npm - @directus/api - Versions diffs - 20.0.0 → 21.0.0-rc.0 - Mend

@directus/api 20.0.0 → 21.0.0-rc.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (330) hide show

package/dist/utils/get-accountability-for-token.js CHANGED Viewed

@@ -1,41 +1,40 @@
 import { InvalidCredentialsError } from '@directus/errors';
 import getDatabase from '../database/index.js';
+import { fetchRolesTree } from '../permissions/lib/fetch-roles-tree.js';
+import { fetchGlobalAccess } from '../permissions/modules/fetch-global-access/fetch-global-access.js';
+import { createDefaultAccountability } from '../permissions/utils/create-default-accountability.js';
 import { getSecret } from './get-secret.js';
 import isDirectusJWT from './is-directus-jwt.js';
-import { verifySessionJWT } from './verify-session-jwt.js';
 import { verifyAccessJWT } from './jwt.js';
+import { verifySessionJWT } from './verify-session-jwt.js';
 export async function getAccountabilityForToken(token, accountability) {
     if (!accountability) {
-        accountability = {
-            user: null,
-            role: null,
-            admin: false,
-            app: false,
-        };
+        accountability = createDefaultAccountability();
     }
+    // Try finding the user with the provided token
+    const database = getDatabase();
     if (token) {
         if (isDirectusJWT(token)) {
             const payload = verifyAccessJWT(token, getSecret());
             if ('session' in payload) {
                 await verifySessionJWT(payload);
             }
-            accountability.role = payload.role;
-            accountability.admin = payload.admin_access === true || payload.admin_access == 1;
-            accountability.app = payload.app_access === true || payload.app_access == 1;
             if (payload.share)
                 accountability.share = payload.share;
             if (payload.share_scope)
                 accountability.share_scope = payload.share_scope;
             if (payload.id)
                 accountability.user = payload.id;
+            accountability.role = payload.role;
+            accountability.roles = await fetchRolesTree(payload.role, database);
+            const { admin, app } = await fetchGlobalAccess(accountability, database);
+            accountability.admin = admin;
+            accountability.app = app;
         }
         else {
-            // Try finding the user with the provided token
-            const database = getDatabase();
             const user = await database
-                .select('directus_users.id', 'directus_users.role', 'directus_roles.admin_access', 'directus_roles.app_access')
+                .select('directus_users.id', 'directus_users.role')
                 .from('directus_users')
-                .leftJoin('directus_roles', 'directus_users.role', 'directus_roles.id')
                 .where({
                 'directus_users.token': token,
                 status: 'active',
@@ -46,8 +45,10 @@ export async function getAccountabilityForToken(token, accountability) {
             }
             accountability.user = user.id;
             accountability.role = user.role;
-            accountability.admin = user.admin_access === true || user.admin_access == 1;
-            accountability.app = user.app_access === true || user.app_access == 1;
+            accountability.roles = await fetchRolesTree(user.role, database);
+            const { admin, app } = await fetchGlobalAccess(accountability, database);
+            accountability.admin = admin;
+            accountability.app = app;
         }
     }
     return accountability;

package/dist/utils/get-cache-key.d.ts CHANGED Viewed

@@ -1,3 +1,3 @@
 /// <reference types="cookie-parser" />
 import type { Request } from 'express';
-export declare function getCacheKey(req: Request): string;
+export declare function getCacheKey(req: Request): Promise<string>;

