npm - @directus/api - Versions diffs - 21.0.0-rc.0 → 21.0.0 - Mend

@directus/api 21.0.0-rc.0 → 21.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (285) hide show

package/dist/services/specifications.js CHANGED Viewed

@@ -1,17 +1,14 @@
 import { useEnv } from '@directus/env';
 import formatTitle from '@directus/format-title';
 import { spec } from '@directus/specs';
-import { isSystemCollection } from '@directus/system-data';
 import { version } from 'directus/version';
 import { cloneDeep, mergeWith } from 'lodash-es';
 import { OAS_REQUIRED_SCHEMAS } from '../constants.js';
 import getDatabase from '../database/index.js';
-import { fetchPermissions } from '../permissions/lib/fetch-permissions.js';
-import { fetchPolicies } from '../permissions/lib/fetch-policies.js';
-import { fetchAllowedFieldMap } from '../permissions/modules/fetch-allowed-field-map/fetch-allowed-field-map.js';
 import { getRelationType } from '../utils/get-relation-type.js';
 import { reduceSchema } from '../utils/reduce-schema.js';
 import { GraphQLService } from './graphql/index.js';
+import { isSystemCollection } from '@directus/system-data';
 const env = useEnv();
 export class SpecificationService {
     accountability;
@@ -19,38 +16,29 @@ export class SpecificationService {
     schema;
     oas;
     graphql;
-    constructor(options) {
-        this.accountability = options.accountability || null;
-        this.knex = options.knex || getDatabase();
-        this.schema = options.schema;
-        this.oas = new OASSpecsService(options);
-        this.graphql = new GraphQLSpecsService(options);
+    constructor({ accountability, knex, schema }) {
+        this.accountability = accountability || null;
+        this.knex = knex || getDatabase();
+        this.schema = schema;
+        this.oas = new OASSpecsService({ knex, schema, accountability });
+        this.graphql = new GraphQLSpecsService({ knex, schema, accountability });
     }
 }
 class OASSpecsService {
     accountability;
     knex;
     schema;
-    constructor(options) {
-        this.accountability = options.accountability || null;
-        this.knex = options.knex || getDatabase();
-        this.schema = options.schema;
+    constructor({ knex, schema, accountability }) {
+        this.accountability = accountability || null;
+        this.knex = knex || getDatabase();
+        this.schema =
+            this.accountability?.admin === true ? schema : reduceSchema(schema, accountability?.permissions || null);
     }
     async generate(host) {
-        let schema = this.schema;
-        let permissions = [];
-        if (this.accountability && this.accountability.admin !== true) {
-            const allowedFields = await fetchAllowedFieldMap({
-                accountability: this.accountability,
-                action: 'read',
-            }, { schema, knex: this.knex });
-            schema = reduceSchema(schema, allowedFields);
-            const policies = await fetchPolicies(this.accountability, { schema, knex: this.knex });
-            permissions = await fetchPermissions({ action: 'read', policies, accountability: this.accountability }, { schema, knex: this.knex });
-        }
-        const tags = await this.generateTags(schema);
+        const permissions = this.accountability?.permissions ?? [];
+        const tags = await this.generateTags();
         const paths = await this.generatePaths(permissions, tags);
-        const components = await this.generateComponents(schema, tags);
+        const components = await this.generateComponents(tags);
         const isDefaultPublicUrl = env['PUBLIC_URL'] === '/';
         const url = isDefaultPublicUrl && host ? host : env['PUBLIC_URL'];
         const spec = {
@@ -74,9 +62,9 @@ class OASSpecsService {
             spec.components = components;
         return spec;
     }
-    async generateTags(schema) {
+    async generateTags() {
         const systemTags = cloneDeep(spec.tags);
-        const collections = Object.values(schema.collections);
+        const collections = Object.values(this.schema.collections);
         const tags = [];
         for (const systemTag of systemTags) {
             // Check if necessary authentication level is given
@@ -258,7 +246,7 @@ class OASSpecsService {
         }
         return paths;
     }
-    async generateComponents(schema, tags) {
+    async generateComponents(tags) {
         if (!tags)
             return;
         let components = cloneDeep(spec.components);
@@ -276,7 +264,7 @@ class OASSpecsService {
                 };
             }
         }
-        const collections = Object.values(schema.collections);
+        const collections = Object.values(this.schema.collections);
         for (const collection of collections) {
             const tag = tags.find((tag) => tag['x-collection'] === collection.collection);
             if (!tag)
@@ -289,7 +277,7 @@ class OASSpecsService {
                 schemaComponent['x-collection'] = collection.collection;
                 for (const field of fieldsInCollection) {
                     schemaComponent.properties[field.field] =
-                        cloneDeep(spec.components.schemas[tag.name].properties[field.field]) || this.generateField(schema, collection.collection, field, tags);
+                        cloneDeep(spec.components.schemas[tag.name].properties[field.field]) || this.generateField(collection.collection, field, tags);
                 }
                 components.schemas[tag.name] = schemaComponent;
             }
@@ -300,7 +288,7 @@ class OASSpecsService {
                     'x-collection': collection.collection,
                 };
                 for (const field of fieldsInCollection) {
-                    schemaComponent.properties[field.field] = this.generateField(schema, collection.collection, field, tags);
+                    schemaComponent.properties[field.field] = this.generateField(collection.collection, field, tags);
                 }
                 components.schemas[tag.name] = schemaComponent;
             }
@@ -323,13 +311,13 @@ class OASSpecsService {
                 return 'read';
         }
     }
-    generateField(schema, collection, field, tags) {
+    generateField(collection, field, tags) {
         let propertyObject = {};
         propertyObject.nullable = field.nullable;
         if (field.note) {
             propertyObject.description = field.note;
         }
-        const relation = schema.relations.find((relation) => (relation.collection === collection && relation.field === field.field) ||
+        const relation = this.schema.relations.find((relation) => (relation.collection === collection && relation.field === field.field) ||
             (relation.related_collection === collection && relation.meta?.one_field === field.field));
         if (!relation) {
             propertyObject = {
@@ -347,10 +335,10 @@ class OASSpecsService {
                 const relatedTag = tags.find((tag) => tag['x-collection'] === relation.related_collection);
                 if (!relatedTag ||
                     !relation.related_collection ||
-                    relation.related_collection in schema.collections === false) {
+                    relation.related_collection in this.schema.collections === false) {
                     return propertyObject;
                 }
-                const relatedCollection = schema.collections[relation.related_collection];
+                const relatedCollection = this.schema.collections[relation.related_collection];
                 const relatedPrimaryKeyField = relatedCollection.fields[relatedCollection.primary];
                 propertyObject.oneOf = [
                     {
@@ -363,10 +351,10 @@ class OASSpecsService {
             }
             else if (relationType === 'o2m') {
                 const relatedTag = tags.find((tag) => tag['x-collection'] === relation.collection);
-                if (!relatedTag || !relation.related_collection || relation.collection in schema.collections === false) {
+                if (!relatedTag || !relation.related_collection || relation.collection in this.schema.collections === false) {
                     return propertyObject;
                 }
-                const relatedCollection = schema.collections[relation.collection];
+                const relatedCollection = this.schema.collections[relation.collection];
                 const relatedPrimaryKeyField = relatedCollection.fields[relatedCollection.primary];
                 if (!relatedTag || !relatedPrimaryKeyField)
                     return propertyObject;

