npm - @strapi/content-manager - Versions diffs - 0.0.0-experimental.cb311d9fcfbd8e441f790aea232f0a39bdd90e16 → 0.0.0-experimental.cb74730ce5154c26404d4dccca14976a22319002 - Mend

@strapi/content-manager 0.0.0-experimental.cb311d9fcfbd8e441f790aea232f0a39bdd90e16 → 0.0.0-experimental.cb74730ce5154c26404d4dccca14976a22319002

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (210) hide show

package/dist/server/index.mjs CHANGED Viewed

@@ -1,5 +1,5 @@
 import strapiUtils, { validateYupSchema, errors, async, contentTypes as contentTypes$1, yup as yup$1, validateYupSchemaSync, policy, traverse, setCreatorFields, isOperatorOfType, relations as relations$1, traverseEntity, pagination } from "@strapi/utils";
-import { pick, omit, difference, castArray, intersection, pipe, propOr, isEqual, isEmpty, set, isNil as isNil$1, has, prop, assoc, mapValues, flow, uniq, uniqBy, concat, getOr, propEq, merge, groupBy } from "lodash/fp";
+import { pick, omit, difference, castArray, mergeWith, intersection, pipe, propOr, isEqual, isEmpty, set, isNil as isNil$1, has, prop, assoc, mapValues, flow, uniq, uniqBy, concat, getOr, propEq, merge, groupBy } from "lodash/fp";
 import "@strapi/types";
 import * as yup from "yup";
 import { scheduleJob } from "node-schedule";
@@ -7,10 +7,10 @@ import isNil from "lodash/isNil";
 import _, { intersection as intersection$1, difference as difference$1 } from "lodash";
 import qs from "qs";
 import slugify from "@sindresorhus/slugify";
-const getService$1 = (name) => {
+const getService$2 = (name) => {
   return strapi.plugin("content-manager").service(name);
 };
-function getService(strapi2, name) {
+function getService$1(strapi2, name) {
   return strapi2.service(`plugin::content-manager.${name}`);
 }
 const historyRestoreVersionSchema = yup.object().shape({
@@ -46,7 +46,7 @@ const createHistoryVersionController = ({ strapi: strapi2 }) => {
       if (!isSingleType && (!contentTypeUid || !ctx.query.documentId)) {
         throw new errors.ForbiddenError("contentType and documentId are required");
       }
-      const permissionChecker2 = getService$1("permission-checker").create({
+      const permissionChecker2 = getService$2("permission-checker").create({
         userAbility: ctx.state.userAbility,
         model: ctx.query.contentType
       });
@@ -54,7 +54,7 @@ const createHistoryVersionController = ({ strapi: strapi2 }) => {
         return ctx.forbidden();
       }
       const query = await permissionChecker2.sanitizeQuery(ctx.query);
-      const { results, pagination: pagination2 } = await getService(strapi2, "history").findVersionsPage({
+      const { results, pagination: pagination2 } = await getService$1(strapi2, "history").findVersionsPage({
         query: {
           ...query,
           ...getValidPagination({ page: query.page, pageSize: query.pageSize })
@@ -79,14 +79,14 @@ const createHistoryVersionController = ({ strapi: strapi2 }) => {
     async restoreVersion(ctx) {
       const request = ctx.request;
       await validateRestoreVersion(request.body, "contentType is required");
-      const permissionChecker2 = getService$1("permission-checker").create({
+      const permissionChecker2 = getService$2("permission-checker").create({
         userAbility: ctx.state.userAbility,
         model: request.body.contentType
       });
       if (permissionChecker2.cannot.update()) {
         throw new errors.ForbiddenError();
       }
-      const restoredDocument = await getService(strapi2, "history").restoreVersion(
+      const restoredDocument = await getService$1(strapi2, "history").restoreVersion(
         request.params.versionId
       );
       return {
@@ -95,7 +95,7 @@ const createHistoryVersionController = ({ strapi: strapi2 }) => {
     }
   };
 };
-const controllers$1 = {
+const controllers$2 = {
   "history-version": createHistoryVersionController
   /**
    * Casting is needed because the types aren't aware that Strapi supports
@@ -141,8 +141,7 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
   };
   const getRelationRestoreValue = async (versionRelationData, attribute) => {
     if (Array.isArray(versionRelationData)) {
-      if (versionRelationData.length === 0)
-        return versionRelationData;
+      if (versionRelationData.length === 0) return versionRelationData;
       const existingAndMissingRelations = await Promise.all(
         versionRelationData.map((relation) => {
           return strapi2.documents(attribute.target).findOne({
@@ -173,10 +172,11 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
     return strapi2.db.query("plugin::upload.file").findOne({ where: { id: versionRelationData.id } });
   };
   const localesService = strapi2.plugin("i18n")?.service("locales");
+  const i18nContentTypeService = strapi2.plugin("i18n")?.service("content-types");
   const getDefaultLocale = async () => localesService ? localesService.getDefaultLocale() : null;
+  const isLocalizedContentType = (model) => i18nContentTypeService ? i18nContentTypeService.isLocalizedContentType(model) : false;
   const getLocaleDictionary = async () => {
-    if (!localesService)
-      return {};
+    if (!localesService) return {};
     const locales = await localesService.find() || [];
     return locales.reduce(
       (acc, locale) => {
@@ -200,6 +200,17 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
     const meta = await documentMetadataService.getMetadata(contentTypeUid, document);
     return documentMetadataService.getStatus(document, meta.availableStatus);
   };
+  const getComponentFields = (componentUID) => {
+    return Object.entries(strapi2.getModel(componentUID).attributes).reduce(
+      (fieldsAcc, [key, attribute]) => {
+        if (!["relation", "media", "component", "dynamiczone"].includes(attribute.type)) {
+          fieldsAcc.push(key);
+        }
+        return fieldsAcc;
+      },
+      []
+    );
+  };
   const getDeepPopulate2 = (uid2, useDatabaseSyntax = false) => {
     const model = strapi2.getModel(uid2);
     const attributes = Object.entries(model.attributes);
@@ -223,13 +234,19 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
         }
         case "component": {
           const populate = getDeepPopulate2(attribute.component);
-          acc[attributeName] = { populate };
+          acc[attributeName] = {
+            populate,
+            [fieldSelector]: getComponentFields(attribute.component)
+          };
           break;
         }
         case "dynamiczone": {
           const populatedComponents = (attribute.components || []).reduce(
             (acc2, componentUID) => {
-              acc2[componentUID] = { populate: getDeepPopulate2(componentUID) };
+              acc2[componentUID] = {
+                populate: getDeepPopulate2(componentUID),
+                [fieldSelector]: getComponentFields(componentUID)
+              };
               return acc2;
             },
             {}
@@ -291,6 +308,7 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
     getRelationRestoreValue,
     getMediaRestoreValue,
     getDefaultLocale,
+    isLocalizedContentType,
     getLocaleDictionary,
     getRetentionDays,
     getVersionStatus,
@@ -313,7 +331,13 @@ const createHistoryService = ({ strapi: strapi2 }) => {
       });
     },
     async findVersionsPage(params) {
-      const locale = params.query.locale || await serviceUtils.getDefaultLocale();
+      const model = strapi2.getModel(params.query.contentType);
+      const isLocalizedContentType = serviceUtils.isLocalizedContentType(model);
+      const defaultLocale = await serviceUtils.getDefaultLocale();
+      let locale = null;
+      if (isLocalizedContentType) {
+        locale = params.query.locale || defaultLocale;
+      }
       const [{ results, pagination: pagination2 }, localeDictionary] = await Promise.all([
