npm - @directus/api - Versions diffs - 19.3.0 → 20.0.0-rc.0 - Mend

@directus/api 19.3.0 → 20.0.0-rc.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (287) hide show

package/dist/services/operations.js CHANGED Viewed

@@ -5,32 +5,20 @@ export class OperationsService extends ItemsService {
         super('directus_operations', options);
     }
     async createOne(data, opts) {
-        const flowManager = getFlowManager();
         const result = await super.createOne(data, opts);
-        await flowManager.reload();
-        return result;
-    }
-    async createMany(data, opts) {
-        const flowManager = getFlowManager();
-        const result = await super.createMany(data, opts);
-        await flowManager.reload();
-        return result;
-    }
-    async updateBatch(data, opts) {
         const flowManager = getFlowManager();
-        const result = await super.updateBatch(data, opts);
         await flowManager.reload();
         return result;
     }
     async updateMany(keys, data, opts) {
-        const flowManager = getFlowManager();
         const result = await super.updateMany(keys, data, opts);
+        const flowManager = getFlowManager();
         await flowManager.reload();
         return result;
     }
     async deleteMany(keys, opts) {
-        const flowManager = getFlowManager();
         const result = await super.deleteMany(keys, opts);
+        const flowManager = getFlowManager();
         await flowManager.reload();
         return result;
     }

package/dist/services/payload.d.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import type { Accountability, Item, PrimaryKey, SchemaOverview } from '@directus
 import type { Knex } from 'knex';
 import type { Helpers } from '../database/helpers/index.js';
 import type { AbstractServiceOptions, ActionEventParams, MutationOptions } from '../types/index.js';
+import { UserIntegrityCheckFlag } from '../utils/validate-user-count-integrity.js';
 type Action = 'create' | 'read' | 'update';
 type Transformers = {
     [type: string]: (context: {
@@ -13,6 +14,11 @@ type Transformers = {
         helpers: Helpers;
     }) => Promise<any>;
 };
+type PayloadServiceProcessRelationResult = {
+    revisions: PrimaryKey[];
+    nestedActionEvents: ActionEventParams[];
+    userIntegrityCheckFlags: UserIntegrityCheckFlag;
+};
 /**
  * Process a given payload for a collection to ensure the special fields (hash, uuid, date etc) are
  * handled correctly.
@@ -46,26 +52,19 @@ export declare class PayloadService {
     /**
      * Recursively save/update all nested related Any-to-One items
      */
-    processA2O(data: Partial<Item>, opts?: MutationOptions): Promise<{
+    processA2O(data: Partial<Item>, opts?: MutationOptions): Promise<PayloadServiceProcessRelationResult & {
         payload: Partial<Item>;
-        revisions: PrimaryKey[];
-        nestedActionEvents: ActionEventParams[];
     }>;
     /**
      * Save/update all nested related m2o items inside the payload
      */
-    processM2O(data: Partial<Item>, opts?: MutationOptions): Promise<{
+    processM2O(data: Partial<Item>, opts?: MutationOptions): Promise<PayloadServiceProcessRelationResult & {
         payload: Partial<Item>;
-        revisions: PrimaryKey[];
-        nestedActionEvents: ActionEventParams[];
     }>;
     /**
      * Recursively save/update all nested related o2m items
      */
-    processO2M(data: Partial<Item>, parent: PrimaryKey, opts?: MutationOptions): Promise<{
-        revisions: PrimaryKey[];
-        nestedActionEvents: ActionEventParams[];
-    }>;
+    processO2M(data: Partial<Item>, parent: PrimaryKey, opts?: MutationOptions): Promise<PayloadServiceProcessRelationResult>;
     /**
      * Transforms the input partial payload to match the output structure, to have consistency
      * between delta and data

