npm - @directus/api - Versions diffs - 21.0.0-rc.0 → 21.0.0 - Mend

@directus/api 21.0.0-rc.0 → 21.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (285) hide show

package/dist/utils/get-accountability-for-token.js CHANGED Viewed

@@ -1,40 +1,41 @@
 import { InvalidCredentialsError } from '@directus/errors';
 import getDatabase from '../database/index.js';
-import { fetchRolesTree } from '../permissions/lib/fetch-roles-tree.js';
-import { fetchGlobalAccess } from '../permissions/modules/fetch-global-access/fetch-global-access.js';
-import { createDefaultAccountability } from '../permissions/utils/create-default-accountability.js';
 import { getSecret } from './get-secret.js';
 import isDirectusJWT from './is-directus-jwt.js';
-import { verifyAccessJWT } from './jwt.js';
 import { verifySessionJWT } from './verify-session-jwt.js';
+import { verifyAccessJWT } from './jwt.js';
 export async function getAccountabilityForToken(token, accountability) {
     if (!accountability) {
-        accountability = createDefaultAccountability();
+        accountability = {
+            user: null,
+            role: null,
+            admin: false,
+            app: false,
+        };
     }
-    // Try finding the user with the provided token
-    const database = getDatabase();
     if (token) {
         if (isDirectusJWT(token)) {
             const payload = verifyAccessJWT(token, getSecret());
             if ('session' in payload) {
                 await verifySessionJWT(payload);
             }
+            accountability.role = payload.role;
+            accountability.admin = payload.admin_access === true || payload.admin_access == 1;
+            accountability.app = payload.app_access === true || payload.app_access == 1;
             if (payload.share)
                 accountability.share = payload.share;
             if (payload.share_scope)
                 accountability.share_scope = payload.share_scope;
             if (payload.id)
                 accountability.user = payload.id;
-            accountability.role = payload.role;
-            accountability.roles = await fetchRolesTree(payload.role, database);
-            const { admin, app } = await fetchGlobalAccess(accountability, database);
-            accountability.admin = admin;
-            accountability.app = app;
         }
         else {
+            // Try finding the user with the provided token
+            const database = getDatabase();
             const user = await database
-                .select('directus_users.id', 'directus_users.role')
+                .select('directus_users.id', 'directus_users.role', 'directus_roles.admin_access', 'directus_roles.app_access')
                 .from('directus_users')
+                .leftJoin('directus_roles', 'directus_users.role', 'directus_roles.id')
                 .where({
                 'directus_users.token': token,
                 status: 'active',
@@ -45,10 +46,8 @@ export async function getAccountabilityForToken(token, accountability) {
             }
             accountability.user = user.id;
             accountability.role = user.role;
-            accountability.roles = await fetchRolesTree(user.role, database);
-            const { admin, app } = await fetchGlobalAccess(accountability, database);
-            accountability.admin = admin;
-            accountability.app = app;
+            accountability.admin = user.admin_access === true || user.admin_access == 1;
+            accountability.app = user.app_access === true || user.app_access == 1;
         }
     }
     return accountability;

package/dist/utils/get-ast-from-query.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * Generate an AST based on a given collection and query
+ */
+import type { Accountability, PermissionsAction, Query, SchemaOverview } from '@directus/types';
+import type { Knex } from 'knex';
+import type { AST } from '../types/index.js';
+type GetASTOptions = {
+    accountability?: Accountability | null;
+    action?: PermissionsAction;
+    knex?: Knex;
+};
+export default function getASTFromQuery(collection: string, query: Query, schema: SchemaOverview, options?: GetASTOptions): Promise<AST>;
+export {};

