npm - @strapi/content-manager - Versions diffs - 0.0.0-experimental.17b4116f461a49b8ce5386f7c8d79c511d40fb3b → 0.0.0-experimental.1fc4b627b49f713b07ed9f7f2b37741dcf8cf736 - Mend

@strapi/content-manager 0.0.0-experimental.17b4116f461a49b8ce5386f7c8d79c511d40fb3b → 0.0.0-experimental.1fc4b627b49f713b07ed9f7f2b37741dcf8cf736

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (214) hide show

package/dist/server/index.mjs CHANGED Viewed

@@ -1,5 +1,5 @@
-import strapiUtils, { validateYupSchema, errors, async, contentTypes as contentTypes$1, yup as yup$1, validateYupSchemaSync, policy, traverse, setCreatorFields, isOperatorOfType, relations as relations$1, pagination, sanitize } from "@strapi/utils";
-import { pick, omit, difference, intersection, pipe, propOr, isEqual, isEmpty, set, isNil as isNil$1, has, prop, assoc, mapValues, flow, uniq, uniqBy, concat, getOr, propEq, merge, groupBy, castArray } from "lodash/fp";
+import strapiUtils, { validateYupSchema, errors, async, contentTypes as contentTypes$1, yup as yup$1, validateYupSchemaSync, policy, traverse, setCreatorFields, isOperatorOfType, relations as relations$1, traverseEntity, pagination } from "@strapi/utils";
+import { pick, omit, difference, castArray, intersection, pipe, propOr, isEqual, isEmpty, set, isNil as isNil$1, has, prop, assoc, mapValues, flow, uniq, uniqBy, concat, getOr, propEq, merge, groupBy } from "lodash/fp";
 import "@strapi/types";
 import * as yup from "yup";
 import { scheduleJob } from "node-schedule";
@@ -95,7 +95,7 @@ const createHistoryVersionController = ({ strapi: strapi2 }) => {
     }
   };
 };
-const controllers$1 = {
+const controllers$2 = {
   "history-version": createHistoryVersionController
   /**
    * Casting is needed because the types aren't aware that Strapi supports
@@ -173,7 +173,9 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
     return strapi2.db.query("plugin::upload.file").findOne({ where: { id: versionRelationData.id } });
   };
   const localesService = strapi2.plugin("i18n")?.service("locales");
+  const i18nContentTypeService = strapi2.plugin("i18n")?.service("content-types");
   const getDefaultLocale = async () => localesService ? localesService.getDefaultLocale() : null;
+  const isLocalizedContentType = (model) => i18nContentTypeService ? i18nContentTypeService.isLocalizedContentType(model) : false;
   const getLocaleDictionary = async () => {
     if (!localesService)
       return {};
@@ -200,20 +202,25 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
     const meta = await documentMetadataService.getMetadata(contentTypeUid, document);
     return documentMetadataService.getStatus(document, meta.availableStatus);
   };
-  const getDeepPopulate2 = (uid2) => {
+  const getDeepPopulate2 = (uid2, useDatabaseSyntax = false) => {
     const model = strapi2.getModel(uid2);
     const attributes = Object.entries(model.attributes);
+    const fieldSelector = useDatabaseSyntax ? "select" : "fields";
     return attributes.reduce((acc, [attributeName, attribute]) => {
       switch (attribute.type) {
         case "relation": {
+          const isMorphRelation = attribute.relation.toLowerCase().startsWith("morph");
+          if (isMorphRelation) {
+            break;
+          }
           const isVisible2 = contentTypes$1.isVisibleAttribute(model, attributeName);
           if (isVisible2) {
-            acc[attributeName] = { fields: ["documentId", "locale", "publishedAt"] };
+            acc[attributeName] = { [fieldSelector]: ["documentId", "locale", "publishedAt"] };
           }
           break;
         }
         case "media": {
-          acc[attributeName] = { fields: ["id"] };
+          acc[attributeName] = { [fieldSelector]: ["id"] };
           break;
         }
         case "component": {
@@ -286,6 +293,7 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
     getRelationRestoreValue,
     getMediaRestoreValue,
     getDefaultLocale,
+    isLocalizedContentType,
     getLocaleDictionary,
     getRetentionDays,
     getVersionStatus,
@@ -308,7 +316,13 @@ const createHistoryService = ({ strapi: strapi2 }) => {
       });
     },
     async findVersionsPage(params) {
-      const locale = params.query.locale || await serviceUtils.getDefaultLocale();
+      const model = strapi2.getModel(params.query.contentType);
+      const isLocalizedContentType = serviceUtils.isLocalizedContentType(model);
+      const defaultLocale = await serviceUtils.getDefaultLocale();
+      let locale = null;
+      if (isLocalizedContentType) {
+        locale = params.query.locale || defaultLocale;
+      }
       const [{ results, pagination: pagination2 }, localeDictionary] = await Promise.all([
         query.findPage({
           ...params.query,
@@ -353,7 +367,12 @@ const createHistoryService = ({ strapi: strapi2 }) => {
                     if (userToPopulate == null) {
                       return null;
                     }
-                    return strapi2.query("admin::user").findOne({ where: { id: userToPopulate.id } });
+                    return strapi2.query("admin::user").findOne({
+                      where: {
+                        ...userToPopulate.id ? { id: userToPopulate.id } : {},
+                        ...userToPopulate.documentId ? { documentId: userToPopulate.documentId } : {}
+                      }
+                    });
                   })
                 );
                 return {
@@ -464,13 +483,47 @@ const createHistoryService = ({ strapi: strapi2 }) => {
     }
   };
 };
+const shouldCreateHistoryVersion = (context) => {
+  if (!strapi.requestContext.get()?.request.url.startsWith("/content-manager")) {
+    return false;
+  }
+  if (context.action !== "create" && context.action !== "update" && context.action !== "clone" && context.action !== "publish" && context.action !== "unpublish" && context.action !== "discardDraft") {
+    return false;
+  }
+  if (context.action === "update" && strapi.requestContext.get()?.request.url.endsWith("/actions/publish")) {
+    return false;
+  }
+  if (!context.contentType.uid.startsWith("api::")) {
+    return false;
+  }
+  return true;
+};
+const getSchemas = (uid2) => {
+  const attributesSchema = strapi.getModel(uid2).attributes;
+  const componentsSchemas = Object.keys(attributesSchema).reduce(
+    (currentComponentSchemas, key) => {
+      const fieldSchema = attributesSchema[key];
+      if (fieldSchema.type === "component") {
+        const componentSchema = strapi.getModel(fieldSchema.component).attributes;
+        return {
+          ...currentComponentSchemas,
+          [fieldSchema.component]: componentSchema
+        };
+      }
+      return currentComponentSchemas;
+    },
+    {}
+  );
+  return {
+    schema: omit(FIELDS_TO_IGNORE, attributesSchema),
+    componentsSchemas
+  };
+};
 const createLifecyclesService = ({ strapi: strapi2 }) => {
   const state = {
     deleteExpiredJob: null,
     isInitialized: false
   };
-  const query = strapi2.db.query(HISTORY_VERSION_UID);
-  const historyService = getService(strapi2, "history");
   const serviceUtils = createServiceUtils({ strapi: strapi2 });
   return {
     async bootstrap() {
@@ -478,60 +531,53 @@ const createLifecyclesService = ({ strapi: strapi2 }) => {
         return;
       }
       strapi2.documents.use(async (context, next) => {
-        if (!strapi2.requestContext.get()?.request.url.startsWith("/content-manager")) {
-          return next();
-        }
-        if (context.action !== "create" && context.action !== "update" && context.action !== "publish" && context.action !== "unpublish" && context.action !== "discardDraft") {
-          return next();
-        }
-        const contentTypeUid = context.contentType.uid;
-        if (!contentTypeUid.startsWith("api::")) {
-          return next();
-        }
         const result = await next();
-        const documentContext = context.action === "create" ? { documentId: result.documentId, locale: context.params?.locale } : { documentId: context.params.documentId, locale: context.params?.locale };
+        if (!shouldCreateHistoryVersion(context)) {
+          return result;
+        }
