@directus/api 23.0.0 → 23.1.1

package/dist/services/comments.js

@@ -0,0 +1,378 @@
+import { Action } from '@directus/constants';
+import { useEnv } from '@directus/env';
+import { ErrorCode, ForbiddenError, InvalidPayloadError, isDirectusError } from '@directus/errors';
+import { cloneDeep, mergeWith, uniq } from 'lodash-es';
+import { randomUUID } from 'node:crypto';
+import { useLogger } from '../logger/index.js';
+import { fetchRolesTree } from '../permissions/lib/fetch-roles-tree.js';
+import { fetchGlobalAccess } from '../permissions/modules/fetch-global-access/fetch-global-access.js';
+import { validateAccess } from '../permissions/modules/validate-access/validate-access.js';
+import { isValidUuid } from '../utils/is-valid-uuid.js';
+import { transaction } from '../utils/transaction.js';
+import { Url } from '../utils/url.js';
+import { userName } from '../utils/user-name.js';
+import { ActivityService } from './activity.js';
+import { ItemsService } from './items.js';
+import { NotificationsService } from './notifications.js';
+import { UsersService } from './users.js';
+const env = useEnv();
+const logger = useLogger();
+// TODO: Remove legacy comments logic
+export class CommentsService extends ItemsService {
+    activityService;
+    notificationsService;
+    usersService;
+    serviceOrigin;
+    constructor(options) {
+        super('directus_comments', options);
+        this.activityService = new ActivityService(options);
+        this.notificationsService = new NotificationsService({ schema: this.schema });
+        this.usersService = new UsersService({ schema: this.schema });
+        this.serviceOrigin = options.serviceOrigin ?? 'comments';
+    }
+    readOne(key, query, opts) {
+        const isLegacyComment = isNaN(Number(key));
+        let result;
+        if (isLegacyComment) {
+            const activityQuery = this.serviceOrigin === 'activity' ? query : this.generateQuery('activity', query || {});
+            result = this.activityService.readOne(key, activityQuery, opts);
+        }
+        else {
+            const commentsQuery = this.serviceOrigin === 'comments' ? query : this.generateQuery('comments', query || {});
+            result = super.readOne(key, commentsQuery, opts);
+        }
+        return result;
+    }
+    async readByQuery(query, opts) {
+        const activityQuery = this.serviceOrigin === 'activity' ? query : this.generateQuery('activity', query);
+        const commentsQuery = this.serviceOrigin === 'comments' ? query : this.generateQuery('comments', query);
+        const activityResult = await this.activityService.readByQuery(activityQuery, opts);
+        const commentsResult = await super.readByQuery(commentsQuery, opts);
+        if (query.aggregate) {
+            // Merging the first result only as the app does not utilise group
+            return [
+                mergeWith({}, activityResult[0], commentsResult[0], (a, b) => {
+                    const numA = Number(a);
+                    const numB = Number(b);
+                    if (!isNaN(numA) && !isNaN(numB)) {
+                        return numA + numB;
+                    }
+                    return;
+                }),
+            ];
+        }
+        else if (query.sort) {
+            return this.sortLegacyResults([...activityResult, ...commentsResult], query.sort);
+        }
+        else {
+            return [...activityResult, ...commentsResult];
+        }
+    }
+    async readMany(keys, query, opts) {
+        const commentsKeys = [];
+        const activityKeys = [];
+        for (const key of keys) {
+            if (isNaN(Number(key))) {
+                commentsKeys.push(key);
+            }
+            else {
+                activityKeys.push(key);
+            }
+        }
+        const activityQuery = this.serviceOrigin === 'activity' ? query : this.generateQuery('activity', query || {});
+        const commentsQuery = this.serviceOrigin === 'comments' ? query : this.generateQuery('comments', query || {});
+        const activityResult = await this.activityService.readMany(activityKeys, activityQuery, opts);
+        const commentsResult = await super.readMany(commentsKeys, commentsQuery, opts);
