npm - @directus/api - Versions diffs - 20.1.0 → 21.0.0-rc.0 - Mend

@directus/api 20.1.0 → 21.0.0-rc.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (328) hide show

package/dist/database/run-ast/utils/merge-with-parent-items.js ADDED Viewed

@@ -0,0 +1,87 @@
+import { useEnv } from '@directus/env';
+import { toArray } from '@directus/utils';
+import { clone, isArray } from 'lodash-es';
+export function mergeWithParentItems(schema, nestedItem, parentItem, nestedNode, fieldAllowed) {
+    const env = useEnv();
+    const nestedItems = toArray(nestedItem);
+    const parentItems = clone(toArray(parentItem));
+    if (nestedNode.type === 'm2o') {
+        for (const parentItem of parentItems) {
+            const itemChild = nestedItems.find((nestedItem) => {
+                return (nestedItem[schema.collections[nestedNode.relation.related_collection].primary] ==
+                    parentItem[nestedNode.relation.field]);
+            });
+            parentItem[nestedNode.fieldKey] = itemChild || null;
+        }
+    }
+    else if (nestedNode.type === 'o2m') {
+        for (const [index, parentItem] of parentItems.entries()) {
+            if (fieldAllowed === false || (isArray(fieldAllowed) && !fieldAllowed[index])) {
+                parentItem[nestedNode.fieldKey] = null;
+                continue;
+            }
+            if (!parentItem[nestedNode.fieldKey])
+                parentItem[nestedNode.fieldKey] = [];
+            const itemChildren = nestedItems.filter((nestedItem) => {
+                if (nestedItem === null)
+                    return false;
+                if (Array.isArray(nestedItem[nestedNode.relation.field]))
+                    return true;
+                return (nestedItem[nestedNode.relation.field] ==
+                    parentItem[schema.collections[nestedNode.relation.related_collection].primary] ||
+                    nestedItem[nestedNode.relation.field]?.[schema.collections[nestedNode.relation.related_collection].primary] == parentItem[schema.collections[nestedNode.relation.related_collection].primary]);
+            });
+            parentItem[nestedNode.fieldKey].push(...itemChildren);
+            const limit = nestedNode.query.limit ?? Number(env['QUERY_LIMIT_DEFAULT']);
+            if (nestedNode.query.page && nestedNode.query.page > 1) {
+                parentItem[nestedNode.fieldKey] = parentItem[nestedNode.fieldKey].slice(limit * (nestedNode.query.page - 1));
+            }
+            if (nestedNode.query.offset && nestedNode.query.offset >= 0) {
+                parentItem[nestedNode.fieldKey] = parentItem[nestedNode.fieldKey].slice(nestedNode.query.offset);
+            }
+            if (limit !== -1) {
+                parentItem[nestedNode.fieldKey] = parentItem[nestedNode.fieldKey].slice(0, limit);
+            }
+            parentItem[nestedNode.fieldKey] = parentItem[nestedNode.fieldKey].sort((a, b) => {
+                // This is pre-filled in get-ast-from-query
+                const sortField = nestedNode.query.sort[0];
+                let column = sortField;
+                let order = 'asc';
+                if (sortField.startsWith('-')) {
+                    column = sortField.substring(1);
+                    order = 'desc';
+                }
+                if (a[column] === b[column])
+                    return 0;
+                if (a[column] === null)
+                    return 1;
+                if (b[column] === null)
+                    return -1;
+                if (order === 'asc') {
+                    return a[column] < b[column] ? -1 : 1;
+                }
+                else {
+                    return a[column] < b[column] ? 1 : -1;
+                }
+            });
+        }
+    }
+    else if (nestedNode.type === 'a2o') {
+        for (const parentItem of parentItems) {
+            if (!nestedNode.relation.meta?.one_collection_field) {
+                parentItem[nestedNode.fieldKey] = null;
+                continue;
+            }
+            const relatedCollection = parentItem[nestedNode.relation.meta.one_collection_field];
+            if (!nestedItem[relatedCollection]) {
+                parentItem[nestedNode.fieldKey] = null;
+                continue;
+            }
+            const itemChild = nestedItem[relatedCollection].find((nestedItem) => {
+                return nestedItem[nestedNode.relatedKey[relatedCollection]] == parentItem[nestedNode.fieldKey];
+            });
+            parentItem[nestedNode.fieldKey] = itemChild || null;
+        }
+    }
+    return Array.isArray(parentItem) ? parentItems : parentItems[0];
+}