package/dist/utils/get-cache-key.js CHANGED Viewed

@@ -1,15 +1,26 @@
 import hash from 'object-hash';
 import url from 'url';
+import getDatabase from '../database/index.js';
+import { fetchPoliciesIpAccess } from '../permissions/modules/fetch-policies-ip-access/fetch-policies-ip-access.js';
 import { getGraphqlQueryAndVariables } from './get-graphql-query-and-variables.js';
 import { version } from 'directus/version';
-export function getCacheKey(req) {
+import { ipInNetworks } from './ip-in-networks.js';
+export async function getCacheKey(req) {
     const path = url.parse(req.originalUrl).pathname;
     const isGraphQl = path?.startsWith('/graphql');
+    let includeIp = false;
+    if (req.accountability && req.accountability.ip) {
+        // Check if the IP influences the result of the request, that can be the case if some policies have an ip_access
+        // filter and the request IP matches any of those filters
+        const ipFilters = await fetchPoliciesIpAccess(req.accountability, getDatabase());
+        includeIp = ipFilters.length > 0 && ipFilters.some((networks) => ipInNetworks(req.accountability.ip, networks));
+    }
     const info = {
         version,
         user: req.accountability?.user || null,
         path,
         query: isGraphQl ? getGraphqlQueryAndVariables(req) : req.sanitizedQuery,
+        ...(includeIp && { ip: req.accountability.ip }),
     };
     const key = hash(info);
     return key;

package/dist/utils/get-column.d.ts CHANGED Viewed

@@ -1,7 +1,8 @@
-import type { Query, SchemaOverview } from '@directus/types';
+import type { Filter, Query, SchemaOverview } from '@directus/types';
 import type { Knex } from 'knex';
 type GetColumnOptions = {
     query?: Query | undefined;
+    cases?: Filter[];
     originalCollectionName?: string | undefined;
 };
 /**

package/dist/utils/get-column.js CHANGED Viewed

@@ -30,6 +30,7 @@ export function getColumn(knex, table, column, alias = applyFunctionToColumnName
             const result = fn[functionName](table, columnName, {
                 type,
                 query: options?.query,
+                cases: options?.cases,
                 originalCollectionName: options?.originalCollectionName,
             });
             if (alias) {

package/dist/utils/get-default-value.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { parseJSON } from '@directus/utils';
 import { getNodeEnv } from '@directus/utils/node';
-import { useLogger } from '../logger.js';
+import { useLogger } from '../logger/index.js';
 import getLocalType from './get-local-type.js';
 export default function getDefaultValue(column, field) {
     const type = getLocalType(column, field);

package/dist/utils/get-ip-from-req.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { useEnv } from '@directus/env';
 import { isIP } from 'net';
-import { useLogger } from '../logger.js';
+import { useLogger } from '../logger/index.js';
 export function getIPFromReq(req) {
     const env = useEnv();
     const logger = useLogger();

package/dist/utils/get-schema.js CHANGED Viewed

@@ -8,7 +8,7 @@ import { getSchemaCache, setSchemaCache } from '../cache.js';
 import { ALIAS_TYPES } from '../constants.js';
 import getDatabase from '../database/index.js';
 import { useLock } from '../lock/index.js';
-import { useLogger } from '../logger.js';
+import { useLogger } from '../logger/index.js';
 import { RelationsService } from '../services/relations.js';
 import getDefaultValue from './get-default-value.js';
 import { getSystemFieldRowsWithAuthProviders } from './get-field-system-rows.js';

package/dist/utils/get-service.js CHANGED Viewed

@@ -1,11 +1,13 @@
 import { ForbiddenError } from '@directus/errors';
-import { ActivityService, DashboardsService, FilesService, FlowsService, FoldersService, ItemsService, NotificationsService, OperationsService, PanelsService, PermissionsService, PresetsService, RevisionsService, RolesService, SettingsService, SharesService, TranslationsService, UsersService, VersionsService, WebhooksService, } from '../services/index.js';
+import { AccessService, ActivityService, DashboardsService, FilesService, FlowsService, FoldersService, ItemsService, NotificationsService, OperationsService, PanelsService, PermissionsService, PoliciesService, PresetsService, RevisionsService, RolesService, SettingsService, SharesService, TranslationsService, UsersService, VersionsService, WebhooksService, } from '../services/index.js';
 /**
  * Select the correct service for the given collection. This allows the individual services to run
  * their custom checks (f.e. it allows `UsersService` to prevent updating TFA secret from outside).
  */
 export function getService(collection, opts) {
     switch (collection) {
+        case 'directus_access':
+            return new AccessService(opts);
         case 'directus_activity':
             return new ActivityService(opts);
         case 'directus_dashboards':
@@ -26,6 +28,8 @@ export function getService(collection, opts) {
             return new PermissionsService(opts);
         case 'directus_presets':
             return new PresetsService(opts);
+        case 'directus_policies':
+            return new PoliciesService(opts);
         case 'directus_revisions':
             return new RevisionsService(opts);
         case 'directus_roles':