+        if (query?.sort) {
+            return this.sortLegacyResults([...activityResult, ...commentsResult], query.sort);
+        }
+        else {
+            return [...activityResult, ...commentsResult];
+        }
+    }
+    async createOne(data, opts) {
+        if (!data['comment']) {
+            throw new InvalidPayloadError({ reason: `"comment" is required` });
+        }
+        if (!data['collection']) {
+            throw new InvalidPayloadError({ reason: `"collection" is required` });
+        }
+        if (!data['item']) {
+            throw new InvalidPayloadError({ reason: `"item" is required` });
+        }
+        if (this.accountability) {
+            await validateAccess({
+                accountability: this.accountability,
+                action: 'read',
+                collection: data['collection'],
+                primaryKeys: [data['item']],
+            }, {
+                schema: this.schema,
+                knex: this.knex,
+            });
+        }
+        const usersRegExp = new RegExp(/@[0-9A-F]{8}-[0-9A-F]{4}-4[0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}/gi);
+        const mentions = uniq(data['comment'].match(usersRegExp) ?? []);
+        const sender = await this.usersService.readOne(this.accountability.user, {
+            fields: ['id', 'first_name', 'last_name', 'email'],
+        });
+        for (const mention of mentions) {
+            const userID = mention.substring(1);
+            const user = await this.usersService.readOne(userID, {
+                fields: ['id', 'first_name', 'last_name', 'email', 'role.id'],
+            });
+            const accountability = {
+                user: userID,
+                role: user['role']?.id ?? null,
+                admin: false,
+                app: false,
+                roles: await fetchRolesTree(user['role']?.id ?? null, this.knex),
+                ip: null,
+            };
+            const userGlobalAccess = await fetchGlobalAccess(accountability, this.knex);
+            accountability.admin = userGlobalAccess.admin;
+            accountability.app = userGlobalAccess.app;
+            const usersService = new UsersService({ schema: this.schema, accountability });
+            try {
+                await validateAccess({
+                    accountability,
+                    action: 'read',
+                    collection: data['collection'],
+                    primaryKeys: [data['item']],
+                }, {
+                    schema: this.schema,
+                    knex: this.knex,
+                });
+                const templateData = await usersService.readByQuery({
+                    fields: ['id', 'first_name', 'last_name', 'email'],
+                    filter: { id: { _in: mentions.map((mention) => mention.substring(1)) } },
+                });
+                const userPreviews = templateData.reduce((acc, user) => {
+                    acc[user['id']] = `<em>${userName(user)}</em>`;
+                    return acc;
+                }, {});
+                let comment = data['comment'];
+                for (const mention of mentions) {
+                    const uuid = mention.substring(1);
+                    // We only match on UUIDs in the first place. This is just an extra sanity check.
+                    if (isValidUuid(uuid) === false)
+                        continue;
+                    comment = comment.replace(new RegExp(mention, 'gm'), userPreviews[uuid] ?? '@Unknown User');
+                }
+                comment = `> ${comment.replace(/\n+/gm, '\n> ')}`;
+                const href = new Url(env['PUBLIC_URL'])
+                    .addPath('admin', 'content', data['collection'], data['item'])
+                    .toString();
+                const message = `
+Hello ${userName(user)},
+
+${userName(sender)} has mentioned you in a comment:
+
+${comment}
+
+<a href="${href}">Click here to view.</a>
+`;
+                await this.notificationsService.createOne({
+                    recipient: userID,
+                    sender: sender['id'],
+                    subject: `You were mentioned in ${data['collection']}`,
+                    message,
