@strapi/content-manager 0.0.0-experimental.779667bd163026468f566293decf331a0246fff9 → 0.0.0-experimental.78b47df46708173ab4833373f694257729db4b9e

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (125) hide show
  1. package/dist/_chunks/{ComponentConfigurationPage-B1bIXVuX.mjs → ComponentConfigurationPage-7-qB29e7.mjs} +3 -3
  2. package/dist/_chunks/{ComponentConfigurationPage-B1bIXVuX.mjs.map → ComponentConfigurationPage-7-qB29e7.mjs.map} +1 -1
  3. package/dist/_chunks/{ComponentConfigurationPage-Bqgx7Mes.js → ComponentConfigurationPage-DP7AC0UU.js} +3 -3
  4. package/dist/_chunks/{ComponentConfigurationPage-Bqgx7Mes.js.map → ComponentConfigurationPage-DP7AC0UU.js.map} +1 -1
  5. package/dist/_chunks/{EditConfigurationPage-ZO0vOO8q.mjs → EditConfigurationPage-CI4XoymK.mjs} +3 -3
  6. package/dist/_chunks/{EditConfigurationPage-ZO0vOO8q.mjs.map → EditConfigurationPage-CI4XoymK.mjs.map} +1 -1
  7. package/dist/_chunks/{EditConfigurationPage-BFEwvdMW.js → EditConfigurationPage-DITVliEI.js} +3 -3
  8. package/dist/_chunks/{EditConfigurationPage-BFEwvdMW.js.map → EditConfigurationPage-DITVliEI.js.map} +1 -1
  9. package/dist/_chunks/{EditViewPage-DA95Ha6J.js → EditViewPage-CUS2EAhB.js} +24 -9
  10. package/dist/_chunks/EditViewPage-CUS2EAhB.js.map +1 -0
  11. package/dist/_chunks/{EditViewPage-DlLEyUL6.mjs → EditViewPage-Dzpno8xI.mjs} +24 -9
  12. package/dist/_chunks/EditViewPage-Dzpno8xI.mjs.map +1 -0
  13. package/dist/_chunks/{Field-Dq7bDnuh.mjs → Field-B_jG_EV9.mjs} +139 -99
  14. package/dist/_chunks/Field-B_jG_EV9.mjs.map +1 -0
  15. package/dist/_chunks/{Field-CnK8dO8N.js → Field-CtUU1Fg8.js} +141 -101
  16. package/dist/_chunks/Field-CtUU1Fg8.js.map +1 -0
  17. package/dist/_chunks/{Form-B_JE0dbz.mjs → Form-BXHao2mZ.mjs} +35 -16
  18. package/dist/_chunks/Form-BXHao2mZ.mjs.map +1 -0
  19. package/dist/_chunks/{Form-BpiR4piS.js → Form-DTqO0ymI.js} +35 -16
  20. package/dist/_chunks/Form-DTqO0ymI.js.map +1 -0
  21. package/dist/_chunks/{History-CBNGU7a-.mjs → History-2Ah2CQ4T.mjs} +21 -11
  22. package/dist/_chunks/History-2Ah2CQ4T.mjs.map +1 -0
  23. package/dist/_chunks/{History-DdIstl8b.js → History-C_uSGzO5.js} +21 -11
  24. package/dist/_chunks/History-C_uSGzO5.js.map +1 -0
  25. package/dist/_chunks/{ListConfigurationPage-5dr4qpue.mjs → ListConfigurationPage-BjSJlaoC.mjs} +14 -4
  26. package/dist/_chunks/ListConfigurationPage-BjSJlaoC.mjs.map +1 -0
  27. package/dist/_chunks/{ListConfigurationPage-DkKRparB.js → ListConfigurationPage-nyuP7OSy.js} +14 -4
  28. package/dist/_chunks/ListConfigurationPage-nyuP7OSy.js.map +1 -0
  29. package/dist/_chunks/{ListViewPage-DecLrYV6.mjs → ListViewPage-B75x3nz2.mjs} +47 -38
  30. package/dist/_chunks/ListViewPage-B75x3nz2.mjs.map +1 -0
  31. package/dist/_chunks/{ListViewPage-wE0lXqoD.js → ListViewPage-DHgHD8Xg.js} +49 -40
  32. package/dist/_chunks/ListViewPage-DHgHD8Xg.js.map +1 -0
  33. package/dist/_chunks/{NoContentTypePage-DEKR6tf9.js → NoContentTypePage-CDUKdZ7d.js} +2 -2
  34. package/dist/_chunks/{NoContentTypePage-DEKR6tf9.js.map → NoContentTypePage-CDUKdZ7d.js.map} +1 -1
  35. package/dist/_chunks/{NoContentTypePage-CiIcfYsd.mjs → NoContentTypePage-DUacQSyF.mjs} +2 -2
  36. package/dist/_chunks/{NoContentTypePage-CiIcfYsd.mjs.map → NoContentTypePage-DUacQSyF.mjs.map} +1 -1
  37. package/dist/_chunks/{NoPermissionsPage-CM5UD8ee.mjs → NoPermissionsPage-SFllMekk.mjs} +2 -2
  38. package/dist/_chunks/{NoPermissionsPage-CM5UD8ee.mjs.map → NoPermissionsPage-SFllMekk.mjs.map} +1 -1
  39. package/dist/_chunks/{NoPermissionsPage-DmNfF2Bb.js → NoPermissionsPage-zwIZydDI.js} +2 -2
  40. package/dist/_chunks/{NoPermissionsPage-DmNfF2Bb.js.map → NoPermissionsPage-zwIZydDI.js.map} +1 -1
  41. package/dist/_chunks/{Relations-Dqz0C1fz.mjs → Relations-D2NRW8fC.mjs} +14 -10
  42. package/dist/_chunks/Relations-D2NRW8fC.mjs.map +1 -0
  43. package/dist/_chunks/{Relations-L0xYRoSQ.js → Relations-NFLaRNPr.js} +14 -10
  44. package/dist/_chunks/Relations-NFLaRNPr.js.map +1 -0
  45. package/dist/_chunks/{en-uOUIxfcQ.js → en-BlhnxQfj.js} +7 -6
  46. package/dist/_chunks/{en-uOUIxfcQ.js.map → en-BlhnxQfj.js.map} +1 -1
  47. package/dist/_chunks/{en-BrCTWlZv.mjs → en-C8YBvRrK.mjs} +7 -6
  48. package/dist/_chunks/{en-BrCTWlZv.mjs.map → en-C8YBvRrK.mjs.map} +1 -1
  49. package/dist/_chunks/{index-BSn97i8U.mjs → index-C9HxCo5R.mjs} +1947 -1777
  50. package/dist/_chunks/index-C9HxCo5R.mjs.map +1 -0
  51. package/dist/_chunks/{index-DyvUPg1a.js → index-ovJRE1FM.js} +1927 -1757
  52. package/dist/_chunks/index-ovJRE1FM.js.map +1 -0
