@directus/api 31.0.0 → 32.0.0

package/dist/app.js

@@ -64,6 +64,7 @@ import metricsSchedule from './schedules/metrics.js';
 import retentionSchedule from './schedules/retention.js';
 import telemetrySchedule from './schedules/telemetry.js';
 import tusSchedule from './schedules/tus.js';
+import projectSchedule from './schedules/project.js';
 import { getConfigFromEnv } from './utils/get-config-from-env.js';
 import { Url } from './utils/url.js';
 import { validateStorage } from './utils/validate-storage.js';
@@ -262,6 +263,7 @@ export default async function createApp() {
     await telemetrySchedule();
     await tusSchedule();
     await metricsSchedule();
+    await projectSchedule();
     await emitter.emitInit('app.after', { app });
     return app;
 }

package/dist/auth/auth.d.ts

@@ -1,10 +1,11 @@
 import type { SchemaOverview } from '@directus/types';
 import type { Knex } from 'knex';
+import { UsersService } from '../services/users.js';
 import type { AuthDriverOptions, User } from '../types/index.js';
 export declare abstract class AuthDriver {
     knex: Knex;
-    schema: SchemaOverview;
     constructor(options: AuthDriverOptions, _config: Record<string, any>);
+    protected getUsersService(schema: SchemaOverview): UsersService;
     /**
      * Get user id for a given provider payload
      *

package/dist/auth/auth.js

@@ -1,9 +1,14 @@
+import { UsersService } from '../services/users.js';
 export class AuthDriver {
     knex;
-    schema;
     constructor(options, _config) {
         this.knex = options.knex;
-        this.schema = options.schema;
+    }
+    getUsersService(schema) {
+        return new UsersService({
+            knex: this.knex,
+            schema,
+        });
     }
     /**
      * Check with the (external) provider if the user is allowed entry to Directus

package/dist/auth/drivers/ldap.d.ts

@@ -1,11 +1,9 @@
 import { Router } from 'express';
 import type { Client } from 'ldapjs';
-import { UsersService } from '../../services/users.js';
 import type { AuthDriverOptions, User } from '../../types/index.js';
 import { AuthDriver } from '../auth.js';
 export declare class LDAPAuthDriver extends AuthDriver {
     bindClient: Client;
-    usersService: UsersService;
     config: Record<string, any>;
     constructor(options: AuthDriverOptions, config: Record<string, any>);
     private validateBindClient;