package/dist/services/tus/data-store.js CHANGED Viewed

@@ -79,16 +79,15 @@ export class TusDataStore extends DataStore {
         }
         // If this is a new file upload, we need to generate a new primary key and DB record
         const primaryKey = await itemsService.createOne(fileData, { emitEvents: false });
+        // Set the file id, so it is available to be sent as a header on upload creation / resume
+        if (!upload.metadata['id']) {
+            upload.metadata['id'] = primaryKey;
+        }
         const fileExtension = extname(upload.metadata['filename_download']) ||
             (upload.metadata['type'] && '.' + extension(upload.metadata['type'])) ||
             '';
         // The filename_disk is the FINAL filename on disk
         fileData.filename_disk ||= primaryKey + (fileExtension || '');
-        // Temp filename is used for replacements
-        // const tempFilenameDisk = fileData.tus_id! + (fileExtension || '');
-        // if (isReplacement) {
-        // 	upload.metadata['temp_file'] = tempFilenameDisk;
-        // }
         try {
             // If this is a replacement, we'll write the file to a temp location first to ensure we don't overwrite the existing file if something goes wrong
             upload = (await this.storageDriver.createChunkedUpload(fileData.filename_disk, upload));

package/dist/services/tus/server.d.ts CHANGED Viewed

@@ -4,5 +4,5 @@ type Context = {
     schema: SchemaOverview;
     accountability?: Accountability | undefined;
 };
-export declare function createTusServer(context: Context): Promise<Server>;
+export declare function createTusServer(context: Context): Promise<[Server, () => void]>;
 export {};