package/dist/database/run-ast/utils/remove-temporary-fields.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { Item, SchemaOverview } from '@directus/types';
+import type { AST, NestedCollectionNode } from '../../../types/ast.js';
+export declare function removeTemporaryFields(schema: SchemaOverview, rawItem: Item | Item[], ast: AST | NestedCollectionNode, primaryKeyField: string, parentItem?: Item): null | Item | Item[];

package/dist/database/run-ast/utils/remove-temporary-fields.js ADDED Viewed

@@ -0,0 +1,73 @@
+import { toArray } from '@directus/utils';
+import { cloneDeep, pick } from 'lodash-es';
+import { applyFunctionToColumnName } from '../../../utils/apply-function-to-column-name.js';
+export function removeTemporaryFields(schema, rawItem, ast, primaryKeyField, parentItem) {
+    const rawItems = cloneDeep(toArray(rawItem));
+    const items = [];
+    if (ast.type === 'a2o') {
+        const fields = {};
+        const nestedCollectionNodes = {};
+        for (const relatedCollection of ast.names) {
+            if (!fields[relatedCollection])
+                fields[relatedCollection] = [];
+            if (!nestedCollectionNodes[relatedCollection])
+                nestedCollectionNodes[relatedCollection] = [];
+            for (const child of ast.children[relatedCollection]) {
+                if (child.type === 'field' || child.type === 'functionField') {
+                    fields[relatedCollection].push(child.name);
+                }
+                else {
+                    fields[relatedCollection].push(child.fieldKey);
+                    nestedCollectionNodes[relatedCollection].push(child);
+                }
+            }
+        }
+        for (const rawItem of rawItems) {
+            const relatedCollection = parentItem?.[ast.relation.meta.one_collection_field];
+            if (rawItem === null || rawItem === undefined)
+                return rawItem;
+            let item = rawItem;
+            for (const nestedNode of nestedCollectionNodes[relatedCollection]) {
+                item[nestedNode.fieldKey] = removeTemporaryFields(schema, item[nestedNode.fieldKey], nestedNode, schema.collections[nestedNode.relation.collection].primary, item);
+            }
+            const fieldsWithFunctionsApplied = fields[relatedCollection].map((field) => applyFunctionToColumnName(field));
+            item =
+                fields[relatedCollection].length > 0 ? pick(rawItem, fieldsWithFunctionsApplied) : rawItem[primaryKeyField];
+            items.push(item);
+        }
+    }
+    else {
+        const fields = [];
+        const nestedCollectionNodes = [];
+        for (const child of ast.children) {
+            fields.push(child.fieldKey);
+            if (child.type !== 'field' && child.type !== 'functionField') {
+                nestedCollectionNodes.push(child);
+            }
+        }
+        // Make sure any requested aggregate fields are included
+        if (ast.query?.aggregate) {
+            for (const [operation, aggregateFields] of Object.entries(ast.query.aggregate)) {
+                if (!fields)
+                    continue;
+                if (operation === 'count' && aggregateFields.includes('*'))
+                    fields.push('count');
+                fields.push(...aggregateFields.map((field) => `${operation}.${field}`));
+            }
+        }
+        for (const rawItem of rawItems) {
+            if (rawItem === null || rawItem === undefined)
+                return rawItem;
+            let item = rawItem;
+            for (const nestedNode of nestedCollectionNodes) {
+                item[nestedNode.fieldKey] = removeTemporaryFields(schema, item[nestedNode.fieldKey], nestedNode, nestedNode.type === 'm2o'
+                    ? schema.collections[nestedNode.relation.related_collection].primary
+                    : schema.collections[nestedNode.relation.collection].primary, item);
+            }
+            const fieldsWithFunctionsApplied = fields.map((field) => applyFunctionToColumnName(field));
+            item = fields.length > 0 ? pick(rawItem, fieldsWithFunctionsApplied) : rawItem[primaryKeyField];
+            items.push(item);
+        }
+    }
+    return Array.isArray(rawItem) ? items : items[0];
+}

