@strapi/content-manager 0.0.0-experimental.d954d57341a6623992a0d211daaec8e245c3517d → 0.0.0-experimental.dad3c50630ca4fd9eccdcbe549ee632fc572e23d

package/dist/server/index.mjs

@@ -1,5 +1,5 @@
-import strapiUtils, { validateYupSchema, errors, async, contentTypes as contentTypes$1, yup as yup$1, validateYupSchemaSync, policy, traverse, setCreatorFields, isOperatorOfType, relations as relations$1, traverseEntity, pagination } from "@strapi/utils";
-import { pick, omit, difference, intersection, pipe, propOr, isEqual, isEmpty, set, has, prop, assoc, mapValues, flow, uniq, uniqBy, concat, isNil as isNil$1, getOr, propEq, merge, groupBy, castArray } from "lodash/fp";
+import strapiUtils, { validateYupSchema, errors, async, contentTypes as contentTypes$1, traverseEntity, yup as yup$1, validateYupSchemaSync, policy, traverse, setCreatorFields, isOperatorOfType, relations as relations$1, pagination } from "@strapi/utils";
+import { pick, omit, difference, castArray, mergeWith, intersection, pipe, propOr, isEqual, isEmpty, set, isNil as isNil$1, has, prop, assoc, mapValues, flow, uniq, uniqBy, concat, getOr, propEq, merge, groupBy } from "lodash/fp";
 import "@strapi/types";
 import * as yup from "yup";
 import { scheduleJob } from "node-schedule";
@@ -7,10 +7,10 @@ import isNil from "lodash/isNil";
 import _, { intersection as intersection$1, difference as difference$1 } from "lodash";
 import qs from "qs";
 import slugify from "@sindresorhus/slugify";
-const getService$1 = (name) => {
+const getService$2 = (name) => {
   return strapi.plugin("content-manager").service(name);
 };
-function getService(strapi2, name) {
+function getService$1(strapi2, name) {
   return strapi2.service(`plugin::content-manager.${name}`);
 }
 const historyRestoreVersionSchema = yup.object().shape({
@@ -46,7 +46,7 @@ const createHistoryVersionController = ({ strapi: strapi2 }) => {
       if (!isSingleType && (!contentTypeUid || !ctx.query.documentId)) {
         throw new errors.ForbiddenError("contentType and documentId are required");
       }
-      const permissionChecker2 = getService$1("permission-checker").create({
+      const permissionChecker2 = getService$2("permission-checker").create({
         userAbility: ctx.state.userAbility,
         model: ctx.query.contentType
       });
@@ -54,7 +54,7 @@ const createHistoryVersionController = ({ strapi: strapi2 }) => {
         return ctx.forbidden();
       }
       const query = await permissionChecker2.sanitizeQuery(ctx.query);
-      const { results, pagination: pagination2 } = await getService(strapi2, "history").findVersionsPage({
+      const { results, pagination: pagination2 } = await getService$1(strapi2, "history").findVersionsPage({
         query: {
           ...query,
           ...getValidPagination({ page: query.page, pageSize: query.pageSize })
@@ -79,14 +79,14 @@ const createHistoryVersionController = ({ strapi: strapi2 }) => {
     async restoreVersion(ctx) {
       const request = ctx.request;
       await validateRestoreVersion(request.body, "contentType is required");
-      const permissionChecker2 = getService$1("permission-checker").create({
+      const permissionChecker2 = getService$2("permission-checker").create({
         userAbility: ctx.state.userAbility,
         model: request.body.contentType
       });
       if (permissionChecker2.cannot.update()) {
         throw new errors.ForbiddenError();
       }
-      const restoredDocument = await getService(strapi2, "history").restoreVersion(
+      const restoredDocument = await getService$1(strapi2, "history").restoreVersion(
         request.params.versionId
       );
       return {
@@ -95,7 +95,7 @@ const createHistoryVersionController = ({ strapi: strapi2 }) => {
     }
   };
 };
-const controllers$1 = {
+const controllers$2 = {
   "history-version": createHistoryVersionController
   /**
    * Casting is needed because the types aren't aware that Strapi supports
@@ -141,8 +141,7 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
   };
   const getRelationRestoreValue = async (versionRelationData, attribute) => {
     if (Array.isArray(versionRelationData)) {
-      if (versionRelationData.length === 0)
-        return versionRelationData;
+      if (versionRelationData.length === 0) return versionRelationData;
       const existingAndMissingRelations = await Promise.all(
