npm - @jmruthers/pace-core - Versions diffs - 0.6.4 → 0.6.6 - Mend

@jmruthers/pace-core 0.6.4 → 0.6.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (387) hide show

package/CHANGELOG.md +104 -0
package/README.md +5 -403
package/core-usage-manifest.json +93 -0
package/cursor-rules/00-pace-core-compliance.mdc +128 -26
package/cursor-rules/01-standards-compliance.mdc +49 -8
package/cursor-rules/02-project-structure.mdc +6 -0
package/cursor-rules/03-solid-principles.mdc +2 -0
package/cursor-rules/04-testing-standards.mdc +2 -0
package/cursor-rules/05-bug-reports-and-features.mdc +2 -0
package/cursor-rules/06-code-quality.mdc +2 -0
package/cursor-rules/07-tech-stack-compliance.mdc +2 -0
package/cursor-rules/08-markup-quality.mdc +52 -27
package/cursor-rules/09-rbac-compliance.mdc +462 -0
package/cursor-rules/10-error-handling-patterns.mdc +179 -0
package/cursor-rules/11-performance-optimization.mdc +169 -0
package/cursor-rules/12-ci-cd-integration.mdc +150 -0
package/dist/{AuthService-Cb34EQs3.d.ts → AuthService-DmfO5rGS.d.ts} +10 -0
package/dist/{DataTable-BMRU8a1j.d.ts → DataTable-2N_tqbfq.d.ts} +1 -1
package/dist/DataTable-LRJL4IRV.js +15 -0
package/dist/{PublicPageProvider-DEMpysFR.d.ts → PublicPageProvider-BBH6Vqg7.d.ts} +72 -139
package/dist/UnifiedAuthProvider-ZT6TIGM7.js +7 -0
package/dist/api-Y4MQWOFW.js +4 -0
package/dist/audit-MYQXYZFU.js +3 -0
package/dist/{chunk-J36DSWQK.js → chunk-2HGJFNAH.js} +8 -28
package/dist/{chunk-OEWDTMG7.js → chunk-3O3WHILE.js} +38 -121
package/dist/{chunk-M43Y4SSO.js → chunk-3QC3KRHK.js} +1 -14
package/dist/{chunk-DGUM43GV.js → chunk-3RG5ZIWI.js} +1 -4
package/dist/{chunk-QXHPKYJV.js → chunk-4SXLQIZO.js} +1 -26
package/dist/chunk-4T7OBVTU.js +62 -0
package/dist/{chunk-E66EQZE6.js → chunk-6GLLNA6U.js} +3 -9
package/dist/{chunk-ZSAAAMVR.js → chunk-6QYDGKQY.js} +1 -4
package/dist/{chunk-NN6WWZ5U.js → chunk-7TYHROIV.js} +579 -563
package/dist/{chunk-M7MPQISP.js → chunk-A55DK444.js} +9 -16
package/dist/{chunk-63FOKYGO.js → chunk-AHU7G2R5.js} +2 -11
package/dist/{chunk-L4OXEN46.js → chunk-BVP2BCJF.js} +2 -16
package/dist/chunk-C7NSAPTL.js +1 -0
package/dist/{chunk-YKRAFF5K.js → chunk-FENMYN2U.js} +73 -149
package/dist/{chunk-AVMLPIM7.js → chunk-FTCRZOG2.js} +284 -432
package/dist/{chunk-G37KK66H.js → chunk-FYHN4DD5.js} +60 -19
package/dist/{chunk-VBXEHIUJ.js → chunk-HF6O3O37.js} +6 -88
package/dist/{chunk-I6DAQMWX.js → chunk-LAZMKTTF.js} +930 -891
package/dist/{chunk-5EC5MEWX.js → chunk-MAGBIDNS.js} +77 -222
package/dist/chunk-MBADTM7L.js +64 -0
package/dist/chunk-OHIK3MIO.js +994 -0
package/dist/{chunk-6SOIHG6Z.js → chunk-S7DKJPLT.js} +115 -44
package/dist/{chunk-FMUCXFII.js → chunk-SD6WQY43.js} +1 -5
package/dist/{chunk-PWLANIRT.js → chunk-TTRFSOKR.js} +1 -7
package/dist/{chunk-5DRSZLL2.js → chunk-UH3NTO3F.js} +1 -6
package/dist/{chunk-FFQEQTNW.js → chunk-UIYSCEV7.js} +134 -45
package/dist/{chunk-3LPHPB62.js → chunk-ZFYPMX46.js} +271 -87
package/dist/{chunk-7JPAB3T5.js → chunk-ZS5VO5JB.js} +1989 -1283
package/dist/components.d.ts +6 -6
package/dist/components.js +57 -267
package/dist/{database.generated-CzIvgcPu.d.ts → database.generated-CcnC_DRc.d.ts} +4795 -3691
package/dist/eslint-rules/index.cjs +22 -0
package/dist/eslint-rules/rules/compliance.cjs +348 -0
package/dist/eslint-rules/rules/components.cjs +113 -0
package/dist/eslint-rules/rules/imports.cjs +102 -0
package/dist/eslint-rules/rules/rbac.cjs +790 -0
package/dist/eslint-rules/utils/helpers.cjs +42 -0
package/dist/eslint-rules/utils/manifest-loader.cjs +75 -0
package/dist/hooks.d.ts +5 -5
package/dist/hooks.js +62 -270
package/dist/icons/index.d.ts +1 -0
package/dist/icons/index.js +1 -0
package/dist/index.d.ts +36 -26
package/dist/index.js +87 -690
package/dist/providers.d.ts +2 -2
package/dist/providers.js +8 -35
package/dist/rbac/eslint-rules.d.ts +46 -44
package/dist/rbac/eslint-rules.js +7 -4
package/dist/rbac/index.d.ts +124 -594
package/dist/rbac/index.js +14 -207
package/dist/styles/index.js +2 -12
package/dist/theming/runtime.js +3 -19
package/dist/{timezone-CHhWg6b4.d.ts → timezone-BZe_eUxx.d.ts} +175 -1
package/dist/{types-CkbwOr4Y.d.ts → types-B-K_5VnO.d.ts} +4 -0
package/dist/types-t9H8qKRw.d.ts +55 -0
package/dist/types.d.ts +1 -1
package/dist/types.js +7 -94
package/dist/{usePublicRouteParams-i3qtoBgg.d.ts → usePublicRouteParams-COZ28Mvq.d.ts} +9 -9
package/dist/utils.d.ts +24 -117
package/dist/utils.js +54 -392
package/docs/README.md +16 -6
package/docs/api/README.md +4 -402
package/docs/api/modules.md +454 -930
package/docs/api-reference/components.md +3 -1
package/docs/api-reference/deprecated.md +31 -6
package/docs/api-reference/rpc-functions.md +78 -3
package/docs/best-practices/accessibility.md +6 -3
package/docs/getting-started/cursor-rules.md +3 -23
package/docs/getting-started/dependencies.md +650 -0
package/docs/getting-started/installation-guide.md +20 -7
package/docs/getting-started/quick-start.md +23 -12
package/docs/implementation-guides/permission-enforcement.md +4 -0
package/docs/rbac/MIGRATION_GUIDE.md +819 -0
package/docs/rbac/RBAC_CONTRACT.md +724 -0
package/docs/rbac/README.md +12 -3
package/docs/rbac/edge-functions-guide.md +376 -0
package/docs/rbac/secure-client-protection.md +0 -34
package/docs/standards/00-pace-core-compliance.md +967 -0
package/docs/standards/01-standards-compliance.md +188 -0
package/docs/standards/02-project-structure.md +985 -0
package/docs/standards/03-solid-principles.md +39 -0
package/docs/standards/04-testing-standards.md +36 -0
package/docs/standards/05-bug-reports-and-features.md +27 -0
package/docs/standards/{04-code-style-standard.md → 06-code-quality.md} +2 -0
package/docs/standards/07-tech-stack-compliance.md +30 -0
package/docs/standards/08-markup-quality.md +345 -0
package/docs/standards/{07-rbac-and-rls-standard.md → 09-rbac-compliance.md} +149 -54
package/docs/standards/10-error-handling-patterns.md +401 -0
package/docs/standards/11-performance-optimization.md +348 -0
package/docs/standards/12-ci-cd-integration.md +370 -0
package/docs/standards/ALIGNMENT_REVIEW_SUMMARY.md +192 -0
package/docs/standards/README.md +62 -33
package/docs/troubleshooting/organisation-context-setup.md +42 -19
package/eslint-config-pace-core.cjs +20 -4
package/package.json +31 -21
package/scripts/audit/audit-compliance.cjs +1295 -0
package/scripts/audit/audit-components.cjs +260 -0
package/scripts/audit/audit-dependencies.cjs +395 -0
package/scripts/audit/audit-rbac.cjs +954 -0
package/scripts/audit/audit-standards.cjs +1268 -0
package/scripts/audit/index.cjs +1898 -194
package/scripts/install-cursor-rules.cjs +259 -8
package/scripts/validate-master.js +1 -1