package/dist/utils/get-ast-from-query.js ADDED Viewed

@@ -0,0 +1,297 @@
+/**
+ * Generate an AST based on a given collection and query
+ */
+import { REGEX_BETWEEN_PARENS } from '@directus/constants';
+import { cloneDeep, isEmpty, mapKeys, omitBy, uniq } from 'lodash-es';
+import { getRelationType } from './get-relation-type.js';
+export default async function getASTFromQuery(collection, query, schema, options) {
+    query = cloneDeep(query);
+    const accountability = options?.accountability;
+    const action = options?.action || 'read';
+    const permissions = accountability && accountability.admin !== true
+        ? accountability?.permissions?.filter((permission) => {
+            return permission.action === action;
+        }) ?? []
+        : null;
+    const ast = {
+        type: 'root',
+        name: collection,
+        query: query,
+        children: [],
+    };
+    let fields = ['*'];
+    if (query.fields) {
+        fields = query.fields;
+    }
+    /**
+     * When using aggregate functions, you can't have any other regular fields
+     * selected. This makes sure you never end up in a non-aggregate fields selection error
+     */
+    if (Object.keys(query.aggregate || {}).length > 0) {
+        fields = [];
+    }
+    /**
+     * Similarly, when grouping on a specific field, you can't have other non-aggregated fields.
+     * The group query will override the fields query
+     */
+    if (query.group) {
+        fields = query.group;
+    }
+    fields = uniq(fields);
+    const deep = query.deep || {};
+    // Prevent fields/deep from showing up in the query object in further use
+    delete query.fields;
+    delete query.deep;
+    if (!query.sort) {
+        // We'll default to the primary key for the standard sort output
+        let sortField = schema.collections[collection].primary;
+        // If a custom manual sort field is configured, use that
+        if (schema.collections[collection]?.sortField) {
+            sortField = schema.collections[collection].sortField;
+        }
+        // When group by is used, default to the first column provided in the group by clause
+        if (query.group?.[0]) {
+            sortField = query.group[0];
+        }
+        query.sort = [sortField];
+    }
+    // When no group by is supplied, but an aggregate function is used, only a single row will be
+    // returned. In those cases, we'll ignore the sort field altogether
+    if (query.aggregate && Object.keys(query.aggregate).length && !query.group?.[0]) {
+        delete query.sort;
+    }
+    ast.children = await parseFields(collection, fields, deep);
+    return ast;
+    async function parseFields(parentCollection, fields, deep) {
+        if (!fields)
+            return [];
+        fields = await convertWildcards(parentCollection, fields);
+        if (!fields || !Array.isArray(fields))
+            return [];
+        const children = [];
+        const relationalStructure = Object.create(null);
+        for (const fieldKey of fields) {
+            let name = fieldKey;
+            if (query.alias) {
+                // check for field alias (is one of the key)
+                if (name in query.alias) {
+                    name = query.alias[fieldKey];
+                }
+            }
+            const isRelational = name.includes('.') ||
+                // We'll always treat top level o2m fields as a related item. This is an alias field, otherwise it won't return
+                // anything
+                !!schema.relations.find((relation) => relation.related_collection === parentCollection && relation.meta?.one_field === name);
+            if (isRelational) {
+                // field is relational
+                const parts = fieldKey.split('.');
+                let rootField = parts[0];
+                let collectionScope = null;
+                // a2o related collection scoped field selector `fields=sections.section_id:headings.title`
+                if (rootField.includes(':')) {
+                    const [key, scope] = rootField.split(':');
+                    rootField = key;
+                    collectionScope = scope;
+                }
+                if (rootField in relationalStructure === false) {
+                    if (collectionScope) {
+                        relationalStructure[rootField] = { [collectionScope]: [] };
+                    }
+                    else {
+                        relationalStructure[rootField] = [];
+                    }
+                }
+                if (parts.length > 1) {
+                    const childKey = parts.slice(1).join('.');
+                    if (collectionScope) {
+                        if (collectionScope in relationalStructure[rootField] === false) {
+                            relationalStructure[rootField][collectionScope] = [];
