npm - @jmruthers/pace-core - Versions diffs - 0.5.76 → 0.5.78 - Mend

@jmruthers/pace-core 0.5.76 → 0.5.78

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (447) hide show

package/CHANGELOG.md +8 -0
package/dist/{RBACService-C4udt_Zp.d.ts → AuthService-Df3IozMG.d.ts} +10 -118
package/dist/{DataTable-ntgmhO2W.d.ts → DataTable-BE0OXZKQ.d.ts} +9 -2
package/dist/{DataTable-4GAVPIEG.js → DataTable-ETGVF4Y5.js} +50 -13
package/dist/{PublicLoadingSpinner-BiNER8F5.d.ts → PublicLoadingSpinner-CnUaz0vG.d.ts} +5 -2
package/dist/{UnifiedAuthProvider-Bj6YCf7c.d.ts → UnifiedAuthProvider-B391Aqum.d.ts} +42 -45
package/dist/{UnifiedAuthProvider-3NKDOSOK.js → UnifiedAuthProvider-P5SOJAQ6.js} +4 -5
package/dist/{api-DDMUKIUD.js → api-KG4A2X7P.js} +9 -3
package/dist/{audit-6TOCAMKO.js → audit-65VNHEV2.js} +2 -2
package/dist/{chunk-K34IM5CT.js → chunk-2OGV6IRV.js} +196 -626
package/dist/chunk-2OGV6IRV.js.map +1 -0
package/dist/{chunk-NTNILOBC.js → chunk-5BO3MI5Y.js} +4 -4
package/dist/{chunk-XLZ7U46Z.js → chunk-CVMVPYAL.js} +9 -60
package/dist/chunk-CVMVPYAL.js.map +1 -0
package/dist/{chunk-URUTVZ7N.js → chunk-FL4ZCQLD.js} +2 -2
package/dist/{chunk-LW7MMEAQ.js → chunk-FT2M4R4F.js} +2 -2
package/dist/{chunk-5BSLGBYI.js → chunk-JCQZ6LA7.js} +2 -8
package/dist/{chunk-5BSLGBYI.js.map → chunk-JCQZ6LA7.js.map} +1 -1
package/dist/{chunk-KHJS6VIA.js → chunk-LRQ6RBJC.js} +157 -112
package/dist/chunk-LRQ6RBJC.js.map +1 -0
package/dist/{chunk-WN6XJWOS.js → chunk-MNJXXD6C.js} +274 -743
package/dist/chunk-MNJXXD6C.js.map +1 -0
package/dist/{chunk-KK73ZB4E.js → chunk-PTR5PMPE.js} +153 -132
package/dist/chunk-PTR5PMPE.js.map +1 -0
package/dist/{chunk-B2WTCLCV.js → chunk-Q7APDV6H.js} +18 -8
package/dist/chunk-Q7APDV6H.js.map +1 -0
package/dist/{chunk-A4FUBC7B.js → chunk-QGVSOUJ2.js} +2 -4
package/dist/{chunk-A4FUBC7B.js.map → chunk-QGVSOUJ2.js.map} +1 -1
package/dist/{chunk-FGMFQSHX.js → chunk-S63MFSY6.js} +500 -551
package/dist/chunk-S63MFSY6.js.map +1 -0
package/dist/{chunk-AFGTSUAD.js → chunk-VSOKOFRF.js} +4 -4
package/dist/chunk-WUXCWRL6.js +20 -0
package/dist/chunk-WUXCWRL6.js.map +1 -0
package/dist/{chunk-Y6TXWPJO.js → chunk-YVVGHRGI.js} +105 -31
package/dist/chunk-YVVGHRGI.js.map +1 -0
package/dist/{chunk-M5IWZRBT.js → chunk-ZMNXIJP4.js} +2187 -981
package/dist/chunk-ZMNXIJP4.js.map +1 -0
package/dist/components.d.ts +6 -6
package/dist/components.js +14 -18
package/dist/components.js.map +1 -1
package/dist/{database-C3Szpi5J.d.ts → database-BXAfr2Y_.d.ts} +18 -0
package/dist/hooks.d.ts +5 -5
package/dist/hooks.js +8 -9
package/dist/hooks.js.map +1 -1
package/dist/index.d.ts +19 -27
package/dist/index.js +21 -29
package/dist/index.js.map +1 -1
package/dist/{organisation-BtshODVF.d.ts → organisation-D6qRDtbF.d.ts} +1 -1
package/dist/providers.d.ts +7 -21
package/dist/providers.js +3 -10
package/dist/rbac/index.d.ts +71 -221
package/dist/rbac/index.js +15 -16
package/dist/{types-CGX9Vyf5.d.ts → types-BDg1mAGG.d.ts} +36 -6
package/dist/types.d.ts +3 -3
package/dist/types.js +61 -18
package/dist/types.js.map +1 -1
package/dist/{unified-CM7T0aTK.d.ts → unified-DQ4VcT7H.d.ts} +1 -1
package/dist/{usePublicRouteParams-B-CumWRc.d.ts → usePublicRouteParams-BlgwXweB.d.ts} +3 -3
package/dist/utils.d.ts +2 -2
package/dist/utils.js +52 -9
package/dist/utils.js.map +1 -1
package/docs/CONTENT_AUDIT_REPORT.md +253 -0
package/docs/DOCUMENTATION_AUDIT.md +172 -0
package/docs/README.md +142 -147
package/docs/STYLE_GUIDE.md +37 -0
package/docs/api/classes/ColumnFactory.md +17 -17
package/docs/api/classes/ErrorBoundary.md +1 -1
package/docs/api/classes/InvalidScopeError.md +4 -4
package/docs/api/classes/MissingUserContextError.md +4 -4
package/docs/api/classes/OrganisationContextRequiredError.md +4 -4
package/docs/api/classes/PermissionDeniedError.md +5 -5
package/docs/api/classes/PublicErrorBoundary.md +1 -1
package/docs/api/classes/RBACAuditManager.md +8 -8
package/docs/api/classes/RBACCache.md +35 -5
package/docs/api/classes/RBACEngine.md +49 -20
package/docs/api/classes/RBACError.md +4 -4
package/docs/api/classes/RBACNotInitializedError.md +4 -4
package/docs/api/classes/SecureSupabaseClient.md +1 -1
package/docs/api/classes/StorageUtils.md +1 -1
package/docs/api/enums/FileCategory.md +1 -1
package/docs/api/interfaces/AggregateConfig.md +4 -4
package/docs/api/interfaces/ButtonProps.md +1 -1
package/docs/api/interfaces/CardProps.md +1 -1
package/docs/api/interfaces/ColorPalette.md +1 -1
package/docs/api/interfaces/ColorShade.md +1 -1
package/docs/api/interfaces/DataAccessRecord.md +1 -1
package/docs/api/interfaces/DataRecord.md +11 -0
package/docs/api/interfaces/DataTableAction.md +65 -29
package/docs/api/interfaces/DataTableColumn.md +36 -23
package/docs/api/interfaces/DataTableProps.md +80 -38
package/docs/api/interfaces/DataTableToolbarButton.md +7 -7
package/docs/api/interfaces/EmptyStateConfig.md +5 -5
package/docs/api/interfaces/EnhancedNavigationMenuProps.md +1 -1
package/docs/api/interfaces/EventLogoProps.md +1 -1
package/docs/api/interfaces/FileDisplayProps.md +1 -1
package/docs/api/interfaces/FileMetadata.md +1 -1
package/docs/api/interfaces/FileReference.md +1 -1
package/docs/api/interfaces/FileSizeLimits.md +1 -1
package/docs/api/interfaces/FileUploadOptions.md +1 -1
package/docs/api/interfaces/FileUploadProps.md +1 -1
package/docs/api/interfaces/FooterProps.md +1 -1
package/docs/api/interfaces/InactivityWarningModalProps.md +1 -1
package/docs/api/interfaces/InputProps.md +1 -1
package/docs/api/interfaces/LabelProps.md +1 -1
package/docs/api/interfaces/LoginFormProps.md +1 -1
package/docs/api/interfaces/NavigationAccessRecord.md +11 -11
package/docs/api/interfaces/NavigationContextType.md +9 -9
package/docs/api/interfaces/NavigationGuardProps.md +1 -1
package/docs/api/interfaces/NavigationItem.md +1 -1
package/docs/api/interfaces/NavigationMenuProps.md +1 -1
package/docs/api/interfaces/NavigationProviderProps.md +7 -7
package/docs/api/interfaces/Organisation.md +1 -1
package/docs/api/interfaces/OrganisationContextType.md +1 -1
package/docs/api/interfaces/OrganisationMembership.md +1 -1
package/docs/api/interfaces/OrganisationProviderProps.md +1 -1