package/dist/emitter.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import ee2 from 'eventemitter2';
 import getDatabase from './database/index.js';
-import { useLogger } from './logger.js';
+import { useLogger } from './logger/index.js';
 export class Emitter {
     filterEmitter;
     actionEmitter;

package/dist/extensions/lib/get-shared-deps-mapping.js CHANGED Viewed

@@ -5,7 +5,7 @@ import { readdir } from 'node:fs/promises';
 import { dirname } from 'node:path';
 import { fileURLToPath } from 'node:url';
 import path from 'path';
-import { useLogger } from '../../logger.js';
+import { useLogger } from '../../logger/index.js';
 import { Url } from '../../utils/url.js';
 const __dirname = dirname(fileURLToPath(import.meta.url));
 export const getSharedDepsMapping = async (deps) => {

package/dist/extensions/lib/installation/manager.js CHANGED Viewed

@@ -9,7 +9,7 @@ import { Readable } from 'node:stream';
 import Queue from 'p-queue';
 import { join } from 'path';
 import { extract } from 'tar';
-import { useLogger } from '../../../logger.js';
+import { useLogger } from '../../../logger/index.js';
 import { getStorage } from '../../../storage/index.js';
 import { getExtensionsPath } from '../get-extensions-path.js';
 const env = useEnv();

package/dist/extensions/lib/sandbox/register/call-reference.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import { useEnv } from '@directus/env';
-import { useLogger } from '../../../../logger.js';
+import { useLogger } from '../../../../logger/index.js';
 export async function callReference(fn, args) {
     const env = useEnv();
     const logger = useLogger();

package/dist/extensions/lib/sandbox/sdk/generators/log.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { useLogger } from '../../../../../logger.js';
+import { useLogger } from '../../../../../logger/index.js';
 export function logGenerator(requestedScopes) {
     const logger = useLogger();
     return (message) => {

package/dist/extensions/lib/sync-extensions.js CHANGED Viewed

@@ -8,7 +8,7 @@ import { pipeline } from 'node:stream/promises';
 import Queue from 'p-queue';
 import { useBus } from '../../bus/index.js';
 import { useLock } from '../../lock/index.js';
-import { useLogger } from '../../logger.js';
+import { useLogger } from '../../logger/index.js';
 import { getStorage } from '../../storage/index.js';
 import { getExtensionsPath } from './get-extensions-path.js';
 import { SyncStatus, getSyncStatus, setSyncStatus } from './sync-status.js';

package/dist/extensions/manager.js CHANGED Viewed

@@ -20,7 +20,7 @@ import { useBus } from '../bus/index.js';
 import getDatabase from '../database/index.js';
 import emitter, { Emitter } from '../emitter.js';
 import { getFlowManager } from '../flows.js';
-import { useLogger } from '../logger.js';
+import { useLogger } from '../logger/index.js';
 import * as services from '../services/index.js';
 import { deleteFromRequireCache } from '../utils/delete-from-require-cache.js';
 import getModuleDefault from '../utils/get-module-default.js';

