npm - @strapi/content-manager - Versions diffs - 0.0.0-experimental.17b4116f461a49b8ce5386f7c8d79c511d40fb3b → 0.0.0-experimental.826f263c58b6886b849d3f03b81f7a530bc51c91 - Mend

@strapi/content-manager 0.0.0-experimental.17b4116f461a49b8ce5386f7c8d79c511d40fb3b → 0.0.0-experimental.826f263c58b6886b849d3f03b81f7a530bc51c91

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (165) hide show

package/dist/server/index.mjs CHANGED Viewed

@@ -1,5 +1,5 @@
-import strapiUtils, { validateYupSchema, errors, async, contentTypes as contentTypes$1, yup as yup$1, validateYupSchemaSync, policy, traverse, setCreatorFields, isOperatorOfType, relations as relations$1, pagination, sanitize } from "@strapi/utils";
-import { pick, omit, difference, intersection, pipe, propOr, isEqual, isEmpty, set, isNil as isNil$1, has, prop, assoc, mapValues, flow, uniq, uniqBy, concat, getOr, propEq, merge, groupBy, castArray } from "lodash/fp";
+import strapiUtils, { validateYupSchema, errors, async, contentTypes as contentTypes$1, yup as yup$1, validateYupSchemaSync, policy, traverse, setCreatorFields, isOperatorOfType, relations as relations$1, traverseEntity, pagination } from "@strapi/utils";
+import { pick, omit, difference, intersection, pipe, propOr, isEqual, isEmpty, set, has, prop, assoc, mapValues, flow, uniq, uniqBy, concat, isNil as isNil$1, getOr, propEq, merge, groupBy, castArray } from "lodash/fp";
 import "@strapi/types";
 import * as yup from "yup";
 import { scheduleJob } from "node-schedule";
@@ -481,7 +481,7 @@ const createLifecyclesService = ({ strapi: strapi2 }) => {
         if (!strapi2.requestContext.get()?.request.url.startsWith("/content-manager")) {
           return next();
         }
-        if (context.action !== "create" && context.action !== "update" && context.action !== "publish" && context.action !== "unpublish" && context.action !== "discardDraft") {
+        if (context.action !== "create" && context.action !== "update" && context.action !== "clone" && context.action !== "publish" && context.action !== "unpublish" && context.action !== "discardDraft") {
           return next();
         }
         const contentTypeUid = context.contentType.uid;
@@ -489,9 +489,18 @@ const createLifecyclesService = ({ strapi: strapi2 }) => {
           return next();
         }
         const result = await next();
-        const documentContext = context.action === "create" ? { documentId: result.documentId, locale: context.params?.locale } : { documentId: context.params.documentId, locale: context.params?.locale };
+        const documentContext = {
+          documentId: context.action === "create" || context.action === "clone" ? result.documentId : context.params.documentId,
+          locale: context.params?.locale
+        };
         const defaultLocale = await serviceUtils.getDefaultLocale();
         const locale = documentContext.locale || defaultLocale;
+        if (Array.isArray(locale)) {
+          strapi2.log.warn(
+            "[Content manager history middleware]: An array of locales was provided, but only a single locale is supported for the findOne operation."
+          );
+          return next();
+        }
         const document = await strapi2.documents(contentTypeUid).findOne({
           documentId: documentContext.documentId,
           locale,
@@ -527,9 +536,8 @@ const createLifecyclesService = ({ strapi: strapi2 }) => {
         });
         return result;
       });
-      const retentionDays = serviceUtils.getRetentionDays();
       state.deleteExpiredJob = scheduleJob("0 0 * * *", () => {
-        const retentionDaysInMilliseconds = retentionDays * 24 * 60 * 60 * 1e3;
+        const retentionDaysInMilliseconds = serviceUtils.getRetentionDays() * 24 * 60 * 60 * 1e3;
         const expirationDate = new Date(Date.now() - retentionDaysInMilliseconds);
         query.deleteMany({
           where: {
@@ -1452,7 +1460,7 @@ const { PaginationError, ValidationError } = errors;
 const TYPES = ["singleType", "collectionType"];
 const kindSchema = yup$1.string().oneOf(TYPES).nullable();
 const bulkActionInputSchema = yup$1.object({
-  ids: yup$1.array().of(yup$1.strapiID()).min(1).required()
+  documentIds: yup$1.array().of(yup$1.strapiID()).min(1).required()
 }).required();
 const generateUIDInputSchema = yup$1.object({
   contentTypeUID: yup$1.string().required(),
@@ -1551,15 +1559,47 @@ const excludeNotCreatableFields = (uid2, permissionChecker2) => (body, path = []
     }
   }, body);
 };
-const getDocumentLocaleAndStatus = (request) => {
+const singleLocaleSchema = yup$1.string().nullable();
+const multipleLocaleSchema = yup$1.lazy(
+  (value) => Array.isArray(value) ? yup$1.array().of(singleLocaleSchema.required()) : singleLocaleSchema
+);
+const statusSchema = yup$1.mixed().oneOf(["draft", "published"], "Invalid status");
+const getDocumentLocaleAndStatus = async (request, opts = { allowMultipleLocales: false }) => {
+  const { allowMultipleLocales } = opts;
   const { locale, status, ...rest } = request || {};
-  if (!isNil$1(locale) && typeof locale !== "string") {
-    throw new errors.ValidationError(`Invalid locale: ${locale}`);
-  }
-  if (!isNil$1(status) && !["draft", "published"].includes(status)) {
-    throw new errors.ValidationError(`Invalid status: ${status}`);
+  const schema = yup$1.object().shape({
+    locale: allowMultipleLocales ? multipleLocaleSchema : singleLocaleSchema,
