@directus/api 20.0.0-rc.0 → 20.0.0

package/dist/services/users.js

@@ -1,22 +1,23 @@
 import { useEnv } from '@directus/env';
-import { ForbiddenError, InvalidPayloadError, RecordNotUniqueError } from '@directus/errors';
-import { getSimpleHash, toArray, validatePayload } from '@directus/utils';
+import { ForbiddenError, InvalidPayloadError, RecordNotUniqueError, UnprocessableContentError } from '@directus/errors';
+import { getSimpleHash, toArray, toBoolean, validatePayload } from '@directus/utils';
 import { FailedValidationError, joiValidationErrorItemToErrorExtensions } from '@directus/validation';
 import Joi from 'joi';
 import jwt from 'jsonwebtoken';
-import { isEmpty } from 'lodash-es';
+import { isEmpty, mergeWith } from 'lodash-es';
 import { performance } from 'perf_hooks';
-import { clearSystemCache } from '../cache.js';
 import getDatabase from '../database/index.js';
 import { useLogger } from '../logger.js';
-import { validateRemainingAdminUsers } from '../permissions/modules/validate-remaining-admin/validate-remaining-admin-users.js';
-import { createDefaultAccountability } from '../permissions/utils/create-default-accountability.js';
+import { checkIncreasedUserLimits } from '../telemetry/utils/check-increased-user-limits.js';
+import { getRoleCountsByRoles } from '../telemetry/utils/get-role-counts-by-roles.js';
+import { getRoleCountsByUsers } from '../telemetry/utils/get-role-counts-by-users.js';
+import {} from '../telemetry/utils/get-user-count.js';
+import { shouldCheckUserLimits } from '../telemetry/utils/should-check-user-limits.js';
 import { getSecret } from '../utils/get-secret.js';
 import isUrlAllowed from '../utils/is-url-allowed.js';
 import { verifyJWT } from '../utils/jwt.js';
 import { stall } from '../utils/stall.js';
 import { Url } from '../utils/url.js';
-import { UserIntegrityCheckFlag } from '../utils/validate-user-count-integrity.js';
 import { ItemsService } from './items.js';
 import { MailService } from './mail/index.js';
 import { SettingsService } from './settings.js';
@@ -87,11 +88,42 @@ export class UsersService extends ItemsService {
             }
         }
     }
+    async checkRemainingAdminExistence(excludeKeys) {
+        // Make sure there's at least one admin user left after this deletion is done
+        const otherAdminUsers = await this.knex
+            .count('*', { as: 'count' })
+            .from('directus_users')
+            .whereNotIn('directus_users.id', excludeKeys)
+            .andWhere({ 'directus_roles.admin_access': true })
+            .leftJoin('directus_roles', 'directus_users.role', 'directus_roles.id')
+            .first();
+        const otherAdminUsersCount = +(otherAdminUsers?.count || 0);
+        if (otherAdminUsersCount === 0) {
+            throw new UnprocessableContentError({ reason: `You can't remove the last admin user from the role` });
+        }
+    }
+    /**
+     * Make sure there's at least one active admin user when updating user status
+     */
+    async checkRemainingActiveAdmin(excludeKeys) {
+        const otherAdminUsers = await this.knex
+            .count('*', { as: 'count' })
+            .from('directus_users')
+            .whereNotIn('directus_users.id', excludeKeys)
+            .andWhere({ 'directus_roles.admin_access': true })
+            .andWhere({ 'directus_users.status': 'active' })
+            .leftJoin('directus_roles', 'directus_users.role', 'directus_roles.id')
+            .first();
+        const otherAdminUsersCount = +(otherAdminUsers?.count || 0);
+        if (otherAdminUsersCount === 0) {
+            throw new UnprocessableContentError({ reason: `You can't change the active status of the last admin user` });
+        }
+    }
     /**
      * Get basic information of user identified by email
      */
     async getUserByEmail(email) {
-        return this.knex
+        return await this.knex
             .select('id', 'role', 'status', 'password', 'email')
             .from('directus_users')
             .whereRaw(`LOWER(??) = ?`, ['email', email.toLowerCase()])
@@ -126,34 +158,51 @@ export class UsersService extends ItemsService {
     /**
      * Create a new user
      */
-    async createOne(data, opts = {}) {
+    async createOne(data, opts) {
         try {
-            if ('email' in data) {
+            if (data['email']) {
                 this.validateEmail(data['email']);
                 await this.checkUniqueEmails([data['email']]);
             }
-            if ('password' in data) {
+            if (data['password']) {
                 await this.checkPasswordPolicy([data['password']]);
             }
+            if (shouldCheckUserLimits() && data['role']) {
+                const increasedCounts = {
+                    admin: 0,
+                    app: 0,
+                    api: 0,
+                };
+                if (typeof data['role'] === 'object') {
+                    if ('admin_access' in data['role'] && data['role']['admin_access'] === true) {
+                        increasedCounts.admin++;
+                    }