package/src/__tests__/fixtures/supabase.ts +1 -1
package/src/__tests__/helpers/__tests__/component-test-utils.test.tsx +1 -1
package/src/__tests__/helpers/__tests__/optimized-test-setup.test.ts +1 -1
package/src/__tests__/helpers/__tests__/supabaseMock.test.ts +1 -1
package/src/__tests__/helpers/__tests__/test-utils.test.tsx +3 -3
package/src/__tests__/helpers/component-test-utils.tsx +1 -1
package/src/__tests__/helpers/supabaseMock.ts +2 -2
package/src/__tests__/public-recipe-view.test.ts +38 -9
package/src/components/Button/Button.tsx +5 -1
package/src/components/ContextSelector/ContextSelector.tsx +42 -39
package/src/components/DataTable/__tests__/keyboard.test.tsx +15 -2
package/src/components/DataTable/components/DataTableBody.tsx +55 -31
package/src/components/DataTable/components/DataTableCore.tsx +186 -13
package/src/components/DataTable/components/DataTableLayout.tsx +30 -5
package/src/components/DataTable/components/EditFields.tsx +23 -3
package/src/components/DataTable/components/EditableRow.tsx +7 -2
package/src/components/DataTable/components/ImportModal.tsx +4 -6
package/src/components/DataTable/components/RowComponent.tsx +12 -0
package/src/components/DataTable/components/ViewRowModal.tsx +4 -4
package/src/components/DataTable/components/__tests__/ImportModal.test.tsx +455 -96
package/src/components/DataTable/components/__tests__/ViewRowModal.test.tsx +122 -58
package/src/components/DataTable/components/hooks/usePermissionTracking.ts +0 -4
package/src/components/DataTable/core/DataTableContext.tsx +1 -1
package/src/components/DataTable/hooks/__tests__/useDataTableState.test.ts +51 -47
package/src/components/DataTable/hooks/useDataTablePermissions.ts +24 -21
package/src/components/DataTable/hooks/useDataTableState.ts +125 -9
package/src/components/DataTable/hooks/useTableColumns.ts +40 -2
package/src/components/DataTable/hooks/useTableHandlers.ts +11 -0
package/src/components/DataTable/types.ts +5 -0
package/src/components/DateTimeField/DateTimeField.tsx +20 -20
package/src/components/DateTimeField/README.md +5 -2
package/src/components/Dialog/Dialog.test.tsx +361 -318
package/src/components/Dialog/Dialog.tsx +1154 -323
package/src/components/Dialog/index.ts +3 -3
package/src/components/FileDisplay/FileDisplay.test.tsx +45 -2
package/src/components/FileDisplay/FileDisplay.tsx +28 -22
package/src/components/Form/Form.test.tsx +9 -10
package/src/components/Form/Form.tsx +369 -9
package/src/components/InactivityWarningModal/InactivityWarningModal.test.tsx +28 -28
package/src/components/InactivityWarningModal/InactivityWarningModal.tsx +40 -54
package/src/components/LoginForm/LoginForm.tsx +2 -2
package/src/components/NavigationMenu/NavigationMenu.test.tsx +14 -13
package/src/components/NavigationMenu/NavigationMenu.tsx +2 -2
package/src/components/NavigationMenu/useNavigationFiltering.ts +11 -21
package/src/components/PaceAppLayout/PaceAppLayout.test.tsx +6 -4
package/src/components/PaceAppLayout/PaceAppLayout.tsx +30 -41
package/src/components/PaceAppLayout/README.md +10 -9
package/src/components/PaceAppLayout/test-setup.tsx +40 -31
package/src/components/PaceLoginPage/PaceLoginPage.test.tsx +108 -61
package/src/components/PaceLoginPage/PaceLoginPage.tsx +27 -3
package/src/components/PasswordChange/PasswordChangeForm.test.tsx +61 -0
package/src/components/PasswordChange/PasswordChangeForm.tsx +20 -13
package/src/components/PublicLayout/PublicLayout.test.tsx +7 -3
package/src/components/PublicLayout/PublicPageLayout.tsx +5 -8
package/src/components/Select/Select.tsx +23 -21
package/src/components/Select/types.ts +1 -1
package/src/components/UserMenu/UserMenu.test.tsx +38 -6
package/src/components/UserMenu/UserMenu.tsx +39 -34
package/src/components/index.ts +3 -4
package/src/eslint-rules/index.cjs +22 -0
package/src/eslint-rules/rules/compliance.cjs +348 -0
package/src/eslint-rules/rules/components.cjs +113 -0
package/src/eslint-rules/rules/imports.cjs +102 -0
package/src/eslint-rules/rules/rbac.cjs +790 -0
package/src/eslint-rules/utils/helpers.cjs +42 -0
package/src/eslint-rules/utils/manifest-loader.cjs +75 -0
package/src/hooks/__tests__/hooks.integration.test.tsx +6 -8
package/src/hooks/__tests__/useAppConfig.unit.test.ts +129 -67
package/src/hooks/__tests__/usePublicEvent.simple.test.ts +149 -67
package/src/hooks/__tests__/usePublicEvent.test.ts +149 -79
package/src/hooks/__tests__/usePublicEvent.unit.test.ts +158 -109
package/src/hooks/__tests__/useSessionDraft.test.ts +163 -0
package/src/hooks/__tests__/useSessionRestoration.unit.test.tsx +10 -5
package/src/hooks/public/usePublicEvent.ts +62 -190
package/src/hooks/public/usePublicEventLogo.test.ts +70 -17
package/src/hooks/public/usePublicEventLogo.ts +19 -9
package/src/hooks/useAppConfig.ts +26 -24
package/src/hooks/useEventTheme.test.ts +211 -233
package/src/hooks/useEventTheme.ts +19 -28
package/src/hooks/useEvents.ts +11 -7
package/src/hooks/useKeyboardShortcuts.ts +1 -1
package/src/hooks/useOrganisationPermissions.ts +9 -11
package/src/hooks/useOrganisations.ts +13 -7
package/src/hooks/useQueryCache.ts +0 -1
package/src/hooks/useSessionDraft.ts +380 -0
package/src/hooks/useSessionRestoration.ts +3 -1
package/src/icons/index.ts +27 -0
package/src/index.ts +16 -1
package/src/providers/OrganisationProvider.tsx +23 -14
package/src/providers/services/EventServiceProvider.tsx +1 -24
package/src/providers/services/UnifiedAuthProvider.tsx +5 -48
package/src/providers/services/__tests__/UnifiedAuthProvider.integration.test.tsx +3 -0
package/src/rbac/README.md +20 -20
package/src/rbac/__tests__/adapters.comprehensive.test.tsx +7 -457
package/src/rbac/__tests__/auth-rbac.e2e.test.tsx +33 -7
package/src/rbac/adapters.tsx +7 -295
package/src/rbac/api.test.ts +44 -56
package/src/rbac/api.ts +10 -17
package/src/rbac/cache-invalidation.ts +0 -1
package/src/rbac/compliance/index.ts +10 -0
package/src/rbac/compliance/pattern-detector.ts +553 -0
package/src/rbac/compliance/runtime-compliance.ts +22 -0
package/src/rbac/components/AccessDenied.tsx +150 -0
package/src/rbac/components/NavigationGuard.tsx +12 -20
package/src/rbac/components/PagePermissionGuard.tsx +4 -24
package/src/rbac/components/__tests__/NavigationGuard.test.tsx +21 -8
package/src/rbac/components/index.ts +3 -41
package/src/rbac/eslint-rules.js +1 -1
package/src/rbac/hooks/index.ts +0 -3
package/src/rbac/hooks/permissions/index.ts +0 -3
package/src/rbac/hooks/permissions/useAccessLevel.ts +4 -8
package/src/rbac/hooks/usePermissions.ts +0 -3
package/src/rbac/hooks/useRBAC.test.ts +21 -3
package/src/rbac/hooks/useRBAC.ts +4 -3
package/src/rbac/hooks/useResolvedScope.test.ts +57 -47
