@directus/api 19.3.1 → 20.0.0-rc.0

package/dist/utils/fetch-user-count/get-user-count-query.js

@@ -0,0 +1,17 @@
+export function getUserCountQuery(knex, options) {
+    // Safety check for an empty list of includeRoles, which would otherwise return all users
+    if (options.includeRoles && options.includeRoles.length === 0) {
+        return Promise.resolve({ count: 0 });
+    }
+    let query = knex('directus_users').count({ count: '*' }).as('count').where('status', 'active');
+    if (options.excludeIds && options.excludeIds.length > 0) {
+        query = query.whereNotIn('id', options.excludeIds);
+    }
+    if (options.excludeRoles && options.excludeRoles.length > 0) {
+        query = query.whereNotIn('role', options.excludeRoles);
+    }
+    if (options.includeRoles && options.includeRoles.length > 0) {
+        query = query.whereIn('role', options.includeRoles);
+    }
+    return query.first();
+}

package/dist/utils/get-accountability-for-role.js

@@ -1,40 +1,31 @@
-import { getPermissions } from './get-permissions.js';
+import { fetchRolesTree } from '../permissions/lib/fetch-roles-tree.js';
+import { fetchGlobalAccess } from '../permissions/modules/fetch-global-access/fetch-global-access.js';
+import { createDefaultAccountability } from '../permissions/utils/create-default-accountability.js';
 export async function getAccountabilityForRole(role, context) {
-    let generatedAccountability = context.accountability;
+    let generatedAccountability;
     if (role === null) {
-        generatedAccountability = {
-            role: null,
-            user: null,
-            admin: false,
-            app: false,
-        };
-        generatedAccountability.permissions = await getPermissions(generatedAccountability, context.schema);
+        generatedAccountability = createDefaultAccountability();
     }
     else if (role === 'system') {
-        generatedAccountability = {
-            user: null,
-            role: null,
+        generatedAccountability = createDefaultAccountability({
             admin: true,
             app: true,
-            permissions: [],
-        };
+        });
     }
     else {
-        const roleInfo = await context.database
-            .select(['app_access', 'admin_access'])
-            .from('directus_roles')
-            .where({ id: role })
-            .first();
-        if (!roleInfo) {
+        const roles = await fetchRolesTree(role, context.database);
+        // The roles tree should always include the passed role. If it doesn't, it's because it
+        // couldn't be read from the database and therefore doesn't exist
+        if (roles.length === 0) {
             throw new Error(`Configured role "${role}" isn't a valid role ID or doesn't exist.`);
         }
-        generatedAccountability = {
+        const globalAccess = await fetchGlobalAccess({ user: null, roles, ip: context.accountability?.ip ?? null }, context.database);
+        generatedAccountability = createDefaultAccountability({
             role,
+            roles,
             user: null,
-            admin: roleInfo.admin_access === 1 || roleInfo.admin_access === '1' || roleInfo.admin_access === true,
-            app: roleInfo.app_access === 1 || roleInfo.app_access === '1' || roleInfo.app_access === true,
-        };
-        generatedAccountability.permissions = await getPermissions(generatedAccountability, context.schema);
+            ...globalAccess,
+        });
     }
     return generatedAccountability;
 }