+                    collection: data['collection'],
+                    item: data['item'],
+                });
+            }
+            catch (err) {
+                if (isDirectusError(err, ErrorCode.Forbidden)) {
+                    logger.warn(`User ${userID} doesn't have proper permissions to receive notification for this item.`);
+                }
+                else {
+                    throw err;
+                }
+            }
+        }
+        return super.createOne(data, opts);
+    }
+    async updateByQuery(query, data, opts) {
+        const keys = await this.getKeysByQuery(query);
+        const migratedKeys = await this.processPrimaryKeys(keys);
+        return super.updateMany(migratedKeys, data, opts);
+    }
+    async updateMany(keys, data, opts) {
+        const migratedKeys = await this.processPrimaryKeys(keys);
+        return super.updateMany(migratedKeys, data, opts);
+    }
+    async updateOne(key, data, opts) {
+        const migratedKey = await this.migrateLegacyComment(key);
+        return super.updateOne(migratedKey, data, opts);
+    }
+    async deleteByQuery(query, opts) {
+        const keys = await this.getKeysByQuery(query);
+        const migratedKeys = await this.processPrimaryKeys(keys);
+        return super.deleteMany(migratedKeys, opts);
+    }
+    async deleteMany(keys, opts) {
+        const migratedKeys = await this.processPrimaryKeys(keys);
+        return super.deleteMany(migratedKeys, opts);
+    }
+    async deleteOne(key, opts) {
+        const migratedKey = await this.migrateLegacyComment(key);
+        return super.deleteOne(migratedKey, opts);
+    }
+    async processPrimaryKeys(keys) {
+        const migratedKeys = [];
+        for (const key of keys) {
+            if (isNaN(Number(key))) {
+                migratedKeys.push(key);
+                continue;
+            }
+            migratedKeys.push(await this.migrateLegacyComment(key));
+        }
+        return migratedKeys;
+    }
+    async migrateLegacyComment(activityPk) {
+        // Skip migration if not a legacy comment
+        if (isNaN(Number(activityPk))) {
+            return activityPk;
+        }
+        return transaction(this.knex, async (trx) => {
+            let primaryKey;
+            const legacyComment = await trx('directus_activity').select('*').where('id', '=', activityPk).first();
+            // Legacy comment
+            if (legacyComment['action'] === Action.COMMENT) {
+                primaryKey = randomUUID();
+                await trx('directus_comments').insert({
+                    id: primaryKey,
+                    collection: legacyComment.collection,
+                    item: legacyComment.item,
+                    comment: legacyComment.comment,
+                    user_created: legacyComment.user,
+                    date_created: legacyComment.timestamp,
+                });
+                await trx('directus_activity')
+                    .update({
+                    action: Action.CREATE,
+                    collection: 'directus_comments',
+                    item: primaryKey,
+                    comment: null,
+                })
+                    .where('id', '=', activityPk);
+            }
+            // Migrated comment
+            else if (legacyComment.collection === 'directus_comment' && legacyComment.action === Action.CREATE) {
+                primaryKey = legacyComment.item;
+            }
+            if (!primaryKey) {
+                throw new ForbiddenError();
+            }
+            return primaryKey;
+        });
+    }
+    generateQuery(type, originalQuery) {
+        const query = cloneDeep(originalQuery);
+        const defaultActivityCommentFilter = { action: { _eq: Action.COMMENT } };
+        const commentsToActivityFieldMap = {
+            id: 'id',
+            comment: 'comment',
+            item: 'item',
+            collection: 'collection',
+            user_created: 'user',
+            date_created: 'timestamp',
+        };
+        const activityToCommentsFieldMap = {
+            id: 'id',
+            comment: 'comment',
+            item: 'item',
+            collection: 'collection',
