npm - @directus/api - Versions diffs - 32.1.1 → 33.0.0 - Mend

@directus/api 32.1.1 → 33.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (336) hide show

package/dist/extensions/lib/sync/utils.js ADDED Viewed

@@ -0,0 +1,62 @@
+import { stat } from 'node:fs/promises';
+import { join, relative, resolve, sep } from 'node:path';
+import { useEnv } from '@directus/env';
+import { normalizePath } from '@directus/utils';
+import { getExtensionsPath } from '../get-extensions-path.js';
+/**
+ * Returns the directory depth of the provided path
+ */
+export function pathDepth(path) {
+    let count = 0;
+    for (let i = 0; i < path.length; i++) {
+        if (path[i] === sep)
+            count++;
+    }
+    return count;
+}
+/**
+ * Reads the size and modified date of a file if it exists
+ */
+export async function fsStat(path) {
+    const data = await stat(path, { bigint: false }).catch(() => {
+        /* file not available */
+    });
+    if (!data)
+        return null;
+    return {
+        size: data.size,
+        modified: data.mtime,
+    };
+}
+/**
+ * Builds up the local and remote paths to use with syncing
+ */
+export function getSyncPaths(partialPath) {
+    const env = useEnv();
+    const localRootPath = getExtensionsPath();
+    const remoteRootPath = env['EXTENSIONS_PATH'];
+    if (!partialPath) {
+        return {
+            localExtensionsPath: localRootPath,
+            remoteExtensionsPath: normalizePath(remoteRootPath),
+        };
+    }
+    const resolvedPartialPath = relative(sep, resolve(sep, partialPath));
+    return {
+        localExtensionsPath: join(localRootPath, resolvedPartialPath),
+        remoteExtensionsPath: normalizePath(join(remoteRootPath, resolvedPartialPath)),
+    };
+}
+/**
+ * Retrieve the stats for local and remote files and check if they are the same
+ * Returns false if files are differnt else true
+ */
+export async function compareFileMetadata(localPath, remotePath, disk) {
+    const localStat = await fsStat(localPath).catch(() => { });
+    if (!localStat)
+        return false;
+    const remoteStat = await disk.stat(remotePath).catch(() => { });
+    if (!remoteStat)
+        return false;
+    return remoteStat.modified <= localStat.modified && remoteStat.size === localStat.size;
+}

package/dist/extensions/manager.d.ts CHANGED Viewed

@@ -1,6 +1,7 @@
+import type { ReadStream } from 'node:fs';
 import type { Extension, ExtensionManagerOptions } from '@directus/types';
 import { Router } from 'express';
-import type { ReadStream } from 'node:fs';
+import { type ExtensionSyncOptions } from './lib/sync/sync.js';
 export declare class ExtensionManager {
     private options;
     /**
@@ -47,6 +48,10 @@ export declare class ExtensionManager {
      * sequence.
      */
     private reloadQueue;
+    /**
+     * Used to prevent race condition when reading extension data while reloading extensions
+     */
+    private reloadPromise;
     /**
      * Optional file system watcher to auto-reload extensions when the local file system changes
      */
@@ -76,7 +81,7 @@ export declare class ExtensionManager {
      */
     install(versionId: string): Promise<void>;
     uninstall(folder: string): Promise<void>;
-    broadcastReloadNotification(): Promise<void>;
+    broadcastReloadNotification(options?: ExtensionSyncOptions): Promise<void>;
     /**
      * Load all extensions from disk and register them in their respective places
      */
@@ -88,9 +93,8 @@ export declare class ExtensionManager {
     /**
      * Reload all the extensions. Will unload if extensions have already been loaded
      */
-    reload(options?: {
-        forceSync: boolean;
-    }): Promise<unknown>;
+    reload(options?: ExtensionSyncOptions): Promise<unknown>;
+    isReloading(): Promise<void>;
     /**
      * Return the previously generated app extension bundle chunk by name.
      * Providing no name will return the entry bundle.

