npm - @directus/api - Versions diffs - 21.0.0-rc.0 → 21.0.0 - Mend

@directus/api 21.0.0-rc.0 → 21.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (285) hide show

package/dist/permissions/lib/fetch-policies.d.ts DELETED Viewed

@@ -1,7 +0,0 @@
-import type { Accountability } from '@directus/types';
-import type { Context } from '../types.js';
-export declare const fetchPolicies: typeof _fetchPolicies;
-/**
- * Fetch the policies associated with the current user accountability
- */
-export declare function _fetchPolicies({ roles, user, ip }: Pick<Accountability, 'user' | 'roles' | 'ip'>, context: Context): Promise<string[]>;

package/dist/permissions/lib/fetch-policies.js DELETED Viewed

@@ -1,28 +0,0 @@
-import { filterPoliciesByIp } from '../utils/filter-policies-by-ip.js';
-import { withCache } from '../utils/with-cache.js';
-export const fetchPolicies = withCache('policies', _fetchPolicies, ({ roles, user, ip }) => ({ roles, user, ip }));
-/**
- * Fetch the policies associated with the current user accountability
- */
-export async function _fetchPolicies({ roles, user, ip }, context) {
-    const { AccessService } = await import('../../services/access.js');
-    const accessService = new AccessService(context);
-    let roleFilter;
-    if (roles.length === 0) {
-        // Users without role assumes the Public role permissions along with their attached policies
-        roleFilter = { _and: [{ role: { _null: true } }, { user: { _null: true } }] };
-    }
-    else {
-        roleFilter = { role: { _in: roles } };
-    }
-    // If the user is not null, we also want to include the policies attached to the user
-    const filter = user ? { _or: [{ user: { _eq: user } }, roleFilter] } : roleFilter;
-    const accessRows = (await accessService.readByQuery({
-        filter,
-        fields: ['policy.id', 'policy.ip_access'],
-        limit: -1,
-    }));
-    const filteredAccessRows = filterPoliciesByIp(accessRows, ip);
-    const ids = filteredAccessRows.map(({ policy }) => policy.id);
-    return ids;
-}

package/dist/permissions/lib/fetch-roles-tree.d.ts DELETED Viewed

@@ -1,3 +0,0 @@
-import type { Knex } from 'knex';
-export declare const fetchRolesTree: typeof _fetchRolesTree;
-export declare function _fetchRolesTree(start: string | null, knex: Knex): Promise<string[]>;

package/dist/permissions/lib/fetch-roles-tree.js DELETED Viewed

@@ -1,28 +0,0 @@
-import { withCache } from '../utils/with-cache.js';
-export const fetchRolesTree = withCache('roles-tree', _fetchRolesTree);
-export async function _fetchRolesTree(start, knex) {
-    if (!start)
-        return [];
-    let parent = start;
-    const roles = [];
-    while (parent) {
-        const role = await knex
-            .select('id', 'parent')
-            .from('directus_roles')
-            .where({ id: parent })
-            .first();
-        if (!role) {
-            break;
-        }
-        roles.push(role.id);
-        // Prevent infinite recursion loops
-        if (role.parent && roles.includes(role.parent) === true) {
-            roles.reverse();
-            const rolesStr = roles.map((role) => `"${role}"`).join('->');
-            throw new Error(`Recursion encountered: role "${role.id}" already exists in tree path ${rolesStr}`);
-        }
-        parent = role.parent;
-    }
-    roles.reverse();
-    return roles;
-}

package/dist/permissions/lib/with-app-minimal-permissions.js DELETED Viewed

@@ -1,10 +0,0 @@
-import { appAccessMinimalPermissions } from '@directus/system-data';
-import { cloneDeep } from 'lodash-es';
-import { filterItems } from '../../utils/filter-items.js';
-export function withAppMinimalPermissions(accountability, permissions, filter) {
-    if (accountability?.app === true) {
-        const filteredAppMinimalPermissions = cloneDeep(filterItems(appAccessMinimalPermissions, filter));
-        return [...permissions, ...filteredAppMinimalPermissions];
-    }
-    return permissions;
-}

package/dist/permissions/modules/fetch-accountability-collection-access/fetch-accountability-collection-access.d.ts DELETED Viewed