+                    else if ('app_access' in data['role'] && data['role']['app_access'] === true) {
+                        increasedCounts.app++;
+                    }
+                    else {
+                        increasedCounts.api++;
+                    }
+                }
+                else {
+                    const existingRoleCounts = await getRoleCountsByRoles(this.knex, [data['role']]);
+                    mergeWith(increasedCounts, existingRoleCounts, (x, y) => x + y);
+                }
+                await checkIncreasedUserLimits(this.knex, increasedCounts);
+            }
         }
         catch (err) {
-            opts.preMutationError = err;
-        }
-        if (!('status' in data) || data['status'] === 'active') {
-            // Creating a user only requires checking user limits if the user is active, no need to care about the role
-            opts.userIntegrityCheckFlags =
-                (opts.userIntegrityCheckFlags ?? UserIntegrityCheckFlag.None) | UserIntegrityCheckFlag.UserLimits;
-            opts.onRequireUserIntegrityCheck?.(opts.userIntegrityCheckFlags);
+            (opts || (opts = {})).preMutationError = err;
         }
         return await super.createOne(data, opts);
     }
     /**
      * Create multiple new users
      */
-    async createMany(data, opts = {}) {
-        const emails = data.map((payload) => payload['email']).filter((email) => email);
-        const passwords = data.map((payload) => payload['password']).filter((password) => password);
-        const someActive = data.some((payload) => !('status' in payload) || payload['status'] === 'active');
+    async createMany(data, opts) {
+        const emails = data['map']((payload) => payload['email']).filter((email) => email);
+        const passwords = data['map']((payload) => payload['password']).filter((password) => password);
+        const roles = data['map']((payload) => payload['role']).filter((role) => role);
         try {
             if (emails.length) {
                 this.validateEmail(emails);
@@ -162,30 +211,96 @@ export class UsersService extends ItemsService {
             if (passwords.length) {
                 await this.checkPasswordPolicy(passwords);
             }
+            if (shouldCheckUserLimits() && roles.length) {
+                const increasedCounts = {
+                    admin: 0,
+                    app: 0,
+                    api: 0,
+                };
+                const existingRoles = [];
+                for (const role of roles) {
+                    if (typeof role === 'object') {
+                        if ('admin_access' in role && role['admin_access'] === true) {
+                            increasedCounts.admin++;
+                        }
+                        else if ('app_access' in role && role['app_access'] === true) {
+                            increasedCounts.app++;
+                        }
+                        else {
+                            increasedCounts.api++;
+                        }
+                    }
+                    else {
+                        existingRoles.push(role);
+                    }
+                }
+                const existingRoleCounts = await getRoleCountsByRoles(this.knex, existingRoles);
+                mergeWith(increasedCounts, existingRoleCounts, (x, y) => x + y);
+                await checkIncreasedUserLimits(this.knex, increasedCounts);
+            }
         }
         catch (err) {
-            opts.preMutationError = err;
-        }
-        if (someActive) {
-            // Creating users only requires checking user limits if the users are active, no need to care about the role
-            opts.userIntegrityCheckFlags =
-                (opts.userIntegrityCheckFlags ?? UserIntegrityCheckFlag.None) | UserIntegrityCheckFlag.UserLimits;
-            opts.onRequireUserIntegrityCheck?.(opts.userIntegrityCheckFlags);
+            (opts || (opts = {})).preMutationError = err;
         }
-        // Use generic ItemsService to avoid calling `UserService.createOne` to avoid additional work of validating emails,
-        // as this requires one query per email if done in `createOne`
-        const itemsService = new ItemsService(this.collection, {
-            schema: this.schema,
-            accountability: this.accountability,
-            knex: this.knex,
-        });
-        return await itemsService.createMany(data, opts);
+        return await super.createMany(data, opts);
     }
     /**
      * Update many users by primary key
      */
-    async updateMany(keys, data, opts = {}) {
+    async updateMany(keys, data, opts) {
         try {
+            const needsUserLimitCheck = shouldCheckUserLimits();
+            if (data['role']) {
+                /*
+                 * data['role'] has the following cases:
+                 * - a string with existing role id
+                 * - an object with existing role id for GraphQL mutations
+                 * - an object with data for new role
+                 */
+                const role = data['role']?.id ?? data['role'];
