dom';
-import { useUnifiedAuth } from './UnifiedAuthProvider';
-import { setOrganisationContext } from '../utils/organisationContext';
-import { DebugLogger } from '../utils/debugLogger';
-import type {
-  Organisation,
-  OrganisationMembership,
-  OrganisationContextType,
-  OrganisationProviderProps,
-  OrganisationSecurityError,
-  OrganisationHierarchy
-} from '../types/organisation';
-
-// Create the context
-const OrganisationContext = createContext<OrganisationContextType | undefined>(undefined);
-
-// Storage keys for persistence
-const STORAGE_KEYS = {
-  SELECTED_ORGANISATION: 'pace-core-selected-organisation',
-  ORGANISATION_CONTEXT: 'pace-core-organisation-context',
-} as const;
-
-/**
- * Organisation Provider component that enforces mandatory organisation context
- * 
- * This provider:
- * - Loads user's organisation memberships on authentication
- * - Validates user has at least one active organisation
- * - Auto-selects primary organisation or first available
- * - Provides security helpers for organisation validation
- * - Handles organisation switching with validation
- * - Persists organisation selection across sessions
- * 
- * SECURITY: No children are rendered without valid organisation context
+ * Re-exports the service-based OrganisationProvider for backward compatibility.
  */
-export function OrganisationProvider({ children }: OrganisationProviderProps) {
-  const [selectedOrganisation, setSelectedOrganisation] = useState<Organisation | null>(null);
-  const [organisations, setOrganisations] = useState<Organisation[]>([]);
-  const [userMemberships, setUserMemberships] = useState<OrganisationMembership[]>([]);
-  const [roleMapState, setRoleMapState] = useState<Map<string, string>>(new Map());
-  const [isLoading, setIsLoading] = useState(true);
-  const [error, setError] = useState<Error | null>(null);
-  const [isContextReady, setIsContextReady] = useState(false);
-  const [retryCount, setRetryCount] = useState(0);
-  const isLoadingRef = useRef(false);
-  const lastLoadTimeRef = useRef(0);
-  const hasFailedRef = useRef(false);
-  const abortControllerRef = useRef<AbortController | null>(null);
-  
-  const { user, session, supabase, signOut } = useUnifiedAuth();
-  
-  // Use navigate hook conditionally to avoid test failures
-  let navigate: any = null;
-  try {
-    navigate = useNavigate();
-  } catch (error) {
-    // In test environment or when no router context, navigate will be null
-    navigate = null;
-  }
-
-  // FIXED: Function to clear all cached data
-  const clearAllCachedData = useCallback(() => {
-    localStorage.removeItem(STORAGE_KEYS.SELECTED_ORGANISATION);
-    localStorage.removeItem(STORAGE_KEYS.ORGANISATION_CONTEXT);
-    setSelectedOrganisation(null);
-    setOrganisations([]);
-    setUserMemberships([]);
-    setRoleMapState(new Map());
-    setError(null);
-    setRetryCount(0);
-    setIsContextReady(false);
-  }, []);
-
-  // Set organisation context in database session
-  const setDatabaseOrganisationContext = useCallback(async (organisation: Organisation): Promise<void> => {
-    if (!supabase || !session) {
-      console.warn('[OrganisationProvider] No Supabase client or session available for setting organisation context');
-      setIsContextReady(false);
-      return;
-    }
-
-    try {
-      await setOrganisationContext(supabase, organisation.id);
-      DebugLogger.log('OrganisationProvider', 'Database organisation context set to:', organisation.display_name);
-      setIsContextReady(true);
-    } catch (error) {
-      console.error('[OrganisationProvider] Failed to set database organisation context:', error);
-      setIsContextReady(false);
-      // Don't throw - this is a non-critical operation
-    }
-  }, [supabase, session]);
-
-  // CRITICAL: Set database organisation context when organisation changes
-  useEffect(() => {
-    if (selectedOrganisation && supabase && session) {
-      // Reset context ready state when organisation changes
-      setIsContextReady(false);
-      
-      // Use an async IIFE to properly handle the async operation
-      (async () => {
-        await setDatabaseOrganisationContext(selectedOrganisation);
-      })();
-    } else {
-      setIsContextReady(false);
-    }
-  }, [selectedOrganisation, setDatabaseOrganisationContext, supabase, session]);
-
-  // CRITICAL: Load user organisations and validate access