package/dist/flows.js CHANGED Viewed

@@ -1,13 +1,14 @@
 import { Action } from '@directus/constants';
 import { useEnv } from '@directus/env';
 import { ForbiddenError } from '@directus/errors';
+import { isSystemCollection } from '@directus/system-data';
 import { applyOptionsData, getRedactedString, isValidJSON, parseJSON, toArray } from '@directus/utils';
-import { omit, pick } from 'lodash-es';
+import { pick } from 'lodash-es';
 import { get } from 'micromustache';
 import { useBus } from './bus/index.js';
 import getDatabase from './database/index.js';
 import emitter from './emitter.js';
-import { useLogger } from './logger.js';
+import { useLogger } from './logger/index.js';
 import { ActivityService } from './services/activity.js';
 import { FlowsService } from './services/flows.js';
 import * as services from './services/index.js';
@@ -18,7 +19,6 @@ import { JobQueue } from './utils/job-queue.js';
 import { mapValuesDeep } from './utils/map-values-deep.js';
 import { redactObject } from './utils/redact-object.js';
 import { scheduleSynchronizedJob, validateCron } from './utils/schedule.js';
-import { isSystemCollection } from '@directus/system-data';
 let flowManager;
 export function getFlowManager() {
     if (flowManager) {
@@ -284,8 +284,7 @@ class FlowManager {
                     item: flow.id,
                     data: {
                         steps: steps.map((step) => redactObject(step, { values: this.envs }, getRedactedString)),
-                        data: redactObject(omit(keyedData, '$accountability.permissions'), // Permissions is a ton of data, and is just a copy of what's in the directus_permissions table
-                        {
+                        data: redactObject(keyedData, {
                             keys: [
                                 ['**', 'headers', 'authorization'],
                                 ['**', 'headers', 'cookie'],

package/dist/{logger.js → logger/index.js} RENAMED Viewed

@@ -4,7 +4,8 @@ import { merge } from 'lodash-es';
 import { URL } from 'node:url';
 import { pino } from 'pino';
 import { pinoHttp, stdSerializers } from 'pino-http';
-import { getConfigFromEnv } from './utils/get-config-from-env.js';
+import { getConfigFromEnv } from '../utils/get-config-from-env.js';
+import { redactQuery } from './redact-query.js';
 export const _cache = { logger: undefined };
 export const useLogger = () => {
     if (_cache.logger) {
@@ -131,10 +132,3 @@ export const createExpressLogger = () => {
         },
     });
 };
-function redactQuery(originalPath) {
-    const url = new URL(originalPath, 'http://example.com/');
-    if (url.searchParams.has('access_token')) {
-        url.searchParams.set('access_token', REDACTED_TEXT);
-    }
-    return url.pathname + url.search;
-}

package/dist/logger/redact-query.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export declare function redactQuery(originalPath: string): string;

package/dist/logger/redact-query.js ADDED Viewed

@@ -0,0 +1,13 @@
+import { REDACTED_TEXT } from '@directus/utils';
+export function redactQuery(originalPath) {
+    try {
+        const url = new URL(originalPath, 'http://example.com/');
+        if (url.searchParams.has('access_token')) {
+            url.searchParams.set('access_token', REDACTED_TEXT);
+        }
+        return url.pathname + url.search;
+    }
+    catch {
+        return originalPath;
+    }
+}

package/dist/mailer.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { useEnv } from '@directus/env';
 import nodemailer from 'nodemailer';
-import { useLogger } from './logger.js';
+import { useLogger } from './logger/index.js';
 import { getConfigFromEnv } from './utils/get-config-from-env.js';
 import { createRequire } from 'node:module';
 const require = createRequire(import.meta.url);

package/dist/middleware/authenticate.js CHANGED Viewed

@@ -1,6 +1,7 @@
 import { isEqual } from 'lodash-es';
 import getDatabase from '../database/index.js';
 import emitter from '../emitter.js';
+import { createDefaultAccountability } from '../permissions/utils/create-default-accountability.js';
 import asyncHandler from '../utils/async-handler.js';
 import { getAccountabilityForToken } from '../utils/get-accountability-for-token.js';
 import { getIPFromReq } from '../utils/get-ip-from-req.js';
@@ -12,13 +13,7 @@ import { SESSION_COOKIE_OPTIONS } from '../constants.js';
  */
 export const handler = async (req, res, next) => {
     const env = useEnv();
-    const defaultAccountability = {
-        user: null,
-        role: null,
-        admin: false,
-        app: false,
-        ip: getIPFromReq(req),
-    };
+    const defaultAccountability = createDefaultAccountability({ ip: getIPFromReq(req) });
     const userAgent = req.get('user-agent')?.substring(0, 1024);
     if (userAgent)
         defaultAccountability.userAgent = userAgent;