         query.findPage({
           ...params.query,
@@ -335,7 +359,7 @@ const createHistoryService = ({ strapi: strapi2 }) => {
             const attributeValue = entry.data[attributeKey];
             const attributeValues = Array.isArray(attributeValue) ? attributeValue : [attributeValue];
             if (attributeSchema.type === "media") {
-              const permissionChecker2 = getService$1("permission-checker").create({
+              const permissionChecker2 = getService$2("permission-checker").create({
                 userAbility: params.state.userAbility,
                 model: "plugin::upload.file"
               });
@@ -358,7 +382,12 @@ const createHistoryService = ({ strapi: strapi2 }) => {
                     if (userToPopulate == null) {
                       return null;
                     }
-                    return strapi2.query("admin::user").findOne({ where: { id: userToPopulate.id } });
+                    return strapi2.query("admin::user").findOne({
+                      where: {
+                        ...userToPopulate.id ? { id: userToPopulate.id } : {},
+                        ...userToPopulate.documentId ? { documentId: userToPopulate.documentId } : {}
+                      }
+                    });
                   })
                 );
                 return {
@@ -371,7 +400,7 @@ const createHistoryService = ({ strapi: strapi2 }) => {
                   [attributeKey]: adminUsers
                 };
               }
-              const permissionChecker2 = getService$1("permission-checker").create({
+              const permissionChecker2 = getService$2("permission-checker").create({
                 userAbility: params.state.userAbility,
                 model: attributeSchema.target
               });
@@ -529,11 +558,13 @@ const createLifecyclesService = ({ strapi: strapi2 }) => {
         }
         const uid2 = context.contentType.uid;
         const schemas = getSchemas(uid2);
+        const model = strapi2.getModel(uid2);
+        const isLocalizedContentType = serviceUtils.isLocalizedContentType(model);
         const localeEntries = await strapi2.db.query(uid2).findMany({
           where: {
             documentId,
-            locale: { $in: locales },
-            publishedAt: null
+            ...isLocalizedContentType ? { locale: { $in: locales } } : {},
+            ...contentTypes$1.hasDraftAndPublish(strapi2.contentTypes[uid2]) ? { publishedAt: null } : {}
           },
           populate: serviceUtils.getDeepPopulate(
             uid2,
@@ -545,7 +576,7 @@ const createLifecyclesService = ({ strapi: strapi2 }) => {
           onCommit(async () => {
             for (const entry of localeEntries) {
               const status = await serviceUtils.getVersionStatus(uid2, entry);
-              await getService(strapi2, "history").createVersion({
+              await getService$1(strapi2, "history").createVersion({
                 contentType: uid2,
                 data: omit(FIELDS_TO_IGNORE, entry),
                 relatedDocumentId: documentId,
@@ -558,15 +589,19 @@ const createLifecyclesService = ({ strapi: strapi2 }) => {
         });
         return result;
       });
-      state.deleteExpiredJob = scheduleJob("0 0 * * *", () => {
+      state.deleteExpiredJob = scheduleJob("historyDaily", "0 0 * * *", () => {
         const retentionDaysInMilliseconds = serviceUtils.getRetentionDays() * 24 * 60 * 60 * 1e3;
         const expirationDate = new Date(Date.now() - retentionDaysInMilliseconds);
         strapi2.db.query(HISTORY_VERSION_UID).deleteMany({
           where: {
             created_at: {
-              $lt: expirationDate.toISOString()
+              $lt: expirationDate
             }
           }
+        }).catch((error) => {
+          if (error instanceof Error) {
+            strapi2.log.error("Error deleting expired history versions", error.message);
+          }
         });
       });
       state.isInitialized = true;
@@ -578,17 +613,17 @@ const createLifecyclesService = ({ strapi: strapi2 }) => {
     }
   };
 };
-const services$1 = {
+const services$2 = {
   history: createHistoryService,
   lifecycles: createLifecyclesService
 };
-const info = { pluginName: "content-manager", type: "admin" };
+const info$1 = { pluginName: "content-manager", type: "admin" };
 const historyVersionRouter = {
   type: "admin",
   routes: [
     {
       method: "GET",
-      info,
+      info: info$1,
       path: "/history-versions",
       handler: "history-version.findMany",
       config: {
@@ -597,7 +632,7 @@ const historyVersionRouter = {
     },
     {
       method: "PUT",
-      info,
+      info: info$1,
       path: "/history-versions/:versionId/restore",
       handler: "history-version.restoreVersion",
       config: {
@@ -606,7 +641,7 @@ const historyVersionRouter = {
     }
   ]
 };
-const routes$1 = {
+const routes$2 = {
   "history-version": historyVersionRouter
 };
 const historyVersion = {
@@ -653,21 +688,21 @@ const historyVersion = {
     }
   }
 };
-const getFeature = () => {
+const getFeature$1 = () => {
   if (strapi.ee.features.isEnabled("cms-content-history")) {
     return {
       register({ strapi: strapi2 }) {
         strapi2.get("models").add(historyVersion);
       },
       bootstrap({ strapi: strapi2 }) {
-        getService(strapi2, "lifecycles").bootstrap();
+        getService$1(strapi2, "lifecycles").bootstrap();
       },
       destroy({ strapi: strapi2 }) {
-        getService(strapi2, "lifecycles").destroy();
+        getService$1(strapi2, "lifecycles").destroy();
       },
-      controllers: controllers$1,
-      services: services$1,
-      routes: routes$1
+      controllers: controllers$2,
+      services: services$2,
+      routes: routes$2
     };
   }
   return {
@@ -676,9 +711,205 @@ const getFeature = () => {
     }
   };
 };
-const history = getFeature();
+const history = getFeature$1();
+const FEATURE_ID = "preview";
+const info = { pluginName: "content-manager", type: "admin" };
+const previewRouter = {
+  type: "admin",
+  routes: [
+    {
+      method: "GET",
+      info,
+      path: "/preview/url/:contentType",
+      handler: "preview.getPreviewUrl",
+      config: {
+        policies: ["admin::isAuthenticatedAdmin"]
+      }
+    }
+  ]
+};
+const routes$1 = {
+  preview: previewRouter
+};
+function getService(strapi2, name) {
+  return strapi2.service(`plugin::content-manager.${name}`);
+}
+const getPreviewUrlSchema = yup.object().shape({
+  // Will be undefined for single types
+  documentId: yup.string(),
+  locale: yup.string().nullable(),
+  status: yup.string()
+}).required();
+const validatePreviewUrl = async (strapi2, uid2, params) => {
+  await validateYupSchema(getPreviewUrlSchema)(params);
+  const newParams = pick(["documentId", "locale", "status"], params);
+  const model = strapi2.getModel(uid2);
+  if (!model || model.modelType !== "contentType") {
+    throw new errors.ValidationError("Invalid content type");
+  }
+  const isSingleType = model?.kind === "singleType";
+  if (!isSingleType && !params.documentId) {
+    throw new errors.ValidationError("documentId is required for Collection Types");
+  }
+  if (isSingleType) {
+    const doc = await strapi2.documents(uid2).findFirst();
+    if (!doc) {
+      throw new errors.NotFoundError("Document not found");
+    }
+    newParams.documentId = doc?.documentId;
+  }
+  if (!newParams.status) {
+    const isDPEnabled = model?.options?.draftAndPublish;
+    newParams.status = isDPEnabled ? "draft" : "published";
+  }
+  return newParams;
+};
+const createPreviewController = () => {
+  return {
+    /**
+     * Transforms an entry into a preview URL, so that it can be previewed
+     * in the Content Manager.