+                        }
+                        relationalStructure[rootField][collectionScope].push(childKey);
+                    }
+                    else {
+                        relationalStructure[rootField].push(childKey);
+                    }
+                }
+            }
+            else {
+                if (fieldKey.includes('(') && fieldKey.includes(')')) {
+                    const columnName = fieldKey.match(REGEX_BETWEEN_PARENS)[1];
+                    const foundField = schema.collections[parentCollection].fields[columnName];
+                    if (foundField && foundField.type === 'alias') {
+                        const foundRelation = schema.relations.find((relation) => relation.related_collection === parentCollection && relation.meta?.one_field === columnName);
+                        if (foundRelation) {
+                            children.push({
+                                type: 'functionField',
+                                name,
+                                fieldKey,
+                                query: {},
+                                relatedCollection: foundRelation.collection,
+                            });
+                            continue;
+                        }
+                    }
+                }
+                children.push({ type: 'field', name, fieldKey });
+            }
+        }
+        for (const [fieldKey, nestedFields] of Object.entries(relationalStructure)) {
+            let fieldName = fieldKey;
+            if (query.alias && fieldKey in query.alias) {
+                fieldName = query.alias[fieldKey];
+            }
+            const relatedCollection = getRelatedCollection(parentCollection, fieldName);
+            const relation = getRelation(parentCollection, fieldName);
+            if (!relation)
+                continue;
+            const relationType = getRelationType({
+                relation,
+                collection: parentCollection,
+                field: fieldName,
+            });
+            if (!relationType)
+                continue;
+            let child = null;
+            if (relationType === 'a2o') {
+                const allowedCollections = relation.meta.one_allowed_collections.filter((collection) => {
+                    if (!permissions)
+                        return true;
+                    return permissions.some((permission) => permission.collection === collection);
+                });
+                child = {
+                    type: 'a2o',
+                    names: allowedCollections,
+                    children: {},
+                    query: {},
+                    relatedKey: {},
+                    parentKey: schema.collections[parentCollection].primary,
+                    fieldKey: fieldKey,
+                    relation: relation,
+                };
+                for (const relatedCollection of allowedCollections) {
+                    child.children[relatedCollection] = await parseFields(relatedCollection, Array.isArray(nestedFields) ? nestedFields : nestedFields[relatedCollection] || [], deep?.[`${fieldKey}:${relatedCollection}`]);
+                    child.query[relatedCollection] = getDeepQuery(deep?.[`${fieldKey}:${relatedCollection}`] || {});
+                    child.relatedKey[relatedCollection] = schema.collections[relatedCollection].primary;
+                }
+            }
+            else if (relatedCollection) {
+                if (permissions && permissions.some((permission) => permission.collection === relatedCollection) === false) {
+                    continue;
+                }
+                // update query alias for children parseFields
+                const deepAlias = getDeepQuery(deep?.[fieldKey] || {})?.['alias'];
+                if (!isEmpty(deepAlias))
+                    query.alias = deepAlias;
+                child = {
+                    type: relationType,
+                    name: relatedCollection,
+                    fieldKey: fieldKey,
+                    parentKey: schema.collections[parentCollection].primary,
+                    relatedKey: schema.collections[relatedCollection].primary,
+                    relation: relation,
+                    query: getDeepQuery(deep?.[fieldKey] || {}),
+                    children: await parseFields(relatedCollection, nestedFields, deep?.[fieldKey] || {}),
+                };
+                if (relationType === 'o2m' && !child.query.sort) {
+                    child.query.sort = [relation.meta?.sort_field || schema.collections[relation.collection].primary];
+                }
+            }
+            if (child) {
+                children.push(child);
+            }
+        }
+        // Deduplicate any children fields that are included both as a regular field, and as a nested m2o field