package/dist/services/payload.js CHANGED Viewed

@@ -9,7 +9,7 @@ import { parse as wktToGeoJSON } from 'wellknown';
 import { getHelpers } from '../database/helpers/index.js';
 import getDatabase from '../database/index.js';
 import { generateHash } from '../utils/generate-hash.js';
-import { ItemsService } from './items.js';
+import { UserIntegrityCheckFlag } from '../utils/validate-user-count-integrity.js';
 /**
  * Process a given payload for a collection to ensure the special fields (hash, uuid, date etc) are
  * handled correctly.
@@ -318,6 +318,7 @@ export class PayloadService {
             return relation.collection === this.collection;
         });
         const revisions = [];
+        let userIntegrityCheckFlags = UserIntegrityCheckFlag.None;
         const nestedActionEvents = [];
         const payload = cloneDeep(data);
         // Only process related records that are actually in the payload
@@ -340,7 +341,8 @@ export class PayloadService {
                     reason: `"${relation.collection}.${relation.field}" can't be linked to collection "${relatedCollection}"`,
                 });
             }
-            const itemsService = new ItemsService(relatedCollection, {
+            const { getService } = await import('../utils/get-service.js');
+            const service = getService(relatedCollection, {
                 accountability: this.accountability,
                 knex: this.knex,
                 schema: this.schema,
@@ -360,8 +362,9 @@ export class PayloadService {
             if (exists) {
                 const fieldsToUpdate = omit(relatedRecord, relatedPrimary);
                 if (Object.keys(fieldsToUpdate).length > 0) {
-                    await itemsService.updateOne(relatedPrimaryKey, relatedRecord, {
+                    await service.updateOne(relatedPrimaryKey, relatedRecord, {
                         onRevisionCreate: (pk) => revisions.push(pk),
+                        onRequireUserIntegrityCheck: (flags) => (userIntegrityCheckFlags |= flags),
                         bypassEmitAction: (params) => opts?.bypassEmitAction ? opts.bypassEmitAction(params) : nestedActionEvents.push(params),
                         emitEvents: opts?.emitEvents,
                         mutationTracker: opts?.mutationTracker,
@@ -369,8 +372,9 @@ export class PayloadService {
                 }
             }
             else {
-                relatedPrimaryKey = await itemsService.createOne(relatedRecord, {
+                relatedPrimaryKey = await service.createOne(relatedRecord, {
                     onRevisionCreate: (pk) => revisions.push(pk),
+                    onRequireUserIntegrityCheck: (flags) => (userIntegrityCheckFlags |= flags),
                     bypassEmitAction: (params) => opts?.bypassEmitAction ? opts.bypassEmitAction(params) : nestedActionEvents.push(params),
                     emitEvents: opts?.emitEvents,
                     mutationTracker: opts?.mutationTracker,
@@ -379,7 +383,7 @@ export class PayloadService {
             // Overwrite the nested object with just the primary key, so the parent level can be saved correctly
             payload[relation.field] = relatedPrimaryKey;
         }
-        return { payload, revisions, nestedActionEvents };
+        return { payload, revisions, nestedActionEvents, userIntegrityCheckFlags };
     }
     /**
      * Save/update all nested related m2o items inside the payload
@@ -388,6 +392,7 @@ export class PayloadService {
         const payload = cloneDeep(data);
         // All the revisions saved on this level
         const revisions = [];
+        let userIntegrityCheckFlags = UserIntegrityCheckFlag.None;
         const nestedActionEvents = [];
         // Many to one relations that exist on the current collection
         const relations = this.schema.relations.filter((relation) => {
@@ -402,8 +407,8 @@ export class PayloadService {
             if (!relation.related_collection)
                 continue;
             const relatedPrimaryKeyField = this.schema.collections[relation.related_collection].primary;
-            // Items service to the related collection
-            const itemsService = new ItemsService(relation.related_collection, {
+            const { getService } = await import('../utils/get-service.js');
+            const service = getService(relation.related_collection, {
