@directus/api 16.0.0 → 17.0.1

package/dist/controllers/items.js

@@ -8,9 +8,10 @@ import { ItemsService } from '../services/items.js';
 import { MetaService } from '../services/meta.js';
 import asyncHandler from '../utils/async-handler.js';
 import { sanitizeQuery } from '../utils/sanitize-query.js';
+import { isSystemCollection } from '@directus/system-data';
 const router = express.Router();
 router.post('/:collection', collectionExists, asyncHandler(async (req, res, next) => {
-    if (req.params['collection'].startsWith('directus_'))
+    if (isSystemCollection(req.params['collection']))
         throw new ForbiddenError();
     if (req.singleton) {
         throw new RouteNotFoundError({ path: req.path });
@@ -47,7 +48,7 @@ router.post('/:collection', collectionExists, asyncHandler(async (req, res, next
     return next();
 }), respond);
 const readHandler = asyncHandler(async (req, res, next) => {
-    if (req.params['collection'].startsWith('directus_'))
+    if (isSystemCollection(req.params['collection']))
         throw new ForbiddenError();
     const service = new ItemsService(req.collection, {
         accountability: req.accountability,
@@ -77,7 +78,7 @@ const readHandler = asyncHandler(async (req, res, next) => {
 router.search('/:collection', collectionExists, validateBatch('read'), readHandler, respond);
 router.get('/:collection', collectionExists, readHandler, respond);
 router.get('/:collection/:pk', collectionExists, asyncHandler(async (req, res, next) => {
-    if (req.params['collection'].startsWith('directus_'))
+    if (isSystemCollection(req.params['collection']))
         throw new ForbiddenError();
     const service = new ItemsService(req.collection, {
         accountability: req.accountability,
@@ -90,7 +91,7 @@ router.get('/:collection/:pk', collectionExists, asyncHandler(async (req, res, n
     return next();
 }), respond);
 router.patch('/:collection', collectionExists, validateBatch('update'), asyncHandler(async (req, res, next) => {
-    if (req.params['collection'].startsWith('directus_'))
+    if (isSystemCollection(req.params['collection']))
         throw new ForbiddenError();
     const service = new ItemsService(req.collection, {
         accountability: req.accountability,
@@ -126,7 +127,7 @@ router.patch('/:collection', collectionExists, validateBatch('update'), asyncHan
     return next();
 }), respond);
 router.patch('/:collection/:pk', collectionExists, asyncHandler(async (req, res, next) => {
-    if (req.params['collection'].startsWith('directus_'))
+    if (isSystemCollection(req.params['collection']))
         throw new ForbiddenError();
     if (req.singleton) {
         throw new RouteNotFoundError({ path: req.path });
@@ -149,7 +150,7 @@ router.patch('/:collection/:pk', collectionExists, asyncHandler(async (req, res,
     return next();
 }), respond);
 router.delete('/:collection', collectionExists, validateBatch('delete'), asyncHandler(async (req, _res, next) => {
-    if (req.params['collection'].startsWith('directus_'))
+    if (isSystemCollection(req.params['collection']))
         throw new ForbiddenError();
     const service = new ItemsService(req.collection, {
         accountability: req.accountability,
@@ -168,7 +169,7 @@ router.delete('/:collection', collectionExists, validateBatch('delete'), asyncHa
     return next();
 }), respond);
 router.delete('/:collection/:pk', collectionExists, asyncHandler(async (req, _res, next) => {
-    if (req.params['collection'].startsWith('directus_'))
+    if (isSystemCollection(req.params['collection']))
         throw new ForbiddenError();
     const service = new ItemsService(req.collection, {
         accountability: req.accountability,

package/dist/controllers/permissions.js

@@ -1,6 +1,5 @@
-import { isDirectusError } from '@directus/errors';
+import { ErrorCode, isDirectusError } from '@directus/errors';
 import express from 'express';
-import { ErrorCode } from '@directus/errors';
 import { respond } from '../middleware/respond.js';
 import useCollection from '../middleware/use-collection.js';
 import { validateBatch } from '../middleware/validate-batch.js';
@@ -152,4 +151,14 @@ router.delete('/:pk', asyncHandler(async (req, _res, next) => {
     await service.deleteOne(req.params['pk']);
     return next();
 }), respond);
+router.get('/me/:collection/:pk?', asyncHandler(async (req, res, next) => {
+    const { collection, pk } = req.params;
+    const service = new PermissionsService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
+    const itemPermissions = await service.getItemPermissions(collection, pk);
+    res.locals['payload'] = { data: itemPermissions };
+    return next();
+}), respond);
 export default router;