+    status: statusSchema
+  });
+  try {
+    await validateYupSchema(schema, { strict: true, abortEarly: false })(request);
+    return { locale, status, ...rest };
+  } catch (error) {
+    throw new errors.ValidationError(`Validation error: ${error.message}`);
   }
-  return { locale, status, ...rest };
+};
+const formatDocumentWithMetadata = async (permissionChecker2, uid2, document, opts = {}) => {
+  const documentMetadata2 = getService$1("document-metadata");
+  const serviceOutput = await documentMetadata2.formatDocumentWithMetadata(uid2, document, opts);
+  let {
+    meta: { availableLocales, availableStatus }
+  } = serviceOutput;
+  const metadataSanitizer = permissionChecker2.sanitizeOutput;
+  availableLocales = await async.map(
+    availableLocales,
+    async (localeDocument) => metadataSanitizer(localeDocument)
+  );
+  availableStatus = await async.map(
+    availableStatus,
+    async (statusDocument) => metadataSanitizer(statusDocument)
+  );
+  return {
+    ...serviceOutput,
+    meta: {
+      availableLocales,
+      availableStatus
+    }
+  };
 };
 const createDocument = async (ctx, opts) => {
   const { userAbility, user } = ctx.state;
@@ -1574,7 +1614,7 @@ const createDocument = async (ctx, opts) => {
   const setCreator = setCreatorFields({ user });
   const sanitizeFn = async.pipe(pickPermittedFields, setCreator);
   const sanitizedBody = await sanitizeFn(body);
-  const { locale, status = "draft" } = getDocumentLocaleAndStatus(body);
+  const { locale, status = "draft" } = await getDocumentLocaleAndStatus(body);
   return documentManager2.create(model, {
     data: sanitizedBody,
     locale,
@@ -1593,7 +1633,7 @@ const updateDocument = async (ctx, opts) => {
   }
   const permissionQuery = await permissionChecker2.sanitizedQuery.update(ctx.query);
   const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-  const { locale } = getDocumentLocaleAndStatus(body);
+  const { locale } = await getDocumentLocaleAndStatus(body);
   const [documentVersion, documentExists] = await Promise.all([
     documentManager2.findOne(id, model, { populate, locale, status: "draft" }),
     documentManager2.exists(model, id)
@@ -1631,7 +1671,7 @@ const collectionTypes = {
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(1).countRelations({ toOne: false, toMany: true }).build();
-    const { locale, status } = getDocumentLocaleAndStatus(query);
+    const { locale, status } = await getDocumentLocaleAndStatus(query);
     const { results: documents, pagination: pagination2 } = await documentManager2.findPage(
       { ...permissionQuery, populate, locale, status },
       model
@@ -1660,14 +1700,13 @@ const collectionTypes = {
     const { userAbility } = ctx.state;
     const { model, id } = ctx.params;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(ctx.query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
-    const { locale, status = "draft" } = getDocumentLocaleAndStatus(ctx.query);
+    const { locale, status = "draft" } = await getDocumentLocaleAndStatus(ctx.query);
     const version = await documentManager2.findOne(id, model, {
       populate,
       locale,
@@ -1678,8 +1717,10 @@ const collectionTypes = {
       if (!exists) {
         return ctx.notFound();
       }
-      const { meta } = await documentMetadata2.formatDocumentWithMetadata(
+      const { meta } = await formatDocumentWithMetadata(
+        permissionChecker2,
         model,
+        // @ts-expect-error TODO: fix
         { id, locale, publishedAt: null },
         { availableLocales: true, availableStatus: false }
       );
@@ -1690,12 +1731,11 @@ const collectionTypes = {
       return ctx.forbidden();
     }
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(version);
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedDocument);
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument);
   },
   async create(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     const [totalEntries, document] = await Promise.all([
       strapi.db.query(model).count(),
@@ -1703,7 +1743,7 @@ const collectionTypes = {
     ]);
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(document);
     ctx.status = 201;
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedDocument, {
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument, {
       // Empty metadata as it's not relevant for a new document
       availableLocales: false,
       availableStatus: false
@@ -1717,25 +1757,23 @@ const collectionTypes = {
   async update(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     const updatedVersion = await updateDocument(ctx);
     const sanitizedVersion = await permissionChecker2.sanitizeOutput(updatedVersion);
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedVersion);
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedVersion);
   },
   async clone(ctx) {
     const { userAbility, user } = ctx.state;
     const { model, sourceId: id } = ctx.params;
     const { body } = ctx.request;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.create()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.create(ctx.query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale } = getDocumentLocaleAndStatus(body);
+    const { locale } = await getDocumentLocaleAndStatus(body);
     const document = await documentManager2.findOne(id, model, {