+     */
+    async getPreviewUrl(ctx) {
+      const uid2 = ctx.params.contentType;
+      const query = ctx.request.query;
+      const params = await validatePreviewUrl(strapi, uid2, query);
+      const previewService = getService(strapi, "preview");
+      const url = await previewService.getPreviewUrl(uid2, params);
+      if (!url) {
+        ctx.status = 204;
+      }
+      return {
+        data: { url }
+      };
+    }
+  };
+};
+const controllers$1 = {
+  preview: createPreviewController
+  /**
+   * Casting is needed because the types aren't aware that Strapi supports
+   * passing a controller factory as the value, instead of a controller object directly
+   */
+};
+const createPreviewService = ({ strapi: strapi2 }) => {
+  const config = getService(strapi2, "preview-config");
+  return {
+    async getPreviewUrl(uid2, params) {
+      const handler = config.getPreviewHandler();
+      try {
+        return handler(uid2, params);
+      } catch (error) {
+        strapi2.log.error(`Failed to get preview URL: ${error}`);
+        throw new errors.ApplicationError("Failed to get preview URL");
+      }
+      return;
+    }
+  };
+};
+const extendMiddlewareConfiguration = (middleware = { name: "", config: {} }) => {
+  const middlewares = strapi.config.get("middlewares");
+  const configuredMiddlewares = middlewares.map((currentMiddleware) => {
+    if (currentMiddleware === middleware.name) {
+      return middleware;
+    }
+    if (currentMiddleware.name === middleware.name) {
+      return mergeWith(
+        (objValue, srcValue) => {
+          if (Array.isArray(objValue)) {
+            return objValue.concat(srcValue);
+          }
+          return void 0;
+        },
+        currentMiddleware,
+        middleware
+      );
+    }
+    return currentMiddleware;
+  });
+  strapi.config.set("middlewares", configuredMiddlewares);
+};
+const createPreviewConfigService = ({ strapi: strapi2 }) => {
+  return {
+    register() {
+      if (!this.isEnabled()) {
+        return;
+      }
+      const config = strapi2.config.get("admin.preview");
+      if (config.config?.allowedOrigins) {
+        extendMiddlewareConfiguration({
+          name: "strapi::security",
+          config: {
+            contentSecurityPolicy: {
+              directives: {
+                "frame-src": config.config.allowedOrigins
+              }
+            }
+          }
+        });
+      }
+    },
+    isEnabled() {
+      const config = strapi2.config.get("admin.preview");
+      if (!config) {
+        return false;
+      }
+      return config?.enabled ?? true;
+    },
+    /**
+     * Validate if the configuration is valid
+     */
+    validate() {
+      if (!this.isEnabled()) {
+        return;
+      }
+      const handler = this.getPreviewHandler();
+      if (typeof handler !== "function") {
+        throw new errors.ValidationError(
+          "Preview configuration is invalid. Handler must be a function"
+        );
+      }
+    },
+    /**
+     * Utility to get the preview handler from the configuration
+     */
+    getPreviewHandler() {
+      const config = strapi2.config.get("admin.preview");
+      const emptyHandler = () => {
+        return void 0;
+      };
+      if (!this.isEnabled()) {
+        return emptyHandler;
+      }
+      return config?.config?.handler || emptyHandler;
+    }
+  };
+};
+const services$1 = {
+  preview: createPreviewService,
+  "preview-config": createPreviewConfigService
+};
+const getFeature = () => {
+  if (!strapi.features.future.isEnabled(FEATURE_ID)) {
+    return {};
+  }
+  return {
+    register() {
+      const config = getService(strapi, "preview-config");
+      config.validate();
+      config.register();
+    },
+    bootstrap() {
+    },
+    routes: routes$1,
+    controllers: controllers$1,
+    services: services$1
+  };
+};
+const preview = getFeature();
 const register = async ({ strapi: strapi2 }) => {
   await history.register?.({ strapi: strapi2 });
+  await preview.register?.({ strapi: strapi2 });
 };
 const ALLOWED_WEBHOOK_EVENTS = {
   ENTRY_PUBLISH: "entry.publish",
@@ -688,11 +919,12 @@ const bootstrap = async () => {
   Object.entries(ALLOWED_WEBHOOK_EVENTS).forEach(([key, value]) => {
     strapi.get("webhookStore").addAllowedEvent(key, value);
   });
-  getService$1("field-sizes").setCustomFieldInputSizes();
-  await getService$1("components").syncConfigurations();
-  await getService$1("content-types").syncConfigurations();
-  await getService$1("permission").registerPermissions();
+  getService$2("field-sizes").setCustomFieldInputSizes();
+  await getService$2("components").syncConfigurations();
+  await getService$2("content-types").syncConfigurations();
+  await getService$2("permission").registerPermissions();
   await history.bootstrap?.({ strapi });
+  await preview.bootstrap?.({ strapi });
 };
 const destroy = async ({ strapi: strapi2 }) => {
   await history.destroy?.({ strapi: strapi2 });
@@ -1182,7 +1414,8 @@ const admin = {
 };
 const routes = {
   admin,
-  ...history.routes ? history.routes : {}
+  ...history.routes ? history.routes : {},
+  ...preview.routes ? preview.routes : {}
 };
 const hasPermissionsSchema = yup$1.object({
   actions: yup$1.array().of(yup$1.string()),
@@ -1193,6 +1426,11 @@ const { createPolicy } = policy;
 const hasPermissions = createPolicy({
   name: "plugin::content-manager.hasPermissions",
   validator: validateHasPermissionsInput,
+  /**
+   * NOTE: Action aliases are currently not checked at this level (policy).
+   *       This is currently the intended behavior to avoid changing the behavior of API related permissions.
+   *       If you want to add support for it, please create a dedicated RFC with a list of potential side effect this could have.