-  const loadUserOrganisations = useCallback(async () => {
-    // Add call tracking to detect race conditions
-    const callId = Math.random().toString(36).substr(2, 9);
-    console.log(`[OrganisationProvider] Starting loadUserOrganisations call ${callId}`);
-    
-    if (!user || !session || !supabase) {
-      // Clear state when no user, session, or supabase client
-      DebugLogger.log('OrganisationProvider', 'Clearing organisation state - no user, session, or supabase client');
-      setSelectedOrganisation(null);
-      setOrganisations([]);
-      setUserMemberships([]);
-      setIsLoading(false);
-      setError(null);
-      return;
-    }
-
-    // FIXED: Additional check to prevent loading during auth state changes
-    if (isLoadingRef.current) {
-      console.log("OrganisationProvider", "Already loading, skipping duplicate load");
-      return;
-    }
-
-    // FIXED: Prevent rapid retries - minimum 2 seconds between attempts
-    const now = Date.now();
-    if (now - lastLoadTimeRef.current < 2000) {
-      console.log("OrganisationProvider", "Too soon since last load, skipping");
-      return;
-    }
-
-    // FIXED: Cancel any existing request
-    if (abortControllerRef.current) {
-      abortControllerRef.current.abort();
-    }
-
-    // Create new abort controller for this request
-    abortControllerRef.current = new AbortController();
-    const abortSignal = abortControllerRef.current.signal;
-
-    lastLoadTimeRef.current = now;
-    isLoadingRef.current = true;
-    setIsLoading(true);
-    setError(null);
-      
-      try {
-        DebugLogger.log("OrganisationProvider", "Loading organisations for user:", user.id);
-        
-        // Debug: Log Supabase client configuration
-        console.log("[OrganisationProvider] Supabase client ready:", {
-          isConnected: !!supabase,
-          hasAuth: !!supabase.auth,
-          hasRpc: !!supabase.rpc
-        });
-        
-        // Get user's organisation memberships using secure RPC function
-        // Only get actual members (org_admin, leader, member) - exclude supporters
-        let memberships, membershipError;
-        try {
-          console.log("[OrganisationProvider] Making RPC call to data_user_organisation_roles_get...");
-          
-          // FIXED: Add timeout and abort signal to prevent hanging RPC calls
-          const timeoutPromise = new Promise((_, reject) => {
-            const timeoutId = setTimeout(() => reject(new Error('RPC call timeout after 10 seconds')), 10000);
-            abortSignal.addEventListener('abort', () => {
-              clearTimeout(timeoutId);
-              reject(new Error('Request aborted'));
-            });
-          });
-          
-          const rpcPromise = supabase.rpc('data_user_organisation_roles_get', {
-            p_user_id: user.id,
-            p_organisation_id: null
-          });
-          
-          // Check if request was aborted before making the call
-          if (abortSignal.aborted) {
-            throw new Error('Request aborted');
-          }
-          
-          const result = await Promise.race([rpcPromise, timeoutPromise]) as any;
-          
-          console.log("[OrganisationProvider] RPC call completed:", {
-            hasData: !!result.data,
-            hasError: !!result.error,
-            dataLength: result.data?.length || 0,
-            errorMessage: result.error?.message || 'No error'
-          });
-          
-          // Filter to only actual members (org_admin, leader, member) - exclude supporters
-          memberships = result.data?.filter((role: any) => 
-            ['org_admin', 'leader', 'member'].includes(role.role)
-          ) || [];
-          membershipError = result.error;
-        } catch (queryError: any) {
-          membershipError = queryError;
-        }
-
-        if (membershipError) {
-          console.error("[OrganisationProvider] Error loading memberships:", membershipError);
-          
-          // If RPC fails with timeout, try direct database query as fallback
-          if (membershipError.message?.includes('timeout')) {
-            console.log("[OrganisationProvider] RPC timed out, trying direct database query as fallback...");
-            try {
-              // Check if request was aborted before making fallback query
-              if (abortSignal.aborted) {
-                throw new Error('Request aborted');