@@ -1,7 +0,0 @@
-import type { Accountability, CollectionAccess } from '@directus/types';
-import type { Context } from '../../types.js';
-/**
- * Get all permissions + minimal app permissions (if applicable) for the user + role in the current accountability.
- * The permissions will be filtered by IP access.
- */
-export declare function fetchAccountabilityCollectionAccess(accountability: Pick<Accountability, 'user' | 'roles' | 'role' | 'ip' | 'admin' | 'app'>, context: Context): Promise<CollectionAccess>;

package/dist/permissions/modules/fetch-accountability-collection-access/fetch-accountability-collection-access.js DELETED Viewed

@@ -1,56 +0,0 @@
-import { PERMISSION_ACTIONS } from '@directus/constants';
-import { mapValues, uniq } from 'lodash-es';
-import { fetchPermissions } from '../../lib/fetch-permissions.js';
-import { fetchPolicies } from '../../lib/fetch-policies.js';
-/**
- * Get all permissions + minimal app permissions (if applicable) for the user + role in the current accountability.
- * The permissions will be filtered by IP access.
- */
-export async function fetchAccountabilityCollectionAccess(accountability, context) {
-    if (accountability.admin) {
-        return mapValues(context.schema.collections, () => Object.fromEntries(PERMISSION_ACTIONS.map((action) => [
-            action,
-            {
-                access: 'full',
-                fields: ['*'],
-            },
-        ])));
-    }
-    const policies = await fetchPolicies(accountability, context);
-    const permissions = await fetchPermissions({ policies, accountability }, context);
-    const infos = {};
-    for (const perm of permissions) {
-        // Ensure that collection is in infos
-        if (!infos[perm.collection]) {
-            infos[perm.collection] = {
-                read: { access: 'none' },
-                create: { access: 'none' },
-                update: { access: 'none' },
-                delete: { access: 'none' },
-                share: { access: 'none' },
-            };
-        }
-        // Ensure that action with default values is in collection infos
-        if (infos[perm.collection][perm.action]?.access === 'none') {
-            // If a permissions is iterated over it means that the user has access to it, so set access to 'full'
-            // Set access to 'full' initially and refine that whenever a permission with filters is encountered
-            infos[perm.collection][perm.action].access = 'full';
-        }
-        const info = infos[perm.collection][perm.action];
-        // Set access to 'partial' if the permission has filters, which means that the user has conditional access
-        if (info.access === 'full' && perm.permissions && Object.keys(perm.permissions).length > 0) {
-            info.access = 'partial';
-        }
-        if (perm.fields && info.fields?.[0] !== '*') {
-            info.fields = uniq([...(info.fields || []), ...(perm.fields || [])]);
-            if (info.fields.includes('*')) {
-                info.fields = ['*'];
-            }
-        }
-        if (perm.presets) {
-            info.presets = { ...(info.presets ?? {}), ...perm.presets };
-        }
-    }
-    // TODO Should fields by null, undefined or and empty array if no access?
-    return infos;
-}

package/dist/permissions/modules/fetch-accountability-policy-globals/fetch-accountability-policy-globals.d.ts DELETED Viewed

@@ -1,3 +0,0 @@
-import type { Accountability, Globals } from '@directus/types';
-import type { Context } from '../../types.js';
-export declare function fetchAccountabilityPolicyGlobals(accountability: Pick<Accountability, 'user' | 'roles' | 'ip' | 'admin' | 'app'>, context: Context): Promise<Globals>;

package/dist/permissions/modules/fetch-accountability-policy-globals/fetch-accountability-policy-globals.js DELETED Viewed

@@ -1,16 +0,0 @@
-import { fetchPolicies } from '../../lib/fetch-policies.js';
-export async function fetchAccountabilityPolicyGlobals(accountability, context) {
-    const policies = await fetchPolicies(accountability, context);
-    // Policies are already filtered down by the accountability IP, so we don't need to check it again
-    const result = await context.knex
-        .select(1)
-        .from('directus_policies')
-        .whereIn('id', policies)
-        .where('enforce_tfa', true)
-        .first();
-    return {
-        app_access: accountability.app,
-        admin_access: accountability.admin,
-        enforce_tfa: !!result,
-    };
-}

package/dist/permissions/modules/fetch-allowed-collections/fetch-allowed-collections.d.ts DELETED Viewed