+   */
   handler(ctx, config = {}) {
     const { actions = [], hasAtLeastOne = false } = config;
     const { userAbility } = ctx.state;
@@ -1240,8 +1478,7 @@ const isSortable = (schema, name) => {
   if (!_.has(schema.attributes, name)) {
     return false;
   }
-  if (schema.modelType === "component" && name === "id")
-    return false;
+  if (schema.modelType === "component" && name === "id") return false;
   const attribute = schema.attributes[name];
   if (NON_SORTABLES.includes(attribute.type)) {
     return false;
@@ -1386,8 +1623,7 @@ const createDefaultSettings = async (schema) => {
   };
 };
 const syncSettings = async (configuration, schema) => {
-  if (isEmpty(configuration.settings))
-    return createDefaultSettings(schema);
+  if (isEmpty(configuration.settings)) return createDefaultSettings(schema);
   const defaultField = getDefaultMainField(schema);
   const { mainField = defaultField, defaultSortBy = defaultField } = configuration.settings || {};
   return {
@@ -1434,7 +1670,7 @@ const createMetadasSchema = (schema) => {
             if (!value) {
               return yup$1.string();
             }
-            const targetSchema = getService$1("content-types").findContentType(
+            const targetSchema = getService$2("content-types").findContentType(
               schema.attributes[key].targetModel
             );
             if (!targetSchema) {
@@ -1563,8 +1799,7 @@ const excludeNotCreatableFields = (uid2, permissionChecker2) => (body, path = []
     }
     switch (attribute.type) {
       case "relation": {
-        if (canCreate(attributePath))
-          return body2;
+        if (canCreate(attributePath)) return body2;
         return set(attributePath, { set: [] }, body2);
       }
       case "component": {
@@ -1574,8 +1809,7 @@ const excludeNotCreatableFields = (uid2, permissionChecker2) => (body, path = []
         ]);
       }
       default: {
-        if (canCreate(attributePath))
-          return body2;
+        if (canCreate(attributePath)) return body2;
         return set(attributePath, null, body2);
       }
     }
@@ -1603,7 +1837,7 @@ const getDocumentLocaleAndStatus = async (request, model, opts = { allowMultiple
   }
 };
 const formatDocumentWithMetadata = async (permissionChecker2, uid2, document, opts = {}) => {
-  const documentMetadata2 = getService$1("document-metadata");
+  const documentMetadata2 = getService$2("document-metadata");
   const serviceOutput = await documentMetadata2.formatDocumentWithMetadata(uid2, document, opts);
   let {
     meta: { availableLocales, availableStatus }
@@ -1629,8 +1863,8 @@ const createDocument = async (ctx, opts) => {
   const { userAbility, user } = ctx.state;
   const { model } = ctx.params;
   const { body } = ctx.request;
-  const documentManager2 = getService$1("document-manager");
-  const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+  const documentManager2 = getService$2("document-manager");
+  const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
   if (permissionChecker2.cannot.create()) {
     throw new errors.ForbiddenError();
   }
@@ -1650,13 +1884,13 @@ const updateDocument = async (ctx, opts) => {
   const { userAbility, user } = ctx.state;
   const { id, model } = ctx.params;
   const { body } = ctx.request;
-  const documentManager2 = getService$1("document-manager");
-  const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+  const documentManager2 = getService$2("document-manager");
+  const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
   if (permissionChecker2.cannot.update()) {
     throw new errors.ForbiddenError();
   }
   const permissionQuery = await permissionChecker2.sanitizedQuery.update(ctx.query);
-  const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
+  const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
   const { locale } = await getDocumentLocaleAndStatus(body, model);
   const [documentVersion, documentExists] = await Promise.all([
     documentManager2.findOne(id, model, { populate, locale, status: "draft" }),
@@ -1673,7 +1907,7 @@ const updateDocument = async (ctx, opts) => {
     throw new errors.ForbiddenError();
   }
   const pickPermittedFields = documentVersion ? permissionChecker2.sanitizeUpdateInput(documentVersion) : permissionChecker2.sanitizeCreateInput;
-  const setCreator = setCreatorFields({ user, isEdition: true });
+  const setCreator = documentVersion ? setCreatorFields({ user, isEdition: true }) : setCreatorFields({ user });
   const sanitizeFn = async.pipe(pickPermittedFields, setCreator);
   const sanitizedBody = await sanitizeFn(body);
   return documentManager2.update(documentVersion?.documentId || id, model, {
@@ -1687,14 +1921,14 @@ const collectionTypes = {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { query } = ctx.request;
-    const documentMetadata2 = getService$1("document-metadata");
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentMetadata2 = getService$2("document-metadata");
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(1).countRelations({ toOne: false, toMany: true }).build();
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(1).countRelations({ toOne: false, toMany: true }).build();
     const { locale, status } = await getDocumentLocaleAndStatus(query, model);
     const { results: documents, pagination: pagination2 } = await documentManager2.findPage(
       { ...permissionQuery, populate, locale, status },
@@ -1723,13 +1957,13 @@ const collectionTypes = {
   async findOne(ctx) {
     const { userAbility } = ctx.state;
     const { model, id } = ctx.params;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
     const { locale, status } = await getDocumentLocaleAndStatus(ctx.query, model);
     const version = await documentManager2.findOne(id, model, {
       populate,
@@ -1745,7 +1979,7 @@ const collectionTypes = {
         permissionChecker2,
         model,
         // @ts-expect-error TODO: fix
-        { id, locale, publishedAt: null },
+        { documentId: id, locale, publishedAt: null },
         { availableLocales: true, availableStatus: false }
       );
       ctx.body = { data: {}, meta };
@@ -1760,7 +1994,7 @@ const collectionTypes = {
   async create(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     const [totalEntries, document] = await Promise.all([
       strapi.db.query(model).count(),
       createDocument(ctx)
@@ -1781,7 +2015,7 @@ const collectionTypes = {
   async update(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     const updatedVersion = await updateDocument(ctx);
     const sanitizedVersion = await permissionChecker2.sanitizeOutput(updatedVersion);
     ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedVersion);
@@ -1790,13 +2024,13 @@ const collectionTypes = {
     const { userAbility, user } = ctx.state;
     const { model, sourceId: id } = ctx.params;
     const { body } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.create()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.create(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
     const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await documentManager2.findOne(id, model, {
       populate,
@@ -1835,13 +2069,13 @@ const collectionTypes = {
   async delete(ctx) {
     const { userAbility } = ctx.state;
     const { id, model } = ctx.params;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.delete()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.delete(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
     const { locale } = await getDocumentLocaleAndStatus(ctx.query, model);
     const documentLocales = await documentManager2.findLocales(id, model, { populate, locale });
     if (documentLocales.length === 0) {
@@ -1863,14 +2097,14 @@ const collectionTypes = {
     const { userAbility } = ctx.state;
     const { id, model } = ctx.params;
     const { body } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.publish()) {
       return ctx.forbidden();
     }
     const publishedDocument = await strapi.db.transaction(async () => {
       const permissionQuery = await permissionChecker2.sanitizedQuery.publish(ctx.query);