  53. package/dist/_chunks/{layout-DPaHUusj.mjs → layout-DaUjDiWQ.mjs} +22 -9
  54. package/dist/_chunks/layout-DaUjDiWQ.mjs.map +1 -0
  55. package/dist/_chunks/{layout-TPqF2oJ5.js → layout-UNWstw_s.js} +21 -8
  56. package/dist/_chunks/layout-UNWstw_s.js.map +1 -0
  57. package/dist/_chunks/{relations-Ck7-ecDT.mjs → relations-D8iFAeRu.mjs} +2 -2
  58. package/dist/_chunks/{relations-Ck7-ecDT.mjs.map → relations-D8iFAeRu.mjs.map} +1 -1
  59. package/dist/_chunks/{relations-BWYS9gkn.js → relations-NN3coOG5.js} +2 -2
  60. package/dist/_chunks/{relations-BWYS9gkn.js.map → relations-NN3coOG5.js.map} +1 -1
  61. package/dist/_chunks/{usePrev-B9w_-eYc.js → useDebounce-CtcjDB3L.js} +14 -1
  62. package/dist/_chunks/useDebounce-CtcjDB3L.js.map +1 -0
  63. package/dist/_chunks/useDebounce-DmuSJIF3.mjs +29 -0
  64. package/dist/_chunks/useDebounce-DmuSJIF3.mjs.map +1 -0
  65. package/dist/admin/index.js +2 -1
  66. package/dist/admin/index.js.map +1 -1
  67. package/dist/admin/index.mjs +5 -4
  68. package/dist/admin/src/exports.d.ts +1 -1
  69. package/dist/admin/src/history/services/historyVersion.d.ts +1 -1
  70. package/dist/admin/src/hooks/useDocument.d.ts +32 -1
  71. package/dist/admin/src/pages/EditView/components/FormInputs/Wysiwyg/EditorLayout.d.ts +2 -2
  72. package/dist/admin/src/pages/EditView/components/FormInputs/Wysiwyg/WysiwygFooter.d.ts +2 -2
  73. package/dist/admin/src/pages/EditView/components/FormInputs/Wysiwyg/WysiwygStyles.d.ts +4 -48
  74. package/dist/admin/src/pages/EditView/components/Header.d.ts +11 -11
  75. package/dist/admin/src/services/api.d.ts +1 -1
  76. package/dist/admin/src/services/components.d.ts +2 -2
  77. package/dist/admin/src/services/contentTypes.d.ts +3 -3
  78. package/dist/admin/src/services/documents.d.ts +19 -17
  79. package/dist/admin/src/services/init.d.ts +1 -1
  80. package/dist/admin/src/services/relations.d.ts +2 -2
  81. package/dist/admin/src/services/uid.d.ts +3 -3
  82. package/dist/admin/src/utils/validation.d.ts +4 -1
  83. package/dist/server/index.js +184 -108
  84. package/dist/server/index.js.map +1 -1
  85. package/dist/server/index.mjs +185 -109
  86. package/dist/server/index.mjs.map +1 -1
  87. package/dist/server/src/controllers/collection-types.d.ts.map +1 -1
  88. package/dist/server/src/controllers/relations.d.ts.map +1 -1
  89. package/dist/server/src/controllers/uid.d.ts.map +1 -1
  90. package/dist/server/src/controllers/validation/dimensions.d.ts +4 -2
  91. package/dist/server/src/controllers/validation/dimensions.d.ts.map +1 -1
  92. package/dist/server/src/history/services/history.d.ts.map +1 -1
  93. package/dist/server/src/history/services/lifecycles.d.ts.map +1 -1
  94. package/dist/server/src/history/services/utils.d.ts +2 -1
  95. package/dist/server/src/history/services/utils.d.ts.map +1 -1
  96. package/dist/server/src/policies/hasPermissions.d.ts.map +1 -1
  97. package/dist/server/src/services/document-manager.d.ts.map +1 -1
  98. package/dist/server/src/services/document-metadata.d.ts.map +1 -1
  99. package/dist/server/src/services/permission-checker.d.ts.map +1 -1
  100. package/dist/server/src/services/utils/populate.d.ts.map +1 -1
  101. package/dist/shared/contracts/collection-types.d.ts +3 -1
  102. package/dist/shared/contracts/collection-types.d.ts.map +1 -1
  103. package/package.json +11 -11
  104. package/dist/_chunks/EditViewPage-DA95Ha6J.js.map +0 -1
  105. package/dist/_chunks/EditViewPage-DlLEyUL6.mjs.map +0 -1
  106. package/dist/_chunks/Field-CnK8dO8N.js.map +0 -1
  107. package/dist/_chunks/Field-Dq7bDnuh.mjs.map +0 -1
  108. package/dist/_chunks/Form-B_JE0dbz.mjs.map +0 -1
  109. package/dist/_chunks/Form-BpiR4piS.js.map +0 -1
  110. package/dist/_chunks/History-CBNGU7a-.mjs.map +0 -1
  111. package/dist/_chunks/History-DdIstl8b.js.map +0 -1
  112. package/dist/_chunks/ListConfigurationPage-5dr4qpue.mjs.map +0 -1
  113. package/dist/_chunks/ListConfigurationPage-DkKRparB.js.map +0 -1
  114. package/dist/_chunks/ListViewPage-DecLrYV6.mjs.map +0 -1
  115. package/dist/_chunks/ListViewPage-wE0lXqoD.js.map +0 -1
  116. package/dist/_chunks/Relations-Dqz0C1fz.mjs.map +0 -1
  117. package/dist/_chunks/Relations-L0xYRoSQ.js.map +0 -1
  118. package/dist/_chunks/index-BSn97i8U.mjs.map +0 -1
  119. package/dist/_chunks/index-DyvUPg1a.js.map +0 -1
  120. package/dist/_chunks/layout-DPaHUusj.mjs.map +0 -1
  121. package/dist/_chunks/layout-TPqF2oJ5.js.map +0 -1
  122. package/dist/_chunks/usePrev-B9w_-eYc.js.map +0 -1
