npm - @directus/api - Versions diffs - 21.0.0-rc.0 → 21.0.0 - Mend

@directus/api 21.0.0-rc.0 → 21.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (285) hide show

package/dist/permissions/modules/process-ast/lib/inject-cases.d.ts DELETED Viewed

@@ -1,9 +0,0 @@
-import type { Permission } from '@directus/types';
-import type { AST } from '../../../../types/ast.js';
-/**
- * Mutates passed AST
- *
- * @param ast - Read query AST
- * @param permissions - Expected to be filtered down for the policies and action already
- */
-export declare function injectCases(ast: AST, permissions: Permission[]): void;

package/dist/permissions/modules/process-ast/lib/inject-cases.js DELETED Viewed

@@ -1,93 +0,0 @@
-import { getUnaliasedFieldKey } from '../../../utils/get-unaliased-field-key.js';
-import { dedupeAccess } from '../utils/dedupe-access.js';
-import { hasItemPermissions } from '../utils/has-item-permissions.js';
-import { uniq } from 'lodash-es';
-/**
- * Mutates passed AST
- *
- * @param ast - Read query AST
- * @param permissions - Expected to be filtered down for the policies and action already
- */
-export function injectCases(ast, permissions) {
-    ast.cases = processChildren(ast.name, ast.children, permissions);
-}
-function processChildren(collection, children, permissions) {
-    // Use uniq here, since there might be multiple duplications due to aliases or functions
-    const requestedKeys = uniq(children.map(getUnaliasedFieldKey));
-    const { cases, caseMap, allowedFields } = getCases(collection, permissions, requestedKeys);
-    // TODO this can be optimized if there is only one rule to skip the whole case/where system,
-    //  since fields that are not allowed at all are already filtered out
-    // TODO this can be optimized if all cases are the same for all requested keys, as those should be
-    //
-    for (const child of children) {
-        // If there's one or more permissions that allow full access to this field, we can safe some
-        // query perf overhead by ignoring the whole case/where system
-        const fieldKey = getUnaliasedFieldKey(child);
-        if (allowedFields.has('*') || allowedFields.has(fieldKey))
-            continue;
-        const globalWhenCase = caseMap['*'];
-        const fieldWhenCase = caseMap[fieldKey];
-        // Validation should catch any fields that are attempted to be read that don't have any access control configured.
-        // When there are no access rules for this field, and no rules for "all" fields `*`, we missed something in the validation
-        // and should abort.
-        if (!globalWhenCase && !fieldWhenCase) {
-            throw new Error(`Cannot extract access permissions for field "${fieldKey}" in collection "${collection}"`);
-        }
-        // Global and field can't both be undefined as per the error check prior
-        child.whenCase = [...(globalWhenCase ?? []), ...(fieldWhenCase ?? [])];
-        if (child.type === 'm2o') {
-            child.cases = processChildren(child.relation.related_collection, child.children, permissions);
-        }
-        if (child.type === 'o2m') {
-            child.cases = processChildren(child.relation.collection, child.children, permissions);
-        }
-        if (child.type === 'a2o') {
-            for (const collection of child.names) {
-                child.cases[collection] = processChildren(collection, child.children[collection] ?? [], permissions);
-            }
-        }
-        if (child.type === 'functionField') {
-            const { cases } = getCases(child.relatedCollection, permissions, []);
-            child.cases = cases;
-        }
-    }
-    return cases;
-}
-function getCases(collection, permissions, requestedKeys) {
-    const permissionsForCollection = permissions.filter((permission) => permission.collection === collection);
-    const rules = dedupeAccess(permissionsForCollection);
-    const cases = [];
-    const caseMap = {};
-    // TODO this can be optimized if there is only one rule to skip the whole case/where system,
-    //  since fields that are not allowed at all are already filtered out
-    // TODO this can be optimized if all cases are the same for all requested keys, as those should be
-    //
-    let index = 0;
-    for (const { rule, fields } of rules) {
-        // If none of the fields in the current permissions rule overlap with the actually requested
-        // fields in the AST, we can ignore this case altogether
-        if (requestedKeys.length > 0 &&
-            fields.has('*') === false &&
-            Array.from(fields).every((field) => requestedKeys.includes(field) === false)) {
-            continue;
-        }
-        if (rule === null)
-            continue;
-        cases.push(rule);
-        for (const field of fields) {
-            caseMap[field] = [...(caseMap[field] ?? []), index];
-        }
-        index++;
-    }
-    // Field that are allowed no matter what conditions exist for the item. These come from
-    // permissions where the item read access is "everything"
-    const allowedFields = new Set(permissionsForCollection
-        .filter((permission) => hasItemPermissions(permission) === false)
-        .map((permission) => permission.fields ?? [])
-        .flat());
-    return {
-        cases,
-        caseMap,
-        allowedFields,
-    };
-}