+        const documentId = context.action === "create" || context.action === "clone" ? result.documentId : context.params.documentId;
         const defaultLocale = await serviceUtils.getDefaultLocale();
-        const locale = documentContext.locale || defaultLocale;
-        const document = await strapi2.documents(contentTypeUid).findOne({
-          documentId: documentContext.documentId,
-          locale,
-          populate: serviceUtils.getDeepPopulate(contentTypeUid)
+        const locales = castArray(context.params?.locale || defaultLocale);
+        if (!locales.length) {
+          return result;
+        }
+        const uid2 = context.contentType.uid;
+        const schemas = getSchemas(uid2);
+        const model = strapi2.getModel(uid2);
+        const isLocalizedContentType = serviceUtils.isLocalizedContentType(model);
+        const localeEntries = await strapi2.db.query(uid2).findMany({
+          where: {
+            documentId,
+            ...isLocalizedContentType ? { locale: { $in: locales } } : {},
+            ...contentTypes$1.hasDraftAndPublish(strapi2.contentTypes[uid2]) ? { publishedAt: null } : {}
+          },
+          populate: serviceUtils.getDeepPopulate(
+            uid2,
+            true
+            /* use database syntax */
+          )
         });
-        const status = await serviceUtils.getVersionStatus(contentTypeUid, document);
-        const attributesSchema = strapi2.getModel(contentTypeUid).attributes;
-        const componentsSchemas = Object.keys(
-          attributesSchema
-        ).reduce((currentComponentSchemas, key) => {
-          const fieldSchema = attributesSchema[key];
-          if (fieldSchema.type === "component") {
-            const componentSchema = strapi2.getModel(fieldSchema.component).attributes;
-            return {
-              ...currentComponentSchemas,
-              [fieldSchema.component]: componentSchema
-            };
-          }
-          return currentComponentSchemas;
-        }, {});
         await strapi2.db.transaction(async ({ onCommit }) => {
-          onCommit(() => {
-            historyService.createVersion({
-              contentType: contentTypeUid,
-              data: omit(FIELDS_TO_IGNORE, document),
-              schema: omit(FIELDS_TO_IGNORE, attributesSchema),
-              componentsSchemas,
-              relatedDocumentId: documentContext.documentId,
-              locale,
-              status
-            });
+          onCommit(async () => {
+            for (const entry of localeEntries) {
+              const status = await serviceUtils.getVersionStatus(uid2, entry);
+              await getService(strapi2, "history").createVersion({
+                contentType: uid2,
+                data: omit(FIELDS_TO_IGNORE, entry),
+                relatedDocumentId: documentId,
+                locale: entry.locale,
+                status,
+                ...schemas
+              });
+            }
           });
         });
         return result;
       });
-      const retentionDays = serviceUtils.getRetentionDays();
       state.deleteExpiredJob = scheduleJob("0 0 * * *", () => {
-        const retentionDaysInMilliseconds = retentionDays * 24 * 60 * 60 * 1e3;
+        const retentionDaysInMilliseconds = serviceUtils.getRetentionDays() * 24 * 60 * 60 * 1e3;
         const expirationDate = new Date(Date.now() - retentionDaysInMilliseconds);
-        query.deleteMany({
+        strapi2.db.query(HISTORY_VERSION_UID).deleteMany({
           where: {
             created_at: {
               $lt: expirationDate.toISOString()
@@ -548,17 +594,17 @@ const createLifecyclesService = ({ strapi: strapi2 }) => {
     }
   };
 };
-const services$1 = {
+const services$2 = {
   history: createHistoryService,
   lifecycles: createLifecyclesService
 };
-const info = { pluginName: "content-manager", type: "admin" };
+const info$1 = { pluginName: "content-manager", type: "admin" };
 const historyVersionRouter = {
   type: "admin",
   routes: [
     {
       method: "GET",
-      info,
+      info: info$1,
       path: "/history-versions",
       handler: "history-version.findMany",
       config: {
@@ -567,7 +613,7 @@ const historyVersionRouter = {
     },
     {
       method: "PUT",
-      info,
+      info: info$1,
       path: "/history-versions/:versionId/restore",
       handler: "history-version.restoreVersion",
       config: {
@@ -576,7 +622,7 @@ const historyVersionRouter = {
     }
   ]
 };
-const routes$1 = {
+const routes$2 = {
   "history-version": historyVersionRouter
 };
 const historyVersion = {
@@ -623,7 +669,7 @@ const historyVersion = {
     }
   }
 };
-const getFeature = () => {
+const getFeature$1 = () => {
   if (strapi.ee.features.isEnabled("cms-content-history")) {
     return {
       register({ strapi: strapi2 }) {
@@ -635,9 +681,9 @@ const getFeature = () => {
       destroy({ strapi: strapi2 }) {
         getService(strapi2, "lifecycles").destroy();
       },
-      controllers: controllers$1,
-      services: services$1,
-      routes: routes$1
+      controllers: controllers$2,
+      services: services$2,
+      routes: routes$2
     };
   }
   return {
@@ -646,7 +692,7 @@ const getFeature = () => {
     }
   };
 };
-const history = getFeature();
+const history = getFeature$1();
 const register = async ({ strapi: strapi2 }) => {
   await history.register?.({ strapi: strapi2 });
 };
@@ -654,6 +700,62 @@ const ALLOWED_WEBHOOK_EVENTS = {
   ENTRY_PUBLISH: "entry.publish",
   ENTRY_UNPUBLISH: "entry.unpublish"
 };
+const FEATURE_ID = "preview";
+const info = { pluginName: "content-manager", type: "admin" };
+const previewRouter = {
+  type: "admin",
+  routes: [
+    {
+      method: "GET",
+      info,
+      path: "/preview/url/:contentType",
+      handler: "preview.getPreviewURL",
+      config: {
+        policies: ["admin::isAuthenticatedAdmin"]
+      }
+    }
+  ]
+};
+const routes$1 = {
+  preview: previewRouter
+};
+const createPreviewController = () => {
+  return {
+    async getPreviewURL(ctx) {
+      ctx.request;
+      return {
+        data: { url: "" }
+      };
+    }
+  };
+};
+const controllers$1 = {
+  preview: createPreviewController
+  /**
+   * Casting is needed because the types aren't aware that Strapi supports
+   * passing a controller factory as the value, instead of a controller object directly
+   */
+};
+const createPreviewService = () => {
+};
+const services$1 = {
+  preview: createPreviewService
+};
+const getFeature = () => {
+  if (!strapi.features.future.isEnabled(FEATURE_ID)) {
+    return {};
+  }
+  return {
+    bootstrap() {
+      console.log("Bootstrapping preview server");
+      strapi.config.get("admin.preview");
+    },
+    routes: routes$1,
+    controllers: controllers$1,
+    services: services$1
+  };
+};
+const preview = getFeature();
 const bootstrap = async () => {
   Object.entries(ALLOWED_WEBHOOK_EVENTS).forEach(([key, value]) => {
     strapi.get("webhookStore").addAllowedEvent(key, value);
@@ -663,6 +765,7 @@ const bootstrap = async () => {
   await getService$1("content-types").syncConfigurations();
   await getService$1("permission").registerPermissions();
   await history.bootstrap?.({ strapi });
+  await preview.bootstrap?.({ strapi });
 };
 const destroy = async ({ strapi: strapi2 }) => {
   await history.destroy?.({ strapi: strapi2 });
@@ -1152,7 +1255,8 @@ const admin = {
 };
 const routes = {
   admin,
-  ...history.routes ? history.routes : {}
+  ...history.routes ? history.routes : {},
+  ...preview.routes ? preview.routes : {}
 };
 const hasPermissionsSchema = yup$1.object({
   actions: yup$1.array().of(yup$1.string()),
@@ -1163,6 +1267,11 @@ const { createPolicy } = policy;
 const hasPermissions = createPolicy({
   name: "plugin::content-manager.hasPermissions",
   validator: validateHasPermissionsInput,
+  /**
+   * NOTE: Action aliases are currently not checked at this level (policy).
+   *       This is currently the intended behavior to avoid changing the behavior of API related permissions.
+   *       If you want to add support for it, please create a dedicated RFC with a list of potential side effect this could have.