  123. package/dist/_chunks/usePrev-DH6iah0A.mjs +0 -16
  124. package/dist/_chunks/usePrev-DH6iah0A.mjs.map +0 -1
  125. package/strapi-server.js +0 -3
@@ -199,7 +199,9 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
199
199
  return strapi2.db.query("plugin::upload.file").findOne({ where: { id: versionRelationData.id } });
200
200
  };
201
201
  const localesService = strapi2.plugin("i18n")?.service("locales");
202
+ const i18nContentTypeService = strapi2.plugin("i18n")?.service("content-types");
202
203
  const getDefaultLocale = async () => localesService ? localesService.getDefaultLocale() : null;
204
+ const isLocalizedContentType = (model) => i18nContentTypeService ? i18nContentTypeService.isLocalizedContentType(model) : false;
203
205
  const getLocaleDictionary = async () => {
204
206
  if (!localesService)
205
207
  return {};
@@ -226,9 +228,10 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
226
228
  const meta = await documentMetadataService.getMetadata(contentTypeUid, document);
227
229
  return documentMetadataService.getStatus(document, meta.availableStatus);
228
230
  };
229
- const getDeepPopulate2 = (uid2) => {
231
+ const getDeepPopulate2 = (uid2, useDatabaseSyntax = false) => {
230
232
  const model = strapi2.getModel(uid2);
231
233
  const attributes = Object.entries(model.attributes);
234
+ const fieldSelector = useDatabaseSyntax ? "select" : "fields";
232
235
  return attributes.reduce((acc, [attributeName, attribute]) => {
233
236
  switch (attribute.type) {
234
237
  case "relation": {
@@ -238,12 +241,12 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
238
241
  }
239
242
  const isVisible2 = strapiUtils.contentTypes.isVisibleAttribute(model, attributeName);
240
243
  if (isVisible2) {
241
- acc[attributeName] = { fields: ["documentId", "locale", "publishedAt"] };
244
+ acc[attributeName] = { [fieldSelector]: ["documentId", "locale", "publishedAt"] };
242
245
  }
243
246
  break;
244
247
  }
245
248
  case "media": {
246
- acc[attributeName] = { fields: ["id"] };
249
+ acc[attributeName] = { [fieldSelector]: ["id"] };
247
250
  break;
248
251
  }
249
252
  case "component": {
@@ -316,6 +319,7 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
316
319
  getRelationRestoreValue,
317
320
  getMediaRestoreValue,
318
321
  getDefaultLocale,
322
+ isLocalizedContentType,
319
323
  getLocaleDictionary,
320
324
  getRetentionDays,
321
325
  getVersionStatus,
@@ -338,7 +342,13 @@ const createHistoryService = ({ strapi: strapi2 }) => {
338
342
  });
339
343
  },
340
344
  async findVersionsPage(params) {
341
- const locale = params.query.locale || await serviceUtils.getDefaultLocale();
345
+ const model = strapi2.getModel(params.query.contentType);
346
+ const isLocalizedContentType = serviceUtils.isLocalizedContentType(model);
347
+ const defaultLocale = await serviceUtils.getDefaultLocale();
348
+ let locale = null;
349
+ if (isLocalizedContentType) {
350
+ locale = params.query.locale || defaultLocale;
351
+ }
342
352
  const [{ results, pagination }, localeDictionary] = await Promise.all([
343
353
  query.findPage({
344
354
  ...params.query,
@@ -494,6 +504,42 @@ const createHistoryService = ({ strapi: strapi2 }) => {
494
504
  }
495
505
  };
496
506
  };
507
+ const shouldCreateHistoryVersion = (context) => {
508
+ if (!strapi.requestContext.get()?.request.url.startsWith("/content-manager")) {
509
+ return false;
510
+ }
511
+ if (context.action !== "create" && context.action !== "update" && context.action !== "clone" && context.action !== "publish" && context.action !== "unpublish" && context.action !== "discardDraft") {
512
+ return false;
513
+ }
514
+ if (context.action === "update" && strapi.requestContext.get()?.request.url.endsWith("/actions/publish")) {
515
+ return false;
516
+ }
517
+ if (!context.contentType.uid.startsWith("api::")) {
518
+ return false;
519
+ }
520
+ return true;
521
+ };
522
+ const getSchemas = (uid2) => {
523
+ const attributesSchema = strapi.getModel(uid2).attributes;
524
+ const componentsSchemas = Object.keys(attributesSchema).reduce(
525
+ (currentComponentSchemas, key) => {
526
+ const fieldSchema = attributesSchema[key];
527
+ if (fieldSchema.type === "component") {
528
+ const componentSchema = strapi.getModel(fieldSchema.component).attributes;
529
+ return {
530
+ ...currentComponentSchemas,
531
+ [fieldSchema.component]: componentSchema
532
+ };
533
+ }
534
+ return currentComponentSchemas;
535
+ },
536
+ {}
537
+ );
538
+ return {
539
+ schema: fp.omit(FIELDS_TO_IGNORE, attributesSchema),
