@directus/api 20.0.0-rc.0 → 20.0.0

package/dist/services/graphql/subscription.js

@@ -1,6 +1,7 @@
 import { EventEmitter, on } from 'events';
 import { useBus } from '../../bus/index.js';
 import { getSchema } from '../../utils/get-schema.js';
+import { refreshAccountability } from '../../websocket/authenticate.js';
 import { getPayload } from '../../websocket/utils/items.js';
 const messages = createPubSub(new EventEmitter());
 export function bindPubSub() {
@@ -18,6 +19,7 @@ export function createSubscriptionGenerator(self, event) {
             if ('event' in args && eventData['action'] !== args['event']) {
                 continue; // skip filtered events
             }
+            const accountability = await refreshAccountability(self.accountability);
             const schema = await getSchema();
             const subscription = {
                 collection: eventData['collection'],
@@ -33,7 +35,7 @@ export function createSubscriptionGenerator(self, event) {
             if (eventData['action'] === 'create') {
                 try {
                     subscription.item = eventData['key'];
-                    const result = await getPayload(subscription, self.accountability, schema, eventData);
+                    const result = await getPayload(subscription, accountability, schema, eventData);
                     yield {
                         [event]: {
                             key: eventData['key'],
@@ -50,7 +52,7 @@ export function createSubscriptionGenerator(self, event) {
                 for (const key of eventData['keys']) {
                     try {
                         subscription.item = key;
-                        const result = await getPayload(subscription, self.accountability, schema, eventData);
+                        const result = await getPayload(subscription, accountability, schema, eventData);
                         yield {
                             [event]: {
                                 key,

package/dist/services/import-export.js

@@ -15,7 +15,6 @@ import StreamArray from 'stream-json/streamers/StreamArray.js';
 import getDatabase from '../database/index.js';
 import emitter from '../emitter.js';
 import { useLogger } from '../logger.js';
-import { validateAccess } from '../permissions/modules/validate-access/validate-access.js';
 import { getDateFormatted } from '../utils/get-date-formatted.js';
 import { getService } from '../utils/get-service.js';
 import { transaction } from '../utils/transaction.js';
@@ -38,23 +37,10 @@ export class ImportService {
     async import(collection, mimetype, stream) {
         if (this.accountability?.admin !== true && isSystemCollection(collection))
             throw new ForbiddenError();
-        if (this.accountability) {
-            await validateAccess({
-                accountability: this.accountability,
-                action: 'create',
-                collection,
-            }, {
-                schema: this.schema,
-                knex: this.knex,
-            });
-            await validateAccess({
-                accountability: this.accountability,
-                action: 'update',
-                collection,
-            }, {
-                schema: this.schema,
-                knex: this.knex,
-            });
+        const createPermissions = this.accountability?.permissions?.find((permission) => permission.collection === collection && permission.action === 'create');
+        const updatePermissions = this.accountability?.permissions?.find((permission) => permission.collection === collection && permission.action === 'update');
+        if (this.accountability?.admin !== true && (!createPermissions || !updatePermissions)) {
+            throw new ForbiddenError();
         }
         switch (mimetype) {
             case 'application/json':

package/dist/services/index.d.ts

@@ -1,7 +1,7 @@
-export * from './access.js';
 export * from './activity.js';
 export * from './assets.js';
 export * from './authentication.js';
+export * from './authorization.js';
 export * from './collections.js';
 export * from './dashboards.js';
 export * from './extensions.js';
@@ -18,8 +18,7 @@ export * from './notifications.js';
 export * from './operations.js';
 export * from './panels.js';
 export * from './payload.js';
-export * from './permissions.js';
-export * from './policies.js';
+export * from './permissions/index.js';
 export * from './presets.js';
 export * from './relations.js';
 export * from './revisions.js';

