npm - @directus/api - Versions diffs - 21.0.0-rc.0 → 21.0.0 - Mend

@directus/api 21.0.0-rc.0 → 21.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (285) hide show

package/dist/permissions/modules/validate-access/lib/validate-item-access.js DELETED Viewed

@@ -1,33 +0,0 @@
-import { getAstFromQuery } from '../../../../database/get-ast-from-query/get-ast-from-query.js';
-import { runAst } from '../../../../database/run-ast/run-ast.js';
-import { processAst } from '../../process-ast/process-ast.js';
-export async function validateItemAccess(options, context) {
-    const primaryKeyField = context.schema.collections[options.collection]?.primary;
-    if (!primaryKeyField) {
-        throw new Error(`Cannot find primary key for collection "${options.collection}"`);
-    }
-    // When we're looking up access to specific items, we have to read them from the database to
-    // make sure you are allowed to access them.
-    const query = {
-        // We don't actually need any of the field data, just want to know if we can read the item as
-        // whole or not
-        fields: [],
-        limit: options.primaryKeys.length,
-        filter: {
-            [primaryKeyField]: {
-                _in: options.primaryKeys,
-            },
-        },
-    };
-    const ast = await getAstFromQuery({
-        accountability: options.accountability,
-        query,
-        collection: options.collection,
-    }, context);
-    await processAst({ ast, ...options }, context);
-    const items = await runAst(ast, context.schema, { knex: context.knex });
-    if (items && items.length === options.primaryKeys.length) {
-        return true;
-    }
-    return false;
-}

package/dist/permissions/modules/validate-access/validate-access.d.ts DELETED Viewed

@@ -1,14 +0,0 @@
-import type { Accountability, PermissionsAction, PrimaryKey } from '@directus/types';
-import type { Context } from '../../types.js';
-export interface ValidateAccessOptions {
-    accountability: Accountability;
-    action: PermissionsAction;
-    collection: string;
-    primaryKeys?: PrimaryKey[];
-}
-/**
- * Validate if the current user has access to perform action against the given collection and
- * optional primary keys. This is done by reading the item from the database using the access
- * control rules and checking if we got the expected result back
- */
-export declare function validateAccess(options: ValidateAccessOptions, context: Context): Promise<void>;

package/dist/permissions/modules/validate-access/validate-access.js DELETED Viewed

@@ -1,28 +0,0 @@
-import { ForbiddenError } from '@directus/errors';
-import { validateCollectionAccess } from './lib/validate-collection-access.js';
-import { validateItemAccess } from './lib/validate-item-access.js';
-/**
- * Validate if the current user has access to perform action against the given collection and
- * optional primary keys. This is done by reading the item from the database using the access
- * control rules and checking if we got the expected result back
- */
-export async function validateAccess(options, context) {
-    if (options.accountability.admin === true) {
-        return;
-    }
-    let access;
-    // If primary keys are passed, we have to confirm the access by actually trying to read the items
-    // from the database. If no keys are passed, we can simply check if the collection+action combo
-    // exists within permissions
-    if (options.primaryKeys) {
-        access = await validateItemAccess(options, context);
-    }
-    else {
-        access = await validateCollectionAccess(options, context);
-    }
-    if (!access) {
-        throw new ForbiddenError({
-            reason: `You don't have permission to "${options.action}" from collection "${options.collection}" or it does not exist.`,
-        });
-    }
-}

package/dist/permissions/modules/validate-remaining-admin/validate-remaining-admin-count.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export declare function validateRemainingAdminCount(count: number): void;

package/dist/permissions/modules/validate-remaining-admin/validate-remaining-admin-count.js DELETED Viewed

@@ -1,8 +0,0 @@
-import { UnprocessableContentError } from '@directus/errors';
-export function validateRemainingAdminCount(count) {
-    if (count <= 0) {
-        throw new UnprocessableContentError({
-            reason: `Cannot remove the last admin user from the system`,
-        });
-    }
-}

package/dist/permissions/modules/validate-remaining-admin/validate-remaining-admin-users.d.ts DELETED Viewed