                 accountability: this.accountability,
                 knex: this.knex,
                 schema: this.schema,
@@ -422,8 +427,9 @@ export class PayloadService {
             if (exists) {
                 const fieldsToUpdate = omit(relatedRecord, relatedPrimaryKeyField);
                 if (Object.keys(fieldsToUpdate).length > 0) {
-                    await itemsService.updateOne(relatedPrimaryKey, relatedRecord, {
+                    await service.updateOne(relatedPrimaryKey, relatedRecord, {
                         onRevisionCreate: (pk) => revisions.push(pk),
+                        onRequireUserIntegrityCheck: (flags) => (userIntegrityCheckFlags |= flags),
                         bypassEmitAction: (params) => opts?.bypassEmitAction ? opts.bypassEmitAction(params) : nestedActionEvents.push(params),
                         emitEvents: opts?.emitEvents,
                         mutationTracker: opts?.mutationTracker,
@@ -431,8 +437,9 @@ export class PayloadService {
                 }
             }
             else {
-                relatedPrimaryKey = await itemsService.createOne(relatedRecord, {
+                relatedPrimaryKey = await service.createOne(relatedRecord, {
                     onRevisionCreate: (pk) => revisions.push(pk),
+                    onRequireUserIntegrityCheck: (flags) => (userIntegrityCheckFlags |= flags),
                     bypassEmitAction: (params) => opts?.bypassEmitAction ? opts.bypassEmitAction(params) : nestedActionEvents.push(params),
                     emitEvents: opts?.emitEvents,
                     mutationTracker: opts?.mutationTracker,
@@ -441,13 +448,14 @@ export class PayloadService {
             // Overwrite the nested object with just the primary key, so the parent level can be saved correctly
             payload[relation.field] = relatedPrimaryKey;
         }
-        return { payload, revisions, nestedActionEvents };
+        return { payload, revisions, nestedActionEvents, userIntegrityCheckFlags };
     }
     /**
      * Recursively save/update all nested related o2m items
      */
     async processO2M(data, parent, opts) {
         const revisions = [];
+        let userIntegrityCheckFlags = UserIntegrityCheckFlag.None;
         const nestedActionEvents = [];
         const relations = this.schema.relations.filter((relation) => {
             return relation.related_collection === this.collection;
@@ -469,7 +477,8 @@ export class PayloadService {
                 continue;
             const currentPrimaryKeyField = this.schema.collections[relation.related_collection].primary;
             const relatedPrimaryKeyField = this.schema.collections[relation.collection].primary;
-            const itemsService = new ItemsService(relation.collection, {
+            const { getService } = await import('../utils/get-service.js');
+            const service = getService(relation.collection, {
                 accountability: this.accountability,
                 knex: this.knex,
                 schema: this.schema,
@@ -513,8 +522,9 @@ export class PayloadService {
                         [relation.field]: parent || payload[currentPrimaryKeyField],
                     });
                 }
-                savedPrimaryKeys.push(...(await itemsService.upsertMany(recordsToUpsert, {
+                savedPrimaryKeys.push(...(await service.upsertMany(recordsToUpsert, {
                     onRevisionCreate: (pk) => revisions.push(pk),
+                    onRequireUserIntegrityCheck: (flags) => (userIntegrityCheckFlags |= flags),
                     bypassEmitAction: (params) => opts?.bypassEmitAction ? opts.bypassEmitAction(params) : nestedActionEvents.push(params),
                     emitEvents: opts?.emitEvents,
                     mutationTracker: opts?.mutationTracker,
@@ -538,15 +548,17 @@ export class PayloadService {
                 // Nullify all related items that aren't included in the current payload
                 if (relation.meta.one_deselect_action === 'delete') {
                     // There's no revision for a deletion
-                    await itemsService.deleteByQuery(query, {
+                    await service.deleteByQuery(query, {
+                        onRequireUserIntegrityCheck: (flags) => (userIntegrityCheckFlags |= flags),
                         bypassEmitAction: (params) => opts?.bypassEmitAction ? opts.bypassEmitAction(params) : nestedActionEvents.push(params),