package/dist/extensions/manager.js CHANGED Viewed

@@ -1,7 +1,13 @@
+import { readdir, readFile } from 'node:fs/promises';
+import os from 'node:os';
+import { dirname, join, relative, resolve, sep } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import path from 'path';
+import { HYBRID_EXTENSION_TYPES } from '@directus/constants';
 import { useEnv } from '@directus/env';
 import { APP_SHARED_DEPS } from '@directus/extensions';
-import { HYBRID_EXTENSION_TYPES } from '@directus/constants';
 import { generateExtensionsEntrypoint } from '@directus/extensions/node';
+import DriverLocal from '@directus/storage-driver-local';
 import { isTypeIn, toBoolean } from '@directus/utils';
 import { pathToRelativeUrl, processId } from '@directus/utils/node';
 import aliasDefault from '@rollup/plugin-alias';
@@ -11,11 +17,6 @@ import chokidar, { FSWatcher } from 'chokidar';
 import express, { Router } from 'express';
 import ivm from 'isolated-vm';
 import { clone, debounce, isPlainObject } from 'lodash-es';
-import { readFile, readdir } from 'node:fs/promises';
-import os from 'node:os';
-import { dirname, join } from 'node:path';
-import { fileURLToPath } from 'node:url';
-import path from 'path';
 import { rolldown } from 'rolldown';
 import { rollup } from 'rollup';
 import { useBus } from '../bus/index.js';
@@ -37,9 +38,8 @@ import { getSharedDepsMapping } from './lib/get-shared-deps-mapping.js';
 import { getInstallationManager } from './lib/installation/index.js';
 import { generateApiExtensionsSandboxEntrypoint } from './lib/sandbox/generate-api-extensions-sandbox-entrypoint.js';
 import { instantiateSandboxSdk } from './lib/sandbox/sdk/instantiate.js';
-import { syncExtensions } from './lib/sync-extensions.js';
+import { syncExtensions } from './lib/sync/sync.js';
 import { wrapEmbeds } from './lib/wrap-embeds.js';
-import DriverLocal from '@directus/storage-driver-local';
 // Workaround for https://github.com/rollup/plugins/issues/1329
 const virtual = virtualDefault;
 const alias = aliasDefault;
@@ -99,6 +99,10 @@ export class ExtensionManager {
      * sequence.
      */
     reloadQueue = new JobQueue();
+    /**
+     * Used to prevent race condition when reading extension data while reloading extensions
+     */
+    reloadPromise = Promise.resolve();
     /**
      * Optional file system watcher to auto-reload extensions when the local file system changes
      */
@@ -148,7 +152,7 @@ export class ExtensionManager {
             await this.closeWatcher();
         }
         if (!this.isLoaded) {
-            await this.load();
+            await this.load({ forceSync: true });
             if (this.extensions.length > 0) {
                 logger.info(`Loaded extensions: ${this.extensions.map((ext) => ext.name).join(', ')}`);
             }
@@ -160,7 +164,13 @@ export class ExtensionManager {
             // Ignore requests for reloading that were published by the current process
             if (isPlainObject(payload) && 'origin' in payload && payload['origin'] === this.processId)
                 return;
-            this.reload();
+            // Reload extensions with event options
+            const options = {};
+            if (typeof payload['forceSync'] === 'boolean')
+                options.forceSync = payload['forceSync'];
+            if (typeof payload['partialSync'] === 'string')
+                options.partialSync = payload['partialSync'];
+            this.reload(options);
         });
     }
     /**
@@ -169,27 +179,31 @@ export class ExtensionManager {
     async install(versionId) {
         const logger = useLogger();
         await this.installationManager.install(versionId);
-        await this.reload({ forceSync: true });
+        const resolvedFolder = relative(sep, resolve(sep, versionId));
+        const syncFolder = join('.registry', resolvedFolder);
+        await this.broadcastReloadNotification({ partialSync: syncFolder });
+        await this.reload({ skipSync: true });
         emitter.emitAction('extensions.installed', {
             extensions: this.extensions,
             versionId,
         });
         logger.info(`Installed extension: ${versionId}`);
-        await this.broadcastReloadNotification();
     }
     async uninstall(folder) {
         const logger = useLogger();
         await this.installationManager.uninstall(folder);
-        await this.reload({ forceSync: true });
+        const resolvedFolder = relative(sep, resolve(sep, folder));
+        const syncFolder = join('.registry', resolvedFolder);
+        await this.broadcastReloadNotification({ partialSync: syncFolder });
+        await this.reload({ skipSync: true });
         emitter.emitAction('extensions.uninstalled', {
             extensions: this.extensions,
             folder,
         });
         logger.info(`Uninstalled extension: ${folder}`);
-        await this.broadcastReloadNotification();
     }
-    async broadcastReloadNotification() {
-        await this.messenger.publish(this.reloadChannel, { origin: this.processId });
+    async broadcastReloadNotification(options) {
+        await this.messenger.publish(this.reloadChannel, { ...options, origin: this.processId });
     }
     /**
      * Load all extensions from disk and register them in their respective places
@@ -198,7 +212,7 @@ export class ExtensionManager {
         const logger = useLogger();
         if (env['EXTENSIONS_LOCATION']) {
             try {
-                await syncExtensions({ force: options?.forceSync ?? false });
+                await syncExtensions(options);
             }
             catch (error) {
                 logger.error(`Failed to sync extensions`);
@@ -250,7 +264,7 @@ export class ExtensionManager {
         const logger = useLogger();
         let resolve;
         let reject;
-        const promise = new Promise((res, rej) => {
+        this.reloadPromise = new Promise((res, rej) => {
             resolve = res;
             reject = rej;
         });
@@ -283,7 +297,10 @@ export class ExtensionManager {
                 reject(new Error('Extensions have to be loaded before they can be reloaded'));
             }
         });
-        return promise;
+        return this.reloadPromise;
+    }
+    isReloading() {
+        return this.reloadPromise;
     }
     /**
      * Return the previously generated app extension bundle chunk by name.