package/dist/services/index.js

@@ -1,7 +1,7 @@
-export * from './access.js';
 export * from './activity.js';
 export * from './assets.js';
 export * from './authentication.js';
+export * from './authorization.js';
 export * from './collections.js';
 export * from './dashboards.js';
 export * from './extensions.js';
@@ -18,8 +18,7 @@ export * from './notifications.js';
 export * from './operations.js';
 export * from './panels.js';
 export * from './payload.js';
-export * from './permissions.js';
-export * from './policies.js';
+export * from './permissions/index.js';
 export * from './presets.js';
 export * from './relations.js';
 export * from './revisions.js';

package/dist/services/items.js

@@ -5,18 +5,15 @@ import { isSystemCollection } from '@directus/system-data';
 import { assign, clone, cloneDeep, omit, pick, without } from 'lodash-es';
 import { getCache } from '../cache.js';
 import { translateDatabaseError } from '../database/errors/translate.js';
-import { getAstFromQuery } from '../database/get-ast-from-query/get-ast-from-query.js';
 import { getHelpers } from '../database/helpers/index.js';
 import getDatabase from '../database/index.js';
-import { runAst } from '../database/run-ast/run-ast.js';
+import runAST from '../database/run-ast.js';
 import emitter from '../emitter.js';
-import { processAst } from '../permissions/modules/process-ast/process-ast.js';
-import { processPayload } from '../permissions/modules/process-payload/process-payload.js';
-import { validateAccess } from '../permissions/modules/validate-access/validate-access.js';
+import getASTFromQuery from '../utils/get-ast-from-query.js';
 import { shouldClearCache } from '../utils/should-clear-cache.js';
 import { transaction } from '../utils/transaction.js';
 import { validateKeys } from '../utils/validate-keys.js';
-import { UserIntegrityCheckFlag, validateUserCountIntegrity } from '../utils/validate-user-count-integrity.js';
+import { AuthorizationService } from './authorization.js';
 import { PayloadService } from './payload.js';
 const env = useEnv();
 export class ItemsService {
@@ -101,13 +98,17 @@ export class ItemsService {
         // that any errors thrown in any nested relational changes will bubble up and cancel the whole
         // update tree
         const primaryKey = await transaction(this.knex, async (trx) => {
-            const serviceOptions = {
+            // We're creating new services instances so they can use the transaction as their Knex interface
+            const payloadService = new PayloadService(this.collection, {
                 accountability: this.accountability,
                 knex: trx,
                 schema: this.schema,
-            };
-            // We're creating new services instances so they can use the transaction as their Knex interface
-            const payloadService = new PayloadService(this.collection, serviceOptions);
+            });
+            const authorizationService = new AuthorizationService({
+                accountability: this.accountability,
+                knex: trx,
+                schema: this.schema,
+            });
             // Run all hooks that are attached to this event so the end user has the chance to augment the
             // item that is about to be saved
             const payloadAfterHooks = opts.emitEvents !== false
@@ -122,21 +123,13 @@ export class ItemsService {
                 })
                 : payload;
             const payloadWithPresets = this.accountability
-                ? await processPayload({
-                    accountability: this.accountability,
-                    action: 'create',
-                    collection: this.collection,
-                    payload: payloadAfterHooks,
-                }, {
-                    knex: trx,
-                    schema: this.schema,
-                })
+                ? authorizationService.validatePayload('create', this.collection, payloadAfterHooks)
                 : payloadAfterHooks;
             if (opts.preMutationError) {
                 throw opts.preMutationError;
             }
-            const { payload: payloadWithM2O, revisions: revisionsM2O, nestedActionEvents: nestedActionEventsM2O, userIntegrityCheckFlags: userIntegrityCheckFlagsM2O, } = await payloadService.processM2O(payloadWithPresets, opts);
-            const { payload: payloadWithA2O, revisions: revisionsA2O, nestedActionEvents: nestedActionEventsA2O, userIntegrityCheckFlags: userIntegrityCheckFlagsA2O, } = await payloadService.processA2O(payloadWithM2O, opts);
