@pol-studios/db 1.0.37 → 1.0.39

package/dist/{chunk-YQUNORJD.js → chunk-MZLEDWJF.js}

@@ -1,6 +1,7 @@
 import {
-  useDbQuery
-} from "./chunk-UBHORKBS.js";
+  useDbQuery,
+  useDbQueryById
+} from "./chunk-5SJ5O2NQ.js";
 import {
   buildNormalizedQuery,
   encode,
@@ -8,7 +9,6 @@ import {
   useUpsertItem
 } from "./chunk-YUX6RGLZ.js";
 import {
-  typedSupabase,
   useSupabase
 } from "./chunk-DMVUEJG2.js";
 
@@ -72,9 +72,292 @@ function useDbQuery2(query, config) {
 import { createContext } from "react";
 var setupAuthContext = createContext({});
 
-// src/auth/context/PermissionContext.tsx
-import { createContext as createContext2, useCallback, useContext, useEffect, useMemo as useMemo2, useRef as useRef2, useState } from "react";
+// src/auth/context/AuthProvider.tsx
+import { useCallback, useEffect, useMemo as useMemo2, useRef as useRef2, useState } from "react";
+import { isUsable, newUuid } from "@pol-studios/utils";
 import { jsx } from "react/jsx-runtime";
+var SESSION_FETCH_TIMEOUT_MS = 3e3;
+function getPermissionLevel(action) {
+  switch (action.toLowerCase()) {
+    case "view":
+    case "read":
+      return 1;
+    case "edit":
+    case "write":
+      return 2;
+    case "admin":
+    case "delete":
+    case "share":
+      return 3;
+    default:
+      return 0;
+  }
+}
+function isNotExpired(expiresAt) {
+  return !expiresAt || new Date(expiresAt) > /* @__PURE__ */ new Date();
+}
+function matchesAccessPattern(pattern, requestedKey) {
+  if (pattern === requestedKey) return true;
+  if (pattern === "*:*:*") return true;
+  const patternParts = pattern.split(":");
+  const keyParts = requestedKey.split(":");
+  if (patternParts.length !== keyParts.length) return false;
+  for (let i = 0; i < patternParts.length; i++) {
+    if (patternParts[i] === "*") continue;
+    if (patternParts[i] !== keyParts[i]) return false;
+  }
+  return true;
+}
+function AuthProvider({
+  children
+}) {
+  const supabase = useSupabase();
+  const [currentUser, setCurrentUser] = useState(void 0);
+  const [userNeedsChange, setUserNeedsChange] = useState(true);
+  const [onSignOutCallbacks, setOnSignOutCallbacks] = useState(/* @__PURE__ */ new Map());
+  async function registerAsync(register) {
+    const response = await supabase.auth.signUp(register);
+    if (response.data.user) {
+      setCurrentUser((prev) => prev?.id === response.data.user?.id ? prev : response.data.user);
+    }
+    return response;
+  }
+  async function signInAsync(username, password) {
+    const response_0 = await supabase.auth.signInWithPassword({
+      email: username,
+      password
+    });
+    if (response_0.data.user) {
+      setCurrentUser((prev_0) => prev_0?.id === response_0.data.user?.id ? prev_0 : response_0.data.user);
+    }
+    return response_0;
+  }
+  const signOutAsync = useCallback(async () => {
+    const response_1 = await supabase.auth.signOut();
+    if (!response_1.error) {
+      Array.from(onSignOutCallbacks.values()).forEach((cb) => cb());
+    }
+    return response_1;
+  }, [supabase.auth, onSignOutCallbacks]);
+  function onSignOut(action) {
+    const id = newUuid();
+    setOnSignOutCallbacks((x) => new Map(x).set(id, action));
+    return id;
+  }
+  function removeOnSignOut(id_0) {
+    setOnSignOutCallbacks((x_0) => {
+      const map = new Map(x_0);
+      map.delete(id_0);
+      return map;
+    });
+  }
+  async function refreshAsync() {
+  }
+  useEffect(() => {
+    const {
+      data: {
+        subscription
+      }
+    } = supabase.auth.onAuthStateChange((event) => {