+   */
   handler(ctx, config = {}) {
     const { actions = [], hasAtLeastOne = false } = config;
     const { userAbility } = ctx.state;
@@ -1452,7 +1561,7 @@ const { PaginationError, ValidationError } = errors;
 const TYPES = ["singleType", "collectionType"];
 const kindSchema = yup$1.string().oneOf(TYPES).nullable();
 const bulkActionInputSchema = yup$1.object({
-  ids: yup$1.array().of(yup$1.strapiID()).min(1).required()
+  documentIds: yup$1.array().of(yup$1.strapiID()).min(1).required()
 }).required();
 const generateUIDInputSchema = yup$1.object({
   contentTypeUID: yup$1.string().required(),
@@ -1551,15 +1660,49 @@ const excludeNotCreatableFields = (uid2, permissionChecker2) => (body, path = []
     }
   }, body);
 };
-const getDocumentLocaleAndStatus = (request) => {
-  const { locale, status, ...rest } = request || {};
-  if (!isNil$1(locale) && typeof locale !== "string") {
-    throw new errors.ValidationError(`Invalid locale: ${locale}`);
-  }
-  if (!isNil$1(status) && !["draft", "published"].includes(status)) {
-    throw new errors.ValidationError(`Invalid status: ${status}`);
+const singleLocaleSchema = yup$1.string().nullable();
+const multipleLocaleSchema = yup$1.lazy(
+  (value) => Array.isArray(value) ? yup$1.array().of(singleLocaleSchema.required()) : singleLocaleSchema
+);
+const statusSchema = yup$1.mixed().oneOf(["draft", "published"], "Invalid status");
+const getDocumentLocaleAndStatus = async (request, model, opts = { allowMultipleLocales: false }) => {
+  const { allowMultipleLocales } = opts;
+  const { locale, status: providedStatus, ...rest } = request || {};
+  const defaultStatus = contentTypes$1.hasDraftAndPublish(strapi.getModel(model)) ? void 0 : "published";
+  const status = providedStatus !== void 0 ? providedStatus : defaultStatus;
+  const schema = yup$1.object().shape({
+    locale: allowMultipleLocales ? multipleLocaleSchema : singleLocaleSchema,
+    status: statusSchema
+  });
+  try {
+    await validateYupSchema(schema, { strict: true, abortEarly: false })(request);
+    return { locale, status, ...rest };
+  } catch (error) {
+    throw new errors.ValidationError(`Validation error: ${error.message}`);
   }
-  return { locale, status, ...rest };
+};
+const formatDocumentWithMetadata = async (permissionChecker2, uid2, document, opts = {}) => {
+  const documentMetadata2 = getService$1("document-metadata");
+  const serviceOutput = await documentMetadata2.formatDocumentWithMetadata(uid2, document, opts);
+  let {
+    meta: { availableLocales, availableStatus }
+  } = serviceOutput;
+  const metadataSanitizer = permissionChecker2.sanitizeOutput;
+  availableLocales = await async.map(
+    availableLocales,
+    async (localeDocument) => metadataSanitizer(localeDocument)
+  );
+  availableStatus = await async.map(
+    availableStatus,
+    async (statusDocument) => metadataSanitizer(statusDocument)
+  );
+  return {
+    ...serviceOutput,
+    meta: {
+      availableLocales,
+      availableStatus
+    }
+  };
 };
 const createDocument = async (ctx, opts) => {
   const { userAbility, user } = ctx.state;
@@ -1574,7 +1717,7 @@ const createDocument = async (ctx, opts) => {
   const setCreator = setCreatorFields({ user });
   const sanitizeFn = async.pipe(pickPermittedFields, setCreator);
   const sanitizedBody = await sanitizeFn(body);
-  const { locale, status = "draft" } = getDocumentLocaleAndStatus(body);
+  const { locale, status } = await getDocumentLocaleAndStatus(body, model);
   return documentManager2.create(model, {
     data: sanitizedBody,
     locale,
@@ -1593,7 +1736,7 @@ const updateDocument = async (ctx, opts) => {
   }
   const permissionQuery = await permissionChecker2.sanitizedQuery.update(ctx.query);
   const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-  const { locale } = getDocumentLocaleAndStatus(body);
+  const { locale } = await getDocumentLocaleAndStatus(body, model);
   const [documentVersion, documentExists] = await Promise.all([
     documentManager2.findOne(id, model, { populate, locale, status: "draft" }),
     documentManager2.exists(model, id)
@@ -1609,7 +1752,7 @@ const updateDocument = async (ctx, opts) => {
     throw new errors.ForbiddenError();
   }
   const pickPermittedFields = documentVersion ? permissionChecker2.sanitizeUpdateInput(documentVersion) : permissionChecker2.sanitizeCreateInput;
-  const setCreator = setCreatorFields({ user, isEdition: true });
+  const setCreator = documentVersion ? setCreatorFields({ user, isEdition: true }) : setCreatorFields({ user });
   const sanitizeFn = async.pipe(pickPermittedFields, setCreator);
   const sanitizedBody = await sanitizeFn(body);
   return documentManager2.update(documentVersion?.documentId || id, model, {
@@ -1631,7 +1774,7 @@ const collectionTypes = {
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(1).countRelations({ toOne: false, toMany: true }).build();
-    const { locale, status } = getDocumentLocaleAndStatus(query);
+    const { locale, status } = await getDocumentLocaleAndStatus(query, model);
     const { results: documents, pagination: pagination2 } = await documentManager2.findPage(
       { ...permissionQuery, populate, locale, status },
       model
@@ -1660,14 +1803,13 @@ const collectionTypes = {
     const { userAbility } = ctx.state;
     const { model, id } = ctx.params;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(ctx.query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
-    const { locale, status = "draft" } = getDocumentLocaleAndStatus(ctx.query);
+    const { locale, status } = await getDocumentLocaleAndStatus(ctx.query, model);
     const version = await documentManager2.findOne(id, model, {
       populate,
       locale,
@@ -1678,9 +1820,11 @@ const collectionTypes = {
       if (!exists) {
         return ctx.notFound();
       }
-      const { meta } = await documentMetadata2.formatDocumentWithMetadata(
+      const { meta } = await formatDocumentWithMetadata(
+        permissionChecker2,
         model,
-        { id, locale, publishedAt: null },
+        // @ts-expect-error TODO: fix
+        { documentId: id, locale, publishedAt: null },
         { availableLocales: true, availableStatus: false }
       );
       ctx.body = { data: {}, meta };
@@ -1690,12 +1834,11 @@ const collectionTypes = {
       return ctx.forbidden();
     }
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(version);
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedDocument);
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument);
   },
   async create(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     const [totalEntries, document] = await Promise.all([
       strapi.db.query(model).count(),
@@ -1703,7 +1846,7 @@ const collectionTypes = {
     ]);
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(document);
     ctx.status = 201;
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedDocument, {
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument, {
       // Empty metadata as it's not relevant for a new document
       availableLocales: false,
       availableStatus: false
@@ -1717,25 +1860,23 @@ const collectionTypes = {
   async update(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     const updatedVersion = await updateDocument(ctx);
     const sanitizedVersion = await permissionChecker2.sanitizeOutput(updatedVersion);
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedVersion);
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedVersion);
   },
   async clone(ctx) {
     const { userAbility, user } = ctx.state;
     const { model, sourceId: id } = ctx.params;
     const { body } = ctx.request;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.create()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.create(ctx.query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale } = getDocumentLocaleAndStatus(body);
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await documentManager2.findOne(id, model, {
       populate,
       locale,
@@ -1751,7 +1892,7 @@ const collectionTypes = {
     const sanitizedBody = await sanitizeFn(body);
     const clonedDocument = await documentManager2.clone(document.documentId, sanitizedBody, model);
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(clonedDocument);
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedDocument, {
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument, {
       // Empty metadata as it's not relevant for a new document
       availableLocales: false,
       availableStatus: false
@@ -1780,7 +1921,7 @@ const collectionTypes = {
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.delete(ctx.query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale } = getDocumentLocaleAndStatus(ctx.query);