package/dist/flows.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { Accountability, SchemaOverview, OperationHandler } from '@directus/types';
+import type { Accountability, OperationHandler, SchemaOverview } from '@directus/types';
 export declare function getFlowManager(): FlowManager;
 declare class FlowManager {
     private isLoaded;

package/dist/logger/index.js CHANGED Viewed

@@ -1,7 +1,7 @@
+import { URL } from 'node:url';
 import { useEnv } from '@directus/env';
 import { REDACTED_TEXT, toArray, toBoolean } from '@directus/utils';
 import { merge } from 'lodash-es';
-import { URL } from 'node:url';
 import { pino } from 'pino';
 import { pinoHttp, stdSerializers } from 'pino-http';
 import { httpPrintFactory } from 'pino-http-print';

package/dist/logger/logs-stream.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
-import type { Bus } from '@directus/memory';
 import { Writable } from 'stream';
+import type { Bus } from '@directus/memory';
 type PrettyType = 'basic' | 'http' | false;
 export declare class LogsStream extends Writable {
     messenger: Bus;

package/dist/logger/logs-stream.js CHANGED Viewed

@@ -1,5 +1,5 @@
-import { nanoid } from 'nanoid';
 import { Writable } from 'stream';
+import { nanoid } from 'nanoid';
 import { useBus } from '../bus/index.js';
 const nodeId = nanoid(8);
 export class LogsStream extends Writable {

package/dist/mailer.js CHANGED Viewed

@@ -1,8 +1,8 @@
+import { createRequire } from 'node:module';
 import { useEnv } from '@directus/env';
 import nodemailer from 'nodemailer';
 import { useLogger } from './logger/index.js';
 import { getConfigFromEnv } from './utils/get-config-from-env.js';
-import { createRequire } from 'node:module';
 const require = createRequire(import.meta.url);
 let transporter;
 export default function getMailer() {

package/dist/metrics/lib/create-metrics.js CHANGED Viewed

@@ -1,8 +1,8 @@
-import { useEnv } from '@directus/env';
-import { toArray } from '@directus/utils';
 import { randomUUID } from 'node:crypto';
 import { Readable } from 'node:stream';
 import { promisify } from 'node:util';
+import { useEnv } from '@directus/env';
+import { toArray } from '@directus/utils';
 import pm2 from 'pm2';
 import { AggregatorRegistry, Counter, Histogram, register } from 'prom-client';
 import { getCache } from '../../cache.js';

package/dist/middleware/authenticate.js CHANGED Viewed

@@ -1,13 +1,13 @@
+import { useEnv } from '@directus/env';
+import { ErrorCode, isDirectusError } from '@directus/errors';
 import { isEqual } from 'lodash-es';
+import { SESSION_COOKIE_OPTIONS } from '../constants.js';
 import getDatabase from '../database/index.js';
 import emitter from '../emitter.js';
 import { createDefaultAccountability } from '../permissions/utils/create-default-accountability.js';
 import asyncHandler from '../utils/async-handler.js';
 import { getAccountabilityForToken } from '../utils/get-accountability-for-token.js';
 import { getIPFromReq } from '../utils/get-ip-from-req.js';
-import { ErrorCode, isDirectusError } from '@directus/errors';
-import { useEnv } from '@directus/env';
-import { SESSION_COOKIE_OPTIONS } from '../constants.js';
 /**
  * Verify the passed JWT and assign the user ID and role to `req`
  */