         versionRelationData.map((relation) => {
           return strapi2.documents(attribute.target).findOne({
@@ -151,19 +150,16 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
           });
         })
       );
-      return existingAndMissingRelations.filter(
-        (relation) => relation !== null
-      );
+      return existingAndMissingRelations.filter((relation) => relation !== null);
     }
     return strapi2.documents(attribute.target).findOne({
       documentId: versionRelationData.documentId,
       locale: versionRelationData.locale || void 0
     });
   };
-  const getMediaRestoreValue = async (versionRelationData, attribute) => {
-    if (attribute.multiple) {
+  const getMediaRestoreValue = async (versionRelationData) => {
+    if (Array.isArray(versionRelationData)) {
       const existingAndMissingMedias = await Promise.all(
-        // @ts-expect-error Fix the type definitions so this isn't any
         versionRelationData.map((media) => {
           return strapi2.db.query("plugin::upload.file").findOne({ where: { id: media.id } });
         })
@@ -173,10 +169,11 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
     return strapi2.db.query("plugin::upload.file").findOne({ where: { id: versionRelationData.id } });
   };
   const localesService = strapi2.plugin("i18n")?.service("locales");
+  const i18nContentTypeService = strapi2.plugin("i18n")?.service("content-types");
   const getDefaultLocale = async () => localesService ? localesService.getDefaultLocale() : null;
+  const isLocalizedContentType = (model) => i18nContentTypeService ? i18nContentTypeService.isLocalizedContentType(model) : false;
   const getLocaleDictionary = async () => {
-    if (!localesService)
-      return {};
+    if (!localesService) return {};
     const locales = await localesService.find() || [];
     return locales.reduce(
       (acc, locale) => {
@@ -200,31 +197,53 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
     const meta = await documentMetadataService.getMetadata(contentTypeUid, document);
     return documentMetadataService.getStatus(document, meta.availableStatus);
   };
-  const getDeepPopulate2 = (uid2) => {
+  const getComponentFields = (componentUID) => {
+    return Object.entries(strapi2.getModel(componentUID).attributes).reduce(
+      (fieldsAcc, [key, attribute]) => {
+        if (!["relation", "media", "component", "dynamiczone"].includes(attribute.type)) {
+          fieldsAcc.push(key);
+        }
+        return fieldsAcc;
+      },
+      []
+    );
+  };
+  const getDeepPopulate2 = (uid2, useDatabaseSyntax = false) => {
     const model = strapi2.getModel(uid2);
     const attributes = Object.entries(model.attributes);
+    const fieldSelector = useDatabaseSyntax ? "select" : "fields";
     return attributes.reduce((acc, [attributeName, attribute]) => {
       switch (attribute.type) {
         case "relation": {
+          const isMorphRelation = attribute.relation.toLowerCase().startsWith("morph");
+          if (isMorphRelation) {
+            break;
+          }
           const isVisible2 = contentTypes$1.isVisibleAttribute(model, attributeName);
           if (isVisible2) {
-            acc[attributeName] = { fields: ["documentId", "locale", "publishedAt"] };
+            acc[attributeName] = { [fieldSelector]: ["documentId", "locale", "publishedAt"] };
           }
           break;
         }
         case "media": {
-          acc[attributeName] = { fields: ["id"] };
+          acc[attributeName] = { [fieldSelector]: ["id"] };
           break;
         }
         case "component": {
           const populate = getDeepPopulate2(attribute.component);
-          acc[attributeName] = { populate };
+          acc[attributeName] = {
+            populate,
+            [fieldSelector]: getComponentFields(attribute.component)
+          };
           break;
         }
         case "dynamiczone": {
           const populatedComponents = (attribute.components || []).reduce(
             (acc2, componentUID) => {
-              acc2[componentUID] = { populate: getDeepPopulate2(componentUID) };
+              acc2[componentUID] = {
+                populate: getDeepPopulate2(componentUID),
+                [fieldSelector]: getComponentFields(componentUID)
+              };
               return acc2;
             },