       populate,
       locale,
@@ -1751,7 +1789,7 @@ const collectionTypes = {
     const sanitizedBody = await sanitizeFn(body);
     const clonedDocument = await documentManager2.clone(document.documentId, sanitizedBody, model);
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(clonedDocument);
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedDocument, {
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument, {
       // Empty metadata as it's not relevant for a new document
       availableLocales: false,
       availableStatus: false
@@ -1780,7 +1818,7 @@ const collectionTypes = {
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.delete(ctx.query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale } = getDocumentLocaleAndStatus(ctx.query);
+    const { locale } = await getDocumentLocaleAndStatus(ctx.query);
     const documentLocales = await documentManager2.findLocales(id, model, { populate, locale });
     if (documentLocales.length === 0) {
       return ctx.notFound();
@@ -1802,7 +1840,6 @@ const collectionTypes = {
     const { id, model } = ctx.params;
     const { body } = ctx.request;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.publish()) {
       return ctx.forbidden();
@@ -1814,21 +1851,25 @@ const collectionTypes = {
       if (permissionChecker2.cannot.publish(document)) {
         throw new errors.ForbiddenError();
       }
-      const { locale } = getDocumentLocaleAndStatus(body);
-      return documentManager2.publish(document.documentId, model, {
+      const { locale } = await getDocumentLocaleAndStatus(body);
+      const publishResult = await documentManager2.publish(document.documentId, model, {
         locale
         // TODO: Allow setting creator fields on publish
         // data: setCreatorFields({ user, isEdition: true })({}),
       });
+      if (!publishResult || publishResult.length === 0) {
+        throw new errors.NotFoundError("Document not found or already published.");
+      }
+      return publishResult[0];
     });
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(publishedDocument);
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedDocument);
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument);
   },
   async bulkPublish(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { body } = ctx.request;
-    const { ids } = body;
+    const { documentIds } = body;
     await validateBulkActionInput(body);
     const documentManager2 = getService$1("document-manager");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
@@ -1837,8 +1878,11 @@ const collectionTypes = {
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.publish(ctx.query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
-    const entityPromises = ids.map((id) => documentManager2.findOne(id, model, { populate }));
-    const entities = await Promise.all(entityPromises);
+    const { locale } = await getDocumentLocaleAndStatus(body, { allowMultipleLocales: true });
+    const entityPromises = documentIds.map(
+      (documentId) => documentManager2.findLocales(documentId, model, { populate, locale, isPublished: false })
+    );
+    const entities = (await Promise.all(entityPromises)).flat();
     for (const entity of entities) {
       if (!entity) {
         return ctx.notFound();
@@ -1847,24 +1891,25 @@ const collectionTypes = {
         return ctx.forbidden();
       }
     }
-    const { count } = await documentManager2.publishMany(entities, model);
+    const count = await documentManager2.publishMany(model, documentIds, locale);
     ctx.body = { count };
   },
   async bulkUnpublish(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { body } = ctx.request;
-    const { ids } = body;
+    const { documentIds } = body;
     await validateBulkActionInput(body);
     const documentManager2 = getService$1("document-manager");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.unpublish()) {
       return ctx.forbidden();
     }
-    const permissionQuery = await permissionChecker2.sanitizedQuery.publish(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const entityPromises = ids.map((id) => documentManager2.findOne(id, model, { populate }));
-    const entities = await Promise.all(entityPromises);
+    const { locale } = await getDocumentLocaleAndStatus(body);
+    const entityPromises = documentIds.map(
+      (documentId) => documentManager2.findLocales(documentId, model, { locale, isPublished: true })
+    );
+    const entities = (await Promise.all(entityPromises)).flat();
     for (const entity of entities) {
       if (!entity) {
         return ctx.notFound();
@@ -1873,7 +1918,8 @@ const collectionTypes = {
         return ctx.forbidden();
       }
     }
-    const { count } = await documentManager2.unpublishMany(entities, model);
+    const entitiesIds = entities.map((document) => document.documentId);
+    const { count } = await documentManager2.unpublishMany(entitiesIds, model, { locale });
     ctx.body = { count };
   },
   async unpublish(ctx) {
@@ -1883,7 +1929,6 @@ const collectionTypes = {
       body: { discardDraft, ...body }
     } = ctx.request;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.unpublish()) {
       return ctx.forbidden();
@@ -1893,7 +1938,7 @@ const collectionTypes = {
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.unpublish(ctx.query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale } = getDocumentLocaleAndStatus(body);