+    const { locale } = await getDocumentLocaleAndStatus(ctx.query, model);
     const documentLocales = await documentManager2.findLocales(id, model, { populate, locale });
     if (documentLocales.length === 0) {
       return ctx.notFound();
@@ -1802,7 +1943,6 @@ const collectionTypes = {
     const { id, model } = ctx.params;
     const { body } = ctx.request;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.publish()) {
       return ctx.forbidden();
@@ -1810,25 +1950,52 @@ const collectionTypes = {
     const publishedDocument = await strapi.db.transaction(async () => {
       const permissionQuery = await permissionChecker2.sanitizedQuery.publish(ctx.query);
       const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
-      const document = id ? await updateDocument(ctx, { populate }) : await createDocument(ctx, { populate });
+      let document;
+      const { locale } = await getDocumentLocaleAndStatus(body, model);
+      const isCreate = isNil$1(id);
+      if (isCreate) {
+        if (permissionChecker2.cannot.create()) {
+          throw new errors.ForbiddenError();
+        }
+        document = await createDocument(ctx, { populate });
+      }
+      const isUpdate = !isCreate;
+      if (isUpdate) {
+        const documentExists = documentManager2.exists(model, id);
+        if (!documentExists) {
+          throw new errors.NotFoundError("Document not found");
+        }
+        document = await documentManager2.findOne(id, model, { populate, locale });
+        if (!document) {
+          if (permissionChecker2.cannot.create({ locale }) || permissionChecker2.cannot.publish({ locale })) {
+            throw new errors.ForbiddenError();
+          }
+          document = await updateDocument(ctx);
+        } else if (permissionChecker2.can.update(document)) {
+          await updateDocument(ctx);
+        }
+      }
       if (permissionChecker2.cannot.publish(document)) {
         throw new errors.ForbiddenError();
       }
-      const { locale } = getDocumentLocaleAndStatus(body);
-      return documentManager2.publish(document.documentId, model, {
+      const publishResult = await documentManager2.publish(document.documentId, model, {
         locale
         // TODO: Allow setting creator fields on publish
         // data: setCreatorFields({ user, isEdition: true })({}),
       });
+      if (!publishResult || publishResult.length === 0) {
+        throw new errors.NotFoundError("Document not found or already published.");
+      }
+      return publishResult[0];
     });
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(publishedDocument);
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedDocument);
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument);
   },
   async bulkPublish(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { body } = ctx.request;
-    const { ids } = body;
+    const { documentIds } = body;
     await validateBulkActionInput(body);
     const documentManager2 = getService$1("document-manager");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
@@ -1837,8 +2004,13 @@ const collectionTypes = {
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.publish(ctx.query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
-    const entityPromises = ids.map((id) => documentManager2.findOne(id, model, { populate }));
-    const entities = await Promise.all(entityPromises);
+    const { locale } = await getDocumentLocaleAndStatus(body, model, {
+      allowMultipleLocales: true
+    });
+    const entityPromises = documentIds.map(
+      (documentId) => documentManager2.findLocales(documentId, model, { populate, locale, isPublished: false })
+    );
+    const entities = (await Promise.all(entityPromises)).flat();
     for (const entity of entities) {
       if (!entity) {
         return ctx.notFound();
@@ -1847,24 +2019,27 @@ const collectionTypes = {
         return ctx.forbidden();
       }
     }
-    const { count } = await documentManager2.publishMany(entities, model);
+    const count = await documentManager2.publishMany(model, documentIds, locale);
     ctx.body = { count };
   },
   async bulkUnpublish(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { body } = ctx.request;
-    const { ids } = body;
+    const { documentIds } = body;
     await validateBulkActionInput(body);
     const documentManager2 = getService$1("document-manager");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.unpublish()) {
       return ctx.forbidden();
     }
-    const permissionQuery = await permissionChecker2.sanitizedQuery.publish(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const entityPromises = ids.map((id) => documentManager2.findOne(id, model, { populate }));
-    const entities = await Promise.all(entityPromises);
+    const { locale } = await getDocumentLocaleAndStatus(body, model, {
+      allowMultipleLocales: true
+    });
+    const entityPromises = documentIds.map(
+      (documentId) => documentManager2.findLocales(documentId, model, { locale, isPublished: true })
+    );
+    const entities = (await Promise.all(entityPromises)).flat();
     for (const entity of entities) {
       if (!entity) {
         return ctx.notFound();
@@ -1873,7 +2048,8 @@ const collectionTypes = {
         return ctx.forbidden();
       }
     }
-    const { count } = await documentManager2.unpublishMany(entities, model);
+    const entitiesIds = entities.map((document) => document.documentId);
+    const { count } = await documentManager2.unpublishMany(entitiesIds, model, { locale });
     ctx.body = { count };
   },
   async unpublish(ctx) {
@@ -1883,7 +2059,6 @@ const collectionTypes = {
       body: { discardDraft, ...body }
     } = ctx.request;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.unpublish()) {
       return ctx.forbidden();
@@ -1893,7 +2068,7 @@ const collectionTypes = {
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.unpublish(ctx.query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale } = getDocumentLocaleAndStatus(body);
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await documentManager2.findOne(id, model, {
       populate,
       locale,
@@ -1915,7 +2090,7 @@ const collectionTypes = {
       ctx.body = await async.pipe(
         (document2) => documentManager2.unpublish(document2.documentId, model, { locale }),
         permissionChecker2.sanitizeOutput,
-        (document2) => documentMetadata2.formatDocumentWithMetadata(model, document2)
+        (document2) => formatDocumentWithMetadata(permissionChecker2, model, document2)
       )(document);
     });
   },
@@ -1924,14 +2099,13 @@ const collectionTypes = {
     const { id, model } = ctx.params;
     const { body } = ctx.request;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.discard()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.discard(ctx.query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale } = getDocumentLocaleAndStatus(body);
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await documentManager2.findOne(id, model, {
       populate,
       locale,
@@ -1946,14 +2120,14 @@ const collectionTypes = {
     ctx.body = await async.pipe(
       (document2) => documentManager2.discardDraft(document2.documentId, model, { locale }),
       permissionChecker2.sanitizeOutput,
-      (document2) => documentMetadata2.formatDocumentWithMetadata(model, document2)
+      (document2) => formatDocumentWithMetadata(permissionChecker2, model, document2)
     )(document);
   },
   async bulkDelete(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { query, body } = ctx.request;
-    const { ids } = body;
+    const { documentIds } = body;
     await validateBulkActionInput(body);
     const documentManager2 = getService$1("document-manager");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
@@ -1961,14 +2135,22 @@ const collectionTypes = {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.delete(query);
-    const idsWhereClause = { id: { $in: ids } };
-    const params = {
-      ...permissionQuery,
-      filters: {
-        $and: [idsWhereClause].concat(permissionQuery.filters || [])
+    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
+    const documentLocales = await documentManager2.findLocales(documentIds, model, {
+      populate,
+      locale
+    });
+    if (documentLocales.length === 0) {
+      return ctx.notFound();
+    }
+    for (const document of documentLocales) {
+      if (permissionChecker2.cannot.delete(document)) {
+        return ctx.forbidden();
       }
-    };
-    const { count } = await documentManager2.deleteMany(params, model);