+                let newRole;
+                if (typeof role === 'string') {
+                    newRole = await this.knex
+                        .select('admin_access', 'app_access')
+                        .from('directus_roles')
+                        .where('id', role)
+                        .first();
+                }
+                else {
+                    newRole = role;
+                }
+                if (!newRole?.admin_access) {
+                    await this.checkRemainingAdminExistence(keys);
+                }
+                if (needsUserLimitCheck && newRole) {
+                    const existingCounts = await getRoleCountsByUsers(this.knex, keys);
+                    const increasedCounts = {
+                        admin: 0,
+                        app: 0,
+                        api: 0,
+                    };
+                    if (toBoolean(newRole.admin_access)) {
+                        increasedCounts.admin = keys.length - existingCounts.admin;
+                    }
+                    else if (toBoolean(newRole.app_access)) {
+                        increasedCounts.app = keys.length - existingCounts.app;
+                    }
+                    else {
+                        increasedCounts.api = keys.length - existingCounts.api;
+                    }
+                    await checkIncreasedUserLimits(this.knex, increasedCounts);
+                }
+            }
+            if (needsUserLimitCheck && data['role'] === null) {
+                await checkIncreasedUserLimits(this.knex, { admin: 0, app: 0, api: 1 });
+            }
+            if (data['status'] !== undefined && data['status'] !== 'active') {
+                await this.checkRemainingActiveAdmin(keys);
+            }
+            if (needsUserLimitCheck && data['status'] === 'active') {
+                const increasedCounts = await getRoleCountsByUsers(this.knex, keys, { inactiveUsers: true });
+                await checkIncreasedUserLimits(this.knex, increasedCounts);
+            }
             if (data['email']) {
                 if (keys.length > 1) {
                     throw new RecordNotUniqueError({
@@ -216,45 +331,19 @@ export class UsersService extends ItemsService {
             }
         }
         catch (err) {
-            opts.preMutationError = err;
-        }
-        if ('role' in data) {
-            opts.userIntegrityCheckFlags = UserIntegrityCheckFlag.All;
+            (opts || (opts = {})).preMutationError = err;
         }
-        if ('status' in data) {
-            if (data['status'] === 'active') {
-                // User are being activated, no need to check if there are enough admins
-                opts.userIntegrityCheckFlags =
-                    (opts.userIntegrityCheckFlags ?? UserIntegrityCheckFlag.None) | UserIntegrityCheckFlag.UserLimits;
-            }
-            else {
-                opts.userIntegrityCheckFlags = UserIntegrityCheckFlag.All;
-            }
-        }
-        if (opts.userIntegrityCheckFlags) {
-            opts.onRequireUserIntegrityCheck?.(opts.userIntegrityCheckFlags);
-        }
-        const result = await super.updateMany(keys, data, opts);
-        // Only clear the caches if the role has been updated
-        if ('role' in data) {
-            await this.clearCaches(opts);
-        }
-        return result;
+        return await super.updateMany(keys, data, opts);
     }
     /**
      * Delete multiple users by primary key
      */
-    async deleteMany(keys, opts = {}) {
-        if (opts?.onRequireUserIntegrityCheck) {
-            opts.onRequireUserIntegrityCheck(opts?.userIntegrityCheckFlags ?? UserIntegrityCheckFlag.None);
+    async deleteMany(keys, opts) {
+        try {
+            await this.checkRemainingAdminExistence(keys);
         }
-        else {
-            try {
-                await validateRemainingAdminUsers({ excludeUsers: keys }, { knex: this.knex, schema: this.schema });
-            }
-            catch (err) {
-                opts.preMutationError = err;
-            }
+        catch (err) {
+            (opts || (opts = {})).preMutationError = err;
         }
         // Manual constraint, see https://github.com/directus/directus/pull/19912
         await this.knex('directus_notifications').update({ sender: null }).whereIn('sender', keys);
@@ -477,16 +566,10 @@ export class UsersService extends ItemsService {
             knex: this.knex,
             schema: this.schema,
             accountability: {
-                ...(this.accountability ?? createDefaultAccountability()),
+                ...(this.accountability ?? { role: null }),
                 admin: true, // We need to skip permissions checks for the update call below
             },
         });
         await service.updateOne(user.id, { password, status: 'active' }, opts);
     }
-    async clearCaches(opts) {
-        await clearSystemCache({ autoPurgeCache: opts?.autoPurgeCache });
-        if (this.cache && opts?.autoPurgeCache !== false) {
-            await this.cache.clear();
-        }
-    }
 }