@@ -1,5 +0,0 @@
-import { type FetchUserCountOptions } from '../../../utils/fetch-user-count/fetch-user-count.js';
-import type { Context } from '../../types.js';
-export interface ValidateRemainingAdminUsersOptions extends Pick<FetchUserCountOptions, 'excludeAccessRows' | 'excludePolicies' | 'excludeUsers' | 'excludeRoles'> {
-}
-export declare function validateRemainingAdminUsers(options: ValidateRemainingAdminUsersOptions, context: Context): Promise<void>;

package/dist/permissions/modules/validate-remaining-admin/validate-remaining-admin-users.js DELETED Viewed

@@ -1,10 +0,0 @@
-import { fetchUserCount } from '../../../utils/fetch-user-count/fetch-user-count.js';
-import { validateRemainingAdminCount } from './validate-remaining-admin-count.js';
-export async function validateRemainingAdminUsers(options, context) {
-    const { admin } = await fetchUserCount({
-        ...options,
-        adminOnly: true,
-        knex: context.knex,
-    });
-    validateRemainingAdminCount(admin);
-}

package/dist/permissions/types.d.ts DELETED Viewed

@@ -1,6 +0,0 @@
-import type { SchemaOverview } from '@directus/types';
-import type { Knex } from 'knex';
-export interface Context {
-    schema: SchemaOverview;
-    knex: Knex;
-}

package/dist/permissions/types.js DELETED Viewed

	@@ -1 +0,0 @@
1	- export {};

package/dist/permissions/utils/create-default-accountability.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { Accountability } from '@directus/types';
2	- export declare function createDefaultAccountability(overrides?: Partial<Accountability>): Accountability;

package/dist/permissions/utils/create-default-accountability.js DELETED Viewed

@@ -1,11 +0,0 @@
-export function createDefaultAccountability(overrides) {
-    return {
-        role: null,
-        user: null,
-        roles: [],
-        admin: false,
-        app: false,
-        ip: null,
-        ...overrides,
-    };
-}

package/dist/permissions/utils/extract-required-dynamic-variable-context.d.ts DELETED Viewed

@@ -1,8 +0,0 @@
-import type { Permission } from '@directus/types';
-export interface RequiredPermissionContext {
-    $CURRENT_USER: Set<string>;
-    $CURRENT_ROLE: Set<string>;
-    $CURRENT_ROLES: Set<string>;
-    $CURRENT_POLICIES: Set<string>;
-}
-export declare function extractRequiredDynamicVariableContext(permissions: Permission[]): RequiredPermissionContext;

package/dist/permissions/utils/extract-required-dynamic-variable-context.js DELETED Viewed

@@ -1,27 +0,0 @@
-import { deepMap } from '@directus/utils';
-export function extractRequiredDynamicVariableContext(permissions) {
-    const permissionContext = {
-        $CURRENT_USER: new Set(),
-        $CURRENT_ROLE: new Set(),
-        $CURRENT_ROLES: new Set(),
-        $CURRENT_POLICIES: new Set(),
-    };
-    for (const permission of permissions) {
-        deepMap(permission.permissions, extractPermissionData);
-        deepMap(permission.validation, extractPermissionData);
-        deepMap(permission.presets, extractPermissionData);
-    }
-    return permissionContext;
-    function extractPermissionData(val) {
-        for (const placeholder of [
-            '$CURRENT_USER',
-            '$CURRENT_ROLE',
-            '$CURRENT_ROLES',
-            '$CURRENT_POLICIES',
-        ]) {
-            if (typeof val === 'string' && val.startsWith(`${placeholder}.`)) {
-                permissionContext[placeholder].add(val.replace(`${placeholder}.`, ''));
-            }
-        }
-    }
-}

package/dist/permissions/utils/fetch-dynamic-variable-context.d.ts DELETED Viewed

@@ -1,9 +0,0 @@
-import type { Accountability, Permission } from '@directus/types';
-import type { Context } from '../types.js';
-export declare const fetchDynamicVariableContext: typeof _fetchDynamicVariableContext;
-export interface FetchDynamicVariableContext {
-    accountability: Pick<Accountability, 'user' | 'role' | 'roles'>;
-    policies: string[];
-    permissions: Permission[];
-}
-export declare function _fetchDynamicVariableContext(options: FetchDynamicVariableContext, context: Context): Promise<Record<string, any>>;

