npm - @directus/api - Versions diffs - 21.0.0-rc.0 → 21.0.0 - Mend

@directus/api 21.0.0-rc.0 → 21.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (285) hide show

package/dist/services/versions.js CHANGED Viewed

@@ -6,15 +6,21 @@ import objectHash from 'object-hash';
 import { getCache } from '../cache.js';
 import getDatabase from '../database/index.js';
 import emitter from '../emitter.js';
-import { validateAccess } from '../permissions/modules/validate-access/validate-access.js';
 import { shouldClearCache } from '../utils/should-clear-cache.js';
 import { ActivityService } from './activity.js';
+import { AuthorizationService } from './authorization.js';
 import { ItemsService } from './items.js';
 import { PayloadService } from './payload.js';
 import { RevisionsService } from './revisions.js';
 export class VersionsService extends ItemsService {
+    authorizationService;
     constructor(options) {
         super('directus_versions', options);
+        this.authorizationService = new AuthorizationService({
+            accountability: this.accountability,
+            knex: this.knex,
+            schema: this.schema,
+        });
     }
     async validateCreateData(data) {
         if (!data['key'])
@@ -49,31 +55,11 @@ export class VersionsService extends ItemsService {
             });
         }
         // will throw an error if the accountability does not have permission to read the item
-        if (this.accountability) {
-            await validateAccess({
-                accountability: this.accountability,
-                action: 'read',
-                collection: data['collection'],
-                primaryKeys: [data['item']],
-            }, {
-                schema: this.schema,
-                knex: this.knex,
-            });
-        }
+        await this.authorizationService.checkAccess('read', data['collection'], data['item']);
     }
     async getMainItem(collection, item, query) {
         // will throw an error if the accountability does not have permission to read the item
-        if (this.accountability) {
-            await validateAccess({
-                accountability: this.accountability,
-                action: 'read',
-                collection,
-                primaryKeys: [item],
-            }, {
-                schema: this.schema,
-                knex: this.knex,
-            });
-        }
+        await this.authorizationService.checkAccess('read', collection, item);
         const itemsService = new ItemsService(collection, {
             knex: this.knex,
             accountability: this.accountability,
@@ -214,17 +200,7 @@ export class VersionsService extends ItemsService {
     async promote(version, mainHash, fields) {
         const { id, collection, item } = (await this.readOne(version));
         // will throw an error if the accountability does not have permission to update the item
-        if (this.accountability) {
-            await validateAccess({
-                accountability: this.accountability,
-                action: 'update',
-                collection,
-                primaryKeys: [item],
-            }, {
-                schema: this.schema,
-                knex: this.knex,
-            });
-        }
+        await this.authorizationService.checkAccess('update', collection, item);
         const { outdated } = await this.verifyHash(collection, item, mainHash);
         if (outdated) {
             throw new UnprocessableContentError({

package/dist/telemetry/lib/get-report.js CHANGED Viewed

@@ -2,11 +2,11 @@ import { useEnv } from '@directus/env';
 import { version } from 'directus/version';
 import { getHelpers } from '../../database/helpers/index.js';
 import { getDatabase, getDatabaseClient } from '../../database/index.js';
-import { fetchUserCount } from '../../utils/fetch-user-count/fetch-user-count.js';
 import { getExtensionCount } from '../utils/get-extension-count.js';
 import { getFieldCount } from '../utils/get-field-count.js';
 import { getFilesizeSum } from '../utils/get-filesize-sum.js';
 import { getItemCount } from '../utils/get-item-count.js';
+import { getUserCount } from '../utils/get-user-count.js';
 import { getUserItemCount } from '../utils/get-user-item-count.js';
 const basicCountTasks = [
     { collection: 'directus_dashboards' },
@@ -27,7 +27,7 @@ export const getReport = async () => {
     const helpers = getHelpers(db);
     const [basicCounts, userCounts, userItemCount, fieldsCounts, extensionsCounts, databaseSize, filesizes] = await Promise.all([
         getItemCount(db, basicCountTasks),
-        fetchUserCount({ knex: db }),
+        getUserCount(db),
         getUserItemCount(db),
         getFieldCount(db),
         getExtensionCount(db),

package/dist/telemetry/utils/check-increased-user-limits.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { PrimaryKey } from '@directus/types';
+import type { Knex } from 'knex';
+import { type AccessTypeCount } from './get-user-count.js';
+/**
+ * Ensure that user limits are not reached
+ */
+export declare function checkIncreasedUserLimits(db: Knex, increasedUserCounts: AccessTypeCount, ignoreIds?: PrimaryKey[]): Promise<void>;