+    }
+    const localeDocumentsIds = documentLocales.map((document) => document.documentId);
+    const { count } = await documentManager2.deleteMany(localeDocumentsIds, model, { locale });
     ctx.body = { count };
   },
   async countDraftRelations(ctx) {
@@ -1981,7 +2163,7 @@ const collectionTypes = {
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(ctx.query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale, status = "draft" } = getDocumentLocaleAndStatus(ctx.query);
+    const { locale, status } = await getDocumentLocaleAndStatus(ctx.query, model);
     const entity = await documentManager2.findOne(id, model, { populate, locale, status });
     if (!entity) {
       return ctx.notFound();
@@ -1996,7 +2178,7 @@ const collectionTypes = {
   },
   async countManyEntriesDraftRelations(ctx) {
     const { userAbility } = ctx.state;
-    const ids = ctx.request.query.ids;
+    const ids = ctx.request.query.documentIds;
     const locale = ctx.request.query.locale;
     const { model } = ctx.params;
     const documentManager2 = getService$1("document-manager");
@@ -2004,16 +2186,16 @@ const collectionTypes = {
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
-    const entities = await documentManager2.findMany(
+    const documents = await documentManager2.findMany(
       {
         filters: {
-          id: ids
+          documentId: ids
         },
         locale
       },
       model
     );
-    if (!entities) {
+    if (!documents) {
       return ctx.notFound();
     }
     const number = await documentManager2.countManyEntriesDraftRelations(ids, model, locale);
@@ -2204,32 +2386,37 @@ const sanitizeMainField = (model, mainField, userAbility) => {
     userAbility,
     model: model.uid
   });
-  if (!isListable(model, mainField)) {
+  const isMainFieldListable = isListable(model, mainField);
+  const canReadMainField = permissionChecker2.can.read(null, mainField);
+  if (!isMainFieldListable || !canReadMainField) {
     return "id";
   }
-  if (permissionChecker2.cannot.read(null, mainField)) {
-    if (model.uid === "plugin::users-permissions.role") {
-      const userPermissionChecker = getService$1("permission-checker").create({
-        userAbility,
-        model: "plugin::users-permissions.user"
-      });
-      if (userPermissionChecker.can.read()) {
-        return "name";
-      }
-    }
-    return "id";
+  if (model.uid === "plugin::users-permissions.role") {
+    return "name";
   }
   return mainField;
 };
-const addStatusToRelations = async (uid2, relations2) => {
-  if (!contentTypes$1.hasDraftAndPublish(strapi.contentTypes[uid2])) {
+const addStatusToRelations = async (targetUid, relations2) => {
+  if (!contentTypes$1.hasDraftAndPublish(strapi.getModel(targetUid))) {
     return relations2;
   }
   const documentMetadata2 = getService$1("document-metadata");
-  const documentsAvailableStatus = await documentMetadata2.getManyAvailableStatus(uid2, relations2);
+  if (!relations2.length) {
+    return relations2;
+  }
+  const firstRelation = relations2[0];
+  const filters = {
+    documentId: { $in: relations2.map((r) => r.documentId) },
+    // NOTE: find the "opposite" status
+    publishedAt: firstRelation.publishedAt !== null ? { $null: true } : { $notNull: true }
+  };
+  const availableStatus = await strapi.query(targetUid).findMany({
+    select: ["id", "documentId", "locale", "updatedAt", "createdAt", "publishedAt"],
+    filters
+  });
   return relations2.map((relation) => {
-    const availableStatuses = documentsAvailableStatus.filter(
-      (availableDocument) => availableDocument.documentId === relation.documentId
+    const availableStatuses = availableStatus.filter(
+      (availableDocument) => availableDocument.documentId === relation.documentId && (relation.locale ? availableDocument.locale === relation.locale : true)
     );
     return {
       ...relation,
@@ -2250,11 +2437,8 @@ const validateLocale = (sourceUid, targetUid, locale) => {
   const isLocalized = strapi.plugin("i18n").service("content-types").isLocalizedContentType;
   const isSourceLocalized = isLocalized(sourceModel);
   const isTargetLocalized = isLocalized(targetModel);
-  let validatedLocale = locale;
-  if (!targetModel || !isTargetLocalized)
-    validatedLocale = void 0;
   return {
-    locale: validatedLocale,
+    locale,
     isSourceLocalized,
     isTargetLocalized
   };
@@ -2357,7 +2541,7 @@ const relations = {
       attribute,
       fieldsToSelect,
       mainField,
-      source: { schema: sourceSchema },
+      source: { schema: sourceSchema, isLocalized: isSourceLocalized },
       target: { schema: targetSchema, isLocalized: isTargetLocalized },
       sourceSchema,
       targetSchema,
@@ -2379,7 +2563,8 @@ const relations = {
       fieldsToSelect,
       mainField,
       source: {
-        schema: { uid: sourceUid, modelType: sourceModelType }
+        schema: { uid: sourceUid, modelType: sourceModelType },
+        isLocalized: isSourceLocalized
       },
       target: {
         schema: { uid: targetUid },
@@ -2417,12 +2602,16 @@ const relations = {
       } else {
         where.id = id;
       }
-      if (status) {
-        where[`${alias}.published_at`] = getPublishedAtClause(status, targetUid);
+      const publishedAt = getPublishedAtClause(status, targetUid);
+      if (!isEmpty(publishedAt)) {
+        where[`${alias}.published_at`] = publishedAt;
       }
-      if (filterByLocale) {
+      if (isTargetLocalized && locale) {
         where[`${alias}.locale`] = locale;
       }
+      if (isSourceLocalized && locale) {
+        where.locale = locale;
+      }
       if ((idsToInclude?.length ?? 0) !== 0) {
         where[`${alias}.id`].$notIn = idsToInclude;
       }
@@ -2440,7 +2629,8 @@ const relations = {
         id: { $notIn: uniq(idsToOmit) }
       });
     }
-    const res = await strapi.db.query(targetUid).findPage(strapi.get("query-params").transform(targetUid, queryParams));
+    const dbQuery = strapi.get("query-params").transform(targetUid, queryParams);
+    const res = await strapi.db.query(targetUid).findPage(dbQuery);
     ctx.body = {
       ...res,
       results: await addStatusToRelations(targetUid, res.results)
@@ -2455,29 +2645,39 @@ const relations = {
       attribute,
       targetField,
       fieldsToSelect,
-      source: {
-        schema: { uid: sourceUid }
-      },
-      target: {
-        schema: { uid: targetUid }
-      }
+      status,
+      source: { schema: sourceSchema },
+      target: { schema: targetSchema }
     } = await this.extractAndValidateRequestInfo(ctx, id);
+    const { uid: sourceUid } = sourceSchema;
+    const { uid: targetUid } = targetSchema;
     const permissionQuery = await getService$1("permission-checker").create({ userAbility, model: targetUid }).sanitizedQuery.read({ fields: fieldsToSelect });
     const dbQuery = strapi.db.query(sourceUid);
     const loadRelations = relations$1.isAnyToMany(attribute) ? (...args) => dbQuery.loadPages(...args) : (...args) => dbQuery.load(...args).then((res2) => ({ results: res2 ? [res2] : [] }));
+    const filters = {};
+    if (sourceSchema?.options?.draftAndPublish) {
+      if (targetSchema?.options?.draftAndPublish) {
+        if (status === "published") {
+          filters.publishedAt = { $notNull: true };
+        } else {
+          filters.publishedAt = { $null: true };
+        }
+      }
+    } else if (targetSchema?.options?.draftAndPublish) {
+      filters.publishedAt = { $null: true };
+    }
     const res = await loadRelations({ id: entryId }, targetField, {
-      select: ["id", "documentId", "locale", "publishedAt"],
+      select: ["id", "documentId", "locale", "publishedAt", "updatedAt"],
       ordering: "desc",
       page: ctx.request.query.page,
-      pageSize: ctx.request.query.pageSize
+      pageSize: ctx.request.query.pageSize,
+      filters
     });
     const loadedIds = res.results.map((item) => item.id);
     addFiltersClause(permissionQuery, { id: { $in: loadedIds } });
     const sanitizedRes = await loadRelations({ id: entryId }, targetField, {
       ...strapi.get("query-params").transform(targetUid, permissionQuery),
-      ordering: "desc",
-      page: ctx.request.query.page,
-      pageSize: ctx.request.query.pageSize
+      ordering: "desc"
     });
     const relationsUnion = uniqBy("id", concat(sanitizedRes.results, res.results));
     ctx.body = {
@@ -2509,7 +2709,7 @@ const createOrUpdateDocument = async (ctx, opts) => {
     throw new errors.ForbiddenError();
   }
   const sanitizedQuery = await permissionChecker2.sanitizedQuery.update(query);
-  const { locale } = getDocumentLocaleAndStatus(body);