package/dist/auth/drivers/ldap.js

@@ -10,17 +10,16 @@ import { useLogger } from '../../logger/index.js';
 import { respond } from '../../middleware/respond.js';
 import { createDefaultAccountability } from '../../permissions/utils/create-default-accountability.js';
 import { AuthenticationService } from '../../services/authentication.js';
-import { UsersService } from '../../services/users.js';
 import asyncHandler from '../../utils/async-handler.js';
 import { getIPFromReq } from '../../utils/get-ip-from-req.js';
 import { AuthDriver } from '../auth.js';
+import { getSchema } from '../../utils/get-schema.js';
 // 0x2: ACCOUNTDISABLE
 // 0x10: LOCKOUT
 // 0x800000: PASSWORD_EXPIRED
 const INVALID_ACCOUNT_FLAGS = 0x800012;
 export class LDAPAuthDriver extends AuthDriver {
     bindClient;
-    usersService;
     config;
     constructor(options, config) {
         super(options, config);
@@ -39,7 +38,6 @@ export class LDAPAuthDriver extends AuthDriver {
         this.bindClient.on('error', (err) => {
             logger.warn(err);
         });
-        this.usersService = new UsersService({ knex: this.knex, schema: this.schema });
         this.config = config;
     }
     async validateBindClient() {
@@ -216,9 +214,11 @@ export class LDAPAuthDriver extends AuthDriver {
                     email: userInfo.email,
                 };
             }
-            const updatedUserPayload = await emitter.emitFilter(`auth.update`, emitPayload, { identifier: userInfo.dn, provider: this.config['provider'], providerPayload: { userInfo, userRole } }, { database: getDatabase(), schema: this.schema, accountability: null });
+            const schema = await getSchema();
+            const updatedUserPayload = await emitter.emitFilter(`auth.update`, emitPayload, { identifier: userInfo.dn, provider: this.config['provider'], providerPayload: { userInfo, userRole } }, { database: getDatabase(), schema, accountability: null });
             // Update user to update properties that might have changed
-            await this.usersService.updateOne(userId, updatedUserPayload);
+            const usersService = this.getUsersService(schema);
+            await usersService.updateOne(userId, updatedUserPayload);
             return userId;
         }
         if (!userInfo) {
@@ -232,11 +232,13 @@ export class LDAPAuthDriver extends AuthDriver {
             external_identifier: userInfo.dn,
             role: userRole?.id ?? defaultRoleId,
         };
+        const schema = await getSchema();
         // Run hook so the end user has the chance to augment the
         // user that is about to be created
-        const updatedUserPayload = await emitter.emitFilter(`auth.create`, userPayload, { identifier: userInfo.dn, provider: this.config['provider'], providerPayload: { userInfo, userRole } }, { database: getDatabase(), schema: this.schema, accountability: null });
+        const updatedUserPayload = await emitter.emitFilter(`auth.create`, userPayload, { identifier: userInfo.dn, provider: this.config['provider'], providerPayload: { userInfo, userRole } }, { database: getDatabase(), schema, accountability: null });
         try {
-            await this.usersService.createOne(updatedUserPayload);
+            const usersService = this.getUsersService(schema);
+            await usersService.createOne(updatedUserPayload);
         }
         catch (e) {
             if (isDirectusError(e, ErrorCode.RecordNotUnique)) {

package/dist/auth/drivers/oauth2.d.ts

@@ -1,13 +1,11 @@
 import { Router } from 'express';
 import type { Client } from 'openid-client';
-import { UsersService } from '../../services/users.js';
 import type { AuthDriverOptions, User } from '../../types/index.js';
 import type { RoleMap } from '../../types/rolemap.js';
 import { LocalAuthDriver } from './local.js';
 export declare class OAuth2AuthDriver extends LocalAuthDriver {
     client: Client;
     redirectUrl: string;
-    usersService: UsersService;
     config: Record<string, any>;
     roleMap: RoleMap;
     constructor(options: AuthDriverOptions, config: Record<string, any>);