package/dist/telemetry/utils/check-increased-user-limits.js ADDED Viewed

@@ -0,0 +1,25 @@
+import { useEnv } from '@directus/env';
+import { LimitExceededError } from '@directus/errors';
+import { getUserCount } from './get-user-count.js';
+const env = useEnv();
+/**
+ * Ensure that user limits are not reached
+ */
+export async function checkIncreasedUserLimits(db, increasedUserCounts, ignoreIds = []) {
+    if (!increasedUserCounts.admin && !increasedUserCounts.app && !increasedUserCounts.api)
+        return;
+    const userCounts = await getUserCount(db, ignoreIds);
+    // Admins have full permissions, therefore should count under app access limit
+    const existingAppUsersCount = userCounts.admin + userCounts.app;
+    const newAppUsersCount = increasedUserCounts.admin + increasedUserCounts.app;
+    if (increasedUserCounts.admin > 0 &&
+        increasedUserCounts.admin + userCounts.admin > Number(env['USERS_ADMIN_ACCESS_LIMIT'])) {
+        throw new LimitExceededError({ category: 'Active Admin users' });
+    }
+    if (newAppUsersCount > 0 && newAppUsersCount + existingAppUsersCount > Number(env['USERS_APP_ACCESS_LIMIT'])) {
+        throw new LimitExceededError({ category: 'Active App users' });
+    }
+    if (increasedUserCounts.api > 0 && increasedUserCounts.api + userCounts.api > Number(env['USERS_API_ACCESS_LIMIT'])) {
+        throw new LimitExceededError({ category: 'Active API users' });
+    }
+}

package/dist/telemetry/utils/get-role-counts-by-roles.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import type { Knex } from 'knex';
+import { type AccessTypeCount } from './get-user-count.js';
+/**
+ * Get the role type counts by role IDs
+ */
+export declare function getRoleCountsByRoles(db: Knex, roles: string[]): Promise<AccessTypeCount>;

package/dist/telemetry/utils/get-role-counts-by-roles.js ADDED Viewed

@@ -0,0 +1,27 @@
+import { toBoolean } from '@directus/utils';
+import {} from './get-user-count.js';
+/**
+ * Get the role type counts by role IDs
+ */
+export async function getRoleCountsByRoles(db, roles) {
+    const counts = {
+        admin: 0,
+        app: 0,
+        api: 0,
+    };
+    const result = (await db.select('id', 'admin_access', 'app_access').from('directus_roles').whereIn('id', roles));
+    for (const role of result) {
+        const adminAccess = toBoolean(role.admin_access);
+        const appAccess = toBoolean(role.app_access);
+        if (adminAccess) {
+            counts.admin++;
+        }
+        else if (appAccess) {
+            counts.app++;
+        }
+        else {
+            counts.api++;
+        }
+    }
+    return counts;
+}

package/dist/telemetry/utils/get-role-counts-by-users.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import type { PrimaryKey } from '@directus/types';
+import type { Knex } from 'knex';
+import type { AccessTypeCount } from './get-user-count.js';
+type CountOptions = {
+    inactiveUsers?: boolean;
+};
+/**
+ * Get the role type counts by user IDs
+ */
+export declare function getRoleCountsByUsers(db: Knex, userIds: PrimaryKey[], options?: CountOptions): Promise<AccessTypeCount>;
+export {};

package/dist/telemetry/utils/get-role-counts-by-users.js ADDED Viewed

@@ -0,0 +1,34 @@
+import { toBoolean } from '@directus/utils';
+/**
+ * Get the role type counts by user IDs
+ */
+export async function getRoleCountsByUsers(db, userIds, options = {}) {
+    const counts = {
+        admin: 0,
+        app: 0,
+        api: 0,
+    };
+    const result = await db
+        .count('directus_users.id', { as: 'count' })
+        .select('directus_roles.admin_access', 'directus_roles.app_access')
+        .from('directus_users')
+        .whereIn('directus_users.id', userIds)
+        .andWhere('directus_users.status', options.inactiveUsers ? '!=' : '=', 'active')
+        .leftJoin('directus_roles', 'directus_users.role', '=', 'directus_roles.id')
+        .groupBy('directus_roles.admin_access', 'directus_roles.app_access');
+    for (const record of result) {
+        const adminAccess = toBoolean(record.admin_access);
+        const appAccess = toBoolean(record.app_access);
+        const count = Number(record.count);
+        if (adminAccess) {
+            counts.admin += count;
+        }
+        else if (appAccess) {
+            counts.app += count;
+        }
+        else {
+            counts.api += count;
+        }
+    }
+    return counts;
+}