-              }
-
-              const { data: fallbackData, error: fallbackError } = await supabase
-                .from('rbac_organisation_roles')
-                .select(`
-                  id,
-                  user_id,
-                  organisation_id,
-                  role,
-                  status,
-                  granted_at,
-                  granted_by,
-                  revoked_at,
-                  revoked_by,
-                  notes,
-                  created_at,
-                  updated_at,
-                  organisations!inner(
-                    id,
-                    name,
-                    display_name,
-                    subscription_tier,
-                    settings,
-                    is_active,
-                    parent_id,
-                    created_at,
-                    updated_at
-                  )
-                `)
-                .eq('user_id', user.id)
-                .eq('status', 'active')
-                .is('revoked_at', null)
-                .in('role', ['org_admin', 'leader', 'member']);
-              
-              if (fallbackError) {
-                console.error("[OrganisationProvider] Fallback query also failed:", fallbackError);
-                throw membershipError; // Throw original error
-              }
-              
-              console.log("[OrganisationProvider] Fallback query successful, got", fallbackData?.length || 0, "memberships");
-              memberships = fallbackData || [];
-              membershipError = null;
-            } catch (fallbackErr) {
-              console.error("[OrganisationProvider] Fallback query failed:", fallbackErr);
-              throw membershipError; // Throw original error
-            }
-          } else {
-            throw membershipError;
-          }
-        }
-        
-        DebugLogger.log("OrganisationProvider", "Raw memberships data:", memberships);
-        
-        if (!memberships || memberships.length === 0) {
-          throw new Error('User has no active organisation memberships') as OrganisationSecurityError;
-        }
-
-        // FIXED: Debug log to identify any problematic membership data
-        console.log("[OrganisationProvider] All memberships data:", memberships);
-        memberships.forEach((membership: any, index: number) => {
-          console.log(`[OrganisationProvider] Membership ${index}:`, {
-            organisation_id: membership.organisation_id,
-            type: typeof membership.organisation_id,
-            length: membership.organisation_id ? membership.organisation_id.length : 'null/undefined',
-            trimmed: membership.organisation_id ? membership.organisation_id.trim() : 'null/undefined'
-          });
-          if (!membership.organisation_id || membership.organisation_id.trim() === '') {
-            console.warn(`[OrganisationProvider] Membership ${index} has invalid organisation_id:`, membership);
-          }
-        });
 
-        // Get organisation details for the memberships
-        const organisationIds = memberships
-          .map((m: any) => m.organisation_id)
-          .filter((id: string) => {
-            // FIXED: Better validation to prevent empty string UUID errors
-            if (!id || typeof id !== 'string') {
-              console.warn("[OrganisationProvider] Invalid organisation ID (not string):", id);
-              return false;
-            }
-            const trimmedId = id.trim();
-            if (trimmedId === '') {
-              console.warn("[OrganisationProvider] Empty organisation ID found");
-              return false;
-            }
-            // Validate UUID format
-            const isValidUuid = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(trimmedId);
-            if (!isValidUuid) {
-              console.warn("[OrganisationProvider] Invalid UUID format:", trimmedId);
-            }
-            return isValidUuid;
-          });
-        
-        if (organisationIds.length === 0) {
-          console.warn("[OrganisationProvider] No valid organisation IDs found in memberships:", memberships);
-          throw new Error('No valid organisation IDs found in memberships') as OrganisationSecurityError;
-        }
-        
-        DebugLogger.log("OrganisationProvider", "Valid organisation IDs:", organisationIds);
-        
-        // FIXED: Additional validation to ensure no empty strings in the array