package/src/rbac/hooks/useResolvedScope.ts +58 -140
package/src/rbac/hooks/useResourcePermissions.test.ts +241 -60
package/src/rbac/hooks/useResourcePermissions.ts +182 -63
package/src/rbac/hooks/useRoleManagement.test.ts +65 -22
package/src/rbac/hooks/useRoleManagement.ts +147 -19
package/src/rbac/hooks/useSecureSupabase.ts +4 -8
package/src/rbac/index.ts +7 -9
package/src/rbac/permissions.ts +17 -17
package/src/rbac/utils/contextValidator.ts +45 -7
package/src/services/AuthService.ts +132 -23
package/src/services/EventService.ts +4 -97
package/src/services/InactivityService.ts +155 -58
package/src/services/OrganisationService.ts +7 -44
package/src/services/__tests__/OrganisationService.test.ts +26 -8
package/src/services/base/BaseService.ts +0 -3
package/src/styles/core.css +4 -0
package/src/types/database.generated.ts +4733 -3809
package/src/utils/__tests__/organisationContext.unit.test.ts +9 -10
package/src/utils/context/organisationContext.test.ts +13 -28
package/src/utils/context/organisationContext.ts +21 -52
package/src/utils/dynamic/dynamicUtils.ts +1 -1
package/src/utils/file-reference/index.ts +39 -15
package/src/utils/formatting/formatDateTime.test.ts +3 -2
package/src/utils/formatting/formatTime.test.ts +3 -2
package/src/utils/google-places/loadGoogleMapsScript.ts +29 -4
package/src/utils/index.ts +4 -1
package/src/utils/persistence/__tests__/keyDerivation.test.ts +135 -0
package/src/utils/persistence/__tests__/sensitiveFieldDetection.test.ts +123 -0
package/src/utils/persistence/keyDerivation.ts +304 -0
package/src/utils/persistence/sensitiveFieldDetection.ts +212 -0
package/src/utils/security/secureStorage.ts +5 -5
package/src/utils/storage/helpers.ts +3 -3
package/src/utils/supabase/createBaseClient.ts +147 -0
package/src/utils/timezone/timezone.test.ts +1 -2
package/src/utils/timezone/timezone.ts +1 -1
package/src/utils/validation/csrf.ts +4 -4
package/cursor-rules/CHANGELOG.md +0 -119
package/cursor-rules/README.md +0 -192
package/dist/DataTable-E7YQZD7D.js +0 -175
package/dist/DataTable-E7YQZD7D.js.map +0 -1
package/dist/UnifiedAuthProvider-QPXO24B4.js +0 -18
package/dist/UnifiedAuthProvider-QPXO24B4.js.map +0 -1
package/dist/api-6LVZTHDS.js +0 -52
package/dist/api-6LVZTHDS.js.map +0 -1
package/dist/audit-V53FV5AG.js +0 -17
package/dist/audit-V53FV5AG.js.map +0 -1
package/dist/chunk-36LVWXB2.js +0 -227
package/dist/chunk-36LVWXB2.js.map +0 -1
package/dist/chunk-3LPHPB62.js.map +0 -1
package/dist/chunk-5DRSZLL2.js.map +0 -1
package/dist/chunk-5EC5MEWX.js.map +0 -1
package/dist/chunk-63FOKYGO.js.map +0 -1
package/dist/chunk-6SOIHG6Z.js.map +0 -1
package/dist/chunk-7JPAB3T5.js.map +0 -1
package/dist/chunk-ATKZM7RX.js +0 -2053
package/dist/chunk-ATKZM7RX.js.map +0 -1
package/dist/chunk-AVMLPIM7.js.map +0 -1
package/dist/chunk-DGUM43GV.js.map +0 -1
package/dist/chunk-E66EQZE6.js.map +0 -1
package/dist/chunk-FFQEQTNW.js.map +0 -1
package/dist/chunk-FMUCXFII.js.map +0 -1
package/dist/chunk-G37KK66H.js.map +0 -1
package/dist/chunk-I6DAQMWX.js.map +0 -1
package/dist/chunk-J36DSWQK.js.map +0 -1
package/dist/chunk-KQCRWDSA.js +0 -1
package/dist/chunk-KQCRWDSA.js.map +0 -1
package/dist/chunk-L4OXEN46.js.map +0 -1
package/dist/chunk-LMC26NLJ.js +0 -84
package/dist/chunk-LMC26NLJ.js.map +0 -1
package/dist/chunk-M43Y4SSO.js.map +0 -1
package/dist/chunk-M7MPQISP.js.map +0 -1
package/dist/chunk-NN6WWZ5U.js.map +0 -1
package/dist/chunk-OEWDTMG7.js.map +0 -1
package/dist/chunk-PWLANIRT.js.map +0 -1
package/dist/chunk-QXHPKYJV.js.map +0 -1
package/dist/chunk-VBXEHIUJ.js.map +0 -1
package/dist/chunk-YKRAFF5K.js.map +0 -1
package/dist/chunk-ZSAAAMVR.js.map +0 -1
package/dist/components.js.map +0 -1
package/dist/contextValidator-OOPCLPZW.js +0 -9
package/dist/contextValidator-OOPCLPZW.js.map +0 -1
package/dist/eslint-rules/pace-core-compliance.cjs +0 -510
package/dist/hooks.js.map +0 -1
package/dist/index.js.map +0 -1
package/dist/providers.js.map +0 -1
package/dist/rbac/eslint-rules.js.map +0 -1
package/dist/rbac/index.js.map +0 -1
package/dist/styles/index.js.map +0 -1
package/dist/theming/runtime.js.map +0 -1
package/dist/types.js.map +0 -1
package/dist/utils.js.map +0 -1
package/docs/standards/01-architecture-standard.md +0 -44
package/docs/standards/02-api-and-rpc-standard.md +0 -39
package/docs/standards/03-component-standard.md +0 -32
package/docs/standards/05-security-standard.md +0 -44
package/docs/standards/06-testing-and-docs-standard.md +0 -29
package/docs/standards/pace-core-compliance.md +0 -432
package/scripts/audit/core/checks/accessibility.cjs +0 -197
package/scripts/audit/core/checks/api-usage.cjs +0 -191
package/scripts/audit/core/checks/bundle.cjs +0 -142
package/scripts/audit/core/checks/compliance.cjs +0 -2706
package/scripts/audit/core/checks/config.cjs +0 -54
package/scripts/audit/core/checks/coverage.cjs +0 -84
package/scripts/audit/core/checks/dependencies.cjs +0 -994
package/scripts/audit/core/checks/documentation.cjs +0 -268
package/scripts/audit/core/checks/environment.cjs +0 -116
package/scripts/audit/core/checks/error-handling.cjs +0 -340
package/scripts/audit/core/checks/forms.cjs +0 -172
package/scripts/audit/core/checks/heuristics.cjs +0 -68
package/scripts/audit/core/checks/hooks.cjs +0 -334
package/scripts/audit/core/checks/imports.cjs +0 -244
package/scripts/audit/core/checks/performance.cjs +0 -325
package/scripts/audit/core/checks/routes.cjs +0 -117
package/scripts/audit/core/checks/state.cjs +0 -130
package/scripts/audit/core/checks/structure.cjs +0 -65
package/scripts/audit/core/checks/style.cjs +0 -584
package/scripts/audit/core/checks/testing.cjs +0 -122
package/scripts/audit/core/checks/typescript.cjs +0 -61
package/scripts/audit/core/scanner.cjs +0 -199
package/scripts/audit/core/utils.cjs +0 -137
package/scripts/audit/reporters/console.cjs +0 -151
package/scripts/audit/reporters/json.cjs +0 -54
package/scripts/audit/reporters/markdown.cjs +0 -124
package/scripts/audit-consuming-app.cjs +0 -86
package/src/eslint-rules/pace-core-compliance.cjs +0 -510
package/src/eslint-rules/pace-core-compliance.js +0 -638
package/src/rbac/components/EnhancedNavigationMenu.test.tsx +0 -555
package/src/rbac/components/EnhancedNavigationMenu.tsx +0 -293
package/src/rbac/components/NavigationProvider.test.tsx +0 -481
package/src/rbac/components/NavigationProvider.tsx +0 -345
package/src/rbac/components/PagePermissionProvider.test.tsx +0 -476
package/src/rbac/components/PagePermissionProvider.tsx +0 -279
package/src/rbac/components/PermissionEnforcer.tsx +0 -312
package/src/rbac/components/RoleBasedRouter.tsx +0 -440
package/src/rbac/components/SecureDataProvider.test.tsx +0 -543