package/dist/telemetry/utils/get-user-count.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import type { PrimaryKey } from '@directus/types';
+import { type Knex } from 'knex';
+export interface AccessTypeCount {
+    admin: number;
+    app: number;
+    api: number;
+}
+export declare const getUserCount: (db: Knex, ignoreIds?: PrimaryKey[]) => Promise<AccessTypeCount>;

package/dist/telemetry/utils/get-user-count.js ADDED Viewed

@@ -0,0 +1,33 @@
+import { toBoolean } from '@directus/utils';
+import {} from 'knex';
+export const getUserCount = async (db, ignoreIds = []) => {
+    const counts = {
+        admin: 0,
+        app: 0,
+        api: 0,
+    };
+    const result = (await db
+        .count('directus_users.id', { as: 'count' })
+        .select('directus_roles.admin_access', 'directus_roles.app_access')
+        .from('directus_users')
+        .whereNotIn('directus_users.id', ignoreIds)
+        .andWhere('directus_users.status', 'active')
+        .leftJoin('directus_roles', 'directus_users.role', '=', 'directus_roles.id')
+        .where('directus_users.status', '=', 'active')
+        .groupBy('directus_roles.admin_access', 'directus_roles.app_access'));
+    for (const record of result) {
+        const adminAccess = toBoolean(record.admin_access);
+        const appAccess = toBoolean(record.app_access);
+        const count = Number(record.count);
+        if (adminAccess) {
+            counts.admin += count;
+        }
+        else if (appAccess) {
+            counts.app += count;
+        }
+        else {
+            counts.api += count;
+        }
+    }
+    return counts;
+};

package/dist/telemetry/utils/get-user-counts-by-roles.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { PrimaryKey } from '@directus/types';
+import type { Knex } from 'knex';
+import { type AccessTypeCount } from './get-user-count.js';
+/**
+ * Get the user type counts by role IDs
+ */
+export declare function getUserCountsByRoles(db: Knex, roleIds: PrimaryKey[]): Promise<AccessTypeCount>;

package/dist/telemetry/utils/get-user-counts-by-roles.js ADDED Viewed

@@ -0,0 +1,35 @@
+import { toBoolean } from '@directus/utils';
+import {} from './get-user-count.js';
+/**
+ * Get the user type counts by role IDs
+ */
+export async function getUserCountsByRoles(db, roleIds) {
+    const counts = {
+        admin: 0,
+        app: 0,
+        api: 0,
+    };
+    const result = (await db
+        .count('directus_users.id', { as: 'count' })
+        .select('directus_roles.admin_access', 'directus_roles.app_access')
+        .from('directus_users')
+        .whereIn('directus_roles.id', roleIds)
+        .andWhere('directus_users.status', '=', 'active')
+        .leftJoin('directus_roles', 'directus_users.role', '=', 'directus_roles.id')
+        .groupBy('directus_roles.admin_access', 'directus_roles.app_access'));
+    for (const record of result) {
+        const adminAccess = toBoolean(record.admin_access);
+        const appAccess = toBoolean(record.app_access);
+        const count = Number(record.count);
+        if (adminAccess) {
+            counts.admin += count;
+        }
+        else if (appAccess) {
+            counts.app += count;
+        }
+        else {
+            counts.api += count;
+        }
+    }
+    return counts;
+}