-        console.log("[OrganisationProvider] Raw organisation IDs before cleaning:", organisationIds);
-        console.log("[OrganisationProvider] Raw organisation IDs types:", organisationIds.map((id: any) => typeof id));
-        console.log("[OrganisationProvider] Raw organisation IDs lengths:", organisationIds.map((id: any) => id ? id.length : 'null/undefined'));
-        
-        const cleanOrganisationIds = organisationIds.filter((id: any) => {
-          const isValid = id && typeof id === 'string' && id.trim() !== '';
-          if (!isValid) {
-            console.warn("[OrganisationProvider] Filtering out invalid ID:", { id, type: typeof id, length: id ? id.length : 'null/undefined' });
-          }
-          return isValid;
-        }).map((id: any) => id.trim()); // Ensure all IDs are trimmed
-        
-        console.log("[OrganisationProvider] Clean organisation IDs after filtering:", cleanOrganisationIds);
-        
-        if (cleanOrganisationIds.length === 0) {
-          console.warn("[OrganisationProvider] No clean organisation IDs after filtering:", organisationIds);
-          throw new Error('No valid organisation IDs found after cleaning') as OrganisationSecurityError;
-        }
-        
-        DebugLogger.log("OrganisationProvider", "Clean organisation IDs for query:", cleanOrganisationIds);
-        
-        // Final validation: ensure no empty strings in the array
-        const finalOrganisationIds = cleanOrganisationIds.filter((id: any) => {
-          const isEmpty = !id || id.trim() === '';
-          if (isEmpty) {
-            console.error("[OrganisationProvider] CRITICAL: Empty string found in final array:", { id, type: typeof id });
-          }
-          return !isEmpty;
-        });
-        
-        if (finalOrganisationIds.length !== cleanOrganisationIds.length) {
-          console.error("[OrganisationProvider] CRITICAL: Empty strings were filtered out in final validation!");
-          console.error("Original:", cleanOrganisationIds);
-          console.error("Final:", finalOrganisationIds);
-        }
-        
-        // CRITICAL: Log exactly what we're passing to the query
-        console.log("[OrganisationProvider] FINAL QUERY ARRAY:", {
-          array: finalOrganisationIds,
-          length: finalOrganisationIds.length,
-          types: finalOrganisationIds.map((id: any) => typeof id),
-          hasEmpty: finalOrganisationIds.some((id: any) => !id || id.trim() === ''),
-          stringified: JSON.stringify(finalOrganisationIds)
-        });
-        
-        // Additional safety check - if we detect any empty strings, abort
-        if (finalOrganisationIds.some((id: any) => !id || id.trim() === '')) {
-          console.error("[OrganisationProvider] ABORTING QUERY - Empty string detected in final array!");
-          throw new Error('Empty string detected in organisation IDs array - aborting query');
-        }
-        
-        // Create a completely new array to avoid any reference issues
-        const safeOrganisationIds = [...finalOrganisationIds].filter((id: any) => {
-          const isValid = id && typeof id === 'string' && id.trim() !== '';
-          if (!isValid) {
-            console.error("[OrganisationProvider] SAFETY FILTER: Removing invalid ID:", { id, type: typeof id });
-          }
-          return isValid;
-        });
-        
-        console.log("[OrganisationProvider] SAFE ARRAY FOR QUERY:", {
-          original: finalOrganisationIds,
-          safe: safeOrganisationIds,
-          lengths: { original: finalOrganisationIds.length, safe: safeOrganisationIds.length }
-        });
-        
-        // Try a different approach - use a simple select with manual filtering
-        console.log("[OrganisationProvider] Using direct table query with manual filtering");
-        
-        // Check if request was aborted before making organisations query
-        if (abortSignal.aborted) {
-          throw new Error('Request aborted');
-        }
-        
-        const { data: allOrganisations, error: orgError } = await supabase
-          .from('organisations')
-          .select('id, name, display_name, subscription_tier, settings, is_active, parent_id, created_at, updated_at');
-        
-        if (orgError) {
-          console.error("[OrganisationProvider] Error loading organisations:", orgError);
-          throw orgError;
