npm - @directus/api - Versions diffs - 21.0.0 → 22.1.0 - Mend

@directus/api 21.0.0 → 22.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (299) hide show

package/dist/app.js CHANGED Viewed

@@ -10,6 +10,7 @@ import path from 'path';
 import qs from 'qs';
 import { registerAuthProviders } from './auth.js';
 import activityRouter from './controllers/activity.js';
+import accessRouter from './controllers/access.js';
 import assetsRouter from './controllers/assets.js';
 import authRouter from './controllers/auth.js';
 import collectionsRouter from './controllers/collections.js';
@@ -26,6 +27,7 @@ import notificationsRouter from './controllers/notifications.js';
 import operationsRouter from './controllers/operations.js';
 import panelsRouter from './controllers/panels.js';
 import permissionsRouter from './controllers/permissions.js';
+import policiesRouter from './controllers/policies.js';
 import presetsRouter from './controllers/presets.js';
 import relationsRouter from './controllers/relations.js';
 import revisionsRouter from './controllers/revisions.js';
@@ -47,11 +49,9 @@ import { getFlowManager } from './flows.js';
 import { createExpressLogger, useLogger } from './logger/index.js';
 import authenticate from './middleware/authenticate.js';
 import cache from './middleware/cache.js';
-import { checkIP } from './middleware/check-ip.js';
 import cors from './middleware/cors.js';
 import { errorHandler } from './middleware/error-handler.js';
 import extractToken from './middleware/extract-token.js';
-import getPermissions from './middleware/get-permissions.js';
 import rateLimiterGlobal from './middleware/rate-limiter-global.js';
 import rateLimiter from './middleware/rate-limiter-ip.js';
 import sanitizeQuery from './middleware/sanitize-query.js';
@@ -198,16 +198,15 @@ export default async function createApp() {
     }
     app.get('/server/ping', (_req, res) => res.send('pong'));
     app.use(authenticate);
-    app.use(checkIP);
     app.use(sanitizeQuery);
     app.use(cache);
     app.use(schema);
-    app.use(getPermissions);
     await emitter.emitInit('middlewares.after', { app });
     await emitter.emitInit('routes.before', { app });
     app.use('/auth', authRouter);
     app.use('/graphql', graphqlRouter);
     app.use('/activity', activityRouter);
+    app.use('/access', accessRouter);
     app.use('/assets', assetsRouter);
     app.use('/collections', collectionsRouter);
     app.use('/dashboards', dashboardsRouter);
@@ -224,6 +223,7 @@ export default async function createApp() {
     app.use('/operations', operationsRouter);
     app.use('/panels', panelsRouter);
     app.use('/permissions', permissionsRouter);
+    app.use('/policies', policiesRouter);
     app.use('/presets', presetsRouter);
     app.use('/translations', translationsRouter);
     app.use('/relations', relationsRouter);

package/dist/auth/drivers/ldap.js CHANGED Viewed

@@ -3,16 +3,17 @@ import { ErrorCode, InvalidCredentialsError, InvalidPayloadError, InvalidProvide
 import { Router } from 'express';
 import Joi from 'joi';
 import ldap from 'ldapjs';
+import { REFRESH_COOKIE_OPTIONS, SESSION_COOKIE_OPTIONS } from '../../constants.js';
 import getDatabase from '../../database/index.js';
 import emitter from '../../emitter.js';
 import { useLogger } from '../../logger/index.js';
 import { respond } from '../../middleware/respond.js';
+import { createDefaultAccountability } from '../../permissions/utils/create-default-accountability.js';
 import { AuthenticationService } from '../../services/authentication.js';
 import { UsersService } from '../../services/users.js';
 import asyncHandler from '../../utils/async-handler.js';
 import { getIPFromReq } from '../../utils/get-ip-from-req.js';
 import { AuthDriver } from '../auth.js';
-import { REFRESH_COOKIE_OPTIONS, SESSION_COOKIE_OPTIONS } from '../../constants.js';
 // 0x2: ACCOUNTDISABLE
 // 0x10: LOCKOUT
 // 0x800000: PASSWORD_EXPIRED
@@ -295,10 +296,9 @@ export function createLDAPAuthRouter(provider) {
     }).unknown();
     router.post('/', asyncHandler(async (req, res, next) => {
         const env = useEnv();
-        const accountability = {
+        const accountability = createDefaultAccountability({
             ip: getIPFromReq(req),
-            role: null,
-        };
+        });
         const userAgent = req.get('user-agent')?.substring(0, 1024);
         if (userAgent)
             accountability.userAgent = userAgent;