package/dist/services/utils.js

@@ -3,8 +3,6 @@ import { systemCollectionRows } from '@directus/system-data';
 import { clearSystemCache, getCache } from '../cache.js';
 import getDatabase from '../database/index.js';
 import emitter from '../emitter.js';
-import { fetchAllowedFields } from '../permissions/modules/fetch-allowed-fields/fetch-allowed-fields.js';
-import { validateAccess } from '../permissions/modules/validate-access/validate-access.js';
 import { shouldClearCache } from '../utils/should-clear-cache.js';
 export class UtilsService {
     knex;
@@ -22,16 +20,14 @@ export class UtilsService {
         if (!sortField) {
             throw new InvalidPayloadError({ reason: `Collection "${collection}" doesn't have a sort field` });
         }
-        if (this.accountability && this.accountability.admin !== true) {
-            await validateAccess({
-                accountability: this.accountability,
-                action: 'update',
-                collection,
-            }, {
-                schema: this.schema,
-                knex: this.knex,
+        if (this.accountability?.admin !== true) {
+            const permissions = this.accountability?.permissions?.find((permission) => {
+                return permission.collection === collection && permission.action === 'update';
             });
-            const allowedFields = await fetchAllowedFields({ collection, action: 'update', accountability: this.accountability }, { schema: this.schema, knex: this.knex });
+            if (!permissions) {
+                throw new ForbiddenError();
+            }
+            const allowedFields = permissions.fields ?? [];
             if (allowedFields[0] !== '*' && allowedFields.includes(sortField) === false) {
                 throw new ForbiddenError();
             }

package/dist/services/versions.d.ts

@@ -1,7 +1,9 @@
 import type { Item, PrimaryKey, Query } from '@directus/types';
 import type { AbstractServiceOptions, MutationOptions } from '../types/index.js';
+import { AuthorizationService } from './authorization.js';
 import { ItemsService } from './items.js';
 export declare class VersionsService extends ItemsService {
+    authorizationService: AuthorizationService;
     constructor(options: AbstractServiceOptions);
     private validateCreateData;
     getMainItem(collection: string, item: PrimaryKey, query?: Query): Promise<Item>;