package/docs/api/interfaces/OrganisationSecurityError.md +1 -1
package/docs/api/interfaces/PaceAppLayoutProps.md +1 -1
package/docs/api/interfaces/PaceLoginPageProps.md +16 -3
package/docs/api/interfaces/PageAccessRecord.md +1 -1
package/docs/api/interfaces/PagePermissionContextType.md +1 -1
package/docs/api/interfaces/PagePermissionGuardProps.md +2 -2
package/docs/api/interfaces/PagePermissionProviderProps.md +1 -1
package/docs/api/interfaces/PaletteData.md +1 -1
package/docs/api/interfaces/PermissionEnforcerProps.md +4 -4
package/docs/api/interfaces/PublicErrorBoundaryProps.md +1 -1
package/docs/api/interfaces/PublicErrorBoundaryState.md +1 -1
package/docs/api/interfaces/PublicLoadingSpinnerProps.md +1 -1
package/docs/api/interfaces/PublicPageFooterProps.md +1 -1
package/docs/api/interfaces/PublicPageHeaderProps.md +1 -1
package/docs/api/interfaces/PublicPageLayoutProps.md +1 -1
package/docs/api/interfaces/RBACConfig.md +1 -1
package/docs/api/interfaces/RBACLogger.md +1 -1
package/docs/api/interfaces/RoleBasedRouterContextType.md +1 -1
package/docs/api/interfaces/RoleBasedRouterProps.md +1 -1
package/docs/api/interfaces/RouteAccessRecord.md +2 -2
package/docs/api/interfaces/RouteConfig.md +2 -2
package/docs/api/interfaces/SecureDataContextType.md +1 -1
package/docs/api/interfaces/SecureDataProviderProps.md +1 -1
package/docs/api/interfaces/StorageConfig.md +1 -1
package/docs/api/interfaces/StorageFileInfo.md +1 -1
package/docs/api/interfaces/StorageFileMetadata.md +1 -1
package/docs/api/interfaces/StorageListOptions.md +1 -1
package/docs/api/interfaces/StorageListResult.md +1 -1
package/docs/api/interfaces/StorageUploadOptions.md +1 -1
package/docs/api/interfaces/StorageUploadResult.md +1 -1
package/docs/api/interfaces/StorageUrlOptions.md +1 -1
package/docs/api/interfaces/StyleImport.md +1 -1
package/docs/api/interfaces/SwitchProps.md +1 -1
package/docs/api/interfaces/ToastActionElement.md +1 -1
package/docs/api/interfaces/ToastProps.md +1 -1
package/docs/api/interfaces/UnifiedAuthContextType.md +94 -521
package/docs/api/interfaces/UnifiedAuthProviderProps.md +16 -16
package/docs/api/interfaces/UseInactivityTrackerOptions.md +1 -1
package/docs/api/interfaces/UseInactivityTrackerReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventLogoReturn.md +1 -1
package/docs/api/interfaces/UsePublicEventOptions.md +1 -1
package/docs/api/interfaces/UsePublicEventReturn.md +1 -1
package/docs/api/interfaces/UsePublicRouteParamsReturn.md +1 -1
package/docs/api/interfaces/UseResolvedScopeOptions.md +1 -1
package/docs/api/interfaces/UseResolvedScopeReturn.md +1 -1
package/docs/api/interfaces/UserEventAccess.md +11 -11
package/docs/api/interfaces/UserMenuProps.md +1 -1
package/docs/api/interfaces/UserProfile.md +1 -1
package/docs/api/modules.md +251 -269
package/docs/api-reference/components.md +193 -0
package/docs/api-reference/hooks.md +265 -0
package/docs/api-reference/providers.md +6 -0
package/docs/api-reference/types.md +6 -0
package/docs/api-reference/utilities.md +207 -0
package/docs/architecture/README.md +6 -0
package/docs/{database-schema-requirements.md → architecture/database-schema-requirements.md} +6 -0
package/docs/architecture/rbac-security-architecture.md +258 -0
package/docs/architecture/services.md +9 -1
package/docs/best-practices/README.md +6 -0
package/docs/best-practices/accessibility.md +6 -0
package/docs/{common-patterns.md → best-practices/common-patterns.md} +6 -0
package/docs/best-practices/deployment.md +6 -0
package/docs/best-practices/performance.md +475 -2
package/docs/best-practices/security.md +6 -0
package/docs/best-practices/testing.md +6 -0
package/docs/core-concepts/authentication.md +6 -0
package/docs/core-concepts/events.md +6 -0
package/docs/core-concepts/organisations.md +6 -0
package/docs/core-concepts/permissions.md +6 -0
package/docs/core-concepts/rbac-system.md +8 -0
package/docs/documentation-index.md +121 -182
package/docs/{consuming-app-vite-config.md → getting-started/consuming-app-vite-config.md} +6 -0
package/docs/getting-started/documentation-index.md +40 -0
package/docs/getting-started/examples/README.md +878 -35
package/docs/{faq.md → getting-started/faq.md} +7 -1
package/docs/getting-started/installation-guide.md +6 -0
package/docs/{quick-reference.md → getting-started/quick-reference.md} +6 -0
package/docs/implementation-guides/app-layout.md +6 -0
package/docs/implementation-guides/authentication.md +1021 -0
package/docs/implementation-guides/component-styling.md +6 -0
package/docs/implementation-guides/data-tables.md +1264 -2076
package/docs/implementation-guides/dynamic-colors.md +6 -0
package/docs/implementation-guides/event-theming-summary.md +6 -0
package/docs/{file-reference-system.md → implementation-guides/file-reference-system.md} +6 -0
package/docs/implementation-guides/file-upload-storage.md +6 -0
package/docs/implementation-guides/forms.md +6 -0
package/docs/implementation-guides/inactivity-tracking.md +6 -0
package/docs/implementation-guides/navigation.md +6 -0
package/docs/implementation-guides/organisation-security.md +6 -0
package/docs/implementation-guides/permission-enforcement.md +6 -0
package/docs/implementation-guides/public-pages-advanced.md +6 -0
package/docs/implementation-guides/public-pages.md +6 -0
package/docs/migration/MIGRATION_GUIDE.md +827 -351
package/docs/migration/README.md +7 -1
package/docs/migration/organisation-context-timing-fix.md +6 -0
package/docs/migration/rbac-migration.md +44 -1
package/docs/migration/service-architecture.md +6 -0
package/docs/migration/v0.4.15-tailwind-scanning.md +6 -0
package/docs/migration/v0.4.16-css-first-approach.md +6 -0
package/docs/migration/v0.4.17-source-path-fix.md +6 -0
package/docs/rbac/README-rbac-rls-integration.md +6 -0
package/docs/rbac/README.md +6 -0
package/docs/rbac/advanced-patterns.md +6 -0
package/docs/rbac/api-reference.md +7 -1
package/docs/rbac/breaking-changes-v3.md +222 -0
package/docs/rbac/examples/rbac-rls-integration-example.md +6 -0
package/docs/rbac/examples.md +6 -0
package/docs/rbac/getting-started.md +6 -0
package/docs/rbac/migration-guide.md +260 -0