             {}
@@ -286,6 +305,7 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
     getRelationRestoreValue,
     getMediaRestoreValue,
     getDefaultLocale,
+    isLocalizedContentType,
     getLocaleDictionary,
     getRetentionDays,
     getVersionStatus,
@@ -308,7 +328,13 @@ const createHistoryService = ({ strapi: strapi2 }) => {
       });
     },
     async findVersionsPage(params) {
-      const locale = params.query.locale || await serviceUtils.getDefaultLocale();
+      const schema = strapi2.getModel(params.query.contentType);
+      const isLocalizedContentType = serviceUtils.isLocalizedContentType(schema);
+      const defaultLocale = await serviceUtils.getDefaultLocale();
+      let locale = null;
+      if (isLocalizedContentType) {
+        locale = params.query.locale || defaultLocale;
+      }
       const [{ results, pagination: pagination2 }, localeDictionary] = await Promise.all([
         query.findPage({
           ...params.query,
@@ -324,78 +350,76 @@ const createHistoryService = ({ strapi: strapi2 }) => {
         }),
         serviceUtils.getLocaleDictionary()
       ]);
-      const populateEntryRelations = async (entry) => {
-        const entryWithRelations = await Object.entries(entry.schema).reduce(
-          async (currentDataWithRelations, [attributeKey, attributeSchema]) => {
-            const attributeValue = entry.data[attributeKey];
-            const attributeValues = Array.isArray(attributeValue) ? attributeValue : [attributeValue];
-            if (attributeSchema.type === "media") {
-              const permissionChecker2 = getService$1("permission-checker").create({
-                userAbility: params.state.userAbility,
-                model: "plugin::upload.file"
-              });
-              const response = await serviceUtils.buildMediaResponse(attributeValues);
-              const sanitizedResults = await Promise.all(
-                response.results.map((media) => permissionChecker2.sanitizeOutput(media))
-              );
-              return {
-                ...await currentDataWithRelations,
-                [attributeKey]: {
-                  results: sanitizedResults,
-                  meta: response.meta
-                }
-              };
+      const populateEntry = async (entry) => {
+        return traverseEntity(
+          async (options, utils) => {
+            if (!options.attribute) return;
+            if (!options.value) return;
+            const currentValue = Array.isArray(options.value) ? options.value : [options.value];
+            if (options.attribute.type === "component") {
+              utils.remove("id");
             }
-            if (attributeSchema.type === "relation" && attributeSchema.relation !== "morphToOne" && attributeSchema.relation !== "morphToMany") {
-              if (attributeSchema.target === "admin::user") {
+            if (options.attribute.type === "relation" && // TODO: handle polymorphic relations
+            options.attribute.relation !== "morphToOne" && options.attribute.relation !== "morphToMany") {
+              if (options.attribute.target === "admin::user") {
                 const adminUsers = await Promise.all(
-                  attributeValues.map((userToPopulate) => {
+                  currentValue.map((userToPopulate) => {
                     if (userToPopulate == null) {
                       return null;
                     }
-                    return strapi2.query("admin::user").findOne({ where: { id: userToPopulate.id } });
+                    return strapi2.query("admin::user").findOne({
+                      where: {
+                        ...userToPopulate.id ? { id: userToPopulate.id } : {},
+                        ...userToPopulate.documentId ? { documentId: userToPopulate.documentId } : {}
+                      }
+                    });
                   })
                 );
-                return {
-                  ...await currentDataWithRelations,
-                  /**
-                   * Ideally we would return the same "{results: [], meta: {}}" shape, however,
-                   * when sanitizing the data as a whole in the controller before sending to the client,
-                   * the data for admin relation user is completely sanitized if we return an object here as opposed to an array.