-        }
-        
-        // Filter manually on the client side
-        const organisations = allOrganisations?.filter(org => 
-          safeOrganisationIds.includes(org.id)
-        ) || [];
+export { OrganisationServiceProvider as OrganisationProvider } from './services/OrganisationServiceProvider';
+export type { OrganisationServiceProviderProps as OrganisationProviderProps } from './services/OrganisationServiceProvider';
 
-        // Create a map of organisation_id to role from the memberships data
-        // Since we're now getting roles directly from the consolidated table
-        const roleMap = new Map<string, string>();
-        memberships?.forEach((membership: any) => {
-          roleMap.set(membership.organisation_id, membership.role);
-        });
+// Re-export context and hook
+export { OrganisationServiceContext, useOrganisationService } from './services/OrganisationServiceProvider';
+export type { OrganisationServiceContextType } from './services/OrganisationServiceProvider';
 
-        // Extract organisations and memberships
-        const orgs = organisations as Organisation[];
-        const activeOrgs = orgs.filter(org => org.is_active);
-        
-        if (activeOrgs.length === 0) {
-          throw new Error('User has no access to active organisations') as OrganisationSecurityError;
-        }
-
-        DebugLogger.log("OrganisationProvider", "Active organisations:", activeOrgs);
-        
-        setOrganisations(activeOrgs);
-        setUserMemberships(memberships as OrganisationMembership[]);
-        
-        // Store role map in component state for later use
-        setRoleMapState(roleMap);
-        
-        // Auto-select organisation: try persisted, then primary, then first
-        let initialOrg: Organisation | null = null;
-        
-        // 1. Try to restore from localStorage
-        try {
-          const persistedOrgString = localStorage.getItem(STORAGE_KEYS.SELECTED_ORGANISATION);
-          if (persistedOrgString) {
-            const persistedOrg = JSON.parse(persistedOrgString) as Organisation;
-            // FIXED: Validate persisted org ID before using it
-            if (persistedOrg.id && typeof persistedOrg.id === 'string' && persistedOrg.id.trim() !== '') {
-              const validPersistedOrg = activeOrgs.find(org => org.id === persistedOrg.id);
-              if (validPersistedOrg) {
-                initialOrg = validPersistedOrg;
-                DebugLogger.log("OrganisationProvider", "Restored persisted organisation:", initialOrg.display_name);
-              } else {
-                console.warn("[OrganisationProvider] Persisted organisation not found in active orgs, clearing cache");
-                localStorage.removeItem(STORAGE_KEYS.SELECTED_ORGANISATION);
-              }
-            } else {
-              console.warn("[OrganisationProvider] Invalid persisted organisation ID, clearing cache");
-              localStorage.removeItem(STORAGE_KEYS.SELECTED_ORGANISATION);
-            }
-          }
-        } catch (storageError) {
-          console.warn("[OrganisationProvider] Failed to restore persisted organisation:", storageError);
-          // Clear potentially corrupted cache
-          localStorage.removeItem(STORAGE_KEYS.SELECTED_ORGANISATION);
-        }
-        
-        // 2. Fall back to org_admin role organisation (highest privilege)
-        if (!initialOrg) {
-          const adminMembership = memberships.find((m: any) => m.role === 'org_admin');
-          if (adminMembership) {
-            const foundOrg = organisations.find((org: any) => org.id === adminMembership.organisation_id);
-            if (foundOrg) {
-              initialOrg = foundOrg;
-              DebugLogger.log("OrganisationProvider", "Selected org_admin organisation:", initialOrg.display_name);
-            }
-          }
-        }
-        
-        // 3. Fall back to first organisation
-        if (!initialOrg) {
-          initialOrg = activeOrgs[0];
-          DebugLogger.log("OrganisationProvider", "Selected first organisation:", initialOrg.display_name);
-        }
-        
-        if (!initialOrg) {
-          throw new Error('No valid organisation found for user') as OrganisationSecurityError;
-        }
-
-        setSelectedOrganisation(initialOrg);
-        
-        // Persist selection
-        localStorage.setItem(STORAGE_KEYS.SELECTED_ORGANISATION, JSON.stringify(initialOrg));