package/dist/middleware/cache.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { useEnv } from '@directus/env';
 import { getCache, getCacheValue } from '../cache.js';
-import { useLogger } from '../logger.js';
+import { useLogger } from '../logger/index.js';
 import asyncHandler from '../utils/async-handler.js';
 import { getCacheControlHeader } from '../utils/get-cache-headers.js';
 import { getCacheKey } from '../utils/get-cache-key.js';
@@ -20,7 +20,7 @@ const checkCacheMiddleware = asyncHandler(async (req, res, next) => {
             res.setHeader(`${env['CACHE_STATUS_HEADER']}`, 'MISS');
         return next();
     }
-    const key = getCacheKey(req);
+    const key = await getCacheKey(req);
     let cachedData;
     try {
         cachedData = await getCacheValue(cache, key);

package/dist/middleware/error-handler.js CHANGED Viewed

@@ -3,7 +3,7 @@ import { isObject, toArray } from '@directus/utils';
 import { getNodeEnv } from '@directus/utils/node';
 import getDatabase from '../database/index.js';
 import emitter from '../emitter.js';
-import { useLogger } from '../logger.js';
+import { useLogger } from '../logger/index.js';
 // Note: keep all 4 parameters here. That's how Express recognizes it's the error handler, even if
 // we don't use next
 const errorHandler = (err, req, res, _next) => {

package/dist/middleware/rate-limiter-global.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { useEnv } from '@directus/env';
 import { HitRateLimitError } from '@directus/errors';
-import { useLogger } from '../logger.js';
+import { useLogger } from '../logger/index.js';
 import { createRateLimiter } from '../rate-limiter.js';
 import asyncHandler from '../utils/async-handler.js';
 import { validateEnv } from '../utils/validate-env.js';

package/dist/middleware/respond.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import { useEnv } from '@directus/env';
 import { parse as parseBytesConfiguration } from 'bytes';
 import { getCache, setCacheValue } from '../cache.js';
-import { useLogger } from '../logger.js';
+import { useLogger } from '../logger/index.js';
 import { ExportService } from '../services/import-export.js';
 import asyncHandler from '../utils/async-handler.js';
 import { getCacheControlHeader } from '../utils/get-cache-headers.js';
@@ -25,7 +25,7 @@ export const respond = asyncHandler(async (req, res) => {
         !req.sanitizedQuery.export &&
         res.locals['cache'] !== false &&
         exceedsMaxSize === false) {
-        const key = getCacheKey(req);
+        const key = await getCacheKey(req);
         try {
             await setCacheValue(cache, key, res.locals['payload'], getMilliseconds(env['CACHE_TTL']));
             await setCacheValue(cache, `${key}__expires_at`, { exp: Date.now() + getMilliseconds(env['CACHE_TTL'], 0) });

package/dist/operations/log/index.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { defineOperationApi } from '@directus/extensions';
 import { optionToString } from '@directus/utils';
-import { useLogger } from '../../logger.js';
+import { useLogger } from '../../logger/index.js';
 export default defineOperationApi({
     id: 'log',
     handler: ({ message }) => {

package/dist/operations/mail/index.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import { defineOperationApi } from '@directus/extensions';
 import { MailService } from '../../services/mail/index.js';
 import { md } from '../../utils/md.js';
-import { useLogger } from '../../logger.js';
+import { useLogger } from '../../logger/index.js';
 const logger = useLogger();
 export default defineOperationApi({
     id: 'mail',

package/dist/permissions/cache.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export declare const useCache: () => import("@directus/memory").Cache;
2	+ export declare function clearCache(): Promise<void>;

package/dist/permissions/cache.js ADDED Viewed

@@ -0,0 +1,23 @@
+import { defineCache } from '@directus/memory';
+import { redisConfigAvailable, useRedis } from '../redis/index.js';
+const localOnly = redisConfigAvailable() === false;
+const config = localOnly
+    ? {
+        type: 'local',
+        maxKeys: 500,
+    }
+    : {
+        type: 'multi',
+        redis: {
+            namespace: 'permissions',
+            redis: useRedis(),
+        },
+        local: {
+            maxKeys: 100,
+        },
+    };
+export const useCache = defineCache(config);
+export function clearCache() {
+    const cache = useCache();
+    return cache.clear();
+}