+        const nestedCollectionNodes = children.filter((childNode) => childNode.type !== 'field');
+        return children.filter((childNode) => {
+            const existsAsNestedRelational = !!nestedCollectionNodes.find((nestedCollectionNode) => childNode.fieldKey === nestedCollectionNode.fieldKey);
+            if (childNode.type === 'field' && existsAsNestedRelational)
+                return false;
+            return true;
+        });
+    }
+    async function convertWildcards(parentCollection, fields) {
+        fields = cloneDeep(fields);
+        const fieldsInCollection = Object.entries(schema.collections[parentCollection].fields).map(([name]) => name);
+        let allowedFields = fieldsInCollection;
+        if (permissions) {
+            const permittedFields = permissions.find((permission) => parentCollection === permission.collection)?.fields;
+            if (permittedFields !== undefined)
+                allowedFields = permittedFields;
+        }
+        if (!allowedFields || allowedFields.length === 0)
+            return [];
+        // In case of full read permissions
+        if (allowedFields[0] === '*')
+            allowedFields = fieldsInCollection;
+        for (let index = 0; index < fields.length; index++) {
+            const fieldKey = fields[index];
+            if (fieldKey.includes('*') === false)
+                continue;
+            if (fieldKey === '*') {
+                const aliases = Object.keys(query.alias ?? {});
+                // Set to all fields in collection
+                if (allowedFields.includes('*')) {
+                    fields.splice(index, 1, ...fieldsInCollection, ...aliases);
+                }
+                else {
+                    // Set to all allowed fields
+                    const allowedAliases = aliases.filter((fieldKey) => {
+                        const name = query.alias[fieldKey];
+                        return allowedFields.includes(name);
+                    });
+                    fields.splice(index, 1, ...allowedFields, ...allowedAliases);
+                }
+            }
+            // Swap *.* case for *,<relational-field>.*,<another-relational>.*
+            if (fieldKey.includes('.') && fieldKey.split('.')[0] === '*') {
+                const parts = fieldKey.split('.');
+                const relationalFields = allowedFields.includes('*')
+                    ? schema.relations
+                        .filter((relation) => relation.collection === parentCollection || relation.related_collection === parentCollection)
+                        .map((relation) => {
+                        const isMany = relation.collection === parentCollection;
+                        return isMany ? relation.field : relation.meta?.one_field;
+                    })
+                    : allowedFields.filter((fieldKey) => !!getRelation(parentCollection, fieldKey));
+                const nonRelationalFields = allowedFields.filter((fieldKey) => relationalFields.includes(fieldKey) === false);
+                const aliasFields = Object.keys(query.alias ?? {}).map((fieldKey) => {
+                    const name = query.alias[fieldKey];
+                    if (relationalFields.includes(name)) {
+                        return `${fieldKey}.${parts.slice(1).join('.')}`;
+                    }
+                    return fieldKey;
+                });
+                fields.splice(index, 1, ...[
+                    ...relationalFields.map((relationalField) => {
+                        return `${relationalField}.${parts.slice(1).join('.')}`;
+                    }),
+                    ...nonRelationalFields,
+                    ...aliasFields,
+                ]);
+            }
+        }
+        return fields;
+    }
+    function getRelation(collection, field) {
+        const relation = schema.relations.find((relation) => {
+            return ((relation.collection === collection && relation.field === field) ||
+                (relation.related_collection === collection && relation.meta?.one_field === field));
+        });
+        return relation;
+    }
+    function getRelatedCollection(collection, field) {
+        const relation = getRelation(collection, field);
+        if (!relation)
+            return null;
+        if (relation.collection === collection && relation.field === field) {
+            return relation.related_collection || null;
+        }
+        if (relation.related_collection === collection && relation.meta?.one_field === field) {
+            return relation.collection || null;
+        }
+        return null;
+    }
+}
+function getDeepQuery(query) {
+    return mapKeys(omitBy(query, (_value, key) => key.startsWith('_') === false), (_value, key) => key.substring(1));
+}