package/dist/utils/is-url-allowed.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { toArray } from '@directus/utils';
 import { URL } from 'url';
-import { useLogger } from '../logger.js';
+import { useLogger } from '../logger/index.js';
 /**
  * Check if URL matches allow list either exactly or by origin (protocol+domain+port) + pathname
  */

package/dist/utils/reduce-schema.d.ts CHANGED Viewed

@@ -1,9 +1,7 @@
-import type { Permission, PermissionsAction, SchemaOverview } from '@directus/types';
+import type { SchemaOverview } from '@directus/types';
+import type { FieldMap } from '../permissions/modules/fetch-allowed-field-map/fetch-allowed-field-map.js';
 /**
  * Reduces the schema based on the included permissions. The resulting object is the schema structure, but with only
- * the allowed collections/fields/relations included based on the permissions.
- * @param schema The full project schema
- * @param actions Array of permissions actions (crud)
- * @returns Reduced schema
+ * the allowed collections/fields/relations included based on the passed field map.
  */
-export declare function reduceSchema(schema: SchemaOverview, permissions: Permission[] | null, actions?: PermissionsAction[]): SchemaOverview;
+export declare function reduceSchema(schema: SchemaOverview, fieldMap: FieldMap): SchemaOverview;

package/dist/utils/reduce-schema.js CHANGED Viewed

@@ -1,40 +1,24 @@
-import { uniq } from 'lodash-es';
 /**
  * Reduces the schema based on the included permissions. The resulting object is the schema structure, but with only
- * the allowed collections/fields/relations included based on the permissions.
- * @param schema The full project schema
- * @param actions Array of permissions actions (crud)
- * @returns Reduced schema
+ * the allowed collections/fields/relations included based on the passed field map.
  */
-export function reduceSchema(schema, permissions, actions = ['create', 'read', 'update', 'delete']) {
+export function reduceSchema(schema, fieldMap) {
     const reduced = {
         collections: {},
         relations: [],
     };
-    const allowedFieldsInCollection = permissions
-        ?.filter((permission) => actions.includes(permission.action))
-        .reduce((acc, permission) => {
-        if (!acc[permission.collection]) {
-            acc[permission.collection] = [];
-        }
-        if (permission.fields) {
-            acc[permission.collection] = uniq([...acc[permission.collection], ...permission.fields]);
-        }
-        return acc;
-    }, {}) ?? {};
     for (const [collectionName, collection] of Object.entries(schema.collections)) {
-        if (!permissions?.some((permission) => permission.collection === collectionName && actions.includes(permission.action))) {
+        if (!fieldMap[collectionName]) {
+            // Collection is not allowed at all
             continue;
         }
         const fields = {};
         for (const [fieldName, field] of Object.entries(schema.collections[collectionName].fields)) {
-            if (!allowedFieldsInCollection[collectionName]?.includes('*') &&
-                !allowedFieldsInCollection[collectionName]?.includes(fieldName)) {
+            if (!fieldMap[collectionName]?.includes('*') && !fieldMap[collectionName]?.includes(fieldName)) {
                 continue;
             }
             const o2mRelation = schema.relations.find((relation) => relation.related_collection === collectionName && relation.meta?.one_field === fieldName);
-            if (o2mRelation &&
-                !permissions?.some((permission) => permission.collection === o2mRelation.collection && actions.includes(permission.action))) {
+            if (o2mRelation && !fieldMap[collectionName]) {
                 continue;
             }
             fields[fieldName] = field;
@@ -47,29 +31,29 @@ export function reduceSchema(schema, permissions, actions = ['create', 'read', '
     reduced.relations = schema.relations.filter((relation) => {
         let collectionsAllowed = true;
         let fieldsAllowed = true;
-        if (Object.keys(allowedFieldsInCollection).includes(relation.collection) === false) {
+        if (Object.keys(fieldMap).includes(relation.collection) === false) {
             collectionsAllowed = false;
         }
         if (relation.related_collection &&
-            (Object.keys(allowedFieldsInCollection).includes(relation.related_collection) === false ||
+            (Object.keys(fieldMap).includes(relation.related_collection) === false ||
                 // Ignore legacy permissions with an empty fields array
-                allowedFieldsInCollection[relation.related_collection]?.length === 0)) {
+                fieldMap[relation.related_collection]?.length === 0)) {
             collectionsAllowed = false;
         }
         if (relation.meta?.one_allowed_collections &&
-            relation.meta.one_allowed_collections.every((collection) => Object.keys(allowedFieldsInCollection).includes(collection)) === false) {
+            relation.meta.one_allowed_collections.every((collection) => Object.keys(fieldMap).includes(collection)) === false) {
             collectionsAllowed = false;
         }
-        if (!allowedFieldsInCollection[relation.collection] ||
-            (allowedFieldsInCollection[relation.collection]?.includes('*') === false &&
-                allowedFieldsInCollection[relation.collection]?.includes(relation.field) === false)) {
+        if (!fieldMap[relation.collection] ||
+            (fieldMap[relation.collection]?.includes('*') === false &&
+                fieldMap[relation.collection]?.includes(relation.field) === false)) {
             fieldsAllowed = false;
         }
         if (relation.related_collection &&
             relation.meta?.one_field &&
-            (!allowedFieldsInCollection[relation.related_collection] ||
-                (allowedFieldsInCollection[relation.related_collection]?.includes('*') === false &&
-                    allowedFieldsInCollection[relation.related_collection]?.includes(relation.meta?.one_field) === false))) {
+            (!fieldMap[relation.related_collection] ||
+                (fieldMap[relation.related_collection]?.includes('*') === false &&
+                    fieldMap[relation.related_collection]?.includes(relation.meta?.one_field) === false))) {
             fieldsAllowed = false;
         }
         return collectionsAllowed && fieldsAllowed;