package/dist/services/versions.js

@@ -6,15 +6,21 @@ import objectHash from 'object-hash';
 import { getCache } from '../cache.js';
 import getDatabase from '../database/index.js';
 import emitter from '../emitter.js';
-import { validateAccess } from '../permissions/modules/validate-access/validate-access.js';
 import { shouldClearCache } from '../utils/should-clear-cache.js';
 import { ActivityService } from './activity.js';
+import { AuthorizationService } from './authorization.js';
 import { ItemsService } from './items.js';
 import { PayloadService } from './payload.js';
 import { RevisionsService } from './revisions.js';
 export class VersionsService extends ItemsService {
+    authorizationService;
     constructor(options) {
         super('directus_versions', options);
+        this.authorizationService = new AuthorizationService({
+            accountability: this.accountability,
+            knex: this.knex,
+            schema: this.schema,
+        });
     }
     async validateCreateData(data) {
         if (!data['key'])
@@ -49,31 +55,11 @@ export class VersionsService extends ItemsService {
             });
         }
         // will throw an error if the accountability does not have permission to read the item
-        if (this.accountability) {
-            await validateAccess({
-                accountability: this.accountability,
-                action: 'read',
-                collection: data['collection'],
-                primaryKeys: [data['item']],
-            }, {
-                schema: this.schema,
-                knex: this.knex,
-            });
-        }
+        await this.authorizationService.checkAccess('read', data['collection'], data['item']);
     }
     async getMainItem(collection, item, query) {
         // will throw an error if the accountability does not have permission to read the item
-        if (this.accountability) {
-            await validateAccess({
-                accountability: this.accountability,
-                action: 'read',
-                collection,
-                primaryKeys: [item],
-            }, {
-                schema: this.schema,
-                knex: this.knex,
-            });
-        }
+        await this.authorizationService.checkAccess('read', collection, item);
         const itemsService = new ItemsService(collection, {
             knex: this.knex,
             accountability: this.accountability,
@@ -214,17 +200,7 @@ export class VersionsService extends ItemsService {
     async promote(version, mainHash, fields) {
         const { id, collection, item } = (await this.readOne(version));
         // will throw an error if the accountability does not have permission to update the item
-        if (this.accountability) {
-            await validateAccess({
-                accountability: this.accountability,
-                action: 'update',
-                collection,
-                primaryKeys: [item],
-            }, {
-                schema: this.schema,
-                knex: this.knex,
-            });
-        }
+        await this.authorizationService.checkAccess('update', collection, item);
         const { outdated } = await this.verifyHash(collection, item, mainHash);
         if (outdated) {
             throw new UnprocessableContentError({

package/dist/storage/register-locations.js

@@ -1,13 +1,17 @@
 import { useEnv } from '@directus/env';
 import { toArray } from '@directus/utils';
+import { RESUMABLE_UPLOADS } from '../constants.js';
 import { getConfigFromEnv } from '../utils/get-config-from-env.js';
 export const registerLocations = async (storage) => {
     const env = useEnv();
     const locations = toArray(env['STORAGE_LOCATIONS']);
+    const tus = {
+        chunkSize: RESUMABLE_UPLOADS.CHUNK_SIZE,
+    };
     locations.forEach((location) => {
         location = location.trim();
         const driverConfig = getConfigFromEnv(`STORAGE_${location.toUpperCase()}_`);
         const { driver, ...options } = driverConfig;
-        storage.registerLocation(location, { driver, options });
+        storage.registerLocation(location, { driver, options: { ...options, tus } });
     });
 };

