npm - @directus/api - Versions diffs - 20.0.0-rc.1 → 20.0.0 - Mend

@directus/api 20.0.0-rc.1 → 20.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (291) hide show

package/dist/telemetry/utils/get-user-counts-by-roles.js ADDED Viewed

@@ -0,0 +1,35 @@
+import { toBoolean } from '@directus/utils';
+import {} from './get-user-count.js';
+/**
+ * Get the user type counts by role IDs
+ */
+export async function getUserCountsByRoles(db, roleIds) {
+    const counts = {
+        admin: 0,
+        app: 0,
+        api: 0,
+    };
+    const result = (await db
+        .count('directus_users.id', { as: 'count' })
+        .select('directus_roles.admin_access', 'directus_roles.app_access')
+        .from('directus_users')
+        .whereIn('directus_roles.id', roleIds)
+        .andWhere('directus_users.status', '=', 'active')
+        .leftJoin('directus_roles', 'directus_users.role', '=', 'directus_roles.id')
+        .groupBy('directus_roles.admin_access', 'directus_roles.app_access'));
+    for (const record of result) {
+        const adminAccess = toBoolean(record.admin_access);
+        const appAccess = toBoolean(record.app_access);
+        const count = Number(record.count);
+        if (adminAccess) {
+            counts.admin += count;
+        }
+        else if (appAccess) {
+            counts.app += count;
+        }
+        else {
+            counts.api += count;
+        }
+    }
+    return counts;
+}

package/dist/types/ast.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { Filter, Query, Relation } from '@directus/types';
+import type { Query, Relation } from '@directus/types';
 export type M2ONode = {
     type: 'm2o';
     name: string;
@@ -8,14 +8,6 @@ export type M2ONode = {
     relation: Relation;
     parentKey: string;
     relatedKey: string;
-    /**
-     * Which permission cases have to be met on the current item for this field to return a value
-     */
-    whenCase: number[];
-    /**
-     * Permissions rules for the item access of the children of this item.
-     */
-    cases: Filter[];
 };
 export type A2MNode = {
     type: 'a2o';
@@ -32,16 +24,6 @@ export type A2MNode = {
     fieldKey: string;
     relation: Relation;
     parentKey: string;
-    /**
-     * Which permission cases have to be met on the current item for this field to return a value
-     */
-    whenCase: number[];
-    /**
-     * Permissions rules for the item access of the children of this item.
-     */
-    cases: {
-        [collection: string]: Filter[];
-    };
 };
 export type O2MNode = {
     type: 'o2m';
@@ -52,24 +34,12 @@ export type O2MNode = {
     relation: Relation;
     parentKey: string;
     relatedKey: string;
-    /**
-     * Which permission cases have to be met on the current item for this field to return a value
-     */
-    whenCase: number[];
-    /**
-     * Permissions rules for the item access of the children of this item.
-     */
-    cases: Filter[];
 };
 export type NestedCollectionNode = M2ONode | O2MNode | A2MNode;
 export type FieldNode = {
     type: 'field';
     name: string;
     fieldKey: string;
-    /**
-     * Which permission cases have to be met on the current item for this field to return a value
-     */
-    whenCase: number[];
 };
 export type FunctionFieldNode = {
     type: 'functionField';
@@ -77,22 +47,10 @@ export type FunctionFieldNode = {
     fieldKey: string;
     query: Query;
     relatedCollection: string;
-    /**
-     * Which permission cases have to be met on the current item for this field to return a value
-     */
-    whenCase: number[];
-    /**
-     * Permissions rules for the item access of the related collection of this item.
-     */
-    cases: Filter[];
 };
 export type AST = {
     type: 'root';
     name: string;
     children: (NestedCollectionNode | FieldNode | FunctionFieldNode)[];
     query: Query;
-    /**
-     * Permissions rules for the item access of the children of this item.
-     */
-    cases: Filter[];
 };

package/dist/types/items.d.ts CHANGED Viewed

@@ -1,7 +1,6 @@
 import type { DirectusError } from '@directus/errors';
 import type { EventContext, PrimaryKey } from '@directus/types';
 import type { MutationTracker } from '../services/items.js';
-import type { UserIntegrityCheckFlag } from '../utils/validate-user-count-integrity.js';
 export type MutationOptions = {
     /**
      * Callback function that's fired whenever a revision is made in the mutation
@@ -34,16 +33,6 @@ export type MutationOptions = {
     mutationTracker?: MutationTracker | undefined;
     preMutationError?: DirectusError | undefined;
     bypassAutoIncrementSequenceReset?: boolean;
-    /**
-     * Indicate that the top level mutation needs to perform a user integrity check before commiting the transaction
-     * This is a combination of flags
-     * @see UserIntegrityCheckFlag
-     */
-    userIntegrityCheckFlags?: UserIntegrityCheckFlag;
-    /**
-     * Callback function that is called whenever a mutation requires a user integrity check to be made
-     */
-    onRequireUserIntegrityCheck?: ((flags: UserIntegrityCheckFlag) => void) | undefined;
 };
 export type ActionEventParams = {
     event: string | string[];