-      const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
+      const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
       let document;
       const { locale } = await getDocumentLocaleAndStatus(body, model);
       const isCreate = isNil$1(id);
@@ -1882,11 +2116,17 @@ const collectionTypes = {
       }
       const isUpdate = !isCreate;
       if (isUpdate) {
-        document = await documentManager2.findOne(id, model, { populate, locale });
-        if (!document) {
+        const documentExists = documentManager2.exists(model, id);
+        if (!documentExists) {
           throw new errors.NotFoundError("Document not found");
         }
-        if (permissionChecker2.can.update(document)) {
+        document = await documentManager2.findOne(id, model, { populate, locale });
+        if (!document) {
+          if (permissionChecker2.cannot.create({ locale }) || permissionChecker2.cannot.publish({ locale })) {
+            throw new errors.ForbiddenError();
+          }
+          document = await updateDocument(ctx);
+        } else if (permissionChecker2.can.update(document)) {
           await updateDocument(ctx);
         }
       }
@@ -1912,13 +2152,13 @@ const collectionTypes = {
     const { body } = ctx.request;
     const { documentIds } = body;
     await validateBulkActionInput(body);
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.publish()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.publish(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
     const { locale } = await getDocumentLocaleAndStatus(body, model, {
       allowMultipleLocales: true
     });
@@ -1943,12 +2183,14 @@ const collectionTypes = {
     const { body } = ctx.request;
     const { documentIds } = body;
     await validateBulkActionInput(body);
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.unpublish()) {
       return ctx.forbidden();
     }
-    const { locale } = await getDocumentLocaleAndStatus(body, model);
+    const { locale } = await getDocumentLocaleAndStatus(body, model, {
+      allowMultipleLocales: true
+    });
     const entityPromises = documentIds.map(
       (documentId) => documentManager2.findLocales(documentId, model, { locale, isPublished: true })
     );
@@ -1971,8 +2213,8 @@ const collectionTypes = {
     const {
       body: { discardDraft, ...body }
     } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.unpublish()) {
       return ctx.forbidden();
     }
@@ -1980,7 +2222,7 @@ const collectionTypes = {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.unpublish(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
     const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await documentManager2.findOne(id, model, {
       populate,
@@ -2011,13 +2253,13 @@ const collectionTypes = {
     const { userAbility } = ctx.state;
     const { id, model } = ctx.params;
     const { body } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.discard()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.discard(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
     const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await documentManager2.findOne(id, model, {
       populate,
@@ -2042,13 +2284,13 @@ const collectionTypes = {
     const { query, body } = ctx.request;
     const { documentIds } = body;
     await validateBulkActionInput(body);
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.delete()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.delete(query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
     const { locale } = await getDocumentLocaleAndStatus(body, model);
     const documentLocales = await documentManager2.findLocales(documentIds, model, {
       populate,
@@ -2069,13 +2311,13 @@ const collectionTypes = {
   async countDraftRelations(ctx) {
     const { userAbility } = ctx.state;
     const { model, id } = ctx.params;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
     const { locale, status } = await getDocumentLocaleAndStatus(ctx.query, model);
     const entity = await documentManager2.findOne(id, model, { populate, locale, status });
     if (!entity) {
@@ -2094,8 +2336,8 @@ const collectionTypes = {
     const ids = ctx.request.query.documentIds;
     const locale = ctx.request.query.locale;
     const { model } = ctx.params;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
@@ -2119,13 +2361,13 @@ const collectionTypes = {
 };
 const components$1 = {
   findComponents(ctx) {
-    const components2 = getService$1("components").findAllComponents();
-    const { toDto } = getService$1("data-mapper");
+    const components2 = getService$2("components").findAllComponents();
+    const { toDto } = getService$2("data-mapper");
     ctx.body = { data: components2.map(toDto) };
   },
   async findComponentConfiguration(ctx) {
     const { uid: uid2 } = ctx.params;
-    const componentService = getService$1("components");
+    const componentService = getService$2("components");
     const component = componentService.findComponent(uid2);
     if (!component) {
       return ctx.notFound("component.notFound");
@@ -2142,7 +2384,7 @@ const components$1 = {
   async updateComponentConfiguration(ctx) {
     const { uid: uid2 } = ctx.params;
     const { body } = ctx.request;
-    const componentService = getService$1("components");
+    const componentService = getService$2("components");
     const component = componentService.findComponent(uid2);
     if (!component) {
       return ctx.notFound("component.notFound");
@@ -2176,12 +2418,12 @@ const contentTypes = {
     } catch (error) {
       return ctx.send({ error }, 400);
     }
-    const contentTypes2 = getService$1("content-types").findContentTypesByKind(kind);
-    const { toDto } = getService$1("data-mapper");
+    const contentTypes2 = getService$2("content-types").findContentTypesByKind(kind);
+    const { toDto } = getService$2("data-mapper");
     ctx.body = { data: contentTypes2.map(toDto) };
   },
   async findContentTypesSettings(ctx) {
-    const { findAllContentTypes, findConfiguration } = getService$1("content-types");
+    const { findAllContentTypes, findConfiguration } = getService$2("content-types");
     const contentTypes2 = await findAllContentTypes();
     const configurations = await Promise.all(
       contentTypes2.map(async (contentType) => {
@@ -2195,7 +2437,7 @@ const contentTypes = {
   },
   async findContentTypeConfiguration(ctx) {
     const { uid: uid2 } = ctx.params;
-    const contentTypeService = getService$1("content-types");
+    const contentTypeService = getService$2("content-types");
     const contentType = await contentTypeService.findContentType(uid2);
     if (!contentType) {
       return ctx.notFound("contentType.notFound");
@@ -2217,13 +2459,13 @@ const contentTypes = {
     const { userAbility } = ctx.state;
     const { uid: uid2 } = ctx.params;
     const { body } = ctx.request;
-    const contentTypeService = getService$1("content-types");
-    const metricsService = getService$1("metrics");
+    const contentTypeService = getService$2("content-types");
+    const metricsService = getService$2("metrics");
     const contentType = await contentTypeService.findContentType(uid2);
     if (!contentType) {
       return ctx.notFound("contentType.notFound");
     }
-    if (!getService$1("permission").canConfigureContentType({ userAbility, contentType })) {
+    if (!getService$2("permission").canConfigureContentType({ userAbility, contentType })) {
       return ctx.forbidden();
     }
     let input;
@@ -2256,10 +2498,10 @@ const contentTypes = {
 };
 const init = {
   getInitData(ctx) {
-    const { toDto } = getService$1("data-mapper");
-    const { findAllComponents } = getService$1("components");
-    const { getAllFieldSizes } = getService$1("field-sizes");
-    const { findAllContentTypes } = getService$1("content-types");
+    const { toDto } = getService$2("data-mapper");
+    const { findAllComponents } = getService$2("components");
+    const { getAllFieldSizes } = getService$2("field-sizes");
+    const { findAllContentTypes } = getService$2("content-types");
     ctx.body = {
       data: {
         fieldSizes: getAllFieldSizes(),