package/dist/permissions/modules/process-ast/process-ast.d.ts DELETED Viewed

@@ -1,9 +0,0 @@
-import type { Accountability, PermissionsAction } from '@directus/types';
-import type { AST } from '../../../types/ast.js';
-import type { Context } from '../../types.js';
-export interface ProcessAstOptions {
-    ast: AST;
-    action: PermissionsAction;
-    accountability: Accountability | null;
-}
-export declare function processAst(options: ProcessAstOptions, context: Context): Promise<AST>;

package/dist/permissions/modules/process-ast/process-ast.js DELETED Viewed

@@ -1,39 +0,0 @@
-import { fetchPermissions } from '../../lib/fetch-permissions.js';
-import { fetchPolicies } from '../../lib/fetch-policies.js';
-import { fieldMapFromAst } from './lib/field-map-from-ast.js';
-import { injectCases } from './lib/inject-cases.js';
-import { collectionsInFieldMap } from './utils/collections-in-field-map.js';
-import { validatePathPermissions } from './utils/validate-path/validate-path-permissions.js';
-import { validatePathExistence } from './utils/validate-path/validate-path-existence.js';
-export async function processAst(options, context) {
-    // FieldMap is a Map of paths in the AST, with each path containing the collection and fields in
-    // that collection that the AST path tries to access
-    const fieldMap = fieldMapFromAst(options.ast, context.schema);
-    const collections = collectionsInFieldMap(fieldMap);
-    if (!options.accountability || options.accountability.admin) {
-        // Validate the field existence, even if no permissions apply to the current accountability
-        for (const [path, { collection, fields }] of [...fieldMap.read.entries(), ...fieldMap.other.entries()]) {
-            validatePathExistence(path, collection, fields, context.schema);
-        }
-        return options.ast;
-    }
-    const policies = await fetchPolicies(options.accountability, context);
-    const permissions = await fetchPermissions({ action: options.action, policies, collections, accountability: options.accountability }, context);
-    const readPermissions = options.action === 'read'
-        ? permissions
-        : await fetchPermissions({ action: 'read', policies, collections, accountability: options.accountability }, context);
-    // Validate field existence first
-    for (const [path, { collection, fields }] of [...fieldMap.read.entries(), ...fieldMap.other.entries()]) {
-        validatePathExistence(path, collection, fields, context.schema);
-    }
-    // Validate permissions for the fields
-    for (const [path, { collection, fields }] of fieldMap.other.entries()) {
-        validatePathPermissions(path, permissions, collection, fields);
-    }
-    // Validate permission for read only fields
-    for (const [path, { collection, fields }] of fieldMap.read.entries()) {
-        validatePathPermissions(path, readPermissions, collection, fields);
-    }
-    injectCases(options.ast, permissions);
-    return options.ast;
-}

package/dist/permissions/modules/process-ast/types.d.ts DELETED Viewed

@@ -1,24 +0,0 @@
-export type CollectionKey = string;
-export type FieldKey = string;
-export type QueryPath = string[];
-/**
- * Key is dot-notation QueryPath, f.e. `category.created_by`.
- * Value contains collection context for that path, and fields fetched within
- */
-export type FieldMapEntries = Map<string, {
-    collection: CollectionKey;
-    fields: Set<FieldKey>;
-}>;
-/**
- * FieldMapEntries that require only read permissions and those that require action specific permissions
- */
-export type FieldMap = {
-    read: FieldMapEntries;
-    other: FieldMapEntries;
-};
-export interface AccessRow {
-    policy: {
-        id: string;
-        ip_access: string[] | null;
-    };
-}