package/dist/utils/apply-query.d.ts CHANGED Viewed

@@ -5,7 +5,7 @@ export declare const generateAlias: (size?: number | undefined) => string;
 /**
  * Apply the Query to a given Knex query builder instance
  */
-export default function applyQuery(knex: Knex, collection: string, dbQuery: Knex.QueryBuilder, query: Query, schema: SchemaOverview, cases: Filter[], options?: {
+export default function applyQuery(knex: Knex, collection: string, dbQuery: Knex.QueryBuilder, query: Query, schema: SchemaOverview, options?: {
     aliasMap?: AliasMap;
     isInnerQuery?: boolean;
     hasMultiRelationalSort?: boolean | undefined;
@@ -32,11 +32,10 @@ export declare function applySort(knex: Knex, schema: SchemaOverview, rootQuery:
 };
 export declare function applyLimit(knex: Knex, rootQuery: Knex.QueryBuilder, limit: any): void;
 export declare function applyOffset(knex: Knex, rootQuery: Knex.QueryBuilder, offset: any): void;
-export declare function applyFilter(knex: Knex, schema: SchemaOverview, rootQuery: Knex.QueryBuilder, rootFilter: Filter, collection: string, aliasMap: AliasMap, cases: Filter[]): {
+export declare function applyFilter(knex: Knex, schema: SchemaOverview, rootQuery: Knex.QueryBuilder, rootFilter: Filter, collection: string, aliasMap: AliasMap): {
     query: Knex.QueryBuilder<any, any>;
     hasJoins: boolean;
     hasMultiRelationalFilter: boolean;
 };
-export declare function applySearch(knex: Knex, schema: SchemaOverview, dbQuery: Knex.QueryBuilder, searchQuery: string, collection: string): void;
+export declare function applySearch(knex: Knex, schema: SchemaOverview, dbQuery: Knex.QueryBuilder, searchQuery: string, collection: string): Promise<void>;
 export declare function applyAggregate(schema: SchemaOverview, dbQuery: Knex.QueryBuilder, aggregate: Aggregate, collection: string, hasJoins: boolean): void;
-export declare function joinFilterWithCases(filter: Filter | null | undefined, cases: Filter[]): Filter | null;