package/dist/permissions/utils/fetch-dynamic-variable-context.js DELETED Viewed

@@ -1,43 +0,0 @@
-import { extractRequiredDynamicVariableContext } from './extract-required-dynamic-variable-context.js';
-import { withCache } from './with-cache.js';
-export const fetchDynamicVariableContext = withCache('permission-dynamic-variables', _fetchDynamicVariableContext, ({ policies, permissions, accountability: { user, role, roles } }) => ({
-    policies,
-    permissions,
-    accountability: {
-        user,
-        role,
-        roles,
-    },
-}));
-export async function _fetchDynamicVariableContext(options, context) {
-    const { UsersService } = await import('../../services/users.js');
-    const { RolesService } = await import('../../services/roles.js');
-    const { PoliciesService } = await import('../../services/policies.js');
-    const contextData = {};
-    const permissionContext = extractRequiredDynamicVariableContext(options.permissions);
-    if (options.accountability.user && (permissionContext.$CURRENT_USER?.size ?? 0) > 0) {
-        const usersService = new UsersService(context);
-        contextData['$CURRENT_USER'] = await usersService.readOne(options.accountability.user, {
-            fields: Array.from(permissionContext.$CURRENT_USER),
-        });
-    }
-    if (options.accountability.role && (permissionContext.$CURRENT_ROLE?.size ?? 0) > 0) {
-        const rolesService = new RolesService(context);
-        contextData['$CURRENT_ROLE'] = await rolesService.readOne(options.accountability.role, {
-            fields: Array.from(permissionContext.$CURRENT_ROLE),
-        });
-    }
-    if (options.accountability.roles.length > 0 && (permissionContext.$CURRENT_ROLES?.size ?? 0) > 0) {
-        const rolesService = new RolesService(context);
-        contextData['$CURRENT_ROLES'] = await rolesService.readMany(options.accountability.roles, {
-            fields: Array.from(permissionContext.$CURRENT_ROLES),
-        });
-    }
-    if (options.policies.length > 0 && (permissionContext.$CURRENT_POLICIES?.size ?? 0) > 0) {
-        const policiesService = new PoliciesService(context);
-        contextData['$CURRENT_POLICIES'] = await policiesService.readMany(options.policies, {
-            fields: Array.from(permissionContext.$CURRENT_POLICIES),
-        });
-    }
-    return contextData;
-}

package/dist/permissions/utils/filter-policies-by-ip.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import type { AccessRow } from '../modules/process-ast/types.js';
2	- export declare function filterPoliciesByIp(policies: AccessRow[], ip: string \| null \| undefined): AccessRow[];

package/dist/permissions/utils/filter-policies-by-ip.js DELETED Viewed

@@ -1,15 +0,0 @@
-import { ipInNetworks } from '../../utils/ip-in-networks.js';
-export function filterPoliciesByIp(policies, ip) {
-    return policies.filter(({ policy }) => {
-        // Keep policies that don't have an ip address allow list configured
-        if (!policy.ip_access || policy.ip_access.length === 0) {
-            return true;
-        }
-        // If the client's IP address is unknown, we can't validate it against the allow list and will
-        // have to default to the more secure option of preventing access
-        if (!ip) {
-            return false;
-        }
-        return ipInNetworks(ip, policy.ip_access);
-    });
-}

package/dist/permissions/utils/get-unaliased-field-key.d.ts DELETED Viewed

@@ -1,5 +0,0 @@
-import type { FieldNode, FunctionFieldNode, NestedCollectionNode } from '../../types/index.js';
-/**
- * Derive the unaliased field key from the given AST node.
- */
-export declare function getUnaliasedFieldKey(node: NestedCollectionNode | FieldNode | FunctionFieldNode): string;

package/dist/permissions/utils/get-unaliased-field-key.js DELETED Viewed

@@ -1,17 +0,0 @@
-import { parseFilterKey } from '../../utils/parse-filter-key.js';
-/**
- * Derive the unaliased field key from the given AST node.
- */
-export function getUnaliasedFieldKey(node) {
-    switch (node.type) {
-        case 'o2m':
-            return node.relation.meta.one_field;
-        case 'a2o':
-        case 'm2o':
-            return node.relation.field;
-        case 'field':
-        case 'functionField':
-            // The field name might still include a function, so process that here as well
-            return parseFilterKey(node.name).fieldName;
-    }
-}