+            user: 'user_created',
+            timestamp: 'date_created',
+        };
+        const targetFieldMap = type === 'activity' ? commentsToActivityFieldMap : activityToCommentsFieldMap;
+        for (const key of Object.keys(originalQuery)) {
+            switch (key) {
+                case 'fields':
+                    if (!originalQuery.fields)
+                        break;
+                    query.fields = [];
+                    for (const field of originalQuery.fields) {
+                        if (field === '*') {
+                            query.fields = ['*'];
+                            break;
+                        }
+                        const parts = field.split('.');
+                        const firstPart = parts[0];
+                        if (firstPart && targetFieldMap[firstPart]) {
+                            query.fields.push(field);
+                            if (firstPart !== targetFieldMap[firstPart]) {
+                                (query.alias = query.alias || {})[firstPart] = targetFieldMap[firstPart];
+                            }
+                        }
+                    }
+                    break;
+                case 'filter':
+                    if (!originalQuery.filter)
+                        break;
+                    if (type === 'activity') {
+                        query.filter = { _and: [defaultActivityCommentFilter, originalQuery.filter] };
+                    }
+                    if (type === 'comments' && this.serviceOrigin === 'activity') {
+                        if ('_and' in originalQuery.filter && Array.isArray(originalQuery.filter['_and'])) {
+                            query.filter = {
+                                _and: originalQuery.filter['_and'].filter((andItem) => !('action' in andItem && '_eq' in andItem['action'] && andItem['action']['_eq'] === 'comment')),
+                            };
+                        }
+                        else {
+                            query.filter = originalQuery.filter;
+                        }
+                    }
+                    break;
+                case 'aggregate':
+                    if (originalQuery.aggregate) {
+                        query.aggregate = originalQuery.aggregate;
+                    }
+                    break;
+                case 'sort':
+                    if (!originalQuery.sort)
+                        break;
+                    query.sort = [];
+                    for (const sort of originalQuery.sort) {
+                        const isDescending = sort.startsWith('-');
+                        const field = isDescending ? sort.slice(1) : sort;
+                        if (field && targetFieldMap[field]) {
+                            query.sort.push(`${isDescending ? '-' : ''}${targetFieldMap[field]}`);
+                        }
+                    }
+                    break;
+            }
+        }
+        if (type === 'activity' && !query.filter) {
+            query.filter = defaultActivityCommentFilter;
+        }
+        return query;
+    }
+    sortLegacyResults(results, sort) {
+        if (!sort)
+            return results;
+        let sortKeys = sort;
+        // Fix legacy app sort query which uses id
+        if (sortKeys.length === 1 && sortKeys[0]?.endsWith('id') && results[0]?.['timestamp']) {
+            sortKeys = [`${sortKeys[0].startsWith('-') ? '-' : ''}timestamp`];
+        }
+        return results.sort((a, b) => {
+            for (const key of sortKeys) {
+                const isDescending = key.startsWith('-');
+                const actualKey = isDescending ? key.substring(1) : key;
+                let aValue = a[actualKey];
+                let bValue = b[actualKey];
+                if (actualKey === 'date_created' || actualKey === 'timestamp') {
+                    aValue = new Date(aValue);
+                    bValue = new Date(bValue);
+                }
+                if (aValue < bValue)
+                    return isDescending ? 1 : -1;
+                if (aValue > bValue)
+                    return isDescending ? -1 : 1;
+            }
+            return 0;
+        });
+    }
+}