+    const { locale } = await getDocumentLocaleAndStatus(body);
     const document = await documentManager2.findOne(id, model, {
       populate,
       locale,
@@ -1915,7 +1960,7 @@ const collectionTypes = {
       ctx.body = await async.pipe(
         (document2) => documentManager2.unpublish(document2.documentId, model, { locale }),
         permissionChecker2.sanitizeOutput,
-        (document2) => documentMetadata2.formatDocumentWithMetadata(model, document2)
+        (document2) => formatDocumentWithMetadata(permissionChecker2, model, document2)
       )(document);
     });
   },
@@ -1924,14 +1969,13 @@ const collectionTypes = {
     const { id, model } = ctx.params;
     const { body } = ctx.request;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.discard()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.discard(ctx.query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale } = getDocumentLocaleAndStatus(body);
+    const { locale } = await getDocumentLocaleAndStatus(body);
     const document = await documentManager2.findOne(id, model, {
       populate,
       locale,
@@ -1946,14 +1990,14 @@ const collectionTypes = {
     ctx.body = await async.pipe(
       (document2) => documentManager2.discardDraft(document2.documentId, model, { locale }),
       permissionChecker2.sanitizeOutput,
-      (document2) => documentMetadata2.formatDocumentWithMetadata(model, document2)
+      (document2) => formatDocumentWithMetadata(permissionChecker2, model, document2)
     )(document);
   },
   async bulkDelete(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { query, body } = ctx.request;
-    const { ids } = body;
+    const { documentIds } = body;
     await validateBulkActionInput(body);
     const documentManager2 = getService$1("document-manager");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
@@ -1961,14 +2005,22 @@ const collectionTypes = {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.delete(query);
-    const idsWhereClause = { id: { $in: ids } };
-    const params = {
-      ...permissionQuery,
-      filters: {
-        $and: [idsWhereClause].concat(permissionQuery.filters || [])
+    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
+    const { locale } = await getDocumentLocaleAndStatus(body);
+    const documentLocales = await documentManager2.findLocales(documentIds, model, {
+      populate,
+      locale
+    });
+    if (documentLocales.length === 0) {
+      return ctx.notFound();
+    }
+    for (const document of documentLocales) {
+      if (permissionChecker2.cannot.delete(document)) {
+        return ctx.forbidden();
       }
-    };
-    const { count } = await documentManager2.deleteMany(params, model);
+    }
+    const localeDocumentsIds = documentLocales.map((document) => document.documentId);
+    const { count } = await documentManager2.deleteMany(localeDocumentsIds, model, { locale });
     ctx.body = { count };
   },
   async countDraftRelations(ctx) {
@@ -1981,7 +2033,7 @@ const collectionTypes = {
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(ctx.query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale, status = "draft" } = getDocumentLocaleAndStatus(ctx.query);
+    const { locale, status = "draft" } = await getDocumentLocaleAndStatus(ctx.query);
     const entity = await documentManager2.findOne(id, model, { populate, locale, status });
     if (!entity) {
       return ctx.notFound();
@@ -1996,7 +2048,7 @@ const collectionTypes = {
   },
   async countManyEntriesDraftRelations(ctx) {
     const { userAbility } = ctx.state;
-    const ids = ctx.request.query.ids;
+    const ids = ctx.request.query.documentIds;
     const locale = ctx.request.query.locale;
     const { model } = ctx.params;
     const documentManager2 = getService$1("document-manager");
@@ -2007,7 +2059,7 @@ const collectionTypes = {
     const entities = await documentManager2.findMany(
       {
         filters: {
-          id: ids
+          documentId: ids
         },
         locale
       },
@@ -2509,7 +2561,7 @@ const createOrUpdateDocument = async (ctx, opts) => {
     throw new errors.ForbiddenError();
   }
   const sanitizedQuery = await permissionChecker2.sanitizedQuery.update(query);
-  const { locale } = getDocumentLocaleAndStatus(body);
+  const { locale } = await getDocumentLocaleAndStatus(body);
   const [documentVersion, otherDocumentVersion] = await Promise.all([
     findDocument(sanitizedQuery, model, { locale, status: "draft" }),
     // Find the first document to check if it exists
@@ -2546,12 +2598,11 @@ const singleTypes = {
     const { model } = ctx.params;
     const { query = {} } = ctx.request;
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
-    const documentMetadata2 = getService$1("document-metadata");
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(query);
-    const { locale, status } = getDocumentLocaleAndStatus(query);
+    const { locale, status } = await getDocumentLocaleAndStatus(query);
     const version = await findDocument(permissionQuery, model, { locale, status });
     if (!version) {
       if (permissionChecker2.cannot.create()) {
@@ -2561,8 +2612,10 @@ const singleTypes = {
       if (!document) {
         return ctx.notFound();
       }
-      const { meta } = await documentMetadata2.formatDocumentWithMetadata(