package/dist/utils/get-accountability-for-token.js

@@ -1,41 +1,40 @@
 import { InvalidCredentialsError } from '@directus/errors';
 import getDatabase from '../database/index.js';
+import { fetchRolesTree } from '../permissions/lib/fetch-roles-tree.js';
+import { fetchGlobalAccess } from '../permissions/modules/fetch-global-access/fetch-global-access.js';
+import { createDefaultAccountability } from '../permissions/utils/create-default-accountability.js';
 import { getSecret } from './get-secret.js';
 import isDirectusJWT from './is-directus-jwt.js';
-import { verifySessionJWT } from './verify-session-jwt.js';
 import { verifyAccessJWT } from './jwt.js';
+import { verifySessionJWT } from './verify-session-jwt.js';
 export async function getAccountabilityForToken(token, accountability) {
     if (!accountability) {
-        accountability = {
-            user: null,
-            role: null,
-            admin: false,
-            app: false,
-        };
+        accountability = createDefaultAccountability();
     }
+    // Try finding the user with the provided token
+    const database = getDatabase();
     if (token) {
         if (isDirectusJWT(token)) {
             const payload = verifyAccessJWT(token, getSecret());
             if ('session' in payload) {
                 await verifySessionJWT(payload);
             }
-            accountability.role = payload.role;
-            accountability.admin = payload.admin_access === true || payload.admin_access == 1;
-            accountability.app = payload.app_access === true || payload.app_access == 1;
             if (payload.share)
                 accountability.share = payload.share;
             if (payload.share_scope)
                 accountability.share_scope = payload.share_scope;
             if (payload.id)
                 accountability.user = payload.id;
+            accountability.role = payload.role;
+            accountability.roles = await fetchRolesTree(payload.role, database);
+            const { admin, app } = await fetchGlobalAccess(accountability, database);
+            accountability.admin = admin;
+            accountability.app = app;
         }
         else {
-            // Try finding the user with the provided token
-            const database = getDatabase();
             const user = await database
-                .select('directus_users.id', 'directus_users.role', 'directus_roles.admin_access', 'directus_roles.app_access')
+                .select('directus_users.id', 'directus_users.role')
                 .from('directus_users')
-                .leftJoin('directus_roles', 'directus_users.role', 'directus_roles.id')
                 .where({
                 'directus_users.token': token,
                 status: 'active',
@@ -46,8 +45,10 @@ export async function getAccountabilityForToken(token, accountability) {
             }
             accountability.user = user.id;
             accountability.role = user.role;
-            accountability.admin = user.admin_access === true || user.admin_access == 1;
-            accountability.app = user.app_access === true || user.app_access == 1;
+            accountability.roles = await fetchRolesTree(user.role, database);
+            const { admin, app } = await fetchGlobalAccess(accountability, database);
+            accountability.admin = admin;
+            accountability.app = app;
         }
     }
     return accountability;

package/dist/utils/get-cache-key.d.ts

@@ -1,3 +1,3 @@
 /// <reference types="cookie-parser" />
 import type { Request } from 'express';
-export declare function getCacheKey(req: Request): string;
+export declare function getCacheKey(req: Request): Promise<string>;

package/dist/utils/get-cache-key.js

@@ -1,15 +1,26 @@
 import hash from 'object-hash';
 import url from 'url';
+import getDatabase from '../database/index.js';
+import { fetchPoliciesIpAccess } from '../permissions/modules/fetch-policies-ip-access/fetch-policies-ip-access.js';
 import { getGraphqlQueryAndVariables } from './get-graphql-query-and-variables.js';
 import { version } from 'directus/version';
-export function getCacheKey(req) {
+import { ipInNetworks } from './ip-in-networks.js';
+export async function getCacheKey(req) {
     const path = url.parse(req.originalUrl).pathname;
     const isGraphQl = path?.startsWith('/graphql');
+    let includeIp = false;
+    if (req.accountability && req.accountability.ip) {
+        // Check if the IP influences the result of the request, that can be the case if some policies have an ip_access
+        // filter and the request IP matches any of those filters
+        const ipFilters = await fetchPoliciesIpAccess(req.accountability, getDatabase());
+        includeIp = ipFilters.length > 0 && ipFilters.some((networks) => ipInNetworks(req.accountability.ip, networks));
+    }
     const info = {
         version,
         user: req.accountability?.user || null,
         path,
         query: isGraphQl ? getGraphqlQueryAndVariables(req) : req.sanitizedQuery,
+        ...(includeIp && { ip: req.accountability.ip }),
     };
     const key = hash(info);
     return key;

package/dist/utils/get-column.d.ts

@@ -1,7 +1,8 @@
-import type { Query, SchemaOverview } from '@directus/types';
+import type { Filter, Query, SchemaOverview } from '@directus/types';
 import type { Knex } from 'knex';
 type GetColumnOptions = {
     query?: Query | undefined;
+    cases?: Filter[];
     originalCollectionName?: string | undefined;
 };
 /**

package/dist/utils/get-column.js

@@ -30,6 +30,7 @@ export function getColumn(knex, table, column, alias = applyFunctionToColumnName
             const result = fn[functionName](table, columnName, {
                 type,
                 query: options?.query,
+                cases: options?.cases,
                 originalCollectionName: options?.originalCollectionName,
             });
             if (alias) {

package/dist/utils/get-graphql-type.js

@@ -24,6 +24,7 @@ export function getGraphQLType(localType, special) {
             return GraphQLJSON;
         case 'geometry':
             return GraphQLGeoJSON;
+        case 'time':
         case 'timestamp':
         case 'dateTime':
         case 'date':