@@ -1,8 +0,0 @@
-import type { Accountability, PermissionsAction } from '@directus/types';
-import type { Context } from '../../types.js';
-export interface FetchAllowedCollectionsOptions {
-    action: PermissionsAction;
-    accountability: Pick<Accountability, 'user' | 'role' | 'roles' | 'ip' | 'admin' | 'app'>;
-}
-export declare const fetchAllowedCollections: typeof _fetchAllowedCollections;
-export declare function _fetchAllowedCollections({ action, accountability }: FetchAllowedCollectionsOptions, { knex, schema }: Context): Promise<string[]>;

package/dist/permissions/modules/fetch-allowed-collections/fetch-allowed-collections.js DELETED Viewed

@@ -1,24 +0,0 @@
-import { uniq } from 'lodash-es';
-import { fetchPolicies } from '../../lib/fetch-policies.js';
-import { withCache } from '../../utils/with-cache.js';
-import { fetchPermissions } from '../../lib/fetch-permissions.js';
-export const fetchAllowedCollections = withCache('allowed-collections', _fetchAllowedCollections, ({ action, accountability: { user, role, roles, ip, admin, app } }) => ({
-    action,
-    accountability: {
-        user,
-        role,
-        roles,
-        ip,
-        admin,
-        app,
-    },
-}));
-export async function _fetchAllowedCollections({ action, accountability }, { knex, schema }) {
-    if (accountability.admin) {
-        return Object.keys(schema.collections);
-    }
-    const policies = await fetchPolicies(accountability, { knex, schema });
-    const permissions = await fetchPermissions({ action, policies, accountability }, { knex, schema });
-    const collections = permissions.map(({ collection }) => collection);
-    return uniq(collections);
-}

package/dist/permissions/modules/fetch-allowed-field-map/fetch-allowed-field-map.d.ts DELETED Viewed

@@ -1,9 +0,0 @@
-import type { Accountability, PermissionsAction } from '@directus/types';
-import type { Context } from '../../types.js';
-export type FieldMap = Record<string, string[]>;
-export interface FetchAllowedFieldMapOptions {
-    accountability: Pick<Accountability, 'user' | 'role' | 'roles' | 'ip' | 'admin' | 'app'>;
-    action: PermissionsAction;
-}
-export declare const fetchAllowedFieldMap: typeof _fetchAllowedFieldMap;
-export declare function _fetchAllowedFieldMap({ accountability, action }: FetchAllowedFieldMapOptions, { knex, schema }: Context): Promise<FieldMap>;

package/dist/permissions/modules/fetch-allowed-field-map/fetch-allowed-field-map.js DELETED Viewed

@@ -1,31 +0,0 @@
-import { uniq } from 'lodash-es';
-import { fetchPolicies } from '../../lib/fetch-policies.js';
-import { withCache } from '../../utils/with-cache.js';
-import { fetchPermissions } from '../../lib/fetch-permissions.js';
-export const fetchAllowedFieldMap = withCache('allowed-field-map', _fetchAllowedFieldMap, ({ action, accountability: { user, role, roles, ip, admin, app } }) => ({
-    action,
-    accountability: { user, role, roles, ip, admin, app },
-}));
-export async function _fetchAllowedFieldMap({ accountability, action }, { knex, schema }) {
-    const fieldMap = {};
-    if (accountability.admin) {
-        for (const [collection, { fields }] of Object.entries(schema.collections)) {
-            fieldMap[collection] = Object.keys(fields);
-        }
-        return fieldMap;
-    }
-    const policies = await fetchPolicies(accountability, { knex, schema });
-    const permissions = await fetchPermissions({ action, policies, accountability }, { knex, schema });
-    for (const { collection, fields } of permissions) {
-        if (!fieldMap[collection]) {
-            fieldMap[collection] = [];
-        }
-        if (fields) {
-            fieldMap[collection].push(...fields);
-        }
-    }
-    for (const [collection, fields] of Object.entries(fieldMap)) {
-        fieldMap[collection] = uniq(fields);
-    }
-    return fieldMap;
-}

package/dist/permissions/modules/fetch-allowed-fields/fetch-allowed-fields.d.ts DELETED Viewed