package/dist/controllers/utils.js

@@ -1,13 +1,11 @@
+import { InvalidPayloadError, InvalidQueryError, UnsupportedMediaTypeError } from '@directus/errors';
 import argon2 from 'argon2';
 import Busboy from 'busboy';
 import { Router } from 'express';
 import Joi from 'joi';
-import fs from 'node:fs';
-import { createRequire } from 'node:module';
-import { InvalidPayloadError, InvalidQueryError, UnsupportedMediaTypeError } from '@directus/errors';
 import collectionExists from '../middleware/collection-exists.js';
 import { respond } from '../middleware/respond.js';
-import { ExportService } from '../services/import-export/index.js';
+import { ExportService, ImportService } from '../services/import-export.js';
 import { RevisionsService } from '../services/revisions.js';
 import { UtilsService } from '../services/utils.js';
 import asyncHandler from '../utils/async-handler.js';
@@ -66,6 +64,10 @@ router.post('/import/:collection', collectionExists, asyncHandler(async (req, re
     if (req.is('multipart/form-data') === false) {
         throw new UnsupportedMediaTypeError({ mediaType: req.headers['content-type'], where: 'Content-Type header' });
     }
+    const service = new ImportService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
     let headers;
     if (req.headers['content-type']) {
         headers = req.headers;
@@ -78,34 +80,13 @@ router.post('/import/:collection', collectionExists, asyncHandler(async (req, re
     }
     const busboy = Busboy({ headers });
     busboy.on('file', async (_fieldname, fileStream, { mimeType }) => {
-        const { createTmpFile } = await import('@directus/utils/node');
-        const { getWorkerPool } = await import('../worker-pool.js');
-        const tmpFile = await createTmpFile().catch(() => null);
-        if (!tmpFile)
-            throw new Error('Failed to create temporary file for import');
-        fileStream.pipe(fs.createWriteStream(tmpFile.path));
-        fileStream.on('end', async () => {
-            const workerPool = getWorkerPool();
-            const require = createRequire(import.meta.url);
-            const filename = require.resolve('../services/import-export/import-worker');
-            const workerData = {
-                collection: req.params['collection'],
-                mimeType,
-                filePath: tmpFile.path,
-                accountability: req.accountability,
-                schema: req.schema,
-            };
-            try {
-                await workerPool.run(workerData, { filename });
-                res.status(200).end();
-            }
-            catch (error) {
-                next(error);
-            }
-            finally {
-                await tmpFile.cleanup();
-            }
-        });
+        try {
+            await service.import(req.params['collection'], mimeType, fileStream);
+        }
+        catch (err) {
+            return next(err);
+        }
+        return res.status(200).end();
     });
     busboy.on('error', (err) => next(err));
     req.pipe(busboy);

package/dist/extensions/lib/sandbox/generate-api-extensions-sandbox-entrypoint.d.ts

@@ -16,7 +16,7 @@ export declare function generateApiExtensionsSandboxEntrypoint(type: ApiExtensio
     unregisterFunction: () => Promise<void>;
 } | {
     code: string;
-    hostFunctions: ((path: import("isolated-vm").Reference<string>, method: import("isolated-vm").Reference<"GET" | "POST" | "DELETE" | "PUT" | "PATCH">, cb: import("isolated-vm").Reference<(req: {
+    hostFunctions: ((path: import("isolated-vm").Reference<string>, method: import("isolated-vm").Reference<"GET" | "POST" | "DELETE" | "PATCH" | "PUT">, cb: import("isolated-vm").Reference<(req: {
         url: string;
         headers: import("http").IncomingHttpHeaders;
         body: string;