package/dist/permissions/lib/fetch-permissions.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import type { Accountability, Permission, PermissionsAction } from '@directus/types';
+import type { Context } from '../types.js';
+export declare const fetchPermissions: typeof _fetchPermissions;
+export interface FetchPermissionsOptions {
+    action?: PermissionsAction;
+    policies: string[];
+    collections?: string[];
+    accountability?: Pick<Accountability, 'user' | 'role' | 'roles' | 'app'>;
+}
+export declare function _fetchPermissions(options: FetchPermissionsOptions, context: Context): Promise<Permission[]>;

package/dist/permissions/lib/fetch-permissions.js ADDED Viewed

@@ -0,0 +1,55 @@
+import { pick, sortBy } from 'lodash-es';
+import { fetchDynamicVariableContext } from '../utils/fetch-dynamic-variable-context.js';
+import { processPermissions } from '../utils/process-permissions.js';
+import { withCache } from '../utils/with-cache.js';
+import { withAppMinimalPermissions } from './with-app-minimal-permissions.js';
+export const fetchPermissions = withCache('permissions', _fetchPermissions, ({ action, policies, collections, accountability }) => ({
+    policies, // we assume that policies always come from the same source, so they should be in the same order
+    ...(action && { action }),
+    ...(collections && { collections: sortBy(collections) }),
+    ...(accountability && { accountability: pick(accountability, ['user', 'role', 'roles', 'app']) }),
+}));
+export async function _fetchPermissions(options, context) {
+    const { PermissionsService } = await import('../../services/permissions.js');
+    const permissionsService = new PermissionsService(context);
+    const filter = {
+        _and: [{ policy: { _in: options.policies } }],
+    };
+    if (options.action) {
+        filter._and.push({ action: { _eq: options.action } });
+    }
+    if (options.collections) {
+        filter._and.push({ collection: { _in: options.collections } });
+    }
+    let permissions = (await permissionsService.readByQuery({
+        filter,
+        limit: -1,
+    }));
+    // Sort permissions by their order in the policies array
+    // This ensures that if a sorted array of policies is passed in the permissions are returned in the same order
+    // which is necessary for correctly applying the presets in order
+    permissions = sortBy(permissions, (permission) => options.policies.indexOf(permission.policy));
+    if (options.accountability) {
+        // Add app minimal permissions for the request accountability, if applicable.
+        // Normally this is done in the permissions service readByQuery, but it also needs to do it here
+        // since the permissions service is created without accountability.
+        // We call it without the policies filter, since the static minimal app permissions don't have a policy attached.
+        const permissionsWithAppPermissions = withAppMinimalPermissions(options.accountability ?? null, permissions, {
+            _and: filter._and.slice(1),
+        });
+        const permissionsContext = await fetchDynamicVariableContext({
+            accountability: options.accountability,
+            policies: options.policies,
+            permissions: permissionsWithAppPermissions,
+        }, context);
+        // Replace dynamic variables with their actual values
+        const processedPermissions = processPermissions({
+            permissions: permissionsWithAppPermissions,
+            accountability: options.accountability,
+            permissionsContext,
+        });
+        // TODO merge in permissions coming from the share scope
+        return processedPermissions;
+    }
+    return permissions;
+}

package/dist/permissions/lib/fetch-policies.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { Accountability } from '@directus/types';
+import type { Context } from '../types.js';
+export declare const fetchPolicies: typeof _fetchPolicies;
+/**
+ * Fetch the policies associated with the current user accountability
+ */
+export declare function _fetchPolicies({ roles, user, ip }: Pick<Accountability, 'user' | 'roles' | 'ip'>, context: Context): Promise<string[]>;