-        
-        DebugLogger.log("OrganisationProvider", "Organisation context established:", {
-          selectedOrganisation: initialOrg.display_name,
-          totalOrganisations: activeOrgs.length,
-          userRole: roleMap.get(initialOrg.id)
-        });
-        
-        // FIXED: Reset retry count and failed flag on success
-        setRetryCount(0);
-        hasFailedRef.current = false;
-        
-      } catch (err) {
-        console.error("[OrganisationProvider] Failed to load organisations:", err);
-        setError(err as Error);
-        // FIXED: Increment retry count on error
-        setRetryCount(prev => prev + 1);
-        // FIXED: Set failed flag to prevent further attempts
-        hasFailedRef.current = true;
-        // FIXED: Clear all cached data on error to prevent corruption
-        clearAllCachedData();
-      } finally {
-        // FIXED: Always cleanup refs and abort controller
-        isLoadingRef.current = false;
-        setIsLoading(false);
-        abortControllerRef.current = null;
-      }
-  }, [user, session, supabase, clearAllCachedData]);
-
-  // FIXED: Load organisations only when authentication is complete and stable
-  useEffect(() => {
-    // Only load organizations if we have a valid user and session
-    // and we're not in the middle of authentication loading
-    if (user && session && supabase && !isLoading && !isLoadingRef.current) {
-      // FIXED: Prevent infinite retry loops with stricter conditions
-      if (retryCount >= 3 || hasFailedRef.current) {
-        console.error("[OrganisationProvider] Max retry count reached or failed flag set, stopping organisation loading");
-        setError(new Error('Failed to load organisations after multiple attempts'));
-        setIsLoading(false);
-        return;
-      }
-      
-      // FIXED: Add circuit breaker - if we've failed multiple times, stop trying
-      if (retryCount > 0 && Date.now() - lastLoadTimeRef.current < 5000) {
-        console.log("[OrganisationProvider] Circuit breaker active - too soon since last attempt");
-        return;
-      }
-      
-      console.log("[OrganisationProvider] Authentication stable, loading organizations... (retry:", retryCount, ")");
-      loadUserOrganisations();
-    } else if (!user && !session) {
-      // Clear state if no authentication
-      console.log("[OrganisationProvider] No authentication, clearing organization state");
-      setSelectedOrganisation(null);
-      setOrganisations([]);
-      setUserMemberships([]);
-      setRoleMapState(new Map());
-      setIsLoading(false);
-      setError(null);
-      setRetryCount(0); // Reset retry count
-      isLoadingRef.current = false; // Reset loading ref
-      hasFailedRef.current = false; // Reset failed flag
-      // FIXED: Clear localStorage when no authentication to prevent stale data
-      localStorage.removeItem(STORAGE_KEYS.SELECTED_ORGANISATION);
-      localStorage.removeItem(STORAGE_KEYS.ORGANISATION_CONTEXT);
-    }
-  }, [user, session, supabase, loadUserOrganisations]); // FIXED: Remove retryCount from dependencies to prevent infinite loop
-
-  // FIXED: Add cleanup effect to prevent memory leaks
-  useEffect(() => {
-    return () => {
-      // Cleanup on unmount
-      isLoadingRef.current = false;
-      hasFailedRef.current = false;
-      lastLoadTimeRef.current = 0;
-      // Abort any pending requests
-      if (abortControllerRef.current) {
-        abortControllerRef.current.abort();
-        abortControllerRef.current = null;
-      }
-    };
-  }, []);
-
-  // Handle logout and redirect to login
-  const handleLogoutAndRedirect = useCallback(async () => {
-    try {
-      await signOut();
-      if (navigate) {
-        navigate('/login', { replace: true });
-      } else {
-        // Fallback to window.location if navigate is not available
-        window.location.href = '/login';
-      }
-    } catch (error) {
-      console.error('[OrganisationProvider] Error during logout:', error);
-      // Even if logout fails, redirect to login
-      if (navigate) {
-        navigate('/login', { replace: true });
-      } else {
-        // Fallback to window.location if navigate is not available
-        window.location.href = '/login';
-      }
-    }
-  }, [signOut, navigate]);
-
-  // Security validation helper
