@jmruthers/pace-core 0.5.76 → 0.5.78

package/dist/{chunk-K34IM5CT.js → chunk-2OGV6IRV.js}

@@ -2,34 +2,25 @@ import {
   createScopeFromEvent,
   useAccessLevel,
   useCan
-} from "./chunk-KHJS6VIA.js";
+} from "./chunk-LRQ6RBJC.js";
 import {
   OrganisationContextRequiredError,
   RBACCache,
   getRBACLogger,
   rbacCache
-} from "./chunk-FGMFQSHX.js";
+} from "./chunk-S63MFSY6.js";
 import {
   useSecureDataAccess
-} from "./chunk-NTNILOBC.js";
+} from "./chunk-5BO3MI5Y.js";
 import {
   init_UnifiedAuthProvider
-} from "./chunk-URUTVZ7N.js";
+} from "./chunk-FL4ZCQLD.js";
 import {
   useUnifiedAuth
-} from "./chunk-WN6XJWOS.js";
+} from "./chunk-MNJXXD6C.js";
 import {
-  AccessLevel,
-  init_unified
-} from "./chunk-ULBI5JGB.js";
-import {
-  getCurrentAppName,
-  init_appNameResolver
-} from "./chunk-5BSLGBYI.js";
-import {
-  DebugLogger,
-  init_debugLogger
-} from "./chunk-XLZ7U46Z.js";
+  getCurrentAppName
+} from "./chunk-JCQZ6LA7.js";
 
 // src/rbac/secureClient.ts
 import { createClient } from "@supabase/supabase-js";
@@ -171,17 +162,17 @@ function PagePermissionProvider({
   onStrictModeViolation,
   maxHistorySize = 1e3
 }) {
-  const { user, selectedOrganisationId, selectedEventId } = useUnifiedAuth();
+  const { user, selectedOrganisation, selectedEvent } = useUnifiedAuth();
   const [pageAccessHistory, setPageAccessHistory] = useState([]);
   const [isEnabled, setIsEnabled] = useState(true);
   const currentScope = useMemo(() => {
-    if (!selectedOrganisationId) return null;
+    if (!selectedOrganisation) return null;
     return {
-      organisationId: selectedOrganisationId,
-      eventId: selectedEventId || void 0,
+      organisationId: selectedOrganisation.id,
+      eventId: selectedEvent?.event_id || void 0,
       appId: void 0
     };
-  }, [selectedOrganisationId, selectedEventId]);
+  }, [selectedOrganisation, selectedEvent]);
   const hasPagePermission = useCallback((pageName, operation, pageId, scope) => {
     if (!isEnabled) return true;
     if (!user?.id) return false;
@@ -257,7 +248,6 @@ function usePagePermissions() {
 // src/rbac/components/PagePermissionGuard.tsx
 import { useMemo as useMemo2, useEffect as useEffect2, useState as useState2, useRef } from "react";
 init_UnifiedAuthProvider();
-init_appNameResolver();
 import { Fragment, jsx as jsx2, jsxs } from "react/jsx-runtime";
 var PagePermissionGuardComponent = ({
   pageName,
@@ -274,10 +264,11 @@ var PagePermissionGuardComponent = ({
   const instanceId = useMemo2(() => Math.random().toString(36).substr(2, 9), []);
   const renderCountRef = useRef(0);
   renderCountRef.current += 1;
-  const { user, selectedOrganisationId, selectedEventId, supabase } = useUnifiedAuth();
+  const { user, selectedOrganisation, selectedEvent, supabase } = useUnifiedAuth();
   const [hasChecked, setHasChecked] = useState2(false);
   const [checkError, setCheckError] = useState2(null);
   const [resolvedScope, setResolvedScope] = useState2(null);
+  const scopeResolutionAbortRef = useRef(null);
   const supabaseRef = useRef(supabase);
   supabaseRef.current = supabase;
   const lastScopeRef = useRef(null);
@@ -304,9 +295,27 @@ var PagePermissionGuardComponent = ({
   }
   const stableScope = stableScopeRef.current;
   useEffect2(() => {
+    const abortController = new AbortController();
+    scopeResolutionAbortRef.current?.abort();
+    scopeResolutionAbortRef.current = abortController;
+    const { signal } = abortController;
+    const safeSetResolvedScope = (value) => {
+      if (!signal.aborted) {
+        setResolvedScope(value);
+      }
+    };
+    const safeSetCheckError = (value) => {
+      if (!signal.aborted) {
+        setCheckError(value);
+      }
+    };
     const resolveScope = async () => {
+      if (signal.aborted) {
+        return;
+      }
       if (scope) {
-        setResolvedScope(scope);
+        safeSetResolvedScope(scope);
+        safeSetCheckError(null);
         return;
       }
       let appId = void 0;
@@ -315,9 +324,18 @@ var PagePermissionGuardComponent = ({
         if (appName) {
           try {
             const { data: app, error: error2 } = await supabaseRef.current.from("rbac_apps").select("id, name, is_active").eq("name", appName).eq("is_active", true).single();
+            if (signal.aborted) {
+              return;
+            }
             if (error2) {
               console.error("[PagePermissionGuard] Database error resolving app ID:", error2);
+              if (signal.aborted) {
+                return;
+              }
               const { data: inactiveApp } = await supabaseRef.current.from("rbac_apps").select("id, name, is_active").eq("name", appName).single();
+              if (signal.aborted) {
+                return;
+              }
               if (inactiveApp) {
                 console.error(`[PagePermissionGuard] App "${appName}" exists but is inactive (is_active: ${inactiveApp.is_active})`);
               } else {
@@ -329,20 +347,26 @@ var PagePermissionGuardComponent = ({
               console.error("[PagePermissionGuard] No app data returned for:", appName);
             }
           } catch (error2) {
+            if (signal.aborted) {
+              return;
+            }
             console.error("[PagePermissionGuard] Unexpected error resolving app ID:", error2);
           }
         } else {
           console.error("[PagePermissionGuard] No app name found. Make sure to call setRBACAppName() in your app setup.");
         }
       }
-      if (selectedOrganisationId && selectedEventId) {
+      if (signal.aborted) {
+        return;
+      }
+      if (selectedOrganisation && selectedEvent) {
         if (!appId) {
           if (import.meta.env.MODE === "test") {
             console.warn("[PagePermissionGuard] App ID not resolved in test environment, proceeding without it");
           } else {
             console.error("[PagePermissionGuard] CRITICAL: App ID not resolved. Check console for details.");