package/dist/flows.js

@@ -19,6 +19,7 @@ import { mapValuesDeep } from './utils/map-values-deep.js';
 import { redactObject } from './utils/redact-object.js';
 import { sanitizeError } from './utils/sanitize-error.js';
 import { scheduleSynchronizedJob, validateCron } from './utils/schedule.js';
+import { isSystemCollection } from '@directus/system-data';
 let flowManager;
 export function getFlowManager() {
     if (flowManager) {
@@ -111,7 +112,7 @@ class FlowManager {
                             if (!flow.options?.['collections'])
                                 return [];
                             return toArray(flow.options['collections']).map((collection) => {
-                                if (collection.startsWith('directus_')) {
+                                if (isSystemCollection(collection)) {
                                     const action = scope.split('.')[1];
                                     return collection.substring(9) + '.' + action;
                                 }

package/dist/middleware/collection-exists.js

@@ -1,8 +1,8 @@
 /**
  * Check if requested collection exists, and save it to req.collection
  */
-import { systemCollectionRows } from '../database/system-data/collections/index.js';
 import { ForbiddenError } from '@directus/errors';
+import { systemCollectionRows } from '@directus/system-data';
 import asyncHandler from '../utils/async-handler.js';
 const collectionExists = asyncHandler(async (req, _res, next) => {
     if (!req.params['collection'])
@@ -11,11 +11,11 @@ const collectionExists = asyncHandler(async (req, _res, next) => {
         throw new ForbiddenError();
     }
     req.collection = req.params['collection'];
-    if (req.collection.startsWith('directus_')) {
-        const systemRow = systemCollectionRows.find((collection) => {
-            return collection?.collection === req.collection;
-        });
-        req.singleton = !!systemRow?.singleton;
+    const systemCollectionRow = systemCollectionRows.find((collection) => {
+        return collection?.collection === req.collection;
+    });
+    if (systemCollectionRow !== undefined) {
+        req.singleton = !!systemCollectionRow?.singleton;
     }
     else {
         req.singleton = req.schema.collections[req.collection]?.singleton ?? false;

package/dist/middleware/respond.js

@@ -3,7 +3,7 @@ import { parse as parseBytesConfiguration } from 'bytes';
 import { assign } from 'lodash-es';
 import { getCache, setCacheValue } from '../cache.js';
 import { useLogger } from '../logger.js';
-import { ExportService } from '../services/import-export/index.js';
+import { ExportService } from '../services/import-export.js';
 import { VersionsService } from '../services/versions.js';
 import asyncHandler from '../utils/async-handler.js';
 import { getCacheControlHeader } from '../utils/get-cache-headers.js';

package/dist/operations/request/index.js

@@ -24,12 +24,12 @@ export default defineOperationApi({
             return { status: result.status, statusText: result.statusText, headers: result.headers, data: result.data };
         }
         catch (error) {
-            if (isAxiosError(error)) {
+            if (isAxiosError(error) && error.response) {
                 throw JSON.stringify({
-                    status: error.response?.status,
-                    statusText: error.response?.statusText,
-                    headers: error.response?.headers,
-                    data: error.response?.data,
+                    status: error.response.status,
+                    statusText: error.response.statusText,
+                    headers: error.response.headers,
+                    data: error.response.data,
                 });
             }
             else {

package/dist/request/agent-with-ip-validation.d.ts

@@ -0,0 +1,11 @@
+/// <reference types="node" resolution-mode="require"/>
+import type { Agent, ClientRequestArgs } from 'node:http';
+/**
+ * 'createConnection' is missing in 'Agent' type, but assigned in actual implementation:
+ * https://github.com/nodejs/node/blob/8a41d9b636be86350cd32847c3f89d327c4f6ff7/lib/_http_agent.js#L215
+ */
+export type _Agent = Agent & {
+    createConnection: NonNullable<ClientRequestArgs['createConnection']>;
+};
+/** Extends a HTTP agent with IP validation */
+export declare const agentWithIpValidation: (agent: Agent) => Agent;