package/dist/permissions/modules/process-ast/types.js DELETED Viewed

	@@ -1 +0,0 @@
1	- export {};

package/dist/permissions/modules/process-ast/utils/collections-in-field-map.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { CollectionKey, FieldMap } from '../types.js';
2	- export declare function collectionsInFieldMap(fieldMap: FieldMap): CollectionKey[];

package/dist/permissions/modules/process-ast/utils/collections-in-field-map.js DELETED Viewed

@@ -1,7 +0,0 @@
-export function collectionsInFieldMap(fieldMap) {
-    const collections = new Set();
-    for (const { collection } of [...fieldMap.other.values(), ...fieldMap.read.values()]) {
-        collections.add(collection);
-    }
-    return Array.from(collections);
-}

package/dist/permissions/modules/process-ast/utils/dedupe-access.d.ts DELETED Viewed

@@ -1,12 +0,0 @@
-import type { Filter, Permission } from '@directus/types';
-/**
- * Deduplicate the permissions sets by merging the field sets based on the access control rules
- * (`permissions` in Permission rows)
- *
- * This allows the cases injection to be more efficient by not having to generate duplicate
- * case/when clauses for permission sets where the rule access is identical
- */
-export declare function dedupeAccess(permissions: Permission[]): {
-    rule: Filter;
-    fields: Set<string>;
-}[];

package/dist/permissions/modules/process-ast/utils/dedupe-access.js DELETED Viewed

@@ -1,30 +0,0 @@
-import hash from 'object-hash';
-/**
- * Deduplicate the permissions sets by merging the field sets based on the access control rules
- * (`permissions` in Permission rows)
- *
- * This allows the cases injection to be more efficient by not having to generate duplicate
- * case/when clauses for permission sets where the rule access is identical
- */
-export function dedupeAccess(permissions) {
-    // Map of `ruleHash: fields[]`
-    const map = new Map();
-    for (const permission of permissions) {
-        const rule = permission.permissions ?? {};
-        // Two JS objects can't be equality checked. Object-hash will resort any nested arrays
-        // deterministically meaning that this can be used to compare two rule sets where the array
-        // order does not matter
-        const ruleHash = hash(rule, {
-            algorithm: 'passthrough',
-            unorderedArrays: true,
-        });
-        if (map.has(ruleHash) === false) {
-            map.set(ruleHash, { rule, fields: new Set() });
-        }
-        const info = map.get(ruleHash);
-        for (const field of permission.fields ?? []) {
-            info.fields.add(field);
-        }
-    }
-    return Array.from(map.values());
-}

package/dist/permissions/modules/process-ast/utils/extract-paths-from-query.d.ts DELETED Viewed

@@ -1,15 +0,0 @@
-import type { Query } from '@directus/types';
-/**
- * Converts the passed Query object into a unique list of path arrays, for example:
- *
- * ```
- * [
- * 	['author', 'age'],
- * 	['category']
- * ]
- * ```
- */
-export declare function extractPathsFromQuery(query: Query): {
-    paths: string[][];
-    readOnlyPaths: string[][];
-};

package/dist/permissions/modules/process-ast/utils/extract-paths-from-query.js DELETED Viewed