-            setCheckError(new Error("App ID not resolved. Check console for database errors."));
-            setResolvedScope(null);
+            safeSetCheckError(new Error("App ID not resolved. Check console for database errors."));
+            safeSetResolvedScope(null);
             return;
           }
         }
@@ -350,28 +374,31 @@ var PagePermissionGuardComponent = ({
           const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
           if (!uuidRegex.test(appId)) {
             console.error("[PagePermissionGuard] CRITICAL: App ID is not a valid UUID:", appId);
-            setCheckError(new Error(`Invalid app ID format: ${appId}. Expected UUID.`));
-            setResolvedScope(null);
+            safeSetCheckError(new Error(`Invalid app ID format: ${appId}. Expected UUID.`));
+            safeSetResolvedScope(null);
             return;
           }
         }
-        const resolvedScope2 = {
-          organisationId: selectedOrganisationId,
-          eventId: selectedEventId,
+        const resolvedContext = {
+          organisationId: selectedOrganisation.id,
+          eventId: selectedEvent.event_id,
           appId
         };
-        setResolvedScope(resolvedScope2);
-        setCheckError(null);
+        safeSetResolvedScope(resolvedContext);
+        safeSetCheckError(null);
+        return;
+      }
+      if (signal.aborted) {
         return;
       }
-      if (selectedOrganisationId) {
+      if (selectedOrganisation) {
         if (!appId) {
           if (import.meta.env.MODE === "test") {
             console.warn("[PagePermissionGuard] App ID not resolved in test environment, proceeding without it");
           } else {
             console.error("[PagePermissionGuard] CRITICAL: App ID not resolved. Check console for details.");
-            setCheckError(new Error("App ID not resolved. Check console for database errors."));
-            setResolvedScope(null);
+            safeSetCheckError(new Error("App ID not resolved. Check console for database errors."));
+            safeSetResolvedScope(null);
             return;
           }
         }
@@ -379,51 +406,69 @@ var PagePermissionGuardComponent = ({
           const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
           if (!uuidRegex.test(appId)) {
             console.error("[PagePermissionGuard] CRITICAL: App ID is not a valid UUID:", appId);
-            setCheckError(new Error(`Invalid app ID format: ${appId}. Expected UUID.`));
-            setResolvedScope(null);
+            safeSetCheckError(new Error(`Invalid app ID format: ${appId}. Expected UUID.`));
+            safeSetResolvedScope(null);
             return;
           }
         }
-        const resolvedScope2 = {
-          organisationId: selectedOrganisationId,
-          eventId: selectedEventId || void 0,
+        const resolvedContext = {
+          organisationId: selectedOrganisation.id,
+          eventId: selectedEvent?.event_id || void 0,
           appId
         };
-        setResolvedScope(resolvedScope2);
-        setCheckError(null);
+        safeSetResolvedScope(resolvedContext);
+        safeSetCheckError(null);
         return;
       }
-      if (selectedEventId && supabaseRef.current) {
+      if (signal.aborted) {
+        return;
+      }
+      if (selectedEvent && supabaseRef.current) {
         try {
-          const eventScope = await createScopeFromEvent(supabaseRef.current, selectedEventId);
+          const eventScope = await createScopeFromEvent(supabaseRef.current, selectedEvent.event_id);
+          if (signal.aborted) {
+            return;
+          }
           if (!eventScope) {
-            setCheckError(new Error("Could not resolve organization from event context"));
-            setResolvedScope(null);
+            safeSetCheckError(new Error("Could not resolve organization from event context"));
+            safeSetResolvedScope(null);
             return;
           }
-          setResolvedScope({
+          safeSetResolvedScope({
             ...eventScope,
             appId: appId || eventScope.appId
           });
-          setCheckError(null);
+          safeSetCheckError(null);
         } catch (error2) {
-          setCheckError(error2);
-          setResolvedScope(null);
+          if (signal.aborted) {
+            return;
+          }
+          safeSetCheckError(error2);
+          safeSetResolvedScope(null);
         }
         return;
       }
-      const errorMessage = !selectedOrganisationId && !selectedEventId ? "Either organisation context or event context is required for page permission checking" : "Insufficient context for permission checking. Please ensure you are properly authenticated and have selected an organisation or event.";
+      if (signal.aborted) {
+        return;
+      }
+      const errorMessage = !selectedOrganisation && !selectedEvent ? "Either organisation context or event context is required for page permission checking" : "Insufficient context for permission checking. Please ensure you are properly authenticated and have selected an organisation or event.";
       console.error("[PagePermissionGuard] Context resolution failed:", {
-        selectedOrganisationId,
-        selectedEventId,
+        selectedOrganisation: selectedOrganisation ? selectedOrganisation.id : null,
+        selectedEvent: selectedEvent ? selectedEvent.event_id : null,
         appId,
         error: errorMessage
       });
-      setCheckError(new Error(errorMessage));
-      setResolvedScope(null);
+      safeSetCheckError(new Error(errorMessage));
+      safeSetResolvedScope(null);
     };
     resolveScope();
-  }, [scope, selectedOrganisationId, selectedEventId]);
+    return () => {
+      abortController.abort();
+      if (scopeResolutionAbortRef.current === abortController) {
+        scopeResolutionAbortRef.current = null;
+      }
+    };
+  }, [scope, selectedOrganisation, selectedEvent]);
   const effectivePageId = useMemo2(() => {
     return pageId || pageName;
   }, [pageId, pageName]);