package/docs/rbac/quick-start.md +70 -13
package/docs/rbac/rbac-rls-integration.md +6 -0
package/docs/rbac/super-admin-guide.md +6 -0
package/docs/rbac/troubleshooting.md +6 -0
package/docs/security/README.md +6 -0
package/docs/security/checklist.md +6 -0
package/docs/styles/README.md +7 -1
package/docs/{usage.md → styles/usage.md} +6 -0
package/docs/testing/README.md +6 -0
package/docs/{visual-testing.md → testing/visual-testing.md} +6 -0
package/docs/troubleshooting/README.md +387 -5
package/docs/troubleshooting/cake-page-permission-guard-issue-summary.md +6 -0
package/docs/troubleshooting/common-issues.md +6 -0
package/docs/troubleshooting/database-view-compatibility.md +6 -0
package/docs/troubleshooting/organisation-context-setup.md +6 -0
package/docs/troubleshooting/react-hooks-issue-analysis.md +6 -0
package/docs/troubleshooting/styling-issues.md +6 -0
package/docs/troubleshooting/tailwind-content-scanning.md +6 -0
package/package.json +1 -1
package/src/__tests__/helpers/__tests__/test-providers.test.tsx +2 -1
package/src/__tests__/helpers/test-providers.tsx +3 -53
package/src/components/DataTable/DataTable.test.tsx +319 -0
package/src/components/DataTable/DataTable.tsx +32 -11
package/src/components/DataTable/__tests__/{DataTable.comprehensive.test.tsx → DataTable.comprehensive.test.tsx.skip} +6 -4
package/src/components/DataTable/__tests__/{DataTable.test.tsx → DataTable.test.tsx.skip} +6 -4
package/src/components/DataTable/__tests__/DataTableCore.test.tsx +31 -9
package/src/components/DataTable/__tests__/a11y.basic.test.tsx +601 -0
package/src/components/DataTable/__tests__/keyboard.test.tsx +615 -0
package/src/components/DataTable/__tests__/pagination.modes.test.tsx +639 -0
package/src/components/DataTable/__tests__/ssr.strict-mode.test.tsx.skip +330 -0
package/src/components/DataTable/components/AccessDeniedPage.tsx +2 -2
package/src/components/DataTable/components/ActionButtons.tsx +88 -104
package/src/components/DataTable/components/DataTableCore.tsx +309 -337
package/src/components/DataTable/components/DataTableErrorBoundary.tsx +4 -2
package/src/components/DataTable/components/DataTableModals.tsx +22 -1
package/src/components/DataTable/components/EditableRow.tsx +69 -84
package/src/components/DataTable/components/EmptyState.tsx +5 -1
package/src/components/DataTable/components/ImportModal.tsx +65 -36
package/src/components/DataTable/components/PaginationControls.tsx +40 -100
package/src/components/DataTable/components/UnifiedTableBody.tsx +125 -148
package/src/components/DataTable/context/DataTableContext.tsx +1 -1
package/src/components/DataTable/core/ColumnFactory.ts +5 -0
package/src/components/DataTable/examples/HierarchicalActionsExample.tsx +12 -10
package/src/components/DataTable/examples/HierarchicalExample.tsx +1 -1
package/src/components/DataTable/examples/InitialPageSizeExample.tsx +1 -0
package/src/components/DataTable/examples/PerformanceExample.tsx +1 -0
package/src/components/DataTable/hooks/__tests__/useColumnOrderPersistence.test.ts +1 -5
package/src/components/DataTable/hooks/__tests__/useColumnVisibilityPersistence.test.ts +167 -0
package/src/components/DataTable/hooks/index.ts +7 -0
package/src/components/DataTable/hooks/useColumnOrderPersistence.ts +32 -15
package/src/components/DataTable/hooks/useColumnVisibilityPersistence.ts +102 -0
package/src/components/DataTable/hooks/useDataTableConfiguration.ts +89 -0
package/src/components/DataTable/hooks/useDataTableDataPipeline.ts +117 -0
package/src/components/DataTable/hooks/useDataTablePermissions.ts +71 -27
package/src/components/DataTable/hooks/useDataTableState.ts +39 -11
package/src/components/DataTable/hooks/useEffectiveColumnOrder.ts +33 -0
package/src/components/DataTable/hooks/useHierarchicalState.ts +15 -1
package/src/components/DataTable/hooks/useKeyboardNavigation.ts +447 -0
package/src/components/DataTable/hooks/useServerSideDataEffect.ts +94 -0
package/src/components/DataTable/hooks/useTableColumns.ts +10 -7
package/src/components/DataTable/hooks/useTableHandlers.ts +174 -0
package/src/components/DataTable/index.ts +12 -3
package/src/components/DataTable/types.ts +129 -9
package/src/components/DataTable/utils/__tests__/exportUtils.test.ts +159 -22
package/src/components/DataTable/utils/__tests__/flexibleImport.test.ts +111 -0
package/src/components/DataTable/utils/__tests__/rowUtils.test.ts +15 -29
package/src/components/DataTable/utils/a11yUtils.ts +244 -0
package/src/components/DataTable/utils/debugTools.ts +609 -0
package/src/components/DataTable/utils/exportUtils.ts +114 -16
package/src/components/DataTable/utils/flexibleImport.ts +202 -32
package/src/components/DataTable/utils/hierarchicalUtils.ts +1 -1
package/src/components/DataTable/utils/index.ts +2 -0
package/src/components/DataTable/utils/paginationUtils.ts +350 -0
package/src/components/DataTable/utils/rowUtils.ts +6 -5
package/src/components/NavigationMenu/NavigationMenu.test.tsx +19 -24
package/src/components/NavigationMenu/NavigationMenu.tsx +19 -8
package/src/components/PaceAppLayout/__tests__/PaceAppLayout.security.test.tsx +1 -23
package/src/components/PaceLoginPage/PaceLoginPage.test.tsx +56 -6
package/src/components/PaceLoginPage/PaceLoginPage.tsx +137 -13
package/src/components/PublicLayout/__tests__/PublicPageHeader.test.tsx +1 -1
package/src/components/Select/Select.tsx +1 -0
package/src/components/examples/PermissionExample.tsx +173 -0
package/src/examples/CorrectPublicPageImplementation.tsx +301 -0
package/src/examples/PublicEventPage.tsx +274 -0
package/src/examples/PublicPageApp.tsx +308 -0
package/src/examples/PublicPageUsageExample.tsx +216 -0
package/src/hooks/__tests__/useOrganisationPermissions.unit.test.tsx +12 -1
package/src/hooks/__tests__/useOrganisationSecurity.unit.test.tsx +129 -17
package/src/hooks/__tests__/useRBAC.unit.test.ts +151 -846
package/src/hooks/useOrganisationPermissions.test.ts +42 -18
package/src/hooks/useOrganisationPermissions.ts +12 -6
package/src/hooks/useOrganisationSecurity.test.ts +138 -85
package/src/hooks/useOrganisationSecurity.ts +41 -10
package/src/index.ts +0 -1