                         emitEvents: opts?.emitEvents,
                         mutationTracker: opts?.mutationTracker,
                     });
                 }
                 else {
-                    await itemsService.updateByQuery(query, { [relation.field]: null }, {
+                    await service.updateByQuery(query, { [relation.field]: null }, {
                         onRevisionCreate: (pk) => revisions.push(pk),
+                        onRequireUserIntegrityCheck: (flags) => (userIntegrityCheckFlags |= flags),
                         bypassEmitAction: (params) => opts?.bypassEmitAction ? opts.bypassEmitAction(params) : nestedActionEvents.push(params),
                         emitEvents: opts?.emitEvents,
                         mutationTracker: opts?.mutationTracker,
@@ -587,8 +599,9 @@ export class PayloadService {
                             [relation.field]: parent || payload[currentPrimaryKeyField],
                         }));
                     }
-                    await itemsService.createMany(createPayload, {
+                    await service.createMany(createPayload, {
                         onRevisionCreate: (pk) => revisions.push(pk),
+                        onRequireUserIntegrityCheck: (flags) => (userIntegrityCheckFlags |= flags),
                         bypassEmitAction: (params) => opts?.bypassEmitAction ? opts.bypassEmitAction(params) : nestedActionEvents.push(params),
                         emitEvents: opts?.emitEvents,
                         mutationTracker: opts?.mutationTracker,
@@ -597,11 +610,12 @@ export class PayloadService {
                 if (alterations.update) {
                     const primaryKeyField = this.schema.collections[relation.collection].primary;
                     for (const item of alterations.update) {
-                        await itemsService.updateOne(item[primaryKeyField], {
+                        await service.updateOne(item[primaryKeyField], {
                             ...item,
                             [relation.field]: parent || payload[currentPrimaryKeyField],
                         }, {
                             onRevisionCreate: (pk) => revisions.push(pk),
+                            onRequireUserIntegrityCheck: (flags) => (userIntegrityCheckFlags |= flags),
                             bypassEmitAction: (params) => opts?.bypassEmitAction ? opts.bypassEmitAction(params) : nestedActionEvents.push(params),
                             emitEvents: opts?.emitEvents,
                             mutationTracker: opts?.mutationTracker,
@@ -626,15 +640,17 @@ export class PayloadService {
                         },
                     };
                     if (relation.meta.one_deselect_action === 'delete') {
-                        await itemsService.deleteByQuery(query, {
+                        await service.deleteByQuery(query, {
+                            onRequireUserIntegrityCheck: (flags) => (userIntegrityCheckFlags |= flags),
                             bypassEmitAction: (params) => opts?.bypassEmitAction ? opts.bypassEmitAction(params) : nestedActionEvents.push(params),
                             emitEvents: opts?.emitEvents,
                             mutationTracker: opts?.mutationTracker,
                         });
                     }
                     else {
-                        await itemsService.updateByQuery(query, { [relation.field]: null }, {
+                        await service.updateByQuery(query, { [relation.field]: null }, {
                             onRevisionCreate: (pk) => revisions.push(pk),
+                            onRequireUserIntegrityCheck: (flags) => (userIntegrityCheckFlags |= flags),
                             bypassEmitAction: (params) => opts?.bypassEmitAction ? opts.bypassEmitAction(params) : nestedActionEvents.push(params),
                             emitEvents: opts?.emitEvents,
                             mutationTracker: opts?.mutationTracker,
@@ -643,7 +659,7 @@ export class PayloadService {
                 }
             }
         }
-        return { revisions, nestedActionEvents };
+        return { revisions, nestedActionEvents, userIntegrityCheckFlags };
     }
     /**
      * Transforms the input partial payload to match the output structure, to have consistency