@@ -533,18 +578,18 @@ function SecureDataProvider({
   maxHistorySize = 1e3,
   enforceRLS = true
 }) {
-  const { user, selectedOrganisationId, selectedEventId } = useUnifiedAuth();
+  const { user, selectedOrganisation, selectedEvent } = useUnifiedAuth();
   const { validateContext } = useSecureDataAccess();
   const [dataAccessHistory, setDataAccessHistory] = useState3([]);
   const [isEnabled, setIsEnabled] = useState3(true);
   const currentScope = useMemo3(() => {
-    if (!selectedOrganisationId) return null;
+    if (!selectedOrganisation) return null;
     return {
-      organisationId: selectedOrganisationId,
-      eventId: selectedEventId || void 0,
+      organisationId: selectedOrganisation.id,
+      eventId: selectedEvent?.event_id || void 0,
       appId: void 0
     };
-  }, [selectedOrganisationId, selectedEventId]);
+  }, [selectedOrganisation, selectedEvent]);
   const isDataAccessAllowed = useCallback3((table, operation, scope) => {
     if (!isEnabled) return true;
     if (!user?.id) return false;
@@ -654,7 +699,7 @@ function PermissionEnforcer({
   loading = /* @__PURE__ */ jsx4(DefaultLoading2, {}),
   requireAll = true
 }) {
-  const { user, selectedOrganisationId, selectedEventId, supabase } = useUnifiedAuth();
+  const { user, selectedOrganisation, selectedEvent, supabase } = useUnifiedAuth();
   const [hasChecked, setHasChecked] = useState4(false);
   const [checkError, setCheckError] = useState4(null);
   const [permissionResults, setPermissionResults] = useState4({});
@@ -665,25 +710,25 @@ function PermissionEnforcer({
         setResolvedScope(scope);
         return;
       }
-      if (selectedOrganisationId && selectedEventId) {
+      if (selectedOrganisation && selectedEvent) {
         setResolvedScope({
-          organisationId: selectedOrganisationId,
-          eventId: selectedEventId,
+          organisationId: selectedOrganisation.id,
+          eventId: selectedEvent.event_id,
           appId: void 0
         });
         return;
       }
-      if (selectedOrganisationId) {
+      if (selectedOrganisation) {
         setResolvedScope({
-          organisationId: selectedOrganisationId,
-          eventId: selectedEventId || void 0,
+          organisationId: selectedOrganisation.id,
+          eventId: selectedEvent?.event_id || void 0,
           appId: void 0
         });
         return;
       }
-      if (selectedEventId && supabase) {
+      if (selectedEvent && supabase) {
         try {
-          const eventScope = await createScopeFromEvent(supabase, selectedEventId);
+          const eventScope = await createScopeFromEvent(supabase, selectedEvent.event_id);
           if (!eventScope) {
             setCheckError(new Error("Could not resolve organization from event context"));
             return;
@@ -697,11 +742,11 @@ function PermissionEnforcer({
       setCheckError(new Error("Either organisation context or event context is required for permission checking"));
     };
     resolveScope();
-  }, [scope, selectedOrganisationId, selectedEventId, supabase]);
+  }, [scope, selectedOrganisation, selectedEvent, supabase]);
   const representativePermission = permissions[0];
   const { can, isLoading, error } = useCan(
     user?.id || "",
-    resolvedScope || { eventId: selectedEventId || void 0 },
+    resolvedScope || { eventId: selectedEvent?.event_id || void 0 },
     representativePermission,
     void 0,
     true
@@ -799,19 +844,19 @@ function RoleBasedRouter({
   maxHistorySize = 1e3,
   unauthorizedComponent: UnauthorizedComponent = DefaultUnauthorizedComponent
 }) {
-  const { user, selectedOrganisationId, selectedEventId } = useUnifiedAuth();
+  const { user, selectedOrganisation, selectedEvent } = useUnifiedAuth();
   const location = useLocation();
   const navigate = useNavigate();
   const [routeAccessHistory, setRouteAccessHistory] = useState5([]);
   const [currentRoute, setCurrentRoute] = useState5("");
   const currentScope = useMemo5(() => {
-    if (!selectedOrganisationId) return null;
+    if (!selectedOrganisation) return null;
     return {
-      organisationId: selectedOrganisationId,
-      eventId: selectedEventId || void 0,
+      organisationId: selectedOrganisation.id,
+      eventId: selectedEvent?.event_id || void 0,
       appId: void 0
     };
-  }, [selectedOrganisationId, selectedEventId]);
+  }, [selectedOrganisation, selectedEvent]);
   const currentRouteConfig = useMemo5(() => {
     const currentPath = location.pathname;
     return routes.find((route) => route.path === currentPath) || null;
@@ -977,22 +1022,39 @@ function NavigationProvider({
   onStrictModeViolation,
   maxHistorySize = 1e3
 }) {
-  const { user, selectedOrganisationId, selectedEventId } = useUnifiedAuth();
+  const { user, selectedOrganisation, selectedEvent } = useUnifiedAuth();
   const [navigationAccessHistory, setNavigationAccessHistory] = useState6([]);
   const [isEnabled, setIsEnabled] = useState6(true);
   const currentScope = useMemo6(() => {
-    if (!selectedOrganisationId) return null;
+    if (!selectedOrganisation) return null;
     return {
-      organisationId: selectedOrganisationId,
-      eventId: selectedEventId || void 0,
+      organisationId: selectedOrganisation.id,
+      eventId: selectedEvent?.event_id || void 0,
       appId: void 0
     };
-  }, [selectedOrganisationId, selectedEventId]);
+  }, [selectedOrganisation, selectedEvent]);
   const hasNavigationPermission = useCallback6((item) => {
     if (!isEnabled) return true;
     if (!user?.id) return false;
     if (!currentScope) return false;
-    return true;
+    if (!item.permissions || item.permissions.length === 0) {
+      console.warn(`[NavigationProvider] Navigation item "${item.id}" has no permissions defined - denying access`);
+      return false;
+    }
+    const permission = item.permissions[0];
+    const { can, error } = useCan(
+      user.id,
+      currentScope,
+      permission,
+      item.pageId,
+      true
+      // useCache
+    );