@@ -1,50 +0,0 @@
-import { isEqual, uniqWith } from 'lodash-es';
-import { flattenFilter } from './flatten-filter.js';
-/**
- * Converts the passed Query object into a unique list of path arrays, for example:
- *
- * ```
- * [
- * 	['author', 'age'],
- * 	['category']
- * ]
- * ```
- */
-export function extractPathsFromQuery(query) {
-    /**
-     * All nested paths used in the current query scope.
-     * This is generated by flattening the filters and adding in the used sort/aggregate fields.
-     */
-    const paths = [];
-    const readOnlyPaths = [];
-    if (query.filter) {
-        flattenFilter(readOnlyPaths, query.filter);
-    }
-    if (query.sort) {
-        for (const field of query.sort) {
-            // Sort can have dot notation fields for sorting on m2o values Sort fields can start with
-            // `-` to indicate descending order, which should be dropped for permissions checks
-            readOnlyPaths.push(field.split('.').map((field) => (field.startsWith('-') ? field.substring(1) : field)));
-        }
-    }
-    if (query.aggregate) {
-        for (const fields of Object.values(query.aggregate)) {
-            for (const field of fields) {
-                // Aggregate doesn't currently support aggregating on nested fields, but it doesn't hurt
-                // to standardize it in the validation layer
-                paths.push(field.split('.'));
-            }
-        }
-    }
-    if (query.group) {
-        for (const field of query.group) {
-            // Grouping doesn't currently support grouping on nested fields, but it doesn't hurt to
-            // standardize it in the validation layer
-            paths.push(field.split('.'));
-        }
-    }
-    return {
-        paths: uniqWith(paths, isEqual),
-        readOnlyPaths: uniqWith(readOnlyPaths, isEqual),
-    };
-}

package/dist/permissions/modules/process-ast/utils/find-related-collection.d.ts DELETED Viewed

@@ -1,3 +0,0 @@
-import type { SchemaOverview } from '@directus/types';
-import type { CollectionKey, FieldKey } from '../types.js';
-export declare function findRelatedCollection(collection: CollectionKey, field: FieldKey, schema: SchemaOverview): CollectionKey | null;

package/dist/permissions/modules/process-ast/utils/find-related-collection.js DELETED Viewed

@@ -1,9 +0,0 @@
-import { getRelationInfo } from '../../../../utils/get-relation-info.js';
-export function findRelatedCollection(collection, field, schema) {
-    const { relation } = getRelationInfo(schema.relations, collection, field);
-    if (!relation)
-        return null;
-    const isO2m = relation.related_collection === collection;
-    const relatedCollectionName = isO2m ? relation.collection : relation.related_collection;
-    return relatedCollectionName;
-}

package/dist/permissions/modules/process-ast/utils/flatten-filter.d.ts DELETED Viewed

@@ -1,3 +0,0 @@
-import type { Query } from '@directus/types';
-import type { FieldKey } from '../types.js';
-export declare function flattenFilter(paths: FieldKey[][], filter: Query['filter']): void;

package/dist/permissions/modules/process-ast/utils/flatten-filter.js DELETED Viewed

@@ -1,34 +0,0 @@
-export function flattenFilter(paths, filter) {
-    if (!filter)
-        return;
-    const stack = [{ current: filter, path: [] }];
-    while (stack.length > 0) {
-        const { current, path } = stack.pop();
-        if (typeof current === 'object' && current !== null) {
-            // If the current nested value is an array, we ignore the array order and flatten all
-            // nested objects
-            const isArray = Array.isArray(current);
-            for (const key in current) {
-                if (!key.startsWith('_') || key === '_and' || key === '_or' || key === '_some' || key === '_none') {
-                    // Only deepen the path if the current value can contain more keys
-                    stack.push({
-                        current: current[key],
-                        path: isArray ? path : [...path, key],
-                    });
-                }
-                else {
-                    // Ignore all operators and logical grouping in the field paths
-                    const parts = path.filter((part) => part.startsWith('_') === false);
-                    if (parts.length > 0)
-                        paths.push(parts);
-                }
-            }
-        }
-        else {
-            // Ignore all operators and logical grouping in the field paths
-            const parts = path.filter((part) => part.startsWith('_') === false);
-            if (parts.length > 0)
-                paths.push(parts);
-        }
-    }
-}

package/dist/permissions/modules/process-ast/utils/format-a2o-key.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export declare function formatA2oKey(fieldKey: string, collection: string): string;

package/dist/permissions/modules/process-ast/utils/format-a2o-key.js DELETED Viewed

@@ -1,3 +0,0 @@
-export function formatA2oKey(fieldKey, collection) {
-    return `${fieldKey}:${collection}`;
-}

package/dist/permissions/modules/process-ast/utils/get-info-for-path.d.ts DELETED Viewed