package/dist/utils/sanitize-query.js CHANGED Viewed

@@ -2,7 +2,7 @@ import { useEnv } from '@directus/env';
 import { InvalidQueryError } from '@directus/errors';
 import { parseFilter, parseJSON } from '@directus/utils';
 import { flatten, get, isPlainObject, merge, set } from 'lodash-es';
-import { useLogger } from '../logger.js';
+import { useLogger } from '../logger/index.js';
 import { Meta } from '../types/index.js';
 export function sanitizeQuery(rawQuery, accountability) {
     const env = useEnv();

package/dist/utils/transaction.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import {} from 'knex';
 import { getDatabaseClient } from '../database/index.js';
-import { useLogger } from '../logger.js';
+import { useLogger } from '../logger/index.js';
 /**
  * Execute the given handler within the current transaction or a newly created one
  * if the current knex state isn't a transaction yet.

package/dist/utils/validate-env.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import { useEnv } from '@directus/env';
-import { useLogger } from '../logger.js';
+import { useLogger } from '../logger/index.js';
 export function validateEnv(requiredKeys) {
     const env = useEnv();
     const logger = useLogger();

package/dist/utils/validate-storage.js CHANGED Viewed

@@ -4,7 +4,7 @@ import { constants } from 'fs';
 import { access } from 'node:fs/promises';
 import path from 'path';
 import { getExtensionsPath } from '../extensions/lib/get-extensions-path.js';
-import { useLogger } from '../logger.js';
+import { useLogger } from '../logger/index.js';
 export async function validateStorage() {
     const env = useEnv();
     const logger = useLogger();