540
+ componentsSchemas
541
+ };
542
+ };
497
543
  const createLifecyclesService = ({ strapi: strapi2 }) => {
498
544
  const state = {
499
545
  deleteExpiredJob: null,
@@ -506,63 +552,45 @@ const createLifecyclesService = ({ strapi: strapi2 }) => {
506
552
  return;
507
553
  }
508
554
  strapi2.documents.use(async (context, next) => {
509
- if (!strapi2.requestContext.get()?.request.url.startsWith("/content-manager")) {
510
- return next();
511
- }
512
- if (context.action !== "create" && context.action !== "update" && context.action !== "clone" && context.action !== "publish" && context.action !== "unpublish" && context.action !== "discardDraft") {
513
- return next();
514
- }
515
- if (context.action === "update" && strapi2.requestContext.get()?.request.url.endsWith("/actions/publish")) {
516
- return next();
517
- }
518
- const contentTypeUid = context.contentType.uid;
519
- if (!contentTypeUid.startsWith("api::")) {
520
- return next();
521
- }
522
555
  const result = await next();
523
- const documentContext = {
524
- documentId: context.action === "create" || context.action === "clone" ? result.documentId : context.params.documentId,
525
- locale: context.params?.locale
526
- };
556
+ if (!shouldCreateHistoryVersion(context)) {
557
+ return result;
558
+ }
559
+ const documentId = context.action === "create" || context.action === "clone" ? result.documentId : context.params.documentId;
527
560
  const defaultLocale = await serviceUtils.getDefaultLocale();
528
- const locale = documentContext.locale || defaultLocale;
529
- if (Array.isArray(locale)) {
530
- strapi2.log.warn(
531
- "[Content manager history middleware]: An array of locales was provided, but only a single locale is supported for the findOne operation."
532
- );
533
- return next();
561
+ const locales = fp.castArray(context.params?.locale || defaultLocale);
562
+ if (!locales.length) {
563
+ return result;
534
564
  }
535
- const document = await strapi2.documents(contentTypeUid).findOne({
536
- documentId: documentContext.documentId,
537
- locale,
538
- populate: serviceUtils.getDeepPopulate(contentTypeUid)
565
+ const uid2 = context.contentType.uid;
566
+ const schemas = getSchemas(uid2);
567
+ const model = strapi2.getModel(uid2);
568
+ const isLocalizedContentType = serviceUtils.isLocalizedContentType(model);
569
+ const localeEntries = await strapi2.db.query(uid2).findMany({
570
+ where: {
571
+ documentId,
572
+ ...isLocalizedContentType ? { locale: { $in: locales } } : {},
573
+ ...strapiUtils.contentTypes.hasDraftAndPublish(strapi2.contentTypes[uid2]) ? { publishedAt: null } : {}
574
+ },
575
+ populate: serviceUtils.getDeepPopulate(
576
+ uid2,
577
+ true
578
+ /* use database syntax */
579
+ )
539
580
  });
540
- const status = await serviceUtils.getVersionStatus(contentTypeUid, document);
541
- const attributesSchema = strapi2.getModel(contentTypeUid).attributes;
542
- const componentsSchemas = Object.keys(
543
- attributesSchema
544
- ).reduce((currentComponentSchemas, key) => {
545
- const fieldSchema = attributesSchema[key];
546
- if (fieldSchema.type === "component") {
547
- const componentSchema = strapi2.getModel(fieldSchema.component).attributes;
548
- return {
549
- ...currentComponentSchemas,
550
- [fieldSchema.component]: componentSchema
551
- };
552
- }
553
- return currentComponentSchemas;
554
- }, {});
555
581
  await strapi2.db.transaction(async ({ onCommit }) => {
556
- onCommit(() => {
557
- getService(strapi2, "history").createVersion({
558
- contentType: contentTypeUid,
559
- data: fp.omit(FIELDS_TO_IGNORE, document),
560
- schema: fp.omit(FIELDS_TO_IGNORE, attributesSchema),
561
- componentsSchemas,
562
- relatedDocumentId: documentContext.documentId,
563
- locale,
564
- status
565
- });
582
+ onCommit(async () => {
583
+ for (const entry of localeEntries) {
584
+ const status = await serviceUtils.getVersionStatus(uid2, entry);
585
+ await getService(strapi2, "history").createVersion({
586
+ contentType: uid2,
587
+ data: fp.omit(FIELDS_TO_IGNORE, entry),
588
+ relatedDocumentId: documentId,
589
+ locale: entry.locale,
590
+ status,
591
+ ...schemas
592
+ });
593
+ }
566
594
  });
567
595
  });
568
596
  return result;
@@ -1202,6 +1230,11 @@ const { createPolicy } = strapiUtils.policy;
1202
1230
  const hasPermissions = createPolicy({
1203
1231
  name: "plugin::content-manager.hasPermissions",
1204
1232
  validator: validateHasPermissionsInput,
1233
+ /**
1234
+ * NOTE: Action aliases are currently not checked at this level (policy).