package/dist/services/tus/server.js CHANGED Viewed

@@ -6,7 +6,7 @@
 import { useEnv } from '@directus/env';
 import { supportsTus } from '@directus/storage';
 import { toArray } from '@directus/utils';
-import { Server } from '@tus/server';
+import { Server, EVENTS } from '@tus/server';
 import { RESUMABLE_UPLOADS } from '../../constants.js';
 import { getStorage } from '../../storage/index.js';
 import { extractMetadata } from '../files/lib/extract-metadata.js';
@@ -33,7 +33,7 @@ async function createTusStore(context) {
 export async function createTusServer(context) {
     const env = useEnv();
     const store = await createTusStore(context);
-    return new Server({
+    const server = new Server({
         path: '/files/tus',
         datastore: store,
         locker: getTusLocker(),
@@ -77,4 +77,11 @@ export async function createTusServer(context) {
         },
         relativeLocation: String(env['PUBLIC_URL']).startsWith('http'),
     });
+    server.on(EVENTS.POST_CREATE, async (_req, res, upload) => {
+        res.setHeader('Directus-File-Id', upload.metadata['id']);
+    });
+    return [server, cleanup];
+    function cleanup() {
+        server.removeAllListeners();
+    }
 }

package/dist/services/users.d.ts CHANGED Viewed

@@ -13,6 +13,11 @@ export declare class UsersService extends ItemsService {
      * directus_settings.auth_password_policy
      */
     private checkPasswordPolicy;
+    private checkRemainingAdminExistence;
+    /**
+     * Make sure there's at least one active admin user when updating user status
+     */
+    private checkRemainingActiveAdmin;
     /**
      * Get basic information of user identified by email
      */
@@ -47,5 +52,4 @@ export declare class UsersService extends ItemsService {
     verifyRegistration(token: string): Promise<string>;
     requestPasswordReset(email: string, url: string | null, subject?: string | null): Promise<void>;
     resetPassword(token: string, password: string): Promise<void>;
-    private clearCaches;
 }