@@ -1,16 +0,0 @@
-import type { Accountability, PermissionsAction } from '@directus/types';
-import type { Context } from '../../types.js';
-export interface FetchAllowedFieldsOptions {
-    collection: string;
-    action: PermissionsAction;
-    accountability: Pick<Accountability, 'user' | 'role' | 'roles' | 'ip' | 'app'>;
-}
-export declare const fetchAllowedFields: typeof _fetchAllowedFields;
-/**
- * Look up all fields that are allowed to be used for the given collection and action for the given
- * accountability object
- *
- * Done by looking up all available policies for the current accountability object, and reading all
- * permissions that exist for the collection+action+policy combination
- */
-export declare function _fetchAllowedFields({ accountability, action, collection }: FetchAllowedFieldsOptions, { knex, schema }: Context): Promise<string[]>;

package/dist/permissions/modules/fetch-allowed-fields/fetch-allowed-fields.js DELETED Viewed

@@ -1,27 +0,0 @@
-import { uniq } from 'lodash-es';
-import { fetchPermissions } from '../../lib/fetch-permissions.js';
-import { fetchPolicies } from '../../lib/fetch-policies.js';
-import { withCache } from '../../utils/with-cache.js';
-export const fetchAllowedFields = withCache('allowed-fields', _fetchAllowedFields, ({ action, collection, accountability: { user, role, roles, ip, app } }) => ({
-    action,
-    collection,
-    accountability: { user, role, roles, ip, app },
-}));
-/**
- * Look up all fields that are allowed to be used for the given collection and action for the given
- * accountability object
- *
- * Done by looking up all available policies for the current accountability object, and reading all
- * permissions that exist for the collection+action+policy combination
- */
-export async function _fetchAllowedFields({ accountability, action, collection }, { knex, schema }) {
-    const policies = await fetchPolicies(accountability, { knex, schema });
-    const permissions = await fetchPermissions({ action, collections: [collection], policies, accountability }, { knex, schema });
-    const allowedFields = [];
-    for (const { fields } of permissions) {
-        if (!fields)
-            continue;
-        allowedFields.push(...fields);
-    }
-    return uniq(allowedFields).filter((field) => field === '*' || field in (schema.collections[collection]?.fields ?? {}));
-}

package/dist/permissions/modules/fetch-global-access/fetch-global-access.d.ts DELETED Viewed

@@ -1,10 +0,0 @@
-import type { Accountability } from '@directus/types';
-import type { Knex } from 'knex';
-import type { GlobalAccess } from './types.js';
-export declare const fetchGlobalAccess: typeof _fetchGlobalAccess;
-/**
- * Fetch the global access (eg admin/app access) rules for the given roles, or roles+user combination
- *
- * Will fetch roles and user info separately so they can be cached and reused individually
- */
-export declare function _fetchGlobalAccess(accountability: Pick<Accountability, 'user' | 'roles' | 'ip'>, knex: Knex): Promise<GlobalAccess>;

package/dist/permissions/modules/fetch-global-access/fetch-global-access.js DELETED Viewed

@@ -1,23 +0,0 @@
-import { withCache } from '../../utils/with-cache.js';
-import { fetchGlobalAccessForRoles } from './lib/fetch-global-access-for-roles.js';
-import { fetchGlobalAccessForUser } from './lib/fetch-global-access-for-user.js';
-export const fetchGlobalAccess = withCache('global-access', _fetchGlobalAccess, ({ user, roles, ip }) => ({
-    user,
-    roles,
-    ip,
-}));
-/**
- * Fetch the global access (eg admin/app access) rules for the given roles, or roles+user combination
- *
- * Will fetch roles and user info separately so they can be cached and reused individually
- */
-export async function _fetchGlobalAccess(accountability, knex) {
-    const access = await fetchGlobalAccessForRoles(accountability, knex);
-    if (accountability.user !== undefined) {
-        const userAccess = await fetchGlobalAccessForUser(accountability, knex);
-        // If app/admin is already true, keep it true
-        access.app ||= userAccess.app;
-        access.admin ||= userAccess.admin;
-    }
-    return access;
-}

package/dist/permissions/modules/fetch-global-access/lib/fetch-global-access-for-roles.d.ts DELETED Viewed