package/dist/services/graphql/index.js

@@ -1,4 +1,4 @@
-import { Action, FUNCTIONS } from '@directus/constants';
+import { FUNCTIONS } from '@directus/constants';
 import { useEnv } from '@directus/env';
 import { ErrorCode, ForbiddenError, InvalidPayloadError, isDirectusError } from '@directus/errors';
 import { isSystemCollection } from '@directus/system-data';
@@ -11,6 +11,8 @@ import { clearSystemCache, getCache } from '../../cache.js';
 import { DEFAULT_AUTH_PROVIDER, GENERATE_SPECIAL, REFRESH_COOKIE_OPTIONS, SESSION_COOKIE_OPTIONS, } from '../../constants.js';
 import getDatabase from '../../database/index.js';
 import { rateLimiter } from '../../middleware/rate-limiter-registration.js';
+import { fetchAccountabilityCollectionAccess } from '../../permissions/modules/fetch-accountability-collection-access/fetch-accountability-collection-access.js';
+import { fetchAccountabilityPolicyGlobals } from '../../permissions/modules/fetch-accountability-policy-globals/fetch-accountability-policy-globals.js';
 import { fetchAllowedFieldMap } from '../../permissions/modules/fetch-allowed-field-map/fetch-allowed-field-map.js';
 import { fetchInconsistentFieldMap } from '../../permissions/modules/fetch-inconsistent-field-map/fetch-inconsistent-field-map.js';
 import { createDefaultAccountability } from '../../permissions/utils/create-default-accountability.js';
@@ -25,14 +27,15 @@ import { mergeVersionsRaw, mergeVersionsRecursive } from '../../utils/merge-vers
 import { reduceSchema } from '../../utils/reduce-schema.js';
 import { sanitizeQuery } from '../../utils/sanitize-query.js';
 import { validateQuery } from '../../utils/validate-query.js';
-import { ActivityService } from '../activity.js';
 import { AuthenticationService } from '../authentication.js';
 import { CollectionsService } from '../collections.js';
+import { CommentsService } from '../comments.js';
 import { ExtensionsService } from '../extensions.js';
 import { FieldsService } from '../fields.js';
 import { FilesService } from '../files.js';
 import { RelationsService } from '../relations.js';
 import { RevisionsService } from '../revisions.js';
+import { RolesService } from '../roles.js';
 import { ServerService } from '../server.js';
 import { SpecificationService } from '../specifications.js';
 import { TFAService } from '../tfa.js';
@@ -51,9 +54,6 @@ import { GraphQLVoid } from './types/void.js';
 import { addPathToValidationError } from './utils/add-path-to-validation-error.js';
 import processError from './utils/process-error.js';
 import { sanitizeGraphqlSchema } from './utils/sanitize-gql-schema.js';
-import { fetchAccountabilityCollectionAccess } from '../../permissions/modules/fetch-accountability-collection-access/fetch-accountability-collection-access.js';
-import { fetchAccountabilityPolicyGlobals } from '../../permissions/modules/fetch-accountability-policy-globals/fetch-accountability-policy-globals.js';
-import { RolesService } from '../roles.js';
 const env = useEnv();
 const validationRules = Array.from(specifiedRules);
 if (env['GRAPHQL_INTROSPECTION'] === false) {
@@ -2313,6 +2313,9 @@ export class GraphQLService {
                         max_length: GraphQLInt,
                         numeric_precision: GraphQLInt,
                         numeric_scale: GraphQLInt,
+                        is_generated: GraphQLBoolean,
+                        generation_expression: GraphQLString,
+                        is_indexed: GraphQLBoolean,
                         is_nullable: GraphQLBoolean,
                         is_unique: GraphQLBoolean,
                         is_primary_key: GraphQLBoolean,
@@ -2771,17 +2774,13 @@ export class GraphQLService {
                         comment: new GraphQLNonNull(GraphQLString),
                     },
                     resolve: async (_, args, __, info) => {
-                        const service = new ActivityService({
+                        const service = new CommentsService({
                             accountability: this.accountability,
                             schema: this.schema,
+                            serviceOrigin: 'activity',
                         });
                         const primaryKey = await service.createOne({
                             ...args,
-                            action: Action.COMMENT,
-                            user: this.accountability?.user,
-                            ip: this.accountability?.ip,
-                            user_agent: this.accountability?.userAgent,
-                            origin: this.accountability?.origin,
                         });
                         if ('directus_activity' in ReadCollectionTypes) {
                             const selections = this.replaceFragmentsInSelections(info.fieldNodes[0]?.selectionSet?.selections, info.fragments);
@@ -2802,15 +2801,16 @@ export class GraphQLService {
                         comment: new GraphQLNonNull(GraphQLString),
                     },
                     resolve: async (_, args, __, info) => {
-                        const service = new ActivityService({
+                        const commentsService = new CommentsService({
                             accountability: this.accountability,
                             schema: this.schema,
+                            serviceOrigin: 'activity',
                         });
-                        const primaryKey = await service.updateOne(args['id'], { comment: args['comment'] });
+                        const primaryKey = await commentsService.updateOne(args['id'], { comment: args['comment'] });
                         if ('directus_activity' in ReadCollectionTypes) {
                             const selections = this.replaceFragmentsInSelections(info.fieldNodes[0]?.selectionSet?.selections, info.fragments);
                             const query = this.getQuery(args, selections || [], info.variableValues);
-                            return await service.readOne(primaryKey, query);
+                            return { ...(await commentsService.readOne(primaryKey, query)), id: args['id'] };
                         }
                         return true;
                     },
@@ -2825,11 +2825,12 @@ export class GraphQLService {
                         id: new GraphQLNonNull(GraphQLID),
                     },
                     resolve: async (_, args) => {
-                        const service = new ActivityService({
+                        const commentsService = new CommentsService({
                             accountability: this.accountability,
                             schema: this.schema,
+                            serviceOrigin: 'activity',
                         });
-                        await service.deleteOne(args['id']);
+                        await commentsService.deleteOne(args['id']);
                         return { id: args['id'] };
                     },
                 },