package/dist/utils/validate-user-count-integrity.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import { type FetchUserCountOptions } from './fetch-user-count/fetch-user-count.js';
+export declare enum UserIntegrityCheckFlag {
+    None = 0,
+    /** Check if the number of remaining admin users is greater than 0 */
+    RemainingAdmins = 1,
+    /** Check if the number of users is within the limits */
+    UserLimits = 2,
+    All = 3
+}
+export interface ValidateUserCountIntegrityOptions extends Omit<FetchUserCountOptions, 'adminOnly'> {
+    flags: UserIntegrityCheckFlag;
+}
+export declare function validateUserCountIntegrity(options: ValidateUserCountIntegrityOptions): Promise<void>;

package/dist/utils/validate-user-count-integrity.js ADDED Viewed

@@ -0,0 +1,29 @@
+import { validateRemainingAdminCount } from '../permissions/modules/validate-remaining-admin/validate-remaining-admin-count.js';
+import { checkUserLimits } from '../telemetry/utils/check-user-limits.js';
+import { shouldCheckUserLimits } from '../telemetry/utils/should-check-user-limits.js';
+import { fetchUserCount } from './fetch-user-count/fetch-user-count.js';
+export var UserIntegrityCheckFlag;
+(function (UserIntegrityCheckFlag) {
+    UserIntegrityCheckFlag[UserIntegrityCheckFlag["None"] = 0] = "None";
+    /** Check if the number of remaining admin users is greater than 0 */
+    UserIntegrityCheckFlag[UserIntegrityCheckFlag["RemainingAdmins"] = 1] = "RemainingAdmins";
+    /** Check if the number of users is within the limits */
+    UserIntegrityCheckFlag[UserIntegrityCheckFlag["UserLimits"] = 2] = "UserLimits";
+    UserIntegrityCheckFlag[UserIntegrityCheckFlag["All"] = 3] = "All";
+})(UserIntegrityCheckFlag || (UserIntegrityCheckFlag = {}));
+export async function validateUserCountIntegrity(options) {
+    const validateUserLimits = (options.flags & UserIntegrityCheckFlag.UserLimits) !== 0;
+    const validateRemainingAdminUsers = (options.flags & UserIntegrityCheckFlag.RemainingAdmins) !== 0;
+    const limitCheck = validateUserLimits && shouldCheckUserLimits();
+    if (!validateRemainingAdminUsers && !limitCheck) {
+        return;
+    }
+    const adminOnly = validateRemainingAdminUsers && !limitCheck;
+    const userCounts = await fetchUserCount({ ...options, adminOnly });
+    if (limitCheck) {
+        await checkUserLimits(userCounts);
+    }
+    if (validateRemainingAdminUsers) {
+        validateRemainingAdminCount(userCounts.admin);
+    }
+}

package/dist/websocket/authenticate.d.ts CHANGED Viewed

@@ -1,6 +1,4 @@
-import type { Accountability } from '@directus/types';
 import type { BasicAuthMessage } from './messages.js';
 import type { AuthenticationState } from './types.js';
 export declare function authenticateConnection(message: BasicAuthMessage & Record<string, any>): Promise<AuthenticationState>;
-export declare function refreshAccountability(accountability: Accountability | null | undefined): Promise<Accountability>;
 export declare function authenticationSuccess(uid?: string | number, refresh_token?: string): string;

package/dist/websocket/authenticate.js CHANGED Viewed

@@ -1,7 +1,6 @@
 import { DEFAULT_AUTH_PROVIDER } from '../constants.js';
 import { AuthenticationService } from '../services/index.js';
 import { getAccountabilityForToken } from '../utils/get-accountability-for-token.js';
-import { getPermissions } from '../utils/get-permissions.js';
 import { getSchema } from '../utils/get-schema.js';
 import { WebSocketError } from './errors.js';
 import { getExpiresAtForToken } from './utils/get-expires-at-for-token.js';
@@ -33,17 +32,6 @@ export async function authenticateConnection(message) {
         throw new WebSocketError('auth', 'AUTH_FAILED', 'Authentication failed.', message['uid']);
     }
 }
-export async function refreshAccountability(accountability) {
-    accountability = accountability ?? {
-        role: null,
-        user: null,
-        admin: false,
-        app: false,
-    };
-    const schema = await getSchema();
-    const permissions = await getPermissions(accountability, schema);
-    return { ...accountability, permissions };
-}
 export function authenticationSuccess(uid, refresh_token) {
     const message = {
         type: 'auth',