package/dist/auth/drivers/oauth2.js

@@ -13,7 +13,6 @@ import { useLogger } from '../../logger/index.js';
 import { respond } from '../../middleware/respond.js';
 import { createDefaultAccountability } from '../../permissions/utils/create-default-accountability.js';
 import { AuthenticationService } from '../../services/authentication.js';
-import { UsersService } from '../../services/users.js';
 import asyncHandler from '../../utils/async-handler.js';
 import { getConfigFromEnv } from '../../utils/get-config-from-env.js';
 import { getIPFromReq } from '../../utils/get-ip-from-req.js';
@@ -22,10 +21,10 @@ import { isLoginRedirectAllowed } from '../../utils/is-login-redirect-allowed.js
 import { verifyJWT } from '../../utils/jwt.js';
 import { Url } from '../../utils/url.js';
 import { LocalAuthDriver } from './local.js';
+import { getSchema } from '../../utils/get-schema.js';
 export class OAuth2AuthDriver extends LocalAuthDriver {
     client;
     redirectUrl;
-    usersService;
     config;
     roleMap;
     constructor(options, config) {
@@ -39,7 +38,6 @@ export class OAuth2AuthDriver extends LocalAuthDriver {
         }
         const redirectUrl = new Url(env['PUBLIC_URL']).addPath('auth', 'login', additionalConfig['provider'], 'callback');
         this.redirectUrl = redirectUrl.toString();
-        this.usersService = new UsersService({ knex: this.knex, schema: this.schema });
         this.config = additionalConfig;
         this.roleMap = {};
         const roleMapping = this.config['roleMapping'];
@@ -177,14 +175,16 @@ export class OAuth2AuthDriver extends LocalAuthDriver {
                     email: userPayload.email,
                 };
             }
+            const schema = await getSchema();
             const updatedUserPayload = await emitter.emitFilter(`auth.update`, emitPayload, {
                 identifier,
                 provider: this.config['provider'],
                 providerPayload: { accessToken: tokenSet.access_token, idToken: tokenSet.id_token, userInfo },
-            }, { database: getDatabase(), schema: this.schema, accountability: null });
+            }, { database: getDatabase(), schema, accountability: null });
             // Update user to update refresh_token and other properties that might have changed
             if (Object.values(updatedUserPayload).some((value) => value !== undefined)) {
-                await this.usersService.updateOne(userId, updatedUserPayload);
+                const usersService = this.getUsersService(schema);
+                await usersService.updateOne(userId, updatedUserPayload);
             }
             return userId;
         }
@@ -193,15 +193,17 @@ export class OAuth2AuthDriver extends LocalAuthDriver {
             logger.warn(`[OAuth2] User doesn't exist, and public registration not allowed for provider "${provider}"`);
             throw new InvalidCredentialsError();
         }
+        const schema = await getSchema();
         // Run hook so the end user has the chance to augment the
         // user that is about to be created
         const updatedUserPayload = await emitter.emitFilter(`auth.create`, userPayload, {
             identifier,
             provider: this.config['provider'],
             providerPayload: { accessToken: tokenSet.access_token, idToken: tokenSet.id_token, userInfo },
-        }, { database: getDatabase(), schema: this.schema, accountability: null });
+        }, { database: getDatabase(), schema, accountability: null });
         try {
-            await this.usersService.createOne(updatedUserPayload);
+            const usersService = this.getUsersService(schema);
+            await usersService.createOne(updatedUserPayload);
         }
         catch (e) {
             if (isDirectusError(e, ErrorCode.RecordNotUnique)) {
@@ -231,7 +233,8 @@ export class OAuth2AuthDriver extends LocalAuthDriver {
                 const tokenSet = await this.client.refresh(authData['refreshToken']);
                 // Update user refreshToken if provided
                 if (tokenSet.refresh_token) {
-                    await this.usersService.updateOne(user.id, {
+                    const usersService = this.getUsersService(await getSchema());
+                    await usersService.updateOne(user.id, {
                         auth_data: JSON.stringify({ refreshToken: tokenSet.refresh_token }),
                     });
                 }

package/dist/auth/drivers/openid.d.ts

@@ -1,13 +1,11 @@
 import { Router } from 'express';
 import type { Client } from 'openid-client';
-import { UsersService } from '../../services/users.js';
 import type { AuthDriverOptions, User } from '../../types/index.js';
 import type { RoleMap } from '../../types/rolemap.js';
 import { LocalAuthDriver } from './local.js';
 export declare class OpenIDAuthDriver extends LocalAuthDriver {
     client: null | Client;
     redirectUrl: string;
-    usersService: UsersService;
     config: Record<string, any>;
     roleMap: RoleMap;
     constructor(options: AuthDriverOptions, config: Record<string, any>);