+            const { payload: payloadWithM2O, revisions: revisionsM2O, nestedActionEvents: nestedActionEventsM2O, } = await payloadService.processM2O(payloadWithPresets, opts);
+            const { payload: payloadWithA2O, revisions: revisionsA2O, nestedActionEvents: nestedActionEventsA2O, } = await payloadService.processA2O(payloadWithM2O, opts);
             const payloadWithoutAliases = pick(payloadWithA2O, without(fields, ...aliases));
             const payloadWithTypeCasting = await payloadService.processValues('create', payloadWithoutAliases);
             // The primary key can already exist in the payload.
@@ -194,22 +187,10 @@ export class ItemsService {
             }
             // At this point, the primary key is guaranteed to be set.
             primaryKey = primaryKey;
-            const { revisions: revisionsO2M, nestedActionEvents: nestedActionEventsO2M, userIntegrityCheckFlags: userIntegrityCheckFlagsO2M, } = await payloadService.processO2M(payloadWithPresets, primaryKey, opts);
+            const { revisions: revisionsO2M, nestedActionEvents: nestedActionEventsO2M } = await payloadService.processO2M(payloadWithPresets, primaryKey, opts);
             nestedActionEvents.push(...nestedActionEventsM2O);
             nestedActionEvents.push(...nestedActionEventsA2O);
             nestedActionEvents.push(...nestedActionEventsO2M);
-            const userIntegrityCheckFlags = (opts.userIntegrityCheckFlags ?? UserIntegrityCheckFlag.None) |
-                userIntegrityCheckFlagsM2O |
-                userIntegrityCheckFlagsA2O |
-                userIntegrityCheckFlagsO2M;
-            if (userIntegrityCheckFlags) {
-                if (opts.onRequireUserIntegrityCheck) {
-                    opts.onRequireUserIntegrityCheck(userIntegrityCheckFlags);
-                }
-                else {
-                    await validateUserCountIntegrity({ flags: userIntegrityCheckFlags, knex: trx });
-                }
-            }
             // If this is an authenticated action, and accountability tracking is enabled, save activity row
             if (this.accountability && this.schema.collections[this.collection].accountability !== null) {
                 const activityService = new ActivityService({
@@ -300,7 +281,6 @@ export class ItemsService {
             opts.mutationTracker = this.createMutationTracker();
         const { primaryKeys, nestedActionEvents } = await transaction(this.knex, async (knex) => {
             const service = this.fork({ knex });
-            let userIntegrityCheckFlags = opts.userIntegrityCheckFlags ?? UserIntegrityCheckFlag.None;
             const primaryKeys = [];
             const nestedActionEvents = [];
             const pkField = this.schema.collections[this.collection].primary;
@@ -314,21 +294,12 @@ export class ItemsService {
                 const primaryKey = await service.createOne(payload, {
                     ...(opts || {}),
                     autoPurgeCache: false,
-                    onRequireUserIntegrityCheck: (flags) => (userIntegrityCheckFlags |= flags),
                     bypassEmitAction: (params) => nestedActionEvents.push(params),
                     mutationTracker: opts.mutationTracker,
                     bypassAutoIncrementSequenceReset,
                 });
                 primaryKeys.push(primaryKey);
             }
-            if (userIntegrityCheckFlags) {
-                if (opts.onRequireUserIntegrityCheck) {
-                    opts.onRequireUserIntegrityCheck(userIntegrityCheckFlags);
-                }
-                else {
-                    await validateUserCountIntegrity({ flags: userIntegrityCheckFlags, knex });
-                }
-            }
             return { primaryKeys, nestedActionEvents };
         });
         if (opts.emitEvents !== false) {
@@ -361,21 +332,27 @@ export class ItemsService {
                 accountability: this.accountability,
             })
             : query;
-        let ast = await getAstFromQuery({
-            collection: this.collection,
-            query: updatedQuery,
+        let ast = await getASTFromQuery(this.collection, updatedQuery, this.schema, {
             accountability: this.accountability,
-        }, {
-            schema: this.schema,
+            // By setting the permissions action, you can read items using the permissions for another
+            // operation's permissions. This is used to dynamically check if you have update/delete
+            // access to (a) certain item(s)