+      if (event === "SIGNED_IN" || event === "SIGNED_OUT") {
+        setUserNeedsChange(true);
+      }
+    });
+    return () => subscription.unsubscribe();
+  }, [supabase.auth]);
+  useEffect(() => {
+    if (!userNeedsChange) return;
+    let cancelled = false;
+    async function fetchSessionWithTimeout() {
+      try {
+        const timeoutPromise = new Promise((_, reject) => {
+          setTimeout(() => {
+            reject(new Error(`Session fetch timed out after ${SESSION_FETCH_TIMEOUT_MS}ms`));
+          }, SESSION_FETCH_TIMEOUT_MS);
+        });
+        const result = await Promise.race([supabase.auth.getSession(), timeoutPromise]);
+        if (cancelled) return;
+        const newUser = result?.data?.session?.user ?? null;
+        setCurrentUser((prev_2) => {
+          if (newUser === null) return null;
+          if (prev_2?.id === newUser?.id) return prev_2;
+          return newUser;
+        });
+        setUserNeedsChange(false);
+      } catch (error) {
+        if (cancelled) return;
+        console.error("Failed to get session (timeout or error):", error);
+        setCurrentUser((prev_1) => prev_1 === null ? prev_1 : null);
+        setUserNeedsChange(false);
+      }
+    }
+    fetchSessionWithTimeout();
+    return () => {
+      cancelled = true;
+    };
+  }, [userNeedsChange, supabase.auth]);
+  const isUserReady = isUsable(currentUser);
+  const {
+    data: profile,
+    isLoading: profileLoading
+  } = useDbQueryById("core.Profile", currentUser?.id ?? "", {
+    enabled: isUserReady
+  });
+  const {
+    data: directAccess,
+    isLoading: directAccessLoading
+  } = useDbQuery("core.UserAccess", {
+    where: {
+      userId: currentUser?.id
+    },
+    enabled: isUserReady,
+    realtime: true
+  });
+  const {
+    data: userGroups,
+    isLoading: userGroupsLoading
+  } = useDbQuery("core.UserGroup", {
+    where: {
+      userId: currentUser?.id
+    },
+    enabled: isUserReady,
+    realtime: true
+  });
+  const {
+    data: groups,
+    isLoading: groupsLoading
+  } = useDbQuery("core.Group", {
+    where: {
+      isActive: 1
+    },
+    enabled: isUserReady,
+    realtime: true
+  });
+  const groupIds = useMemo2(() => userGroups?.map((ug) => ug.groupId) ?? [], [userGroups]);
+  const groupsMap = useMemo2(() => new Map(groups?.map((g) => [g.id, g]) ?? []), [groups]);
+  const {
+    data: groupAccess,
+    isLoading: groupAccessLoading
+  } = useDbQuery("core.GroupAccessKey", {
+    where: groupIds.length > 0 ? {
+      groupId: {
+        in: groupIds
+      }
+    } : void 0,
+    enabled: groupIds.length > 0,
+    realtime: true
+  });
+  const prevProfileStatusRef = useRef2(void 0);
+  useEffect(() => {
+    const currentStatus = profile?.status;
+    const prevStatus = prevProfileStatusRef.current;
+    if (prevStatus === "active" && (currentStatus === "archived" || currentStatus === "suspended")) {
+      signOutAsync();
+    }
+    prevProfileStatusRef.current = currentStatus;
+  }, [profile?.status, signOutAsync]);
+  const allAccessKeys = useMemo2(() => {
+    const keys = [];
+    directAccess?.forEach((a) => {
+      if (isNotExpired(a.expiresAt)) {
+        keys.push({
+          accessKey: a.accessKey,
+          effect: a.effect ?? "allow",
+          source: "direct",
+          expiresAt: a.expiresAt
+        });
+      }
+    });
+    const activeGroupIds = new Set(userGroups?.filter((ug_0) => {
+      const group = groupsMap.get(ug_0.groupId);
+      return group?.isActive === 1 && isNotExpired(ug_0.expiresAt);
+    }).map((ug_1) => ug_1.groupId) ?? []);