@@ -1,5 +0,0 @@
-import type { Accountability } from '@directus/types';
-import type { Knex } from 'knex';
-import type { GlobalAccess } from '../types.js';
-export declare const fetchGlobalAccessForRoles: typeof _fetchGlobalAccessForRoles;
-export declare function _fetchGlobalAccessForRoles(accountability: Pick<Accountability, 'roles' | 'ip'>, knex: Knex): Promise<GlobalAccess>;

package/dist/permissions/modules/fetch-global-access/lib/fetch-global-access-for-roles.js DELETED Viewed

@@ -1,7 +0,0 @@
-import { withCache } from '../../../utils/with-cache.js';
-import { fetchGlobalAccessForQuery } from '../utils/fetch-global-access-for-query.js';
-export const fetchGlobalAccessForRoles = withCache('global-access-role', _fetchGlobalAccessForRoles, ({ roles, ip }) => ({ roles, ip }));
-export async function _fetchGlobalAccessForRoles(accountability, knex) {
-    const query = knex.where('role', 'in', accountability.roles);
-    return await fetchGlobalAccessForQuery(query, accountability);
-}

package/dist/permissions/modules/fetch-global-access/lib/fetch-global-access-for-user.d.ts DELETED Viewed

@@ -1,5 +0,0 @@
-import type { Accountability } from '@directus/types';
-import type { Knex } from 'knex';
-import type { GlobalAccess } from '../types.js';
-export declare const fetchGlobalAccessForUser: typeof _fetchGlobalAccessForUser;
-export declare function _fetchGlobalAccessForUser(accountability: Pick<Accountability, 'user' | 'ip'>, knex: Knex): Promise<GlobalAccess>;

package/dist/permissions/modules/fetch-global-access/lib/fetch-global-access-for-user.js DELETED Viewed

@@ -1,10 +0,0 @@
-import { withCache } from '../../../utils/with-cache.js';
-import { fetchGlobalAccessForQuery } from '../utils/fetch-global-access-for-query.js';
-export const fetchGlobalAccessForUser = withCache('global-access-user', _fetchGlobalAccessForUser, ({ user, ip }) => ({
-    user,
-    ip,
-}));
-export async function _fetchGlobalAccessForUser(accountability, knex) {
-    const query = knex.where('user', '=', accountability.user);
-    return await fetchGlobalAccessForQuery(query, accountability);
-}

package/dist/permissions/modules/fetch-global-access/types.d.ts DELETED Viewed

@@ -1,4 +0,0 @@
-export interface GlobalAccess {
-    app: boolean;
-    admin: boolean;
-}

package/dist/permissions/modules/fetch-global-access/types.js DELETED Viewed

	@@ -1 +0,0 @@
1	- export {};

package/dist/permissions/modules/fetch-global-access/utils/fetch-global-access-for-query.d.ts DELETED Viewed

@@ -1,4 +0,0 @@
-import type { Accountability } from '@directus/types';
-import type { Knex } from 'knex';
-import type { GlobalAccess } from '../types.js';
-export declare function fetchGlobalAccessForQuery(query: Knex.QueryBuilder<any, any[]>, accountability: Pick<Accountability, 'ip'>): Promise<GlobalAccess>;

package/dist/permissions/modules/fetch-global-access/utils/fetch-global-access-for-query.js DELETED Viewed