+    if (error) {
+      console.warn(`[NavigationProvider] Permission check error for "${item.id}": ${error.message} - allowing access for graceful degradation`);
+      return true;
+    }
+    return can;
   }, [isEnabled, user?.id, currentScope]);
   const getNavigationPermissions = useCallback6(() => {
     if (!isEnabled || !user?.id) return {};
@@ -1081,7 +1143,7 @@ function NavigationGuard({
   loading = /* @__PURE__ */ jsx7(DefaultLoading3, {}),
   requireAll = true
 }) {
-  const { user, selectedOrganisationId, selectedEventId, supabase } = useUnifiedAuth();
+  const { user, selectedOrganisation, selectedEvent, supabase } = useUnifiedAuth();
   const [hasChecked, setHasChecked] = useState7(false);
   const [checkError, setCheckError] = useState7(null);
   const [resolvedScope, setResolvedScope] = useState7(null);
@@ -1091,25 +1153,25 @@ function NavigationGuard({
         setResolvedScope(scope);
         return;
       }
-      if (selectedOrganisationId && selectedEventId) {
+      if (selectedOrganisation && selectedEvent) {
         setResolvedScope({
-          organisationId: selectedOrganisationId,
-          eventId: selectedEventId,
+          organisationId: selectedOrganisation.id,
+          eventId: selectedEvent.event_id,
           appId: void 0
         });
         return;
       }
-      if (selectedOrganisationId) {
+      if (selectedOrganisation) {
         setResolvedScope({
-          organisationId: selectedOrganisationId,
-          eventId: selectedEventId || void 0,
+          organisationId: selectedOrganisation.id,
+          eventId: selectedEvent?.event_id || void 0,
           appId: void 0
         });
         return;
       }
-      if (selectedEventId && supabase) {
+      if (selectedEvent && supabase) {
         try {
-          const eventScope = await createScopeFromEvent(supabase, selectedEventId);
+          const eventScope = await createScopeFromEvent(supabase, selectedEvent.event_id);
           if (!eventScope) {
             setCheckError(new Error("Could not resolve organization from event context"));
             return;
@@ -1123,11 +1185,11 @@ function NavigationGuard({
       setCheckError(new Error("Either organisation context or event context is required for navigation permission checking"));
     };
     resolveScope();
-  }, [scope, selectedOrganisationId, selectedEventId, supabase]);
+  }, [scope, selectedOrganisation, selectedEvent, supabase]);
   const representativePermission = navigationItem.permissions[0];
   const { can, isLoading, error } = useCan(
     user?.id || "",
-    resolvedScope || { eventId: selectedEventId || void 0 },
+    resolvedScope || { eventId: selectedEvent?.event_id || void 0 },
     representativePermission,
     navigationItem.pageId,
     true
@@ -1341,467 +1403,9 @@ function EnhancedNavigationMenu({
   }) });
 }
 
-// src/rbac/providers/RBACProvider.tsx
-init_unified();
-init_debugLogger();
-import { createContext as createContext5, useContext as useContext5, useState as useState9, useEffect as useEffect9, useCallback as useCallback9, useMemo as useMemo9 } from "react";
-import { jsx as jsx9 } from "react/jsx-runtime";
-var RBACContext = createContext5(void 0);
-var useRBAC = () => {
-  const context = useContext5(RBACContext);
-  if (!context) {
-    throw new Error("useRBAC must be used within an RBACProvider");
-  }
-  return context;
-};
-var STORAGE_KEYS = {
-  SELECTED_EVENT: "pace-core-selected-event"
-};
-var transformRBACPermissions = (rbacData, _appName) => {
-  const permissions = {};
-  let roles = [];
-  let access_level = "viewer" /* VIEWER */;
-  if (!rbacData || !Array.isArray(rbacData)) {
-    return { permissions: {}, roles: ["viewer"], access_level: "viewer" /* VIEWER */ };
-  }
-  const superAdminPerm = rbacData.find((p) => p.permission_type === "all_permissions");
-  if (superAdminPerm) {
-    return {
-      permissions: { "all:all": true },
-      roles: ["super"],
-      access_level: "super" /* SUPER */
-    };
-  }
-  const eventAppPerms = rbacData.filter((p) => p.permission_type === "event_app_access");
-  if (eventAppPerms.length > 0) {
-    const role = eventAppPerms[0].role_name;
-    switch (role) {
-      case "event_admin":
-        access_level = "admin" /* ADMIN */;
-        roles = ["admin"];
-        break;
-      case "planner":
-        access_level = "planner" /* PLANNER */;
-        roles = ["planner"];
-        break;
-      case "participant":
-        access_level = "participant" /* PARTICIPANT */;
-        roles = ["participant"];
-        break;
-      case "editor":
-        access_level = "editor" /* EDITOR */;
-        roles = ["editor"];
-        break;
-      case "viewer":
-      default:
-        access_level = "viewer" /* VIEWER */;
-        roles = ["viewer"];
-        break;
-    }
-    const basePermissions = ["read"];
-    if (["event_admin", "planner"].includes(role)) {
-      basePermissions.push("create", "update");
-    }
-    if (role === "event_admin") {
-      basePermissions.push("delete");
-    }
-    basePermissions.forEach((operation) => {
-      permissions[`default:${operation}`] = true;
-    });
-  }
-  const orgPerms = rbacData.filter((p) => p.permission_type === "organisation_access");
-  if (orgPerms.length > 0) {
-    const role = orgPerms[0].role_name;
-    if (role === "org_admin") {
-      access_level = "admin" /* ADMIN */;
-      roles = ["admin"];
-      ["create", "read", "update", "delete"].forEach((operation) => {
-        permissions[`default:${operation}`] = true;
-      });
-    }
-  }
-  return { permissions, roles, access_level };
-};
-function RBACProvider({
-  children,
-  supabaseClient,
-  user,
-  session,
-  appName,
-  enableRBAC = false,
-  persistState = true,
-  enablePersistence,
-  requireOrganisationContext: _requireOrganisationContext = true
-}) {
-  const shouldPersist = enablePersistence !== void 0 ? enablePersistence : persistState;
-  const [permissions, setPermissions] = useState9({});