package/dist/request/agent-with-ip-validation.js

@@ -0,0 +1,34 @@
+import { isIP } from 'node:net';
+import { isDeniedIp } from './is-denied-ip.js';
+const deniedError = (domain) => new Error(`Requested domain "${domain}" resolves to a denied IP address`);
+/** Extends a HTTP agent with IP validation */
+export const agentWithIpValidation = (agent) => {
+    const _agent = agent;
+    const { createConnection } = _agent;
+    _agent.createConnection = function (options, oncreate) {
+        const { host } = options;
+        /*
+         * Unexpected, but according to the types 'host' might be undefined.
+         * In that case, the request is denied to be on the safe side,
+         * since the host cannot be verified.
+         */
+        if (!host) {
+            throw new Error('Request cannot be verified due to missing host');
+        }
+        /*
+         * At this point, host is only verified if it's already an IP address.
+         * Otherwise it will be verified on 'lookup' event.
+         */
+        if (isIP(host) !== 0 && isDeniedIp(host))
+            throw deniedError(host);
+        const socket = createConnection.call(this, options, oncreate);
+        // Emitted after resolving the host name but before connecting.
+        socket.on('lookup', (error, address) => {
+            if (error || !isDeniedIp(address))
+                return;
+            return socket.destroy(deniedError(host));
+        });
+        return socket;
+    };
+    return agent;
+};

package/dist/request/index.js

@@ -1,14 +1,15 @@
-import { requestInterceptor } from './request-interceptor.js';
-import { responseInterceptor } from './response-interceptor.js';
 export const _cache = {
     axiosInstance: null,
 };
 export async function getAxios() {
     if (!_cache.axiosInstance) {
         const axios = (await import('axios')).default;
-        _cache.axiosInstance = axios.create();
-        _cache.axiosInstance.interceptors.request.use(requestInterceptor);
-        _cache.axiosInstance.interceptors.response.use(responseInterceptor);
+        const { Agent: AgentHttp } = await import('node:http');
+        const { Agent: AgentHttps } = await import('node:https');
+        const { agentWithIpValidation } = await import('./agent-with-ip-validation.js');
+        const httpAgent = agentWithIpValidation(new AgentHttp());
+        const httpsAgent = agentWithIpValidation(new AgentHttps());
+        _cache.axiosInstance = axios.create({ httpAgent, httpsAgent });
     }
     return _cache.axiosInstance;
 }

package/dist/request/is-denied-ip.d.ts

@@ -0,0 +1 @@
+export declare function isDeniedIp(ip: string): boolean;

package/dist/request/{validate-ip.js → is-denied-ip.js}

@@ -2,34 +2,32 @@ import { useEnv } from '@directus/env';
 import os from 'node:os';
 import { useLogger } from '../logger.js';
 import { ipInNetworks } from '../utils/ip-in-networks.js';
-const deniedError = (url) => new Error(`Requested URL "${url}" resolves to a denied IP address`);
-export function validateIp(ip, url) {
+export function isDeniedIp(ip) {
     const env = useEnv();
     const logger = useLogger();
     const ipDenyList = env['IMPORT_IP_DENY_LIST'];
     if (ipDenyList.length === 0)
-        return;
-    let denied;
+        return false;
     try {
-        denied = ipInNetworks(ip, ipDenyList);
+        const denied = ipInNetworks(ip, ipDenyList);
+        if (denied)
+            return true;
     }
     catch (error) {
-        logger.warn(`Invalid "IMPORT_IP_DENY_LIST" configuration`);
+        logger.warn(`Cannot verify IP address due to invalid "IMPORT_IP_DENY_LIST" config`);
         logger.warn(error);
-        throw deniedError(url);
+        return true;
     }
-    if (denied)
-        throw deniedError(url);
     if (ipDenyList.includes('0.0.0.0')) {
         const networkInterfaces = os.networkInterfaces();
         for (const networkInfo of Object.values(networkInterfaces)) {
             if (!networkInfo)
                 continue;
             for (const info of networkInfo) {
-                if (info.address === ip) {
-                    throw deniedError(url);
-                }
+                if (info.address === ip)
+                    return true;
             }
         }
     }
+    return false;
 }