package/dist/services/{permissions/index.d.ts → permissions.d.ts} RENAMED Viewed

@@ -1,12 +1,10 @@
-import type { Item, ItemPermissions, PermissionsAction, PrimaryKey, Query } from '@directus/types';
-import type Keyv from 'keyv';
-import type { AbstractServiceOptions, MutationOptions } from '../../types/index.js';
-import type { QueryOptions } from '../items.js';
-import { ItemsService } from '../items.js';
+import type { Item, ItemPermissions, PrimaryKey, Query } from '@directus/types';
+import type { AbstractServiceOptions, MutationOptions } from '../types/index.js';
+import type { QueryOptions } from './items.js';
+import { ItemsService } from './items.js';
 export declare class PermissionsService extends ItemsService {
-    systemCache: Keyv<any>;
     constructor(options: AbstractServiceOptions);
-    getAllowedFields(action: PermissionsAction, collection?: string): Record<string, string[]>;
+    private clearCaches;
     readByQuery(query: Query, opts?: QueryOptions): Promise<Partial<Item>[]>;
     createOne(data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey>;
     createMany(data: Partial<Item>[], opts?: MutationOptions): Promise<PrimaryKey[]>;

package/dist/services/{permissions/index.js → permissions.js} RENAMED Viewed

@@ -1,32 +1,17 @@
 import { ForbiddenError } from '@directus/errors';
-import { clearSystemCache, getCache } from '../../cache.js';
-import { AuthorizationService } from '../authorization.js';
-import { ItemsService } from '../items.js';
-import { withAppMinimalPermissions } from './lib/with-app-minimal-permissions.js';
+import { clearSystemCache } from '../cache.js';
+import { withAppMinimalPermissions } from '../permissions/lib/with-app-minimal-permissions.js';
+import { validateAccess } from '../permissions/modules/validate-access/validate-access.js';
+import { ItemsService } from './items.js';
 export class PermissionsService extends ItemsService {
-    systemCache;
     constructor(options) {
         super('directus_permissions', options);
-        const { systemCache } = getCache();
-        this.systemCache = systemCache;
     }
-    getAllowedFields(action, collection) {
-        const results = this.accountability?.permissions?.filter((permission) => {
-            let matchesCollection = true;
-            if (collection) {
-                matchesCollection = permission.collection === collection;
-            }
-            const matchesAction = permission.action === action;
-            return collection ? matchesCollection && matchesAction : matchesAction;
-        }) ?? [];
-        const fieldsPerCollection = {};
-        for (const result of results) {
-            const { collection, fields } = result;
-            if (!fieldsPerCollection[collection])
-                fieldsPerCollection[collection] = [];
-            fieldsPerCollection[collection].push(...(fields ?? []));
+    async clearCaches(opts) {
+        await clearSystemCache({ autoPurgeCache: opts?.autoPurgeCache });
+        if (this.cache && opts?.autoPurgeCache !== false) {
+            await this.cache.clear();
         }
-        return fieldsPerCollection;
     }
     async readByQuery(query, opts) {
         const result = (await super.readByQuery(query, opts));
@@ -34,50 +19,32 @@ export class PermissionsService extends ItemsService {
     }
     async createOne(data, opts) {