package/dist/utils/apply-query.js CHANGED Viewed

@@ -14,7 +14,7 @@ export const generateAlias = customAlphabet('abcdefghijklmnopqrstuvwxyz', 5);
 /**
  * Apply the Query to a given Knex query builder instance
  */
-export default function applyQuery(knex, collection, dbQuery, query, schema, cases, options) {
+export default function applyQuery(knex, collection, dbQuery, query, schema, options) {
     const aliasMap = options?.aliasMap ?? Object.create(null);
     let hasJoins = false;
     let hasMultiRelationalFilter = false;
@@ -37,14 +37,8 @@ export default function applyQuery(knex, collection, dbQuery, query, schema, cas
     if (query.group) {
         dbQuery.groupBy(query.group.map((column) => getColumn(knex, collection, column, false, schema)));
     }
-    // `cases` are the permissions cases that are required for the current data set. We're
-    // dynamically adding those into the filters that the user provided to enforce the permission
-    // rules. You should be able to read an item if one or more of the cases matches. The actual case
-    // is reused in the column selection case/when to dynamically return or nullify the field values
-    // you're actually allowed to read
-    const filter = joinFilterWithCases(query.filter, cases);
-    if (filter) {
-        const filterResult = applyFilter(knex, schema, dbQuery, filter, collection, aliasMap, cases);
+    if (query.filter) {
+        const filterResult = applyFilter(knex, schema, dbQuery, query.filter, collection, aliasMap);
         if (!hasJoins) {
             hasJoins = filterResult.hasJoins;
         }
@@ -232,7 +226,7 @@ export function applyOffset(knex, rootQuery, offset) {
         getHelpers(knex).schema.applyOffset(rootQuery, offset);
     }
 }
-export function applyFilter(knex, schema, rootQuery, rootFilter, collection, aliasMap, cases) {
+export function applyFilter(knex, schema, rootQuery, rootFilter, collection, aliasMap) {
     const helpers = getHelpers(knex);
     const relations = schema.relations;
     let hasJoins = false;
@@ -241,23 +235,12 @@ export function applyFilter(knex, schema, rootQuery, rootFilter, collection, ali
     addWhereClauses(knex, rootQuery, rootFilter, collection);
     return { query: rootQuery, hasJoins, hasMultiRelationalFilter };
     function addJoins(dbQuery, filter, collection) {
-        // eslint-disable-next-line prefer-const
-        for (let [key, value] of Object.entries(filter)) {
+        for (const [key, value] of Object.entries(filter)) {
             if (key === '_or' || key === '_and') {
                 // If the _or array contains an empty object (full permissions), we should short-circuit and ignore all other
                 // permission checks, as {} already matches full permissions.
                 if (key === '_or' && value.some((subFilter) => Object.keys(subFilter).length === 0)) {
-                    // But only do so, if the value is not equal to `cases` (since then this is not permission related at all)
-                    // or the length of value is 1, ie. only the empty filter.
-                    // If the length is more than one it means that some items (and fields) might now be available, so
-                    // the joins are required for the case/when construction.
-                    if (value !== cases || value.length === 1) {
-                        continue;
-                    }
-                    else {
-                        // Otherwise we can at least filter out all empty filters that would not add joins anyway
-                        value = value.filter((subFilter) => Object.keys(subFilter).length > 0);
-                    }
+                    continue;
                 }
                 value.forEach((subFilter) => {
                     addJoins(dbQuery, subFilter, collection);
@@ -328,7 +311,7 @@ export function applyFilter(knex, schema, rootQuery, rootFilter, collection, ali
                             .select({ [field]: column })
                             .from(collection)
                             .whereNotNull(column);
-                        applyQuery(knex, relation.collection, subQueryKnex, { filter }, schema, cases);
+                        applyQuery(knex, relation.collection, subQueryKnex, { filter }, schema);
                     };
                     const childKey = Object.keys(value)?.[0];
                     if (childKey === '_none') {
@@ -568,7 +551,7 @@ export function applyFilter(knex, schema, rootQuery, rootFilter, collection, ali
         }
     }
 }
-export function applySearch(knex, schema, dbQuery, searchQuery, collection) {
+export async function applySearch(knex, schema, dbQuery, searchQuery, collection) {
     const { number: numberHelper } = getHelpers(knex);
     const fields = Object.entries(schema.collections[collection].fields);
     dbQuery.andWhere(function () {
@@ -644,18 +627,6 @@ export function applyAggregate(schema, dbQuery, aggregate, collection, hasJoins)
         }
     }
 }
-export function joinFilterWithCases(filter, cases) {
-    if (cases.length > 0 && !filter) {
-        return { _or: cases };
-    }
-    else if (filter && cases.length === 0) {
-        return filter ?? null;
-    }
-    else if (filter && cases.length > 0) {
-        return { _and: [filter, { _or: cases }] };
-    }
-    return null;
-}
 function getFilterPath(key, value) {
     const path = [key];
     const childKey = Object.keys(value)[0];

package/dist/utils/get-accountability-for-role.js CHANGED Viewed

@@ -1,31 +1,40 @@
-import { fetchRolesTree } from '../permissions/lib/fetch-roles-tree.js';
-import { fetchGlobalAccess } from '../permissions/modules/fetch-global-access/fetch-global-access.js';
-import { createDefaultAccountability } from '../permissions/utils/create-default-accountability.js';
+import { getPermissions } from './get-permissions.js';
 export async function getAccountabilityForRole(role, context) {
-    let generatedAccountability;
+    let generatedAccountability = context.accountability;
     if (role === null) {
-        generatedAccountability = createDefaultAccountability();
+        generatedAccountability = {
+            role: null,
+            user: null,
+            admin: false,
+            app: false,
+        };
+        generatedAccountability.permissions = await getPermissions(generatedAccountability, context.schema);
     }
     else if (role === 'system') {
-        generatedAccountability = createDefaultAccountability({
+        generatedAccountability = {
+            user: null,
+            role: null,
             admin: true,
             app: true,
-        });
+            permissions: [],
+        };
     }
     else {
-        const roles = await fetchRolesTree(role, context.database);
-        // The roles tree should always include the passed role. If it doesn't, it's because it
-        // couldn't be read from the database and therefore doesn't exist
-        if (roles.length === 0) {
+        const roleInfo = await context.database
+            .select(['app_access', 'admin_access'])
+            .from('directus_roles')
+            .where({ id: role })
+            .first();
+        if (!roleInfo) {
             throw new Error(`Configured role "${role}" isn't a valid role ID or doesn't exist.`);
         }
-        const globalAccess = await fetchGlobalAccess({ user: null, roles, ip: context.accountability?.ip ?? null }, context.database);
-        generatedAccountability = createDefaultAccountability({
+        generatedAccountability = {
             role,
-            roles,
             user: null,
-            ...globalAccess,
-        });
+            admin: roleInfo.admin_access === 1 || roleInfo.admin_access === '1' || roleInfo.admin_access === true,
+            app: roleInfo.app_access === 1 || roleInfo.app_access === '1' || roleInfo.app_access === true,
+        };
+        generatedAccountability.permissions = await getPermissions(generatedAccountability, context.schema);
     }
     return generatedAccountability;
 }