package/dist/services/assets.js

@@ -24,7 +24,7 @@ export class AssetsService {
     constructor(options) {
         this.knex = options.knex || getDatabase();
         this.accountability = options.accountability || null;
-        this.filesService = new FilesService(options);
+        this.filesService = new FilesService({ ...options, accountability: null });
         this.authorizationService = new AuthorizationService(options);
     }
     async getAsset(id, transformation, range) {
@@ -46,8 +46,6 @@ export class AssetsService {
             await this.authorizationService.checkAccess('read', 'directus_files', id);
         }
         const file = (await this.filesService.readOne(id, { limit: 1 }));
-        if (!file)
-            throw new ForbiddenError();
         const exists = await storage.location(file.storage).exists(file.filename_disk);
         if (!exists)
             throw new ForbiddenError();

package/dist/services/authorization.d.ts

@@ -13,5 +13,5 @@ export declare class AuthorizationService {
      * Checks if the provided payload matches the configured permissions, and adds the presets to the payload.
      */
     validatePayload(action: PermissionsAction, collection: string, data: Partial<Item>): Partial<Item>;
-    checkAccess(action: PermissionsAction, collection: string, pk: PrimaryKey | PrimaryKey[]): Promise<void>;
+    checkAccess(action: PermissionsAction, collection: string, pk?: PrimaryKey | PrimaryKey[]): Promise<void>;
 }

package/dist/services/authorization.js

@@ -1,9 +1,9 @@
+import { ForbiddenError } from '@directus/errors';
 import { validatePayload } from '@directus/utils';
 import { FailedValidationError, joiValidationErrorItemToErrorExtensions } from '@directus/validation';
 import { cloneDeep, flatten, isArray, isNil, merge, reduce, uniq, uniqWith } from 'lodash-es';
 import { GENERATE_SPECIAL } from '../constants.js';
 import getDatabase from '../database/index.js';
-import { ForbiddenError } from '@directus/errors';
 import { getRelationInfo } from '../utils/get-relation-info.js';
 import { stripFunction } from '../utils/strip-function.js';
 import { ItemsService } from './items.js';
@@ -430,15 +430,27 @@ export class AuthorizationService {
         };
         if (Array.isArray(pk)) {
             const result = await itemsService.readMany(pk, { ...query, limit: pk.length }, { permissionsAction: action });
-            if (!result)
+            // for the unexpected case that the result is not an array (for example due to filter hook)
+            if (!isArray(result))
                 throw new ForbiddenError();
             if (result.length !== pk.length)
                 throw new ForbiddenError();
         }
-        else {
+        else if (pk) {
             const result = await itemsService.readOne(pk, query, { permissionsAction: action });
             if (!result)
                 throw new ForbiddenError();
         }
+        else {
+            query.limit = 1;
+            const result = await itemsService.readByQuery(query, { permissionsAction: action });
+            // for the unexpected case that the result is not an array (for example due to filter hook)
+            if (!isArray(result))
+                throw new ForbiddenError();
+            // for create action, an empty array is expected - for other actions, the first item is expected to be available
+            const access = action === 'create' ? result.length === 0 : !!result[0];
+            if (!access)
+                throw new ForbiddenError();
+        }
     }
 }

package/dist/services/collections.d.ts

@@ -3,12 +3,13 @@ import type { Accountability, RawField, SchemaOverview } from '@directus/types';
 import type Keyv from 'keyv';
 import type { Knex } from 'knex';
 import type { Helpers } from '../database/helpers/index.js';
-import type { AbstractServiceOptions, Collection, CollectionMeta, MutationOptions } from '../types/index.js';
+import type { AbstractServiceOptions, Collection, MutationOptions } from '../types/index.js';
+import { type BaseCollectionMeta } from '@directus/system-data';
 export type RawCollection = {
     collection: string;
     fields?: RawField[];
     schema?: Partial<Table> | null;
-    meta?: Partial<CollectionMeta> | null;
+    meta?: Partial<BaseCollectionMeta> | null;
 };
 export declare class CollectionsService {
     knex: Knex;

package/dist/services/collections.js

@@ -7,12 +7,12 @@ import { clearSystemCache, getCache } from '../cache.js';
 import { ALIAS_TYPES } from '../constants.js';
 import { getHelpers } from '../database/helpers/index.js';
 import getDatabase, { getSchemaInspector } from '../database/index.js';
-import { systemCollectionRows } from '../database/system-data/collections/index.js';
 import emitter from '../emitter.js';
 import { getSchema } from '../utils/get-schema.js';
 import { shouldClearCache } from '../utils/should-clear-cache.js';
 import { FieldsService } from './fields.js';
 import { ItemsService } from './items.js';
+import { systemCollectionRows } from '@directus/system-data';
 export class CollectionsService {
     knex;
     helpers;