package/dist/auth/drivers/openid.js

@@ -13,7 +13,6 @@ import { useLogger } from '../../logger/index.js';
 import { respond } from '../../middleware/respond.js';
 import { createDefaultAccountability } from '../../permissions/utils/create-default-accountability.js';
 import { AuthenticationService } from '../../services/authentication.js';
-import { UsersService } from '../../services/users.js';
 import asyncHandler from '../../utils/async-handler.js';
 import { getConfigFromEnv } from '../../utils/get-config-from-env.js';
 import { getIPFromReq } from '../../utils/get-ip-from-req.js';
@@ -22,10 +21,10 @@ import { isLoginRedirectAllowed } from '../../utils/is-login-redirect-allowed.js
 import { verifyJWT } from '../../utils/jwt.js';
 import { Url } from '../../utils/url.js';
 import { LocalAuthDriver } from './local.js';
+import { getSchema } from '../../utils/get-schema.js';
 export class OpenIDAuthDriver extends LocalAuthDriver {
     client;
     redirectUrl;
-    usersService;
     config;
     roleMap;
     constructor(options, config) {
@@ -40,7 +39,6 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
         }
         const redirectUrl = new Url(env['PUBLIC_URL']).addPath('auth', 'login', provider, 'callback');
         this.redirectUrl = redirectUrl.toString();
-        this.usersService = new UsersService({ knex: this.knex, schema: this.schema });
         this.config = config;
         this.roleMap = {};
         const roleMapping = this.config['roleMapping'];
@@ -227,14 +225,16 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
                     email: userPayload.email,
                 };
             }
+            const schema = await getSchema();
             const updatedUserPayload = await emitter.emitFilter(`auth.update`, emitPayload, {
                 identifier,
                 provider: this.config['provider'],
                 providerPayload: { accessToken: tokenSet.access_token, idToken: tokenSet.id_token, userInfo },
-            }, { database: getDatabase(), schema: this.schema, accountability: null });
+            }, { database: getDatabase(), schema, accountability: null });
             // Update user to update refresh_token and other properties that might have changed
             if (Object.values(updatedUserPayload).some((value) => value !== undefined)) {
-                await this.usersService.updateOne(userId, updatedUserPayload);
+                const usersService = this.getUsersService(schema);
+                await usersService.updateOne(userId, updatedUserPayload);
             }
             return userId;
         }
@@ -244,15 +244,17 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
             logger.warn(`[OpenID] User doesn't exist, and public registration not allowed for provider "${provider}"`);
             throw new InvalidCredentialsError();
         }
+        const schema = await getSchema();
         // Run hook so the end user has the chance to augment the
         // user that is about to be created
         const updatedUserPayload = await emitter.emitFilter(`auth.create`, userPayload, {
             identifier,
             provider: this.config['provider'],
             providerPayload: { accessToken: tokenSet.access_token, idToken: tokenSet.id_token, userInfo },
-        }, { database: getDatabase(), schema: this.schema, accountability: null });
+        }, { database: getDatabase(), schema, accountability: null });
         try {
-            await this.usersService.createOne(updatedUserPayload);
+            const usersService = this.getUsersService(schema);
+            await usersService.createOne(updatedUserPayload);
         }
         catch (e) {
             if (isDirectusError(e, ErrorCode.RecordNotUnique)) {
@@ -283,7 +285,8 @@ export class OpenIDAuthDriver extends LocalAuthDriver {
                 const tokenSet = await client.refresh(authData['refreshToken']);
                 // Update user refreshToken if provided
                 if (tokenSet.refresh_token) {
-                    await this.usersService.updateOne(user.id, {
+                    const usersService = this.getUsersService(await getSchema());
+                    await usersService.updateOne(user.id, {
                         auth_data: JSON.stringify({ refreshToken: tokenSet.refresh_token }),
                     });
                 }

package/dist/auth/drivers/saml.d.ts

@@ -1,11 +1,9 @@
 import * as samlify from 'samlify';
-import { UsersService } from '../../services/users.js';
 import type { AuthDriverOptions, User } from '../../types/index.js';
 import { LocalAuthDriver } from './local.js';
 export declare class SAMLAuthDriver extends LocalAuthDriver {
     sp: samlify.ServiceProviderInstance;
     idp: samlify.IdentityProviderInstance;
-    usersService: UsersService;
     config: Record<string, any>;
     constructor(options: AuthDriverOptions, config: Record<string, any>);
     fetchUserID(identifier: string): Promise<any>;