-  const [roles, setRoles] = useState9([]);
-  const [accessLevel, setAccessLevel] = useState9("viewer" /* VIEWER */);
-  const [rbacLoading, setRbacLoading] = useState9(false);
-  const [rbacError, setRbacError] = useState9(null);
-  const [selectedEventId, setSelectedEventId] = useState9(null);
-  const [appConfig, setAppConfig] = useState9(null);
-  const [userEventAccess, setUserEventAccess] = useState9([]);
-  const [eventAccessLoading, setEventAccessLoading] = useState9(false);
-  const [selectedOrganisationId, _setSelectedOrganisationId] = useState9(null);
-  useEffect9(() => {
-    if (!supabaseClient) return;
-    const loadAppConfig = async () => {
-      try {
-        const { getCurrentAppName: getCurrentAppName2 } = await import("./appNameResolver-UURKN7NF.js");
-        const resolvedAppName = getCurrentAppName2() || appName;
-        const { data: appData, error: appError } = await supabaseClient.from("rbac_apps").select("id").eq("name", resolvedAppName).eq("is_active", true).single();
-        if (appError || !appData) {
-          console.warn("App not found or inactive:", resolvedAppName);
-          setAppConfig({
-            supports_direct_access: false,
-            // Field removed from rbac_apps table
-            requires_event: true
-          });
-          return;
-        }
-        const response = await supabaseClient.rpc("get_app_config", {
-          app_id: appData.id
-        });
-        const { data } = response || {};
-        if (data && data.length > 0) {
-          setAppConfig({
-            supports_direct_access: false,
-            // Field removed from rbac_apps table
-            requires_event: data[0].requires_event
-          });
-        } else {
-          setAppConfig({
-            supports_direct_access: false,
-            requires_event: true
-          });
-        }
-      } catch (error) {
-        console.warn("Clearing corrupted localStorage data");
-        if (typeof localStorage !== "undefined") {
-          localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);
-        }
-        console.warn("Failed to load app configuration:", error);
-        setAppConfig({
-          supports_direct_access: false,
-          // Field removed from rbac_apps table
-          requires_event: true
-        });
-      }
-    };
-    loadAppConfig();
-  }, [supabaseClient, appName]);
-  useEffect9(() => {
-    const isSuperAdmin = user?.user_metadata?.globalRole === "super_admin";
-    if (isSuperAdmin) {
-      setRoles(["super_admin"]);
-    } else {
-      setRoles([]);
-    }
-  }, [user]);
-  useEffect9(() => {
-    if (!shouldPersist) return;
-    try {
-      const persistedEvent = localStorage.getItem(STORAGE_KEYS.SELECTED_EVENT);
-      if (persistedEvent) {
-        setSelectedEventId(JSON.parse(persistedEvent));
-      }
-    } catch (error) {
-      console.warn("Clearing corrupted localStorage data");
-      localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);
-    }
-  }, [shouldPersist]);
-  useEffect9(() => {
-    if (!shouldPersist) return;
-    try {
-      if (selectedEventId) {
-        localStorage.setItem(
-          STORAGE_KEYS.SELECTED_EVENT,
-          JSON.stringify(selectedEventId)
-        );
-      } else {
-        localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);
-      }
-    } catch (error) {
-      console.warn("Clearing corrupted localStorage data");
-      localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);
-      console.warn("Failed to persist auth state:", error);
-    }
-  }, [selectedEventId, shouldPersist]);
-  const refreshPermissions = useCallback9(async (eventId) => {
-    if (!supabaseClient || !user || !appConfig || !session) {
-      DebugLogger.log("RBACProvider", "refreshPermissions: Missing required dependencies, clearing permissions");
-      setPermissions({});
-      setRoles([]);
-      setAccessLevel("viewer" /* VIEWER */);
-      return;
-    }
-    const { data: globalRoles } = await supabaseClient.from("rbac_global_roles").select("role").eq("user_id", user.id).eq("role", "super_admin").lte("valid_from", (/* @__PURE__ */ new Date()).toISOString()).or(`valid_to.is.null,valid_to.gte.${(/* @__PURE__ */ new Date()).toISOString()}`).limit(1);
-    const isSuperAdmin = globalRoles && globalRoles.length > 0;
-    if (isSuperAdmin) {
-      setPermissions({
-        "admin:create": true,
-        "admin:read": true,
-        "admin:update": true,
-        "admin:delete": true,
-        "users:create": true,
-        "users:read": true,
-        "users:update": true,
-        "users:delete": true,
-        "events:create": true,
-        "events:read": true,
-        "events:update": true,
-        "events:delete": true
-      });
-      setRoles(["super_admin"]);
-      setAccessLevel("super" /* SUPER */);
-      return;
-    }
-    const shouldLoadDirectPermissions = !eventId && !appConfig.requires_event;
-    const shouldLoadEventPermissions = eventId;
-    const shouldClearPermissions = !eventId && appConfig.requires_event;
-    if (shouldClearPermissions) {
-      setPermissions({});
-      setRoles([]);
-      setAccessLevel("viewer" /* VIEWER */);
-      return;
-    }
-    if (!shouldLoadDirectPermissions && !shouldLoadEventPermissions) {
-      return;
-    }
-    setRbacLoading(true);
-    setRbacError(null);
-    try {
-      const { getCurrentAppName: getCurrentAppName2 } = await import("./appNameResolver-UURKN7NF.js");
-      const resolvedAppName = getCurrentAppName2() || appName;
-      const { data: appData, error: appError } = await supabaseClient.from("rbac_apps").select("id").eq("name", resolvedAppName).eq("is_active", true).single();
-      if (appError || !appData) {
-        console.warn("App not found or inactive:", resolvedAppName);
-        setRbacLoading(false);
-        return;
-      }
-      const { data, error } = await supabaseClient.rpc("rbac_permissions_get", {
-        p_user_id: user.id,
-        p_app_id: appData.id,
-        p_event_id: eventId || null,