@@ -1,5 +0,0 @@
-import type { CollectionKey, FieldMap, QueryPath } from '../types.js';
-export declare function getInfoForPath(fieldMap: FieldMap, group: keyof FieldMap, path: QueryPath, collection: CollectionKey): {
-    collection: string;
-    fields: Set<string>;
-};

package/dist/permissions/modules/process-ast/utils/get-info-for-path.js DELETED Viewed

@@ -1,7 +0,0 @@
-export function getInfoForPath(fieldMap, group, path, collection) {
-    const pathStr = path.join('.');
-    if (fieldMap[group].has(pathStr) === false) {
-        fieldMap[group].set(pathStr, { collection, fields: new Set() });
-    }
-    return fieldMap[group].get(pathStr);
-}

package/dist/permissions/modules/process-ast/utils/has-item-permissions.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { Permission } from '@directus/types';
2	- export declare function hasItemPermissions(permission: Permission): boolean;

package/dist/permissions/modules/process-ast/utils/has-item-permissions.js DELETED Viewed

@@ -1,3 +0,0 @@
-export function hasItemPermissions(permission) {
-    return permission.permissions !== null && Object.keys(permission.permissions).length > 0;
-}

package/dist/permissions/modules/process-ast/utils/stringify-query-path.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { QueryPath } from '../types.js';
2	- export declare function stringifyQueryPath(queryPath: QueryPath): string;

package/dist/permissions/modules/process-ast/utils/stringify-query-path.js DELETED Viewed

@@ -1,3 +0,0 @@
-export function stringifyQueryPath(queryPath) {
-    return queryPath.join('.');
-}

package/dist/permissions/modules/process-ast/utils/validate-path/create-error.d.ts DELETED Viewed

@@ -1,3 +0,0 @@
-import { type DirectusError } from '@directus/errors';
-export declare function createCollectionForbiddenError(path: string, collection: string): DirectusError<any>;
-export declare function createFieldsForbiddenError(path: string, collection: string, fields: string[]): DirectusError<any>;

package/dist/permissions/modules/process-ast/utils/validate-path/create-error.js DELETED Viewed

@@ -1,16 +0,0 @@
-import { ForbiddenError } from '@directus/errors';
-export function createCollectionForbiddenError(path, collection) {
-    const pathSuffix = path === '' ? 'root' : `"${path}"`;
-    return new ForbiddenError({
-        reason: `You don't have permission to access collection "${collection}" or it does not exist. Queried in ${pathSuffix}.`,
-    });
-}
-export function createFieldsForbiddenError(path, collection, fields) {
-    const pathSuffix = path === '' ? 'root' : `"${path}"`;
-    const fieldStr = fields.map((field) => `"${field}"`).join(', ');
-    return new ForbiddenError({
-        reason: fields.length === 1
-            ? `You don't have permission to access field ${fieldStr} in collection "${collection}" or it does not exist. Queried in ${pathSuffix}.`
-            : `You don't have permission to access fields ${fieldStr} in collection "${collection}" or they do not exist. Queried in ${pathSuffix}.`,
-    });
-}

package/dist/permissions/modules/process-ast/utils/validate-path/validate-path-existence.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { SchemaOverview } from '@directus/types';
2	- export declare function validatePathExistence(path: string, collection: string, fields: Set<string>, schema: SchemaOverview): void;

package/dist/permissions/modules/process-ast/utils/validate-path/validate-path-existence.js DELETED Viewed

@@ -1,12 +0,0 @@
-import { createCollectionForbiddenError, createFieldsForbiddenError } from './create-error.js';
-export function validatePathExistence(path, collection, fields, schema) {
-    const collectionInfo = schema.collections[collection];
-    if (collectionInfo === undefined) {
-        throw createCollectionForbiddenError(path, collection);
-    }
-    const requestedFields = Array.from(fields);
-    const nonExistentFields = requestedFields.filter((field) => collectionInfo.fields[field] === undefined);
-    if (nonExistentFields.length > 0) {
-        throw createFieldsForbiddenError(path, collection, nonExistentFields);
-    }
-}

package/dist/permissions/modules/process-ast/utils/validate-path/validate-path-permissions.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { Permission } from '@directus/types';
2	- export declare function validatePathPermissions(path: string, permissions: Permission[], collection: string, fields: Set<string>): void;

package/dist/permissions/modules/process-ast/utils/validate-path/validate-path-permissions.js DELETED Viewed