package/src/providers/AuthProvider.simplified.tsx +880 -0
package/src/providers/UnifiedAuthProvider.test.simple.tsx +8 -8
package/src/providers/__tests__/UnifiedAuthProvider.test.tsx +29 -19
package/src/providers/index.ts +0 -1
package/src/providers/services/EventServiceProvider.tsx +19 -15
package/src/providers/services/InactivityServiceProvider.tsx +19 -15
package/src/providers/services/OrganisationServiceProvider.tsx +19 -15
package/src/providers/services/UnifiedAuthProvider.tsx +156 -127
package/src/providers/services/__tests__/AuthServiceProvider.integration.test.tsx +1 -1
package/src/providers/services/__tests__/UnifiedAuthProvider.integration.test.tsx +3 -3
package/src/rbac/README.md +1 -1
package/src/rbac/__tests__/adapters.comprehensive.test.tsx +25 -27
package/src/rbac/__tests__/auth-rbac-security.integration.test.tsx +313 -0
package/src/rbac/__tests__/engine.comprehensive.test.ts +114 -348
package/src/rbac/__tests__/rbac-engine-core-logic.test.ts +28 -110
package/src/rbac/__tests__/rbac-engine-simplified.test.ts +33 -85
package/src/rbac/__tests__/scenarios.user-role.test.tsx +2 -2
package/src/rbac/adapters.tsx +26 -69
package/src/rbac/api.test.ts +90 -27
package/src/rbac/api.ts +61 -10
package/src/rbac/audit.test.ts +33 -38
package/src/rbac/audit.ts +21 -6
package/src/rbac/cache.ts +33 -1
package/src/rbac/components/NavigationGuard.tsx +11 -11
package/src/rbac/components/NavigationProvider.test.tsx +11 -5
package/src/rbac/components/NavigationProvider.tsx +37 -13
package/src/rbac/components/PagePermissionGuard.tsx +111 -50
package/src/rbac/components/PagePermissionProvider.tsx +5 -5
package/src/rbac/components/PermissionEnforcer.tsx +11 -11
package/src/rbac/components/RoleBasedRouter.tsx +5 -5
package/src/rbac/components/SecureDataProvider.tsx +5 -5
package/src/rbac/components/__tests__/NavigationGuard.test.tsx +8 -8
package/src/rbac/components/__tests__/PagePermissionGuard.test.tsx +14 -14
package/src/rbac/components/__tests__/PermissionEnforcer.test.tsx +12 -12
package/src/rbac/components/__tests__/RoleBasedRouter.test.tsx +6 -6
package/src/rbac/engine.test.simple.ts +19 -13
package/src/rbac/engine.test.ts +1 -0
package/src/rbac/engine.ts +330 -766
package/src/rbac/errors.ts +156 -0
package/src/rbac/hooks/usePermissions.ts +32 -10
package/src/rbac/hooks/useRBAC.test.ts +126 -512
package/src/rbac/hooks/useRBAC.ts +147 -193
package/src/rbac/hooks/useResolvedScope.ts +12 -0
package/src/rbac/index.ts +7 -4
package/src/rbac/security.ts +109 -18
package/src/rbac/types.ts +12 -1
package/src/services/AuthService.ts +2 -15
package/src/services/EventService.ts +43 -46
package/src/services/OrganisationService.ts +51 -31
package/src/services/__tests__/AuthService.test.ts +1 -1
package/src/services/__tests__/EventService.test.ts +1 -1
package/src/services/__tests__/OrganisationService.test.ts +1 -1
package/src/services/base/BaseService.ts +8 -0
package/src/styles/base.css +208 -0
package/src/styles/semantic.css +24 -0
package/src/types/database.generated.ts +7347 -0
package/src/types/database.ts +20 -0
package/src/utils/logger.ts +179 -0
package/src/utils/organisationContext.ts +11 -4
package/src/utils/storage/__tests__/helpers.unit.test.ts +6 -2
package/dist/appNameResolver-UURKN7NF.js +0 -22
package/dist/audit-6TOCAMKO.js.map +0 -1
package/dist/chunk-B2WTCLCV.js.map +0 -1
package/dist/chunk-FGMFQSHX.js.map +0 -1
package/dist/chunk-K34IM5CT.js.map +0 -1
package/dist/chunk-KHJS6VIA.js.map +0 -1
package/dist/chunk-KK73ZB4E.js.map +0 -1
package/dist/chunk-M5IWZRBT.js.map +0 -1
package/dist/chunk-ULBI5JGB.js +0 -109
package/dist/chunk-ULBI5JGB.js.map +0 -1
package/dist/chunk-WN6XJWOS.js.map +0 -1
package/dist/chunk-XLZ7U46Z.js.map +0 -1
package/dist/chunk-Y6TXWPJO.js.map +0 -1
package/docs/DOCUMENTATION_CHECKLIST.md +0 -281
package/docs/TERMINOLOGY.md +0 -231
package/docs/api/interfaces/RBACContextType.md +0 -468
package/docs/api/interfaces/RBACProviderProps.md +0 -107
package/docs/best-practices/performance-expansion.md +0 -473
package/docs/breaking-changes.md +0 -179
package/docs/consuming-app-example.md +0 -290
package/docs/documentation-templates.md +0 -539
package/docs/examples/navigation-menu-auth-fix.md +0 -344
package/docs/getting-started/examples/basic-auth-app.md +0 -520
package/docs/getting-started/examples/full-featured-app.md +0 -616
package/docs/getting-started/quick-start.md +0 -376
package/docs/implementation-guides/datatable-filtering.md +0 -313
package/docs/implementation-guides/datatable-rbac-usage.md +0 -317
package/docs/implementation-guides/hierarchical-datatable.md +0 -850
package/docs/implementation-guides/large-datasets.md +0 -281
package/docs/implementation-guides/performance.md +0 -403
package/docs/migration/quick-migration-guide.md +0 -320
package/docs/migration-guide.md +0 -193
package/docs/migration-guides/unified-auth-provider-mandatory-timeouts.md +0 -226
package/docs/performance/README.md +0 -551
package/docs/style-guide.md +0 -964
package/docs/troubleshooting/authentication-issues.md +0 -334
package/docs/troubleshooting/debugging.md +0 -1117
package/docs/troubleshooting/migration.md +0 -918
package/src/__tests__/hooks/usePermissions.test.ts +0 -261
package/src/components/PaceAppLayout/__tests__/PaceAppLayout.rbac.test.tsx +0 -574
package/src/hooks/__tests__/ServiceHooks.test.tsx +0 -613
package/src/hooks/services/__tests__/useServiceHooks.test.tsx +0 -137
package/src/hooks/services/usePermissions.ts +0 -70
package/src/hooks/services/useRBACService.ts +0 -30
package/src/hooks/usePermissionCheck.ts +0 -150
package/src/providers/__tests__/ServiceProviders.test.tsx +0 -477
package/src/providers/services/RBACServiceProvider.tsx +0 -79
package/src/rbac/__tests__/integration.authflow.test.tsx +0 -119
package/src/rbac/__tests__/integration.navigation.test.tsx +0 -69
package/src/rbac/__tests__/integration.securedata.test.tsx +0 -92
package/src/rbac/__tests__/integration.smoke.test.tsx +0 -73
package/src/rbac/providers/RBACProvider.tsx +0 -645
package/src/rbac/providers/__tests__/RBACProvider.integration.test.tsx +0 -688
package/src/rbac/providers/__tests__/RBACProvider.test.tsx +0 -1186