+            action: opts?.permissionsAction || 'read',
             knex: this.knex,
         });
-        ast = await processAst({ ast, action: 'read', accountability: this.accountability }, { knex: this.knex, schema: this.schema });
-        const records = await runAst(ast, this.schema, {
+        if (this.accountability && this.accountability.admin !== true) {
+            const authorizationService = new AuthorizationService({
+                accountability: this.accountability,
+                knex: this.knex,
+                schema: this.schema,
+            });
+            ast = await authorizationService.processAST(ast, opts?.permissionsAction);
+        }
+        const records = await runAST(ast, this.schema, {
             knex: this.knex,
             // GraphQL requires relational keys to be returned regardless
             stripNonRequested: opts?.stripNonRequested !== undefined ? opts.stripNonRequested : true,
         });
-        // TODO when would this happen?
         if (records === null) {
             throw new ForbiddenError();
         }
@@ -473,26 +450,13 @@ export class ItemsService {
         try {
             await transaction(this.knex, async (knex) => {
                 const service = this.fork({ knex });
-                let userIntegrityCheckFlags = opts.userIntegrityCheckFlags ?? UserIntegrityCheckFlag.None;
                 for (const item of data) {
                     const primaryKey = item[primaryKeyField];
                     if (!primaryKey)
                         throw new InvalidPayloadError({ reason: `Item in update misses primary key` });
-                    const combinedOpts = {
-                        autoPurgeCache: false,
-                        ...opts,
-                        onRequireUserIntegrityCheck: (flags) => (userIntegrityCheckFlags |= flags),
-                    };
+                    const combinedOpts = Object.assign({ autoPurgeCache: false }, opts);
                     keys.push(await service.updateOne(primaryKey, omit(item, primaryKeyField), combinedOpts));
                 }
-                if (userIntegrityCheckFlags) {
-                    if (opts.onRequireUserIntegrityCheck) {
-                        opts.onRequireUserIntegrityCheck(userIntegrityCheckFlags);
-                    }
-                    else {
-                        await validateUserCountIntegrity({ flags: userIntegrityCheckFlags, knex });
-                    }
-                }
             });
         }
         finally {
@@ -521,6 +485,11 @@ export class ItemsService {
             .map((field) => field.field);
         const payload = cloneDeep(data);
         const nestedActionEvents = [];
+        const authorizationService = new AuthorizationService({
+            accountability: this.accountability,
+            knex: this.knex,
+            schema: this.schema,
+        });
         // Run all hooks that are attached to this event so the end user has the chance to augment the
         // item that is about to be saved
         const payloadAfterHooks = opts.emitEvents !== false
@@ -538,26 +507,10 @@ export class ItemsService {
         // Sort keys to ensure that the order is maintained
         keys.sort();
         if (this.accountability) {
-            await validateAccess({
-                accountability: this.accountability,
-                action: 'update',
-                collection: this.collection,
-                primaryKeys: keys,
-            }, {
-                schema: this.schema,
-                knex: this.knex,
-            });
+            await authorizationService.checkAccess('update', this.collection, keys);
         }
         const payloadWithPresets = this.accountability
-            ? await processPayload({
-                accountability: this.accountability,
-                action: 'update',
-                collection: this.collection,
-                payload: payloadAfterHooks,
-            }, {
-                knex: this.knex,
-                schema: this.schema,
-            })
+            ? authorizationService.validatePayload('update', this.collection, payloadAfterHooks)
             : payloadAfterHooks;
         if (opts.preMutationError) {
             throw opts.preMutationError;
@@ -568,8 +521,8 @@ export class ItemsService {
                 knex: trx,
                 schema: this.schema,
             });
-            const { payload: payloadWithM2O, revisions: revisionsM2O, nestedActionEvents: nestedActionEventsM2O, userIntegrityCheckFlags: userIntegrityCheckFlagsM2O, } = await payloadService.processM2O(payloadWithPresets, opts);