package/dist/permissions/utils/process-permissions.d.ts DELETED Viewed

@@ -1,7 +0,0 @@
-import type { Accountability, Permission } from '@directus/types';
-export interface ProcessPermissionsOptions {
-    permissions: Permission[];
-    accountability: Pick<Accountability, 'user' | 'role' | 'roles'>;
-    permissionsContext: Record<string, any>;
-}
-export declare function processPermissions({ permissions, accountability, permissionsContext }: ProcessPermissionsOptions): Permission[];

package/dist/permissions/utils/process-permissions.js DELETED Viewed

@@ -1,9 +0,0 @@
-import { parseFilter, parsePreset } from '@directus/utils';
-export function processPermissions({ permissions, accountability, permissionsContext }) {
-    return permissions.map((permission) => {
-        permission.permissions = parseFilter(permission.permissions, accountability, permissionsContext);
-        permission.validation = parseFilter(permission.validation, accountability, permissionsContext);
-        permission.presets = parsePreset(permission.presets, accountability, permissionsContext);
-        return permission;
-    });
-}

package/dist/permissions/utils/with-cache.d.ts DELETED Viewed

@@ -1,10 +0,0 @@
-/**
- * The `pick` parameter can be used to stabilize cache keys, by only using a subset of the available parameters and
- * ensuring key order.
- *
- * If the `pick` function is provided, we pass the picked result to the handler, in order for TypeScript to ensure that
- * the function only relies on the parameters that are used for generating the cache key.
- *
- * @NOTE only uses the first parameter for memoization
- */
-export declare function withCache<F extends (arg0: Arg0, ...args: any[]) => R, R, Arg0 = Parameters<F>[0]>(namespace: string, handler: F, prepareArg?: (arg0: Arg0) => Arg0): F;

package/dist/permissions/utils/with-cache.js DELETED Viewed

@@ -1,25 +0,0 @@
-import { getSimpleHash } from '@directus/utils';
-import { useCache } from '../cache.js';
-/**
- * The `pick` parameter can be used to stabilize cache keys, by only using a subset of the available parameters and
- * ensuring key order.
- *
- * If the `pick` function is provided, we pass the picked result to the handler, in order for TypeScript to ensure that
- * the function only relies on the parameters that are used for generating the cache key.
- *
- * @NOTE only uses the first parameter for memoization
- */
-export function withCache(namespace, handler, prepareArg) {
-    const cache = useCache();
-    return (async (arg0, ...args) => {
-        arg0 = prepareArg ? prepareArg(arg0) : arg0;
-        const key = namespace + '-' + getSimpleHash(JSON.stringify(arg0));
-        const cached = await cache.get(key);
-        if (cached !== undefined) {
-            return cached;
-        }
-        const res = await handler(arg0, ...args);
-        cache.set(key, res);
-        return res;
-    });
-}

package/dist/services/access.d.ts DELETED Viewed

@@ -1,10 +0,0 @@
-import type { Item, PrimaryKey } from '@directus/types';
-import type { AbstractServiceOptions, MutationOptions } from '../types/index.js';
-import { ItemsService } from './items.js';
-export declare class AccessService extends ItemsService {
-    constructor(options: AbstractServiceOptions);
-    private clearCaches;
-    createOne(data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey>;
-    updateMany(keys: PrimaryKey[], data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey[]>;
-    deleteMany(keys: PrimaryKey[], opts?: MutationOptions): Promise<PrimaryKey[]>;
-}