-                   */
-                  [attributeKey]: adminUsers
-                };
+                utils.set(options.key, adminUsers);
               }
-              const permissionChecker2 = getService$1("permission-checker").create({
+              const permissionChecker2 = getService$2("permission-checker").create({
                 userAbility: params.state.userAbility,
-                model: attributeSchema.target
+                model: options.attribute.target
               });
               const response = await serviceUtils.buildRelationReponse(
-                attributeValues,
-                attributeSchema
+                currentValue,
+                options.attribute
               );
               const sanitizedResults = await Promise.all(
                 response.results.map((media) => permissionChecker2.sanitizeOutput(media))
               );
-              return {
-                ...await currentDataWithRelations,
-                [attributeKey]: {
-                  results: sanitizedResults,
-                  meta: response.meta
-                }
-              };
+              utils.set(options.key, {
+                results: sanitizedResults,
+                meta: response.meta
+              });
             }
-            return currentDataWithRelations;
+            if (options.attribute.type === "media") {
+              const permissionChecker2 = getService$2("permission-checker").create({
+                userAbility: params.state.userAbility,
+                model: "plugin::upload.file"
+              });
+              const response = await serviceUtils.buildMediaResponse(currentValue);
+              const sanitizedResults = await Promise.all(
+                response.results.map((media) => permissionChecker2.sanitizeOutput(media))
+              );
+              utils.set(options.key, {
+                results: sanitizedResults,
+                meta: response.meta
+              });
+            }
+          },
+          {
+            schema,
+            getModel: strapi2.getModel.bind(strapi2)
           },
-          Promise.resolve(entry.data)
+          entry.data
         );
-        return entryWithRelations;
       };
       const formattedResults = await Promise.all(
         results.map(async (result) => {
           return {
             ...result,
-            data: await populateEntryRelations(result),
+            data: await populateEntry(result),
             meta: {
               unknownAttributes: serviceUtils.getSchemaAttributesDiff(
                 result.schema,
@@ -426,30 +450,44 @@ const createHistoryService = ({ strapi: strapi2 }) => {
         // Clone to avoid mutating the original version data
         structuredClone(version.data)
       );
-      const sanitizedSchemaAttributes = omit(
-        FIELDS_TO_IGNORE,
-        contentTypeSchemaAttributes
-      );
-      const reducer = async.reduce(Object.entries(sanitizedSchemaAttributes));
-      const dataWithoutMissingRelations = await reducer(
-        async (previousRelationAttributes, [name, attribute]) => {
-          const versionRelationData = version.data[name];
-          if (!versionRelationData) {
-            return previousRelationAttributes;
+      const schema = structuredClone(version.schema);
+      schema.attributes = omit(FIELDS_TO_IGNORE, contentTypeSchemaAttributes);
+      const dataWithoutMissingRelations = await traverseEntity(
+        async (options, utils) => {
+          if (!options.attribute) return;
+          if (options.attribute.type === "component") {
+            utils.remove("id");
+            if (options.attribute.repeatable && options.value === null) {
+              utils.set(options.key, []);
+            }
           }
-          if (attribute.type === "relation" && // TODO: handle polymorphic relations
-          attribute.relation !== "morphToOne" && attribute.relation !== "morphToMany") {
-            const data2 = await serviceUtils.getRelationRestoreValue(versionRelationData, attribute);
-            previousRelationAttributes[name] = data2;
+          if (options.attribute.type === "dynamiczone") {
+            if (options.value === null) {
+              utils.set(options.key, []);
+            }
           }
-          if (attribute.type === "media") {
-            const data2 = await serviceUtils.getMediaRestoreValue(versionRelationData, attribute);
-            previousRelationAttributes[name] = data2;
+          if (options.attribute.type === "relation" && // TODO: handle polymorphic relations