package/dist/telemetry/lib/get-report.js

@@ -2,11 +2,11 @@ import { useEnv } from '@directus/env';
 import { version } from 'directus/version';
 import { getHelpers } from '../../database/helpers/index.js';
 import { getDatabase, getDatabaseClient } from '../../database/index.js';
-import { fetchUserCount } from '../../utils/fetch-user-count/fetch-user-count.js';
 import { getExtensionCount } from '../utils/get-extension-count.js';
 import { getFieldCount } from '../utils/get-field-count.js';
 import { getFilesizeSum } from '../utils/get-filesize-sum.js';
 import { getItemCount } from '../utils/get-item-count.js';
+import { getUserCount } from '../utils/get-user-count.js';
 import { getUserItemCount } from '../utils/get-user-item-count.js';
 const basicCountTasks = [
     { collection: 'directus_dashboards' },
@@ -27,7 +27,7 @@ export const getReport = async () => {
     const helpers = getHelpers(db);
     const [basicCounts, userCounts, userItemCount, fieldsCounts, extensionsCounts, databaseSize, filesizes] = await Promise.all([
         getItemCount(db, basicCountTasks),
-        fetchUserCount({ knex: db }),
+        getUserCount(db),
         getUserItemCount(db),
         getFieldCount(db),
         getExtensionCount(db),

package/dist/telemetry/utils/check-increased-user-limits.d.ts

@@ -0,0 +1,7 @@
+import type { PrimaryKey } from '@directus/types';
+import type { Knex } from 'knex';
+import { type AccessTypeCount } from './get-user-count.js';
+/**
+ * Ensure that user limits are not reached
+ */
+export declare function checkIncreasedUserLimits(db: Knex, increasedUserCounts: AccessTypeCount, ignoreIds?: PrimaryKey[]): Promise<void>;

package/dist/telemetry/utils/check-increased-user-limits.js

@@ -0,0 +1,25 @@
+import { useEnv } from '@directus/env';
+import { LimitExceededError } from '@directus/errors';
+import { getUserCount } from './get-user-count.js';
+const env = useEnv();
+/**
+ * Ensure that user limits are not reached
+ */
+export async function checkIncreasedUserLimits(db, increasedUserCounts, ignoreIds = []) {
+    if (!increasedUserCounts.admin && !increasedUserCounts.app && !increasedUserCounts.api)
+        return;
+    const userCounts = await getUserCount(db, ignoreIds);
+    // Admins have full permissions, therefore should count under app access limit
+    const existingAppUsersCount = userCounts.admin + userCounts.app;
+    const newAppUsersCount = increasedUserCounts.admin + increasedUserCounts.app;
+    if (increasedUserCounts.admin > 0 &&
+        increasedUserCounts.admin + userCounts.admin > Number(env['USERS_ADMIN_ACCESS_LIMIT'])) {
+        throw new LimitExceededError({ category: 'Active Admin users' });
+    }
+    if (newAppUsersCount > 0 && newAppUsersCount + existingAppUsersCount > Number(env['USERS_APP_ACCESS_LIMIT'])) {
+        throw new LimitExceededError({ category: 'Active App users' });
+    }
+    if (increasedUserCounts.api > 0 && increasedUserCounts.api + userCounts.api > Number(env['USERS_API_ACCESS_LIMIT'])) {
+        throw new LimitExceededError({ category: 'Active API users' });
+    }
+}

package/dist/telemetry/utils/get-role-counts-by-roles.d.ts

@@ -0,0 +1,6 @@
+import type { Knex } from 'knex';
+import { type AccessTypeCount } from './get-user-count.js';
+/**
+ * Get the role type counts by role IDs
+ */
+export declare function getRoleCountsByRoles(db: Knex, roles: string[]): Promise<AccessTypeCount>;

package/dist/telemetry/utils/get-role-counts-by-roles.js

@@ -0,0 +1,27 @@
+import { toBoolean } from '@directus/utils';
+import {} from './get-user-count.js';
+/**
+ * Get the role type counts by role IDs
+ */
+export async function getRoleCountsByRoles(db, roles) {
+    const counts = {
+        admin: 0,
+        app: 0,
+        api: 0,
+    };
+    const result = (await db.select('id', 'admin_access', 'app_access').from('directus_roles').whereIn('id', roles));
+    for (const role of result) {
+        const adminAccess = toBoolean(role.admin_access);
+        const appAccess = toBoolean(role.app_access);
+        if (adminAccess) {
+            counts.admin++;
+        }
+        else if (appAccess) {
+            counts.app++;
+        }
+        else {
+            counts.api++;
+        }
+    }
+    return counts;
+}