package/dist/services/access.js DELETED Viewed

@@ -1,43 +0,0 @@
-import { clearSystemCache } from '../cache.js';
-import { UserIntegrityCheckFlag } from '../utils/validate-user-count-integrity.js';
-import { ItemsService } from './items.js';
-export class AccessService extends ItemsService {
-    constructor(options) {
-        super('directus_access', options);
-    }
-    async clearCaches(opts) {
-        await clearSystemCache({ autoPurgeCache: opts?.autoPurgeCache });
-        if (this.cache && opts?.autoPurgeCache !== false) {
-            await this.cache.clear();
-        }
-    }
-    async createOne(data, opts = {}) {
-        // Creating a new policy attachments affects the number of admin/app/api users.
-        // But it can only add app or admin users, so no need to check the remaining admin users.
-        opts.userIntegrityCheckFlags =
-            (opts.userIntegrityCheckFlags ?? UserIntegrityCheckFlag.None) | UserIntegrityCheckFlag.UserLimits;
-        opts.onRequireUserIntegrityCheck?.(opts.userIntegrityCheckFlags);
-        const result = await super.createOne(data, opts);
-        // A new policy has been attached to a user or a role, clear the caches
-        await this.clearCaches();
-        return result;
-    }
-    async updateMany(keys, data, opts = {}) {
-        // Updating policy attachments might affect the number of admin/app/api users
-        opts.userIntegrityCheckFlags = UserIntegrityCheckFlag.All;
-        opts.onRequireUserIntegrityCheck?.(opts.userIntegrityCheckFlags);
-        const result = await super.updateMany(keys, data, { ...opts, userIntegrityCheckFlags: UserIntegrityCheckFlag.All });
-        // Some policy attachments have been updated, clear the caches
-        await this.clearCaches();
-        return result;
-    }
-    async deleteMany(keys, opts = {}) {
-        // Changes here can affect the number of admin/app/api users
-        opts.userIntegrityCheckFlags = UserIntegrityCheckFlag.All;
-        opts.onRequireUserIntegrityCheck?.(opts.userIntegrityCheckFlags);
-        const result = await super.deleteMany(keys, opts);
-        // Some policy attachments have been deleted, clear the caches
-        await this.clearCaches();
-        return result;
-    }
-}

package/dist/services/policies.d.ts DELETED Viewed

@@ -1,12 +0,0 @@
-import type { Policy, PrimaryKey } from '@directus/types';
-import type { AbstractServiceOptions, MutationOptions } from '../types/index.js';
-import { ItemsService } from './items.js';
-export declare class PoliciesService extends ItemsService<Policy> {
-    constructor(options: AbstractServiceOptions);
-    private clearCaches;
-    private isIpAccessValid;
-    private assertValidIpAccess;
-    createOne(data: Partial<Policy>, opts?: MutationOptions): Promise<PrimaryKey>;
-    updateMany(keys: PrimaryKey[], data: Partial<Policy>, opts?: MutationOptions): Promise<PrimaryKey[]>;
-    deleteMany(keys: PrimaryKey[], opts?: MutationOptions): Promise<PrimaryKey[]>;
-}

package/dist/services/policies.js DELETED Viewed

@@ -1,87 +0,0 @@
-import { InvalidPayloadError } from '@directus/errors';
-import { getMatch } from 'ip-matching';
-import { clearSystemCache } from '../cache.js';
-import { clearCache as clearPermissionsCache } from '../permissions/cache.js';
-import { UserIntegrityCheckFlag } from '../utils/validate-user-count-integrity.js';
-import { ItemsService } from './items.js';
-export class PoliciesService extends ItemsService {
-    constructor(options) {
-        super('directus_policies', options);
-    }
-    async clearCaches(opts) {
-        await clearSystemCache({ autoPurgeCache: opts?.autoPurgeCache });
-        if (this.cache && opts?.autoPurgeCache !== false) {
-            await this.cache.clear();
-        }
-    }
-    isIpAccessValid(value) {
-        if (value === undefined)
-            return false;
-        if (value === null)
-            return true;
-        if (Array.isArray(value) && value.length === 0)
-            return true;
-        for (const ip of value) {
-            if (typeof ip !== 'string' || ip.includes('*'))
-                return false;
-            try {
-                const match = getMatch(ip);
-                if (match.type == 'IPMask')
-                    return false;
-            }
-            catch {
-                return false;
-            }
-        }
-        return true;
-    }
-    assertValidIpAccess(partialItem) {
-        if ('ip_access' in partialItem && !this.isIpAccessValid(partialItem['ip_access'])) {
-            throw new InvalidPayloadError({
-                reason: 'IP Access contains an incorrect value. Valid values are: IP addresses, IP ranges and CIDR blocks',
-            });
-        }
-    }
-    async createOne(data, opts = {}) {
-        this.assertValidIpAccess(data);
-        // A policy has been created, but the attachment to a user/role happens in the AccessService,
-        // so no need to check user integrity
-        const result = await super.createOne(data, opts);
-        // TODO is this necessary? Since the attachment should be handled in the AccessService
-        // A new policy has created, clear the permissions cache
-        await clearPermissionsCache();
-        return result;
-    }
-    async updateMany(keys, data, opts = {}) {
-        this.assertValidIpAccess(data);
-        if ('admin_access' in data) {
-            let flags = UserIntegrityCheckFlag.RemainingAdmins;
-            if (data['admin_access'] === true) {
-                // Only need to perform a full user count if the policy allows admin access
-                flags |= UserIntegrityCheckFlag.All;
-            }
-            opts.userIntegrityCheckFlags = (opts.userIntegrityCheckFlags ?? UserIntegrityCheckFlag.None) | flags;
-        }
-        if ('app_access' in data) {
-            opts.userIntegrityCheckFlags =
-                (opts.userIntegrityCheckFlags ?? UserIntegrityCheckFlag.None) | UserIntegrityCheckFlag.UserLimits;
-        }
-        if (opts.userIntegrityCheckFlags)
-            opts.onRequireUserIntegrityCheck?.(opts.userIntegrityCheckFlags);
-        const result = await super.updateMany(keys, data, opts);
-        if ('admin_access' in data || 'app_access' in data || 'ip_access' in data || 'enforce_tfa' in data) {
-            // Some relevant properties on policies have been updated, clear the caches
-            await this.clearCaches(opts);
-        }
-        return result;
-    }
-    async deleteMany(keys, opts = {}) {
-        opts.userIntegrityCheckFlags = UserIntegrityCheckFlag.All;
-        opts.onRequireUserIntegrityCheck?.(opts.userIntegrityCheckFlags);
-        const result = await super.deleteMany(keys, opts);
-        // TODO is this necessary? Since the detachment should be handled in the AccessService
-        // Some policies have been deleted, clear the permissions cache
-        await this.clearCaches(opts);
-        return result;
-    }
-}