1235
+ * This is currently the intended behavior to avoid changing the behavior of API related permissions.
1236
+ * If you want to add support for it, please create a dedicated RFC with a list of potential side effect this could have.
1237
+ */
1205
1238
  handler(ctx, config = {}) {
1206
1239
  const { actions = [], hasAtLeastOne = false } = config;
1207
1240
  const { userAbility } = ctx.state;
@@ -1595,9 +1628,11 @@ const multipleLocaleSchema = strapiUtils.yup.lazy(
1595
1628
  (value) => Array.isArray(value) ? strapiUtils.yup.array().of(singleLocaleSchema.required()) : singleLocaleSchema
1596
1629
  );
1597
1630
  const statusSchema = strapiUtils.yup.mixed().oneOf(["draft", "published"], "Invalid status");
1598
- const getDocumentLocaleAndStatus = async (request, opts = { allowMultipleLocales: false }) => {
1631
+ const getDocumentLocaleAndStatus = async (request, model, opts = { allowMultipleLocales: false }) => {
1599
1632
  const { allowMultipleLocales } = opts;
1600
- const { locale, status, ...rest } = request || {};
1633
+ const { locale, status: providedStatus, ...rest } = request || {};
1634
+ const defaultStatus = strapiUtils.contentTypes.hasDraftAndPublish(strapi.getModel(model)) ? void 0 : "published";
1635
+ const status = providedStatus !== void 0 ? providedStatus : defaultStatus;
1601
1636
  const schema = strapiUtils.yup.object().shape({
1602
1637
  locale: allowMultipleLocales ? multipleLocaleSchema : singleLocaleSchema,
1603
1638
  status: statusSchema
@@ -1645,7 +1680,7 @@ const createDocument = async (ctx, opts) => {
1645
1680
  const setCreator = strapiUtils.setCreatorFields({ user });
1646
1681
  const sanitizeFn = strapiUtils.async.pipe(pickPermittedFields, setCreator);
1647
1682
  const sanitizedBody = await sanitizeFn(body);
1648
- const { locale, status = "draft" } = await getDocumentLocaleAndStatus(body);
1683
+ const { locale, status } = await getDocumentLocaleAndStatus(body, model);
1649
1684
  return documentManager2.create(model, {
1650
1685
  data: sanitizedBody,
1651
1686
  locale,
@@ -1664,7 +1699,7 @@ const updateDocument = async (ctx, opts) => {
1664
1699
  }
1665
1700
  const permissionQuery = await permissionChecker2.sanitizedQuery.update(ctx.query);
1666
1701
  const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
1667
- const { locale } = await getDocumentLocaleAndStatus(body);
1702
+ const { locale } = await getDocumentLocaleAndStatus(body, model);
1668
1703
  const [documentVersion, documentExists] = await Promise.all([
1669
1704
  documentManager2.findOne(id, model, { populate, locale, status: "draft" }),
1670
1705
  documentManager2.exists(model, id)
@@ -1702,7 +1737,7 @@ const collectionTypes = {
1702
1737
  }
1703
1738
  const permissionQuery = await permissionChecker2.sanitizedQuery.read(query);
1704
1739
  const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(1).countRelations({ toOne: false, toMany: true }).build();
1705
- const { locale, status } = await getDocumentLocaleAndStatus(query);
1740
+ const { locale, status } = await getDocumentLocaleAndStatus(query, model);
1706
1741
  const { results: documents, pagination } = await documentManager2.findPage(
1707
1742
  { ...permissionQuery, populate, locale, status },
1708
1743
  model
@@ -1737,7 +1772,7 @@ const collectionTypes = {
1737
1772
  }
1738
1773
  const permissionQuery = await permissionChecker2.sanitizedQuery.read(ctx.query);
1739
1774
  const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
1740
- const { locale, status = "draft" } = await getDocumentLocaleAndStatus(ctx.query);
1775
+ const { locale, status } = await getDocumentLocaleAndStatus(ctx.query, model);
1741
1776
  const version = await documentManager2.findOne(id, model, {
1742
1777
  populate,
1743
1778
  locale,
@@ -1752,7 +1787,7 @@ const collectionTypes = {
1752
1787
  permissionChecker2,
1753
1788
  model,
1754
1789
  // @ts-expect-error TODO: fix
1755
- { id, locale, publishedAt: null },
1790
+ { documentId: id, locale, publishedAt: null },
1756
1791
  { availableLocales: true, availableStatus: false }
1757
1792
  );
1758
1793
  ctx.body = { data: {}, meta };
@@ -1804,7 +1839,7 @@ const collectionTypes = {
1804
1839
  }
1805
1840
  const permissionQuery = await permissionChecker2.sanitizedQuery.create(ctx.query);
1806
1841
  const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
1807
- const { locale } = await getDocumentLocaleAndStatus(body);
1842
+ const { locale } = await getDocumentLocaleAndStatus(body, model);
1808
1843
  const document = await documentManager2.findOne(id, model, {
1809
1844
  populate,
1810
1845
  locale,
@@ -1849,7 +1884,7 @@ const collectionTypes = {
1849
1884
  }
1850
1885
  const permissionQuery = await permissionChecker2.sanitizedQuery.delete(ctx.query);
1851
1886
  const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
1852
- const { locale } = await getDocumentLocaleAndStatus(ctx.query);
1887
+ const { locale } = await getDocumentLocaleAndStatus(ctx.query, model);
1853
1888
  const documentLocales = await documentManager2.findLocales(id, model, { populate, locale });