@@ -1,28 +0,0 @@
-import { createCollectionForbiddenError, createFieldsForbiddenError } from './create-error.js';
-export function validatePathPermissions(path, permissions, collection, fields) {
-    const permissionsForCollection = permissions.filter((permission) => permission.collection === collection);
-    if (permissionsForCollection.length === 0) {
-        throw createCollectionForbiddenError(path, collection);
-    }
-    // Set of all fields that are allowed to be queried combined
-    const allowedFields = new Set();
-    for (const { fields } of permissionsForCollection) {
-        if (!fields) {
-            continue;
-        }
-        for (const field of fields) {
-            if (field === '*') {
-                // Early exit in case all fields are allowed
-                return;
-            }
-            allowedFields.add(field);
-        }
-    }
-    const requestedFields = Array.from(fields);
-    const forbiddenFields = allowedFields.has('*')
-        ? []
-        : requestedFields.filter((field) => allowedFields.has(field) === false);
-    if (forbiddenFields.length > 0) {
-        throw createFieldsForbiddenError(path, collection, forbiddenFields);
-    }
-}

package/dist/permissions/modules/process-payload/lib/is-field-nullable.d.ts DELETED Viewed

@@ -1,5 +0,0 @@
-import type { FieldOverview } from '@directus/types';
-/**
- * Checks if a given field is allowed to be set to `null`.
- */
-export declare function isFieldNullable(field: FieldOverview): boolean;

package/dist/permissions/modules/process-payload/lib/is-field-nullable.js DELETED Viewed

@@ -1,12 +0,0 @@
-import { GENERATE_SPECIAL } from '../../../../constants.js';
-/**
- * Checks if a given field is allowed to be set to `null`.
- */
-export function isFieldNullable(field) {
-    if (field.nullable)
-        return true;
-    if (field.generated)
-        return true;
-    const hasGenerateSpecial = GENERATE_SPECIAL.some((name) => field.special.includes(name));
-    return hasGenerateSpecial;
-}

package/dist/permissions/modules/process-payload/process-payload.d.ts DELETED Viewed

@@ -1,13 +0,0 @@
-import type { Accountability, Item, PermissionsAction } from '@directus/types';
-import type { Context } from '../../types.js';
-export interface ProcessPayloadOptions {
-    accountability: Accountability;
-    action: PermissionsAction;
-    collection: string;
-    payload: Item;
-}
-/**
- * @note this only validates the top-level fields. The expectation is that this function is called
- * for each level of nested insert separately
- */
-export declare function processPayload(options: ProcessPayloadOptions, context: Context): Promise<any>;

package/dist/permissions/modules/process-payload/process-payload.js DELETED Viewed