+    groupAccess?.forEach((ga) => {
+      if (activeGroupIds.has(ga.groupId) && isNotExpired(ga.expiresAt)) {
+        keys.push({
+          accessKey: ga.accessKey,
+          effect: ga.effect ?? "allow",
+          source: "group",
+          expiresAt: ga.expiresAt
+        });
+      }
+    });
+    return keys;
+  }, [directAccess, userGroups, groupsMap, groupAccess]);
+  const combinedAccess = useMemo2(() => {
+    const uniqueKeys = /* @__PURE__ */ new Set();
+    for (const item of allAccessKeys) {
+      if (item.accessKey && item.effect === "allow") {
+        uniqueKeys.add(item.accessKey);
+      }
+    }
+    return Array.from(uniqueKeys);
+  }, [allAccessKeys]);
+  const effectivePermissions = useMemo2(() => {
+    const permissions = [];
+    for (const item_0 of allAccessKeys) {
+      if (item_0.effect !== "allow") continue;
+      const parts = item_0.accessKey.split(":");
+      if (parts.length === 3) {
+        const [resourceType, resourceId, permission] = parts;
+        permissions.push({
+          resourceType,
+          resourceId,
+          permission,
+          permissionLevel: getPermissionLevel(permission),
+          source: item_0.source,
+          inheritedFrom: null,
+          expiresAt: item_0.expiresAt ?? null
+        });
+      }
+    }
+    return permissions;
+  }, [allAccessKeys]);
+  const profileStatus = profile?.status;
+  const isArchived = profileStatus === "archived";
+  const isSuspended = profileStatus === "suspended";
+  const hasAccess = useCallback((key) => {
+    if (isArchived || isSuspended) return false;
+    if (!isUsable(combinedAccess)) return false;
+    if (combinedAccess.includes("*:*:*")) return true;
+    if (combinedAccess.includes(key)) return true;
+    if (!isUsable(key)) return true;
+    for (const pattern of combinedAccess) {
+      if (matchesAccessPattern(pattern, key)) return true;
+    }
+    const parts_0 = key.split(":");
+    if (parts_0.length === 3) {
+      const [type, id_1, action_0] = parts_0;
+      const requiredLevel = getPermissionLevel(action_0);
+      const hasPermission = effectivePermissions.some((p) => p.resourceType === type && p.resourceId === id_1 && p.permissionLevel >= requiredLevel);
+      if (hasPermission) return true;
+    }
+    return false;
+  }, [combinedAccess, effectivePermissions, isArchived, isSuspended]);
+  const isAccessLoading = directAccessLoading || userGroupsLoading || groupsLoading || groupAccessLoading;
+  const authState = useMemo2(() => ({
+    hasAccess,
+    user: currentUser,
+    profile,
+    access: combinedAccess,
+    effectivePermissions,
+    profileStatus,
+    isArchived,
+    isSuspended,
+    isLoading: currentUser === null ? false : profileLoading || isAccessLoading || currentUser === void 0,
+    signInAsync,
+    signOutAsync,
+    onSignOut,
+    removeOnSignOut,
+    registerAsync,
+    refreshAsync
+  }), [hasAccess, currentUser, profile, combinedAccess, effectivePermissions, profileStatus, isArchived, isSuspended, profileLoading, isAccessLoading]);
+  return /* @__PURE__ */ jsx(setupAuthContext.Provider, { value: authState, children });
+}
+
+// src/auth/context/PermissionContext.tsx
+import { createContext as createContext2, useCallback as useCallback2, useContext, useEffect as useEffect2, useMemo as useMemo3, useRef as useRef3, useState as useState2 } from "react";
+import { jsx as jsx2 } from "react/jsx-runtime";
 function getCacheKey(userId, entityType, entityId) {
   return `${userId || "anon"}:${entityType}:${entityId}`;
 }
@@ -189,13 +472,13 @@ function PermissionProvider({