1854
1889
  if (documentLocales.length === 0) {
1855
1890
  return ctx.notFound();
@@ -1878,11 +1913,34 @@ const collectionTypes = {
1878
1913
  const publishedDocument = await strapi.db.transaction(async () => {
1879
1914
  const permissionQuery = await permissionChecker2.sanitizedQuery.publish(ctx.query);
1880
1915
  const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
1881
- const document = id ? await updateDocument(ctx, { populate }) : await createDocument(ctx, { populate });
1916
+ let document;
1917
+ const { locale } = await getDocumentLocaleAndStatus(body, model);
1918
+ const isCreate = fp.isNil(id);
1919
+ if (isCreate) {
1920
+ if (permissionChecker2.cannot.create()) {
1921
+ throw new strapiUtils.errors.ForbiddenError();
1922
+ }
1923
+ document = await createDocument(ctx, { populate });
1924
+ }
1925
+ const isUpdate = !isCreate;
1926
+ if (isUpdate) {
1927
+ const documentExists = documentManager2.exists(model, id);
1928
+ if (!documentExists) {
1929
+ throw new strapiUtils.errors.NotFoundError("Document not found");
1930
+ }
1931
+ document = await documentManager2.findOne(id, model, { populate, locale });
1932
+ if (!document) {
1933
+ if (permissionChecker2.cannot.create({ locale }) || permissionChecker2.cannot.publish({ locale })) {
1934
+ throw new strapiUtils.errors.ForbiddenError();
1935
+ }
1936
+ document = await updateDocument(ctx);
1937
+ } else if (permissionChecker2.can.update(document)) {
1938
+ await updateDocument(ctx);
1939
+ }
1940
+ }
1882
1941
  if (permissionChecker2.cannot.publish(document)) {
1883
1942
  throw new strapiUtils.errors.ForbiddenError();
1884
1943
  }
1885
- const { locale } = await getDocumentLocaleAndStatus(body);
1886
1944
  const publishResult = await documentManager2.publish(document.documentId, model, {
1887
1945
  locale
1888
1946
  // TODO: Allow setting creator fields on publish
@@ -1909,7 +1967,9 @@ const collectionTypes = {
1909
1967
  }
1910
1968
  const permissionQuery = await permissionChecker2.sanitizedQuery.publish(ctx.query);
1911
1969
  const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
1912
- const { locale } = await getDocumentLocaleAndStatus(body, { allowMultipleLocales: true });
1970
+ const { locale } = await getDocumentLocaleAndStatus(body, model, {
1971
+ allowMultipleLocales: true
1972
+ });
1913
1973
  const entityPromises = documentIds.map(
1914
1974
  (documentId) => documentManager2.findLocales(documentId, model, { populate, locale, isPublished: false })
1915
1975
  );
@@ -1936,7 +1996,9 @@ const collectionTypes = {
1936
1996
  if (permissionChecker2.cannot.unpublish()) {
1937
1997
  return ctx.forbidden();
1938
1998
  }
1939
- const { locale } = await getDocumentLocaleAndStatus(body);
1999
+ const { locale } = await getDocumentLocaleAndStatus(body, model, {
2000
+ allowMultipleLocales: true
2001
+ });
1940
2002
  const entityPromises = documentIds.map(
1941
2003
  (documentId) => documentManager2.findLocales(documentId, model, { locale, isPublished: true })
1942
2004
  );
@@ -1969,7 +2031,7 @@ const collectionTypes = {
1969
2031
  }
1970
2032
  const permissionQuery = await permissionChecker2.sanitizedQuery.unpublish(ctx.query);
1971
2033
  const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
1972
- const { locale } = await getDocumentLocaleAndStatus(body);
2034
+ const { locale } = await getDocumentLocaleAndStatus(body, model);
1973
2035
  const document = await documentManager2.findOne(id, model, {
1974
2036
  populate,
1975
2037
  locale,
@@ -2006,7 +2068,7 @@ const collectionTypes = {
2006
2068
  }
2007
2069
  const permissionQuery = await permissionChecker2.sanitizedQuery.discard(ctx.query);
2008
2070
  const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
2009
- const { locale } = await getDocumentLocaleAndStatus(body);
2071
+ const { locale } = await getDocumentLocaleAndStatus(body, model);
2010
2072
  const document = await documentManager2.findOne(id, model, {
2011
2073
  populate,
2012
2074
  locale,
@@ -2037,7 +2099,7 @@ const collectionTypes = {
2037
2099
  }
2038
2100
  const permissionQuery = await permissionChecker2.sanitizedQuery.delete(query);
2039
2101
  const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
2040
- const { locale } = await getDocumentLocaleAndStatus(body);
2102
+ const { locale } = await getDocumentLocaleAndStatus(body, model);
2041
2103
  const documentLocales = await documentManager2.findLocales(documentIds, model, {
2042
2104
  populate,
2043
2105
  locale
@@ -2064,7 +2126,7 @@ const collectionTypes = {
2064
2126
  }
2065
2127
  const permissionQuery = await permissionChecker2.sanitizedQuery.read(ctx.query);
2066
2128
  const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
2067
- const { locale, status = "draft" } = await getDocumentLocaleAndStatus(ctx.query);
2129
+ const { locale, status } = await getDocumentLocaleAndStatus(ctx.query, model);
2068
2130
  const entity = await documentManager2.findOne(id, model, { populate, locale, status });
2069
2131