package/dist/middleware/collection-exists.js CHANGED Viewed

@@ -2,8 +2,8 @@
  * Check if requested collection exists, and save it to req.collection
  */
 import { systemCollectionRows } from '@directus/system-data';
-import asyncHandler from '../utils/async-handler.js';
 import { createCollectionForbiddenError } from '../permissions/modules/process-ast/utils/validate-path/create-error.js';
+import asyncHandler from '../utils/async-handler.js';
 const collectionExists = asyncHandler(async (req, _res, next) => {
     if (!req.params['collection'])
         return next();

package/dist/middleware/extract-token.js CHANGED Viewed

@@ -1,5 +1,5 @@
-import { InvalidPayloadError } from '@directus/errors';
 import { useEnv } from '@directus/env';
+import { InvalidPayloadError } from '@directus/errors';
 /**
  * Extract access token from
  *

package/dist/middleware/graphql.js CHANGED Viewed

@@ -1,9 +1,9 @@
+import { useEnv } from '@directus/env';
+import { InvalidPayloadError, InvalidQueryError, MethodNotAllowedError } from '@directus/errors';
 import { parseJSON } from '@directus/utils';
 import { getOperationAST, parse, Source } from 'graphql';
-import { InvalidPayloadError, InvalidQueryError, MethodNotAllowedError } from '@directus/errors';
 import { GraphQLValidationError } from '../services/graphql/errors/validation.js';
 import asyncHandler from '../utils/async-handler.js';
-import { useEnv } from '@directus/env';
 export const parseGraphQL = asyncHandler(async (req, res, next) => {
     if (req.method !== 'GET' && req.method !== 'POST') {
         throw new MethodNotAllowedError({ allowed: ['GET', 'POST'], current: req.method });

package/dist/middleware/respond.js CHANGED Viewed

@@ -1,4 +1,5 @@
 import { useEnv } from '@directus/env';
+import { getDateTimeFormatted } from '@directus/utils';
 import { parse as parseBytesConfiguration } from 'bytes';
 import { getCache, setCacheValue } from '../cache.js';
 import getDatabase from '../database/index.js';
@@ -7,7 +8,6 @@ import { ExportService } from '../services/import-export.js';
 import asyncHandler from '../utils/async-handler.js';
 import { getCacheControlHeader } from '../utils/get-cache-headers.js';
 import { getCacheKey } from '../utils/get-cache-key.js';
-import { getDateFormatted } from '../utils/get-date-formatted.js';
 import { getMilliseconds } from '../utils/get-milliseconds.js';
 import { stringByteSize } from '../utils/get-string-byte-size.js';
 import { permissionsCacheable } from '../utils/permissions-cacheable.js';
@@ -58,7 +58,7 @@ export const respond = asyncHandler(async (req, res) => {
         else {
             filename += 'Export';
         }
-        filename += ' ' + getDateFormatted();
+        filename += ' ' + getDateTimeFormatted();
         if (req.sanitizedQuery.export === 'json') {
             res.attachment(`${filename}.json`);
             res.set('Content-Type', 'application/json');

package/dist/middleware/validate-batch.js CHANGED Viewed

@@ -1,5 +1,5 @@
-import Joi from 'joi';
 import { InvalidPayloadError } from '@directus/errors';
+import Joi from 'joi';
 import asyncHandler from '../utils/async-handler.js';
 import { sanitizeQuery } from '../utils/sanitize-query.js';
 import { validateQuery } from '../utils/validate-query.js';

package/dist/operations/exec/index.js CHANGED Viewed

@@ -1,5 +1,6 @@
-import { defineOperationApi } from '@directus/extensions';
 import { createRequire } from 'node:module';
+import { defineOperationApi } from '@directus/extensions';
+// eslint-disable-next-line import/order
 import { sieveFunctions } from '@directus/utils';
 const require = createRequire(import.meta.url);
 const ivm = require('isolated-vm');