package/dist/auth/drivers/local.js CHANGED Viewed

@@ -1,11 +1,12 @@
+import { useEnv } from '@directus/env';
 import { InvalidCredentialsError, InvalidPayloadError } from '@directus/errors';
 import argon2 from 'argon2';
 import { Router } from 'express';
 import Joi from 'joi';
 import { performance } from 'perf_hooks';
 import { REFRESH_COOKIE_OPTIONS, SESSION_COOKIE_OPTIONS } from '../../constants.js';
-import { useEnv } from '@directus/env';
 import { respond } from '../../middleware/respond.js';
+import { createDefaultAccountability } from '../../permissions/utils/create-default-accountability.js';
 import { AuthenticationService } from '../../services/authentication.js';
 import asyncHandler from '../../utils/async-handler.js';
 import { getIPFromReq } from '../../utils/get-ip-from-req.js';
@@ -47,10 +48,9 @@ export function createLocalAuthRouter(provider) {
     router.post('/', asyncHandler(async (req, res, next) => {
         const STALL_TIME = env['LOGIN_STALL_TIME'];
         const timeStart = performance.now();
-        const accountability = {
+        const accountability = createDefaultAccountability({
             ip: getIPFromReq(req),
-            role: null,
-        };
+        });
         const userAgent = req.get('user-agent')?.substring(0, 1024);
         if (userAgent)
             accountability.userAgent = userAgent;

package/dist/auth/drivers/oauth2.js CHANGED Viewed

@@ -11,15 +11,16 @@ import getDatabase from '../../database/index.js';
 import emitter from '../../emitter.js';
 import { useLogger } from '../../logger/index.js';
 import { respond } from '../../middleware/respond.js';
+import { createDefaultAccountability } from '../../permissions/utils/create-default-accountability.js';
 import { AuthenticationService } from '../../services/authentication.js';
 import { UsersService } from '../../services/users.js';
 import asyncHandler from '../../utils/async-handler.js';
 import { getConfigFromEnv } from '../../utils/get-config-from-env.js';
 import { getIPFromReq } from '../../utils/get-ip-from-req.js';
+import { getSecret } from '../../utils/get-secret.js';
 import { isLoginRedirectAllowed } from '../../utils/is-login-redirect-allowed.js';
 import { Url } from '../../utils/url.js';
 import { LocalAuthDriver } from './local.js';
-import { getSecret } from '../../utils/get-secret.js';
 export class OAuth2AuthDriver extends LocalAuthDriver {
     client;
     redirectUrl;
@@ -251,10 +252,9 @@ export function createOAuth2AuthRouter(providerName) {
             throw new InvalidCredentialsError();
         }
         const { verifier, redirect, prompt } = tokenData;
-        const accountability = {
+        const accountability = createDefaultAccountability({
             ip: getIPFromReq(req),
-            role: null,
-        };
+        });
         const userAgent = req.get('user-agent')?.substring(0, 1024);
         if (userAgent)
             accountability.userAgent = userAgent;