+      const { meta } = await formatDocumentWithMetadata(
+        permissionChecker2,
         model,
+        // @ts-expect-error - fix types
         { id: document.documentId, locale, publishedAt: null },
         { availableLocales: true, availableStatus: false }
       );
@@ -2573,16 +2626,15 @@ const singleTypes = {
       return ctx.forbidden();
     }
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(version);
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedDocument);
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument);
   },
   async createOrUpdate(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     const document = await createOrUpdateDocument(ctx);
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(document);
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedDocument);
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument);
   },
   async delete(ctx) {
     const { userAbility } = ctx.state;
@@ -2595,7 +2647,7 @@ const singleTypes = {
     }
     const sanitizedQuery = await permissionChecker2.sanitizedQuery.delete(query);
     const populate = await buildPopulateFromQuery(sanitizedQuery, model);
-    const { locale } = getDocumentLocaleAndStatus(query);
+    const { locale } = await getDocumentLocaleAndStatus(query);
     const documentLocales = await documentManager2.findLocales(void 0, model, {
       populate,
       locale
@@ -2618,7 +2670,6 @@ const singleTypes = {
     const { model } = ctx.params;
     const { query = {} } = ctx.request;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.publish()) {
       return ctx.forbidden();
@@ -2633,11 +2684,12 @@ const singleTypes = {
       if (permissionChecker2.cannot.publish(document)) {
         throw new errors.ForbiddenError();
       }
-      const { locale } = getDocumentLocaleAndStatus(document);
-      return documentManager2.publish(document.documentId, model, { locale });
+      const { locale } = await getDocumentLocaleAndStatus(document);
+      const publishResult = await documentManager2.publish(document.documentId, model, { locale });
+      return publishResult.at(0);
     });
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(publishedDocument);
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedDocument);
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument);
   },
   async unpublish(ctx) {
     const { userAbility } = ctx.state;
@@ -2647,7 +2699,6 @@ const singleTypes = {
       query = {}
     } = ctx.request;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.unpublish()) {
       return ctx.forbidden();
@@ -2656,7 +2707,7 @@ const singleTypes = {
       return ctx.forbidden();
     }
     const sanitizedQuery = await permissionChecker2.sanitizedQuery.unpublish(query);
-    const { locale } = getDocumentLocaleAndStatus(body);
+    const { locale } = await getDocumentLocaleAndStatus(body);
     const document = await findDocument(sanitizedQuery, model, { locale });
     if (!document) {
       return ctx.notFound();
@@ -2674,7 +2725,7 @@ const singleTypes = {
       ctx.body = await async.pipe(
         (document2) => documentManager2.unpublish(document2.documentId, model, { locale }),
         permissionChecker2.sanitizeOutput,
-        (document2) => documentMetadata2.formatDocumentWithMetadata(model, document2)
+        (document2) => formatDocumentWithMetadata(permissionChecker2, model, document2)
       )(document);
     });
   },
@@ -2683,13 +2734,12 @@ const singleTypes = {
     const { model } = ctx.params;
     const { body, query = {} } = ctx.request;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.discard()) {
       return ctx.forbidden();
     }
     const sanitizedQuery = await permissionChecker2.sanitizedQuery.discard(query);
-    const { locale } = getDocumentLocaleAndStatus(body);
+    const { locale } = await getDocumentLocaleAndStatus(body);
     const document = await findDocument(sanitizedQuery, model, { locale, status: "published" });
     if (!document) {
       return ctx.notFound();
@@ -2700,7 +2750,7 @@ const singleTypes = {
     ctx.body = await async.pipe(
       (document2) => documentManager2.discardDraft(document2.documentId, model, { locale }),
       permissionChecker2.sanitizeOutput,
-      (document2) => documentMetadata2.formatDocumentWithMetadata(model, document2)
+      (document2) => formatDocumentWithMetadata(permissionChecker2, model, document2)
     )(document);
   },
   async countDraftRelations(ctx) {
@@ -2709,7 +2759,7 @@ const singleTypes = {
     const { query } = ctx.request;
     const documentManager2 = getService$1("document-manager");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
-    const { locale } = getDocumentLocaleAndStatus(query);
+    const { locale } = await getDocumentLocaleAndStatus(query);
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
@@ -2730,7 +2780,7 @@ const uid$1 = {
   async generateUID(ctx) {
     const { contentTypeUID, field, data } = await validateGenerateUIDInput(ctx.request.body);
     const { query = {} } = ctx.request;
-    const { locale } = getDocumentLocaleAndStatus(query);
+    const { locale } = await getDocumentLocaleAndStatus(query);
     await validateUIDField(contentTypeUID, field);
     const uidService = getService$1("uid");
     ctx.body = {
@@ -2742,7 +2792,7 @@ const uid$1 = {
       ctx.request.body
     );