package/src/rbac/components/SecureDataProvider.tsx +0 -339
package/src/rbac/components/__tests__/EnhancedNavigationMenu.test.tsx +0 -620
package/src/rbac/components/__tests__/NavigationProvider.test.tsx +0 -726
package/src/rbac/components/__tests__/PagePermissionProvider.test.tsx +0 -661
package/src/rbac/components/__tests__/PermissionEnforcer.test.tsx +0 -881
package/src/rbac/components/__tests__/RoleBasedRouter.test.tsx +0 -783
package/src/rbac/components/__tests__/SecureDataProvider.fixed.test.tsx +0 -645
package/src/rbac/components/__tests__/SecureDataProvider.test.tsx +0 -659
package/src/rbac/hooks/permissions/useCachedPermissions.ts +0 -79
package/src/rbac/hooks/permissions/useHasAllPermissions.ts +0 -90
package/src/rbac/hooks/permissions/useHasAnyPermission.ts +0 -90

package/dist/UnifiedAuthProvider-QPXO24B4.js DELETED Viewed

@@ -1,18 +0,0 @@
-import {
-  UnifiedAuthContext,
-  UnifiedAuthProvider,
-  useUnifiedAuth
-} from "./chunk-AVMLPIM7.js";
-import "./chunk-3LPHPB62.js";
-import "./chunk-63FOKYGO.js";
-import "./chunk-36LVWXB2.js";
-import "./chunk-QXHPKYJV.js";
-import "./chunk-VBXEHIUJ.js";
-import "./chunk-PWLANIRT.js";
-import "./chunk-DGUM43GV.js";
-export {
-  UnifiedAuthContext,
-  UnifiedAuthProvider,
-  useUnifiedAuth
-};
-//# sourceMappingURL=UnifiedAuthProvider-QPXO24B4.js.map

package/dist/UnifiedAuthProvider-QPXO24B4.js.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/api-6LVZTHDS.js DELETED Viewed

@@ -1,52 +0,0 @@
-import {
-  clearCache,
-  getAccessLevel,
-  getPageScopeType,
-  getPermissionMap,
-  getRoleContext,
-  hasAllPermissions,
-  hasAnyPermission,
-  hasPermission,
-  invalidateAppCache,
-  invalidateEventCache,
-  invalidateOrganisationCache,
-  invalidateUserCache,
-  isEventAdmin,
-  isOrganisationAdmin,
-  isPermitted,
-  isPermittedCached,
-  isRBACInitialized,
-  isSuperAdmin,
-  resolveAppContext,
-  setupRBAC
-} from "./chunk-3LPHPB62.js";
-import "./chunk-63FOKYGO.js";
-import {
-  OrganisationContextRequiredError
-} from "./chunk-36LVWXB2.js";
-import "./chunk-PWLANIRT.js";
-import "./chunk-DGUM43GV.js";
-export {
-  OrganisationContextRequiredError,
-  clearCache,
-  getAccessLevel,
-  getPageScopeType,
-  getPermissionMap,
-  getRoleContext,
-  hasAllPermissions,
-  hasAnyPermission,
-  hasPermission,
-  invalidateAppCache,
-  invalidateEventCache,
-  invalidateOrganisationCache,
-  invalidateUserCache,
-  isEventAdmin,
-  isOrganisationAdmin,
-  isPermitted,
-  isPermittedCached,
-  isRBACInitialized,
-  isSuperAdmin,
-  resolveAppContext,
-  setupRBAC
-};
-//# sourceMappingURL=api-6LVZTHDS.js.map

package/dist/api-6LVZTHDS.js.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/audit-V53FV5AG.js DELETED Viewed

@@ -1,17 +0,0 @@
-import {
-  RBACAuditManager,
-  createAuditManager,
-  emitAuditEvent,
-  getGlobalAuditManager,
-  setGlobalAuditManager
-} from "./chunk-63FOKYGO.js";
-import "./chunk-PWLANIRT.js";
-import "./chunk-DGUM43GV.js";
-export {
-  RBACAuditManager,
-  createAuditManager,
-  emitAuditEvent,
-  getGlobalAuditManager,
-  setGlobalAuditManager
-};
-//# sourceMappingURL=audit-V53FV5AG.js.map

package/dist/audit-V53FV5AG.js.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/chunk-36LVWXB2.js DELETED Viewed

@@ -1,227 +0,0 @@
-import {
-  createLogger
-} from "./chunk-PWLANIRT.js";
-// src/rbac/types.ts
-var RBACError = class extends Error {
-  constructor(message, code, context) {
-    super(message);
-    this.code = code;
-    this.context = context;
-    this.name = "RBACError";
-  }
-};
-var PermissionDeniedError = class extends RBACError {
-  constructor(permission, context) {
-    super(
-      `Permission denied: ${permission}`,
-      "PERMISSION_DENIED",
-      { permission, ...context }
-    );
-    this.name = "PermissionDeniedError";
-  }
-};
-var OrganisationContextRequiredError = class extends RBACError {
-  constructor() {
-    super(
-      "Organisation context is required for this operation",
-      "ORGANISATION_CONTEXT_REQUIRED"
-    );
-    this.name = "OrganisationContextRequiredError";
-  }
-};
-var EventContextRequiredError = class extends RBACError {
-  constructor() {
-    super(
-      "Event context is required for this operation",
-      "EVENT_CONTEXT_REQUIRED"
-    );
-    this.name = "EventContextRequiredError";
-  }
-};
-var RBACNotInitializedError = class extends RBACError {
-  constructor() {
-    super(
-      "RBAC system not initialized. Please call setupRBAC(supabase) before using any RBAC components or hooks. See: https://docs.pace-core.dev/rbac/setup",
-      "RBAC_NOT_INITIALIZED"
-    );
-    this.name = "RBACNotInitializedError";
-  }
-};
-var InvalidScopeError = class extends RBACError {
-  constructor(scope, reason) {
-    super(
-      `Invalid scope provided: ${JSON.stringify(scope)}. ${reason}`,
-      "INVALID_SCOPE",
-      { scope, reason }
-    );
-    this.name = "InvalidScopeError";
-  }
-};
-var MissingUserContextError = class extends RBACError {
-  constructor() {
-    super(
-      "User context is required but not available. Make sure to wrap your app with an auth provider.",
-      "MISSING_USER_CONTEXT"
-    );
-    this.name = "MissingUserContextError";
-  }
-};
-// src/rbac/utils/eventContext.ts
-var orgDerivationCache = /* @__PURE__ */ new Map();
-var MAX_CACHE_SIZE = 100;
-async function getOrganisationFromEvent(supabase, eventId) {
-  if (orgDerivationCache.has(eventId)) {
-    return orgDerivationCache.get(eventId) ?? null;
-  }
-  const { data, error } = await supabase.from("core_events").select("organisation_id").eq("event_id", eventId).single();
-  let organisationId = null;
-  if (error || !data) {
-    organisationId = null;
-  } else if (data.organisation_id) {
-    organisationId = data.organisation_id;
-  } else {
-    organisationId = null;
-  }
-  if (orgDerivationCache.size >= MAX_CACHE_SIZE) {
-    const firstKey = orgDerivationCache.keys().next().value;
-    if (firstKey) {
-      orgDerivationCache.delete(firstKey);
-    }
-  }
-  orgDerivationCache.set(eventId, organisationId);
-  return organisationId;
-}
-// src/rbac/utils/contextValidator.ts
-var log = createLogger("ContextValidator");
-var ContextValidator = class {
-  /**
-   * Derive organisation ID from event ID
-   *
-   * @param supabase - Supabase client
-   * @param eventId - Event ID
-   * @returns Organisation ID or null
-   */
-  static async deriveOrgFromEvent(supabase, eventId) {
-    return getOrganisationFromEvent(supabase, eventId);
-  }
-  /**
-   * Resolve scope based on page-level scope_type
-   *
-   * This method handles page-level scoping. All pages have explicit scope_type set.