package/dist/services/index.d.ts

@@ -3,6 +3,7 @@ export * from './activity.js';
 export * from './assets.js';
 export * from './authentication.js';
 export * from './collections.js';
+export * from './comments.js';
 export * from './dashboards.js';
 export * from './extensions.js';
 export * from './fields.js';

package/dist/services/index.js

@@ -3,6 +3,7 @@ export * from './activity.js';
 export * from './assets.js';
 export * from './authentication.js';
 export * from './collections.js';
+export * from './comments.js';
 export * from './dashboards.js';
 export * from './extensions.js';
 export * from './fields.js';

package/dist/services/items.js

@@ -543,6 +543,7 @@ export class ItemsService {
                 action: 'update',
                 collection: this.collection,
                 primaryKeys: keys,
+                fields: Object.keys(payloadAfterHooks),
             }, {
                 schema: this.schema,
                 knex: this.knex,
@@ -706,7 +707,8 @@ export class ItemsService {
                 .where({ [primaryKeyField]: primaryKey })
                 .first());
         if (exists) {
-            return await this.updateOne(primaryKey, payload, opts);
+            const { [primaryKeyField]: _, ...data } = payload;
+            return await this.updateOne(primaryKey, data, opts);
         }
         else {
             return await this.createOne(payload, opts);

package/dist/services/mail/index.d.ts

@@ -2,7 +2,8 @@ import type { Accountability, SchemaOverview } from '@directus/types';
 import type { Knex } from 'knex';
 import type { SendMailOptions, Transporter } from 'nodemailer';
 import type { AbstractServiceOptions } from '../../types/index.js';
-export type EmailOptions = SendMailOptions & {
+export type EmailOptions = Omit<SendMailOptions, 'from'> & {
+    from?: string;
     template?: {
         name: string;
         data: Record<string, any>;

package/dist/services/mail/index.js

@@ -42,7 +42,10 @@ export class MailService {
         const { template, ...emailOptions } = payload;
         let { html } = options;
         const defaultTemplateData = await this.getDefaultTemplateData();
-        const from = `${defaultTemplateData.projectName} <${options.from || env['EMAIL_FROM']}>`;
+        const from = {
+            name: defaultTemplateData.projectName,
+            address: options.from || env['EMAIL_FROM'],
+        };
         if (template) {
             let templateData = template.data;
             templateData = {