-  const ensureOrganisationContext = useCallback((): Organisation => {
-    if (!selectedOrganisation) {
-      throw new Error('Organisation context is required but not available') as OrganisationSecurityError;
-    }
-    return selectedOrganisation;
-  }, [selectedOrganisation]);
-
-  // Get user's role in specified organisation (defaults to current)
-  const getUserRole = useCallback((orgId?: string): string => {
-    const targetOrgId = orgId || selectedOrganisation?.id;
-    if (!targetOrgId) return 'no_access';
-    
-    // Use roleMapState to get the role for this organisation
-    return roleMapState.get(targetOrgId) || 'no_access';
-  }, [roleMapState, selectedOrganisation]);
-
-  // Validate user has access to organisation
-  const validateOrganisationAccess = useCallback((orgId: string): boolean => {
-    return userMemberships.some((m: any) => 
-      m.organisation_id === orgId && 
-      m.status === 'active' &&
-      m.revoked_at === null
-    );
-  }, [userMemberships]);
-
-  // Secure organisation switching
-  const switchOrganisation = useCallback(async (orgId: string): Promise<void> => {
-    DebugLogger.log("OrganisationProvider", "Switching to organisation:", orgId);
-    
-    // Validate access
-    if (!validateOrganisationAccess(orgId)) {
-      throw new Error(`User does not have access to organisation ${orgId}`) as OrganisationSecurityError;
-    }
-    
-    const targetOrg = organisations.find(org => org.id === orgId);
-    if (!targetOrg) {
-      throw new Error(`Organisation ${orgId} not found in user's organisations`) as OrganisationSecurityError;
-    }
-    
-    setSelectedOrganisation(targetOrg);
-    
-    // Persist selection
-    localStorage.setItem(STORAGE_KEYS.SELECTED_ORGANISATION, JSON.stringify(targetOrg));
-    
-    // Set database organisation context
-    await setDatabaseOrganisationContext(targetOrg);
-    
-    DebugLogger.log("OrganisationProvider", "Switched to organisation:", targetOrg.display_name);
-  }, [organisations, validateOrganisationAccess, setDatabaseOrganisationContext]);
-
-  // Refresh organisations data
-  const refreshOrganisations = useCallback(async (): Promise<void> => {
-    if (!user || !session || !supabase) return;
-    
-    // Force reload by triggering the effect
-    setIsLoading(true);
-    // The useEffect will handle the actual reload
-  }, [user, session, supabase]);
-
-  // Get primary organisation (highest privilege role)
-  const getPrimaryOrganisation = useCallback((): Organisation | null => {
-    // Look for org_admin role first, then leader, then member
-    const rolePriority = ['org_admin', 'leader', 'member'];
-    
-    for (const role of rolePriority) {
-      const membership = userMemberships.find((m: any) => m.role === role);
-      if (membership) {
-        return organisations.find((org: any) => org.id === membership.organisation_id) || null;
-      }
-    }
-    
-    return null;
-  }, [userMemberships, organisations]);
-
-  // Security status
-  const isOrganisationSecure = useCallback((): boolean => {
-    return !!(selectedOrganisation && user);
-  }, [selectedOrganisation, user]);
-
-  // Build organisation hierarchy (for future use)
-  const buildOrganisationHierarchy = useCallback((orgs: Organisation[]): OrganisationHierarchy[] => {
-    const orgMap = new Map<string, Organisation>();
-    orgs.forEach(org => orgMap.set(org.id, org));
-    
-    const roots: OrganisationHierarchy[] = [];
-    
-    orgs.forEach(org => {
-      if (!org.parent_id) {
-        // Root organisation
-        roots.push({
-          organisation: org,
-          children: [],
-          depth: 0
-        });
-      }
-    });
-    
-    // For now, return flat structure - hierarchy building can be added later
-    return roots;
-  }, []);
-
-  // Computed values
-  const hasValidOrganisationContext = useMemo(() => {
-    return !!(selectedOrganisation && !isLoading && !error && isContextReady);
-  }, [selectedOrganisation, isLoading, error, isContextReady]);
-
-  // Memoized context value
-  const contextValue = useMemo<OrganisationContextType>(() => {
-    // SECURITY: Only provide full context if we have valid organisation
-    if (!selectedOrganisation) {
-      // This will never be accessed due to the render guards above,
-      // but TypeScript requires the interface to be satisfied
-      const placeholderOrg: Organisation = {
-        id: '',
-        name: '',