package/dist/websocket/controllers/base.d.ts CHANGED Viewed

@@ -32,7 +32,7 @@ export default abstract class SocketController {
     protected getRateLimiter(): RateLimiterAbstract | null;
     private catchInvalidMessages;
     protected handleUpgrade(request: IncomingMessage, socket: internal.Duplex, head: Buffer): Promise<void>;
-    protected handleTokenUpgrade({ request, socket, head }: UpgradeContext, token: string): Promise<void>;
+    protected handleTokenUpgrade({ request, socket, head }: UpgradeContext, token: string | null): Promise<void>;
     protected handleHandshakeUpgrade({ request, socket, head }: UpgradeContext): Promise<void>;
     createClient(ws: WebSocket, { accountability, expires_at }: AuthenticationState): WebSocketClient;
     protected parseMessage(data: string): WebSocketMessage;

package/dist/websocket/controllers/base.js CHANGED Viewed

@@ -6,7 +6,7 @@ import { parse } from 'url';
 import WebSocket, { WebSocketServer } from 'ws';
 import { fromZodError } from 'zod-validation-error';
 import emitter from '../../emitter.js';
-import { useLogger } from '../../logger.js';
+import { useLogger } from '../../logger/index.js';
 import { createRateLimiter } from '../../rate-limiter.js';
 import { getAccountabilityForToken } from '../../utils/get-accountability-for-token.js';
 import { authenticateConnection, authenticationSuccess } from '../authenticate.js';
@@ -101,13 +101,14 @@ export default class SocketController {
         const cookies = request.headers.cookie ? cookie.parse(request.headers.cookie) : {};
         const context = { request, socket, head };
         const sessionCookieName = env['SESSION_COOKIE_NAME'];
-        if (cookies[sessionCookieName]) {
-            const token = cookies[sessionCookieName];
-            await this.handleTokenUpgrade(context, token);
-            return;
-        }
-        if (this.authentication.mode === 'strict') {
-            const token = query['access_token'];
+        if (this.authentication.mode === 'strict' || query['access_token'] || cookies[sessionCookieName]) {
+            let token = null;
+            if (typeof query['access_token'] === 'string') {
+                token = query['access_token'];
+            }
+            else if (typeof cookies[sessionCookieName] === 'string') {
+                token = cookies[sessionCookieName] ?? null;
+            }
             await this.handleTokenUpgrade(context, token);
             return;
         }
@@ -122,16 +123,19 @@ export default class SocketController {
         });
     }
     async handleTokenUpgrade({ request, socket, head }, token) {
-        let accountability, expires_at;
-        try {
-            accountability = await getAccountabilityForToken(token);
-            expires_at = getExpiresAtForToken(token);
-        }
-        catch {
-            accountability = null;
-            expires_at = null;
+        let accountability = null;
+        let expires_at = null;
+        if (token) {
+            try {
+                accountability = await getAccountabilityForToken(token);
+                expires_at = getExpiresAtForToken(token);
+            }
+            catch {
+                accountability = null;
+                expires_at = null;
+            }
         }
-        if (!accountability || !accountability.user) {
+        if (!token || !accountability || !accountability.user) {
             logger.debug('WebSocket upgrade denied - ' + JSON.stringify(accountability || 'invalid'));
             socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n');
             socket.destroy();