package/src/rbac/providers/index.ts +0 -11
package/src/services/RBACService.ts +0 -522
package/src/services/__tests__/RBACService.test.ts +0 -492
package/src/services/interfaces/IRBACService.ts +0 -62
package/src/utils/appNameResolver.test 2.ts +0 -494
/package/dist/{DataTable-4GAVPIEG.js.map → DataTable-ETGVF4Y5.js.map} +0 -0
/package/dist/{UnifiedAuthProvider-3NKDOSOK.js.map → UnifiedAuthProvider-P5SOJAQ6.js.map} +0 -0
/package/dist/{api-DDMUKIUD.js.map → api-KG4A2X7P.js.map} +0 -0
/package/dist/{appNameResolver-UURKN7NF.js.map → audit-65VNHEV2.js.map} +0 -0
/package/dist/{chunk-NTNILOBC.js.map → chunk-5BO3MI5Y.js.map} +0 -0
/package/dist/{chunk-URUTVZ7N.js.map → chunk-FL4ZCQLD.js.map} +0 -0
/package/dist/{chunk-LW7MMEAQ.js.map → chunk-FT2M4R4F.js.map} +0 -0
/package/dist/{chunk-AFGTSUAD.js.map → chunk-VSOKOFRF.js.map} +0 -0
/package/docs/{app.css.example → styles/app.css.example} +0 -0

package/src/rbac/hooks/useRBAC.test.ts CHANGED Viewed

@@ -1,573 +1,187 @@
-/**
- * @file useRBAC Hook Tests
- * @package @jmruthers/pace-core
- * @module Hooks/useRBAC
- * @since 0.3.0
- *
- * Comprehensive tests for the useRBAC hook covering all critical functionality.
- */
 import { renderHook, waitFor } from '@testing-library/react';
-import { vi, describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { describe, it, expect, beforeEach, vi } from 'vitest';
 import { useRBAC } from './useRBAC';
-// Mock the providers and dependencies
 vi.mock('../../providers/UnifiedAuthProvider', () => ({
-  useUnifiedAuth: vi.fn()
+  useUnifiedAuth: vi.fn(),
 }));
 vi.mock('../../providers/services/UnifiedAuthProvider', () => ({
-  useUnifiedAuth: vi.fn()
+  useUnifiedAuth: vi.fn(),
 }));
 vi.mock('../../hooks/useOrganisations', () => ({
-  useOrganisations: vi.fn()
+  useOrganisations: vi.fn(),
 }));
 vi.mock('../../hooks/useEvents', () => ({
-  useEvents: vi.fn()
+  useEvents: vi.fn(),
 }));
-// Mock Supabase client
-const mockSupabaseClient = {
-  rpc: vi.fn()
-};
+vi.mock('../api', () => ({
+  getPermissionMap: vi.fn(),
+  getAccessLevel: vi.fn(),
+  isPermittedCached: vi.fn(),
+  resolveAppContext: vi.fn(),
+  getRoleContext: vi.fn(),
+}));
-// Get the mocked functions
 import { useUnifiedAuth } from '../../providers';
 import { useOrganisations } from '../../hooks/useOrganisations';
 import { useEvents } from '../../hooks/useEvents';
+import {
+  getPermissionMap,
+  getAccessLevel,
+  isPermittedCached,
+  resolveAppContext,
+  getRoleContext,
+} from '../api';
 const mockUseUnifiedAuth = vi.mocked(useUnifiedAuth);
 const mockUseOrganisations = vi.mocked(useOrganisations);
 const mockUseEvents = vi.mocked(useEvents);
+const mockGetPermissionMap = vi.mocked(getPermissionMap);
+const mockGetAccessLevel = vi.mocked(getAccessLevel);
+const mockIsPermittedCached = vi.mocked(isPermittedCached);
+const mockResolveAppContext = vi.mocked(resolveAppContext);
+const mockGetRoleContext = vi.mocked(getRoleContext);
-describe('useRBAC Hook', () => {
-  const mockUser = {
-    id: 'user-123',
-    email: 'test@example.com'
-  };
-  const mockSession = {
-    access_token: 'mock-token'
-  };
-  const mockOrganisation = {
-    id: 'org-123',
-    name: 'Test Organisation'
-  };
-  const mockEvent = {
-    id: 'event-123',
-    name: 'Test Event'
-  };
+describe('useRBAC', () => {
   beforeEach(() => {
     vi.clearAllMocks();
-    // Setup default mocks
     mockUseUnifiedAuth.mockReturnValue({
       user: null,
       session: null,
-      supabase: mockSupabaseClient,
-      appName: 'test-app'
+      appName: 'test-app',
     });
-    mockUseOrganisations.mockReturnValue({
-      selectedOrganisation: null
-    });
-    mockUseEvents.mockReturnValue({
-      selectedEvent: null
+    mockUseOrganisations.mockReturnValue({ selectedOrganisation: null });
+    mockUseEvents.mockReturnValue({ selectedEvent: null });
+    mockGetPermissionMap.mockResolvedValue({});
+    mockGetAccessLevel.mockResolvedValue('viewer');
+    mockResolveAppContext.mockResolvedValue({ appId: 'app-123' as any, hasAccess: true });
+    mockGetRoleContext.mockResolvedValue({
+      globalRole: null,
+      organisationRole: null,
+      eventAppRole: null,
     });
+    mockIsPermittedCached.mockResolvedValue(false);
   });
-    describe('Initialization', () => {
-    it('initializes with loading state when no user', () => {
-      const { result } = renderHook(() => useRBAC());
-      expect(result.current.isLoading).toBe(false);
-      expect(result.current.user).toBeNull();
-      expect(result.current.globalRole).toBeNull();
-      expect(result.current.organisationRole).toBeNull();
-      expect(result.current.eventAppRole).toBeNull();
-      expect(result.current.error).toBeNull();
-    });
+  it('returns base state when unauthenticated', () => {
+    const { result } = renderHook(() => useRBAC());
-    it('initializes with authenticated state', async () => {
-      mockUseUnifiedAuth.mockReturnValue({
-        user: mockUser,
-        session: mockSession,
-        supabase: mockSupabaseClient,
-        appName: 'test-app'
-      });
-      mockUseOrganisations.mockReturnValue({
-        selectedOrganisation: mockOrganisation
-      });
-      mockUseEvents.mockReturnValue({
-        selectedEvent: mockEvent
-      });
-      // Mock successful RPC calls
-      mockSupabaseClient.rpc.mockImplementation((functionName: string) => {
-        if (functionName === 'util_app_resolve') {
-          return Promise.resolve({
-            data: [{ app_id: 'test-app-id', has_access: true }],
-            error: null
-          });
-        }
-        if (functionName === 'rbac_permissions_get') {
-          return Promise.resolve({
-            data: [{ permission_type: 'all_permissions', role_name: 'super_admin' }],
-            error: null
-          });
-        }
-        return Promise.resolve({ data: null, error: null });
-      });
-      const { result } = renderHook(() => useRBAC());
-      expect(result.current.user).toEqual(mockUser);
-      await waitFor(() => {
-        expect(result.current.isLoading).toBe(false);
-      });
-    });