package/dist/services/fields.js

@@ -7,7 +7,6 @@ import { ALIAS_TYPES } from '../constants.js';
 import { translateDatabaseError } from '../database/errors/translate.js';
 import { getHelpers } from '../database/helpers/index.js';
 import getDatabase, { getSchemaInspector } from '../database/index.js';
-import { systemFieldRows } from '../database/system-data/fields/index.js';
 import emitter from '../emitter.js';
 import { ForbiddenError, InvalidPayloadError } from '@directus/errors';
 import { ItemsService } from './items.js';
@@ -18,6 +17,8 @@ import { getSchema } from '../utils/get-schema.js';
 import { sanitizeColumn } from '../utils/sanitize-schema.js';
 import { shouldClearCache } from '../utils/should-clear-cache.js';
 import { RelationsService } from './relations.js';
+import { getSystemFieldRowsWithAuthProviders } from '../utils/get-field-system-rows.js';
+const systemFieldRows = getSystemFieldRowsWithAuthProviders();
 export class FieldsService {
     knex;
     helpers;

package/dist/services/files.js

@@ -288,11 +288,12 @@ export class FilesService extends ItemsService {
                 decompress: false,
             });
         }
-        catch (err) {
-            logger.warn(err, `Couldn't fetch file from URL "${importURL}"`);
+        catch (error) {
+            logger.warn(`Couldn't fetch file from URL "${importURL}"${error.message ? `: ${error.message}` : ''}`);
+            logger.trace(error);
             throw new ServiceUnavailableError({
                 service: 'external-file',
-                reason: `Couldn't fetch file from url "${importURL}"`,
+                reason: `Couldn't fetch file from URL "${importURL}"`,
             });
         }
         const parsedURL = url.parse(fileResponse.request.res.responseUrl);

package/dist/services/graphql/index.js

@@ -40,6 +40,7 @@ import { GraphQLStringOrFloat } from './types/string-or-float.js';
 import { GraphQLVoid } from './types/void.js';
 import { addPathToValidationError } from './utils/add-path-to-validation-error.js';
 import processError from './utils/process-error.js';
+import { isSystemCollection } from '@directus/system-data';
 const env = useEnv();
 const validationRules = Array.from(specifiedRules);
 if (env['GRAPHQL_INTROSPECTION'] === false) {
@@ -129,10 +130,10 @@ export class GraphQLService {
         const { ReadCollectionTypes, VersionCollectionTypes } = getReadableTypes();
         const { CreateCollectionTypes, UpdateCollectionTypes, DeleteCollectionTypes } = getWritableTypes();
         const scopeFilter = (collection) => {
-            if (this.scope === 'items' && collection.collection.startsWith('directus_') === true)
+            if (this.scope === 'items' && isSystemCollection(collection.collection))
                 return false;
             if (this.scope === 'system') {
-                if (collection.collection.startsWith('directus_') === false)
+                if (isSystemCollection(collection.collection) === false)
                     return false;
                 if (SYSTEM_DENY_LIST.includes(collection.collection))
                     return false;

package/dist/services/{import-export/index.d.ts → import-export.d.ts}

@@ -2,7 +2,7 @@
 import type { Accountability, File, Query, SchemaOverview } from '@directus/types';
 import type { Knex } from 'knex';
 import type { Readable } from 'node:stream';
-import type { AbstractServiceOptions } from '../../types/index.js';
+import type { AbstractServiceOptions } from '../types/index.js';
 type ExportFormat = 'csv' | 'json' | 'xml' | 'yaml';
 export declare class ImportService {
     knex: Knex;