  if (!entity) {
2070
2132
  return ctx.notFound();
@@ -2287,20 +2349,13 @@ const sanitizeMainField = (model, mainField, userAbility) => {
2287
2349
  userAbility,
2288
2350
  model: model.uid
2289
2351
  });
2290
- if (!isListable(model, mainField)) {
2352
+ const isMainFieldListable = isListable(model, mainField);
2353
+ const canReadMainField = permissionChecker2.can.read(null, mainField);
2354
+ if (!isMainFieldListable || !canReadMainField) {
2291
2355
  return "id";
2292
2356
  }
2293
- if (permissionChecker2.cannot.read(null, mainField)) {
2294
- if (model.uid === "plugin::users-permissions.role") {
2295
- const userPermissionChecker = getService$1("permission-checker").create({
2296
- userAbility,
2297
- model: "plugin::users-permissions.user"
2298
- });
2299
- if (userPermissionChecker.can.read()) {
2300
- return "name";
2301
- }
2302
- }
2303
- return "id";
2357
+ if (model.uid === "plugin::users-permissions.role") {
2358
+ return "name";
2304
2359
  }
2305
2360
  return mainField;
2306
2361
  };
@@ -2500,8 +2555,9 @@ const relations = {
2500
2555
  } else {
2501
2556
  where.id = id;
2502
2557
  }
2503
- if (status) {
2504
- where[`${alias}.published_at`] = getPublishedAtClause(status, targetUid);
2558
+ const publishedAt = getPublishedAtClause(status, targetUid);
2559
+ if (!fp.isEmpty(publishedAt)) {
2560
+ where[`${alias}.published_at`] = publishedAt;
2505
2561
  }
2506
2562
  if (filterByLocale) {
2507
2563
  where[`${alias}.locale`] = locale;
@@ -2558,9 +2614,7 @@ const relations = {
2558
2614
  addFiltersClause(permissionQuery, { id: { $in: loadedIds } });
2559
2615
  const sanitizedRes = await loadRelations({ id: entryId }, targetField, {
2560
2616
  ...strapi.get("query-params").transform(targetUid, permissionQuery),
2561
- ordering: "desc",
2562
- page: ctx.request.query.page,
2563
- pageSize: ctx.request.query.pageSize
2617
+ ordering: "desc"
2564
2618
  });
2565
2619
  const relationsUnion = fp.uniqBy("id", fp.concat(sanitizedRes.results, res.results));
2566
2620
  ctx.body = {
@@ -2592,7 +2646,7 @@ const createOrUpdateDocument = async (ctx, opts) => {
2592
2646
  throw new strapiUtils.errors.ForbiddenError();
2593
2647
  }
2594
2648
  const sanitizedQuery = await permissionChecker2.sanitizedQuery.update(query);
2595
- const { locale } = await getDocumentLocaleAndStatus(body);
2649
+ const { locale } = await getDocumentLocaleAndStatus(body, model);
2596
2650
  const [documentVersion, otherDocumentVersion] = await Promise.all([
2597
2651
  findDocument(sanitizedQuery, model, { locale, status: "draft" }),
2598
2652
  // Find the first document to check if it exists
@@ -2633,7 +2687,7 @@ const singleTypes = {
2633
2687
  return ctx.forbidden();
2634
2688
  }
2635
2689
  const permissionQuery = await permissionChecker2.sanitizedQuery.read(query);
2636
- const { locale, status } = await getDocumentLocaleAndStatus(query);
2690
+ const { locale, status } = await getDocumentLocaleAndStatus(query, model);
2637
2691
  const version = await findDocument(permissionQuery, model, { locale, status });
2638
2692
  if (!version) {
2639
2693
  if (permissionChecker2.cannot.create()) {
@@ -2647,7 +2701,7 @@ const singleTypes = {
2647
2701
  permissionChecker2,
2648
2702
  model,
2649
2703
  // @ts-expect-error - fix types
2650
- { id: document.documentId, locale, publishedAt: null },
2704
+ { documentId: document.documentId, locale, publishedAt: null },
2651
2705
  { availableLocales: true, availableStatus: false }
2652
2706
  );
2653
2707
  ctx.body = { data: {}, meta };
@@ -2678,7 +2732,7 @@ const singleTypes = {
2678
2732
  }
2679
2733
  const sanitizedQuery = await permissionChecker2.sanitizedQuery.delete(query);
2680
2734
  const populate = await buildPopulateFromQuery(sanitizedQuery, model);
2681
- const { locale } = await getDocumentLocaleAndStatus(query);
2735
+ const { locale } = await getDocumentLocaleAndStatus(query, model);
2682
2736
  const documentLocales = await documentManager2.findLocales(void 0, model, {
2683
2737
  populate,
2684
2738
  locale
@@ -2715,7 +2769,7 @@ const singleTypes = {
2715
2769
  if (permissionChecker2.cannot.publish(document)) {
2716
2770
  throw new strapiUtils.errors.ForbiddenError();
2717
2771
  }
2718
- const { locale } = await getDocumentLocaleAndStatus(document);
2772
+ const { locale } = await getDocumentLocaleAndStatus(document, model);
2719
2773
  const publishResult = await documentManager2.publish(document.documentId, model, { locale });
2720
2774
  return publishResult.at(0);
2721
2775
  });
@@ -2738,7 +2792,7 @@ const singleTypes = {
2738
2792
  return ctx.forbidden();
2739
2793
  }
2740
2794
  const sanitizedQuery = await permissionChecker2.sanitizedQuery.unpublish(query);
2741
- const { locale } = await getDocumentLocaleAndStatus(body);
2795
+ const { locale } = await getDocumentLocaleAndStatus(body, model);
2742
2796
  const document = await findDocument(sanitizedQuery, model, { locale });
2743
2797
  if (!document) {
2744
2798
  return ctx.notFound();
@@ -2770,7 +2824,7 @@ const singleTypes = {
2770
2824