@@ -2295,36 +2537,41 @@ const addFiltersClause = (params, filtersClause) => {
   params.filters.$and.push(filtersClause);
 };
 const sanitizeMainField = (model, mainField, userAbility) => {
-  const permissionChecker2 = getService$1("permission-checker").create({
+  const permissionChecker2 = getService$2("permission-checker").create({
     userAbility,
     model: model.uid
   });
-  if (!isListable(model, mainField)) {
+  const isMainFieldListable = isListable(model, mainField);
+  const canReadMainField = permissionChecker2.can.read(null, mainField);
+  if (!isMainFieldListable || !canReadMainField) {
     return "id";
   }
-  if (permissionChecker2.cannot.read(null, mainField)) {
-    if (model.uid === "plugin::users-permissions.role") {
-      const userPermissionChecker = getService$1("permission-checker").create({
-        userAbility,
-        model: "plugin::users-permissions.user"
-      });
-      if (userPermissionChecker.can.read()) {
-        return "name";
-      }
-    }
-    return "id";
+  if (model.uid === "plugin::users-permissions.role") {
+    return "name";
   }
   return mainField;
 };
-const addStatusToRelations = async (uid2, relations2) => {
-  if (!contentTypes$1.hasDraftAndPublish(strapi.contentTypes[uid2])) {
+const addStatusToRelations = async (targetUid, relations2) => {
+  if (!contentTypes$1.hasDraftAndPublish(strapi.getModel(targetUid))) {
     return relations2;
   }
-  const documentMetadata2 = getService$1("document-metadata");
-  const documentsAvailableStatus = await documentMetadata2.getManyAvailableStatus(uid2, relations2);
+  const documentMetadata2 = getService$2("document-metadata");
+  if (!relations2.length) {
+    return relations2;
+  }
+  const firstRelation = relations2[0];
+  const filters = {
+    documentId: { $in: relations2.map((r) => r.documentId) },
+    // NOTE: find the "opposite" status
+    publishedAt: firstRelation.publishedAt !== null ? { $null: true } : { $notNull: true }
+  };
+  const availableStatus = await strapi.query(targetUid).findMany({
+    select: ["id", "documentId", "locale", "updatedAt", "createdAt", "publishedAt"],
+    filters
+  });
   return relations2.map((relation) => {
-    const availableStatuses = documentsAvailableStatus.filter(
-      (availableDocument) => availableDocument.documentId === relation.documentId
+    const availableStatuses = availableStatus.filter(
+      (availableDocument) => availableDocument.documentId === relation.documentId && (relation.locale ? availableDocument.locale === relation.locale : true)
     );
     return {
       ...relation,
@@ -2345,11 +2592,8 @@ const validateLocale = (sourceUid, targetUid, locale) => {
   const isLocalized = strapi.plugin("i18n").service("content-types").isLocalizedContentType;
   const isSourceLocalized = isLocalized(sourceModel);
   const isTargetLocalized = isLocalized(targetModel);
-  let validatedLocale = locale;
-  if (!targetModel || !isTargetLocalized)
-    validatedLocale = void 0;
   return {
-    locale: validatedLocale,
+    locale,
     isSourceLocalized,
     isTargetLocalized
   };
@@ -2358,8 +2602,7 @@ const validateStatus = (sourceUid, status) => {
   const sourceModel = strapi.getModel(sourceUid);
   const isDP = contentTypes$1.hasDraftAndPublish;
   const isSourceDP = isDP(sourceModel);
-  if (!isSourceDP)
-    return { status: void 0 };
+  if (!isSourceDP) return { status: void 0 };
   switch (status) {
     case "published":
       return { status: "published" };
@@ -2389,7 +2632,7 @@ const relations = {
       ctx.request?.query?.locale
     );
     const { status } = validateStatus(sourceUid, ctx.request?.query?.status);
-    const permissionChecker2 = getService$1("permission-checker").create({
+    const permissionChecker2 = getService$2("permission-checker").create({
       userAbility,
       model
     });
@@ -2414,7 +2657,7 @@ const relations = {
         where.id = id;
       }
       const permissionQuery = await permissionChecker2.sanitizedQuery.read(ctx.query);
-      const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
+      const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
       const currentEntity = await strapi.db.query(model).findOne({
         where,
         populate
@@ -2429,7 +2672,7 @@ const relations = {
       }
       entryId = currentEntity.id;
     }
-    const modelConfig = isComponent2 ? await getService$1("components").findConfiguration(sourceSchema) : await getService$1("content-types").findConfiguration(sourceSchema);
+    const modelConfig = isComponent2 ? await getService$2("components").findConfiguration(sourceSchema) : await getService$2("content-types").findConfiguration(sourceSchema);
     const targetSchema = strapi.getModel(targetUid);
     const mainField = flow(
       prop(`metadatas.${targetField}.edit.mainField`),
@@ -2452,7 +2695,7 @@ const relations = {
       attribute,
       fieldsToSelect,
       mainField,
-      source: { schema: sourceSchema },
+      source: { schema: sourceSchema, isLocalized: isSourceLocalized },
       target: { schema: targetSchema, isLocalized: isTargetLocalized },
       sourceSchema,
       targetSchema,
@@ -2474,7 +2717,8 @@ const relations = {
       fieldsToSelect,
       mainField,
       source: {
-        schema: { uid: sourceUid, modelType: sourceModelType }
+        schema: { uid: sourceUid, modelType: sourceModelType },
+        isLocalized: isSourceLocalized
       },
       target: {
         schema: { uid: targetUid },
@@ -2482,7 +2726,7 @@ const relations = {
       }
     } = await this.extractAndValidateRequestInfo(ctx, id);
     const { idsToOmit, idsToInclude, _q, ...query } = ctx.request.query;
-    const permissionChecker2 = getService$1("permission-checker").create({
+    const permissionChecker2 = getService$2("permission-checker").create({
       userAbility: ctx.state.userAbility,
       model: targetUid
     });
@@ -2512,12 +2756,16 @@ const relations = {
       } else {
         where.id = id;
       }
-      if (status) {
-        where[`${alias}.published_at`] = getPublishedAtClause(status, targetUid);
+      const publishedAt = getPublishedAtClause(status, targetUid);
+      if (!isEmpty(publishedAt)) {
+        where[`${alias}.published_at`] = publishedAt;
       }
-      if (filterByLocale) {
+      if (isTargetLocalized && locale) {
         where[`${alias}.locale`] = locale;
       }
+      if (isSourceLocalized && locale) {
+        where.locale = locale;
+      }
       if ((idsToInclude?.length ?? 0) !== 0) {
         where[`${alias}.id`].$notIn = idsToInclude;
       }
@@ -2535,7 +2783,8 @@ const relations = {
         id: { $notIn: uniq(idsToOmit) }
       });
     }
-    const res = await strapi.db.query(targetUid).findPage(strapi.get("query-params").transform(targetUid, queryParams));
+    const dbQuery = strapi.get("query-params").transform(targetUid, queryParams);
+    const res = await strapi.db.query(targetUid).findPage(dbQuery);
     ctx.body = {
       ...res,
       results: await addStatusToRelations(targetUid, res.results)
@@ -2550,29 +2799,39 @@ const relations = {
       attribute,
       targetField,
       fieldsToSelect,
-      source: {
-        schema: { uid: sourceUid }
-      },
-      target: {
-        schema: { uid: targetUid }
-      }
+      status,
+      source: { schema: sourceSchema },
+      target: { schema: targetSchema }
     } = await this.extractAndValidateRequestInfo(ctx, id);
-    const permissionQuery = await getService$1("permission-checker").create({ userAbility, model: targetUid }).sanitizedQuery.read({ fields: fieldsToSelect });
+    const { uid: sourceUid } = sourceSchema;
+    const { uid: targetUid } = targetSchema;
+    const permissionQuery = await getService$2("permission-checker").create({ userAbility, model: targetUid }).sanitizedQuery.read({ fields: fieldsToSelect });
     const dbQuery = strapi.db.query(sourceUid);
     const loadRelations = relations$1.isAnyToMany(attribute) ? (...args) => dbQuery.loadPages(...args) : (...args) => dbQuery.load(...args).then((res2) => ({ results: res2 ? [res2] : [] }));
+    const filters = {};