package/dist/auth/drivers/saml.js

@@ -10,22 +10,20 @@ import emitter from '../../emitter.js';
 import { useLogger } from '../../logger/index.js';
 import { respond } from '../../middleware/respond.js';
 import { AuthenticationService } from '../../services/authentication.js';
-import { UsersService } from '../../services/users.js';
 import asyncHandler from '../../utils/async-handler.js';
 import { getConfigFromEnv } from '../../utils/get-config-from-env.js';
 import { LocalAuthDriver } from './local.js';
 import { isLoginRedirectAllowed } from '../../utils/is-login-redirect-allowed.js';
+import { getSchema } from '../../utils/get-schema.js';
 // Register the samlify schema validator
 samlify.setSchemaValidator(validator);
 export class SAMLAuthDriver extends LocalAuthDriver {
     sp;
     idp;
-    usersService;
     config;
     constructor(options, config) {
         super(options, config);
         this.config = config;
-        this.usersService = new UsersService({ knex: this.knex, schema: this.schema });
         this.sp = samlify.ServiceProvider(getConfigFromEnv(`AUTH_${config['provider'].toUpperCase()}_SP`));
         this.idp = samlify.IdentityProvider(getConfigFromEnv(`AUTH_${config['provider'].toUpperCase()}_IDP`));
     }
@@ -63,11 +61,13 @@ export class SAMLAuthDriver extends LocalAuthDriver {
             external_identifier: identifier.toLowerCase(),
             role: this.config['defaultRoleId'],
         };
+        const schema = await getSchema();
         // Run hook so the end user has the chance to augment the
         // user that is about to be created
-        const updatedUserPayload = await emitter.emitFilter(`auth.create`, userPayload, { identifier: identifier.toLowerCase(), provider: this.config['provider'], providerPayload: { ...payload } }, { database: getDatabase(), schema: this.schema, accountability: null });
+        const updatedUserPayload = await emitter.emitFilter(`auth.create`, userPayload, { identifier: identifier.toLowerCase(), provider: this.config['provider'], providerPayload: { ...payload } }, { database: getDatabase(), schema, accountability: null });
         try {
-            return await this.usersService.createOne(updatedUserPayload);
+            const usersService = this.getUsersService(schema);
+            return await usersService.createOne(updatedUserPayload);
         }
         catch (error) {
             if (isDirectusError(error, ErrorCode.RecordNotUnique)) {

package/dist/auth.js

@@ -6,7 +6,6 @@ import { DEFAULT_AUTH_PROVIDER } from './constants.js';
 import getDatabase from './database/index.js';
 import { useLogger } from './logger/index.js';
 import { getConfigFromEnv } from './utils/get-config-from-env.js';
-import { getSchema } from './utils/get-schema.js';
 const providers = new Map();
 export function getAuthProvider(provider) {
     const logger = useLogger();
@@ -19,7 +18,7 @@ export function getAuthProvider(provider) {
 export async function registerAuthProviders() {
     const env = useEnv();
     const logger = useLogger();
-    const options = { knex: getDatabase(), schema: await getSchema() };
+    const options = { knex: getDatabase() };
     const providerNames = toArray(env['AUTH_PROVIDERS']);
     // Register default provider if not disabled
     if (!env['AUTH_DISABLE_DEFAULT']) {