package/dist/telemetry/utils/check-user-limits.d.ts DELETED Viewed

@@ -1,5 +0,0 @@
-import { type UserCount } from '../../utils/fetch-user-count/fetch-user-count.js';
-/**
- * Ensure that user limits are not reached
- */
-export declare function checkUserLimits(userCounts: UserCount): Promise<void>;

package/dist/telemetry/utils/check-user-limits.js DELETED Viewed

@@ -1,19 +0,0 @@
-import { useEnv } from '@directus/env';
-import { LimitExceededError } from '@directus/errors';
-import {} from '../../utils/fetch-user-count/fetch-user-count.js';
-const env = useEnv();
-/**
- * Ensure that user limits are not reached
- */
-export async function checkUserLimits(userCounts) {
-    if (userCounts.admin > Number(env['USERS_ADMIN_ACCESS_LIMIT'])) {
-        throw new LimitExceededError({ category: 'Active Admin users' });
-    }
-    // Both app and admin users count against the app access limit
-    if (userCounts.app + userCounts.admin > Number(env['USERS_APP_ACCESS_LIMIT'])) {
-        throw new LimitExceededError({ category: 'Active App users' });
-    }
-    if (userCounts.api > Number(env['USERS_API_ACCESS_LIMIT'])) {
-        throw new LimitExceededError({ category: 'Active API users' });
-    }
-}

package/dist/utils/fetch-user-count/fetch-access-lookup.d.ts DELETED Viewed

@@ -1,17 +0,0 @@
-import type { PrimaryKey } from '@directus/types';
-import type { Knex } from 'knex';
-export interface AccessLookup {
-    role: string | null;
-    user: string | null;
-    app_access: boolean | number;
-    admin_access: boolean | number;
-}
-export interface FetchAccessLookupOptions {
-    excludeAccessRows?: PrimaryKey[];
-    excludePolicies?: PrimaryKey[];
-    excludeUsers?: PrimaryKey[];
-    excludeRoles?: PrimaryKey[];
-    adminOnly?: boolean;
-    knex: Knex;
-}
-export declare function fetchAccessLookup(options: FetchAccessLookupOptions): Promise<AccessLookup[]>;