         const res = await super.createOne(data, opts);
-        await clearSystemCache({ autoPurgeCache: opts?.autoPurgeCache });
-        if (this.cache && opts?.autoPurgeCache !== false) {
-            await this.cache.clear();
-        }
+        await this.clearCaches(opts);
         return res;
     }
     async createMany(data, opts) {
         const res = await super.createMany(data, opts);
-        await clearSystemCache({ autoPurgeCache: opts?.autoPurgeCache });
-        if (this.cache && opts?.autoPurgeCache !== false) {
-            await this.cache.clear();
-        }
+        await this.clearCaches(opts);
         return res;
     }
     async updateBatch(data, opts) {
         const res = await super.updateBatch(data, opts);
-        await clearSystemCache({ autoPurgeCache: opts?.autoPurgeCache });
-        if (this.cache && opts?.autoPurgeCache !== false) {
-            await this.cache.clear();
-        }
+        await this.clearCaches(opts);
         return res;
     }
     async updateMany(keys, data, opts) {
         const res = await super.updateMany(keys, data, opts);
-        await clearSystemCache({ autoPurgeCache: opts?.autoPurgeCache });
-        if (this.cache && opts?.autoPurgeCache !== false) {
-            await this.cache.clear();
-        }
+        await this.clearCaches(opts);
         return res;
     }
     async upsertMany(payloads, opts) {
         const res = await super.upsertMany(payloads, opts);
-        await clearSystemCache({ autoPurgeCache: opts?.autoPurgeCache });
-        if (this.cache && opts?.autoPurgeCache !== false) {
-            await this.cache.clear();
-        }
+        await this.clearCaches(opts);
         return res;
     }
     async deleteMany(keys, opts) {
         const res = await super.deleteMany(keys, opts);
-        await clearSystemCache({ autoPurgeCache: opts?.autoPurgeCache });
-        if (this.cache && opts?.autoPurgeCache !== false) {
-            await this.cache.clear();
-        }
+        await this.clearCaches(opts);
         return res;
     }
     async getItemPermissions(collection, primaryKey) {
@@ -115,16 +82,25 @@ export class PermissionsService extends ItemsService {
                 updateAction = 'create';
             }
         }
-        const authorizationService = new AuthorizationService({
-            knex: this.knex,
-            accountability: this.accountability,
-            schema: this.schema,
-        });
         await Promise.all(Object.keys(itemPermissions).map((key) => {
             const action = key;
             const checkAction = action === 'update' ? updateAction : action;
-            return authorizationService
-                .checkAccess(checkAction, collection, primaryKey)
+            if (!this.accountability) {
+                itemPermissions[action].access = true;
+                return Promise.resolve();
+            }
+            const opts = {
+                accountability: this.accountability,
+                action: checkAction,
+                collection,
+            };
+            if (primaryKey) {
+                opts.primaryKeys = [primaryKey];
+            }
+            return validateAccess(opts, {
+                schema: this.schema,
+                knex: this.knex,
+            })
                 .then(() => (itemPermissions[action].access = true))
                 .catch(() => { });
         }));