+  const { locale } = await getDocumentLocaleAndStatus(body, model);
   const [documentVersion, otherDocumentVersion] = await Promise.all([
     findDocument(sanitizedQuery, model, { locale, status: "draft" }),
     // Find the first document to check if it exists
@@ -2546,12 +2746,11 @@ const singleTypes = {
     const { model } = ctx.params;
     const { query = {} } = ctx.request;
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
-    const documentMetadata2 = getService$1("document-metadata");
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(query);
-    const { locale, status } = getDocumentLocaleAndStatus(query);
+    const { locale, status } = await getDocumentLocaleAndStatus(query, model);
     const version = await findDocument(permissionQuery, model, { locale, status });
     if (!version) {
       if (permissionChecker2.cannot.create()) {
@@ -2561,9 +2760,11 @@ const singleTypes = {
       if (!document) {
         return ctx.notFound();
       }
-      const { meta } = await documentMetadata2.formatDocumentWithMetadata(
+      const { meta } = await formatDocumentWithMetadata(
+        permissionChecker2,
         model,
-        { id: document.documentId, locale, publishedAt: null },
+        // @ts-expect-error - fix types
+        { documentId: document.documentId, locale, publishedAt: null },
         { availableLocales: true, availableStatus: false }
       );
       ctx.body = { data: {}, meta };
@@ -2573,16 +2774,15 @@ const singleTypes = {
       return ctx.forbidden();
     }
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(version);
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedDocument);
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument);
   },
   async createOrUpdate(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     const document = await createOrUpdateDocument(ctx);
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(document);
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedDocument);
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument);
   },
   async delete(ctx) {
     const { userAbility } = ctx.state;
@@ -2595,7 +2795,7 @@ const singleTypes = {
     }
     const sanitizedQuery = await permissionChecker2.sanitizedQuery.delete(query);
     const populate = await buildPopulateFromQuery(sanitizedQuery, model);
-    const { locale } = getDocumentLocaleAndStatus(query);
+    const { locale } = await getDocumentLocaleAndStatus(query, model);
     const documentLocales = await documentManager2.findLocales(void 0, model, {
       populate,
       locale
@@ -2618,7 +2818,6 @@ const singleTypes = {
     const { model } = ctx.params;
     const { query = {} } = ctx.request;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.publish()) {
       return ctx.forbidden();
@@ -2633,11 +2832,12 @@ const singleTypes = {
       if (permissionChecker2.cannot.publish(document)) {
         throw new errors.ForbiddenError();
       }
-      const { locale } = getDocumentLocaleAndStatus(document);
-      return documentManager2.publish(document.documentId, model, { locale });
+      const { locale } = await getDocumentLocaleAndStatus(document, model);
+      const publishResult = await documentManager2.publish(document.documentId, model, { locale });
+      return publishResult.at(0);
     });
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(publishedDocument);
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedDocument);
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument);
   },
   async unpublish(ctx) {
     const { userAbility } = ctx.state;
@@ -2647,7 +2847,6 @@ const singleTypes = {
       query = {}
     } = ctx.request;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.unpublish()) {
       return ctx.forbidden();
@@ -2656,7 +2855,7 @@ const singleTypes = {
       return ctx.forbidden();
     }
     const sanitizedQuery = await permissionChecker2.sanitizedQuery.unpublish(query);
-    const { locale } = getDocumentLocaleAndStatus(body);
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await findDocument(sanitizedQuery, model, { locale });
     if (!document) {
       return ctx.notFound();
@@ -2674,7 +2873,7 @@ const singleTypes = {
       ctx.body = await async.pipe(
         (document2) => documentManager2.unpublish(document2.documentId, model, { locale }),
         permissionChecker2.sanitizeOutput,
-        (document2) => documentMetadata2.formatDocumentWithMetadata(model, document2)
+        (document2) => formatDocumentWithMetadata(permissionChecker2, model, document2)
       )(document);
     });
   },
@@ -2683,13 +2882,12 @@ const singleTypes = {
     const { model } = ctx.params;
     const { body, query = {} } = ctx.request;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.discard()) {
       return ctx.forbidden();
     }
     const sanitizedQuery = await permissionChecker2.sanitizedQuery.discard(query);
-    const { locale } = getDocumentLocaleAndStatus(body);
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await findDocument(sanitizedQuery, model, { locale, status: "published" });
     if (!document) {
       return ctx.notFound();
@@ -2700,7 +2898,7 @@ const singleTypes = {
     ctx.body = await async.pipe(
       (document2) => documentManager2.discardDraft(document2.documentId, model, { locale }),
       permissionChecker2.sanitizeOutput,
-      (document2) => documentMetadata2.formatDocumentWithMetadata(model, document2)
+      (document2) => formatDocumentWithMetadata(permissionChecker2, model, document2)
     )(document);
   },
   async countDraftRelations(ctx) {
@@ -2709,7 +2907,7 @@ const singleTypes = {
     const { query } = ctx.request;
     const documentManager2 = getService$1("document-manager");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
-    const { locale } = getDocumentLocaleAndStatus(query);
+    const { locale } = await getDocumentLocaleAndStatus(query, model);
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
@@ -2730,7 +2928,7 @@ const uid$1 = {
   async generateUID(ctx) {
     const { contentTypeUID, field, data } = await validateGenerateUIDInput(ctx.request.body);
     const { query = {} } = ctx.request;
-    const { locale } = getDocumentLocaleAndStatus(query);
+    const { locale } = await getDocumentLocaleAndStatus(query, contentTypeUID);
     await validateUIDField(contentTypeUID, field);
     const uidService = getService$1("uid");
     ctx.body = {
@@ -2742,7 +2940,7 @@ const uid$1 = {
       ctx.request.body
     );
     const { query = {} } = ctx.request;
-    const { locale } = getDocumentLocaleAndStatus(query);
+    const { locale } = await getDocumentLocaleAndStatus(query, contentTypeUID);
     await validateUIDField(contentTypeUID, field);
     const uidService = getService$1("uid");
     const isAvailable = await uidService.checkUIDAvailability({
@@ -2765,7 +2963,8 @@ const controllers = {
   relations,
   "single-types": singleTypes,
   uid: uid$1,
-  ...history.controllers ? history.controllers : {}
+  ...history.controllers ? history.controllers : {},
+  ...preview.controllers ? preview.controllers : {}
 };
 const keys = {
   CONFIGURATION: "configuration"
@@ -3385,12 +3584,27 @@ const createPermissionChecker = (strapi2) => ({ userAbility, model }) => {
     ability: userAbility,
     model
   });
-  const toSubject = (entity) => entity ? permissionsManager.toSubject(entity, model) : model;
+  const { actionProvider } = strapi2.service("admin::permission");
+  const toSubject = (entity) => {
+    return entity ? permissionsManager.toSubject(entity, model) : model;
+  };
   const can = (action, entity, field) => {
-    return userAbility.can(action, toSubject(entity), field);
+    const subject = toSubject(entity);
+    const aliases = actionProvider.unstable_aliases(action, model);
+    return (
+      // Test the original action to see if it passes
+      userAbility.can(action, subject, field) || // Else try every known alias if at least one of them succeed, then the user "can"
+      aliases.some((alias) => userAbility.can(alias, subject, field))
+    );
   };
   const cannot = (action, entity, field) => {
-    return userAbility.cannot(action, toSubject(entity), field);
+    const subject = toSubject(entity);
+    const aliases = actionProvider.unstable_aliases(action, model);
+    return (
+      // Test both the original action
+      userAbility.cannot(action, subject, field) && // and every known alias, if all of them fail (cannot), then the user truly "cannot"
+      aliases.every((alias) => userAbility.cannot(alias, subject, field))
+    );
   };
   const sanitizeOutput = (data, { action = ACTIONS.read } = {}) => {