   const supabase = useSupabase();
   const setupAuth = useContext(setupAuthContext);
   const user = setupAuth?.user;
-  const cacheRef = useRef2(/* @__PURE__ */ new Map());
-  const pendingLookupsRef = useRef2(/* @__PURE__ */ new Set());
-  const inFlightRef = useRef2(/* @__PURE__ */ new Set());
-  const batchTimerRef = useRef2(null);
-  const [isLoading, setIsLoading] = useState(false);
-  const [, forceUpdate] = useState(0);
-  const cleanupExpiredEntries = useCallback(() => {
+  const cacheRef = useRef3(/* @__PURE__ */ new Map());
+  const pendingLookupsRef = useRef3(/* @__PURE__ */ new Set());
+  const inFlightRef = useRef3(/* @__PURE__ */ new Set());
+  const batchTimerRef = useRef3(null);
+  const [isLoading, setIsLoading] = useState2(false);
+  const [, forceUpdate] = useState2(0);
+  const cleanupExpiredEntries = useCallback2(() => {
     const now = Date.now();
     const cache = cacheRef.current;
     let hasExpired = false;
@@ -209,11 +492,11 @@ function PermissionProvider({
       forceUpdate((prev) => prev + 1);
     }
   }, []);
-  useEffect(() => {
+  useEffect2(() => {
     const cleanupInterval = setInterval(cleanupExpiredEntries, 60 * 1e3);
     return () => clearInterval(cleanupInterval);
   }, [cleanupExpiredEntries]);
-  const executeBatchLookup = useCallback(async () => {
+  const executeBatchLookup = useCallback2(async () => {
     const pending = Array.from(pendingLookupsRef.current);
     pendingLookupsRef.current.clear();
     if (pending.length === 0 || !user?.id) {
@@ -273,7 +556,7 @@ function PermissionProvider({
       setIsLoading(false);
     }
   }, [supabase, user?.id]);
-  const scheduleBatchLookup = useCallback(() => {
+  const scheduleBatchLookup = useCallback2(() => {
     if (batchTimerRef.current) {
       clearTimeout(batchTimerRef.current);
     }
@@ -282,7 +565,7 @@ function PermissionProvider({
       executeBatchLookup();
     }, BATCH_DELAY_MS);
   }, [executeBatchLookup]);
-  const getPermission = useCallback((entityType_0, entityId) => {
+  const getPermission = useCallback2((entityType_0, entityId) => {
     const key_4 = getCacheKey(user?.id, entityType_0, entityId);
     const cache_2 = cacheRef.current;
     const cached = cache_2.get(key_4);
@@ -296,7 +579,7 @@ function PermissionProvider({
     }
     return loadingPermission;
   }, [scheduleBatchLookup, user?.id]);
-  const checkPermission = useCallback((entityType_1, entityId_0, action) => {
+  const checkPermission = useCallback2((entityType_1, entityId_0, action) => {
     const permission = getPermission(entityType_1, entityId_0);
     if (permission.isLoading) {
       return false;
@@ -318,7 +601,7 @@ function PermissionProvider({
         return false;
     }
   }, [getPermission]);
-  const prefetchPermissions = useCallback(async (entities_0) => {
+  const prefetchPermissions = useCallback2(async (entities_0) => {
     if (!user?.id || entities_0.length === 0) {
       return;
     }
@@ -375,12 +658,12 @@ function PermissionProvider({
       setIsLoading(false);
     }
   }, [supabase, user?.id]);
-  const invalidatePermission = useCallback((entityType_2, entityId_1) => {
+  const invalidatePermission = useCallback2((entityType_2, entityId_1) => {
     const key_8 = getCacheKey(user?.id, entityType_2, entityId_1);
     cacheRef.current.delete(key_8);
     forceUpdate((prev_2) => prev_2 + 1);
   }, [user?.id]);
-  const parseScopedAccessKey = useCallback((key_9) => {
+  const parseScopedAccessKey = useCallback2((key_9) => {
     if (!key_9 || typeof key_9 !== "string") {
       return null;
     }