+    expect(result.current.user).toBeNull();
+    expect(result.current.globalRole).toBeNull();
+    expect(result.current.isLoading).toBe(false);
   });
-  describe('Role Detection', () => {
-    it('detects super admin role from RPC response', async () => {
-      mockUseUnifiedAuth.mockReturnValue({
-        user: mockUser,
-        session: mockSession,
-        supabase: mockSupabaseClient,
-        appName: 'test-app'
-      });
-      mockUseOrganisations.mockReturnValue({
-        selectedOrganisation: mockOrganisation
-      });
-      // Mock super admin RPC response
-      mockSupabaseClient.rpc.mockImplementation((functionName: string) => {
-        if (functionName === 'util_app_resolve') {
-          return Promise.resolve({
-            data: [{ app_id: 'test-app-id', has_access: true }],
-            error: null
-          });
-        }
-        if (functionName === 'rbac_permissions_get') {
-          return Promise.resolve({
-            data: [{ permission_type: 'all_permissions', role_name: 'super_admin' }],
-            error: null
-          });
-        }
-        return Promise.resolve({ data: null, error: null });
-      });
-      const { result } = renderHook(() => useRBAC());
-      await waitFor(() => {
-        expect(result.current.globalRole).toBe('super_admin');
-        expect(result.current.isSuperAdmin).toBe(true);
-      });
+  it('loads permissions through RBAC engine', async () => {
+    mockUseUnifiedAuth.mockReturnValue({
+      user: { id: 'user-1' },
+      session: { access_token: 'token' },
+      appName: 'test-app',
     });
+    mockUseOrganisations.mockReturnValue({ selectedOrganisation: { id: 'org-1' } });
-    it('detects organisation admin role', async () => {
-      mockUseUnifiedAuth.mockReturnValue({
-        user: mockUser,
-        session: mockSession,
-        supabase: mockSupabaseClient,
-        appName: 'test-app'
-      });
-      mockUseOrganisations.mockReturnValue({
-        selectedOrganisation: mockOrganisation
-      });
-      // Mock org admin RPC response
-      mockSupabaseClient.rpc.mockImplementation((functionName: string) => {
-        if (functionName === 'util_app_resolve') {
-          return Promise.resolve({
-            data: [{ app_id: 'test-app-id', has_access: true }],
-            error: null
-          });
-        }
-        if (functionName === 'rbac_permissions_get') {
-          return Promise.resolve({
-            data: [{ permission_type: 'organisation_access', role_name: 'org_admin' }],
-            error: null
-          });
-        }
-        return Promise.resolve({ data: null, error: null });
-      });
-      const { result } = renderHook(() => useRBAC());
-      await waitFor(() => {
-        expect(result.current.organisationRole).toBe('org_admin');
-        expect(result.current.isOrgAdmin).toBe(true);
-      });
+    mockGetPermissionMap.mockResolvedValue({ 'read:dashboard': true });
+    mockGetRoleContext.mockResolvedValue({
+      globalRole: null,
+      organisationRole: null,
+      eventAppRole: null,
     });
-    it('detects event admin role', async () => {
-      mockUseUnifiedAuth.mockReturnValue({
-        user: mockUser,
-        session: mockSession,
-        supabase: mockSupabaseClient,
-        appName: 'test-app'
-      });
-      mockUseOrganisations.mockReturnValue({
-        selectedOrganisation: mockOrganisation
-      });
-      mockUseEvents.mockReturnValue({
-        selectedEvent: mockEvent
-      });
-      // Mock event admin RPC response
-      mockSupabaseClient.rpc.mockImplementation((functionName: string) => {
-        if (functionName === 'util_app_resolve') {
-          return Promise.resolve({
-            data: [{ app_id: 'test-app-id', has_access: true }],
-            error: null
-          });
-        }
-        if (functionName === 'rbac_permissions_get') {
-          return Promise.resolve({
-            data: [{ permission_type: 'event_app_access', role_name: 'event_admin' }],
-            error: null
-          });
-        }
-        return Promise.resolve({ data: null, error: null });
-      });
-      const { result } = renderHook(() => useRBAC());
-      await waitFor(() => {
-        expect(result.current.eventAppRole).toBe('event_admin');
-        expect(result.current.isEventAdmin).toBe(true);
-      });
-    });
+    const { result } = renderHook(() => useRBAC('dashboard'));
-    it('handles role hierarchy correctly', async () => {
-      mockUseUnifiedAuth.mockReturnValue({
-        user: mockUser,
-        session: mockSession,
-        supabase: mockSupabaseClient,
-        appName: 'test-app'
-      });
-      mockUseOrganisations.mockReturnValue({
-        selectedOrganisation: mockOrganisation
-      });
-      mockUseEvents.mockReturnValue({
-        selectedEvent: mockEvent
-      });
-      // Mock super admin with all roles
-      mockSupabaseClient.rpc.mockImplementation((functionName: string) => {
-        if (functionName === 'util_app_resolve') {
-          return Promise.resolve({
-            data: [{ app_id: 'test-app-id', has_access: true }],
-            error: null
-          });
-        }
-        if (functionName === 'rbac_permissions_get') {
-          return Promise.resolve({
-            data: [
-              { permission_type: 'all_permissions', role_name: 'super_admin' },
-              { permission_type: 'organisation_access', role_name: 'org_admin' },
-              { permission_type: 'event_app_access', role_name: 'event_admin' }
-            ],
-            error: null
-          });
-        }
-        return Promise.resolve({ data: null, error: null });
-      });
-      const { result } = renderHook(() => useRBAC());
-      await waitFor(() => {
-        expect(result.current.globalRole).toBe('super_admin');
-        expect(result.current.organisationRole).toBe('org_admin');
-        expect(result.current.eventAppRole).toBe('event_admin');
-        expect(result.current.isSuperAdmin).toBe(true);
-        expect(result.current.isOrgAdmin).toBe(true);
-        expect(result.current.isEventAdmin).toBe(true);