package/dist/operations/mail/index.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import { defineOperationApi } from '@directus/extensions';
+import { useLogger } from '../../logger/index.js';
 import { MailService } from '../../services/mail/index.js';
 import { md } from '../../utils/md.js';
-import { useLogger } from '../../logger/index.js';
 import { useFlowsEmailRateLimiter } from './rate-limiter.js';
 const logger = useLogger();
 export default defineOperationApi({

package/dist/operations/mail/rate-limiter.js CHANGED Viewed

@@ -1,8 +1,8 @@
 import { useEnv } from '@directus/env';
+import { EmailLimitExceededError } from '@directus/errors';
+import { toBoolean } from '@directus/utils';
 import { RateLimiterMemory, RateLimiterRedis, RateLimiterRes } from 'rate-limiter-flexible';
 import { createRateLimiter } from '../../rate-limiter.js';
-import { toBoolean } from '@directus/utils';
-import { EmailLimitExceededError } from '@directus/errors';
 let emailRateLimiter;
 const env = useEnv();
 if (toBoolean(env['RATE_LIMITER_EMAIL_FLOWS_ENABLED']) === true) {

package/dist/permissions/cache.js CHANGED Viewed

@@ -1,6 +1,10 @@
+import { useEnv } from '@directus/env';
 import { defineCache } from '@directus/memory';
 import { redisConfigAvailable, useRedis } from '../redis/index.js';
+import { getMilliseconds } from '../utils/get-milliseconds.js';
 const localOnly = redisConfigAvailable() === false;
+const env = useEnv();
+const ttl = getMilliseconds(env['CACHE_SYSTEM_TTL']);
 const config = localOnly
     ? {
         type: 'local',
@@ -11,6 +15,7 @@ const config = localOnly
         redis: {
             namespace: 'permissions',
             redis: useRedis(),
+            ...(ttl !== undefined ? { ttl } : {}),
         },
         local: {
             maxKeys: 100,

package/dist/permissions/lib/fetch-policies.d.ts CHANGED Viewed

@@ -7,7 +7,7 @@ export interface AccessRow {
     };
     role: string | null;
 }
-export declare const fetchPolicies: typeof _fetchPolicies;
+export declare const fetchPolicies: (args_0: Pick<Accountability, "user" | "roles" | "ip">, context: Context) => Promise<string[]>;
 /**
  * Fetch the policies associated with the current user accountability
  */

package/dist/permissions/lib/fetch-roles-tree.d.ts CHANGED Viewed

@@ -1,3 +1,6 @@
-import type { Knex } from 'knex';
-export declare const fetchRolesTree: typeof _fetchRolesTree;
-export declare function _fetchRolesTree(start: string | null, knex: Knex): Promise<string[]>;
+/**
+ * Fetches the roles tree starting from a specific role.
+ */
+export declare const fetchRolesTree: (start: string | null, context: {
+    knex: import("knex").Knex;
+}) => Promise<string[]>;

package/dist/permissions/lib/fetch-roles-tree.js CHANGED Viewed

@@ -1,28 +1,6 @@
+import { fetchRolesTree as _fetchRolesTree } from '@directus/utils/node';
 import { withCache } from '../utils/with-cache.js';
-export const fetchRolesTree = withCache('roles-tree', _fetchRolesTree);
-export async function _fetchRolesTree(start, knex) {
-    if (!start)
-        return [];
-    let parent = start;
-    const roles = [];
-    while (parent) {
-        const role = await knex
-            .select('id', 'parent')
-            .from('directus_roles')
-            .where({ id: parent })
-            .first();
-        if (!role) {
-            break;
-        }
-        roles.push(role.id);
-        // Prevent infinite recursion loops
-        if (role.parent && roles.includes(role.parent) === true) {
-            roles.reverse();
-            const rolesStr = roles.map((role) => `"${role}"`).join('->');
-            throw new Error(`Recursion encountered: role "${role.id}" already exists in tree path ${rolesStr}`);
-        }
-        parent = role.parent;
-    }
-    roles.reverse();
-    return roles;
-}
+/**
+ * Fetches the roles tree starting from a specific role.
+ */
+export const fetchRolesTree = withCache('roles-tree', _fetchRolesTree, (start) => ({ start }));

package/dist/permissions/modules/fetch-allowed-collections/fetch-allowed-collections.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { uniq } from 'lodash-es';
-import { fetchPolicies } from '../../lib/fetch-policies.js';
 import { fetchPermissions } from '../../lib/fetch-permissions.js';
+import { fetchPolicies } from '../../lib/fetch-policies.js';
 export async function fetchAllowedCollections({ action, accountability }, { knex, schema }) {
     if (accountability.admin) {
         return Object.keys(schema.collections);