package/dist/utils/get-service.d.ts

@@ -2,6 +2,6 @@ import { ItemsService } from '../services/index.js';
 import type { AbstractServiceOptions } from '../types/services.js';
 /**
  * Select the correct service for the given collection. This allows the individual services to run
- * their custom checks (f.e. it allows UsersService to prevent updating TFA secret from outside)
+ * their custom checks (f.e. it allows `UsersService` to prevent updating TFA secret from outside).
  */
 export declare function getService(collection: string, opts: AbstractServiceOptions): ItemsService;

package/dist/utils/get-service.js

@@ -1,18 +1,17 @@
-import { ActivityService, DashboardsService, FilesService, FlowsService, FoldersService, ItemsService, NotificationsService, OperationsService, PanelsService, PermissionsService, PresetsService, RevisionsService, RolesService, SettingsService, SharesService, UsersService, VersionsService, WebhooksService, } from '../services/index.js';
+import { ForbiddenError } from '@directus/errors';
+import { AccessService, ActivityService, DashboardsService, FilesService, FlowsService, FoldersService, ItemsService, NotificationsService, OperationsService, PanelsService, PermissionsService, PoliciesService, PresetsService, RevisionsService, RolesService, SettingsService, SharesService, TranslationsService, UsersService, VersionsService, WebhooksService, } from '../services/index.js';
 /**
  * Select the correct service for the given collection. This allows the individual services to run
- * their custom checks (f.e. it allows UsersService to prevent updating TFA secret from outside)
+ * their custom checks (f.e. it allows `UsersService` to prevent updating TFA secret from outside).
  */
 export function getService(collection, opts) {
     switch (collection) {
+        case 'directus_access':
+            return new AccessService(opts);
         case 'directus_activity':
             return new ActivityService(opts);
-        // case 'directus_collections':
-        // 	return new CollectionsService(opts);
         case 'directus_dashboards':
             return new DashboardsService(opts);
-        // case 'directus_fields':
-        // 	return new FieldsService(opts);
         case 'directus_files':
             return new FilesService(opts);
         case 'directus_flows':
@@ -29,8 +28,8 @@ export function getService(collection, opts) {
             return new PermissionsService(opts);
         case 'directus_presets':
             return new PresetsService(opts);
-        // case 'directus_relations':
-        // 	return new RelationsService(opts);
+        case 'directus_policies':
+            return new PoliciesService(opts);
         case 'directus_revisions':
             return new RevisionsService(opts);
         case 'directus_roles':
@@ -39,13 +38,18 @@ export function getService(collection, opts) {
             return new SettingsService(opts);
         case 'directus_shares':
             return new SharesService(opts);
+        case 'directus_translations':
+            return new TranslationsService(opts);
         case 'directus_users':
             return new UsersService(opts);
-        case 'directus_webhooks':
-            return new WebhooksService(opts);
         case 'directus_versions':
             return new VersionsService(opts);
+        case 'directus_webhooks':
+            return new WebhooksService(opts);
         default:
+            // Deny usage of other system collections via ItemsService
+            if (collection.startsWith('directus_'))
+                throw new ForbiddenError();
             return new ItemsService(collection, opts);
     }
 }

package/dist/utils/reduce-schema.d.ts

@@ -1,9 +1,7 @@
-import type { Permission, PermissionsAction, SchemaOverview } from '@directus/types';
+import type { SchemaOverview } from '@directus/types';
+import type { FieldMap } from '../permissions/modules/fetch-allowed-field-map/fetch-allowed-field-map.js';
 /**
  * Reduces the schema based on the included permissions. The resulting object is the schema structure, but with only
- * the allowed collections/fields/relations included based on the permissions.
- * @param schema The full project schema
- * @param actions Array of permissions actions (crud)
- * @returns Reduced schema
+ * the allowed collections/fields/relations included based on the passed field map.
  */
-export declare function reduceSchema(schema: SchemaOverview, permissions: Permission[] | null, actions?: PermissionsAction[]): SchemaOverview;
+export declare function reduceSchema(schema: SchemaOverview, fieldMap: FieldMap): SchemaOverview;