package/dist/auth/drivers/openid.js CHANGED Viewed

@@ -11,6 +11,7 @@ import getDatabase from '../../database/index.js';
 import emitter from '../../emitter.js';
 import { useLogger } from '../../logger/index.js';
 import { respond } from '../../middleware/respond.js';
+import { createDefaultAccountability } from '../../permissions/utils/create-default-accountability.js';
 import { AuthenticationService } from '../../services/authentication.js';
 import { UsersService } from '../../services/users.js';
 import asyncHandler from '../../utils/async-handler.js';
@@ -272,10 +273,7 @@ export function createOpenIDAuthRouter(providerName) {
             throw new InvalidCredentialsError();
         }
         const { verifier, redirect, prompt } = tokenData;
-        const accountability = {
-            ip: getIPFromReq(req),
-            role: null,
-        };
+        const accountability = createDefaultAccountability({ ip: getIPFromReq(req) });
         const userAgent = req.get('user-agent')?.substring(0, 1024);
         if (userAgent)
             accountability.userAgent = userAgent;

package/dist/cache.js CHANGED Viewed

@@ -7,6 +7,7 @@ import { compress, decompress } from './utils/compress.js';
 import { getConfigFromEnv } from './utils/get-config-from-env.js';
 import { getMilliseconds } from './utils/get-milliseconds.js';
 import { validateEnv } from './utils/validate-env.js';
+import { clearCache as clearPermissionCache } from './permissions/cache.js';
 import { createRequire } from 'node:module';
 const logger = useLogger();
 const env = useEnv();
@@ -60,6 +61,8 @@ export async function clearSystemCache(opts) {
         await lockCache.delete('system-cache-lock');
     }
     await localSchemaCache.clear();
+    // Since a lot of cached permission function rely on the schema it needs to be cleared as well
+    await clearPermissionCache();
     messenger.publish('schemaChanged', { autoPurgeCache: opts?.autoPurgeCache });
 }
 export async function setSystemCache(key, value, ttl) {

package/dist/cli/commands/bootstrap/index.js CHANGED Viewed

@@ -3,11 +3,13 @@ import getDatabase, { hasDatabaseConnection, isInstalled, validateDatabaseConnec
 import runMigrations from '../../../database/migrations/run.js';
 import installDatabase from '../../../database/seeds/run.js';
 import { useLogger } from '../../../logger/index.js';
+import { AccessService } from '../../../services/access.js';
+import { PoliciesService } from '../../../services/policies.js';
 import { RolesService } from '../../../services/roles.js';
 import { SettingsService } from '../../../services/settings.js';
 import { UsersService } from '../../../services/users.js';
 import { getSchema } from '../../../utils/get-schema.js';
-import { defaultAdminRole, defaultAdminUser } from '../../utils/defaults.js';
+import { defaultAdminPolicy, defaultAdminRole, defaultAdminUser } from '../../utils/defaults.js';
 export default async function bootstrap({ skipAdminInit }) {
     const logger = useLogger();
     logger.info('Initializing bootstrap...');
@@ -58,8 +60,12 @@ async function createDefaultAdmin(schema) {
     const env = useEnv();
     const { nanoid } = await import('nanoid');
     logger.info('Setting up first admin role...');
+    const accessService = new AccessService({ schema });
+    const policiesService = new PoliciesService({ schema });
     const rolesService = new RolesService({ schema });
     const role = await rolesService.createOne(defaultAdminRole);
+    const policy = await policiesService.createOne(defaultAdminPolicy);
+    await accessService.createOne({ policy, role });
     logger.info('Adding first admin user...');
     const usersService = new UsersService({ schema });
     let adminEmail = env['ADMIN_EMAIL'];
@@ -73,5 +79,5 @@ async function createDefaultAdmin(schema) {
         logger.info(`No admin password provided. Defaulting to "${adminPassword}"`);
     }
     const token = env['ADMIN_TOKEN'] ?? null;
-    await usersService.createOne({ email: adminEmail, password: adminPassword, token, role, ...defaultAdminUser });
+    await usersService.createOne({ ...defaultAdminUser, email: adminEmail, password: adminPassword, token, role });
 }