package/dist/services/users.js CHANGED Viewed

@@ -1,22 +1,23 @@
 import { useEnv } from '@directus/env';
-import { ForbiddenError, InvalidPayloadError, RecordNotUniqueError } from '@directus/errors';
-import { getSimpleHash, toArray, validatePayload } from '@directus/utils';
+import { ForbiddenError, InvalidPayloadError, RecordNotUniqueError, UnprocessableContentError } from '@directus/errors';
+import { getSimpleHash, toArray, toBoolean, validatePayload } from '@directus/utils';
 import { FailedValidationError, joiValidationErrorItemToErrorExtensions } from '@directus/validation';
 import Joi from 'joi';
 import jwt from 'jsonwebtoken';
-import { isEmpty } from 'lodash-es';
+import { isEmpty, mergeWith } from 'lodash-es';
 import { performance } from 'perf_hooks';
-import { clearSystemCache } from '../cache.js';
 import getDatabase from '../database/index.js';
 import { useLogger } from '../logger/index.js';
-import { validateRemainingAdminUsers } from '../permissions/modules/validate-remaining-admin/validate-remaining-admin-users.js';
-import { createDefaultAccountability } from '../permissions/utils/create-default-accountability.js';
+import { checkIncreasedUserLimits } from '../telemetry/utils/check-increased-user-limits.js';
+import { getRoleCountsByRoles } from '../telemetry/utils/get-role-counts-by-roles.js';
+import { getRoleCountsByUsers } from '../telemetry/utils/get-role-counts-by-users.js';
+import {} from '../telemetry/utils/get-user-count.js';
+import { shouldCheckUserLimits } from '../telemetry/utils/should-check-user-limits.js';
 import { getSecret } from '../utils/get-secret.js';
 import isUrlAllowed from '../utils/is-url-allowed.js';
 import { verifyJWT } from '../utils/jwt.js';
 import { stall } from '../utils/stall.js';
 import { Url } from '../utils/url.js';
-import { UserIntegrityCheckFlag } from '../utils/validate-user-count-integrity.js';
 import { ItemsService } from './items.js';
 import { MailService } from './mail/index.js';
 import { SettingsService } from './settings.js';
@@ -87,11 +88,42 @@ export class UsersService extends ItemsService {
             }
         }
     }
+    async checkRemainingAdminExistence(excludeKeys) {
+        // Make sure there's at least one admin user left after this deletion is done
+        const otherAdminUsers = await this.knex
+            .count('*', { as: 'count' })
+            .from('directus_users')
+            .whereNotIn('directus_users.id', excludeKeys)
+            .andWhere({ 'directus_roles.admin_access': true })
+            .leftJoin('directus_roles', 'directus_users.role', 'directus_roles.id')
+            .first();
+        const otherAdminUsersCount = +(otherAdminUsers?.count || 0);
+        if (otherAdminUsersCount === 0) {
+            throw new UnprocessableContentError({ reason: `You can't remove the last admin user from the role` });
+        }
+    }
+    /**
+     * Make sure there's at least one active admin user when updating user status
+     */
+    async checkRemainingActiveAdmin(excludeKeys) {
+        const otherAdminUsers = await this.knex
+            .count('*', { as: 'count' })
+            .from('directus_users')
+            .whereNotIn('directus_users.id', excludeKeys)
+            .andWhere({ 'directus_roles.admin_access': true })
+            .andWhere({ 'directus_users.status': 'active' })
+            .leftJoin('directus_roles', 'directus_users.role', 'directus_roles.id')
+            .first();
+        const otherAdminUsersCount = +(otherAdminUsers?.count || 0);
+        if (otherAdminUsersCount === 0) {
+            throw new UnprocessableContentError({ reason: `You can't change the active status of the last admin user` });
+        }
+    }
     /**
      * Get basic information of user identified by email
      */
     async getUserByEmail(email) {
-        return this.knex
+        return await this.knex
             .select('id', 'role', 'status', 'password', 'email')
             .from('directus_users')
             .whereRaw(`LOWER(??) = ?`, ['email', email.toLowerCase()])
@@ -126,34 +158,51 @@ export class UsersService extends ItemsService {
     /**
      * Create a new user
      */
-    async createOne(data, opts = {}) {
+    async createOne(data, opts) {
         try {
-            if ('email' in data) {
+            if (data['email']) {
                 this.validateEmail(data['email']);
                 await this.checkUniqueEmails([data['email']]);
             }
-            if ('password' in data) {
+            if (data['password']) {
                 await this.checkPasswordPolicy([data['password']]);
             }
+            if (shouldCheckUserLimits() && data['role']) {
+                const increasedCounts = {
+                    admin: 0,
+                    app: 0,
+                    api: 0,
+                };
+                if (typeof data['role'] === 'object') {
+                    if ('admin_access' in data['role'] && data['role']['admin_access'] === true) {
+                        increasedCounts.admin++;
+                    }
+                    else if ('app_access' in data['role'] && data['role']['app_access'] === true) {
+                        increasedCounts.app++;
+                    }
+                    else {
+                        increasedCounts.api++;
+                    }
+                }
+                else {
+                    const existingRoleCounts = await getRoleCountsByRoles(this.knex, [data['role']]);
+                    mergeWith(increasedCounts, existingRoleCounts, (x, y) => x + y);
+                }
+                await checkIncreasedUserLimits(this.knex, increasedCounts);
+            }
         }
         catch (err) {
-            opts.preMutationError = err;
-        }
-        if (!('status' in data) || data['status'] === 'active') {
-            // Creating a user only requires checking user limits if the user is active, no need to care about the role
-            opts.userIntegrityCheckFlags =
-                (opts.userIntegrityCheckFlags ?? UserIntegrityCheckFlag.None) | UserIntegrityCheckFlag.UserLimits;
-            opts.onRequireUserIntegrityCheck?.(opts.userIntegrityCheckFlags);
+            (opts || (opts = {})).preMutationError = err;
         }
         return await super.createOne(data, opts);
     }
     /**
      * Create multiple new users
      */
-    async createMany(data, opts = {}) {
-        const emails = data.map((payload) => payload['email']).filter((email) => email);
-        const passwords = data.map((payload) => payload['password']).filter((password) => password);
-        const someActive = data.some((payload) => !('status' in payload) || payload['status'] === 'active');
+    async createMany(data, opts) {
+        const emails = data['map']((payload) => payload['email']).filter((email) => email);
+        const passwords = data['map']((payload) => payload['password']).filter((password) => password);
+        const roles = data['map']((payload) => payload['role']).filter((role) => role);
         try {
             if (emails.length) {
                 this.validateEmail(emails);
@@ -162,30 +211,96 @@ export class UsersService extends ItemsService {
             if (passwords.length) {
                 await this.checkPasswordPolicy(passwords);
             }
+            if (shouldCheckUserLimits() && roles.length) {
+                const increasedCounts = {
+                    admin: 0,
+                    app: 0,
+                    api: 0,
+                };
+                const existingRoles = [];
+                for (const role of roles) {
+                    if (typeof role === 'object') {