  return ctx.forbidden();
2771
2825
  }
2772
2826
  const sanitizedQuery = await permissionChecker2.sanitizedQuery.discard(query);
2773
- const { locale } = await getDocumentLocaleAndStatus(body);
2827
+ const { locale } = await getDocumentLocaleAndStatus(body, model);
2774
2828
  const document = await findDocument(sanitizedQuery, model, { locale, status: "published" });
2775
2829
  if (!document) {
2776
2830
  return ctx.notFound();
@@ -2790,7 +2844,7 @@ const singleTypes = {
2790
2844
  const { query } = ctx.request;
2791
2845
  const documentManager2 = getService$1("document-manager");
2792
2846
  const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
2793
- const { locale } = await getDocumentLocaleAndStatus(query);
2847
+ const { locale } = await getDocumentLocaleAndStatus(query, model);
2794
2848
  if (permissionChecker2.cannot.read()) {
2795
2849
  return ctx.forbidden();
2796
2850
  }
@@ -2811,7 +2865,7 @@ const uid$1 = {
2811
2865
  async generateUID(ctx) {
2812
2866
  const { contentTypeUID, field, data } = await validateGenerateUIDInput(ctx.request.body);
2813
2867
  const { query = {} } = ctx.request;
2814
- const { locale } = await getDocumentLocaleAndStatus(query);
2868
+ const { locale } = await getDocumentLocaleAndStatus(query, contentTypeUID);
2815
2869
  await validateUIDField(contentTypeUID, field);
2816
2870
  const uidService = getService$1("uid");
2817
2871
  ctx.body = {
@@ -2823,7 +2877,7 @@ const uid$1 = {
2823
2877
  ctx.request.body
2824
2878
  );
2825
2879
  const { query = {} } = ctx.request;
2826
- const { locale } = await getDocumentLocaleAndStatus(query);
2880
+ const { locale } = await getDocumentLocaleAndStatus(query, contentTypeUID);
2827
2881
  await validateUIDField(contentTypeUID, field);
2828
2882
  const uidService = getService$1("uid");
2829
2883
  const isAvailable = await uidService.checkUIDAvailability({
@@ -3466,12 +3520,27 @@ const createPermissionChecker = (strapi2) => ({ userAbility, model }) => {
3466
3520
  ability: userAbility,
3467
3521
  model
3468
3522
  });
3469
- const toSubject = (entity) => entity ? permissionsManager.toSubject(entity, model) : model;
3523
+ const { actionProvider } = strapi2.service("admin::permission");
3524
+ const toSubject = (entity) => {
3525
+ return entity ? permissionsManager.toSubject(entity, model) : model;
3526
+ };
3470
3527
  const can = (action, entity, field) => {
3471
- return userAbility.can(action, toSubject(entity), field);
3528
+ const subject = toSubject(entity);
3529
+ const aliases = actionProvider.unstable_aliases(action, model);
3530
+ return (
3531
+ // Test the original action to see if it passes
3532
+ userAbility.can(action, subject, field) || // Else try every known alias if at least one of them succeed, then the user "can"
3533
+ aliases.some((alias) => userAbility.can(alias, subject, field))
3534
+ );
3472
3535
  };
3473
3536
  const cannot = (action, entity, field) => {
3474
- return userAbility.cannot(action, toSubject(entity), field);
3537
+ const subject = toSubject(entity);
3538
+ const aliases = actionProvider.unstable_aliases(action, model);
3539
+ return (
3540
+ // Test both the original action
3541
+ userAbility.cannot(action, subject, field) && // and every known alias, if all of them fail (cannot), then the user truly "cannot"
3542
+ aliases.every((alias) => userAbility.cannot(alias, subject, field))
3543
+ );
3475
3544
  };
3476
3545
  const sanitizeOutput = (data, { action = ACTIONS.read } = {}) => {
3477
3546
  return permissionsManager.sanitizeOutput(data, { subject: toSubject(data), action });
@@ -3748,6 +3817,10 @@ const getDeepPopulateDraftCount = (uid2) => {
3748
3817
  const attribute = model.attributes[attributeName];
3749
3818
  switch (attribute.type) {
3750
3819
  case "relation": {
3820
+ const isMorphRelation = attribute.relation.toLowerCase().startsWith("morph");
3821
+ if (isMorphRelation) {
3822
+ break;
3823
+ }
3751
3824
  if (isVisibleAttribute$1(model, attributeName)) {
3752
3825
  populateAcc[attributeName] = {
3753
3826
  count: true,
@@ -4125,7 +4198,13 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
4125
4198
  */
4126
4199
  async formatDocumentWithMetadata(uid2, document, opts = {}) {
4127
4200
  if (!document) {
4128
- return document;
4201
+ return {
4202
+ data: document,
4203
+ meta: {
4204
+ availableLocales: [],
4205
+ availableStatus: []
4206
+ }
4207
+ };
4129
4208
  }
4130
4209
  const hasDraftAndPublish = strapiUtils.contentTypes.hasDraftAndPublish(strapi2.getModel(uid2));
4131
4210
  if (!hasDraftAndPublish) {
@@ -4233,10 +4312,7 @@ const documentManager = ({ strapi: strapi2 }) => {
4233
4312
  async clone(id, body, uid2) {
4234
4313
  const populate = await buildDeepPopulate(uid2);
4235
4314
  const params = {
4236
- data: {
4237
- ...omitIdField(body),
4238
- [PUBLISHED_AT_ATTRIBUTE]: null
4239
- },
4315
+ data: omitIdField(body),
4240
4316
  populate
4241
4317
  };
4242
4318
  return strapi2.documents(uid2).clone({ ...params, documentId: id }).then((result) => result?.entries.at(0));