@@ -1,27 +0,0 @@
-import { toBoolean, toArray } from '@directus/utils';
-import { ipInNetworks } from '../../../../utils/ip-in-networks.js';
-export async function fetchGlobalAccessForQuery(query, accountability) {
-    const globalAccess = {
-        app: false,
-        admin: false,
-    };
-    const accessRows = await query
-        .select('directus_policies.admin_access', 'directus_policies.app_access', 'directus_policies.ip_access')
-        .from('directus_access')
-        // @NOTE: `where` clause comes from the caller
-        .leftJoin('directus_policies', 'directus_policies.id', 'directus_access.policy');
-    // Additively merge access permissions
-    for (const { admin_access, app_access, ip_access } of accessRows) {
-        if (accountability.ip && ip_access) {
-            // Skip row if IP is not in the allowed networks
-            const networks = toArray(ip_access);
-            if (!ipInNetworks(accountability.ip, networks))
-                continue;
-        }
-        globalAccess.admin ||= toBoolean(admin_access);
-        globalAccess.app ||= globalAccess.admin || toBoolean(app_access);
-        if (globalAccess.admin)
-            break;
-    }
-    return globalAccess;
-}

package/dist/permissions/modules/fetch-inconsistent-field-map/fetch-inconsistent-field-map.d.ts DELETED Viewed

@@ -1,12 +0,0 @@
-import type { Accountability, PermissionsAction } from '@directus/types';
-import type { Context } from '../../types.js';
-export type FieldMap = Record<string, string[]>;
-export interface FetchInconsistentFieldMapOptions {
-    accountability: Pick<Accountability, 'user' | 'role' | 'roles' | 'ip' | 'admin' | 'app'> | null;
-    action: PermissionsAction;
-}
-/**
- * Fetch a field map for fields that may or may not be null based on item-by-item permissions.
- */
-export declare const fetchInconsistentFieldMap: typeof _fetchInconsistentFieldMap;
-export declare function _fetchInconsistentFieldMap({ accountability, action }: FetchInconsistentFieldMapOptions, { knex, schema }: Context): Promise<FieldMap>;

package/dist/permissions/modules/fetch-inconsistent-field-map/fetch-inconsistent-field-map.js DELETED Viewed

@@ -1,32 +0,0 @@
-import { uniq, intersection, difference, pick } from 'lodash-es';
-import { fetchPolicies } from '../../lib/fetch-policies.js';
-import { withCache } from '../../utils/with-cache.js';
-import { fetchPermissions } from '../../lib/fetch-permissions.js';
-/**
- * Fetch a field map for fields that may or may not be null based on item-by-item permissions.
- */
-export const fetchInconsistentFieldMap = withCache('inconsistent-field-map', _fetchInconsistentFieldMap, ({ action, accountability }) => ({
-    action,
-    accountability: accountability ? pick(accountability, ['user', 'role', 'roles', 'ip', 'admin', 'app']) : null,
-}));
-export async function _fetchInconsistentFieldMap({ accountability, action }, { knex, schema }) {
-    const fieldMap = {};
-    if (!accountability || accountability.admin) {
-        for (const collection of Object.keys(schema.collections)) {
-            fieldMap[collection] = [];
-        }
-        return fieldMap;
-    }
-    const policies = await fetchPolicies(accountability, { knex, schema });
-    const permissions = await fetchPermissions({ action, policies, accountability }, { knex, schema });
-    const collections = uniq(permissions.map(({ collection }) => collection));
-    for (const collection of collections) {
-        const fields = permissions
-            .filter((permission) => permission.collection === collection)
-            .map((permission) => permission.fields ?? []);
-        const availableEverywhere = intersection(...fields);
-        const availableSomewhere = difference(uniq(fields.flat()), availableEverywhere);
-        fieldMap[collection] = availableSomewhere;
-    }
-    return fieldMap;
-}

package/dist/permissions/modules/fetch-policies-ip-access/fetch-policies-ip-access.d.ts DELETED Viewed

@@ -1,4 +0,0 @@
-import type { Accountability } from '@directus/types';
-import type { Knex } from 'knex';
-export declare const fetchPoliciesIpAccess: typeof _fetchPoliciesIpAccess;
-export declare function _fetchPoliciesIpAccess(accountability: Pick<Accountability, 'user' | 'roles'>, knex: Knex): Promise<string[][]>;

package/dist/permissions/modules/fetch-policies-ip-access/fetch-policies-ip-access.js DELETED Viewed