@@ -408,7 +691,7 @@ function PermissionProvider({
       entityId: entityId_2
     };
   }, []);
-  useEffect(() => {
+  useEffect2(() => {
     if (!user?.id) {
       return;
     }
@@ -436,7 +719,7 @@ function PermissionProvider({
       supabase.removeChannel(channel);
     };
   }, [supabase, user?.id, invalidatePermission, parseScopedAccessKey]);
-  useEffect(() => {
+  useEffect2(() => {
     cacheRef.current.clear();
     pendingLookupsRef.current.clear();
     inFlightRef.current.clear();
@@ -446,21 +729,21 @@ function PermissionProvider({
     }
     forceUpdate((prev_3) => prev_3 + 1);
   }, [user?.id]);
-  useEffect(() => {
+  useEffect2(() => {
     return () => {
       if (batchTimerRef.current) {
         clearTimeout(batchTimerRef.current);
       }
     };
   }, []);
-  const value = useMemo2(() => ({
+  const value = useMemo3(() => ({
     getPermission,
     checkPermission,
     prefetchPermissions,
     invalidatePermission,
     isLoading
   }), [getPermission, checkPermission, prefetchPermissions, invalidatePermission, isLoading]);
-  return /* @__PURE__ */ jsx(permissionContext.Provider, { value, children });
+  return /* @__PURE__ */ jsx2(permissionContext.Provider, { value, children });
 }
 function usePermissions() {
   const context = useContext(permissionContext);
@@ -470,371 +753,6 @@ function usePermissions() {
   return context;
 }
 
-// src/auth/context/AuthProvider.tsx
-import { isUsable, newUuid } from "@pol-studios/utils";
-import { useCallback as useCallback2, useEffect as useEffect2, useMemo as useMemo3, useRef as useRef3, useState as useState2 } from "react";
-import { jsx as jsx2 } from "react/jsx-runtime";
-var SESSION_FETCH_TIMEOUT_MS = 3e3;
-function getPermissionLevel(action) {
-  switch (action.toLowerCase()) {
-    case "view":
-    case "read":
-      return 1;
-    case "edit":
-    case "write":
-      return 2;
-    case "admin":
-    case "delete":
-    case "share":
-      return 3;
-    default:
-      return 0;
-  }
-}
-var profileQuery = typedSupabase?.schema("core").from("Profile").select("*, UserAccess(accessKey), status").single();
-function isNotExpired(expiresAt) {
-  return !expiresAt || new Date(expiresAt) > /* @__PURE__ */ new Date();
-}
-function AuthProvider({
-  children,
-  enableEntityPermissions = false
-}) {
-  const supabase = useSupabase();
-  const [currentUser, setCurrentUser] = useState2(void 0);
-  const [userNeedsChange, setUserNeedsChange] = useState2(true);
-  const [onSignOutCallbacks, setOnSignOutCallbacks] = useState2(/* @__PURE__ */ new Map());
-  async function registerAsync(register) {
-    const response = await supabase.auth.signUp(register);
-    setCurrentUser((prev) => {
-      const newUser = response.data.user;
-      if (prev?.id === newUser?.id) {
-        return prev;
-      }
-      return newUser;
-    });
-    return response;
-  }
-  async function signInAsync(username, password) {
-    const response_0 = await supabase.auth.signInWithPassword({
-      email: username,
-      password
-    });
-    if (response_0.data) {
-      setCurrentUser((prev_0) => {
-        const newUser_0 = response_0.data.user;
-        if (prev_0?.id === newUser_0?.id) {
-          return prev_0;
-        }
-        return newUser_0;
-      });
-    }
-    return response_0;
-  }
-  async function signOutAsync() {
-    const response_1 = await supabase.auth.signOut();
-    if (isUsable(response_1.error) === false) {
-      Array.from(onSignOutCallbacks.values()).forEach((x) => {
-        x();
-      });
-    }
-    return response_1;
-  }