-   * Used for hybrid apps like pace-mint that have both event and organisation pages.
-   *
-   * @param scope - Current scope
-   * @param pageScopeType - Page scope type ('event', 'organisation', or 'both')
-   * @param appName - App name (for PORTAL/ADMIN special case)
-   * @param supabase - Supabase client (for deriving org from event)
-   * @returns Resolved scope with all required context
-   */
-  static async resolveScopeForPage(scope, pageScopeType, appName, supabase) {
-    const effectiveScopeType = pageScopeType;
-    if (effectiveScopeType === "both") {
-      if (!scope.organisationId && !scope.eventId) {
-        return {
-          isValid: false,
-          resolvedScope: null,
-          error: new Error("Page requires either organisation or event context")
-        };
-      }
-      let organisationId = scope.organisationId;
-      if (!organisationId && scope.eventId && supabase) {
-        try {
-          const derivedOrgId = await this.deriveOrgFromEvent(supabase, scope.eventId);
-          organisationId = derivedOrgId || void 0;
-        } catch (error) {
-          log.warn("Failed to derive org from event for both-scope page:", error);
-        }
-      }
-      return {
-        isValid: true,
-        resolvedScope: {
-          organisationId,
-          eventId: scope.eventId,
-          appId: scope.appId
-        },
-        error: null
-      };
-    }
-    if (effectiveScopeType === "event") {
-      if (!scope.eventId) {
-        return {
-          isValid: false,
-          resolvedScope: null,
-          error: new EventContextRequiredError()
-        };
-      }
-      let organisationId = scope.organisationId;
-      if (!organisationId && supabase && scope.eventId) {
-        try {
-          const derivedOrgId = await this.deriveOrgFromEvent(supabase, scope.eventId);
-          organisationId = derivedOrgId || void 0;
-          if (!organisationId) {
-            return {
-              isValid: false,
-              resolvedScope: null,
-              error: new Error("Could not resolve organisation from event context")
-            };
-          }
-        } catch (error) {
-          log.error("Failed to derive org from event:", error);
-          return {
-            isValid: false,
-            resolvedScope: null,
-            error: error instanceof Error ? error : new Error("Failed to derive organisation from event")
-          };
-        }
-      }
-      return {
-        isValid: true,
-        resolvedScope: {
-          organisationId,
-          eventId: scope.eventId,
-          appId: scope.appId
-        },
-        error: null
-      };
-    }
-    if (effectiveScopeType === "organisation") {
-      if (!scope.organisationId) {
-        return {
-          isValid: false,
-          resolvedScope: null,
-          error: new OrganisationContextRequiredError()
-        };
-      }
-      return {
-        isValid: true,
-        resolvedScope: {
-          organisationId: scope.organisationId,
-          eventId: scope.eventId,
-          // Event is optional for org-scoped pages
-          appId: scope.appId
-        },
-        error: null
-      };
-    }
-    return {
-      isValid: false,
-      resolvedScope: null,
-      error: new Error("Invalid scope type")
-    };
-  }
-};
-export {
-  RBACError,
-  PermissionDeniedError,
-  OrganisationContextRequiredError,
-  EventContextRequiredError,
-  RBACNotInitializedError,
-  InvalidScopeError,
-  MissingUserContextError,
-  ContextValidator
-};
-//# sourceMappingURL=chunk-36LVWXB2.js.map

package/dist/chunk-36LVWXB2.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../src/rbac/types.ts","../src/rbac/utils/eventContext.ts","../src/rbac/utils/contextValidator.ts"],"sourcesContent":["/**\n * RBAC (Role-Based Access Control) Types - Build Contract Compliant\n * @package @jmruthers/pace-core\n * @module RBAC/Types\n * @since 1.0.0\n * \n * This module defines the core types for the RBAC system that match the build contract exactly.\n * All types are designed to be framework-agnostic and provide strong typing for permission operations.\n */\n\nimport type React from 'react';\nimport type { AppId, PageId } from '../types/core';\n\n// ============================================================================\n// CORE TYPES\n// ============================================================================\n\nexport type UUID = string;\n\nexport type Operation = 'read' | 'create' | 'update' | 'delete';\n\nexport type Permission = `${Operation}:${string}`; // e.g. \"read:base.events\" or \"create:team.members\"\n\nexport type AccessLevel =\n | 'viewer'\n | 'participant'\n | 'planner'\n | 'admin'\n | 'super';\n\n/**\n * Scope defines the context for permission checks.\n * Can include organisation, event, and/or app identifiers.\n */\nexport type Scope = {\n organisationId?: UUID;\n eventId?: string; // event_id is text/varchar\n appId?: AppId | UUID;\n};\n\n/**\n * Permission check request parameters.\n * Defines who (userId) is checking what permission in what context (scope).\n */\nexport type PermissionCheck = {\n userId: UUID;\n scope: Scope;\n permission: Permission;\n pageId?: PageId | UUID;\n};\n\nexport type PermissionMap = Record<Permission, boolean> & Partial<Record<'*', boolean>>;\n\n// ============================================================================\n// ROLE TYPES\n// ============================================================================\n\nexport type GlobalRole = 'super_admin';\n\nexport type OrganisationRole = 'supporter' | 'member' | 'leader' | 'org_admin';\n\nexport type EventAppRole = 'viewer' | 'participant' | 'planner' | 'event_admin';\n\n// ============================================================================\n// DATABASE TYPES\n// ============================================================================\n\nexport interface RBACGlobalRole {\n id: UUID;\n user_id: UUID;\n role: GlobalRole;\n granted_at: string;\n granted_by: UUID | null;\n valid_from: string;\n valid_to: string | null;\n}\n\nexport interface RBACOrganisationRole {\n id: UUID;\n user_id: UUID;\n organisation_id: UUID;\n role: OrganisationRole;\n status: 'active' | 'inactive' | 'suspended';\n granted_at: string;\n granted_by: UUID | null;\n revoked_at: string | null;\n revoked_by: UUID | null;\n notes: string | null;\n created_at: string;\n updated_at: string;\n valid_from: string;\n valid_to: string | null;\n}\n\nexport interface RBACEventAppRole {\n id: UUID;\n user_id: UUID;\n event_id: string;\n role: EventAppRole;\n status: 'active' | 'inactive' | 'suspended';\n