-            const { payload: payloadWithA2O, revisions: revisionsA2O, nestedActionEvents: nestedActionEventsA2O, userIntegrityCheckFlags: userIntegrityCheckFlagsA2O, } = await payloadService.processA2O(payloadWithM2O, opts);
+            const { payload: payloadWithM2O, revisions: revisionsM2O, nestedActionEvents: nestedActionEventsM2O, } = await payloadService.processM2O(payloadWithPresets, opts);
+            const { payload: payloadWithA2O, revisions: revisionsA2O, nestedActionEvents: nestedActionEventsA2O, } = await payloadService.processA2O(payloadWithM2O, opts);
             const payloadWithoutAliasAndPK = pick(payloadWithA2O, without(fields, primaryKeyField, ...aliases));
             const payloadWithTypeCasting = await payloadService.processValues('update', payloadWithoutAliasAndPK);
             if (Object.keys(payloadWithTypeCasting).length > 0) {
@@ -581,25 +534,12 @@ export class ItemsService {
                 }
             }
             const childrenRevisions = [...revisionsM2O, ...revisionsA2O];
-            let userIntegrityCheckFlags = opts.userIntegrityCheckFlags ??
-                UserIntegrityCheckFlag.None | userIntegrityCheckFlagsM2O | userIntegrityCheckFlagsA2O;
             nestedActionEvents.push(...nestedActionEventsM2O);
             nestedActionEvents.push(...nestedActionEventsA2O);
             for (const key of keys) {
-                const { revisions, nestedActionEvents: nestedActionEventsO2M, userIntegrityCheckFlags: userIntegrityCheckFlagsO2M, } = await payloadService.processO2M(payloadWithA2O, key, opts);
+                const { revisions, nestedActionEvents: nestedActionEventsO2M } = await payloadService.processO2M(payloadWithA2O, key, opts);
                 childrenRevisions.push(...revisions);
                 nestedActionEvents.push(...nestedActionEventsO2M);
-                userIntegrityCheckFlags |= userIntegrityCheckFlagsO2M;
-            }
-            if (userIntegrityCheckFlags) {
-                if (opts?.onRequireUserIntegrityCheck) {
-                    opts.onRequireUserIntegrityCheck(userIntegrityCheckFlags);
-                }
-                else {
-                    // Having no onRequireUserIntegrityCheck callback indicates that
-                    // this is the top level invocation of the nested updates, so perform the user integrity check
-                    await validateUserCountIntegrity({ flags: userIntegrityCheckFlags, knex: trx });
-                }
             }
             // If this is an authenticated action, and accountability tracking is enabled, save activity row
             if (this.accountability && this.schema.collections[this.collection].accountability !== null) {
@@ -768,16 +708,13 @@ export class ItemsService {
         const { ActivityService } = await import('./activity.js');
         const primaryKeyField = this.schema.collections[this.collection].primary;
         validateKeys(this.schema, this.collection, primaryKeyField, keys);
-        if (this.accountability) {
-            await validateAccess({
+        if (this.accountability && this.accountability.admin !== true) {
+            const authorizationService = new AuthorizationService({
                 accountability: this.accountability,
-                action: 'delete',
-                collection: this.collection,
-                primaryKeys: keys,
-            }, {
-                knex: this.knex,
                 schema: this.schema,
+                knex: this.knex,
             });
+            await authorizationService.checkAccess('delete', this.collection, keys);
         }
         if (opts.preMutationError) {
             throw opts.preMutationError;
@@ -793,14 +730,6 @@ export class ItemsService {
         }
         await transaction(this.knex, async (trx) => {
             await trx(this.collection).whereIn(primaryKeyField, keys).delete();
-            if (opts.userIntegrityCheckFlags) {
-                if (opts.onRequireUserIntegrityCheck) {
-                    opts.onRequireUserIntegrityCheck(opts.userIntegrityCheckFlags);
-                }
-                else {
-                    await validateUserCountIntegrity({ flags: opts.userIntegrityCheckFlags, knex: trx });
-                }
-            }
             if (this.accountability && this.schema.collections[this.collection].accountability !== null) {
                 const activityService = new ActivityService({
                     knex: trx,