package/dist/cli/commands/init/index.js CHANGED Viewed

@@ -9,7 +9,7 @@ import runSeed from '../../../database/seeds/run.js';
 import { generateHash } from '../../../utils/generate-hash.js';
 import createDBConnection from '../../utils/create-db-connection.js';
 import createEnv from '../../utils/create-env/index.js';
-import { defaultAdminRole, defaultAdminUser } from '../../utils/defaults.js';
+import { defaultAdminPolicy, defaultAdminRole, defaultAdminUser } from '../../utils/defaults.js';
 import { drivers, getDriverForClient } from '../../utils/drivers.js';
 import { databaseQuestions } from './questions.js';
 export default async function init() {
@@ -79,18 +79,17 @@ export default async function init() {
         },
     ]);
     firstUser.password = await generateHash(firstUser.password);
-    const userID = randomUUID();
-    const roleID = randomUUID();
-    await db('directus_roles').insert({
-        id: roleID,
-        ...defaultAdminRole,
-    });
+    const role = randomUUID();
+    const policy = randomUUID();
+    await db('directus_roles').insert({ ...defaultAdminRole, id: role });
+    await db('directus_policies').insert({ ...defaultAdminPolicy, id: policy });
+    await db('directus_access').insert({ id: randomUUID(), role, policy });
     await db('directus_users').insert({
-        id: userID,
+        ...defaultAdminUser,
+        id: randomUUID(),
         email: firstUser.email,
         password: firstUser.password,
-        role: roleID,
-        ...defaultAdminUser,
+        role,
     });
     await db.destroy();
     process.stdout.write(`\nYour project has been created at ${chalk.green(rootPath)}.\n`);

package/dist/cli/commands/init/questions.d.ts CHANGED Viewed

@@ -1,20 +1,21 @@
+import type { Driver } from '../../../types/index.js';
 export declare const databaseQuestions: {
     sqlite3: (({ filepath }: {
         filepath: string;
     }) => Record<string, string>)[];
-    mysql: (({ client }: {
-        client: string;
+    mysql2: (({ client }: {
+        client: Exclude<Driver, 'sqlite3'>;
     }) => Record<string, any>)[];
     pg: (({ client }: {
-        client: string;
+        client: Exclude<Driver, 'sqlite3'>;
     }) => Record<string, any>)[];
     cockroachdb: (({ client }: {
-        client: string;
+        client: Exclude<Driver, 'sqlite3'>;
     }) => Record<string, any>)[];
     oracledb: (({ client }: {
-        client: string;
+        client: Exclude<Driver, 'sqlite3'>;
     }) => Record<string, any>)[];
     mssql: (({ client }: {
-        client: string;
+        client: Exclude<Driver, 'sqlite3'>;
     }) => Record<string, any>)[];
 };

package/dist/cli/commands/init/questions.js CHANGED Viewed

@@ -19,7 +19,7 @@ const port = ({ client }) => ({
         const ports = {
             pg: 5432,
             cockroachdb: 26257,
-            mysql: 3306,
+            mysql2: 3306,
             oracledb: 1521,
             mssql: 1433,
         };
@@ -57,7 +57,7 @@ const ssl = () => ({
 });
 export const databaseQuestions = {
     sqlite3: [filename],
-    mysql: [host, port, database, user, password],
+    mysql2: [host, port, database, user, password],
     pg: [host, port, database, user, password, ssl],
     cockroachdb: [host, port, database, user, password, ssl],
     oracledb: [host, port, database, user, password],

package/dist/cli/utils/create-env/index.d.ts CHANGED Viewed

@@ -1,3 +1,3 @@
+import type { Driver } from '../../../types/index.js';
 import type { Credentials } from '../create-db-connection.js';
-import type { drivers } from '../drivers.js';
-export default function createEnv(client: keyof typeof drivers, credentials: Credentials, directory: string): Promise<void>;
+export default function createEnv(client: Driver, credentials: Credentials, directory: string): Promise<void>;

package/dist/cli/utils/create-env/index.js CHANGED Viewed

@@ -14,12 +14,14 @@ const liquidEngine = new Liquid({
 });
 export default async function createEnv(client, credentials, directory) {
     const { nanoid } = await import('nanoid');
+    // For backwards-compatibility, DB_CLIENT is still 'mysql'
+    const dbClient = client === 'mysql2' ? 'mysql' : client;
     const config = {
         security: {
             SECRET: nanoid(32),
         },
         database: {
-            DB_CLIENT: client,
+            DB_CLIENT: dbClient,
         },
     };
     for (const [key, value] of Object.entries(credentials)) {