granted_at: string;\n granted_by: UUID | null;\n organisation_id: UUID;\n app_id: UUID;\n valid_from: string;\n valid_to: string | null;\n}\n\nexport interface RBACPagePermission {\n id: UUID;\n app_page_id: UUID;\n operation: Operation;\n role_name: string;\n allowed: boolean;\n created_at: string;\n updated_at: string;\n organisation_id: UUID;\n}\n\nexport interface RBACAppPage {\n id: UUID;\n page_name: string;\n page_description: string | null;\n created_at: string;\n updated_at: string;\n created_by: UUID | null;\n updated_by: UUID | null;\n app_id: UUID;\n scope_type: 'event' | 'organisation' | 'both'; // Required - single source of truth for page scoping\n}\n\nexport interface RBACApp {\n id: UUID;\n name: string;\n display_name: string;\n description: string | null;\n requires_event: boolean;\n is_active: boolean;\n created_at: string;\n updated_at: string;\n created_by: UUID | null;\n updated_by: UUID | null;\n}\n\n// ============================================================================\n// AUDIT EVENT TYPES\n// ============================================================================\n\nexport type AuditEventType = \n | 'permission_check'\n | 'permission_denied'\n | 'role_granted'\n | 'role_denied'\n | 'rls_denied';\n\nexport type AuditEventSource = 'api' | 'ui' | 'middleware' | 'rls';\n\nexport interface RBACAuditEvent {\n id: UUID;\n event_type: AuditEventType;\n user_id: UUID;\n organisation_id: UUID | null; // Nullable to properly track missing context cases (should be rare since organisationId is required)\n event_id?: string;\n app_id?: UUID;\n page_id?: UUID;\n permission?: string;\n decision?: boolean;\n source?: AuditEventSource;\n bypass?: boolean;\n duration_ms?: number;\n metadata: Record<string, any>;\n created_at: string;\n}\n\nexport interface RBACAppContext {\n appId: UUID;\n hasAccess: boolean;\n}\n\nexport interface RBACRoleContext {\n globalRole: GlobalRole | null;\n organisationRole: OrganisationRole | null;\n eventAppRole: EventAppRole | null;\n}\n\n// ============================================================================\n// CACHE TYPES\n// ============================================================================\n\nexport interface CacheEntry<T> {\n data: T;\n expires: number;\n}\n\nexport interface PermissionCacheKey {\n userId: UUID;\n organisationId?: UUID;\n eventId?: string;\n appId?: UUID;\n permission?: Permission;\n pageId?: UUID | string;\n}\n\n// ============================================================================\n// API TYPES\n// ============================================================================\n\nexport interface GetAccessLevelInput {\n userId: UUID;\n scope: Scope;\n}\n\nexport interface GetPermissionMapInput {\n userId: UUID;\n scope: Scope;\n}\n\nexport interface IsPermittedInput extends PermissionCheck {}\n\n// ============================================================================\n// HOOK TYPES\n// ============================================================================\n\nexport interface UsePermissionsReturn {\n permissions: PermissionMap;\n isLoading: boolean;\n error: Error | null;\n refetch: () => Promise<void>;\n}\n\nexport interface UseCanReturn {\n can: boolean;\n isLoading: boolean;\n error: Error | null;\n check: () => Promise<void>;\n}\n\n// ============================================================================\n// ADAPTER TYPES\n// ============================================================================\n\nexport interface PermissionGuardConfig {\n permission: Permission;\n pageId?: UUID;\n}\n\nexport interface WithPermissionGuardOptions {\n permission: Permission;\n pageId?: UUID;\n fallback?: React.ReactNode;\n onDenied?: () => void;\n}\n\n// ============================================================================\n// HOOK RETURN TYPES\n// ============================================================================\n\nexport interface UserRBACContext {\n user: any; // User from auth context\n globalRole: GlobalRole | null;\n organisationRole: OrganisationRole | null;\n eventAppRole: EventAppRole | null;\n hasGlobalPermission: (permission: Permission) => boolean;\n isSuperAdmin: boolean;\n isOrgAdmin: boolean;\n isEventAdmin: boolean;\n canManageOrganisation: boolean;\n canManageEvent: boolean;\n isLoading: boolean;\n error: Error | null;\n}\n\nexport interface RBACPermission {\n permission_type: string;\n role_name: string;\n [key: string]: any;\n}\n\n// ============================================================================\n// COMPONENT TYPES\n// ============================================================================\n\nexport interface RBACGuardProps {\n children: React.ReactNode;\n operation: Operation;\n pageId?: UUID;\n fallback?: React.ReactNode;\n}\n\nexport interface RoleBasedContentProps {\n children: React.ReactNode;\n globalRoles?: GlobalRole[];\n organisationRoles?: OrganisationRole[];\n eventAppRoles?: EventAppRole[];\n fallback?: React.ReactNode;\n}\n\n// ============================================================================\n// ERROR TYPES\n// ============================================================================\n\nexport class RBACError extends Error {\n constructor(\n message: string,\n public code: string,\n public context?: Record<string, any>\n ) {\n super(message);\n this.name = 'RBACError';\n }\n}\n\nexport class PermissionDeniedError extends RBACError {\n constructor(permission: Permission, context?: Record<string, any>) {\n super(\n `Permission denied: ${permission}`,\n 'PERMISSION_DENIED',\n { permission, ...context }\n );\n this.name = 'PermissionDeniedError';\n }\n}\n\nexport class OrganisationContextRequiredError extends RBACError {\n constructor() {\n super(\n 'Organisation context is required for this operation',\n 'ORGANISATION_CONTEXT_REQUIRED'\n );\n this.name = 'OrganisationContextRequiredError';\n }\n}\n\nexport class EventContextRequiredError extends RBACError {\n constructor() {\n super(\n 'Event context is required for this operation',\n 'EVENT_CONTEXT_REQUIRED'\n );\n this.name = 'EventContextRequiredError';\n }\n}\n\nexport class RBACNotInitializedError extends RBACError {\n constructor() {\n super(\n 'RBAC system not initialized. Please call setupRBAC(supabase) before using any RBAC components or hooks. See: https://docs.pace-core.dev/rbac/setup',\n 'RBAC_NOT_INITIALIZED'\n );\n this.name = 'RBACNotInitializedError';\n }\n}\n\nexport class InvalidScopeError extends RBACError {\n constructor(scope: Scope, reason: string) {\n super(\n `Invalid scope provided: ${JSON.stringify(scope)}. ${reason}`,\n 'INVALID_SCOPE',\n { scope, reason }\n );\n this.name = 'InvalidScopeError';\n }\n}\n\nexport class MissingUserContextError extends RBACError {\n constructor() {\n super(\n 'User context is required but not available. Make sure to wrap your app with an auth provider.',\n 'MISSING_USER_CONTEXT'\n );\n this.name = 'MissingUserContextError';\n }\n}\n","/**\n * Event Context Utilities for RBAC\n * @package @jmruthers/pace-core\n * @module RBAC/EventContext\n * @since 1.0.0\n * \n * This module provides utilities for event-based RBAC operations where\n * the organization context is derived from the event context.