+    if (sourceSchema?.options?.draftAndPublish) {
+      if (targetSchema?.options?.draftAndPublish) {
+        if (status === "published") {
+          filters.publishedAt = { $notNull: true };
+        } else {
+          filters.publishedAt = { $null: true };
+        }
+      }
+    } else if (targetSchema?.options?.draftAndPublish) {
+      filters.publishedAt = { $null: true };
+    }
     const res = await loadRelations({ id: entryId }, targetField, {
-      select: ["id", "documentId", "locale", "publishedAt"],
+      select: ["id", "documentId", "locale", "publishedAt", "updatedAt"],
       ordering: "desc",
       page: ctx.request.query.page,
-      pageSize: ctx.request.query.pageSize
+      pageSize: ctx.request.query.pageSize,
+      filters
     });
     const loadedIds = res.results.map((item) => item.id);
     addFiltersClause(permissionQuery, { id: { $in: loadedIds } });
     const sanitizedRes = await loadRelations({ id: entryId }, targetField, {
       ...strapi.get("query-params").transform(targetUid, permissionQuery),
-      ordering: "desc",
-      page: ctx.request.query.page,
-      pageSize: ctx.request.query.pageSize
+      ordering: "desc"
     });
     const relationsUnion = uniqBy("id", concat(sanitizedRes.results, res.results));
     ctx.body = {
@@ -2587,10 +2846,10 @@ const relations = {
   }
 };
 const buildPopulateFromQuery = async (query, model) => {
-  return getService$1("populate-builder")(model).populateFromQuery(query).populateDeep(Infinity).countRelations().build();
+  return getService$2("populate-builder")(model).populateFromQuery(query).populateDeep(Infinity).countRelations().build();
 };
 const findDocument = async (query, uid2, opts = {}) => {
-  const documentManager2 = getService$1("document-manager");
+  const documentManager2 = getService$2("document-manager");
   const populate = await buildPopulateFromQuery(query, uid2);
   return documentManager2.findMany({ ...opts, populate }, uid2).then((documents) => documents[0]);
 };
@@ -2598,8 +2857,8 @@ const createOrUpdateDocument = async (ctx, opts) => {
   const { user, userAbility } = ctx.state;
   const { model } = ctx.params;
   const { body, query } = ctx.request;
-  const documentManager2 = getService$1("document-manager");
-  const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+  const documentManager2 = getService$2("document-manager");
+  const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
   if (permissionChecker2.cannot.create() && permissionChecker2.cannot.update()) {
     throw new errors.ForbiddenError();
   }
@@ -2640,7 +2899,7 @@ const singleTypes = {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { query = {} } = ctx.request;
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
@@ -2659,7 +2918,7 @@ const singleTypes = {
         permissionChecker2,
         model,
         // @ts-expect-error - fix types
-        { id: document.documentId, locale, publishedAt: null },
+        { documentId: document.documentId, locale, publishedAt: null },
         { availableLocales: true, availableStatus: false }
       );
       ctx.body = { data: {}, meta };
@@ -2674,7 +2933,7 @@ const singleTypes = {
   async createOrUpdate(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     const document = await createOrUpdateDocument(ctx);
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(document);
     ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument);
@@ -2683,8 +2942,8 @@ const singleTypes = {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { query = {} } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.delete()) {
       return ctx.forbidden();
     }
@@ -2712,8 +2971,8 @@ const singleTypes = {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { query = {} } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.publish()) {
       return ctx.forbidden();
     }
@@ -2741,8 +3000,8 @@ const singleTypes = {
       body: { discardDraft, ...body },
       query = {}
     } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.unpublish()) {
       return ctx.forbidden();
     }
@@ -2776,8 +3035,8 @@ const singleTypes = {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { body, query = {} } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.discard()) {
       return ctx.forbidden();
     }
@@ -2800,8 +3059,8 @@ const singleTypes = {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { query } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     const { locale } = await getDocumentLocaleAndStatus(query, model);
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
@@ -2825,7 +3084,7 @@ const uid$1 = {
     const { query = {} } = ctx.request;
     const { locale } = await getDocumentLocaleAndStatus(query, contentTypeUID);
     await validateUIDField(contentTypeUID, field);
-    const uidService = getService$1("uid");
+    const uidService = getService$2("uid");
     ctx.body = {
       data: await uidService.generateUIDField({ contentTypeUID, field, data, locale })
     };
@@ -2837,7 +3096,7 @@ const uid$1 = {
     const { query = {} } = ctx.request;
     const { locale } = await getDocumentLocaleAndStatus(query, contentTypeUID);
     await validateUIDField(contentTypeUID, field);
-    const uidService = getService$1("uid");
+    const uidService = getService$2("uid");
     const isAvailable = await uidService.checkUIDAvailability({
       contentTypeUID,
       field,
@@ -2858,7 +3117,8 @@ const controllers = {
   relations,
   "single-types": singleTypes,
   uid: uid$1,
-  ...history.controllers ? history.controllers : {}
+  ...history.controllers ? history.controllers : {},
+  ...preview.controllers ? preview.controllers : {}
 };
 const keys = {
   CONFIGURATION: "configuration"
@@ -2987,18 +3247,15 @@ async function syncMetadatas(configuration, schema) {
       _.set(updatedMeta, ["list", "searchable"], false);
       _.set(acc, [key], updatedMeta);
     }
-    if (!_.has(edit, "mainField"))
-      return acc;
+    if (!_.has(edit, "mainField")) return acc;
     if (!isRelation$1(attr)) {
       _.set(updatedMeta, "edit", _.omit(edit, ["mainField"]));
       _.set(acc, [key], updatedMeta);
       return acc;
     }
-    if (edit.mainField === "id")
-      return acc;
+    if (edit.mainField === "id") return acc;
     const targetSchema = getTargetSchema(attr.targetModel);
-    if (!targetSchema)
-      return acc;
+    if (!targetSchema) return acc;
     if (!isSortable(targetSchema, edit.mainField) && !isListable(targetSchema, edit.mainField)) {
       _.set(updatedMeta, ["edit", "mainField"], getDefaultMainField(targetSchema));
       _.set(acc, [key], updatedMeta);
@@ -3009,12 +3266,12 @@ async function syncMetadatas(configuration, schema) {
   return _.assign(metasWithDefaults, updatedMetas);
 }
 const getTargetSchema = (targetModel) => {
-  return getService$1("content-types").findContentType(targetModel);
+  return getService$2("content-types").findContentType(targetModel);
 };
 const DEFAULT_LIST_LENGTH = 4;
 const MAX_ROW_SIZE = 12;
 const isAllowedFieldSize = (type, size) => {
-  const { getFieldSize } = getService$1("field-sizes");
+  const { getFieldSize } = getService$2("field-sizes");
   const fieldSize = getFieldSize(type);
   if (!fieldSize.isResizable && size !== fieldSize.default) {
     return false;
@@ -3022,7 +3279,7 @@ const isAllowedFieldSize = (type, size) => {
   return size <= MAX_ROW_SIZE;
 };
 const getDefaultFieldSize = (attribute) => {
-  const { hasFieldSize, getFieldSize } = getService$1("field-sizes");
+  const { hasFieldSize, getFieldSize } = getService$2("field-sizes");
   return getFieldSize(hasFieldSize(attribute.customField) ? attribute.customField : attribute.type).default;
 };
 async function createDefaultLayouts(schema) {
@@ -3043,8 +3300,7 @@ function createDefaultEditLayout(schema) {
   return appendToEditLayout([], keys2, schema);
 }
 function syncLayouts(configuration, schema) {
-  if (_.isEmpty(configuration.layouts))
-    return createDefaultLayouts(schema);
+  if (_.isEmpty(configuration.layouts)) return createDefaultLayouts(schema);
   const { list = [], editRelations = [], edit = [] } = configuration.layouts || {};