package/dist/cli/utils/defaults.d.ts CHANGED Viewed

@@ -1,11 +1,4 @@
-export declare const defaultAdminRole: {
-    name: string;
-    icon: string;
-    admin_access: boolean;
-    description: string;
-};
-export declare const defaultAdminUser: {
-    status: string;
-    first_name: string;
-    last_name: string;
-};
+import type { Policy, Role, User } from '@directus/types';
+export declare const defaultAdminRole: Partial<Role>;
+export declare const defaultAdminUser: Partial<User>;
+export declare const defaultAdminPolicy: Partial<Policy>;

package/dist/cli/utils/defaults.js CHANGED Viewed

@@ -1,7 +1,6 @@
 export const defaultAdminRole = {
     name: 'Administrator',
     icon: 'verified',
-    admin_access: true,
     description: '$t:admin_description',
 };
 export const defaultAdminUser = {
@@ -9,3 +8,10 @@ export const defaultAdminUser = {
     first_name: 'Admin',
     last_name: 'User',
 };
+export const defaultAdminPolicy = {
+    name: 'Administrator',
+    icon: 'verified',
+    admin_access: true,
+    app_access: true,
+    description: '$t:admin_description',
+};

package/dist/cli/utils/drivers.js CHANGED Viewed

@@ -1,7 +1,7 @@
 export const drivers = {
     pg: 'PostgreSQL / Redshift',
     cockroachdb: 'CockroachDB (Beta)',
-    mysql: 'MySQL / MariaDB / Aurora',
+    mysql2: 'MySQL / MariaDB / Aurora',
     sqlite3: 'SQLite',
     mssql: 'Microsoft SQL Server',
     oracledb: 'Oracle Database',

package/dist/constants.d.ts CHANGED Viewed

@@ -6,7 +6,7 @@ export declare const FILTER_VARIABLES: string[];
 export declare const ALIAS_TYPES: string[];
 export declare const DEFAULT_AUTH_PROVIDER = "default";
 export declare const COLUMN_TRANSFORMS: string[];
-export declare const GENERATE_SPECIAL: string[];
+export declare const GENERATE_SPECIAL: readonly ["uuid", "date-created", "role-created", "user-created"];
 export declare const UUID_REGEX = "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}";
 export declare const REFRESH_COOKIE_OPTIONS: CookieOptions;
 export declare const SESSION_COOKIE_OPTIONS: CookieOptions;

package/dist/controllers/access.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ declare const router: import("express-serve-static-core").Router;
2	+ export default router;