\n */\n\nimport { SupabaseClient } from '@supabase/supabase-js';\nimport { Database } from '../../types/database';\nimport { UUID, Scope } from '../types';\n\n/**\n * Cache for organisation derivation from event\n * Key: eventId, Value: organisationId | null\n * Maximum cache size to prevent memory leaks\n */\nconst orgDerivationCache = new Map<string, UUID | null>();\nconst MAX_CACHE_SIZE = 100; // Limit cache to 100 entries\n\n/**\n * Clear cache entry for a specific event (useful if event's org changes)\n * @param eventId - Event ID to clear from cache\n */\nexport function clearOrgDerivationCache(eventId: string): void {\n orgDerivationCache.delete(eventId);\n}\n\n/**\n * Clear all cached organisation derivations\n */\nexport function clearAllOrgDerivationCache(): void {\n orgDerivationCache.clear();\n}\n\n/**\n * Get organization ID from event ID\n * \n * Uses caching to avoid repeated database queries for the same event.\n * Cache is limited to prevent memory leaks.\n * \n * @param supabase - Supabase client\n * @param eventId - Event ID\n * @returns Promise resolving to organization ID or null\n */\nexport async function getOrganisationFromEvent(\n supabase: SupabaseClient<Database>,\n eventId: string\n): Promise<UUID | null> {\n // Check cache first\n if (orgDerivationCache.has(eventId)) {\n return orgDerivationCache.get(eventId) ?? null;\n }\n\n // Query database\n const { data, error } = await supabase\n .from('core_events')\n .select('organisation_id')\n .eq('event_id', eventId)\n .single() as { data: { organisation_id: string } | null; error: any };\n\n let organisationId: UUID | null = null;\n\n if (error || !data) {\n organisationId = null;\n } else if (data.organisation_id) {\n organisationId = data.organisation_id;\n } else {\n // organisation_id is null or undefined\n organisationId = null;\n }\n\n // Cache the result (with size limit to prevent memory leaks)\n if (orgDerivationCache.size >= MAX_CACHE_SIZE) {\n // Remove oldest entry (first key in Map)\n const firstKey = orgDerivationCache.keys().next().value;\n if (firstKey) {\n orgDerivationCache.delete(firstKey);\n }\n }\n orgDerivationCache.set(eventId, organisationId);\n\n return organisationId;\n}\n\n/**\n * Create a complete scope from event context\n * \n * @param supabase - Supabase client\n * @param eventId - Event ID\n * @param appId - Optional app ID\n * @returns Promise resolving to complete scope\n */\nexport async function createScopeFromEvent(\n supabase: SupabaseClient<Database>,\n eventId: string,\n appId?: UUID\n): Promise<Scope | null> {\n const organisationId = await getOrganisationFromEvent(supabase, eventId);\n \n if (!organisationId) {\n return null;\n }\n\n return {\n organisationId,\n eventId,\n appId\n };\n}\n\n/**\n * Check if a scope is event-based (has eventId but no explicit organisationId)\n * \n * @param scope - Permission scope\n * @returns True if scope is event-based\n */\nexport function isEventBasedScope(scope: Scope): boolean {\n return !scope.organisationId && !!scope.eventId;\n}\n\n/**\n * Validate that an event-based scope has the required context\n * \n * @param scope - Permission scope\n * @returns True if scope is valid for event-based operations\n */\nexport function isValidEventBasedScope(scope: Scope): boolean {\n return isEventBasedScope(scope) && !!scope.eventId;\n}\n","/**\n * Context Validator for RBAC\n * @package @jmruthers/pace-core\n * @module RBAC/ContextValidator\n * @since 1.0.0\n * \n * Centralized validation for RBAC context requirements based on app configuration.\n * Enforces app-specific context rules with single primary context:\n * - requires_event = TRUE: Event is PRIMARY context, org derived from event (org not required in input)\n * - requires_event = FALSE: Organisation is PRIMARY context, event optional\n * - PORTAL/ADMIN apps: Both contexts optional (allows users to view/edit own profiles, super admin access)\n * \n * Key principle: Only one primary context is required based on app config. The other is derived or optional.\n */\n\nimport { SupabaseClient } from '@supabase/supabase-js';\nimport { Database } from '../../types/database';\nimport { UUID, Scope } from '../types';\nimport { EventContextRequiredError, OrganisationContextRequiredError } from '../types';\nimport { getOrganisationFromEvent } from './eventContext';\nimport { createLogger } from '../../utils/core/logger';\n\nconst log = createLogger('ContextValidator');\n\n/**\n * Page scope type - determines what context is required for a page\n * This is the single source of truth for page scoping.\n */\nexport type PageScopeType = 'event' | 'organisation' | 'both';\n\n/**\n * Check if an app allows optional contexts (both organisation and event optional)\n * @param appName - App name to check\n * @returns True if app allows optional contexts\n */\nfunction allowsOptionalContexts(appName?: string): boolean {\n return appName === 'PORTAL' || appName === 'ADMIN';\n}\n\nexport interface ContextValidationResult {\n isValid: boolean;\n resolvedScope: Scope | null;\n error: Error | null;\n}\n\n/**\n * Context Validator class\n * \n * Validates and resolves RBAC scope based on app configuration requirements.\n */\nexport class ContextValidator {\n\n /**\n * Derive organisation ID from event ID\n * \n * @param supabase - Supabase client\n * @param eventId - Event ID\n * @returns Organisation ID or null\n */\n static async deriveOrgFromEvent(\n supabase: SupabaseClient<Database>,\n eventId: string\n ): Promise<UUID | null> {\n return getOrganisationFromEvent(supabase, eventId);\n }\n\n /**\n * Resolve scope based on page-level scope_type\n * \n * This method handles page-level scoping. All pages have explicit scope_type set.\n * Used for hybrid apps like pace-mint that have both event and organisation pages.