     const { query = {} } = ctx.request;
-    const { locale } = getDocumentLocaleAndStatus(query);
+    const { locale } = await getDocumentLocaleAndStatus(query);
     await validateUIDField(contentTypeUID, field);
     const uidService = getService$1("uid");
     const isAvailable = await uidService.checkUIDAvailability({
@@ -3533,7 +3583,7 @@ const permission = ({ strapi: strapi2 }) => ({
     await strapi2.service("admin::permission").actionProvider.registerMany(actions);
   }
 });
-const { isVisibleAttribute: isVisibleAttribute$1 } = strapiUtils.contentTypes;
+const { isVisibleAttribute: isVisibleAttribute$1, isScalarAttribute, getDoesAttributeRequireValidation } = strapiUtils.contentTypes;
 const { isAnyToMany } = strapiUtils.relations;
 const { PUBLISHED_AT_ATTRIBUTE: PUBLISHED_AT_ATTRIBUTE$1 } = strapiUtils.contentTypes.constants;
 const isMorphToRelation = (attribute) => isRelation(attribute) && attribute.relation.includes("morphTo");
@@ -3624,6 +3674,42 @@ const getDeepPopulate = (uid2, {
     {}
   );
 };
+const getValidatableFieldsPopulate = (uid2, {
+  initialPopulate = {},
+  countMany = false,
+  countOne = false,
+  maxLevel = Infinity
+} = {}, level = 1) => {
+  if (level > maxLevel) {
+    return {};
+  }
+  const model = strapi.getModel(uid2);
+  return Object.entries(model.attributes).reduce((populateAcc, [attributeName, attribute]) => {
+    if (!getDoesAttributeRequireValidation(attribute)) {
+      return populateAcc;
+    }
+    if (isScalarAttribute(attribute)) {
+      return merge(populateAcc, {
+        [attributeName]: true
+      });
+    }
+    return merge(
+      populateAcc,
+      getPopulateFor(
+        attributeName,
+        model,
+        {
+          // @ts-expect-error - improve types
+          initialPopulate: initialPopulate?.[attributeName],
+          countMany,
+          countOne,
+          maxLevel
+        },
+        level
+      )
+    );
+  }, {});
+};
 const getDeepPopulateDraftCount = (uid2) => {
   const model = strapi.getModel(uid2);
   let hasRelations = false;
@@ -3645,22 +3731,24 @@ const getDeepPopulateDraftCount = (uid2) => {
           attribute.component
         );
         if (childHasRelations) {
-          populateAcc[attributeName] = { populate: populate2 };
+          populateAcc[attributeName] = {
+            populate: populate2
+          };
           hasRelations = true;
         }
         break;
       }
       case "dynamiczone": {
-        const dzPopulate = (attribute.components || []).reduce((acc, componentUID) => {
-          const { populate: populate2, hasRelations: childHasRelations } = getDeepPopulateDraftCount(componentUID);
-          if (childHasRelations) {
+        const dzPopulateFragment = attribute.components?.reduce((acc, componentUID) => {
+          const { populate: componentPopulate, hasRelations: componentHasRelations } = getDeepPopulateDraftCount(componentUID);
+          if (componentHasRelations) {
             hasRelations = true;
-            return merge(acc, populate2);
+            return { ...acc, [componentUID]: { populate: componentPopulate } };
           }
           return acc;
         }, {});
-        if (!isEmpty(dzPopulate)) {
-          populateAcc[attributeName] = { populate: dzPopulate };
+        if (!isEmpty(dzPopulateFragment)) {
+          populateAcc[attributeName] = { on: dzPopulateFragment };
         }
         break;
       }
@@ -3852,41 +3940,70 @@ const AVAILABLE_STATUS_FIELDS = [
   "updatedBy",
   "status"
 ];
-const AVAILABLE_LOCALES_FIELDS = ["id", "locale", "updatedAt", "createdAt", "status"];
+const AVAILABLE_LOCALES_FIELDS = [
+  "id",
+  "locale",
+  "updatedAt",
+  "createdAt",
+  "status",
+  "publishedAt",
+  "documentId"
+];
 const CONTENT_MANAGER_STATUS = {
   PUBLISHED: "published",
   DRAFT: "draft",
   MODIFIED: "modified"
 };
-const areDatesEqual = (date1, date2, threshold) => {
-  if (!date1 || !date2) {
+const getIsVersionLatestModification = (version, otherVersion) => {
+  if (!version || !version.updatedAt) {
     return false;
   }
-  const time1 = new Date(date1).getTime();
-  const time2 = new Date(date2).getTime();
-  const difference2 = Math.abs(time1 - time2);
-  return difference2 <= threshold;
+  const versionUpdatedAt = version?.updatedAt ? new Date(version.updatedAt).getTime() : 0;
+  const otherUpdatedAt = otherVersion?.updatedAt ? new Date(otherVersion.updatedAt).getTime() : 0;
+  return versionUpdatedAt > otherUpdatedAt;
 };
 const documentMetadata = ({ strapi: strapi2 }) => ({
   /**
    * Returns available locales of a document for the current status
    */
-  getAvailableLocales(uid2, version, allVersions) {
+  async getAvailableLocales(uid2, version, allVersions, validatableFields = []) {
     const versionsByLocale = groupBy("locale", allVersions);
     delete versionsByLocale[version.locale];
-    return Object.values(versionsByLocale).map((localeVersions) => {
-      if (!contentTypes$1.hasDraftAndPublish(strapi2.getModel(uid2))) {
-        return pick(AVAILABLE_LOCALES_FIELDS, localeVersions[0]);
+    const model = strapi2.getModel(uid2);
+    const keysToKeep = [...AVAILABLE_LOCALES_FIELDS, ...validatableFields];
+    const traversalFunction = async (localeVersion) => traverseEntity(
+      ({ key }, { remove }) => {
+        if (keysToKeep.includes(key)) {
+          return;
+        }