package/dist/cli/commands/bootstrap/index.js

@@ -3,13 +3,10 @@ import getDatabase, { hasDatabaseConnection, isInstalled, validateDatabaseConnec
 import runMigrations from '../../../database/migrations/run.js';
 import installDatabase from '../../../database/seeds/run.js';
 import { useLogger } from '../../../logger/index.js';
-import { AccessService } from '../../../services/access.js';
-import { PoliciesService } from '../../../services/policies.js';
-import { RolesService } from '../../../services/roles.js';
 import { SettingsService } from '../../../services/settings.js';
-import { UsersService } from '../../../services/users.js';
 import { getSchema } from '../../../utils/get-schema.js';
-import { defaultAdminPolicy, defaultAdminRole, defaultAdminUser } from '../../utils/defaults.js';
+import { createAdmin } from '../../../utils/create-admin.js';
+import { email } from 'zod';
 export default async function bootstrap({ skipAdminInit }) {
     const logger = useLogger();
     logger.info('Initializing bootstrap...');
@@ -23,15 +20,23 @@ export default async function bootstrap({ skipAdminInit }) {
         await runMigrations(database, 'latest');
         const schema = await getSchema();
         if (skipAdminInit == null) {
-            await createDefaultAdmin(schema);
+            await createAdmin(schema);
         }
         else {
             logger.info('Skipping creation of default Admin user and role...');
         }
+        const settingsService = new SettingsService({ schema });
         if (env['PROJECT_NAME'] && typeof env['PROJECT_NAME'] === 'string' && env['PROJECT_NAME'].length > 0) {
-            const settingsService = new SettingsService({ schema });
             await settingsService.upsertSingleton({ project_name: env['PROJECT_NAME'] });
         }
+        if (email().safeParse(env['PROJECT_OWNER']).success) {
+            await settingsService.setOwner({
+                project_owner: env['PROJECT_OWNER'],
+                org_name: null,
+                project_usage: null,
+                product_updates: false,
+            });
+        }
     }
     else {
         logger.info('Database already initialized, skipping install');
@@ -55,29 +60,3 @@ async function waitForDatabase(database) {
     await validateDatabaseConnection(database);
     return database;
 }
-async function createDefaultAdmin(schema) {
-    const logger = useLogger();
-    const env = useEnv();
-    const { nanoid } = await import('nanoid');
-    logger.info('Setting up first admin role...');
-    const accessService = new AccessService({ schema });
-    const policiesService = new PoliciesService({ schema });
-    const rolesService = new RolesService({ schema });
-    const role = await rolesService.createOne(defaultAdminRole);
-    const policy = await policiesService.createOne(defaultAdminPolicy);
-    await accessService.createOne({ policy, role });
-    logger.info('Adding first admin user...');
-    const usersService = new UsersService({ schema });
-    let adminEmail = env['ADMIN_EMAIL'];
-    if (!adminEmail) {
-        logger.info('No admin email provided. Defaulting to "admin@example.com"');
-        adminEmail = 'admin@example.com';
-    }
-    let adminPassword = env['ADMIN_PASSWORD'];
-    if (!adminPassword) {
-        adminPassword = nanoid(12);
-        logger.info(`No admin password provided. Defaulting to "${adminPassword}"`);
-    }
-    const token = env['ADMIN_TOKEN'] ?? null;
-    await usersService.createOne({ ...defaultAdminUser, email: adminEmail, password: adminPassword, token, role });
-}

package/dist/cli/commands/init/index.js

@@ -9,7 +9,7 @@ import runSeed from '../../../database/seeds/run.js';
 import { generateHash } from '../../../utils/generate-hash.js';
 import createDBConnection from '../../utils/create-db-connection.js';
 import createEnv from '../../utils/create-env/index.js';
-import { defaultAdminPolicy, defaultAdminRole, defaultAdminUser } from '../../utils/defaults.js';
+import { defaultAdminPolicy, defaultAdminRole, defaultAdminUser } from '../../../utils/create-admin.js';
 import { drivers, getDriverForClient } from '../../utils/drivers.js';
 import { databaseQuestions } from './questions.js';
 export default async function init() {

package/dist/cli/commands/schema/apply.d.ts

@@ -1,5 +1,9 @@
+import type { SnapshotDiff } from '@directus/types';
+export declare function filterSnapshotDiff(snapshot: SnapshotDiff, filters: string[]): SnapshotDiff;
 export declare function apply(snapshotPath: string, options?: {
     yes: boolean;
     dryRun: boolean;
     ignoreRules: string;
 }): Promise<void>;
+export declare function formatPath(path: any[]): string;
+export declare function formatRelatedCollection(relatedCollection: string | null): string;