package/dist/services/{import-export/index.js → import-export.js}

@@ -10,16 +10,17 @@ import { createReadStream } from 'node:fs';
 import { appendFile } from 'node:fs/promises';
 import Papa from 'papaparse';
 import StreamArray from 'stream-json/streamers/StreamArray.js';
-import getDatabase from '../../database/index.js';
-import emitter from '../../emitter.js';
-import { useLogger } from '../../logger.js';
-import { getDateFormatted } from '../../utils/get-date-formatted.js';
-import { Url } from '../../utils/url.js';
-import { userName } from '../../utils/user-name.js';
-import { FilesService } from '../files.js';
-import { ItemsService } from '../items.js';
-import { NotificationsService } from '../notifications.js';
-import { UsersService } from '../users.js';
+import getDatabase from '../database/index.js';
+import emitter from '../emitter.js';
+import { useLogger } from '../logger.js';
+import { getDateFormatted } from '../utils/get-date-formatted.js';
+import { Url } from '../utils/url.js';
+import { userName } from '../utils/user-name.js';
+import { FilesService } from './files.js';
+import { ItemsService } from './items.js';
+import { NotificationsService } from './notifications.js';
+import { UsersService } from './users.js';
+import { isSystemCollection } from '@directus/system-data';
 const env = useEnv();
 const logger = useLogger();
 export class ImportService {
@@ -32,7 +33,7 @@ export class ImportService {
         this.schema = options.schema;
     }
     async import(collection, mimetype, stream) {
-        if (this.accountability?.admin !== true && collection.startsWith('directus_'))
+        if (this.accountability?.admin !== true && isSystemCollection(collection))
             throw new ForbiddenError();
         const createPermissions = this.accountability?.permissions?.find((permission) => permission.collection === collection && permission.action === 'create');
         const updatePermissions = this.accountability?.permissions?.find((permission) => permission.collection === collection && permission.action === 'update');

package/dist/services/index.d.ts

@@ -10,7 +10,7 @@ export * from './files.js';
 export * from './flows.js';
 export * from './folders.js';
 export * from './graphql/index.js';
-export * from './import-export/index.js';
+export * from './import-export.js';
 export * from './items.js';
 export * from './mail/index.js';
 export * from './meta.js';

package/dist/services/index.js

@@ -10,7 +10,7 @@ export * from './files.js';
 export * from './flows.js';
 export * from './folders.js';
 export * from './graphql/index.js';
-export * from './import-export/index.js';
+export * from './import-export.js';
 export * from './items.js';
 export * from './mail/index.js';
 export * from './meta.js';

package/dist/services/items.js

@@ -13,6 +13,7 @@ import { shouldClearCache } from '../utils/should-clear-cache.js';
 import { validateKeys } from '../utils/validate-keys.js';
 import { AuthorizationService } from './authorization.js';
 import { PayloadService } from './payload.js';
+import { isSystemCollection } from '@directus/system-data';
 const env = useEnv();
 export class ItemsService {
     collection;
@@ -25,7 +26,7 @@ export class ItemsService {
         this.collection = collection;
         this.knex = options.knex || getDatabase();
         this.accountability = options.accountability || null;
-        this.eventScope = this.collection.startsWith('directus_') ? this.collection.substring(9) : 'items';
+        this.eventScope = isSystemCollection(this.collection) ? this.collection.substring(9) : 'items';
         this.schema = options.schema;
         this.cache = getCache().cache;
         return this;

package/dist/services/permissions.d.ts

@@ -1,8 +1,8 @@
-import type { PermissionsAction, Query } from '@directus/types';
+import type { ItemPermissions, PermissionsAction, Query } from '@directus/types';
 import type Keyv from 'keyv';
+import type { AbstractServiceOptions, Item, MutationOptions, PrimaryKey } from '../types/index.js';
 import type { QueryOptions } from './items.js';
 import { ItemsService } from './items.js';
-import type { AbstractServiceOptions, Item, MutationOptions, PrimaryKey } from '../types/index.js';
 export declare class PermissionsService extends ItemsService {
     systemCache: Keyv<any>;
     constructor(options: AbstractServiceOptions);
@@ -15,4 +15,5 @@ export declare class PermissionsService extends ItemsService {
     updateMany(keys: PrimaryKey[], data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey[]>;
     upsertMany(payloads: Partial<Item>[], opts?: MutationOptions): Promise<PrimaryKey[]>;
     deleteMany(keys: PrimaryKey[], opts?: MutationOptions): Promise<PrimaryKey[]>;
+    getItemPermissions(collection: string, primaryKey?: string): Promise<ItemPermissions>;
 }