package/dist/services/meta.js

@@ -1,8 +1,5 @@
 import getDatabase from '../database/index.js';
-import { fetchPermissions } from '../permissions/lib/fetch-permissions.js';
-import { fetchPolicies } from '../permissions/lib/fetch-policies.js';
-import { dedupeAccess } from '../permissions/modules/process-ast/utils/dedupe-access.js';
-import { validateAccess } from '../permissions/modules/validate-access/validate-access.js';
+import { ForbiddenError } from '@directus/errors';
 import { applyFilter, applySearch } from '../utils/apply-query.js';
 export class MetaService {
     knex;
@@ -31,73 +28,39 @@ export class MetaService {
         }, {});
     }
     async totalCount(collection) {
-        const dbQuery = this.knex(collection);
-        let hasJoins = false;
-        if (this.accountability && this.accountability.admin === false) {
-            const context = { knex: this.knex, schema: this.schema };
-            await validateAccess({
-                accountability: this.accountability,
-                action: 'read',
-                collection,
-            }, context);
-            const policies = await fetchPolicies(this.accountability, context);
-            const permissions = await fetchPermissions({
-                action: 'read',
-                policies,
-                accountability: this.accountability,
-                ...(collection ? { collections: [collection] } : {}),
-            }, context);
-            const rules = dedupeAccess(permissions);
-            const cases = rules.map(({ rule }) => rule);
-            const filter = {
-                _or: cases,
-            };
-            const result = applyFilter(this.knex, this.schema, dbQuery, filter, collection, {}, cases);
-            hasJoins = result.hasJoins;
-        }
-        if (hasJoins) {
-            const primaryKeyName = this.schema.collections[collection].primary;
-            dbQuery.countDistinct({ count: [`${collection}.${primaryKeyName}`] });
-        }
-        else {
-            dbQuery.count('*', { as: 'count' });
+        const dbQuery = this.knex(collection).count('*', { as: 'count' }).first();
+        if (this.accountability?.admin !== true) {
+            const permissionsRecord = this.accountability?.permissions?.find((permission) => {
+                return permission.action === 'read' && permission.collection === collection;
+            });
+            if (!permissionsRecord)
+                throw new ForbiddenError();
+            const permissions = permissionsRecord.permissions ?? {};
+            applyFilter(this.knex, this.schema, dbQuery, permissions, collection, {});
         }
-        const result = await dbQuery.first();
+        const result = await dbQuery;
         return Number(result?.count ?? 0);
     }
     async filterCount(collection, query) {
         const dbQuery = this.knex(collection);
         let filter = query.filter || {};
         let hasJoins = false;
-        let cases = [];
-        if (this.accountability && this.accountability.admin === false) {
-            const context = { knex: this.knex, schema: this.schema };
-            await validateAccess({
-                accountability: this.accountability,
-                action: 'read',
-                collection,
-            }, context);
-            const policies = await fetchPolicies(this.accountability, context);
-            const permissions = await fetchPermissions({
-                action: 'read',
-                policies,
-                accountability: this.accountability,
-                ...(collection ? { collections: [collection] } : {}),
-            }, context);
-            const rules = dedupeAccess(permissions);
-            cases = rules.map(({ rule }) => rule);
-            const permissionsFilter = {
-                _or: cases,
-            };
+        if (this.accountability?.admin !== true) {
+            const permissionsRecord = this.accountability?.permissions?.find((permission) => {
+                return permission.action === 'read' && permission.collection === collection;
+            });
+            if (!permissionsRecord)
+                throw new ForbiddenError();
+            const permissions = permissionsRecord.permissions ?? {};
             if (Object.keys(filter).length > 0) {
-                filter = { _and: [permissionsFilter, filter] };
+                filter = { _and: [permissions, filter] };
             }
             else {
-                filter = permissionsFilter;
+                filter = permissions;
             }
         }
         if (Object.keys(filter).length > 0) {
-            ({ hasJoins } = applyFilter(this.knex, this.schema, dbQuery, filter, collection, {}, cases));
+            ({ hasJoins } = applyFilter(this.knex, this.schema, dbQuery, filter, collection, {}));
         }
         if (query.search) {
             applySearch(this.knex, this.schema, dbQuery, query.search, collection);
@@ -109,7 +72,7 @@ export class MetaService {
         else {
             dbQuery.count('*', { as: 'count' });
         }
-        const result = await dbQuery.first();
-        return Number(result?.count ?? 0);
+        const records = await dbQuery;
+        return Number(records[0]['count']);
     }
 }