+          options.attribute.relation !== "morphToOne" && options.attribute.relation !== "morphToMany") {
+            if (!options.value) return;
+            const data2 = await serviceUtils.getRelationRestoreValue(
+              options.value,
+              options.attribute
+            );
+            utils.set(options.key, data2);
+          }
+          if (options.attribute.type === "media") {
+            if (!options.value) return;
+            const data2 = await serviceUtils.getMediaRestoreValue(
+              options.value
+            );
+            utils.set(options.key, data2);
           }
-          return previousRelationAttributes;
         },
-        // Clone to avoid mutating the original version data
-        structuredClone(dataWithoutAddedAttributes)
+        {
+          schema,
+          getModel: strapi2.getModel.bind(strapi2)
+        },
+        dataWithoutAddedAttributes
       );
       const data = omit(["id", ...Object.keys(schemaDiff.removed)], dataWithoutMissingRelations);
       const restoredDocument = await strapi2.documents(version.contentType).update({
@@ -464,13 +502,47 @@ const createHistoryService = ({ strapi: strapi2 }) => {
     }
   };
 };
+const shouldCreateHistoryVersion = (context) => {
+  if (!strapi.requestContext.get()?.request.url.startsWith("/content-manager")) {
+    return false;
+  }
+  if (context.action !== "create" && context.action !== "update" && context.action !== "clone" && context.action !== "publish" && context.action !== "unpublish" && context.action !== "discardDraft") {
+    return false;
+  }
+  if (context.action === "update" && strapi.requestContext.get()?.request.url.endsWith("/actions/publish")) {
+    return false;
+  }
+  if (!context.contentType.uid.startsWith("api::")) {
+    return false;
+  }
+  return true;
+};
+const getSchemas = (uid2) => {
+  const attributesSchema = strapi.getModel(uid2).attributes;
+  const componentsSchemas = Object.keys(attributesSchema).reduce(
+    (currentComponentSchemas, key) => {
+      const fieldSchema = attributesSchema[key];
+      if (fieldSchema.type === "component") {
+        const componentSchema = strapi.getModel(fieldSchema.component).attributes;
+        return {
+          ...currentComponentSchemas,
+          [fieldSchema.component]: componentSchema
+        };
+      }
+      return currentComponentSchemas;
+    },
+    {}
+  );
+  return {
+    schema: omit(FIELDS_TO_IGNORE, attributesSchema),
+    componentsSchemas
+  };
+};
 const createLifecyclesService = ({ strapi: strapi2 }) => {
   const state = {
     deleteExpiredJob: null,
     isInitialized: false
   };
-  const query = strapi2.db.query(HISTORY_VERSION_UID);
-  const historyService = getService(strapi2, "history");
   const serviceUtils = createServiceUtils({ strapi: strapi2 });
   return {
     async bootstrap() {
@@ -478,76 +550,62 @@ const createLifecyclesService = ({ strapi: strapi2 }) => {
         return;
       }
       strapi2.documents.use(async (context, next) => {
-        if (!strapi2.requestContext.get()?.request.url.startsWith("/content-manager")) {
-          return next();
-        }
-        if (context.action !== "create" && context.action !== "update" && context.action !== "clone" && context.action !== "publish" && context.action !== "unpublish" && context.action !== "discardDraft") {
-          return next();
-        }
-        if (context.action === "update" && strapi2.requestContext.get()?.request.url.endsWith("/actions/publish")) {
-          return next();
-        }
-        const contentTypeUid = context.contentType.uid;
-        if (!contentTypeUid.startsWith("api::")) {
-          return next();
-        }
         const result = await next();
-        const documentContext = {
-          documentId: context.action === "create" || context.action === "clone" ? result.documentId : context.params.documentId,
-          locale: context.params?.locale
-        };
+        if (!shouldCreateHistoryVersion(context)) {
+          return result;
+        }
+        const documentId = context.action === "create" || context.action === "clone" ? result.documentId : context.params.documentId;
         const defaultLocale = await serviceUtils.getDefaultLocale();
-        const locale = documentContext.locale || defaultLocale;
-        if (Array.isArray(locale)) {
-          strapi2.log.warn(
-            "[Content manager history middleware]: An array of locales was provided, but only a single locale is supported for the findOne operation."