package/dist/utils/reduce-schema.js

@@ -1,40 +1,20 @@
-import { uniq } from 'lodash-es';
 /**
  * Reduces the schema based on the included permissions. The resulting object is the schema structure, but with only
- * the allowed collections/fields/relations included based on the permissions.
- * @param schema The full project schema
- * @param actions Array of permissions actions (crud)
- * @returns Reduced schema
+ * the allowed collections/fields/relations included based on the passed field map.
  */
-export function reduceSchema(schema, permissions, actions = ['create', 'read', 'update', 'delete']) {
+export function reduceSchema(schema, fieldMap) {
     const reduced = {
         collections: {},
         relations: [],
     };
-    const allowedFieldsInCollection = permissions
-        ?.filter((permission) => actions.includes(permission.action))
-        .reduce((acc, permission) => {
-        if (!acc[permission.collection]) {
-            acc[permission.collection] = [];
-        }
-        if (permission.fields) {
-            acc[permission.collection] = uniq([...acc[permission.collection], ...permission.fields]);
-        }
-        return acc;
-    }, {}) ?? {};
     for (const [collectionName, collection] of Object.entries(schema.collections)) {
-        if (!permissions?.some((permission) => permission.collection === collectionName && actions.includes(permission.action))) {
-            continue;
-        }
         const fields = {};
         for (const [fieldName, field] of Object.entries(schema.collections[collectionName].fields)) {
-            if (!allowedFieldsInCollection[collectionName]?.includes('*') &&
-                !allowedFieldsInCollection[collectionName]?.includes(fieldName)) {
+            if (!fieldMap[collectionName]?.includes('*') && !fieldMap[collectionName]?.includes(fieldName)) {
                 continue;
             }
             const o2mRelation = schema.relations.find((relation) => relation.related_collection === collectionName && relation.meta?.one_field === fieldName);
-            if (o2mRelation &&
-                !permissions?.some((permission) => permission.collection === o2mRelation.collection && actions.includes(permission.action))) {
+            if (o2mRelation && !fieldMap[collectionName]) {
                 continue;
             }
             fields[fieldName] = field;
@@ -47,29 +27,29 @@ export function reduceSchema(schema, permissions, actions = ['create', 'read', '
     reduced.relations = schema.relations.filter((relation) => {
         let collectionsAllowed = true;
         let fieldsAllowed = true;
-        if (Object.keys(allowedFieldsInCollection).includes(relation.collection) === false) {
+        if (Object.keys(fieldMap).includes(relation.collection) === false) {
             collectionsAllowed = false;
         }
         if (relation.related_collection &&
-            (Object.keys(allowedFieldsInCollection).includes(relation.related_collection) === false ||
+            (Object.keys(fieldMap).includes(relation.related_collection) === false ||
                 // Ignore legacy permissions with an empty fields array
-                allowedFieldsInCollection[relation.related_collection]?.length === 0)) {
+                fieldMap[relation.related_collection]?.length === 0)) {
             collectionsAllowed = false;
         }
         if (relation.meta?.one_allowed_collections &&
-            relation.meta.one_allowed_collections.every((collection) => Object.keys(allowedFieldsInCollection).includes(collection)) === false) {
+            relation.meta.one_allowed_collections.every((collection) => Object.keys(fieldMap).includes(collection)) === false) {
             collectionsAllowed = false;
         }
-        if (!allowedFieldsInCollection[relation.collection] ||
-            (allowedFieldsInCollection[relation.collection]?.includes('*') === false &&
-                allowedFieldsInCollection[relation.collection]?.includes(relation.field) === false)) {
+        if (!fieldMap[relation.collection] ||
+            (fieldMap[relation.collection]?.includes('*') === false &&
+                fieldMap[relation.collection]?.includes(relation.field) === false)) {
             fieldsAllowed = false;
         }
         if (relation.related_collection &&
             relation.meta?.one_field &&
-            (!allowedFieldsInCollection[relation.related_collection] ||
-                (allowedFieldsInCollection[relation.related_collection]?.includes('*') === false &&
-                    allowedFieldsInCollection[relation.related_collection]?.includes(relation.meta?.one_field) === false))) {
+            (!fieldMap[relation.related_collection] ||
+                (fieldMap[relation.related_collection]?.includes('*') === false &&
+                    fieldMap[relation.related_collection]?.includes(relation.meta?.one_field) === false))) {
             fieldsAllowed = false;
         }
         return collectionsAllowed && fieldsAllowed;