package/dist/websocket/controllers/graphql.js CHANGED Viewed

@@ -1,10 +1,10 @@
 import { useEnv } from '@directus/env';
 import { CloseCode, MessageType, makeServer } from 'graphql-ws';
-import { useLogger } from '../../logger.js';
+import { useLogger } from '../../logger/index.js';
 import { bindPubSub } from '../../services/graphql/subscription.js';
 import { GraphQLService } from '../../services/index.js';
 import { getSchema } from '../../utils/get-schema.js';
-import { authenticateConnection, refreshAccountability } from '../authenticate.js';
+import { authenticateConnection } from '../authenticate.js';
 import { handleWebSocketError } from '../errors.js';
 import { ConnectionParams, WebSocketMessage } from '../messages.js';
 import { getMessageType } from '../utils/message.js';
@@ -64,9 +64,6 @@ export class GraphQLSubscriptionController extends SocketController {
                             client.close(CloseCode.Forbidden, 'Forbidden');
                             return;
                         }
-                        else {
-                            client.accountability = await refreshAccountability(client.accountability);
-                        }
                         await cb(JSON.stringify(message));
                     }
                     catch (error) {

package/dist/websocket/controllers/hooks.js CHANGED Viewed

@@ -7,19 +7,23 @@ export function registerWebSocketEvents() {
     actionsRegistered = true;
     registerActionHooks([
         'items',
+        'access',
         'activity',
         'collections',
         'dashboards',
+        'flows',
         'folders',
         'notifications',
         'operations',
         'panels',
         'permissions',
+        'policies',
         'presets',
         'revisions',
         'roles',
         'settings',
         'shares',
+        'translations',
         'users',
         'versions',
         'webhooks',

package/dist/websocket/controllers/rest.js CHANGED Viewed

@@ -1,8 +1,7 @@
 import { useEnv } from '@directus/env';
 import { parseJSON } from '@directus/utils';
 import emitter from '../../emitter.js';
-import { useLogger } from '../../logger.js';
-import { refreshAccountability } from '../authenticate.js';
+import { useLogger } from '../../logger/index.js';
 import { WebSocketError, handleWebSocketError } from '../errors.js';
 import { WebSocketMessage } from '../messages.js';
 import SocketController from './base.js';
@@ -20,7 +19,6 @@ export class WebSocketController extends SocketController {
         client.on('parsed-message', async (message) => {
             try {
                 message = WebSocketMessage.parse(await emitter.emitFilter('websocket.message', message, { client }));
-                client.accountability = await refreshAccountability(client.accountability);
                 emitter.emitAction('websocket.message', { message, client });
             }
             catch (error) {

package/dist/websocket/errors.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import { isDirectusError } from '@directus/errors';
 import { ZodError } from 'zod';
 import { fromZodError } from 'zod-validation-error';
-import { useLogger } from '../logger.js';
+import { useLogger } from '../logger/index.js';
 export class WebSocketError extends Error {
     type;
     code;

package/dist/websocket/handlers/subscribe.js CHANGED Viewed

@@ -4,7 +4,6 @@ import { useBus } from '../../bus/index.js';
 import emitter from '../../emitter.js';
 import { getSchema } from '../../utils/get-schema.js';
 import { sanitizeQuery } from '../../utils/sanitize-query.js';
-import { refreshAccountability } from '../authenticate.js';
 import { WebSocketError, handleWebSocketError } from '../errors.js';
 import { WebSocketSubscribeMessage } from '../messages.js';
 import { getPayload } from '../utils/items.js';
@@ -112,7 +111,6 @@ export class SubscribeHandler {
                     continue;
             }
             try {
-                client.accountability = await refreshAccountability(client.accountability);
                 const result = await getPayload(subscription, client.accountability, schema, event);
                 if (Array.isArray(result?.['data']) && result?.['data']?.length === 0)
                     continue;

package/dist/websocket/utils/items.d.ts CHANGED Viewed

@@ -39,5 +39,5 @@ export declare function getFieldsPayload(subscription: PSubscription, accountabi
  * @param event Event data
  * @returns the fetched data
  */
-export declare function getItemsPayload(subscription: PSubscription, accountability: Accountability | null, schema: SchemaOverview, event?: WebSocketEvent): Promise<string | number | import("@directus/types").Item | (string | number)[] | import("@directus/types").Item[]>;
+export declare function getItemsPayload(subscription: PSubscription, accountability: Accountability | null, schema: SchemaOverview, event?: WebSocketEvent): Promise<string | number | (string | number)[] | import("@directus/types").Item | import("@directus/types").Item[]>;
 export {};