-        p_organisation_id: selectedOrganisationId || null
-      });
-      if (error) {
-        throw error;
-      }
-      const { permissions: permissions2, roles: roles2, access_level } = transformRBACPermissions(data, appName);
-      setPermissions(permissions2);
-      setRoles(roles2);
-      setAccessLevel(access_level);
-    } catch (err) {
-      setRbacError(err);
-    } finally {
-      setRbacLoading(false);
-    }
-  }, [supabaseClient, user, session, appName, appConfig, selectedOrganisationId]);
-  const loadUserEventAccess = useCallback9(async () => {
-    if (!supabaseClient || !user || !session) {
-      DebugLogger.log("RBACProvider", "loadUserEventAccess: Missing required dependencies, clearing event access");
-      setUserEventAccess([]);
-      return;
-    }
-    setEventAccessLoading(true);
-    try {
-      const { getCurrentAppName: getCurrentAppName2 } = await import("./appNameResolver-UURKN7NF.js");
-      const resolvedAppName = getCurrentAppName2() || appName;
-      const { data: appData, error: appError } = await supabaseClient.from("rbac_apps").select("id").eq("name", resolvedAppName).eq("is_active", true).single();
-      if (appError || !appData) {
-        console.warn("App not found or inactive:", resolvedAppName);
-        setEventAccessLoading(false);
-        return;
-      }
-      const { data, error } = await supabaseClient.from("rbac_event_app_roles").select(`
-          event_id,
-          role,
-          granted_at
-        `).eq("user_id", user.id).eq("app_id", appData.id);
-      if (error) {
-        console.error("Failed to load user event access:", error);
-        setUserEventAccess([]);
-        return;
-      }
-      const eventAccess = data?.map((item) => ({
-        event_id: item.event_id,
-        event_name: "Unknown Event",
-        // Event details not available in this query
-        event_description: null,
-        // Not available in this schema
-        start_date: "",
-        // Event date not available in this query
-        end_date: "",
-        // Event date not available in this query
-        event_status: "unknown",
-        // Not available in this schema
-        app_id: appData.id,
-        access_level: item.role,
-        // Map role to access_level
-        granted_at: item.granted_at,
-        organisation_id: ""
-        // Will be populated from event's organisation_id if needed
-      })) || [];
-      setUserEventAccess(eventAccess);
-    } catch (error) {
-      console.warn("Clearing corrupted localStorage data");
-      localStorage.removeItem(STORAGE_KEYS.SELECTED_EVENT);
-      console.error("Error loading user event access:", error);
-      setUserEventAccess([]);
-    } finally {
-      setEventAccessLoading(false);
-    }
-  }, [supabaseClient, user, session, appName]);
-  const getUserEventAccess = useCallback9((eventId) => {
-    return userEventAccess.find((access) => access.event_id === eventId);
-  }, [userEventAccess]);
-  useEffect9(() => {
-    if (!user || !appConfig || !session) {
-      DebugLogger.log("RBACProvider", "Skipping permission refresh - no user, session, or app config");
-      return;
-    }
-    const isSuperAdmin = user?.user_metadata?.globalRole === "super_admin";
-    if (isSuperAdmin) {
-      setPermissions({
-        "admin:create": true,
-        "admin:read": true,
-        "admin:update": true,
-        "admin:delete": true,
-        "users:create": true,
-        "users:read": true,
-        "users:update": true,
-        "users:delete": true,
-        "events:create": true,
-        "events:read": true,
-        "events:update": true,
-        "events:delete": true
-      });
-      setRoles(["super_admin"]);
-      setAccessLevel("admin" /* ADMIN */);
-      return;
-    }
-    if (selectedEventId) {
-      refreshPermissions(selectedEventId);
-    } else if (!appConfig.requires_event) {
-      refreshPermissions();
-    } else {
-      setPermissions({});
-      setRoles([]);
-      setAccessLevel("viewer" /* VIEWER */);
-    }
-  }, [selectedEventId, user, session, appConfig, refreshPermissions]);
-  useEffect9(() => {
-    let isMounted = true;
-    if (user && session) {
-      DebugLogger.log("RBACProvider", "Loading user event access for authenticated user");
-      loadUserEventAccess().catch((error) => {
-        if (isMounted) {
-          console.error("Error loading user event access:", error);
-        }
-      });
-    } else {
-      DebugLogger.log("RBACProvider", "Clearing user event access - no user or session");
-      if (isMounted) {
-        setUserEventAccess([]);
-      }
-    }
-    return () => {
-      isMounted = false;
-    };
-  }, [user, session, loadUserEventAccess]);
-  const hasPermission2 = useCallback9((permission) => {
-    const hasPerm = !!permissions[permission];
-    return hasPerm;
-  }, [permissions]);
-  const hasAnyPermission2 = useCallback9((perms) => perms.some((p) => !!permissions[p]), [permissions]);
-  const hasAllPermissions2 = useCallback9((perms) => perms.every((p) => !!permissions[p]), [permissions]);
-  const hasRole = useCallback9((role) => {
-    const isSuperAdmin = user?.user_metadata?.globalRole === "super_admin";
-    if (role.toLowerCase() === "super_admin") {
-      return isSuperAdmin;
-    }
-    return roles.includes(role);
-  }, [roles, user]);
-  const hasAccessLevel = useCallback9((level) => {
-    const levels = Object.values(AccessLevel);
-    return levels.indexOf(accessLevel) >= levels.indexOf(level);
-  }, [accessLevel]);
-  const canAccess = useCallback9((resource, action) => {
-    const permission = `${resource}:${action}`;
-    const hasAccess = hasPermission2(permission);
-    return hasAccess;
-  }, [hasPermission2]);
-  const validatePermission = useCallback9(async (permission) => hasPermission2(permission), [hasPermission2]);
-  const validateAccess = useCallback9(async (resource, action) => {
-    return Promise.resolve(canAccess(resource, action));
-  }, [canAccess]);
-  const contextValue = useMemo9(() => ({