package/dist/services/policies.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import type { Policy, PrimaryKey } from '@directus/types';
+import type { AbstractServiceOptions, MutationOptions } from '../types/index.js';
+import { ItemsService } from './items.js';
+export declare class PoliciesService extends ItemsService<Policy> {
+    constructor(options: AbstractServiceOptions);
+    private clearCaches;
+    private isIpAccessValid;
+    private assertValidIpAccess;
+    createOne(data: Partial<Policy>, opts?: MutationOptions): Promise<PrimaryKey>;
+    updateMany(keys: PrimaryKey[], data: Partial<Policy>, opts?: MutationOptions): Promise<PrimaryKey[]>;
+    deleteMany(keys: PrimaryKey[], opts?: MutationOptions): Promise<PrimaryKey[]>;
+}

package/dist/services/policies.js ADDED Viewed

@@ -0,0 +1,87 @@
+import { InvalidPayloadError } from '@directus/errors';
+import { getMatch } from 'ip-matching';
+import { clearSystemCache } from '../cache.js';
+import { clearCache as clearPermissionsCache } from '../permissions/cache.js';
+import { UserIntegrityCheckFlag } from '../utils/validate-user-count-integrity.js';
+import { ItemsService } from './items.js';
+export class PoliciesService extends ItemsService {
+    constructor(options) {
+        super('directus_policies', options);
+    }
+    async clearCaches(opts) {
+        await clearSystemCache({ autoPurgeCache: opts?.autoPurgeCache });
+        if (this.cache && opts?.autoPurgeCache !== false) {
+            await this.cache.clear();
+        }
+    }
+    isIpAccessValid(value) {
+        if (value === undefined)
+            return false;
+        if (value === null)
+            return true;
+        if (Array.isArray(value) && value.length === 0)
+            return true;
+        for (const ip of value) {
+            if (typeof ip !== 'string' || ip.includes('*'))
+                return false;
+            try {
+                const match = getMatch(ip);
+                if (match.type == 'IPMask')
+                    return false;
+            }
+            catch {
+                return false;
+            }
+        }
+        return true;
+    }
+    assertValidIpAccess(partialItem) {
+        if ('ip_access' in partialItem && !this.isIpAccessValid(partialItem['ip_access'])) {
+            throw new InvalidPayloadError({
+                reason: 'IP Access contains an incorrect value. Valid values are: IP addresses, IP ranges and CIDR blocks',
+            });
+        }
+    }
+    async createOne(data, opts = {}) {
+        this.assertValidIpAccess(data);
+        // A policy has been created, but the attachment to a user/role happens in the AccessService,
+        // so no need to check user integrity
+        const result = await super.createOne(data, opts);
+        // TODO is this necessary? Since the attachment should be handled in the AccessService
+        // A new policy has created, clear the permissions cache
+        await clearPermissionsCache();
+        return result;
+    }
+    async updateMany(keys, data, opts = {}) {
+        this.assertValidIpAccess(data);
+        if ('admin_access' in data) {
+            let flags = UserIntegrityCheckFlag.RemainingAdmins;
+            if (data['admin_access'] === true) {
+                // Only need to perform a full user count if the policy allows admin access
+                flags |= UserIntegrityCheckFlag.All;
+            }
+            opts.userIntegrityCheckFlags = (opts.userIntegrityCheckFlags ?? UserIntegrityCheckFlag.None) | flags;
+        }
+        if ('app_access' in data) {
+            opts.userIntegrityCheckFlags =
+                (opts.userIntegrityCheckFlags ?? UserIntegrityCheckFlag.None) | UserIntegrityCheckFlag.UserLimits;
+        }
+        if (opts.userIntegrityCheckFlags)
+            opts.onRequireUserIntegrityCheck?.(opts.userIntegrityCheckFlags);
+        const result = await super.updateMany(keys, data, opts);
+        if ('admin_access' in data || 'app_access' in data || 'ip_access' in data || 'enforce_tfa' in data) {
+            // Some relevant properties on policies have been updated, clear the caches
+            await this.clearCaches(opts);
+        }
+        return result;
+    }
+    async deleteMany(keys, opts = {}) {
+        opts.userIntegrityCheckFlags = UserIntegrityCheckFlag.All;
+        opts.onRequireUserIntegrityCheck?.(opts.userIntegrityCheckFlags);
+        const result = await super.deleteMany(keys, opts);
+        // TODO is this necessary? Since the detachment should be handled in the AccessService
+        // Some policies have been deleted, clear the permissions cache
+        await this.clearCaches(opts);
+        return result;
+    }
+}

package/dist/services/relations.d.ts CHANGED Viewed

@@ -5,10 +5,8 @@ import type { Knex } from 'knex';
 import type { Helpers } from '../database/helpers/index.js';
 import type { AbstractServiceOptions, MutationOptions } from '../types/index.js';
 import { ItemsService, type QueryOptions } from './items.js';
-import { PermissionsService } from './permissions/index.js';
 export declare class RelationsService {
     knex: Knex;
-    permissionsService: PermissionsService;
     schemaInspector: SchemaInspector;
     accountability: Accountability | null;
     schema: SchemaOverview;
@@ -32,10 +30,6 @@ export declare class RelationsService {
      * Delete an existing relationship
      */
     deleteOne(collection: string, field: string, opts?: MutationOptions): Promise<void>;
-    /**
-     * Whether or not the current user has read access to relations
-     */
-    private get hasReadAccess();
     /**
      * Combine raw schema foreign key information with Directus relations meta rows to form final
      * Relation objects