package/dist/utils/fetch-user-count/fetch-access-lookup.js DELETED Viewed

@@ -1,22 +0,0 @@
-export async function fetchAccessLookup(options) {
-    let query = options.knex
-        .select('directus_access.role', 'directus_access.user', 'directus_policies.app_access', 'directus_policies.admin_access')
-        .from('directus_access')
-        .leftJoin('directus_policies', 'directus_access.policy', 'directus_policies.id');
-    if (options.excludeAccessRows && options.excludeAccessRows.length > 0) {
-        query = query.whereNotIn('directus_access.id', options.excludeAccessRows);
-    }
-    if (options.excludePolicies && options.excludePolicies.length > 0) {
-        query = query.whereNotIn('directus_access.policy', options.excludePolicies);
-    }
-    if (options.excludeUsers && options.excludeUsers.length > 0) {
-        query = query.where((q) => q.whereNotIn('directus_access.user', options.excludeUsers).orWhereNull('directus_access.user'));
-    }
-    if (options.excludeRoles && options.excludeRoles.length > 0) {
-        query = query.where((q) => q.whereNotIn('directus_access.role', options.excludeRoles).orWhereNull('directus_access.role'));
-    }
-    if (options.adminOnly) {
-        query = query.where('directus_policies.admin_access', 1);
-    }
-    return query;
-}

package/dist/utils/fetch-user-count/fetch-access-roles.d.ts DELETED Viewed

@@ -1,16 +0,0 @@
-import type { PrimaryKey } from '@directus/types';
-import type { Knex } from 'knex';
-export interface FetchAccessRolesOptions {
-    adminRoles: Set<string>;
-    appRoles: Set<string>;
-    excludeRoles?: PrimaryKey[];
-}
-/**
- * Return a set of roles that allow app or admin access, if itself or any of its parents do
- */
-export declare function fetchAccessRoles(options: FetchAccessRolesOptions, context: {
-    knex: Knex;
-}): Promise<{
-    adminRoles: Set<string>;
-    appRoles: Set<string>;
-}>;

package/dist/utils/fetch-user-count/fetch-access-roles.js DELETED Viewed

@@ -1,37 +0,0 @@
-/**
- * Return a set of roles that allow app or admin access, if itself or any of its parents do
- */
-export async function fetchAccessRoles(options, context) {
-    // Only fetch the roles that have a parent, as otherwise those roles should already be included in at least one of the input set
-    const allChildRoles = await context.knex
-        .select('id', 'parent')
-        .from('directus_roles')
-        .whereNotNull('parent')
-        .whereNotIn('id', options.excludeRoles ?? []);
-    const adminRoles = new Set(options.adminRoles);
-    const appRoles = new Set(options.appRoles);
-    const remainingRoles = new Set(allChildRoles);
-    let hasChanged = remainingRoles.size > 0;
-    // This loop accounts for the undefined order in which the roles are returned, as there is the possibility
-    // of a role parent not being in the set of roles yet, so we need to iterate over the roles multiple times
-    // until no further roles are added to the sets
-    while (hasChanged) {
-        hasChanged = false;
-        for (const role of remainingRoles) {
-            if (adminRoles.has(role.parent)) {
-                adminRoles.add(role.id);
-                remainingRoles.delete(role);
-                hasChanged = true;
-            }
-            if (appRoles.has(role.parent)) {
-                appRoles.add(role.id);
-                remainingRoles.delete(role);
-                hasChanged = true;
-            }
-        }
-    }
-    return {
-        adminRoles,
-        appRoles,
-    };
-}

package/dist/utils/fetch-user-count/fetch-active-users.d.ts DELETED Viewed

@@ -1,6 +0,0 @@
-import type { Knex } from 'knex';
-export interface ActiveUser {
-    id: string;
-    role: string | null;
-}
-export declare function fetchActiveUsers(knex: Knex): Promise<ActiveUser[]>;

package/dist/utils/fetch-user-count/fetch-active-users.js DELETED Viewed

@@ -1,3 +0,0 @@
-export async function fetchActiveUsers(knex) {
-    return await knex.select('id', 'role').from('directus_users').where('status', 'active');
-}

package/dist/utils/fetch-user-count/fetch-user-count.d.ts DELETED Viewed

@@ -1,12 +0,0 @@
-import { type FetchAccessLookupOptions } from './fetch-access-lookup.js';
-export interface FetchUserCountOptions extends FetchAccessLookupOptions {
-}
-export interface UserCount {
-    admin: number;
-    app: number;
-    api: number;
-}
-/**
- * Returns counts of all active users in the system grouped by admin, app, and api access
- */
-export declare function fetchUserCount(options: FetchUserCountOptions): Promise<UserCount>;