-    permissions,
-    roles,
-    accessLevel,
-    rbacLoading,
-    rbacError,
-    selectedEventId,
-    appConfig,
-    userEventAccess,
-    eventAccessLoading,
-    // Organisation context
-    selectedOrganisationId,
-    requireOrganisationContext: () => {
-      if (!selectedOrganisationId) {
-        throw new Error("Organisation context is required but not available");
-      }
-      return selectedOrganisationId;
-    },
-    hasPermission: hasPermission2,
-    hasAnyPermission: hasAnyPermission2,
-    hasAllPermissions: hasAllPermissions2,
-    hasRole,
-    hasAccessLevel,
-    canAccess,
-    validatePermission,
-    validateAccess,
-    refreshPermissions,
-    setSelectedEventId,
-    // New RBAC system support
-    rbacEnabled: enableRBAC,
-    rbacContext: void 0,
-    // Will be populated by useRBAC hook when enabled
-    loadUserEventAccess,
-    getUserEventAccess
-  }), [
-    permissions,
-    roles,
-    accessLevel,
-    rbacLoading,
-    rbacError,
-    selectedEventId,
-    appConfig,
-    userEventAccess,
-    eventAccessLoading,
-    selectedOrganisationId,
-    hasPermission2,
-    hasAnyPermission2,
-    hasAllPermissions2,
-    hasRole,
-    hasAccessLevel,
-    canAccess,
-    validatePermission,
-    validateAccess,
-    refreshPermissions,
-    setSelectedEventId,
-    enableRBAC,
-    loadUserEventAccess,
-    getUserEventAccess
-  ]);
-  return /* @__PURE__ */ jsx9(RBACContext.Provider, { value: contextValue, children });
-}
-
 // src/rbac/adapters.tsx
-import React10, { useContext as useContext6 } from "react";
-import { Fragment as Fragment4, jsx as jsx10, jsxs as jsxs6 } from "react/jsx-runtime";
+init_UnifiedAuthProvider();
+import { Fragment as Fragment4, jsx as jsx9 } from "react/jsx-runtime";
 function PermissionGuard({
   userId,
   scope,
@@ -1817,40 +1421,24 @@ function PermissionGuard({
   enforceAudit = true
 }) {
   const logger = getRBACLogger();
-  const authContext = useContext6(React10.createContext(null));
-  let effectiveUserId = userId;
-  if (!effectiveUserId) {
-    try {
-      if (authContext?.user?.id) {
-        effectiveUserId = authContext.user.id;
-      } else {
-        const globalUser = window.__PACE_USER__;
-        if (globalUser?.id) {
-          effectiveUserId = globalUser.id;
-        }
-      }
-    } catch (error2) {
-      logger.debug("Could not infer userId from context:", error2);
+  let authContext = null;
+  try {
+    authContext = useUnifiedAuth();
+  } catch (error2) {
+    if (error2 instanceof Error && error2.message.includes("must be used within")) {
+      authContext = null;
+    } else {
+      throw error2;
     }
   }
+  const effectiveUserId = userId ?? authContext?.user?.id ?? null;
   const { can, isLoading, error } = useCan(effectiveUserId || "", scope, permission, pageId);
   if (!effectiveUserId) {
     logger.error("PermissionGuard: No userId provided and could not infer from context");
-    return /* @__PURE__ */ jsxs6("div", { className: "rbac-error", role: "alert", children: [
-      /* @__PURE__ */ jsx10("p", { children: "Permission check failed: User context not available" }),
-      /* @__PURE__ */ jsxs6("details", { children: [
-        /* @__PURE__ */ jsx10("summary", { children: "Debug info" }),
-        /* @__PURE__ */ jsx10("p", { children: "Make sure to either:" }),
-        /* @__PURE__ */ jsxs6("ul", { children: [
-          /* @__PURE__ */ jsx10("li", { children: "Pass userId prop explicitly" }),
-          /* @__PURE__ */ jsx10("li", { children: "Wrap your app with an auth provider" }),
-          /* @__PURE__ */ jsx10("li", { children: "Set window.__PACE_USER__ with user data" })
-        ] })
-      ] })
-    ] });
+    return fallback ?? null;
   }
   if (isLoading) {
-    return loading || /* @__PURE__ */ jsx10("div", { className: "rbac-loading", role: "status", "aria-live": "polite", children: /* @__PURE__ */ jsx10("span", { className: "sr-only", children: "Checking permissions..." }) });
+    return loading || /* @__PURE__ */ jsx9("div", { className: "rbac-loading", role: "status", "aria-live": "polite", children: /* @__PURE__ */ jsx9("span", { className: "sr-only", children: "Checking permissions..." }) });
   }
   if (error) {
     logger.error("Permission check failed:", error);
@@ -1888,7 +1476,7 @@ function PermissionGuard({
     if (onDenied) {
       onDenied();
     }
-    return /* @__PURE__ */ jsx10(Fragment4, { children: fallback });
+    return /* @__PURE__ */ jsx9(Fragment4, { children: fallback });
   }
   if (auditLog) {
     logger.info(`[PermissionGuard] Permission granted:`, {
@@ -1899,7 +1487,7 @@ function PermissionGuard({
       timestamp: (/* @__PURE__ */ new Date()).toISOString()
     });
   }
-  return /* @__PURE__ */ jsx10(Fragment4, { children });
+  return /* @__PURE__ */ jsx9(Fragment4, { children });
 }
 function AccessLevelGuard({
   userId,
@@ -1910,40 +1498,24 @@ function AccessLevelGuard({
   loading = null
 }) {
   const logger = getRBACLogger();
-  const authContext = useContext6(React10.createContext(null));
-  let effectiveUserId = userId;
-  if (!effectiveUserId) {
-    try {
-      if (authContext?.user?.id) {
-        effectiveUserId = authContext.user.id;
-      } else {
-        const globalUser = window.__PACE_USER__;
-        if (globalUser?.id) {
-          effectiveUserId = globalUser.id;
-        }
-      }
-    } catch (error2) {
-      logger.debug("Could not infer userId from context:", error2);
+  let authContext = null;
+  try {
+    authContext = useUnifiedAuth();
+  } catch (error2) {
+    if (error2 instanceof Error && error2.message.includes("must be used within")) {
+      authContext = null;
+    } else {
+      throw error2;
     }
   }
+  const effectiveUserId = userId ?? authContext?.user?.id ?? null;
   const { accessLevel, isLoading, error } = useAccessLevel(effectiveUserId || "", scope);
   if (!effectiveUserId) {
     logger.error("AccessLevelGuard: No userId provided and could not infer from context");