-        display_name: '',
-        subscription_tier: 'standard',
-        settings: {},
-        is_active: false,
-        created_at: '',
-        updated_at: ''
-      };
-      
-      return {
-        selectedOrganisation: placeholderOrg,
-        organisations: [],
-        userMemberships: [],
-        isLoading,
-        error,
-        hasValidOrganisationContext: false,
-        setSelectedOrganisation: () => {},
-        switchOrganisation: async () => {},
-        getUserRole: () => 'no_access',
-        validateOrganisationAccess: () => false,
-        refreshOrganisations: async () => {},
-        ensureOrganisationContext: () => { throw new Error('No organisation context') as OrganisationSecurityError; },
-        isOrganisationSecure: () => false,
-        getPrimaryOrganisation: () => null
-      };
-    }
-
-    return {
-      selectedOrganisation,
-      organisations,
-      userMemberships,
-      isLoading,
-      error,
-      hasValidOrganisationContext,
-      setSelectedOrganisation,
-      switchOrganisation,
-      getUserRole,
-      validateOrganisationAccess,
-      refreshOrganisations,
-      ensureOrganisationContext,
-      isOrganisationSecure,
-      getPrimaryOrganisation
-    };
-  }, [
-    selectedOrganisation,
-    organisations,
-    userMemberships,
-    isLoading,
-    error,
-    hasValidOrganisationContext,
-    switchOrganisation,
-    getUserRole,
-    validateOrganisationAccess,
-    refreshOrganisations,
-    ensureOrganisationContext,
-    isOrganisationSecure,
-    getPrimaryOrganisation
-  ]);
-
-  // SECURITY: Only render children when we have valid organisation context
-  if (isLoading || (selectedOrganisation && !isContextReady)) {
-    return (
-      <div className="organisation-loading" role="status" aria-label="Loading organisation context">
-        <div className="flex items-center justify-center min-h-screen">
-          <div className="text-center">
-            <div className="animate-spin rounded-full h-8 w-8 border-b-2 border-primary mx-auto mb-4"></div>
-            <p className="text-muted-foreground">
-              {isLoading ? 'Loading organisation context...' : 'Setting up organisation context...'}
-            </p>
-          </div>
-        </div>
-      </div>
-    );
-  }
-
-  if (error || (user && !selectedOrganisation)) {
-    return (
-      <div className="organisation-error" role="alert">
-        <div className="flex items-center justify-center min-h-screen">
-          <div className="text-center max-w-md mx-auto p-6">
-            <div className="text-destructive mb-4">
-              <svg className="h-12 w-12 mx-auto" fill="none" viewBox="0 0 24 24" stroke="currentColor">
-                <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-2.5L13.732 4c-.77-.833-1.732-.833-2.464 0L4.35 16.5c-.77.833.192 2.5 1.732 2.5z" />
-              </svg>
-            </div>
-            <h2 className="text-xl font-semibold text-foreground mb-2">
-              Organisation Access Required
-            </h2>
-            <p className="text-muted-foreground mb-4">
-              {error?.message || 'No valid organisation context available. Please contact your administrator to be added to an organisation.'}
-            </p>
-            <button 
-              onClick={handleLogoutAndRedirect}
-              className="px-4 py-2 bg-primary text-primary-foreground rounded-md hover:bg-primary/90"
-            >
-              Sign Out
-            </button>
-          </div>
-        </div>
-      </div>
-    );
-  }
-
-  return (
-    <OrganisationContext.Provider value={contextValue}>
-      {children}
-    </OrganisationContext.Provider>
-  );
-}
-
-/**
- * Hook to access organisation context
- * 
- * @returns Organisation context with guaranteed non-null selectedOrganisation
- * @throws {Error} If used outside OrganisationProvider
- */
-export const useOrganisations = (): OrganisationContextType => {
-  const context = useContext(OrganisationContext);
-  if (!context) {
-    throw new Error('useOrganisations must be used within an OrganisationProvider');
-  }
-  return context;
-};
+// Re-export convenience hook for backward compatibility
+export { useOrganisations } from '../hooks/useOrganisations';
 
-// Re-export types for convenience
-export type { 
-  Organisation, 
-  OrganisationMembership, 
-  OrganisationContextType,
-  OrganisationSecurityError
-};