package/dist/permissions/modules/fetch-allowed-field-map/fetch-allowed-field-map.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { uniq } from 'lodash-es';
-import { fetchPolicies } from '../../lib/fetch-policies.js';
 import { fetchPermissions } from '../../lib/fetch-permissions.js';
+import { fetchPolicies } from '../../lib/fetch-policies.js';
 export async function fetchAllowedFieldMap({ accountability, action }, { knex, schema }) {
     const fieldMap = {};
     if (accountability.admin) {

package/dist/permissions/modules/fetch-global-access/fetch-global-access.d.ts CHANGED Viewed

@@ -1,10 +1,12 @@
-import type { Accountability } from '@directus/types';
+import type { Accountability, GlobalAccess } from '@directus/types';
 import type { Knex } from 'knex';
-import type { GlobalAccess } from './types.js';
-export declare const fetchGlobalAccess: typeof _fetchGlobalAccess;
+interface FetchGlobalAccessContext {
+    knex: Knex;
+    ip?: Accountability['ip'];
+}
+export declare const fetchGlobalAccess: (accountability: Pick<Accountability, "user" | "roles" | "ip">, context: FetchGlobalAccessContext) => Promise<GlobalAccess>;
 /**
- * Fetch the global access (eg admin/app access) rules for the given roles, or roles+user combination
- *
- * Will fetch roles and user info separately so they can be cached and reused individually
+ * Re-implements fetchGlobalAccess to add caching, fetches roles and user info separately so they can be cached and reused individually
  */
-export declare function _fetchGlobalAccess(accountability: Pick<Accountability, 'user' | 'roles' | 'ip'>, knex: Knex): Promise<GlobalAccess>;
+export declare function _fetchGlobalAccess(accountability: Pick<Accountability, 'user' | 'roles' | 'ip'>, context: FetchGlobalAccessContext): Promise<GlobalAccess>;
+export {};

package/dist/permissions/modules/fetch-global-access/fetch-global-access.js CHANGED Viewed

@@ -1,20 +1,28 @@
+import { fetchGlobalAccessForRoles as _fetchGlobalAccessForRoles, fetchGlobalAccessForUser as _fetchGlobalAccessForUser, } from '@directus/utils/node';
 import { withCache } from '../../utils/with-cache.js';
-import { fetchGlobalAccessForRoles } from './lib/fetch-global-access-for-roles.js';
-import { fetchGlobalAccessForUser } from './lib/fetch-global-access-for-user.js';
-export const fetchGlobalAccess = withCache('global-access', _fetchGlobalAccess, ({ user, roles, ip }) => ({
+export const fetchGlobalAccess = withCache('global-access', _fetchGlobalAccess, ({ user, roles }, { ip }) => ({
     user,
     roles,
     ip,
 }));
+const fetchGlobalAccessForRoles = withCache('global-access-roles', _fetchGlobalAccessForRoles, (roles, { ip }) => ({
+    roles,
+    ip,
+}));
+const fetchGlobalAccessForUser = withCache('global-access-user', _fetchGlobalAccessForUser, (user, { ip }) => ({
+    user,
+    ip,
+}));
 /**
- * Fetch the global access (eg admin/app access) rules for the given roles, or roles+user combination
- *
- * Will fetch roles and user info separately so they can be cached and reused individually
+ * Re-implements fetchGlobalAccess to add caching, fetches roles and user info separately so they can be cached and reused individually
  */
-export async function _fetchGlobalAccess(accountability, knex) {
-    const access = await fetchGlobalAccessForRoles(accountability, knex);
+export async function _fetchGlobalAccess(accountability, context) {
+    const access = await fetchGlobalAccessForRoles(accountability.roles, { knex: context.knex, ip: accountability.ip });
     if (accountability.user !== undefined) {
-        const userAccess = await fetchGlobalAccessForUser(accountability, knex);
+        const userAccess = await fetchGlobalAccessForUser(accountability.user, {
+            knex: context.knex,
+            ip: accountability.ip,
+        });
         // If app/admin is already true, keep it true
         access.app ||= userAccess.app;
         access.admin ||= userAccess.admin;

package/dist/permissions/modules/fetch-inconsistent-field-map/fetch-inconsistent-field-map.js CHANGED Viewed