-    return /* @__PURE__ */ jsxs6("div", { className: "rbac-error", role: "alert", children: [
-      /* @__PURE__ */ jsx10("p", { children: "Access level check failed: User context not available" }),
-      /* @__PURE__ */ jsxs6("details", { children: [
-        /* @__PURE__ */ jsx10("summary", { children: "Debug info" }),
-        /* @__PURE__ */ jsx10("p", { children: "Make sure to either:" }),
-        /* @__PURE__ */ jsxs6("ul", { children: [
-          /* @__PURE__ */ jsx10("li", { children: "Pass userId prop explicitly" }),
-          /* @__PURE__ */ jsx10("li", { children: "Wrap your app with an auth provider" }),
-          /* @__PURE__ */ jsx10("li", { children: "Set window.__PACE_USER__ with user data" })
-        ] })
-      ] })
-    ] });
+    return fallback ?? null;
   }
   if (isLoading) {
-    return loading || /* @__PURE__ */ jsx10("div", { className: "rbac-loading", role: "status", "aria-live": "polite", children: /* @__PURE__ */ jsx10("span", { className: "sr-only", children: "Checking access level..." }) });
+    return loading || /* @__PURE__ */ jsx9("div", { className: "rbac-loading", role: "status", "aria-live": "polite", children: /* @__PURE__ */ jsx9("span", { className: "sr-only", children: "Checking access level..." }) });
   }
   if (error) {
     logger.error("Access level check failed:", error);
@@ -1953,9 +1525,9 @@ function AccessLevelGuard({
   const userLevelIndex = accessLevel ? levelHierarchy.indexOf(accessLevel) : -1;
   const requiredLevelIndex = levelHierarchy.indexOf(minLevel);
   if (userLevelIndex < requiredLevelIndex) {
-    return /* @__PURE__ */ jsx10(Fragment4, { children: fallback });
+    return /* @__PURE__ */ jsx9(Fragment4, { children: fallback });
   }
-  return /* @__PURE__ */ jsx10(Fragment4, { children });
+  return /* @__PURE__ */ jsx9(Fragment4, { children });
 }
 function withPermissionGuard(config, handler) {
   return async (...args) => {
@@ -1967,7 +1539,7 @@ function withPermissionGuard(config, handler) {
     if (!userId || !organisationId) {
       throw new Error("User context required for permission check");
     }
-    const { isPermitted: isPermitted2 } = await import("./api-DDMUKIUD.js");
+    const { isPermitted: isPermitted2 } = await import("./api-KG4A2X7P.js");
     const hasPermission2 = await isPermitted2({
       userId,
       scope: { organisationId, eventId, appId },
@@ -1990,7 +1562,7 @@ function withAccessLevelGuard(minLevel, handler) {
     if (!userId || !organisationId) {
       throw new Error("User context required for access level check");
     }
-    const { getAccessLevel: getAccessLevel2 } = await import("./api-DDMUKIUD.js");
+    const { getAccessLevel: getAccessLevel2 } = await import("./api-KG4A2X7P.js");
     const accessLevel = await getAccessLevel2({
       userId,
       scope: { organisationId, eventId, appId }
@@ -2015,11 +1587,11 @@ function withRoleGuard(config, handler) {
       throw new Error("User context required for role check");
     }
     if (config.globalRoles && config.globalRoles.length > 0) {
-      const { isSuperAdmin } = await import("./api-DDMUKIUD.js");
+      const { isSuperAdmin } = await import("./api-KG4A2X7P.js");
       const isSuper = await isSuperAdmin(userId);
       if (isSuper) {
         if (organisationId) {
-          const { emitAuditEvent: emitAuditEvent2 } = await import("./audit-6TOCAMKO.js");
+          const { emitAuditEvent: emitAuditEvent2 } = await import("./audit-65VNHEV2.js");
           await emitAuditEvent2({
             type: "permission_check",
             userId,
@@ -2041,21 +1613,21 @@ function withRoleGuard(config, handler) {
       }
     }
     if (config.organisationRoles && config.organisationRoles.length > 0) {
-      const { isOrganisationAdmin } = await import("./api-DDMUKIUD.js");
+      const { isOrganisationAdmin } = await import("./api-KG4A2X7P.js");
       const isOrgAdmin = await isOrganisationAdmin(userId, organisationId);
       if (!isOrgAdmin && config.requireAll !== false) {
         throw new Error(`Organisation admin role required`);
       }
     }
     if (config.eventAppRoles && config.eventAppRoles.length > 0 && eventId && appId) {
-      const { isEventAdmin } = await import("./api-DDMUKIUD.js");
+      const { isEventAdmin } = await import("./api-KG4A2X7P.js");
       const isEventAdminUser = await isEventAdmin(userId, { organisationId, eventId, appId });
       if (!isEventAdminUser && config.requireAll !== false) {
         throw new Error(`Event admin role required`);
       }
     }
     if (organisationId) {
-      const { emitAuditEvent: emitAuditEvent2 } = await import("./audit-6TOCAMKO.js");
+      const { emitAuditEvent: emitAuditEvent2 } = await import("./audit-65VNHEV2.js");
       await emitAuditEvent2({
         type: "permission_check",
         userId,
@@ -2088,7 +1660,7 @@ function createRBACMiddleware(config) {
     );
     if (protectedRoute) {
       try {
-        const { isPermitted: isPermitted2 } = await import("./api-DDMUKIUD.js");
+        const { isPermitted: isPermitted2 } = await import("./api-KG4A2X7P.js");
         const hasPermission2 = await isPermitted2({
           userId,
           scope: { organisationId },
@@ -2115,7 +1687,7 @@ function createRBACExpressMiddleware(config) {
       return res.status(401).json({ error: "User context required" });
     }
     try {
-      const { isPermitted: isPermitted2 } = await import("./api-DDMUKIUD.js");
+      const { isPermitted: isPermitted2 } = await import("./api-KG4A2X7P.js");
       const hasPermission2 = await isPermitted2({
         userId,
         scope: { organisationId, eventId, appId },
@@ -2271,8 +1843,6 @@ export {
   useNavigationPermissions,
   NavigationGuard,
   EnhancedNavigationMenu,
-  useRBAC,
-  RBACProvider,
   PermissionGuard,
   AccessLevelGuard,
   withPermissionGuard,
@@ -2290,4 +1860,4 @@ export {
   getPermissionsForRole,
   ALL_PERMISSIONS
 };
-//# sourceMappingURL=chunk-K34IM5CT.js.map
+//# sourceMappingURL=chunk-2OGV6IRV.js.map