package/dist/controllers/access.js ADDED Viewed

@@ -0,0 +1,148 @@
+import { ErrorCode, isDirectusError } from '@directus/errors';
+import express from 'express';
+import { respond } from '../middleware/respond.js';
+import useCollection from '../middleware/use-collection.js';
+import { validateBatch } from '../middleware/validate-batch.js';
+import { MetaService } from '../services/meta.js';
+import { AccessService } from '../services/access.js';
+import asyncHandler from '../utils/async-handler.js';
+import { sanitizeQuery } from '../utils/sanitize-query.js';
+const router = express.Router();
+router.use(useCollection('directus_access'));
+router.post('/', asyncHandler(async (req, res, next) => {
+    const service = new AccessService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
+    const savedKeys = [];
+    if (Array.isArray(req.body)) {
+        const keys = await service.createMany(req.body);
+        savedKeys.push(...keys);
+    }
+    else {
+        const key = await service.createOne(req.body);
+        savedKeys.push(key);
+    }
+    try {
+        if (Array.isArray(req.body)) {
+            const items = await service.readMany(savedKeys, req.sanitizedQuery);
+            res.locals['payload'] = { data: items };
+        }
+        else {
+            const item = await service.readOne(savedKeys[0], req.sanitizedQuery);
+            res.locals['payload'] = { data: item };
+        }
+    }
+    catch (error) {
+        if (isDirectusError(error, ErrorCode.Forbidden)) {
+            return next();
+        }
+        throw error;
+    }
+    return next();
+}), respond);
+const readHandler = asyncHandler(async (req, res, next) => {
+    const service = new AccessService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
+    const metaService = new MetaService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
+    let result;
+    if (req.body.keys) {
+        result = await service.readMany(req.body.keys, req.sanitizedQuery);
+    }
+    else {
+        result = await service.readByQuery(req.sanitizedQuery);
+    }
+    const meta = await metaService.getMetaForQuery('directus_access', req.sanitizedQuery);
+    res.locals['payload'] = { data: result, meta };
+    return next();
+});
+router.get('/', validateBatch('read'), readHandler, respond);
+router.search('/', validateBatch('read'), readHandler, respond);
+router.get('/:pk', asyncHandler(async (req, res, next) => {
+    if (req.path.endsWith('me'))
+        return next();
+    const service = new AccessService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
+    const record = await service.readOne(req.params['pk'], req.sanitizedQuery);
+    res.locals['payload'] = { data: record };
+    return next();
+}), respond);
+router.patch('/', validateBatch('update'), asyncHandler(async (req, res, next) => {
+    const service = new AccessService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
+    let keys = [];
+    if (Array.isArray(req.body)) {
+        keys = await service.updateBatch(req.body);
+    }
+    else if (req.body.keys) {
+        keys = await service.updateMany(req.body.keys, req.body.data);
+    }
+    else {
+        const sanitizedQuery = sanitizeQuery(req.body.query, req.accountability);
+        keys = await service.updateByQuery(sanitizedQuery, req.body.data);
+    }
+    try {
+        const result = await service.readMany(keys, req.sanitizedQuery);
+        res.locals['payload'] = { data: result };
+    }
+    catch (error) {
+        if (isDirectusError(error, ErrorCode.Forbidden)) {
+            return next();
+        }
+        throw error;
+    }
+    return next();
+}), respond);
+router.patch('/:pk', asyncHandler(async (req, res, next) => {
+    const service = new AccessService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
+    const primaryKey = await service.updateOne(req.params['pk'], req.body);
+    try {
+        const item = await service.readOne(primaryKey, req.sanitizedQuery);
+        res.locals['payload'] = { data: item || null };
+    }
+    catch (error) {
+        if (isDirectusError(error, ErrorCode.Forbidden)) {
+            return next();
+        }
+        throw error;
+    }
+    return next();
+}), respond);
+router.delete('/', validateBatch('delete'), asyncHandler(async (req, _res, next) => {
+    const service = new AccessService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
+    if (Array.isArray(req.body)) {
+        await service.deleteMany(req.body);
+    }
+    else if (req.body.keys) {
+        await service.deleteMany(req.body.keys);
+    }
+    else {
+        const sanitizedQuery = sanitizeQuery(req.body.query, req.accountability);
+        await service.deleteByQuery(sanitizedQuery);
+    }
+    return next();
+}), respond);
+router.delete('/:pk', asyncHandler(async (req, _res, next) => {
+    const service = new AccessService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
+    await service.deleteOne(req.params['pk']);
+    return next();
+}), respond);
+export default router;