package/dist/utils/get-cache-key.d.ts CHANGED Viewed

@@ -1,3 +1,3 @@
 /// <reference types="cookie-parser" />
 import type { Request } from 'express';
-export declare function getCacheKey(req: Request): Promise<string>;
+export declare function getCacheKey(req: Request): string;

package/dist/utils/get-cache-key.js CHANGED Viewed

@@ -1,26 +1,15 @@
 import hash from 'object-hash';
 import url from 'url';
-import getDatabase from '../database/index.js';
-import { fetchPoliciesIpAccess } from '../permissions/modules/fetch-policies-ip-access/fetch-policies-ip-access.js';
 import { getGraphqlQueryAndVariables } from './get-graphql-query-and-variables.js';
 import { version } from 'directus/version';
-import { ipInNetworks } from './ip-in-networks.js';
-export async function getCacheKey(req) {
+export function getCacheKey(req) {
     const path = url.parse(req.originalUrl).pathname;
     const isGraphQl = path?.startsWith('/graphql');
-    let includeIp = false;
-    if (req.accountability && req.accountability.ip) {
-        // Check if the IP influences the result of the request, that can be the case if some policies have an ip_access
-        // filter and the request IP matches any of those filters
-        const ipFilters = await fetchPoliciesIpAccess(req.accountability, getDatabase());
-        includeIp = ipFilters.length > 0 && ipFilters.some((networks) => ipInNetworks(req.accountability.ip, networks));
-    }
     const info = {
         version,
         user: req.accountability?.user || null,
         path,
         query: isGraphQl ? getGraphqlQueryAndVariables(req) : req.sanitizedQuery,
-        ...(includeIp && { ip: req.accountability.ip }),
     };
     const key = hash(info);
     return key;

package/dist/utils/get-column.d.ts CHANGED Viewed

@@ -1,8 +1,7 @@
-import type { Filter, Query, SchemaOverview } from '@directus/types';
+import type { Query, SchemaOverview } from '@directus/types';
 import type { Knex } from 'knex';
 type GetColumnOptions = {
     query?: Query | undefined;
-    cases?: Filter[];
     originalCollectionName?: string | undefined;
 };
 /**

package/dist/utils/get-column.js CHANGED Viewed

@@ -30,7 +30,6 @@ export function getColumn(knex, table, column, alias = applyFunctionToColumnName
             const result = fn[functionName](table, columnName, {
                 type,
                 query: options?.query,
-                cases: options?.cases,
                 originalCollectionName: options?.originalCollectionName,
             });
             if (alias) {

package/dist/utils/get-permissions.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { Accountability, Permission, SchemaOverview } from '@directus/types';
2	+ export declare function getPermissions(accountability: Accountability, schema: SchemaOverview): Promise<Permission[]>;