@@ -1,77 +0,0 @@
-import { ForbiddenError } from '@directus/errors';
-import { validatePayload } from '@directus/utils';
-import { FailedValidationError, joiValidationErrorItemToErrorExtensions } from '@directus/validation';
-import { assign, difference, uniq } from 'lodash-es';
-import { fetchPermissions } from '../../lib/fetch-permissions.js';
-import { fetchPolicies } from '../../lib/fetch-policies.js';
-import { isFieldNullable } from './lib/is-field-nullable.js';
-/**
- * @note this only validates the top-level fields. The expectation is that this function is called
- * for each level of nested insert separately
- */
-export async function processPayload(options, context) {
-    let permissions;
-    let permissionValidationRules = [];
-    if (!options.accountability.admin) {
-        const policies = await fetchPolicies(options.accountability, context);
-        permissions = await fetchPermissions({ action: options.action, policies, collections: [options.collection], accountability: options.accountability }, context);
-        if (permissions.length === 0) {
-            throw new ForbiddenError({
-                reason: `You don't have permission to "${options.action}" from collection "${options.collection}" or it does not exist.`,
-            });
-        }
-        const fieldsAllowed = uniq(permissions.map(({ fields }) => fields ?? []).flat());
-        if (fieldsAllowed.includes('*') === false) {
-            const fieldsUsed = Object.keys(options.payload);
-            const notAllowed = difference(fieldsUsed, fieldsAllowed);
-            if (notAllowed.length > 0) {
-                const fieldStr = notAllowed.map((field) => `"${field}"`).join(', ');
-                throw new ForbiddenError({
-                    reason: notAllowed.length === 1
-                        ? `You don't have permission to access field ${fieldStr} in collection "${options.collection}" or it does not exist.`
-                        : `You don't have permission to access fields ${fieldStr} in collection "${options.collection}" or they do not exist.`,
-                });
-            }
-        }
-        permissionValidationRules = permissions.map(({ validation }) => validation);
-    }
-    const fields = Object.values(context.schema.collections[options.collection]?.fields ?? {});
-    const fieldValidationRules = [];
-    for (const field of fields) {
-        if (!isFieldNullable(field)) {
-            const isSubmissionRequired = options.action === 'create' && field.defaultValue === null;
-            if (isSubmissionRequired) {
-                fieldValidationRules.push({
-                    [field.field]: {
-                        _submitted: true,
-                    },
-                });
-            }
-            fieldValidationRules.push({
-                [field.field]: {
-                    _nnull: true,
-                },
-            });
-        }
-        fieldValidationRules.push(field.validation);
-    }
-    const validationRules = [...fieldValidationRules, ...permissionValidationRules].filter((rule) => {
-        if (rule === null)
-            return false;
-        if (Object.keys(rule).length === 0)
-            return false;
-        return true;
-    });
-    if (validationRules.length > 0) {
-        const validationErrors = [];
-        validationErrors.push(...validatePayload({ _and: validationRules }, options.payload)
-            .map((error) => error.details.map((details) => new FailedValidationError(joiValidationErrorItemToErrorExtensions(details))))
-            .flat());
-        if (validationErrors.length > 0)
-            throw validationErrors;
-    }
-    if (!permissions)
-        return options.payload;
-    const presets = permissions.map((permission) => permission.presets);
-    return assign({}, ...presets, options.payload);
-}

package/dist/permissions/modules/validate-access/lib/validate-collection-access.d.ts DELETED Viewed

@@ -1,12 +0,0 @@
-import type { Accountability, PermissionsAction } from '@directus/types';
-import type { Context } from '../../../types.js';
-export interface ValidateCollectionAccessOptions {
-    accountability: Accountability;
-    action: PermissionsAction;
-    collection: string;
-}
-/**
- * Check if you have (limited) access to a given collection by making sure there's at least 1
- * permission rule available for the collection and action combo
- */
-export declare function validateCollectionAccess(options: ValidateCollectionAccessOptions, context: Context): Promise<boolean>;

package/dist/permissions/modules/validate-access/lib/validate-collection-access.js DELETED Viewed

@@ -1,11 +0,0 @@
-import { fetchPermissions } from '../../../lib/fetch-permissions.js';
-import { fetchPolicies } from '../../../lib/fetch-policies.js';
-/**
- * Check if you have (limited) access to a given collection by making sure there's at least 1
- * permission rule available for the collection and action combo
- */
-export async function validateCollectionAccess(options, context) {
-    const policies = await fetchPolicies(options.accountability, context);
-    const permissions = await fetchPermissions({ action: options.action, policies, collections: [options.collection], accountability: options.accountability }, context);
-    return permissions.length > 0;
-}

package/dist/permissions/modules/validate-access/lib/validate-item-access.d.ts DELETED Viewed

@@ -1,9 +0,0 @@
-import type { Accountability, PermissionsAction, PrimaryKey } from '@directus/types';
-import type { Context } from '../../../types.js';
-export interface ValidateItemAccessOptions {
-    accountability: Accountability;
-    action: PermissionsAction;
-    collection: string;
-    primaryKeys: PrimaryKey[];
-}
-export declare function validateItemAccess(options: ValidateItemAccessOptions, context: Context): Promise<boolean>;