package/dist/services/payload.js

@@ -3,7 +3,7 @@ import { parseJSON, toArray } from '@directus/utils';
 import { format, isValid, parseISO } from 'date-fns';
 import { unflatten } from 'flat';
 import Joi from 'joi';
-import { clone, cloneDeep, isNil, isObject, isPlainObject, omit, pick } from 'lodash-es';
+import { clone, cloneDeep, isNil, isObject, isPlainObject, pick } from 'lodash-es';
 import { randomUUID } from 'node:crypto';
 import { parse as wktToGeoJSON } from 'wellknown';
 import { getHelpers } from '../database/helpers/index.js';
@@ -347,22 +347,22 @@ export class PayloadService {
                 knex: this.knex,
                 schema: this.schema,
             });
-            const relatedPrimary = this.schema.collections[relatedCollection].primary;
+            const relatedPrimaryKeyField = this.schema.collections[relatedCollection].primary;
             const relatedRecord = payload[relation.field];
             if (['string', 'number'].includes(typeof relatedRecord))
                 continue;
-            const hasPrimaryKey = relatedPrimary in relatedRecord;
-            let relatedPrimaryKey = relatedRecord[relatedPrimary];
+            const hasPrimaryKey = relatedPrimaryKeyField in relatedRecord;
+            let relatedPrimaryKey = relatedRecord[relatedPrimaryKeyField];
             const exists = hasPrimaryKey &&
                 !!(await this.knex
-                    .select(relatedPrimary)
+                    .select(relatedPrimaryKeyField)
                     .from(relatedCollection)
-                    .where({ [relatedPrimary]: relatedPrimaryKey })
+                    .where({ [relatedPrimaryKeyField]: relatedPrimaryKey })
                     .first());
             if (exists) {
-                const fieldsToUpdate = omit(relatedRecord, relatedPrimary);
-                if (Object.keys(fieldsToUpdate).length > 0) {
-                    await service.updateOne(relatedPrimaryKey, relatedRecord, {
+                const { [relatedPrimaryKeyField]: _, ...record } = relatedRecord;
+                if (Object.keys(record).length > 0) {
+                    await service.updateOne(relatedPrimaryKey, record, {
                         onRevisionCreate: (pk) => revisions.push(pk),
                         onRequireUserIntegrityCheck: (flags) => (userIntegrityCheckFlags |= flags),
                         bypassEmitAction: (params) => opts?.bypassEmitAction ? opts.bypassEmitAction(params) : nestedActionEvents.push(params),
@@ -425,9 +425,9 @@ export class PayloadService {
                     .where({ [relatedPrimaryKeyField]: relatedPrimaryKey })
                     .first());
             if (exists) {
-                const fieldsToUpdate = omit(relatedRecord, relatedPrimaryKeyField);
-                if (Object.keys(fieldsToUpdate).length > 0) {
-                    await service.updateOne(relatedPrimaryKey, relatedRecord, {
+                const { [relatedPrimaryKeyField]: _, ...record } = relatedRecord;
+                if (Object.keys(record).length > 0) {
+                    await service.updateOne(relatedPrimaryKey, record, {
                         onRevisionCreate: (pk) => revisions.push(pk),
                         onRequireUserIntegrityCheck: (flags) => (userIntegrityCheckFlags |= flags),
                         bypassEmitAction: (params) => opts?.bypassEmitAction ? opts.bypassEmitAction(params) : nestedActionEvents.push(params),
@@ -610,8 +610,9 @@ export class PayloadService {
                 if (alterations.update) {
                     const primaryKeyField = this.schema.collections[relation.collection].primary;
                     for (const item of alterations.update) {
-                        await service.updateOne(item[primaryKeyField], {
-                            ...item,
+                        const { [primaryKeyField]: key, ...record } = item;
+                        await service.updateOne(key, {
+                            ...record,
                             [relation.field]: parent || payload[currentPrimaryKeyField],
                         }, {
                             onRevisionCreate: (pk) => revisions.push(pk),

package/dist/services/shares.d.ts

@@ -4,6 +4,8 @@ import { ItemsService } from './items.js';
 export declare class SharesService extends ItemsService {
     constructor(options: AbstractServiceOptions);
     createOne(data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey>;
+    updateMany(keys: PrimaryKey[], data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey[]>;
+    deleteMany(keys: PrimaryKey[], opts?: MutationOptions): Promise<PrimaryKey[]>;
     login(payload: Record<string, any>, options?: Partial<{
         session: boolean;
     }>): Promise<Omit<LoginResult, 'id'>>;