package/dist/types/ast.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { Filter, Query, Relation } from '@directus/types';
+import type { Query, Relation } from '@directus/types';
 export type M2ONode = {
     type: 'm2o';
     name: string;
@@ -8,14 +8,6 @@ export type M2ONode = {
     relation: Relation;
     parentKey: string;
     relatedKey: string;
-    /**
-     * Which permission cases have to be met on the current item for this field to return a value
-     */
-    whenCase: number[];
-    /**
-     * Permissions rules for the item access of the children of this item.
-     */
-    cases: Filter[];
 };
 export type A2MNode = {
     type: 'a2o';
@@ -32,16 +24,6 @@ export type A2MNode = {
     fieldKey: string;
     relation: Relation;
     parentKey: string;
-    /**
-     * Which permission cases have to be met on the current item for this field to return a value
-     */
-    whenCase: number[];
-    /**
-     * Permissions rules for the item access of the children of this item.
-     */
-    cases: {
-        [collection: string]: Filter[];
-    };
 };
 export type O2MNode = {
     type: 'o2m';
@@ -52,24 +34,12 @@ export type O2MNode = {
     relation: Relation;
     parentKey: string;
     relatedKey: string;
-    /**
-     * Which permission cases have to be met on the current item for this field to return a value
-     */
-    whenCase: number[];
-    /**
-     * Permissions rules for the item access of the children of this item.
-     */
-    cases: Filter[];
 };
 export type NestedCollectionNode = M2ONode | O2MNode | A2MNode;
 export type FieldNode = {
     type: 'field';
     name: string;
     fieldKey: string;
-    /**
-     * Which permission cases have to be met on the current item for this field to return a value
-     */
-    whenCase: number[];
 };
 export type FunctionFieldNode = {
     type: 'functionField';
@@ -77,22 +47,10 @@ export type FunctionFieldNode = {
     fieldKey: string;
     query: Query;
     relatedCollection: string;
-    /**
-     * Which permission cases have to be met on the current item for this field to return a value
-     */
-    whenCase: number[];
-    /**
-     * Permissions rules for the item access of the related collection of this item.
-     */
-    cases: Filter[];
 };
 export type AST = {
     type: 'root';
     name: string;
     children: (NestedCollectionNode | FieldNode | FunctionFieldNode)[];
     query: Query;
-    /**
-     * Permissions rules for the item access of the children of this item.
-     */
-    cases: Filter[];
 };

package/dist/types/items.d.ts CHANGED Viewed

@@ -1,7 +1,6 @@
 import type { DirectusError } from '@directus/errors';
 import type { EventContext, PrimaryKey } from '@directus/types';
 import type { MutationTracker } from '../services/items.js';
-import type { UserIntegrityCheckFlag } from '../utils/validate-user-count-integrity.js';
 export type MutationOptions = {
     /**
      * Callback function that's fired whenever a revision is made in the mutation
@@ -34,16 +33,6 @@ export type MutationOptions = {
     mutationTracker?: MutationTracker | undefined;
     preMutationError?: DirectusError | undefined;
     bypassAutoIncrementSequenceReset?: boolean;
-    /**
-     * Indicate that the top level mutation needs to perform a user integrity check before commiting the transaction
-     * This is a combination of flags
-     * @see UserIntegrityCheckFlag
-     */
-    userIntegrityCheckFlags?: UserIntegrityCheckFlag;
-    /**
-     * Callback function that is called whenever a mutation requires a user integrity check to be made
-     */
-    onRequireUserIntegrityCheck?: ((flags: UserIntegrityCheckFlag) => void) | undefined;
 };
 export type ActionEventParams = {
     event: string | string[];

package/dist/utils/apply-query.d.ts CHANGED Viewed

@@ -5,7 +5,7 @@ export declare const generateAlias: (size?: number | undefined) => string;
 /**
  * Apply the Query to a given Knex query builder instance
  */
-export default function applyQuery(knex: Knex, collection: string, dbQuery: Knex.QueryBuilder, query: Query, schema: SchemaOverview, cases: Filter[], options?: {
+export default function applyQuery(knex: Knex, collection: string, dbQuery: Knex.QueryBuilder, query: Query, schema: SchemaOverview, options?: {
     aliasMap?: AliasMap;
     isInnerQuery?: boolean;
     hasMultiRelationalSort?: boolean | undefined;
@@ -32,11 +32,10 @@ export declare function applySort(knex: Knex, schema: SchemaOverview, rootQuery:
 };
 export declare function applyLimit(knex: Knex, rootQuery: Knex.QueryBuilder, limit: any): void;
 export declare function applyOffset(knex: Knex, rootQuery: Knex.QueryBuilder, offset: any): void;
-export declare function applyFilter(knex: Knex, schema: SchemaOverview, rootQuery: Knex.QueryBuilder, rootFilter: Filter, collection: string, aliasMap: AliasMap, cases: Filter[]): {
+export declare function applyFilter(knex: Knex, schema: SchemaOverview, rootQuery: Knex.QueryBuilder, rootFilter: Filter, collection: string, aliasMap: AliasMap): {
     query: Knex.QueryBuilder<any, any>;
     hasJoins: boolean;
     hasMultiRelationalFilter: boolean;
 };
-export declare function applySearch(knex: Knex, schema: SchemaOverview, dbQuery: Knex.QueryBuilder, searchQuery: string, collection: string): void;
+export declare function applySearch(knex: Knex, schema: SchemaOverview, dbQuery: Knex.QueryBuilder, searchQuery: string, collection: string): Promise<void>;
 export declare function applyAggregate(schema: SchemaOverview, dbQuery: Knex.QueryBuilder, aggregate: Aggregate, collection: string, hasJoins: boolean): void;
-export declare function joinFilterWithCases(filter: Filter | null | undefined, cases: Filter[]): Filter | null;