+                        if ('admin_access' in role && role['admin_access'] === true) {
+                            increasedCounts.admin++;
+                        }
+                        else if ('app_access' in role && role['app_access'] === true) {
+                            increasedCounts.app++;
+                        }
+                        else {
+                            increasedCounts.api++;
+                        }
+                    }
+                    else {
+                        existingRoles.push(role);
+                    }
+                }
+                const existingRoleCounts = await getRoleCountsByRoles(this.knex, existingRoles);
+                mergeWith(increasedCounts, existingRoleCounts, (x, y) => x + y);
+                await checkIncreasedUserLimits(this.knex, increasedCounts);
+            }
         }
         catch (err) {
-            opts.preMutationError = err;
-        }
-        if (someActive) {
-            // Creating users only requires checking user limits if the users are active, no need to care about the role
-            opts.userIntegrityCheckFlags =
-                (opts.userIntegrityCheckFlags ?? UserIntegrityCheckFlag.None) | UserIntegrityCheckFlag.UserLimits;
-            opts.onRequireUserIntegrityCheck?.(opts.userIntegrityCheckFlags);
+            (opts || (opts = {})).preMutationError = err;
         }
-        // Use generic ItemsService to avoid calling `UserService.createOne` to avoid additional work of validating emails,
-        // as this requires one query per email if done in `createOne`
-        const itemsService = new ItemsService(this.collection, {
-            schema: this.schema,
-            accountability: this.accountability,
-            knex: this.knex,
-        });
-        return await itemsService.createMany(data, opts);
+        return await super.createMany(data, opts);
     }
     /**
      * Update many users by primary key
      */
-    async updateMany(keys, data, opts = {}) {
+    async updateMany(keys, data, opts) {
         try {
+            const needsUserLimitCheck = shouldCheckUserLimits();
+            if (data['role']) {
+                /*
+                 * data['role'] has the following cases:
+                 * - a string with existing role id
+                 * - an object with existing role id for GraphQL mutations
+                 * - an object with data for new role
+                 */
+                const role = data['role']?.id ?? data['role'];
+                let newRole;
+                if (typeof role === 'string') {
+                    newRole = await this.knex
+                        .select('admin_access', 'app_access')
+                        .from('directus_roles')
+                        .where('id', role)
+                        .first();
+                }
+                else {
+                    newRole = role;
+                }
+                if (!newRole?.admin_access) {
+                    await this.checkRemainingAdminExistence(keys);
+                }
+                if (needsUserLimitCheck && newRole) {
+                    const existingCounts = await getRoleCountsByUsers(this.knex, keys);
+                    const increasedCounts = {
+                        admin: 0,
+                        app: 0,
+                        api: 0,
+                    };
+                    if (toBoolean(newRole.admin_access)) {
+                        increasedCounts.admin = keys.length - existingCounts.admin;
+                    }
+                    else if (toBoolean(newRole.app_access)) {
+                        increasedCounts.app = keys.length - existingCounts.app;
+                    }
+                    else {
+                        increasedCounts.api = keys.length - existingCounts.api;
+                    }
+                    await checkIncreasedUserLimits(this.knex, increasedCounts);
+                }
+            }
+            if (needsUserLimitCheck && data['role'] === null) {
+                await checkIncreasedUserLimits(this.knex, { admin: 0, app: 0, api: 1 });
+            }
+            if (data['status'] !== undefined && data['status'] !== 'active') {
+                await this.checkRemainingActiveAdmin(keys);
+            }
+            if (needsUserLimitCheck && data['status'] === 'active') {
+                const increasedCounts = await getRoleCountsByUsers(this.knex, keys, { inactiveUsers: true });
+                await checkIncreasedUserLimits(this.knex, increasedCounts);
+            }
             if (data['email']) {
                 if (keys.length > 1) {
                     throw new RecordNotUniqueError({
@@ -216,45 +331,19 @@ export class UsersService extends ItemsService {
             }
         }
         catch (err) {
-            opts.preMutationError = err;
-        }
-        if ('role' in data) {
-            opts.userIntegrityCheckFlags = UserIntegrityCheckFlag.All;
+            (opts || (opts = {})).preMutationError = err;
         }
-        if ('status' in data) {
-            if (data['status'] === 'active') {
-                // User are being activated, no need to check if there are enough admins
-                opts.userIntegrityCheckFlags =
-                    (opts.userIntegrityCheckFlags ?? UserIntegrityCheckFlag.None) | UserIntegrityCheckFlag.UserLimits;
-            }
-            else {
-                opts.userIntegrityCheckFlags = UserIntegrityCheckFlag.All;
-            }
-        }
-        if (opts.userIntegrityCheckFlags) {
-            opts.onRequireUserIntegrityCheck?.(opts.userIntegrityCheckFlags);
-        }
-        const result = await super.updateMany(keys, data, opts);
-        // Only clear the caches if the role has been updated
-        if ('role' in data) {
-            await this.clearCaches(opts);
-        }
-        return result;
+        return await super.updateMany(keys, data, opts);
     }
     /**
      * Delete multiple users by primary key
      */
-    async deleteMany(keys, opts = {}) {
-        if (opts?.onRequireUserIntegrityCheck) {
-            opts.onRequireUserIntegrityCheck(opts?.userIntegrityCheckFlags ?? UserIntegrityCheckFlag.None);
+    async deleteMany(keys, opts) {
+        try {
+            await this.checkRemainingAdminExistence(keys);
         }
-        else {
-            try {
-                await validateRemainingAdminUsers({ excludeUsers: keys }, { knex: this.knex, schema: this.schema });
-            }
-            catch (err) {
-                opts.preMutationError = err;
-            }
+        catch (err) {
+            (opts || (opts = {})).preMutationError = err;
         }
         // Manual constraint, see https://github.com/directus/directus/pull/19912
         await this.knex('directus_notifications').update({ sender: null }).whereIn('sender', keys);
@@ -477,16 +566,10 @@ export class UsersService extends ItemsService {
             knex: this.knex,
             schema: this.schema,
             accountability: {
-                ...(this.accountability ?? createDefaultAccountability()),
+                ...(this.accountability ?? { role: null }),
                 admin: true, // We need to skip permissions checks for the update call below
             },
         });
         await service.updateOne(user.id, { password, status: 'active' }, opts);
     }
-    async clearCaches(opts) {
-        await clearSystemCache({ autoPurgeCache: opts?.autoPurgeCache });
-        if (this.cache && opts?.autoPurgeCache !== false) {
-            await this.cache.clear();
-        }
-    }
 }