@@ -1,29 +0,0 @@
-import { toArray } from '@directus/utils';
-import { withCache } from '../../utils/with-cache.js';
-export const fetchPoliciesIpAccess = withCache('policies-ip-access', _fetchPoliciesIpAccess, ({ user, roles }) => ({
-    user,
-    roles,
-}));
-export async function _fetchPoliciesIpAccess(accountability, knex) {
-    const query = knex('directus_access')
-        .select({ ip_access: 'directus_policies.ip_access' })
-        .leftJoin('directus_policies', 'directus_access.policy', 'directus_policies.id')
-        .whereNotNull('directus_policies.ip_access');
-    // No roles and no user means unauthenticated request
-    if (accountability.roles.length === 0 && !accountability.user) {
-        query.where({
-            role: null,
-            user: null,
-        });
-    }
-    else {
-        query.where(function () {
-            if (accountability.user) {
-                this.orWhere('directus_access.user', accountability.user);
-            }
-            this.orWhereIn('directus_access.role', accountability.roles);
-        });
-    }
-    const rows = await query;
-    return rows.filter(({ ip_access }) => ip_access).map(({ ip_access }) => toArray(ip_access));
-}

package/dist/permissions/modules/process-ast/lib/extract-fields-from-children.d.ts DELETED Viewed

@@ -1,4 +0,0 @@
-import type { SchemaOverview } from '@directus/types';
-import type { FieldNode, FunctionFieldNode, NestedCollectionNode } from '../../../../types/ast.js';
-import type { FieldMap, QueryPath } from '../types.js';
-export declare function extractFieldsFromChildren(collection: string, children: (NestedCollectionNode | FieldNode | FunctionFieldNode)[], fieldMap: FieldMap, schema: SchemaOverview, path?: QueryPath): void;

package/dist/permissions/modules/process-ast/lib/extract-fields-from-children.js DELETED Viewed

@@ -1,49 +0,0 @@
-import { getUnaliasedFieldKey } from '../../../utils/get-unaliased-field-key.js';
-import { formatA2oKey } from '../utils/format-a2o-key.js';
-import { getInfoForPath } from '../utils/get-info-for-path.js';
-import { extractFieldsFromQuery } from './extract-fields-from-query.js';
-export function extractFieldsFromChildren(collection, children, fieldMap, schema, path = []) {
-    const info = getInfoForPath(fieldMap, 'other', path, collection);
-    for (const child of children) {
-        info.fields.add(getUnaliasedFieldKey(child));
-        if (child.type === 'a2o') {
-            for (const [collection, children] of Object.entries(child.children)) {
-                extractFieldsFromChildren(collection, children, fieldMap, schema, [
-                    ...path,
-                    formatA2oKey(child.fieldKey, collection),
-                ]);
-            }
-            if (child.query) {
-                for (const [collection, query] of Object.entries(child.query)) {
-                    extractFieldsFromQuery(collection, query, fieldMap, schema, [
-                        ...path,
-                        formatA2oKey(child.fieldKey, collection),
-                    ]);
-                }
-            }
-        }
-        else if (child.type === 'm2o') {
-            extractFieldsFromChildren(child.relation.related_collection, child.children, fieldMap, schema, [
-                ...path,
-                child.fieldKey,
-            ]);
-            extractFieldsFromQuery(child.relation.related_collection, child.query, fieldMap, schema, [
-                ...path,
-                child.fieldKey,
-            ]);
-        }
-        else if (child.type === 'o2m') {
-            extractFieldsFromChildren(child.relation.collection, child.children, fieldMap, schema, [
-                ...path,
-                child.fieldKey,
-            ]);
-            extractFieldsFromQuery(child.relation.collection, child.query, fieldMap, schema, [...path, child.fieldKey]);
-        }
-        else if (child.type === 'functionField') {
-            // functionFields operate on a related o2m collection, we have to make sure we include a
-            // no-field read check to the related collection
-            extractFieldsFromChildren(child.relatedCollection, [], fieldMap, schema, [...path, child.fieldKey]);
-            extractFieldsFromQuery(child.relatedCollection, child.query, fieldMap, schema, [...path, child.fieldKey]);
-        }
-    }
-}

package/dist/permissions/modules/process-ast/lib/extract-fields-from-query.d.ts DELETED Viewed