package/dist/services/payload.d.ts

@@ -2,7 +2,6 @@ import type { Accountability, Item, PrimaryKey, SchemaOverview } from '@directus
 import type { Knex } from 'knex';
 import type { Helpers } from '../database/helpers/index.js';
 import type { AbstractServiceOptions, ActionEventParams, MutationOptions } from '../types/index.js';
-import { UserIntegrityCheckFlag } from '../utils/validate-user-count-integrity.js';
 type Action = 'create' | 'read' | 'update';
 type Transformers = {
     [type: string]: (context: {
@@ -14,11 +13,6 @@ type Transformers = {
         helpers: Helpers;
     }) => Promise<any>;
 };
-type PayloadServiceProcessRelationResult = {
-    revisions: PrimaryKey[];
-    nestedActionEvents: ActionEventParams[];
-    userIntegrityCheckFlags: UserIntegrityCheckFlag;
-};
 /**
  * Process a given payload for a collection to ensure the special fields (hash, uuid, date etc) are
  * handled correctly.
@@ -52,19 +46,26 @@ export declare class PayloadService {
     /**
      * Recursively save/update all nested related Any-to-One items
      */
-    processA2O(data: Partial<Item>, opts?: MutationOptions): Promise<PayloadServiceProcessRelationResult & {
+    processA2O(data: Partial<Item>, opts?: MutationOptions): Promise<{
         payload: Partial<Item>;
+        revisions: PrimaryKey[];
+        nestedActionEvents: ActionEventParams[];
     }>;
     /**
      * Save/update all nested related m2o items inside the payload
      */
-    processM2O(data: Partial<Item>, opts?: MutationOptions): Promise<PayloadServiceProcessRelationResult & {
+    processM2O(data: Partial<Item>, opts?: MutationOptions): Promise<{
         payload: Partial<Item>;
+        revisions: PrimaryKey[];
+        nestedActionEvents: ActionEventParams[];
     }>;
     /**
      * Recursively save/update all nested related o2m items
      */
-    processO2M(data: Partial<Item>, parent: PrimaryKey, opts?: MutationOptions): Promise<PayloadServiceProcessRelationResult>;
+    processO2M(data: Partial<Item>, parent: PrimaryKey, opts?: MutationOptions): Promise<{
+        revisions: PrimaryKey[];
+        nestedActionEvents: ActionEventParams[];
+    }>;
     /**
      * Transforms the input partial payload to match the output structure, to have consistency
      * between delta and data