-  function onSignOut(action) {
-    const id = newUuid();
-    setOnSignOutCallbacks((x_0) => new Map(x_0).set(id, action));
-    return id;
-  }
-  function removeOnSignOut(id_0) {
-    setOnSignOutCallbacks((x_1) => {
-      const map = new Map(x_1);
-      map.delete(id_0);
-      return map;
-    });
-  }
-  async function refreshAsync() {
-  }
-  useEffect2(() => {
-    const request = supabase.auth.onAuthStateChange((event) => {
-      if (event === "SIGNED_IN" || event === "SIGNED_OUT") {
-        setUserNeedsChange(true);
-      }
-    });
-    return () => {
-      request.data.subscription.unsubscribe();
-    };
-  }, [supabase.auth]);
-  useEffect2(() => {
-    if (userNeedsChange === false) return;
-    let cancelled = false;
-    async function fetchSessionWithTimeout() {
-      try {
-        const timeoutPromise = new Promise((_, reject) => {
-          setTimeout(() => {
-            reject(new Error(`Session fetch timed out after ${SESSION_FETCH_TIMEOUT_MS}ms`));
-          }, SESSION_FETCH_TIMEOUT_MS);
-        });
-        const result = await Promise.race([supabase.auth.getSession(), timeoutPromise]);
-        if (cancelled) return;
-        const newUser_1 = result?.data?.session?.user ?? null;
-        setCurrentUser((prev_2) => {
-          if (newUser_1 === null) return null;
-          if (prev_2?.id === newUser_1?.id) {
-            return prev_2;
-          }
-          return newUser_1;
-        });
-        setUserNeedsChange(false);
-      } catch (error) {
-        if (cancelled) return;
-        console.error("Failed to get session (timeout or error):", error);
-        setCurrentUser((prev_1) => prev_1 === null ? prev_1 : null);
-        setUserNeedsChange(false);
-      }
-    }
-    fetchSessionWithTimeout();
-    return () => {
-      cancelled = true;
-    };
-  }, [userNeedsChange, supabase.auth]);
-  const {
-    data: profileData,
-    isLoading: profileLoading,
-    refetch: refetchProfile
-  } = useDbQuery("core.Profile", {
-    where: {
-      id: currentUser?.id
-    },
-    enabled: isUsable(currentUser)
-  });
-  const profile = profileData?.[0] ?? null;
-  const {
-    data: directAccess,
-    isLoading: directAccessLoading,
-    refetch: refetchDirectAccess
-  } = useDbQuery("core.UserAccess", {
-    where: {
-      userId: currentUser?.id
-    },
-    enabled: isUsable(currentUser)
-  });
-  const {
-    data: userGroups,
-    isLoading: userGroupsLoading,
-    refetch: refetchUserGroups
-  } = useDbQuery("core.UserGroup", {
-    where: {
-      userId: currentUser?.id
-    },
-    enabled: isUsable(currentUser)
-  });
-  const {
-    data: groups,
-    isLoading: groupsLoading,
-    refetch: refetchGroups
-  } = useDbQuery("core.Group", {
-    where: {
-      isActive: 1
-    },
-    // PowerSync stores booleans as 0/1
-    enabled: isUsable(currentUser)
-  });
-  const groupIds = useMemo3(() => userGroups?.map((ug) => ug.groupId) ?? [], [userGroups]);
-  const groupsMap = useMemo3(() => new Map(groups?.map((g) => [g.id, g]) ?? []), [groups]);
-  const {
-    data: groupAccess,
-    isLoading: groupAccessLoading,
-    refetch: refetchGroupAccess
-  } = useDbQuery("core.GroupAccessKey", {
-    where: groupIds.length > 0 ? {
-      groupId: {
-        in: groupIds
-      }
-    } : void 0,
-    enabled: groupIds.length > 0
-  });
-  const refetchAccessData = useCallback2(() => {
-    refetchDirectAccess();
-    refetchUserGroups();
-    refetchGroups();
-    refetchGroupAccess();
-  }, [refetchDirectAccess, refetchUserGroups, refetchGroups, refetchGroupAccess]);