\n * \n * @param scope - Current scope\n * @param pageScopeType - Page scope type ('event', 'organisation', or 'both')\n * @param appName - App name (for PORTAL/ADMIN special case)\n * @param supabase - Supabase client (for deriving org from event)\n * @returns Resolved scope with all required context\n */\n static async resolveScopeForPage(\n scope: Scope,\n pageScopeType: PageScopeType,\n appName?: string,\n supabase?: SupabaseClient<Database> | null\n ): Promise<ContextValidationResult> {\n // Use page-level scope (single source of truth)\n const effectiveScopeType = pageScopeType;\n \n // Handle 'both' scope - requires both contexts available, but can use either\n if (effectiveScopeType === 'both') {\n // For 'both' pages, we need at least one context (org or event)\n // Both will be checked during permission evaluation\n if (!scope.organisationId && !scope.eventId) {\n return {\n isValid: false,\n resolvedScope: null,\n error: new Error('Page requires either organisation or event context')\n };\n }\n \n // Derive org from event if event is provided but org is not\n let organisationId = scope.organisationId;\n if (!organisationId && scope.eventId && supabase) {\n try {\n const derivedOrgId = await this.deriveOrgFromEvent(supabase, scope.eventId);\n organisationId = derivedOrgId || undefined;\n } catch (error) {\n log.warn('Failed to derive org from event for both-scope page:', error);\n // Continue without org - permission check will handle it\n }\n }\n \n return {\n isValid: true,\n resolvedScope: {\n organisationId,\n eventId: scope.eventId,\n appId: scope.appId\n },\n error: null\n };\n }\n \n // Handle 'event' scope - requires event context\n if (effectiveScopeType === 'event') {\n if (!scope.eventId) {\n return {\n isValid: false,\n resolvedScope: null,\n error: new EventContextRequiredError()\n };\n }\n \n // Derive organisationId from event if not provided\n let organisationId: UUID | undefined = scope.organisationId;\n if (!organisationId && supabase && scope.eventId) {\n try {\n const derivedOrgId = await this.deriveOrgFromEvent(supabase, scope.eventId);\n organisationId = derivedOrgId || undefined;\n if (!organisationId) {\n return {\n isValid: false,\n resolvedScope: null,\n error: new Error('Could not resolve organisation from event context')\n };\n }\n } catch (error) {\n log.error('Failed to derive org from event:', error);\n return {\n isValid: false,\n resolvedScope: null,\n error: error instanceof Error ? error : new Error('Failed to derive organisation from event')\n };\n }\n }\n \n return {\n isValid: true,\n resolvedScope: {\n organisationId,\n eventId: scope.eventId,\n appId: scope.appId\n },\n error: null\n };\n }\n \n // Handle 'organisation' scope - requires organisation context\n if (effectiveScopeType === 'organisation') {\n if (!scope.organisationId) {\n return {\n isValid: false,\n resolvedScope: null,\n error: new OrganisationContextRequiredError()\n };\n }\n \n return {\n isValid: true,\n resolvedScope: {\n organisationId: scope.organisationId,\n eventId: scope.eventId, // Event is optional for org-scoped pages\n appId: scope.appId\n },\n error: null\n };\n }\n \n // Fallback (should not happen)\n return {\n isValid: false,\n resolvedScope: null,\n error: new Error('Invalid scope type')\n };\n }\n\n}\n\n"],"mappings":";;;;;AA6SO,IAAM,YAAN,cAAwB,MAAM;AAAA,EACnC,YACE,SACO,MACA,SACP;AACA,UAAM,OAAO;AAHN;AACA;AAGP,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,wBAAN,cAAoC,UAAU;AAAA,EACnD,YAAY,YAAwB,SAA+B;AACjE;AAAA,MACE,sBAAsB,UAAU;AAAA,MAChC;AAAA,MACA,EAAE,YAAY,GAAG,QAAQ;AAAA,IAC3B;AACA,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,mCAAN,cAA+C,UAAU;AAAA,EAC9D,cAAc;AACZ;AAAA,MACE;AAAA,MACA;AAAA,IACF;AACA,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,4BAAN,cAAwC,UAAU;AAAA,EACvD,cAAc;AACZ;AAAA,MACE;AAAA,MACA;AAAA,IACF;AACA,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,0BAAN,cAAsC,UAAU;AAAA,EACrD,cAAc;AACZ;AAAA,MACE;AAAA,MACA;AAAA,IACF;AACA,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,oBAAN,cAAgC,UAAU;AAAA,EAC/C,YAAY,OAAc,QAAgB;AACxC;AAAA,MACE,2BAA2B,KAAK,UAAU,KAAK,CAAC,KAAK,MAAM;AAAA,MAC3D;AAAA,MACA,EAAE,OAAO,OAAO;AAAA,IAClB;AACA,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,0BAAN,cAAsC,UAAU;AAAA,EACrD,cAAc;AACZ;AAAA,MACE;AAAA,MACA;AAAA,IACF;AACA,SAAK,OAAO;AAAA,EACd;AACF;;;ACjWA,IAAM,qBAAqB,oBAAI,IAAyB;AACxD,IAAM,iBAAiB;AA2BvB,eAAsB,yBACpB,UACA,SACsB;AAEtB,MAAI,mBAAmB,IAAI,OAAO,GAAG;AACnC,WAAO,mBAAmB,IAAI,OAAO,KAAK;AAAA,EAC5C;AAGA,QAAM,EAAE,MAAM,MAAM,IAAI,MAAM,SAC3B,KAAK,aAAa,EAClB,OAAO,iBAAiB,EACxB,GAAG,YAAY,OAAO,EACtB,OAAO;AAEV,MAAI,iBAA8B;AAElC,MAAI,SAAS,CAAC,MAAM;AAClB,qBAAiB;AAAA,EACnB,WAAW,KAAK,iBAAiB;AAC/B,qBAAiB,KAAK;AAAA,EACxB,OAAO;AAEL,qBAAiB;AAAA,EACnB;AAGA,MAAI,mBAAmB,QAAQ,gBAAgB;AAE7C,UAAM,WAAW,mBAAmB,KAAK,EAAE,KAAK,EAAE;AAClD,QAAI,UAAU;AACZ,yBAAmB,OAAO,QAAQ;AAAA,IACpC;AAAA,EACF;AACA,qBAAmB,IAAI,SAAS,cAAc;AAE9C,SAAO;AACT;;;AC/DA,IAAM,MAAM,aAAa,kBAAkB;AA4BpC,IAAM,mBAAN,MAAuB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAS5B,aAAa,mBACX,UACA,SACsB;AACtB,WAAO,yBAAyB,UAAU,OAAO;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAcA,aAAa,oBACX,OACA,eACA,SACA,UACkC;AAElC,UAAM,qBAAqB;AAG3B,QAAI,uBAAuB,QAAQ;AAGjC,UAAI,CAAC,MAAM,kBAAkB,CAAC,MAAM,SAAS;AAC3C,eAAO;AAAA,UACL,SAAS;AAAA,UACT,eAAe;AAAA,UACf,OAAO,IAAI,MAAM,oDAAoD;AAAA,QACvE;AAAA,MACF;AAGA,UAAI,iBAAiB,MAAM;AAC3B,UAAI,CAAC,kBAAkB,MAAM,WAAW,UAAU;AAChD,YAAI;AACF,gBAAM,eAAe,MAAM,KAAK,mBAAmB,UAAU,MAAM,OAAO;AAC1E,2BAAiB,gBAAgB;AAAA,QACnC,SAAS,OAAO;AACd,cAAI,KAAK,wDAAwD,KAAK;AAAA,QAExE;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,eAAe;AAAA,UACb;AAAA,UACA,SAAS,MAAM;AAAA,UACf,OAAO,MAAM;AAAA,QACf;AAAA,QACA,OAAO;AAAA,MACT;AAAA,IACF;AAGA,QAAI,uBAAuB,SAAS;AAClC,UAAI,CAAC,MAAM,SAAS;AAClB,eAAO;AAAA,UACL,SAAS;AAAA,UACT,eAAe;AAAA,UACf,OAAO,IAAI,0BAA0B;AAAA,QACvC;AAAA,MACF;AAGA,UAAI,iBAAmC,MAAM;AAC7C,UAAI,CAAC,kBAAkB,YAAY,MAAM,SAAS;AAChD,YAAI;AACF,gBAAM,eAAe,MAAM,KAAK,mBAAmB,UAAU,MAAM,OAAO;AAC1E,2BAAiB,gBAAgB;AACjC,cAAI,CAAC,gBAAgB;AACnB,mBAAO;AAAA,cACL,SAAS;AAAA,cACT,eAAe;AAAA,cACf,OAAO,IAAI,MAAM,mDAAmD;AAAA,YACtE;AAAA,UACF;AAAA,QACF,SAAS,OAAO;AACd,cAAI,MAAM,oCAAoC,KAAK;AACnD,iBAAO;AAAA,YACL,SAAS;AAAA,YACT,eAAe;AAAA,YACf,OAAO,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,0CAA0C;AAAA,UAC9F;AAAA,QACF;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,eAAe;AAAA,UACb;AAAA,UACA,SAAS,MAAM;AAAA,UACf,OAAO,MAAM;AAAA,QACf;AAAA,QACA,OAAO;AAAA,MACT;AAAA,IACF;AAGA,QAAI,uBAAuB,gBAAgB;AACzC,UAAI,CAAC,MAAM,gBAAgB;AACzB,eAAO;AAAA,UACL,SAAS;AAAA,UACT,eAAe;AAAA,UACf,OAAO,IAAI,iCAAiC;AAAA,QAC9C;AAAA,MACF;AAEA,aAAO;AAAA,QACL,SAAS;AAAA,QACT,eAAe;AAAA,UACb,gBAAgB,MAAM;AAAA,UACtB,SAAS,MAAM;AAAA;AAAA,UACf,OAAO,MAAM;AAAA,QACf;AAAA,QACA,OAAO;AAAA,MACT;AAAA,IACF;AAGA,WAAO;AAAA,MACL,SAAS;AAAA,MACT,eAAe;AAAA,MACf,OAAO,IAAI,MAAM,oBAAoB;AAAA,IACvC;AAAA,EACF;AAEF;","names":[]}