package/dist/utils/apply-query.js CHANGED Viewed

@@ -14,7 +14,7 @@ export const generateAlias = customAlphabet('abcdefghijklmnopqrstuvwxyz', 5);
 /**
  * Apply the Query to a given Knex query builder instance
  */
-export default function applyQuery(knex, collection, dbQuery, query, schema, cases, options) {
+export default function applyQuery(knex, collection, dbQuery, query, schema, options) {
     const aliasMap = options?.aliasMap ?? Object.create(null);
     let hasJoins = false;
     let hasMultiRelationalFilter = false;
@@ -37,14 +37,8 @@ export default function applyQuery(knex, collection, dbQuery, query, schema, cas
     if (query.group) {
         dbQuery.groupBy(query.group.map((column) => getColumn(knex, collection, column, false, schema)));
     }
-    // `cases` are the permissions cases that are required for the current data set. We're
-    // dynamically adding those into the filters that the user provided to enforce the permission
-    // rules. You should be able to read an item if one or more of the cases matches. The actual case
-    // is reused in the column selection case/when to dynamically return or nullify the field values
-    // you're actually allowed to read
-    const filter = joinFilterWithCases(query.filter, cases);
-    if (filter) {
-        const filterResult = applyFilter(knex, schema, dbQuery, filter, collection, aliasMap, cases);
+    if (query.filter) {
+        const filterResult = applyFilter(knex, schema, dbQuery, query.filter, collection, aliasMap);
         if (!hasJoins) {
             hasJoins = filterResult.hasJoins;
         }
@@ -232,7 +226,7 @@ export function applyOffset(knex, rootQuery, offset) {
         getHelpers(knex).schema.applyOffset(rootQuery, offset);
     }
 }
-export function applyFilter(knex, schema, rootQuery, rootFilter, collection, aliasMap, cases) {
+export function applyFilter(knex, schema, rootQuery, rootFilter, collection, aliasMap) {
     const helpers = getHelpers(knex);
     const relations = schema.relations;
     let hasJoins = false;
@@ -241,23 +235,12 @@ export function applyFilter(knex, schema, rootQuery, rootFilter, collection, ali
     addWhereClauses(knex, rootQuery, rootFilter, collection);
     return { query: rootQuery, hasJoins, hasMultiRelationalFilter };
     function addJoins(dbQuery, filter, collection) {
-        // eslint-disable-next-line prefer-const
-        for (let [key, value] of Object.entries(filter)) {
+        for (const [key, value] of Object.entries(filter)) {
             if (key === '_or' || key === '_and') {
                 // If the _or array contains an empty object (full permissions), we should short-circuit and ignore all other
                 // permission checks, as {} already matches full permissions.
                 if (key === '_or' && value.some((subFilter) => Object.keys(subFilter).length === 0)) {
-                    // But only do so, if the value is not equal to `cases` (since then this is not permission related at all)
-                    // or the length of value is 1, ie. only the empty filter.
-                    // If the length is more than one it means that some items (and fields) might now be available, so
-                    // the joins are required for the case/when construction.
-                    if (value !== cases || value.length === 1) {
-                        continue;
-                    }
-                    else {
-                        // Otherwise we can at least filter out all empty filters that would not add joins anyway
-                        value = value.filter((subFilter) => Object.keys(subFilter).length > 0);
-                    }
+                    continue;
                 }
                 value.forEach((subFilter) => {
                     addJoins(dbQuery, subFilter, collection);
@@ -328,7 +311,7 @@ export function applyFilter(knex, schema, rootQuery, rootFilter, collection, ali
                             .select({ [field]: column })
                             .from(collection)
                             .whereNotNull(column);
-                        applyQuery(knex, relation.collection, subQueryKnex, { filter }, schema, cases);
+                        applyQuery(knex, relation.collection, subQueryKnex, { filter }, schema);
                     };
                     const childKey = Object.keys(value)?.[0];
                     if (childKey === '_none') {
@@ -408,11 +391,17 @@ export function applyFilter(knex, schema, rootQuery, rootFilter, collection, ali
             // Knex supports "raw" in the columnName parameter, but isn't typed as such. Too bad..
             // See https://github.com/knex/knex/issues/4518 @TODO remove as any once knex is updated
             // These operators don't rely on a value, and can thus be used without one (eg `?filter[field][_null]`)
-            if ((operator === '_null' && compareValue !== false) || (operator === '_nnull' && compareValue === false)) {
+            if ((operator === '_null' && compareValue !== false) ||
+                (operator === '_nnull' && compareValue === false) ||
+                (operator === '_eq' && compareValue === null)) {
                 dbQuery[logical].whereNull(selectionRaw);
+                return;
             }
-            if ((operator === '_nnull' && compareValue !== false) || (operator === '_null' && compareValue === false)) {
+            if ((operator === '_nnull' && compareValue !== false) ||
+                (operator === '_null' && compareValue === false) ||
+                (operator === '_neq' && compareValue === null)) {
                 dbQuery[logical].whereNotNull(selectionRaw);
+                return;
             }
             if ((operator === '_empty' && compareValue !== false) || (operator === '_nempty' && compareValue === false)) {
                 dbQuery[logical].andWhere((query) => {
@@ -568,7 +557,7 @@ export function applyFilter(knex, schema, rootQuery, rootFilter, collection, ali
         }
     }
 }
-export function applySearch(knex, schema, dbQuery, searchQuery, collection) {
+export async function applySearch(knex, schema, dbQuery, searchQuery, collection) {
     const { number: numberHelper } = getHelpers(knex);
     const fields = Object.entries(schema.collections[collection].fields);
     dbQuery.andWhere(function () {
@@ -644,18 +633,6 @@ export function applyAggregate(schema, dbQuery, aggregate, collection, hasJoins)
         }
     }
 }
-export function joinFilterWithCases(filter, cases) {
-    if (cases.length > 0 && !filter) {
-        return { _or: cases };
-    }
-    else if (filter && cases.length === 0) {
-        return filter ?? null;
-    }
-    else if (filter && cases.length > 0) {
-        return { _and: [filter, { _or: cases }] };
-    }
-    return null;
-}
 function getFilterPath(key, value) {
     const path = [key];
     const childKey = Object.keys(value)[0];