-  const userGroupIdsRef = useRef3(/* @__PURE__ */ new Set());
-  useEffect2(() => {
-    if (userGroups) {
-      const groupIdSet = /* @__PURE__ */ new Set();
-      for (const ug_0 of userGroups) {
-        if (ug_0.groupId) {
-          groupIdSet.add(typeof ug_0.groupId === "number" ? ug_0.groupId : parseInt(ug_0.groupId, 10));
-        }
-      }
-      userGroupIdsRef.current = groupIdSet;
-    }
-  }, [userGroups]);
-  useEffect2(() => {
-    if (!currentUser?.id) return;
-    const channel = supabase.channel(`user-access-keys-${currentUser.id}`).on("postgres_changes", {
-      event: "*",
-      schema: "core",
-      table: "UserAccess",
-      filter: `userId=eq.${currentUser.id}`
-    }, () => {
-      refetchAccessData();
-    }).on("postgres_changes", {
-      event: "*",
-      schema: "core",
-      table: "UserGroup",
-      filter: `userId=eq.${currentUser.id}`
-    }, () => {
-      refetchAccessData();
-    }).on("postgres_changes", {
-      event: "*",
-      schema: "core",
-      table: "GroupAccessKey"
-    }, (payload) => {
-      const groupId = payload.new?.groupId || payload.old?.groupId;
-      if (groupId && userGroupIdsRef.current.has(groupId)) {
-        refetchAccessData();
-      }
-    }).on("postgres_changes", {
-      event: "UPDATE",
-      schema: "core",
-      table: "Group"
-    }, (payload_0) => {
-      const oldActive = payload_0.old?.isActive;
-      const newActive = payload_0.new?.isActive;
-      const groupId_0 = payload_0.new?.id;
-      if (oldActive !== newActive && groupId_0 && userGroupIdsRef.current.has(groupId_0)) {
-        refetchAccessData();
-      }
-    }).subscribe();
-    return () => {
-      channel.unsubscribe();
-      supabase.removeChannel(channel);
-    };
-  }, [supabase, currentUser?.id, refetchAccessData]);
-  useEffect2(() => {
-    if (!currentUser?.id) return;
-    const profileChannel = supabase.channel(`profile-status-${currentUser.id}`).on("postgres_changes", {
-      event: "UPDATE",
-      schema: "core",
-      table: "Profile",
-      filter: `id=eq.${currentUser.id}`
-    }, (payload_1) => {
-      const newStatus = payload_1.new?.status;
-      const oldStatus = payload_1.old?.status;
-      if (oldStatus === "active" && (newStatus === "archived" || newStatus === "suspended")) {
-        signOutAsync();
-      }
-      refetchProfile();
-    }).subscribe();
-    return () => {
-      profileChannel.unsubscribe();
-      supabase.removeChannel(profileChannel);
-    };
-  }, [supabase, currentUser?.id, refetchProfile]);
-  const allAccessKeys = useMemo3(() => {
-    const keys = [];
-    directAccess?.forEach((a) => {
-      if (isNotExpired(a.expiresAt)) {
-        keys.push({
-          accessKey: a.accessKey,
-          effect: a.effect ?? "allow",
-          source: "direct",
-          expiresAt: a.expiresAt
-        });
-      }
-    });
-    const activeGroupIds = new Set(userGroups?.filter((ug_1) => {
-      const group = groupsMap.get(ug_1.groupId);
-      return group?.isActive === 1 && isNotExpired(ug_1.expiresAt);
-    }).map((ug_2) => ug_2.groupId) ?? []);
-    groupAccess?.forEach((ga) => {
-      if (activeGroupIds.has(ga.groupId) && isNotExpired(ga.expiresAt)) {
-        keys.push({
-          accessKey: ga.accessKey,
-          effect: ga.effect ?? "allow",
-          source: "group",
-          expiresAt: ga.expiresAt
-        });
-      }
-    });
-    return keys;
-  }, [directAccess, userGroups, groupsMap, groupAccess]);
-  const combinedAccess = useMemo3(() => {
-    const uniqueKeys = /* @__PURE__ */ new Set();