package/dist/cli/commands/schema/apply.js

@@ -11,7 +11,7 @@ import { isNestedMetaUpdate } from '../../../utils/apply-diff.js';
 import { applySnapshot } from '../../../utils/apply-snapshot.js';
 import { getSnapshotDiff } from '../../../utils/get-snapshot-diff.js';
 import { getSnapshot } from '../../../utils/get-snapshot.js';
-function filterSnapshotDiff(snapshot, filters) {
+export function filterSnapshotDiff(snapshot, filters) {
     const filterSet = new Set(filters);
     function shouldKeep(item) {
         if (filterSet.has(item.collection))
@@ -23,6 +23,7 @@ function filterSnapshotDiff(snapshot, filters) {
     const filteredDiff = {
         collections: snapshot.collections.filter((item) => shouldKeep(item)),
         fields: snapshot.fields.filter((item) => shouldKeep(item)),
+        systemFields: snapshot.systemFields.filter((item) => shouldKeep(item)),
         relations: snapshot.relations.filter((item) => shouldKeep(item)),
     };
     return filteredDiff;
@@ -53,6 +54,7 @@ export async function apply(snapshotPath, options) {
         }
         if (snapshotDiff.collections.length === 0 &&
             snapshotDiff.fields.length === 0 &&
+            snapshotDiff.systemFields.length === 0 &&
             snapshotDiff.relations.length === 0) {
             logger.info('No changes to apply.');
             database.destroy();
@@ -116,6 +118,27 @@ export async function apply(snapshotPath, options) {
                 }
                 sections.push(lines.join('\n'));
             }
+            if (snapshotDiff.systemFields.length > 0) {
+                const lines = [chalk.underline.bold('System Fields:')];
+                for (const { collection, field, diff } of snapshotDiff.systemFields) {
+                    if (diff[0]?.kind === DiffKind.EDIT) {
+                        lines.push(`  - ${chalk.magenta('Update')} ${collection}.${field}`);
+                        for (const change of diff) {
+                            const path = formatPath(change.path);
+                            if (change.kind === DiffKind.EDIT) {
+                                lines.push(`    - Set ${path} to ${change.rhs}`);
+                            }
+                            else if (change.kind === DiffKind.DELETE) {
+                                lines.push(`    - Remove ${path}`);
+                            }
+                            else if (change.kind === DiffKind.NEW) {
+                                lines.push(`    - Add ${path} and set it to ${change.rhs}`);
+                            }
+                        }
+                    }
+                }
+                sections.push(lines.join('\n'));
+            }
             if (snapshotDiff.relations.length > 0) {
                 const lines = [chalk.underline.bold('Relations:')];
                 for (const { collection, field, related_collection, diff } of snapshotDiff.relations) {
@@ -169,13 +192,13 @@ export async function apply(snapshotPath, options) {
         process.exit(1);
     }
 }
-function formatPath(path) {
+export function formatPath(path) {
     if (path.length === 1) {
         return path.toString();
     }
     return path.slice(1).join('.');
 }
-function formatRelatedCollection(relatedCollection) {
+export function formatRelatedCollection(relatedCollection) {
     // Related collection doesn't exist for a2o relationship types
     if (relatedCollection) {
         return ` → ${relatedCollection}`;

package/dist/controllers/collections.js

@@ -11,13 +11,18 @@ router.post('/', asyncHandler(async (req, res, next) => {
         accountability: req.accountability,
         schema: req.schema,
     });
+    const attemptConcurrentIndex = 'concurrentIndexCreation' in req.query && req.query['concurrentIndexCreation'] !== 'false';
     if (Array.isArray(req.body)) {
-        const collectionKey = await collectionsService.createMany(req.body);
+        const collectionKey = await collectionsService.createMany(req.body, {
+            attemptConcurrentIndex,
+        });
         const records = await collectionsService.readMany(collectionKey);
         res.locals['payload'] = { data: records || null };
     }
     else {
-        const collectionKey = await collectionsService.createOne(req.body);
+        const collectionKey = await collectionsService.createOne(req.body, {
+            attemptConcurrentIndex,
+        });
         const record = await collectionsService.readOne(collectionKey);
         res.locals['payload'] = { data: record || null };
     }