-          );
-          return next();
+        const locales = castArray(context.params?.locale || defaultLocale);
+        if (!locales.length) {
+          return result;
         }
-        const document = await strapi2.documents(contentTypeUid).findOne({
-          documentId: documentContext.documentId,
-          locale,
-          populate: serviceUtils.getDeepPopulate(contentTypeUid)
+        const uid2 = context.contentType.uid;
+        const schemas = getSchemas(uid2);
+        const model = strapi2.getModel(uid2);
+        const isLocalizedContentType = serviceUtils.isLocalizedContentType(model);
+        const localeEntries = await strapi2.db.query(uid2).findMany({
+          where: {
+            documentId,
+            ...isLocalizedContentType ? { locale: { $in: locales } } : {},
+            ...contentTypes$1.hasDraftAndPublish(strapi2.contentTypes[uid2]) ? { publishedAt: null } : {}
+          },
+          populate: serviceUtils.getDeepPopulate(
+            uid2,
+            true
+            /* use database syntax */
+          )
         });
-        const status = await serviceUtils.getVersionStatus(contentTypeUid, document);
-        const attributesSchema = strapi2.getModel(contentTypeUid).attributes;
-        const componentsSchemas = Object.keys(
-          attributesSchema
-        ).reduce((currentComponentSchemas, key) => {
-          const fieldSchema = attributesSchema[key];
-          if (fieldSchema.type === "component") {
-            const componentSchema = strapi2.getModel(fieldSchema.component).attributes;
-            return {
-              ...currentComponentSchemas,
-              [fieldSchema.component]: componentSchema
-            };
-          }
-          return currentComponentSchemas;
-        }, {});
         await strapi2.db.transaction(async ({ onCommit }) => {
-          onCommit(() => {
-            historyService.createVersion({
-              contentType: contentTypeUid,
-              data: omit(FIELDS_TO_IGNORE, document),
-              schema: omit(FIELDS_TO_IGNORE, attributesSchema),
-              componentsSchemas,
-              relatedDocumentId: documentContext.documentId,
-              locale,
-              status
-            });
+          onCommit(async () => {
+            for (const entry of localeEntries) {
+              const status = await serviceUtils.getVersionStatus(uid2, entry);
+              await getService$1(strapi2, "history").createVersion({
+                contentType: uid2,
+                data: omit(FIELDS_TO_IGNORE, entry),
+                relatedDocumentId: documentId,
+                locale: entry.locale,
+                status,
+                ...schemas
+              });
+            }
           });
         });
         return result;
       });
-      state.deleteExpiredJob = scheduleJob("0 0 * * *", () => {
+      state.deleteExpiredJob = scheduleJob("historyDaily", "0 0 * * *", () => {
         const retentionDaysInMilliseconds = serviceUtils.getRetentionDays() * 24 * 60 * 60 * 1e3;
         const expirationDate = new Date(Date.now() - retentionDaysInMilliseconds);
-        query.deleteMany({
+        strapi2.db.query(HISTORY_VERSION_UID).deleteMany({
           where: {
             created_at: {
-              $lt: expirationDate.toISOString()
+              $lt: expirationDate
             }
           }
+        }).catch((error) => {
+          if (error instanceof Error) {
+            strapi2.log.error("Error deleting expired history versions", error.message);
+          }
         });
       });
       state.isInitialized = true;
@@ -559,17 +617,17 @@ const createLifecyclesService = ({ strapi: strapi2 }) => {
     }
   };
 };
-const services$1 = {
+const services$2 = {
   history: createHistoryService,
   lifecycles: createLifecyclesService
 };
-const info = { pluginName: "content-manager", type: "admin" };