   let cleanList = list.filter((attr) => isListable(schema, attr));
   const cleanEditRelations = editRelations.filter(
@@ -3055,9 +3311,8 @@ function syncLayouts(configuration, schema) {
   for (const row of edit) {
     const newRow = [];
     for (const el of row) {
-      if (!hasEditableAttribute(schema, el.name))
-        continue;
-      const { hasFieldSize } = getService$1("field-sizes");
+      if (!hasEditableAttribute(schema, el.name)) continue;
+      const { hasFieldSize } = getService$2("field-sizes");
       const fieldType = hasFieldSize(schema.attributes[el.name].customField) ? schema.attributes[el.name].customField : schema.attributes[el.name].type;
       if (!isAllowedFieldSize(fieldType, el.size)) {
         elementsToReAppend.push(el.name);
@@ -3087,8 +3342,7 @@ function syncLayouts(configuration, schema) {
   };
 }
 const appendToEditLayout = (layout = [], keysToAppend, schema) => {
-  if (keysToAppend.length === 0)
-    return layout;
+  if (keysToAppend.length === 0) return layout;
   let currentRowIndex = Math.max(layout.length - 1, 0);
   if (!layout[currentRowIndex]) {
     layout[currentRowIndex] = [];
@@ -3197,17 +3451,17 @@ const configurationService$1 = createConfigurationService({
   isComponent: true,
   prefix: STORE_KEY_PREFIX,
   getModels() {
-    const { toContentManagerModel } = getService$1("data-mapper");
+    const { toContentManagerModel } = getService$2("data-mapper");
     return mapValues(toContentManagerModel, strapi.components);
   }
 });
 const components = ({ strapi: strapi2 }) => ({
   findAllComponents() {
-    const { toContentManagerModel } = getService$1("data-mapper");
+    const { toContentManagerModel } = getService$2("data-mapper");
     return Object.values(strapi2.components).map(toContentManagerModel);
   },
   findComponent(uid2) {
-    const { toContentManagerModel } = getService$1("data-mapper");
+    const { toContentManagerModel } = getService$2("data-mapper");
     const component = strapi2.components[uid2];
     return isNil$1(component) ? component : toContentManagerModel(component);
   },
@@ -3258,17 +3512,17 @@ const configurationService = createConfigurationService({
   storeUtils,
   prefix: "content_types",
   getModels() {
-    const { toContentManagerModel } = getService$1("data-mapper");
+    const { toContentManagerModel } = getService$2("data-mapper");
     return mapValues(toContentManagerModel, strapi.contentTypes);
   }
 });
 const service = ({ strapi: strapi2 }) => ({
   findAllContentTypes() {
-    const { toContentManagerModel } = getService$1("data-mapper");
+    const { toContentManagerModel } = getService$2("data-mapper");
     return Object.values(strapi2.contentTypes).map(toContentManagerModel);
   },
   findContentType(uid2) {
-    const { toContentManagerModel } = getService$1("data-mapper");
+    const { toContentManagerModel } = getService$2("data-mapper");
     const contentType = strapi2.contentTypes[uid2];
     return isNil$1(contentType) ? contentType : toContentManagerModel(contentType);
   },
@@ -3297,7 +3551,7 @@ const service = ({ strapi: strapi2 }) => ({
     return this.findConfiguration(contentType);
   },
   findComponentsConfigurations(contentType) {
-    return getService$1("components").findComponentsConfigurations(contentType);
+    return getService$2("components").findComponentsConfigurations(contentType);
   },
   syncConfigurations() {
     return configurationService.syncConfigurations();
@@ -3478,12 +3732,27 @@ const createPermissionChecker = (strapi2) => ({ userAbility, model }) => {
     ability: userAbility,
     model
   });
-  const toSubject = (entity) => entity ? permissionsManager.toSubject(entity, model) : model;
+  const { actionProvider } = strapi2.service("admin::permission");
+  const toSubject = (entity) => {
+    return entity ? permissionsManager.toSubject(entity, model) : model;
+  };
   const can = (action, entity, field) => {
-    return userAbility.can(action, toSubject(entity), field);
+    const subject = toSubject(entity);
+    const aliases = actionProvider.unstable_aliases(action, model);
+    return (
+      // Test the original action to see if it passes
+      userAbility.can(action, subject, field) || // Else try every known alias if at least one of them succeed, then the user "can"
+      aliases.some((alias) => userAbility.can(alias, subject, field))
+    );
   };
   const cannot = (action, entity, field) => {
-    return userAbility.cannot(action, toSubject(entity), field);
+    const subject = toSubject(entity);
+    const aliases = actionProvider.unstable_aliases(action, model);
+    return (
+      // Test both the original action
+      userAbility.cannot(action, subject, field) && // and every known alias, if all of them fail (cannot), then the user truly "cannot"
+      aliases.every((alias) => userAbility.cannot(alias, subject, field))
+    );
   };
   const sanitizeOutput = (data, { action = ACTIONS.read } = {}) => {
     return permissionsManager.sanitizeOutput(data, { subject: toSubject(data), action });
@@ -3554,7 +3823,7 @@ const permission = ({ strapi: strapi2 }) => ({
     return userAbility.can(action);
   },
   async registerPermissions() {
-    const displayedContentTypes = getService$1("content-types").findDisplayedContentTypes();
+    const displayedContentTypes = getService$2("content-types").findDisplayedContentTypes();
     const contentTypesUids = displayedContentTypes.map(prop("uid"));
     const actions = [
       {
@@ -3830,7 +4099,7 @@ const getQueryPopulate = async (uid2, query) => {
   return populateQuery;
 };
 const buildDeepPopulate = (uid2) => {
-  return getService$1("populate-builder")(uid2).populateDeep(Infinity).countRelations().build();
+  return getService$2("populate-builder")(uid2).populateDeep(Infinity).countRelations().build();
 };
 const populateBuilder = (uid2) => {
   let getInitialPopulate = async () => {
@@ -4015,7 +4284,9 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
    */
   async getAvailableLocales(uid2, version, allVersions, validatableFields = []) {
     const versionsByLocale = groupBy("locale", allVersions);
-    delete versionsByLocale[version.locale];
+    if (version.locale) {
+      delete versionsByLocale[version.locale];
+    }
     const model = strapi2.getModel(uid2);
     const keysToKeep = [...AVAILABLE_LOCALES_FIELDS, ...validatableFields];
     const traversalFunction = async (localeVersion) => traverseEntity(
@@ -4062,8 +4333,7 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
       const matchStatus = status === "published" ? v.publishedAt !== null : v.publishedAt === null;
       return matchLocale && matchStatus;
     });
-    if (!availableStatus)
-      return availableStatus;
+    if (!availableStatus) return availableStatus;
     return pick(AVAILABLE_STATUS_FIELDS, availableStatus);
   },
   /**
@@ -4073,8 +4343,7 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
    * @returns
    */
   async getManyAvailableStatus(uid2, documents) {
-    if (!documents.length)
-      return [];
+    if (!documents.length) return [];
     const status = documents[0].publishedAt !== null ? "published" : "draft";
     const locale = documents[0]?.locale;
     const otherStatus = status === "published" ? "draft" : "published";
@@ -4101,10 +4370,8 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
     } else if (otherVersion) {
       draftVersion = otherVersion;
     }
-    if (!draftVersion)
-      return CONTENT_MANAGER_STATUS.PUBLISHED;
-    if (!publishedVersion)
-      return CONTENT_MANAGER_STATUS.DRAFT;
+    if (!draftVersion) return CONTENT_MANAGER_STATUS.PUBLISHED;
+    if (!publishedVersion) return CONTENT_MANAGER_STATUS.DRAFT;
     const isDraftModified = getIsVersionLatestModification(draftVersion, publishedVersion);
     return isDraftModified ? CONTENT_MANAGER_STATUS.MODIFIED : CONTENT_MANAGER_STATUS.PUBLISHED;
   },
@@ -4371,7 +4638,8 @@ const services = {
   permission,
   "populate-builder": populateBuilder$1,
   uid,
-  ...history.services ? history.services : {}
+  ...history.services ? history.services : {},
+  ...preview.services ? preview.services : {}
 };
 const index = () => {
   return {