     return permissionsManager.sanitizeOutput(data, { subject: toSubject(data), action });
@@ -3533,7 +3747,7 @@ const permission = ({ strapi: strapi2 }) => ({
     await strapi2.service("admin::permission").actionProvider.registerMany(actions);
   }
 });
-const { isVisibleAttribute: isVisibleAttribute$1 } = strapiUtils.contentTypes;
+const { isVisibleAttribute: isVisibleAttribute$1, isScalarAttribute, getDoesAttributeRequireValidation } = strapiUtils.contentTypes;
 const { isAnyToMany } = strapiUtils.relations;
 const { PUBLISHED_AT_ATTRIBUTE: PUBLISHED_AT_ATTRIBUTE$1 } = strapiUtils.contentTypes.constants;
 const isMorphToRelation = (attribute) => isRelation(attribute) && attribute.relation.includes("morphTo");
@@ -3624,6 +3838,42 @@ const getDeepPopulate = (uid2, {
     {}
   );
 };
+const getValidatableFieldsPopulate = (uid2, {
+  initialPopulate = {},
+  countMany = false,
+  countOne = false,
+  maxLevel = Infinity
+} = {}, level = 1) => {
+  if (level > maxLevel) {
+    return {};
+  }
+  const model = strapi.getModel(uid2);
+  return Object.entries(model.attributes).reduce((populateAcc, [attributeName, attribute]) => {
+    if (!getDoesAttributeRequireValidation(attribute)) {
+      return populateAcc;
+    }
+    if (isScalarAttribute(attribute)) {
+      return merge(populateAcc, {
+        [attributeName]: true
+      });
+    }
+    return merge(
+      populateAcc,
+      getPopulateFor(
+        attributeName,
+        model,
+        {
+          // @ts-expect-error - improve types
+          initialPopulate: initialPopulate?.[attributeName],
+          countMany,
+          countOne,
+          maxLevel
+        },
+        level
+      )
+    );
+  }, {});
+};
 const getDeepPopulateDraftCount = (uid2) => {
   const model = strapi.getModel(uid2);
   let hasRelations = false;
@@ -3631,6 +3881,10 @@ const getDeepPopulateDraftCount = (uid2) => {
     const attribute = model.attributes[attributeName];
     switch (attribute.type) {
       case "relation": {
+        const isMorphRelation = attribute.relation.toLowerCase().startsWith("morph");
+        if (isMorphRelation) {
+          break;
+        }
         if (isVisibleAttribute$1(model, attributeName)) {
           populateAcc[attributeName] = {
             count: true,
@@ -3645,22 +3899,24 @@ const getDeepPopulateDraftCount = (uid2) => {
           attribute.component
         );
         if (childHasRelations) {
-          populateAcc[attributeName] = { populate: populate2 };
+          populateAcc[attributeName] = {
+            populate: populate2
+          };
           hasRelations = true;
         }
         break;
       }
       case "dynamiczone": {
-        const dzPopulate = (attribute.components || []).reduce((acc, componentUID) => {
-          const { populate: populate2, hasRelations: childHasRelations } = getDeepPopulateDraftCount(componentUID);
-          if (childHasRelations) {
+        const dzPopulateFragment = attribute.components?.reduce((acc, componentUID) => {
+          const { populate: componentPopulate, hasRelations: componentHasRelations } = getDeepPopulateDraftCount(componentUID);
+          if (componentHasRelations) {
             hasRelations = true;
-            return merge(acc, populate2);
+            return { ...acc, [componentUID]: { populate: componentPopulate } };
           }
           return acc;
         }, {});
-        if (!isEmpty(dzPopulate)) {
-          populateAcc[attributeName] = { populate: dzPopulate };
+        if (!isEmpty(dzPopulateFragment)) {
+          populateAcc[attributeName] = { on: dzPopulateFragment };
         }
         break;
       }
@@ -3852,41 +4108,72 @@ const AVAILABLE_STATUS_FIELDS = [
   "updatedBy",
   "status"
 ];
-const AVAILABLE_LOCALES_FIELDS = ["id", "locale", "updatedAt", "createdAt", "status"];
+const AVAILABLE_LOCALES_FIELDS = [
+  "id",
+  "locale",
+  "updatedAt",
+  "createdAt",
+  "status",
+  "publishedAt",
+  "documentId"
+];
 const CONTENT_MANAGER_STATUS = {
   PUBLISHED: "published",
   DRAFT: "draft",
   MODIFIED: "modified"
 };
-const areDatesEqual = (date1, date2, threshold) => {
-  if (!date1 || !date2) {
+const getIsVersionLatestModification = (version, otherVersion) => {
+  if (!version || !version.updatedAt) {
     return false;
   }
-  const time1 = new Date(date1).getTime();
-  const time2 = new Date(date2).getTime();
-  const difference2 = Math.abs(time1 - time2);
-  return difference2 <= threshold;
+  const versionUpdatedAt = version?.updatedAt ? new Date(version.updatedAt).getTime() : 0;
+  const otherUpdatedAt = otherVersion?.updatedAt ? new Date(otherVersion.updatedAt).getTime() : 0;
+  return versionUpdatedAt > otherUpdatedAt;
 };
 const documentMetadata = ({ strapi: strapi2 }) => ({
   /**
    * Returns available locales of a document for the current status
    */
-  getAvailableLocales(uid2, version, allVersions) {
+  async getAvailableLocales(uid2, version, allVersions, validatableFields = []) {
     const versionsByLocale = groupBy("locale", allVersions);
-    delete versionsByLocale[version.locale];
-    return Object.values(versionsByLocale).map((localeVersions) => {
-      if (!contentTypes$1.hasDraftAndPublish(strapi2.getModel(uid2))) {
-        return pick(AVAILABLE_LOCALES_FIELDS, localeVersions[0]);
+    if (version.locale) {
+      delete versionsByLocale[version.locale];
+    }
+    const model = strapi2.getModel(uid2);
+    const keysToKeep = [...AVAILABLE_LOCALES_FIELDS, ...validatableFields];
+    const traversalFunction = async (localeVersion) => traverseEntity(
+      ({ key }, { remove }) => {
+        if (keysToKeep.includes(key)) {
+          return;
+        }
+        remove(key);
+      },
+      { schema: model, getModel: strapi2.getModel.bind(strapi2) },
+      // @ts-expect-error fix types DocumentVersion incompatible with Data
+      localeVersion
+    );
+    const mappingResult = await async.map(
+      Object.values(versionsByLocale),
+      async (localeVersions) => {
+        const mappedLocaleVersions = await async.map(
+          localeVersions,
+          traversalFunction
+        );
+        if (!contentTypes$1.hasDraftAndPublish(model)) {
+          return mappedLocaleVersions[0];
+        }
+        const draftVersion = mappedLocaleVersions.find((v) => v.publishedAt === null);
+        const otherVersions = mappedLocaleVersions.filter((v) => v.id !== draftVersion?.id);
+        if (!draftVersion) {
+          return;
+        }
+        return {
+          ...draftVersion,
+          status: this.getStatus(draftVersion, otherVersions)
+        };
       }
-      const draftVersion = localeVersions.find((v) => v.publishedAt === null);
-      const otherVersions = localeVersions.filter((v) => v.id !== draftVersion?.id);
-      if (!draftVersion)
-        return;
-      return {
-        ...pick(AVAILABLE_LOCALES_FIELDS, draftVersion),
-        status: this.getStatus(draftVersion, otherVersions)
-      };
-    }).filter(Boolean);
+    );
+    return mappingResult.filter(Boolean);
   },
   /**
    * Returns available status of a document for the current locale
@@ -3924,26 +4211,37 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
     });
   },
   getStatus(version, otherDocumentStatuses) {
-    const isDraft = version.publishedAt === null;
-    if (!otherDocumentStatuses?.length) {
-      return isDraft ? CONTENT_MANAGER_STATUS.DRAFT : CONTENT_MANAGER_STATUS.PUBLISHED;
+    let draftVersion;
+    let publishedVersion;
+    if (version.publishedAt) {
+      publishedVersion = version;
+    } else {
+      draftVersion = version;
     }
-    if (isDraft) {
-      const publishedVersion = otherDocumentStatuses?.find((d) => d.publishedAt !== null);
-      if (!publishedVersion) {
-        return CONTENT_MANAGER_STATUS.DRAFT;
-      }
+    const otherVersion = otherDocumentStatuses?.at(0);
+    if (otherVersion?.publishedAt) {
+      publishedVersion = otherVersion;
+    } else if (otherVersion) {
+      draftVersion = otherVersion;
     }
-    if (areDatesEqual(version.updatedAt, otherDocumentStatuses.at(0)?.updatedAt, 500)) {
+    if (!draftVersion)
       return CONTENT_MANAGER_STATUS.PUBLISHED;
-    }
-    return CONTENT_MANAGER_STATUS.MODIFIED;
+    if (!publishedVersion)
+      return CONTENT_MANAGER_STATUS.DRAFT;
+    const isDraftModified = getIsVersionLatestModification(draftVersion, publishedVersion);
+    return isDraftModified ? CONTENT_MANAGER_STATUS.MODIFIED : CONTENT_MANAGER_STATUS.PUBLISHED;
   },
+  // TODO is it necessary to return metadata on every page of the CM
+  // We could refactor this so the locales are only loaded when they're
+  // needed. e.g. in the bulk locale action modal.