package/dist/utils/get-permissions.js ADDED Viewed

@@ -0,0 +1,150 @@
+import { useEnv } from '@directus/env';
+import { deepMap, parseFilter, parseJSON, parsePreset } from '@directus/utils';
+import { cloneDeep } from 'lodash-es';
+import hash from 'object-hash';
+import { getCache, getCacheValue, getSystemCache, setCacheValue, setSystemCache } from '../cache.js';
+import getDatabase from '../database/index.js';
+import { appAccessMinimalPermissions } from '@directus/system-data';
+import { useLogger } from '../logger/index.js';
+import { RolesService } from '../services/roles.js';
+import { UsersService } from '../services/users.js';
+import { mergePermissionsForShare } from './merge-permissions-for-share.js';
+import { mergePermissions } from './merge-permissions.js';
+export async function getPermissions(accountability, schema) {
+    const database = getDatabase();
+    const { cache } = getCache();
+    const env = useEnv();
+    const logger = useLogger();
+    let permissions = [];
+    const { user, role, app, admin, share_scope } = accountability;
+    const cacheKey = `permissions-${hash({ user, role, app, admin, share_scope })}`;
+    if (cache && env['CACHE_PERMISSIONS'] !== false) {
+        let cachedPermissions;
+        try {
+            cachedPermissions = await getSystemCache(cacheKey);
+        }
+        catch (err) {
+            logger.warn(err, `[cache] Couldn't read key ${cacheKey}. ${err.message}`);
+        }
+        if (cachedPermissions) {
+            if (!cachedPermissions['containDynamicData']) {
+                return processPermissions(accountability, cachedPermissions['permissions'], {});
+            }
+            const cachedFilterContext = await getCacheValue(cache, `filterContext-${hash({ user, role, permissions: cachedPermissions['permissions'] })}`);
+            if (cachedFilterContext) {
+                return processPermissions(accountability, cachedPermissions['permissions'], cachedFilterContext);
+            }
+            else {
+                const { permissions: parsedPermissions, requiredPermissionData, containDynamicData, } = parsePermissions(cachedPermissions['permissions']);
+                permissions = parsedPermissions;
+                const filterContext = containDynamicData
+                    ? await getFilterContext(schema, accountability, requiredPermissionData)
+                    : {};
+                if (containDynamicData && env['CACHE_ENABLED'] !== false) {
+                    await setCacheValue(cache, `filterContext-${hash({ user, role, permissions })}`, filterContext);
+                }
+                return processPermissions(accountability, permissions, filterContext);
+            }
+        }
+    }
+    if (accountability.admin !== true) {
+        const query = database.select('*').from('directus_permissions');
+        if (accountability.role) {
+            query.where({ role: accountability.role });
+        }
+        else {
+            query.whereNull('role');
+        }
+        const permissionsForRole = await query;
+        const { permissions: parsedPermissions, requiredPermissionData, containDynamicData, } = parsePermissions(permissionsForRole);
+        permissions = parsedPermissions;
+        if (accountability.app === true) {
+            permissions = mergePermissions('or', permissions, appAccessMinimalPermissions.map((perm) => ({ ...perm, role: accountability.role })));
+        }
+        if (accountability.share_scope) {
+            permissions = mergePermissionsForShare(permissions, accountability, schema);
+        }
+        const filterContext = containDynamicData
+            ? await getFilterContext(schema, accountability, requiredPermissionData)
+            : {};
+        if (cache && env['CACHE_PERMISSIONS'] !== false) {
+            await setSystemCache(cacheKey, { permissions, containDynamicData });
+            if (containDynamicData && env['CACHE_ENABLED'] !== false) {
+                await setCacheValue(cache, `filterContext-${hash({ user, role, permissions })}`, filterContext);
+            }
+        }
+        return processPermissions(accountability, permissions, filterContext);
+    }
+    return permissions;
+}
+function parsePermissions(permissions) {
+    const requiredPermissionData = {
+        $CURRENT_USER: [],
+        $CURRENT_ROLE: [],
+    };
+    let containDynamicData = false;
+    permissions = permissions.map((permissionRaw) => {
+        const permission = cloneDeep(permissionRaw);
+        if (permission.permissions && typeof permission.permissions === 'string') {
+            permission.permissions = parseJSON(permission.permissions);
+        }
+        if (permission.validation && typeof permission.validation === 'string') {
+            permission.validation = parseJSON(permission.validation);
+        }
+        else if (permission.validation === null) {
+            permission.validation = {};
+        }
+        if (permission.presets && typeof permission.presets === 'string') {
+            permission.presets = parseJSON(permission.presets);
+        }
+        else if (permission.presets === null) {
+            permission.presets = {};
+        }
+        if (permission.fields && typeof permission.fields === 'string') {
+            permission.fields = permission.fields.split(',');
+        }
+        else if (permission.fields === null) {
+            permission.fields = [];
+        }
+        const extractPermissionData = (val) => {
+            if (typeof val === 'string' && val.startsWith('$CURRENT_USER.')) {
+                requiredPermissionData.$CURRENT_USER.push(val.replace('$CURRENT_USER.', ''));
+                containDynamicData = true;
+            }
+            if (typeof val === 'string' && val.startsWith('$CURRENT_ROLE.')) {
+                requiredPermissionData.$CURRENT_ROLE.push(val.replace('$CURRENT_ROLE.', ''));
+                containDynamicData = true;
+            }
+            return val;
+        };
+        deepMap(permission.permissions, extractPermissionData);
+        deepMap(permission.validation, extractPermissionData);
+        deepMap(permission.presets, extractPermissionData);
+        return permission;
+    });
+    return { permissions, requiredPermissionData, containDynamicData };
+}
+async function getFilterContext(schema, accountability, requiredPermissionData) {
+    const usersService = new UsersService({ schema });
+    const rolesService = new RolesService({ schema });
+    const filterContext = {};
+    if (accountability.user && requiredPermissionData.$CURRENT_USER.length > 0) {
+        filterContext['$CURRENT_USER'] = await usersService.readOne(accountability.user, {
+            fields: requiredPermissionData.$CURRENT_USER,
+        });
+    }
+    if (accountability.role && requiredPermissionData.$CURRENT_ROLE.length > 0) {
+        filterContext['$CURRENT_ROLE'] = await rolesService.readOne(accountability.role, {
+            fields: requiredPermissionData.$CURRENT_ROLE,
+        });
+    }
+    return filterContext;
+}
+function processPermissions(accountability, permissions, filterContext) {
+    return permissions.map((permission) => {
+        permission.permissions = parseFilter(permission.permissions, accountability, filterContext);
+        permission.validation = parseFilter(permission.validation, accountability, filterContext);
+        permission.presets = parsePreset(permission.presets, accountability, filterContext);
+        return permission;
+    });
+}