-    for (const item of allAccessKeys) {
-      if (item.accessKey && item.effect === "allow") {
-        uniqueKeys.add(item.accessKey);
-      }
-    }
-    return Array.from(uniqueKeys);
-  }, [allAccessKeys]);
-  const effectivePermissions = useMemo3(() => {
-    const permissions = [];
-    for (const item_0 of allAccessKeys) {
-      if (item_0.effect !== "allow") continue;
-      const parts = item_0.accessKey.split(":");
-      if (parts.length === 3) {
-        const [resourceType, resourceId, permission] = parts;
-        const permissionLevel = getPermissionLevel(permission);
-        permissions.push({
-          resourceType,
-          resourceId,
-          permission,
-          permissionLevel,
-          source: item_0.source,
-          inheritedFrom: null,
-          expiresAt: item_0.expiresAt ?? null
-        });
-      }
-    }
-    return permissions;
-  }, [allAccessKeys]);
-  const profileStatus = profile?.status;
-  const isArchived = profileStatus === "archived";
-  const isSuspended = profileStatus === "suspended";
-  const hasAccess = useCallback2((key) => {
-    if (isArchived || isSuspended) {
-      return false;
-    }
-    const accessGiven = combinedAccess;
-    if (isUsable(accessGiven) === false) return false;
-    if (accessGiven.includes("*:*:*")) return true;
-    if (accessGiven.includes(key)) return true;
-    if (isUsable(key) === false) return true;
-    const parts_0 = key.split(":");
-    if (parts_0.length === 3) {
-      const [type, id_1, action_0] = parts_0;
-      const requiredLevel = getPermissionLevel(action_0);
-      const hasPermission = effectivePermissions.some((p) => p.resourceType === type && p.resourceId === id_1 && p.permissionLevel >= requiredLevel);
-      if (hasPermission) {
-        return true;
-      }
-    }
-    return false;
-  }, [combinedAccess, effectivePermissions, isArchived, isSuspended]);
-  const isAccessLoading = directAccessLoading || userGroupsLoading || groupsLoading || groupAccessLoading;
-  const authStateWithLoading = useMemo3(() => ({
-    hasAccess,
-    user: currentUser,
-    profile,
-    access: combinedAccess,
-    effectivePermissions,
-    profileStatus,
-    isArchived,
-    isSuspended,
-    isLoading: currentUser === null ? false : profileLoading || isAccessLoading || currentUser === void 0,
-    signInAsync,
-    signOutAsync,
-    onSignOut,
-    removeOnSignOut,
-    registerAsync,
-    refreshAsync
-  }), [profile, profileLoading, isAccessLoading, currentUser, combinedAccess, effectivePermissions, profileStatus, isArchived, isSuspended, hasAccess]);
-  const content = enableEntityPermissions ? /* @__PURE__ */ jsx2(PermissionProvider, { children }) : children;
-  return /* @__PURE__ */ jsx2(setupAuthContext.Provider, { value: authStateWithLoading, children: content });
-}
-
 // src/auth/context/UserMetadataContext.tsx
 import { c as _c2 } from "react/compiler-runtime";
 import { createContext as createContext3, useContext as useContext2, useEffect as useEffect3, useMemo as useMemo4, useState as useState3, useCallback as useCallback3, useRef as useRef4 } from "react";
@@ -1176,11 +1094,11 @@ export {
   isTimeoutError,
   useDbQuery2 as useDbQuery,
   setupAuthContext,
+  AuthProvider,
   permissionContext,
   entityPermissionContext,
   PermissionProvider,
   usePermissions,
-  AuthProvider,
   userMetadataContext,
   UserMetadataProvider,
   useUserMetadata,
@@ -1188,4 +1106,4 @@ export {
   useSetUserMetadata,
   useUserMetadataState
 };
-//# sourceMappingURL=chunk-YQUNORJD.js.map
+//# sourceMappingURL=chunk-MZLEDWJF.js.map