   async getMetadata(uid2, version, { availableLocales = true, availableStatus = true } = {}) {
+    const populate = getValidatableFieldsPopulate(uid2);
     const versions = await strapi2.db.query(uid2).findMany({
       where: { documentId: version.documentId },
-      select: ["createdAt", "updatedAt", "locale", "publishedAt", "documentId"],
       populate: {
+        // Populate only fields that require validation for bulk locale actions
+        ...populate,
+        // NOTE: creator fields are selected in this way to avoid exposing sensitive data
         createdBy: {
           select: ["id", "firstname", "lastname", "email"]
         },
@@ -3952,7 +4250,7 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
         }
       }
     });
-    const availableLocalesResult = availableLocales ? this.getAvailableLocales(uid2, version, versions) : [];
+    const availableLocalesResult = availableLocales ? await this.getAvailableLocales(uid2, version, versions, Object.keys(populate)) : [];
     const availableStatusResult = availableStatus ? this.getAvailableStatus(version, versions) : null;
     return {
       availableLocales: availableLocalesResult,
@@ -3965,8 +4263,15 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
    * - Available status of the document for the current locale
    */
   async formatDocumentWithMetadata(uid2, document, opts = {}) {
-    if (!document)
-      return document;
+    if (!document) {
+      return {
+        data: document,
+        meta: {
+          availableLocales: [],
+          availableStatus: []
+        }
+      };
+    }
     const hasDraftAndPublish = contentTypes$1.hasDraftAndPublish(strapi2.getModel(uid2));
     if (!hasDraftAndPublish) {
       opts.availableStatus = false;
@@ -4016,26 +4321,9 @@ const sumDraftCounts = (entity, uid2) => {
   }, 0);
 };
 const { ApplicationError } = errors;
-const { ENTRY_PUBLISH, ENTRY_UNPUBLISH } = ALLOWED_WEBHOOK_EVENTS;
 const { PUBLISHED_AT_ATTRIBUTE } = contentTypes$1.constants;
 const omitPublishedAtField = omit(PUBLISHED_AT_ATTRIBUTE);
 const omitIdField = omit("id");
-const emitEvent = async (uid2, event, document) => {
-  const modelDef = strapi.getModel(uid2);
-  const sanitizedDocument = await sanitize.sanitizers.defaultSanitizeOutput(
-    {
-      schema: modelDef,
-      getModel(uid22) {
-        return strapi.getModel(uid22);
-      }
-    },
-    document
-  );
-  strapi.eventHub.emit(event, {
-    model: modelDef.modelName,
-    entry: sanitizedDocument
-  });
-};
 const documentManager = ({ strapi: strapi2 }) => {
   return {
     async findOne(id, uid2, opts = {}) {
@@ -4054,6 +4342,9 @@ const documentManager = ({ strapi: strapi2 }) => {
       } else if (opts.locale && opts.locale !== "*") {
         where.locale = opts.locale;
       }
+      if (typeof opts.isPublished === "boolean") {
+        where.publishedAt = { $notNull: opts.isPublished };
+      }
       return strapi2.db.query(uid2).findMany({ populate: opts.populate, where });
     },
     async findMany(opts, uid2) {
@@ -4087,10 +4378,7 @@ const documentManager = ({ strapi: strapi2 }) => {
     async clone(id, body, uid2) {
       const populate = await buildDeepPopulate(uid2);
       const params = {
-        data: {
-          ...omitIdField(body),
-          [PUBLISHED_AT_ATTRIBUTE]: null
-        },
+        data: omitIdField(body),
         populate
       };
       return strapi2.documents(uid2).clone({ ...params, documentId: id }).then((result) => result?.entries.at(0));
@@ -4116,70 +4404,36 @@ const documentManager = ({ strapi: strapi2 }) => {
       return {};
     },
     // FIXME: handle relations
-    async deleteMany(opts, uid2) {
-      const docs = await strapi2.documents(uid2).findMany(opts);
-      for (const doc of docs) {
-        await strapi2.documents(uid2).delete({ documentId: doc.documentId });
-      }
-      return { count: docs.length };
+    async deleteMany(documentIds, uid2, opts = {}) {
+      const deletedEntries = await strapi2.db.transaction(async () => {
+        return Promise.all(documentIds.map(async (id) => this.delete(id, uid2, opts)));
+      });
+      return { count: deletedEntries.length };
     },
     async publish(id, uid2, opts = {}) {
       const populate = await buildDeepPopulate(uid2);
       const params = { ...opts, populate };
-      return strapi2.documents(uid2).publish({ ...params, documentId: id }).then((result) => result?.entries.at(0));
+      return strapi2.documents(uid2).publish({ ...params, documentId: id }).then((result) => result?.entries);
     },
-    async publishMany(entities, uid2) {
-      if (!entities.length) {
-        return null;
-      }
-      await Promise.all(
-        entities.map((document) => {
-          return strapi2.entityValidator.validateEntityCreation(
-            strapi2.getModel(uid2),
-            document,
-            void 0,
-            // @ts-expect-error - FIXME: entity here is unnecessary
-            document
-          );
-        })
-      );
-      const entitiesToPublish = entities.filter((doc) => !doc[PUBLISHED_AT_ATTRIBUTE]).map((doc) => doc.id);
-      const filters = { id: { $in: entitiesToPublish } };
-      const data = { [PUBLISHED_AT_ATTRIBUTE]: /* @__PURE__ */ new Date() };
-      const populate = await buildDeepPopulate(uid2);
-      const publishedEntitiesCount = await strapi2.db.query(uid2).updateMany({
-        where: filters,
-        data
-      });
-      const publishedEntities = await strapi2.db.query(uid2).findMany({
-        where: filters,
-        populate
+    async publishMany(uid2, documentIds, locale) {
+      return strapi2.db.transaction(async () => {
+        const results = await Promise.all(
+          documentIds.map((documentId) => this.publish(documentId, uid2, { locale }))
+        );
+        const publishedEntitiesCount = results.flat().filter(Boolean).length;
+        return publishedEntitiesCount;
       });
-      await Promise.all(
-        publishedEntities.map((doc) => emitEvent(uid2, ENTRY_PUBLISH, doc))
-      );
-      return publishedEntitiesCount;
     },
-    async unpublishMany(documents, uid2) {
-      if (!documents.length) {
-        return null;
-      }
-      const entitiesToUnpublish = documents.filter((doc) => doc[PUBLISHED_AT_ATTRIBUTE]).map((doc) => doc.id);
-      const filters = { id: { $in: entitiesToUnpublish } };
-      const data = { [PUBLISHED_AT_ATTRIBUTE]: null };
-      const populate = await buildDeepPopulate(uid2);
-      const unpublishedEntitiesCount = await strapi2.db.query(uid2).updateMany({
-        where: filters,
-        data
-      });
-      const unpublishedEntities = await strapi2.db.query(uid2).findMany({
-        where: filters,
-        populate
+    async unpublishMany(documentIds, uid2, opts = {}) {
+      const unpublishedEntries = await strapi2.db.transaction(async () => {
+        return Promise.all(
+          documentIds.map(
+            (id) => strapi2.documents(uid2).unpublish({ ...opts, documentId: id }).then((result) => result?.entries)
+          )
+        );
       });
-      await Promise.all(
-        unpublishedEntities.map((doc) => emitEvent(uid2, ENTRY_UNPUBLISH, doc))
-      );
-      return unpublishedEntitiesCount;
+      const unpublishedEntitiesCount = unpublishedEntries.flat().filter(Boolean).length;
+      return { count: unpublishedEntitiesCount };
     },
     async unpublish(id, uid2, opts = {}) {
       const populate = await buildDeepPopulate(uid2);
@@ -4204,16 +4458,20 @@ const documentManager = ({ strapi: strapi2 }) => {
       }
       return sumDraftCounts(document, uid2);
     },
-    async countManyEntriesDraftRelations(ids, uid2, locale) {
+    async countManyEntriesDraftRelations(documentIds, uid2, locale) {
       const { populate, hasRelations } = getDeepPopulateDraftCount(uid2);
       if (!hasRelations) {
         return 0;
       }
+      let localeFilter = {};
+      if (locale) {
+        localeFilter = Array.isArray(locale) ? { locale: { $in: locale } } : { locale };
+      }
       const entities = await strapi2.db.query(uid2).findMany({
         populate,
         where: {
-          id: { $in: ids },
-          ...locale ? { locale } : {}
+          documentId: { $in: documentIds },
+          ...localeFilter
         }
       });
       const totalNumberDraftRelations = entities.reduce(
@@ -4236,7 +4494,8 @@ const services = {
   permission,
   "populate-builder": populateBuilder$1,
   uid,
-  ...history.services ? history.services : {}
+  ...history.services ? history.services : {},
+  ...preview.services ? preview.services : {}
 };
 const index = () => {
   return {