@@ -1,3 +0,0 @@
-import type { Query, SchemaOverview } from '@directus/types';
-import type { CollectionKey, FieldKey, FieldMap } from '../types.js';
-export declare function extractFieldsFromQuery(collection: CollectionKey, query: Query, fieldMap: FieldMap, schema: SchemaOverview, pathPrefix?: FieldKey[]): void;

package/dist/permissions/modules/process-ast/lib/extract-fields-from-query.js DELETED Viewed

@@ -1,56 +0,0 @@
-import { parseFilterKey } from '../../../../utils/parse-filter-key.js';
-import { extractPathsFromQuery } from '../utils/extract-paths-from-query.js';
-import { findRelatedCollection } from '../utils/find-related-collection.js';
-import { getInfoForPath } from '../utils/get-info-for-path.js';
-export function extractFieldsFromQuery(collection, query, fieldMap, schema, pathPrefix = []) {
-    if (!query)
-        return;
-    const { paths: otherPaths, readOnlyPaths } = extractPathsFromQuery(query);
-    const groupedPaths = {
-        other: otherPaths,
-        read: readOnlyPaths,
-    };
-    for (const [group, paths] of Object.entries(groupedPaths)) {
-        for (const path of paths) {
-            /**
-             * Current path stack. For each iteration of the path loop this will be appended with the
-             * current part we're operating on. So when looping over ['category', 'created_by', 'name']
-             * the first iteration it'll be `['category']`, and then `['category', 'created_by']` etc.
-             */
-            const stack = [];
-            /**
-             * Current collection the path part we're operating on lives in. Once we hit a relational
-             * field, this will be updated to the related collection, so we can follow the relational path
-             * left to right.
-             */
-            let collectionContext = collection;
-            for (const part of path) {
-                const info = getInfoForPath(fieldMap, group, [...pathPrefix, ...stack], collectionContext);
-                // A2o specifier field fetch
-                if (part.includes(':')) {
-                    const [fieldKey, collection] = part.split(':');
-                    info.fields.add(fieldKey);
-                    collectionContext = collection;
-                    stack.push(part);
-                    continue;
-                }
-                if (part.startsWith('$FOLLOW(') && part.endsWith(')')) {
-                    // Don't add this implicit relation field to fields, as it will be accounted for in the reverse direction
-                }
-                else {
-                    const { fieldName } = parseFilterKey(part);
-                    info.fields.add(fieldName);
-                }
-                /**
-                 * Related collection for the current part. Is null when the current field isn't a
-                 * relational field.
-                 */
-                const relatedCollection = findRelatedCollection(collectionContext, part, schema);
-                if (relatedCollection) {
-                    collectionContext = relatedCollection;
-                    stack.push(part);
-                }
-            }
-        }
-    }
-}

package/dist/permissions/modules/process-ast/lib/field-map-from-ast.d.ts DELETED Viewed

@@ -1,4 +0,0 @@
-import type { SchemaOverview } from '@directus/types';
-import type { AST } from '../../../../types/ast.js';
-import type { FieldMap } from '../types.js';
-export declare function fieldMapFromAst(ast: AST, schema: SchemaOverview): FieldMap;

package/dist/permissions/modules/process-ast/lib/field-map-from-ast.js DELETED Viewed

@@ -1,8 +0,0 @@
-import { extractFieldsFromChildren } from './extract-fields-from-children.js';
-import { extractFieldsFromQuery } from './extract-fields-from-query.js';
-export function fieldMapFromAst(ast, schema) {
-    const fieldMap = { read: new Map(), other: new Map() };
-    extractFieldsFromChildren(ast.name, ast.children, fieldMap, schema);
-    extractFieldsFromQuery(ast.name, ast.query, fieldMap, schema);
-    return fieldMap;
-}