+        remove(key);
+      },
+      { schema: model, getModel: strapi2.getModel.bind(strapi2) },
+      // @ts-expect-error fix types DocumentVersion incompatible with Data
+      localeVersion
+    );
+    const mappingResult = await async.map(
+      Object.values(versionsByLocale),
+      async (localeVersions) => {
+        const mappedLocaleVersions = await async.map(
+          localeVersions,
+          traversalFunction
+        );
+        if (!contentTypes$1.hasDraftAndPublish(model)) {
+          return mappedLocaleVersions[0];
+        }
+        const draftVersion = mappedLocaleVersions.find((v) => v.publishedAt === null);
+        const otherVersions = mappedLocaleVersions.filter((v) => v.id !== draftVersion?.id);
+        if (!draftVersion) {
+          return;
+        }
+        return {
+          ...draftVersion,
+          status: this.getStatus(draftVersion, otherVersions)
+        };
       }
-      const draftVersion = localeVersions.find((v) => v.publishedAt === null);
-      const otherVersions = localeVersions.filter((v) => v.id !== draftVersion?.id);
-      if (!draftVersion)
-        return;
-      return {
-        ...pick(AVAILABLE_LOCALES_FIELDS, draftVersion),
-        status: this.getStatus(draftVersion, otherVersions)
-      };
-    }).filter(Boolean);
+    );
+    return mappingResult.filter(Boolean);
   },
   /**
    * Returns available status of a document for the current locale
@@ -3924,26 +4041,37 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
     });
   },
   getStatus(version, otherDocumentStatuses) {
-    const isDraft = version.publishedAt === null;
-    if (!otherDocumentStatuses?.length) {
-      return isDraft ? CONTENT_MANAGER_STATUS.DRAFT : CONTENT_MANAGER_STATUS.PUBLISHED;
+    let draftVersion;
+    let publishedVersion;
+    if (version.publishedAt) {
+      publishedVersion = version;
+    } else {
+      draftVersion = version;
     }
-    if (isDraft) {
-      const publishedVersion = otherDocumentStatuses?.find((d) => d.publishedAt !== null);
-      if (!publishedVersion) {
-        return CONTENT_MANAGER_STATUS.DRAFT;
-      }
+    const otherVersion = otherDocumentStatuses?.at(0);
+    if (otherVersion?.publishedAt) {
+      publishedVersion = otherVersion;
+    } else if (otherVersion) {
+      draftVersion = otherVersion;
     }
-    if (areDatesEqual(version.updatedAt, otherDocumentStatuses.at(0)?.updatedAt, 500)) {
+    if (!draftVersion)
       return CONTENT_MANAGER_STATUS.PUBLISHED;
-    }
-    return CONTENT_MANAGER_STATUS.MODIFIED;
+    if (!publishedVersion)
+      return CONTENT_MANAGER_STATUS.DRAFT;
+    const isDraftModified = getIsVersionLatestModification(draftVersion, publishedVersion);
+    return isDraftModified ? CONTENT_MANAGER_STATUS.MODIFIED : CONTENT_MANAGER_STATUS.PUBLISHED;
   },
+  // TODO is it necessary to return metadata on every page of the CM
+  // We could refactor this so the locales are only loaded when they're
+  // needed. e.g. in the bulk locale action modal.
   async getMetadata(uid2, version, { availableLocales = true, availableStatus = true } = {}) {
+    const populate = getValidatableFieldsPopulate(uid2);
     const versions = await strapi2.db.query(uid2).findMany({
       where: { documentId: version.documentId },
-      select: ["createdAt", "updatedAt", "locale", "publishedAt", "documentId"],
       populate: {
+        // Populate only fields that require validation for bulk locale actions
+        ...populate,
+        // NOTE: creator fields are selected in this way to avoid exposing sensitive data
         createdBy: {
           select: ["id", "firstname", "lastname", "email"]
         },
@@ -3952,7 +4080,7 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
         }
       }
     });
-    const availableLocalesResult = availableLocales ? this.getAvailableLocales(uid2, version, versions) : [];
+    const availableLocalesResult = availableLocales ? await this.getAvailableLocales(uid2, version, versions, Object.keys(populate)) : [];
     const availableStatusResult = availableStatus ? this.getAvailableStatus(version, versions) : null;
     return {
       availableLocales: availableLocalesResult,
@@ -3965,8 +4093,9 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
    * - Available status of the document for the current locale
    */
   async formatDocumentWithMetadata(uid2, document, opts = {}) {
-    if (!document)
+    if (!document) {
       return document;
+    }
     const hasDraftAndPublish = contentTypes$1.hasDraftAndPublish(strapi2.getModel(uid2));
     if (!hasDraftAndPublish) {
       opts.availableStatus = false;
@@ -4016,26 +4145,9 @@ const sumDraftCounts = (entity, uid2) => {
   }, 0);
 };
 const { ApplicationError } = errors;
-const { ENTRY_PUBLISH, ENTRY_UNPUBLISH } = ALLOWED_WEBHOOK_EVENTS;
 const { PUBLISHED_AT_ATTRIBUTE } = contentTypes$1.constants;
 const omitPublishedAtField = omit(PUBLISHED_AT_ATTRIBUTE);
 const omitIdField = omit("id");
-const emitEvent = async (uid2, event, document) => {
-  const modelDef = strapi.getModel(uid2);
-  const sanitizedDocument = await sanitize.sanitizers.defaultSanitizeOutput(
-    {
-      schema: modelDef,
-      getModel(uid22) {
-        return strapi.getModel(uid22);
-      }
-    },
-    document
-  );
-  strapi.eventHub.emit(event, {
-    model: modelDef.modelName,
-    entry: sanitizedDocument
-  });