-      });
+    await waitFor(() => {
+      expect(result.current.isLoading).toBe(false);
+      expect(result.current.hasPermission).toBeTypeOf('function');
     });
+    expect(mockResolveAppContext).toHaveBeenCalledWith({ userId: 'user-1', appName: 'test-app' });
+    expect(mockGetPermissionMap).toHaveBeenCalledWith(
+      expect.objectContaining({
+        userId: 'user-1',
+        scope: expect.objectContaining({ organisationId: 'org-1' }),
+      }),
+    );
   });
-  describe('Permission Checking', () => {
-    it('hasPermission returns true for super admin', async () => {
-      mockUseUnifiedAuth.mockReturnValue({
-        user: mockUser,
-        session: mockSession,
-        supabase: mockSupabaseClient,
-        appName: 'test-app'
-      });
-      mockUseOrganisations.mockReturnValue({
-        selectedOrganisation: mockOrganisation
-      });
-      // Mock super admin RPC response
-      mockSupabaseClient.rpc.mockImplementation((functionName: string) => {
-        if (functionName === 'util_app_resolve') {
-          return Promise.resolve({
-            data: [{ app_id: 'test-app-id', has_access: true }],
-            error: null
-          });
-        }
-        if (functionName === 'rbac_permissions_get') {
-          return Promise.resolve({
-            data: [{ permission_type: 'all_permissions', role_name: 'super_admin' }],
-            error: null
-          });
-        }
-        return Promise.resolve({ data: null, error: null });
-      });
-      const { result } = renderHook(() => useRBAC());
-      await waitFor(() => {
-        expect(result.current.isSuperAdmin).toBe(true);
-      });
-      // Test hasPermission function
-      const canRead = await result.current.hasPermission('read', 'users');
-      expect(canRead).toBe(true);
+  it('uses cached permission map before hitting engine', async () => {
+    mockUseUnifiedAuth.mockReturnValue({
+      user: { id: 'user-1' },
+      session: { access_token: 'token' },
+      appName: 'test-app',
     });
+    mockUseOrganisations.mockReturnValue({ selectedOrganisation: { id: 'org-1' } });
+    mockGetPermissionMap.mockResolvedValue({ 'read:dashboard': true });
-    it('hasPermission checks database for regular users', async () => {
-      mockUseUnifiedAuth.mockReturnValue({
-        user: mockUser,
-        session: mockSession,
-        supabase: mockSupabaseClient,
-        appName: 'test-app'
-      });
-      mockUseOrganisations.mockReturnValue({
-        selectedOrganisation: mockOrganisation
-      });
-      // Mock regular user RPC response
-      mockSupabaseClient.rpc.mockImplementation((functionName: string) => {
-        if (functionName === 'util_app_resolve') {
-          return Promise.resolve({
-            data: [{ app_id: 'test-app-id', has_access: true }],
-            error: null
-          });
-        }
-        if (functionName === 'rbac_permissions_get') {
-          return Promise.resolve({
-            data: [{ permission_type: 'organisation_access', role_name: 'member' }],
-            error: null
-          });
-        }
-        return Promise.resolve({ data: null, error: null });
-      });
-      const { result } = renderHook(() => useRBAC());
-      await waitFor(() => {
-        expect(result.current.organisationRole).toBe('member');
-      });
-      // Test hasPermission function
-      const canDelete = await result.current.hasPermission('delete', 'users');
-      expect(canDelete).toBe(false);
-    });
+    const { result } = renderHook(() => useRBAC('dashboard'));
-    it('hasGlobalPermission works correctly', async () => {
-      mockUseUnifiedAuth.mockReturnValue({
-        user: mockUser,
-        session: mockSession,
-        supabase: mockSupabaseClient,
-        appName: 'test-app'
-      });
-      mockUseOrganisations.mockReturnValue({
-        selectedOrganisation: mockOrganisation
-      });
-      // Mock super admin RPC response
-      mockSupabaseClient.rpc.mockImplementation((functionName: string) => {
-        if (functionName === 'util_app_resolve') {
-          return Promise.resolve({
-            data: [{ app_id: 'test-app-id', has_access: true }],
-            error: null
-          });
-        }
-        if (functionName === 'rbac_permissions_get') {
-          return Promise.resolve({
-            data: [{ permission_type: 'all_permissions', role_name: 'super_admin' }],
-            error: null
-          });
-        }
-        return Promise.resolve({ data: null, error: null });
-      });
-      const { result } = renderHook(() => useRBAC());
-      await waitFor(() => {
-        expect(result.current.globalRole).toBe('super_admin');
-      });
-      // Test hasGlobalPermission function
-      expect(result.current.hasGlobalPermission('super_admin')).toBe(true);
-      expect(result.current.hasGlobalPermission('org_admin')).toBe(true);
-      expect(result.current.hasGlobalPermission('invalid_permission')).toBe(true); // Super admin has all permissions
-    });
+    await waitFor(() => expect(result.current.isLoading).toBe(false));
+    mockIsPermittedCached.mockClear();
+    const allowed = await result.current.hasPermission('read', 'dashboard');
+    expect(allowed).toBe(true);
+    expect(mockIsPermittedCached).not.toHaveBeenCalled();
   });
-  describe('Error Handling', () => {
-    it('handles RPC errors gracefully', async () => {
-      mockUseUnifiedAuth.mockReturnValue({
-        user: mockUser,
-        session: mockSession,
-        supabase: mockSupabaseClient,
-        appName: 'test-app'
-      });
+  it('falls back to engine when permission not cached', async () => {
+    mockUseUnifiedAuth.mockReturnValue({
+      user: { id: 'user-1' },
+      session: { access_token: 'token' },
+      appName: 'test-app',
+    });
+    mockUseOrganisations.mockReturnValue({ selectedOrganisation: { id: 'org-1' } });
+    mockGetPermissionMap.mockResolvedValue({});
+    mockIsPermittedCached.mockResolvedValue(true);
-      mockUseOrganisations.mockReturnValue({
-        selectedOrganisation: mockOrganisation
-      });