package/dist/utils/get-accountability-for-role.js CHANGED Viewed

@@ -1,31 +1,40 @@
-import { fetchRolesTree } from '../permissions/lib/fetch-roles-tree.js';
-import { fetchGlobalAccess } from '../permissions/modules/fetch-global-access/fetch-global-access.js';
-import { createDefaultAccountability } from '../permissions/utils/create-default-accountability.js';
+import { getPermissions } from './get-permissions.js';
 export async function getAccountabilityForRole(role, context) {
-    let generatedAccountability;
+    let generatedAccountability = context.accountability;
     if (role === null) {
-        generatedAccountability = createDefaultAccountability();
+        generatedAccountability = {
+            role: null,
+            user: null,
+            admin: false,
+            app: false,
+        };
+        generatedAccountability.permissions = await getPermissions(generatedAccountability, context.schema);
     }
     else if (role === 'system') {
-        generatedAccountability = createDefaultAccountability({
+        generatedAccountability = {
+            user: null,
+            role: null,
             admin: true,
             app: true,
-        });
+            permissions: [],
+        };
     }
     else {
-        const roles = await fetchRolesTree(role, context.database);
-        // The roles tree should always include the passed role. If it doesn't, it's because it
-        // couldn't be read from the database and therefore doesn't exist
-        if (roles.length === 0) {
+        const roleInfo = await context.database
+            .select(['app_access', 'admin_access'])
+            .from('directus_roles')
+            .where({ id: role })
+            .first();
+        if (!roleInfo) {
             throw new Error(`Configured role "${role}" isn't a valid role ID or doesn't exist.`);
         }
-        const globalAccess = await fetchGlobalAccess({ user: null, roles, ip: context.accountability?.ip ?? null }, context.database);
-        generatedAccountability = createDefaultAccountability({
+        generatedAccountability = {
             role,
-            roles,
             user: null,
-            ...globalAccess,
-        });
+            admin: roleInfo.admin_access === 1 || roleInfo.admin_access === '1' || roleInfo.admin_access === true,
+            app: roleInfo.app_access === 1 || roleInfo.app_access === '1' || roleInfo.app_access === true,
+        };
+        generatedAccountability.permissions = await getPermissions(generatedAccountability, context.schema);
     }
     return generatedAccountability;
 }