package/dist/utils/get-accountability-for-token.js CHANGED Viewed

@@ -1,40 +1,41 @@
 import { InvalidCredentialsError } from '@directus/errors';
 import getDatabase from '../database/index.js';
-import { fetchRolesTree } from '../permissions/lib/fetch-roles-tree.js';
-import { fetchGlobalAccess } from '../permissions/modules/fetch-global-access/fetch-global-access.js';
-import { createDefaultAccountability } from '../permissions/utils/create-default-accountability.js';
 import { getSecret } from './get-secret.js';
 import isDirectusJWT from './is-directus-jwt.js';
-import { verifyAccessJWT } from './jwt.js';
 import { verifySessionJWT } from './verify-session-jwt.js';
+import { verifyAccessJWT } from './jwt.js';
 export async function getAccountabilityForToken(token, accountability) {
     if (!accountability) {
-        accountability = createDefaultAccountability();
+        accountability = {
+            user: null,
+            role: null,
+            admin: false,
+            app: false,
+        };
     }
-    // Try finding the user with the provided token
-    const database = getDatabase();
     if (token) {
         if (isDirectusJWT(token)) {
             const payload = verifyAccessJWT(token, getSecret());
             if ('session' in payload) {
                 await verifySessionJWT(payload);
             }
+            accountability.role = payload.role;
+            accountability.admin = payload.admin_access === true || payload.admin_access == 1;
+            accountability.app = payload.app_access === true || payload.app_access == 1;
             if (payload.share)
                 accountability.share = payload.share;
             if (payload.share_scope)
                 accountability.share_scope = payload.share_scope;
             if (payload.id)
                 accountability.user = payload.id;
-            accountability.role = payload.role;
-            accountability.roles = await fetchRolesTree(payload.role, database);
-            const { admin, app } = await fetchGlobalAccess(accountability, database);
-            accountability.admin = admin;
-            accountability.app = app;
         }
         else {
+            // Try finding the user with the provided token
+            const database = getDatabase();
             const user = await database
-                .select('directus_users.id', 'directus_users.role')
+                .select('directus_users.id', 'directus_users.role', 'directus_roles.admin_access', 'directus_roles.app_access')
                 .from('directus_users')
+                .leftJoin('directus_roles', 'directus_users.role', 'directus_roles.id')
                 .where({
                 'directus_users.token': token,
                 status: 'active',
@@ -45,10 +46,8 @@ export async function getAccountabilityForToken(token, accountability) {
             }
             accountability.user = user.id;
             accountability.role = user.role;
-            accountability.roles = await fetchRolesTree(user.role, database);
-            const { admin, app } = await fetchGlobalAccess(accountability, database);
-            accountability.admin = admin;
-            accountability.app = app;
+            accountability.admin = user.admin_access === true || user.admin_access == 1;
+            accountability.app = user.app_access === true || user.app_access == 1;
         }
     }
     return accountability;

package/dist/utils/get-ast-from-query.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * Generate an AST based on a given collection and query
+ */
+import type { Accountability, PermissionsAction, Query, SchemaOverview } from '@directus/types';
+import type { Knex } from 'knex';
+import type { AST } from '../types/index.js';
+type GetASTOptions = {
+    accountability?: Accountability | null;
+    action?: PermissionsAction;
+    knex?: Knex;
+};
+export default function getASTFromQuery(collection: string, query: Query, schema: SchemaOverview, options?: GetASTOptions): Promise<AST>;
+export {};