@@ -1,6 +1,6 @@
-import { uniq, intersection, difference } from 'lodash-es';
-import { fetchPolicies } from '../../lib/fetch-policies.js';
+import { difference, intersection, uniq } from 'lodash-es';
 import { fetchPermissions } from '../../lib/fetch-permissions.js';
+import { fetchPolicies } from '../../lib/fetch-policies.js';
 /**
  * Fetch a field map for fields that may or may not be null based on item-by-item permissions.
  */

package/dist/permissions/modules/fetch-policies-ip-access/fetch-policies-ip-access.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
 import type { Accountability } from '@directus/types';
 import type { Knex } from 'knex';
-export declare const fetchPoliciesIpAccess: typeof _fetchPoliciesIpAccess;
+export declare const fetchPoliciesIpAccess: (accountability: Pick<Accountability, "user" | "roles">, knex: Knex<any, any[]>) => Promise<string[][]>;
 export declare function _fetchPoliciesIpAccess(accountability: Pick<Accountability, 'user' | 'roles'>, knex: Knex): Promise<string[][]>;

package/dist/permissions/modules/process-ast/lib/inject-cases.js CHANGED Viewed

@@ -1,5 +1,5 @@
-import { getUnaliasedFieldKey } from '../../../utils/get-unaliased-field-key.js';
 import { uniq } from 'lodash-es';
+import { getUnaliasedFieldKey } from '../../../utils/get-unaliased-field-key.js';
 import { getCases } from './get-cases.js';
 /**
  * Mutates passed AST

package/dist/permissions/modules/process-ast/process-ast.js CHANGED Viewed

@@ -3,8 +3,8 @@ import { fetchPolicies } from '../../lib/fetch-policies.js';
 import { fieldMapFromAst } from './lib/field-map-from-ast.js';
 import { injectCases } from './lib/inject-cases.js';
 import { collectionsInFieldMap } from './utils/collections-in-field-map.js';
-import { validatePathPermissions } from './utils/validate-path/validate-path-permissions.js';
 import { validatePathExistence } from './utils/validate-path/validate-path-existence.js';
+import { validatePathPermissions } from './utils/validate-path/validate-path-permissions.js';
 export async function processAst(options, context) {
     // FieldMap is a Map of paths in the AST, with each path containing the collection and fields in
     // that collection that the AST path tries to access

package/dist/permissions/modules/process-payload/process-payload.js CHANGED Viewed

@@ -6,8 +6,8 @@ import { fetchPolicies } from '../../lib/fetch-policies.js';
 import { extractRequiredDynamicVariableContext } from '../../utils/extract-required-dynamic-variable-context.js';
 import { fetchDynamicVariableData } from '../../utils/fetch-dynamic-variable-data.js';
 import { contextHasDynamicVariables } from '../process-ast/utils/context-has-dynamic-variables.js';
-import { isFieldNullable } from './lib/is-field-nullable.js';
 import { createCollectionForbiddenError, createFieldsForbiddenError, } from '../process-ast/utils/validate-path/create-error.js';
+import { isFieldNullable } from './lib/is-field-nullable.js';
 /**
  * @note this only validates the top-level fields. The expectation is that this function is called
  * for each level of nested insert separately

package/dist/permissions/modules/validate-access/lib/validate-item-access.d.ts CHANGED Viewed

@@ -6,5 +6,17 @@ export interface ValidateItemAccessOptions {
     collection: string;
     primaryKeys: PrimaryKey[];
     fields?: string[];
+    returnAllowedRootFields?: boolean;
 }
-export declare function validateItemAccess(options: ValidateItemAccessOptions, context: Context): Promise<any>;
+export interface ValidateItemAccessOptionsWithRootFields extends ValidateItemAccessOptions {
+    returnAllowedRootFields: true;
+}
+export interface ValidateItemAccessResult {
+    accessAllowed: boolean;
+    allowedRootFields?: string[];
+}
+export interface ValidateItemAccessResultWithRootFields extends ValidateItemAccessResult {
+    allowedRootFields: string[];
+}
+export declare function validateItemAccess(options: ValidateItemAccessOptionsWithRootFields, context: Context): Promise<ValidateItemAccessResultWithRootFields>;
+export declare function validateItemAccess(options: ValidateItemAccessOptions, context: Context): Promise<ValidateItemAccessResult>;