package/dist/utils/validate-user-count-integrity.d.ts

@@ -0,0 +1,13 @@
+import { type FetchUserCountOptions } from './fetch-user-count/fetch-user-count.js';
+export declare enum UserIntegrityCheckFlag {
+    None = 0,
+    /** Check if the number of remaining admin users is greater than 0 */
+    RemainingAdmins = 1,
+    /** Check if the number of users is within the limits */
+    UserLimits = 2,
+    All = 3
+}
+export interface ValidateUserCountIntegrityOptions extends Omit<FetchUserCountOptions, 'adminOnly'> {
+    flags: UserIntegrityCheckFlag;
+}
+export declare function validateUserCountIntegrity(options: ValidateUserCountIntegrityOptions): Promise<void>;

package/dist/utils/validate-user-count-integrity.js

@@ -0,0 +1,29 @@
+import { validateRemainingAdminCount } from '../permissions/modules/validate-remaining-admin/validate-remaining-admin-count.js';
+import { checkUserLimits } from '../telemetry/utils/check-user-limits.js';
+import { shouldCheckUserLimits } from '../telemetry/utils/should-check-user-limits.js';
+import { fetchUserCount } from './fetch-user-count/fetch-user-count.js';
+export var UserIntegrityCheckFlag;
+(function (UserIntegrityCheckFlag) {
+    UserIntegrityCheckFlag[UserIntegrityCheckFlag["None"] = 0] = "None";
+    /** Check if the number of remaining admin users is greater than 0 */
+    UserIntegrityCheckFlag[UserIntegrityCheckFlag["RemainingAdmins"] = 1] = "RemainingAdmins";
+    /** Check if the number of users is within the limits */
+    UserIntegrityCheckFlag[UserIntegrityCheckFlag["UserLimits"] = 2] = "UserLimits";
+    UserIntegrityCheckFlag[UserIntegrityCheckFlag["All"] = 3] = "All";
+})(UserIntegrityCheckFlag || (UserIntegrityCheckFlag = {}));
+export async function validateUserCountIntegrity(options) {
+    const validateUserLimits = (options.flags & UserIntegrityCheckFlag.UserLimits) !== 0;
+    const validateRemainingAdminUsers = (options.flags & UserIntegrityCheckFlag.RemainingAdmins) !== 0;
+    const limitCheck = validateUserLimits && shouldCheckUserLimits();
+    if (!validateRemainingAdminUsers && !limitCheck) {
+        return;
+    }
+    const adminOnly = validateRemainingAdminUsers && !limitCheck;
+    const userCounts = await fetchUserCount({ ...options, adminOnly });
+    if (limitCheck) {
+        await checkUserLimits(userCounts);
+    }
+    if (validateRemainingAdminUsers) {
+        validateRemainingAdminCount(userCounts.admin);
+    }
+}

package/dist/websocket/authenticate.d.ts

@@ -1,6 +1,4 @@
-import type { Accountability } from '@directus/types';
 import type { BasicAuthMessage } from './messages.js';
 import type { AuthenticationState } from './types.js';
 export declare function authenticateConnection(message: BasicAuthMessage & Record<string, any>): Promise<AuthenticationState>;
-export declare function refreshAccountability(accountability: Accountability | null | undefined): Promise<Accountability>;
 export declare function authenticationSuccess(uid?: string | number, refresh_token?: string): string;

package/dist/websocket/authenticate.js

@@ -1,7 +1,6 @@
 import { DEFAULT_AUTH_PROVIDER } from '../constants.js';
 import { AuthenticationService } from '../services/index.js';
 import { getAccountabilityForToken } from '../utils/get-accountability-for-token.js';
-import { getPermissions } from '../utils/get-permissions.js';
 import { getSchema } from '../utils/get-schema.js';
 import { WebSocketError } from './errors.js';
 import { getExpiresAtForToken } from './utils/get-expires-at-for-token.js';
@@ -33,17 +32,6 @@ export async function authenticateConnection(message) {
         throw new WebSocketError('auth', 'AUTH_FAILED', 'Authentication failed.', message['uid']);
     }
 }
-export async function refreshAccountability(accountability) {
-    accountability = accountability ?? {
-        role: null,
-        user: null,
-        admin: false,
-        app: false,
-    };
-    const schema = await getSchema();
-    const permissions = await getPermissions(accountability, schema);
-    return { ...accountability, permissions };
-}
 export function authenticationSuccess(uid, refresh_token) {
     const message = {
         type: 'auth',