package/dist/controllers/fields.js

@@ -1,5 +1,5 @@
 import { TYPES } from '@directus/constants';
-import { isDirectusError } from '@directus/errors';
+import { ForbiddenError, isDirectusError } from '@directus/errors';
 import { Router } from 'express';
 import Joi from 'joi';
 import { ALIAS_TYPES } from '../constants.js';
@@ -7,8 +7,9 @@ import { ErrorCode, InvalidPayloadError } from '@directus/errors';
 import validateCollection from '../middleware/collection-exists.js';
 import { respond } from '../middleware/respond.js';
 import useCollection from '../middleware/use-collection.js';
-import { FieldsService } from '../services/fields.js';
+import { FieldsService, systemFieldUpdateSchema } from '../services/fields.js';
 import asyncHandler from '../utils/async-handler.js';
+import { isSystemField } from '@directus/system-data';
 const router = Router();
 router.use(useCollection('directus_fields'));
 router.get('/', asyncHandler(async (req, res, next) => {
@@ -64,7 +65,9 @@ router.post('/:collection', validateCollection, asyncHandler(async (req, res, ne
         throw new InvalidPayloadError({ reason: error.message });
     }
     const field = req.body;
-    await service.createField(req.params['collection'], field);
+    await service.createField(req.params['collection'], field, undefined, {
+        attemptConcurrentIndex: 'concurrentIndexCreation' in req.query && req.query['concurrentIndexCreation'] !== 'false',
+    });
     try {
         const createdField = await service.readOne(req.params['collection'], field.field);
         res.locals['payload'] = { data: createdField || null };
@@ -85,7 +88,16 @@ router.patch('/:collection', validateCollection, asyncHandler(async (req, res, n
     if (Array.isArray(req.body) === false) {
         throw new InvalidPayloadError({ reason: 'Submitted body has to be an array' });
     }
-    await service.updateFields(req.params['collection'], req.body);
+    for (const fieldData of req.body) {
+        if (isSystemField(req.params['collection'], fieldData['field'])) {
+            const { error } = systemFieldUpdateSchema.safeParse(fieldData);
+            if (error)
+                throw error.issues.map((details) => new InvalidPayloadError({ reason: details.message }));
+        }
+    }
+    await service.updateFields(req.params['collection'], req.body, {
+        attemptConcurrentIndex: 'concurrentIndexCreation' in req.query && req.query['concurrentIndexCreation'] !== 'false',
+    });
     try {
         const results = [];
         for (const field of req.body) {
@@ -120,14 +132,22 @@ router.patch('/:collection/:field', validateCollection, asyncHandler(async (req,
         accountability: req.accountability,
         schema: req.schema,
     });
-    const { error } = updateSchema.validate(req.body);
-    if (error) {
-        throw new InvalidPayloadError({ reason: error.message });
+    if (isSystemField(req.params['collection'], req.params['field'])) {
+        const { error } = systemFieldUpdateSchema.safeParse(req.body);
+        if (error)
+            throw error.issues.map((details) => new InvalidPayloadError({ reason: details.message }));
+    }
+    else {
+        const { error } = updateSchema.validate(req.body);
+        if (error)
+            throw new InvalidPayloadError({ reason: error.message });
     }
     const fieldData = req.body;
     if (!fieldData.field)
         fieldData.field = req.params['field'];
-    await service.updateField(req.params['collection'], fieldData);
+    await service.updateField(req.params['collection'], fieldData, {
+        attemptConcurrentIndex: 'concurrentIndexCreation' in req.query && req.query['concurrentIndexCreation'] !== 'false',
+    });
     try {
         const updatedField = await service.readOne(req.params['collection'], req.params['field']);
         res.locals['payload'] = { data: updatedField || null };
@@ -145,6 +165,9 @@ router.delete('/:collection/:field', validateCollection, asyncHandler(async (req
         accountability: req.accountability,
         schema: req.schema,
     });
+    if (isSystemField(req.params['collection'], req.params['field'])) {
+        throw new ForbiddenError();
+    }
     await service.deleteField(req.params['collection'], req.params['field']);
     return next();
 }), respond);