package/dist/services/utils.js CHANGED Viewed

@@ -3,8 +3,6 @@ import { systemCollectionRows } from '@directus/system-data';
 import { clearSystemCache, getCache } from '../cache.js';
 import getDatabase from '../database/index.js';
 import emitter from '../emitter.js';
-import { fetchAllowedFields } from '../permissions/modules/fetch-allowed-fields/fetch-allowed-fields.js';
-import { validateAccess } from '../permissions/modules/validate-access/validate-access.js';
 import { shouldClearCache } from '../utils/should-clear-cache.js';
 export class UtilsService {
     knex;
@@ -22,16 +20,14 @@ export class UtilsService {
         if (!sortField) {
             throw new InvalidPayloadError({ reason: `Collection "${collection}" doesn't have a sort field` });
         }
-        if (this.accountability && this.accountability.admin !== true) {
-            await validateAccess({
-                accountability: this.accountability,
-                action: 'update',
-                collection,
-            }, {
-                schema: this.schema,
-                knex: this.knex,
+        if (this.accountability?.admin !== true) {
+            const permissions = this.accountability?.permissions?.find((permission) => {
+                return permission.collection === collection && permission.action === 'update';
             });
-            const allowedFields = await fetchAllowedFields({ collection, action: 'update', accountability: this.accountability }, { schema: this.schema, knex: this.knex });
+            if (!permissions) {
+                throw new ForbiddenError();
+            }
+            const allowedFields = permissions.fields ?? [];
             if (allowedFields[0] !== '*' && allowedFields.includes(sortField) === false) {
                 throw new ForbiddenError();
             }

package/dist/services/versions.d.ts CHANGED Viewed

@@ -1,7 +1,9 @@
 import type { Item, PrimaryKey, Query } from '@directus/types';
 import type { AbstractServiceOptions, MutationOptions } from '../types/index.js';
+import { AuthorizationService } from './authorization.js';
 import { ItemsService } from './items.js';
 export declare class VersionsService extends ItemsService {
+    authorizationService: AuthorizationService;
     constructor(options: AbstractServiceOptions);
     private validateCreateData;
     getMainItem(collection: string, item: PrimaryKey, query?: Query): Promise<Item>;