package/dist/websocket/controllers/graphql.js

@@ -4,7 +4,7 @@ import { useLogger } from '../../logger.js';
 import { bindPubSub } from '../../services/graphql/subscription.js';
 import { GraphQLService } from '../../services/index.js';
 import { getSchema } from '../../utils/get-schema.js';
-import { authenticateConnection, refreshAccountability } from '../authenticate.js';
+import { authenticateConnection } from '../authenticate.js';
 import { handleWebSocketError } from '../errors.js';
 import { ConnectionParams, WebSocketMessage } from '../messages.js';
 import { getMessageType } from '../utils/message.js';
@@ -64,9 +64,6 @@ export class GraphQLSubscriptionController extends SocketController {
                             client.close(CloseCode.Forbidden, 'Forbidden');
                             return;
                         }
-                        else {
-                            client.accountability = await refreshAccountability(client.accountability);
-                        }
                         await cb(JSON.stringify(message));
                     }
                     catch (error) {

package/dist/websocket/controllers/hooks.js

@@ -7,19 +7,23 @@ export function registerWebSocketEvents() {
     actionsRegistered = true;
     registerActionHooks([
         'items',
+        'access',
         'activity',
         'collections',
         'dashboards',
+        'flows',
         'folders',
         'notifications',
         'operations',
         'panels',
         'permissions',
+        'policies',
         'presets',
         'revisions',
         'roles',
         'settings',
         'shares',
+        'translations',
         'users',
         'versions',
         'webhooks',

package/dist/websocket/controllers/rest.js

@@ -2,7 +2,6 @@ import { useEnv } from '@directus/env';
 import { parseJSON } from '@directus/utils';
 import emitter from '../../emitter.js';
 import { useLogger } from '../../logger.js';
-import { refreshAccountability } from '../authenticate.js';
 import { WebSocketError, handleWebSocketError } from '../errors.js';
 import { WebSocketMessage } from '../messages.js';
 import SocketController from './base.js';
@@ -20,7 +19,6 @@ export class WebSocketController extends SocketController {
         client.on('parsed-message', async (message) => {
             try {
                 message = WebSocketMessage.parse(await emitter.emitFilter('websocket.message', message, { client }));
-                client.accountability = await refreshAccountability(client.accountability);
                 emitter.emitAction('websocket.message', { message, client });
             }
             catch (error) {

package/dist/websocket/handlers/subscribe.js

@@ -4,7 +4,6 @@ import { useBus } from '../../bus/index.js';
 import emitter from '../../emitter.js';
 import { getSchema } from '../../utils/get-schema.js';
 import { sanitizeQuery } from '../../utils/sanitize-query.js';
-import { refreshAccountability } from '../authenticate.js';
 import { WebSocketError, handleWebSocketError } from '../errors.js';
 import { WebSocketSubscribeMessage } from '../messages.js';
 import { getPayload } from '../utils/items.js';
@@ -112,7 +111,6 @@ export class SubscribeHandler {
                     continue;
             }
             try {
-                client.accountability = await refreshAccountability(client.accountability);
                 const result = await getPayload(subscription, client.accountability, schema, event);
                 if (Array.isArray(result?.['data']) && result?.['data']?.length === 0)
                     continue;

package/dist/websocket/utils/items.d.ts

@@ -39,5 +39,5 @@ export declare function getFieldsPayload(subscription: PSubscription, accountabi
  * @param event Event data
  * @returns the fetched data
  */
-export declare function getItemsPayload(subscription: PSubscription, accountability: Accountability | null, schema: SchemaOverview, event?: WebSocketEvent): Promise<string | number | import("@directus/types").Item | (string | number)[] | import("@directus/types").Item[]>;
+export declare function getItemsPayload(subscription: PSubscription, accountability: Accountability | null, schema: SchemaOverview, event?: WebSocketEvent): Promise<string | number | (string | number)[] | import("@directus/types").Item | import("@directus/types").Item[]>;
 export {};

package/dist/websocket/utils/items.js

@@ -1,5 +1,6 @@
-import { getService } from '../../utils/get-service.js';
+import { InvalidPayloadError } from '@directus/errors';
 import { CollectionsService, FieldsService, MetaService } from '../../services/index.js';
+import { getService } from '../../utils/get-service.js';
 /**
  * Get items from a collection using the appropriate service
  *
@@ -24,6 +25,8 @@ export async function getPayload(subscription, accountability, schema, event) {
         case 'directus_relations':
             result['data'] = event?.payload;
             break;
+        case 'directus_extensions':
+            throw new InvalidPayloadError({ reason: '"directus_extensions" is currently not supported.' });
         default:
             result['data'] = await getItemsPayload(subscription, accountability, schema, event);
             break;