package/dist/controllers/auth.js CHANGED Viewed

@@ -5,6 +5,7 @@ import { createLDAPAuthRouter, createLocalAuthRouter, createOAuth2AuthRouter, cr
 import { DEFAULT_AUTH_PROVIDER, REFRESH_COOKIE_OPTIONS, SESSION_COOKIE_OPTIONS } from '../constants.js';
 import { useLogger } from '../logger/index.js';
 import { respond } from '../middleware/respond.js';
+import { createDefaultAccountability } from '../permissions/utils/create-default-accountability.js';
 import { AuthenticationService } from '../services/authentication.js';
 import { UsersService } from '../services/users.js';
 import asyncHandler from '../utils/async-handler.js';
@@ -71,10 +72,7 @@ function getCurrentRefreshToken(req, mode) {
     return undefined;
 }
 router.post('/refresh', asyncHandler(async (req, res, next) => {
-    const accountability = {
-        ip: getIPFromReq(req),
-        role: null,
-    };
+    const accountability = createDefaultAccountability({ ip: getIPFromReq(req) });
     const userAgent = req.get('user-agent')?.substring(0, 1024);
     if (userAgent)
         accountability.userAgent = userAgent;
@@ -111,10 +109,7 @@ router.post('/refresh', asyncHandler(async (req, res, next) => {
     return next();
 }), respond);
 router.post('/logout', asyncHandler(async (req, res, next) => {
-    const accountability = {
-        ip: getIPFromReq(req),
-        role: null,
-    };
+    const accountability = createDefaultAccountability({ ip: getIPFromReq(req) });
     const userAgent = req.get('user-agent')?.substring(0, 1024);
     if (userAgent)
         accountability.userAgent = userAgent;
@@ -145,10 +140,7 @@ router.post('/password/request', asyncHandler(async (req, _res, next) => {
     if (typeof req.body.email !== 'string') {
         throw new InvalidPayloadError({ reason: `"email" field is required` });
     }
-    const accountability = {
-        ip: getIPFromReq(req),
-        role: null,
-    };
+    const accountability = createDefaultAccountability({ ip: getIPFromReq(req) });
     const userAgent = req.get('user-agent')?.substring(0, 1024);
     if (userAgent)
         accountability.userAgent = userAgent;
@@ -177,10 +169,7 @@ router.post('/password/reset', asyncHandler(async (req, _res, next) => {
     if (typeof req.body.password !== 'string') {
         throw new InvalidPayloadError({ reason: `"password" field is required` });
     }
-    const accountability = {
-        ip: getIPFromReq(req),
-        role: null,
-    };
+    const accountability = createDefaultAccountability({ ip: getIPFromReq(req) });
     const userAgent = req.get('user-agent')?.substring(0, 1024);
     if (userAgent)
         accountability.userAgent = userAgent;

package/dist/controllers/permissions.js CHANGED Viewed

@@ -1,10 +1,12 @@
-import { ErrorCode, isDirectusError } from '@directus/errors';
+import { ErrorCode, ForbiddenError, isDirectusError } from '@directus/errors';
 import express from 'express';
+import getDatabase from '../database/index.js';
 import { respond } from '../middleware/respond.js';
 import useCollection from '../middleware/use-collection.js';
 import { validateBatch } from '../middleware/validate-batch.js';
+import { fetchAccountabilityCollectionAccess } from '../permissions/modules/fetch-accountability-collection-access/fetch-accountability-collection-access.js';
 import { MetaService } from '../services/meta.js';
-import { PermissionsService } from '../services/permissions/index.js';
+import { PermissionsService } from '../services/permissions.js';
 import asyncHandler from '../utils/async-handler.js';
 import { sanitizeQuery } from '../utils/sanitize-query.js';
 const router = express.Router();
@@ -69,6 +71,16 @@ const readHandler = asyncHandler(async (req, res, next) => {
 });
 router.get('/', validateBatch('read'), readHandler, respond);
 router.search('/', validateBatch('read'), readHandler, respond);
+router.get('/me', asyncHandler(async (req, res, next) => {
+    if (!req.accountability?.user && !req.accountability?.role)
+        throw new ForbiddenError();
+    const result = await fetchAccountabilityCollectionAccess(req.accountability, {
+        schema: req.schema,
+        knex: getDatabase(),
+    });
+    res.locals['payload'] = { data: result };
+    return next();
+}), respond);
 router.get('/:pk', asyncHandler(async (req, res, next) => {
     if (req.path.endsWith('me'))
         return next();

package/dist/controllers/policies.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ declare const router: import("express-serve-static-core").Router;
2	+ export default router;