package/dist/utils/get-schema.js CHANGED Viewed

@@ -17,9 +17,6 @@ const logger = useLogger();
 export async function getSchema(options, attempt = 0) {
     const MAX_ATTEMPTS = 3;
     const env = useEnv();
-    if (attempt >= MAX_ATTEMPTS) {
-        throw new Error(`Failed to get Schema information: hit infinite loop`);
-    }
     if (options?.bypassCache || env['CACHE_SCHEMA'] === false) {
         const database = options?.database || getDatabase();
         const schemaInspector = createInspector(database);
@@ -29,6 +26,9 @@ export async function getSchema(options, attempt = 0) {
     if (cached) {
         return cached;
     }
+    if (attempt >= MAX_ATTEMPTS) {
+        throw new Error(`Failed to get Schema information: hit infinite loop`);
+    }
     const lock = useLock();
     const bus = useBus();
     const lockKey = 'schemaCache--preparing';

package/dist/utils/get-service.js CHANGED Viewed

@@ -1,13 +1,11 @@
 import { ForbiddenError } from '@directus/errors';
-import { AccessService, ActivityService, DashboardsService, FilesService, FlowsService, FoldersService, ItemsService, NotificationsService, OperationsService, PanelsService, PermissionsService, PoliciesService, PresetsService, RevisionsService, RolesService, SettingsService, SharesService, TranslationsService, UsersService, VersionsService, WebhooksService, } from '../services/index.js';
+import { ActivityService, DashboardsService, FilesService, FlowsService, FoldersService, ItemsService, NotificationsService, OperationsService, PanelsService, PermissionsService, PresetsService, RevisionsService, RolesService, SettingsService, SharesService, TranslationsService, UsersService, VersionsService, WebhooksService, } from '../services/index.js';
 /**
  * Select the correct service for the given collection. This allows the individual services to run
  * their custom checks (f.e. it allows `UsersService` to prevent updating TFA secret from outside).
  */
 export function getService(collection, opts) {
     switch (collection) {
-        case 'directus_access':
-            return new AccessService(opts);
         case 'directus_activity':
             return new ActivityService(opts);
         case 'directus_dashboards':
@@ -28,8 +26,6 @@ export function getService(collection, opts) {
             return new PermissionsService(opts);
         case 'directus_presets':
             return new PresetsService(opts);
-        case 'directus_policies':
-            return new PoliciesService(opts);
         case 'directus_revisions':
             return new RevisionsService(opts);
         case 'directus_roles':

package/dist/utils/merge-permissions-for-share.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import type { Accountability, Filter, Permission, SchemaOverview } from '@directus/types';
+export declare function mergePermissionsForShare(currentPermissions: Permission[], accountability: Accountability, schema: SchemaOverview): Permission[];
+export declare function traverse(schema: SchemaOverview, rootItemPrimaryKeyField: string, rootItemPrimaryKey: string, currentCollection: string, parentCollections?: string[], path?: string[]): Partial<Permission>[];
+export declare function getFilterForPath(type: 'o2m' | 'm2o' | 'a2o', path: string[], rootPrimaryKeyField: string, rootPrimaryKey: string): Filter;