package/dist/permissions/lib/fetch-policies.js ADDED Viewed

@@ -0,0 +1,28 @@
+import { filterPoliciesByIp } from '../utils/filter-policies-by-ip.js';
+import { withCache } from '../utils/with-cache.js';
+export const fetchPolicies = withCache('policies', _fetchPolicies, ({ roles, user, ip }) => ({ roles, user, ip }));
+/**
+ * Fetch the policies associated with the current user accountability
+ */
+export async function _fetchPolicies({ roles, user, ip }, context) {
+    const { AccessService } = await import('../../services/access.js');
+    const accessService = new AccessService(context);
+    let roleFilter;
+    if (roles.length === 0) {
+        // Users without role assumes the Public role permissions along with their attached policies
+        roleFilter = { _and: [{ role: { _null: true } }, { user: { _null: true } }] };
+    }
+    else {
+        roleFilter = { role: { _in: roles } };
+    }
+    // If the user is not null, we also want to include the policies attached to the user
+    const filter = user ? { _or: [{ user: { _eq: user } }, roleFilter] } : roleFilter;
+    const accessRows = (await accessService.readByQuery({
+        filter,
+        fields: ['policy.id', 'policy.ip_access'],
+        limit: -1,
+    }));
+    const filteredAccessRows = filterPoliciesByIp(accessRows, ip);
+    const ids = filteredAccessRows.map(({ policy }) => policy.id);
+    return ids;
+}

package/dist/permissions/lib/fetch-roles-tree.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { Knex } from 'knex';
+export declare const fetchRolesTree: typeof _fetchRolesTree;
+export declare function _fetchRolesTree(start: string | null, knex: Knex): Promise<string[]>;

package/dist/permissions/lib/fetch-roles-tree.js ADDED Viewed

@@ -0,0 +1,28 @@
+import { withCache } from '../utils/with-cache.js';
+export const fetchRolesTree = withCache('roles-tree', _fetchRolesTree);
+export async function _fetchRolesTree(start, knex) {
+    if (!start)
+        return [];
+    let parent = start;
+    const roles = [];
+    while (parent) {
+        const role = await knex
+            .select('id', 'parent')
+            .from('directus_roles')
+            .where({ id: parent })
+            .first();
+        if (!role) {
+            break;
+        }
+        roles.push(role.id);
+        // Prevent infinite recursion loops
+        if (role.parent && roles.includes(role.parent) === true) {
+            roles.reverse();
+            const rolesStr = roles.map((role) => `"${role}"`).join('->');
+            throw new Error(`Recursion encountered: role "${role.id}" already exists in tree path ${rolesStr}`);
+        }
+        parent = role.parent;
+    }
+    roles.reverse();
+    return roles;
+}

package/dist/{services/permissions → permissions}/lib/with-app-minimal-permissions.d.ts RENAMED Viewed

@@ -1,2 +1,2 @@
 import type { Accountability, Permission, Query } from '@directus/types';
-export declare function withAppMinimalPermissions(accountability: Accountability | null, permissions: Permission[], filter: Query['filter']): Permission[];
+export declare function withAppMinimalPermissions(accountability: Pick<Accountability, 'app'> | null, permissions: Permission[], filter: Query['filter']): Permission[];

package/dist/permissions/lib/with-app-minimal-permissions.js ADDED Viewed

@@ -0,0 +1,10 @@
+import { appAccessMinimalPermissions } from '@directus/system-data';
+import { cloneDeep } from 'lodash-es';
+import { filterItems } from '../../utils/filter-items.js';
+export function withAppMinimalPermissions(accountability, permissions, filter) {
+    if (accountability?.app === true) {
+        const filteredAppMinimalPermissions = cloneDeep(filterItems(appAccessMinimalPermissions, filter));
+        return [...permissions, ...filteredAppMinimalPermissions];
+    }
+    return permissions;
+}

package/dist/permissions/modules/fetch-accountability-collection-access/fetch-accountability-collection-access.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { Accountability, CollectionAccess } from '@directus/types';
+import type { Context } from '../../types.js';
+/**
+ * Get all permissions + minimal app permissions (if applicable) for the user + role in the current accountability.
+ * The permissions will be filtered by IP access.
+ */
+export declare function fetchAccountabilityCollectionAccess(accountability: Pick<Accountability, 'user' | 'roles' | 'role' | 'ip' | 'admin' | 'app'>, context: Context): Promise<CollectionAccess>;