+    const { result } = renderHook(() => useRBAC('dashboard'));
-      // Mock RPC error
-      mockSupabaseClient.rpc.mockRejectedValue(new Error('RPC Error'));
+    await waitFor(() => expect(result.current.isLoading).toBe(false));
-      const { result } = renderHook(() => useRBAC());
+    const allowed = await result.current.hasPermission('read', 'dashboard');
-      await waitFor(() => {
-        expect(result.current.error).toBeDefined();
-        expect(result.current.isLoading).toBe(false);
-      });
-    });
+    expect(allowed).toBe(true);
+    expect(mockIsPermittedCached).toHaveBeenCalled();
+  });
-    it('handles missing EventProvider gracefully', async () => {
-      mockUseUnifiedAuth.mockReturnValue({
-        user: mockUser,
-        session: mockSession,
-        supabase: mockSupabaseClient,
-        appName: 'test-app'
-      });
-      mockUseOrganisations.mockReturnValue({
-        selectedOrganisation: mockOrganisation
-      });
-      // Mock EventProvider throwing error
-      mockUseEvents.mockImplementation(() => {
-        throw new Error('EventProvider not available');
-      });
-      // Mock successful RPC calls
-      mockSupabaseClient.rpc.mockImplementation((functionName: string) => {
-        if (functionName === 'util_app_resolve') {
-          return Promise.resolve({
-            data: [{ app_id: 'test-app-id', has_access: true }],
-            error: null
-          });
-        }
-        if (functionName === 'rbac_permissions_get') {
-          return Promise.resolve({
-            data: [{ permission_type: 'all_permissions', role_name: 'super_admin' }],
-            error: null
-          });
-        }
-        return Promise.resolve({ data: null, error: null });
-      });
-      const { result } = renderHook(() => useRBAC());
-      // Should not throw error and continue without event context
-      expect(result.current.user).toEqual(mockUser);
-      await waitFor(() => {
-        expect(result.current.isLoading).toBe(false);
-      });
+  it('handles denied app resolution securely', async () => {
+    mockUseUnifiedAuth.mockReturnValue({
+      user: { id: 'user-1' },
+      session: { access_token: 'token' },
+      appName: 'test-app',
     });
+    mockResolveAppContext.mockResolvedValue(null);
+    const { result } = renderHook(() => useRBAC());
+    await waitFor(() => expect(result.current.isLoading).toBe(false));
+    expect(result.current.error).toBeInstanceOf(Error);
+    expect(result.current.globalRole).toBeNull();
   });
-  describe('Hook Properties', () => {
-    it('has all required properties', () => {
-      const { result } = renderHook(() => useRBAC());
-      expect(result.current).toHaveProperty('user');
-      expect(result.current).toHaveProperty('globalRole');
-      expect(result.current).toHaveProperty('organisationRole');
-      expect(result.current).toHaveProperty('eventAppRole');
-      expect(result.current).toHaveProperty('hasPermission');
-      expect(result.current).toHaveProperty('hasGlobalPermission');
-      expect(result.current).toHaveProperty('isSuperAdmin');
-      expect(result.current).toHaveProperty('isOrgAdmin');
-      expect(result.current).toHaveProperty('isEventAdmin');
-      expect(result.current).toHaveProperty('canManageOrganisation');
-      expect(result.current).toHaveProperty('canManageEvent');
-      expect(result.current).toHaveProperty('isLoading');
-      expect(result.current).toHaveProperty('error');
+  it('treats super admin role as having all permissions', async () => {
+    mockUseUnifiedAuth.mockReturnValue({
+      user: { id: 'user-1' },
+      session: { access_token: 'token' },
+      appName: 'test-app',
     });
-    it('hasPermission is a function', () => {
-      const { result } = renderHook(() => useRBAC());
-      expect(typeof result.current.hasPermission).toBe('function');
-      expect(typeof result.current.hasGlobalPermission).toBe('function');
+    mockGetRoleContext.mockResolvedValue({
+      globalRole: 'super_admin',
+      organisationRole: null,
+      eventAppRole: null,
     });
-    it('computed properties work correctly', async () => {
-      mockUseUnifiedAuth.mockReturnValue({
-        user: mockUser,
-        session: mockSession,
-        supabase: mockSupabaseClient,
-        appName: 'test-app'
-      });
-      mockUseOrganisations.mockReturnValue({
-        selectedOrganisation: mockOrganisation
-      });
-      // Mock super admin RPC response
-      mockSupabaseClient.rpc.mockImplementation((functionName: string) => {
-        if (functionName === 'util_app_resolve') {
-          return Promise.resolve({
-            data: [{ app_id: 'test-app-id', has_access: true }],
-            error: null
-          });
-        }
-        if (functionName === 'rbac_permissions_get') {
-          return Promise.resolve({
-            data: [
-              { permission_type: 'all_permissions', role_name: 'super_admin' },
-              { permission_type: 'organisation_access', role_name: 'org_admin' },
-              { permission_type: 'event_app_access', role_name: 'event_admin' }
-            ],
-            error: null
-          });
-        }
-        return Promise.resolve({ data: null, error: null });
-      });
-      const { result } = renderHook(() => useRBAC());
-      await waitFor(() => {
-        expect(result.current.globalRole).toBe('super_admin');
-        expect(result.current.organisationRole).toBe('org_admin');
-        expect(result.current.eventAppRole).toBe('event_admin');
-      });
-      // Test computed properties
-      expect(result.current.isSuperAdmin).toBe(true);
-      expect(result.current.isOrgAdmin).toBe(true);
-      expect(result.current.isEventAdmin).toBe(true);
-      expect(result.current.canManageOrganisation).toBe(true);
-      expect(result.current.canManageEvent).toBe(true);
-    });
+    const { result } = renderHook(() => useRBAC());
+    await waitFor(() => expect(result.current.isLoading).toBe(false));
+    expect(result.current.isSuperAdmin).toBe(true);
+    expect(result.current.hasGlobalPermission('any')).toBe(true);
   });
-});
+});