-};
 const documentManager = ({ strapi: strapi2 }) => {
   return {
     async findOne(id, uid2, opts = {}) {
@@ -4054,6 +4166,9 @@ const documentManager = ({ strapi: strapi2 }) => {
       } else if (opts.locale && opts.locale !== "*") {
         where.locale = opts.locale;
       }
+      if (typeof opts.isPublished === "boolean") {
+        where.publishedAt = { $notNull: opts.isPublished };
+      }
       return strapi2.db.query(uid2).findMany({ populate: opts.populate, where });
     },
     async findMany(opts, uid2) {
@@ -4116,70 +4231,36 @@ const documentManager = ({ strapi: strapi2 }) => {
       return {};
     },
     // FIXME: handle relations
-    async deleteMany(opts, uid2) {
-      const docs = await strapi2.documents(uid2).findMany(opts);
-      for (const doc of docs) {
-        await strapi2.documents(uid2).delete({ documentId: doc.documentId });
-      }
-      return { count: docs.length };
+    async deleteMany(documentIds, uid2, opts = {}) {
+      const deletedEntries = await strapi2.db.transaction(async () => {
+        return Promise.all(documentIds.map(async (id) => this.delete(id, uid2, opts)));
+      });
+      return { count: deletedEntries.length };
     },
     async publish(id, uid2, opts = {}) {
       const populate = await buildDeepPopulate(uid2);
       const params = { ...opts, populate };
-      return strapi2.documents(uid2).publish({ ...params, documentId: id }).then((result) => result?.entries.at(0));
+      return strapi2.documents(uid2).publish({ ...params, documentId: id }).then((result) => result?.entries);
     },
-    async publishMany(entities, uid2) {
-      if (!entities.length) {
-        return null;
-      }
-      await Promise.all(
-        entities.map((document) => {
-          return strapi2.entityValidator.validateEntityCreation(
-            strapi2.getModel(uid2),
-            document,
-            void 0,
-            // @ts-expect-error - FIXME: entity here is unnecessary
-            document
-          );
-        })
-      );
-      const entitiesToPublish = entities.filter((doc) => !doc[PUBLISHED_AT_ATTRIBUTE]).map((doc) => doc.id);
-      const filters = { id: { $in: entitiesToPublish } };
-      const data = { [PUBLISHED_AT_ATTRIBUTE]: /* @__PURE__ */ new Date() };
-      const populate = await buildDeepPopulate(uid2);
-      const publishedEntitiesCount = await strapi2.db.query(uid2).updateMany({
-        where: filters,
-        data
-      });
-      const publishedEntities = await strapi2.db.query(uid2).findMany({
-        where: filters,
-        populate
+    async publishMany(uid2, documentIds, locale) {
+      return strapi2.db.transaction(async () => {
+        const results = await Promise.all(
+          documentIds.map((documentId) => this.publish(documentId, uid2, { locale }))
+        );
+        const publishedEntitiesCount = results.flat().filter(Boolean).length;
+        return publishedEntitiesCount;
       });
-      await Promise.all(
-        publishedEntities.map((doc) => emitEvent(uid2, ENTRY_PUBLISH, doc))
-      );
-      return publishedEntitiesCount;
     },
-    async unpublishMany(documents, uid2) {
-      if (!documents.length) {
-        return null;
-      }
-      const entitiesToUnpublish = documents.filter((doc) => doc[PUBLISHED_AT_ATTRIBUTE]).map((doc) => doc.id);
-      const filters = { id: { $in: entitiesToUnpublish } };
-      const data = { [PUBLISHED_AT_ATTRIBUTE]: null };
-      const populate = await buildDeepPopulate(uid2);
-      const unpublishedEntitiesCount = await strapi2.db.query(uid2).updateMany({
-        where: filters,
-        data
-      });
-      const unpublishedEntities = await strapi2.db.query(uid2).findMany({
-        where: filters,
-        populate
+    async unpublishMany(documentIds, uid2, opts = {}) {
+      const unpublishedEntries = await strapi2.db.transaction(async () => {
+        return Promise.all(
+          documentIds.map(
+            (id) => strapi2.documents(uid2).unpublish({ ...opts, documentId: id }).then((result) => result?.entries)
+          )
+        );
       });
-      await Promise.all(
-        unpublishedEntities.map((doc) => emitEvent(uid2, ENTRY_UNPUBLISH, doc))
-      );
-      return unpublishedEntitiesCount;
+      const unpublishedEntitiesCount = unpublishedEntries.flat().filter(Boolean).length;
+      return { count: unpublishedEntitiesCount };
     },
     async unpublish(id, uid2, opts = {}) {
       const populate = await buildDeepPopulate(uid2);
@@ -4204,16 +4285,20 @@ const documentManager = ({ strapi: strapi2 }) => {
       }
       return sumDraftCounts(document, uid2);
     },
-    async countManyEntriesDraftRelations(ids, uid2, locale) {
+    async countManyEntriesDraftRelations(documentIds, uid2, locale) {
       const { populate, hasRelations } = getDeepPopulateDraftCount(uid2);
       if (!hasRelations) {
         return 0;
       }
+      let localeFilter = {};
+      if (locale) {
+        localeFilter = Array.isArray(locale) ? { locale: { $in: locale } } : { locale };
+      }
       const entities = await strapi2.db.query(uid2).findMany({
         populate,
         where: {
-          id: { $in: ids },
-          ...locale ? { locale } : {}
+          documentId: { $in: documentIds },
+          ...localeFilter
         }
       });
       const totalNumberDraftRelations = entities.reduce(