package/dist/telemetry/utils/get-role-counts-by-users.d.ts

@@ -0,0 +1,11 @@
+import type { PrimaryKey } from '@directus/types';
+import type { Knex } from 'knex';
+import type { AccessTypeCount } from './get-user-count.js';
+type CountOptions = {
+    inactiveUsers?: boolean;
+};
+/**
+ * Get the role type counts by user IDs
+ */
+export declare function getRoleCountsByUsers(db: Knex, userIds: PrimaryKey[], options?: CountOptions): Promise<AccessTypeCount>;
+export {};

package/dist/telemetry/utils/get-role-counts-by-users.js

@@ -0,0 +1,34 @@
+import { toBoolean } from '@directus/utils';
+/**
+ * Get the role type counts by user IDs
+ */
+export async function getRoleCountsByUsers(db, userIds, options = {}) {
+    const counts = {
+        admin: 0,
+        app: 0,
+        api: 0,
+    };
+    const result = await db
+        .count('directus_users.id', { as: 'count' })
+        .select('directus_roles.admin_access', 'directus_roles.app_access')
+        .from('directus_users')
+        .whereIn('directus_users.id', userIds)
+        .andWhere('directus_users.status', options.inactiveUsers ? '!=' : '=', 'active')
+        .leftJoin('directus_roles', 'directus_users.role', '=', 'directus_roles.id')
+        .groupBy('directus_roles.admin_access', 'directus_roles.app_access');
+    for (const record of result) {
+        const adminAccess = toBoolean(record.admin_access);
+        const appAccess = toBoolean(record.app_access);
+        const count = Number(record.count);
+        if (adminAccess) {
+            counts.admin += count;
+        }
+        else if (appAccess) {
+            counts.app += count;
+        }
+        else {
+            counts.api += count;
+        }
+    }
+    return counts;
+}

package/dist/telemetry/utils/get-user-count.d.ts

@@ -0,0 +1,8 @@
+import type { PrimaryKey } from '@directus/types';
+import { type Knex } from 'knex';
+export interface AccessTypeCount {
+    admin: number;
+    app: number;
+    api: number;
+}
+export declare const getUserCount: (db: Knex, ignoreIds?: PrimaryKey[]) => Promise<AccessTypeCount>;

package/dist/telemetry/utils/get-user-count.js

@@ -0,0 +1,33 @@
+import { toBoolean } from '@directus/utils';
+import {} from 'knex';
+export const getUserCount = async (db, ignoreIds = []) => {
+    const counts = {
+        admin: 0,
+        app: 0,
+        api: 0,
+    };
+    const result = (await db
+        .count('directus_users.id', { as: 'count' })
+        .select('directus_roles.admin_access', 'directus_roles.app_access')
+        .from('directus_users')
+        .whereNotIn('directus_users.id', ignoreIds)
+        .andWhere('directus_users.status', 'active')
+        .leftJoin('directus_roles', 'directus_users.role', '=', 'directus_roles.id')
+        .where('directus_users.status', '=', 'active')
+        .groupBy('directus_roles.admin_access', 'directus_roles.app_access'));
+    for (const record of result) {
+        const adminAccess = toBoolean(record.admin_access);
+        const appAccess = toBoolean(record.app_access);
+        const count = Number(record.count);
+        if (adminAccess) {
+            counts.admin += count;
+        }
+        else if (appAccess) {
+            counts.app += count;
+        }
+        else {
+            counts.api += count;
+        }
+    }
+    return counts;
+};

package/dist/telemetry/utils/get-user-counts-by-roles.d.ts

@@ -0,0 +1,7 @@
+import type { PrimaryKey } from '@directus/types';
+import type { Knex } from 'knex';
+import { type AccessTypeCount } from './get-user-count.js';
+/**
+ * Get the user type counts by role IDs
+ */
+export declare function getUserCountsByRoles(db: Knex, roleIds: PrimaryKey[]): Promise<AccessTypeCount>;