+const info$1 = { pluginName: "content-manager", type: "admin" };
 const historyVersionRouter = {
   type: "admin",
   routes: [
     {
       method: "GET",
-      info,
+      info: info$1,
       path: "/history-versions",
       handler: "history-version.findMany",
       config: {
@@ -578,7 +636,7 @@ const historyVersionRouter = {
     },
     {
       method: "PUT",
-      info,
+      info: info$1,
       path: "/history-versions/:versionId/restore",
       handler: "history-version.restoreVersion",
       config: {
@@ -587,7 +645,7 @@ const historyVersionRouter = {
     }
   ]
 };
-const routes$1 = {
+const routes$2 = {
   "history-version": historyVersionRouter
 };
 const historyVersion = {
@@ -634,21 +692,21 @@ const historyVersion = {
     }
   }
 };
-const getFeature = () => {
+const getFeature$1 = () => {
   if (strapi.ee.features.isEnabled("cms-content-history")) {
     return {
       register({ strapi: strapi2 }) {
         strapi2.get("models").add(historyVersion);
       },
       bootstrap({ strapi: strapi2 }) {
-        getService(strapi2, "lifecycles").bootstrap();
+        getService$1(strapi2, "lifecycles").bootstrap();
       },
       destroy({ strapi: strapi2 }) {
-        getService(strapi2, "lifecycles").destroy();
+        getService$1(strapi2, "lifecycles").destroy();
       },
-      controllers: controllers$1,
-      services: services$1,
-      routes: routes$1
+      controllers: controllers$2,
+      services: services$2,
+      routes: routes$2
     };
   }
   return {
@@ -657,9 +715,201 @@ const getFeature = () => {
     }
   };
 };
-const history = getFeature();
+const history = getFeature$1();
+const info = { pluginName: "content-manager", type: "admin" };
+const previewRouter = {
+  type: "admin",
+  routes: [
+    {
+      method: "GET",
+      info,
+      path: "/preview/url/:contentType",
+      handler: "preview.getPreviewUrl",
+      config: {
+        policies: ["admin::isAuthenticatedAdmin"]
+      }
+    }
+  ]
+};
+const routes$1 = {
+  preview: previewRouter
+};
+function getService(strapi2, name) {
+  return strapi2.service(`plugin::content-manager.${name}`);
+}
+const getPreviewUrlSchema = yup.object().shape({
+  // Will be undefined for single types
+  documentId: yup.string(),
+  locale: yup.string().nullable(),
+  status: yup.string()
+}).required();
+const validatePreviewUrl = async (strapi2, uid2, params) => {
+  await validateYupSchema(getPreviewUrlSchema)(params);
+  const newParams = pick(["documentId", "locale", "status"], params);
+  const model = strapi2.getModel(uid2);
+  if (!model || model.modelType !== "contentType") {
+    throw new errors.ValidationError("Invalid content type");
+  }
+  const isSingleType = model?.kind === "singleType";
+  if (!isSingleType && !params.documentId) {
+    throw new errors.ValidationError("documentId is required for Collection Types");
+  }
+  if (isSingleType) {
+    const doc = await strapi2.documents(uid2).findFirst();
+    if (!doc) {
+      throw new errors.NotFoundError("Document not found");
+    }
+    newParams.documentId = doc?.documentId;
+  }
+  if (!newParams.status) {
+    const isDPEnabled = model?.options?.draftAndPublish;
+    newParams.status = isDPEnabled ? "draft" : "published";
+  }
+  return newParams;
+};
+const createPreviewController = () => {
+  return {
+    /**
+     * Transforms an entry into a preview URL, so that it can be previewed
+     * in the Content Manager.
+     */
+    async getPreviewUrl(ctx) {
+      const uid2 = ctx.params.contentType;
+      const query = ctx.request.query;
+      const params = await validatePreviewUrl(strapi, uid2, query);
+      const previewService = getService(strapi, "preview");
+      const url = await previewService.getPreviewUrl(uid2, params);
+      if (!url) {
+        ctx.status = 204;
+      }
+      return {
+        data: { url }
+      };
+    }
+  };
+};
+const controllers$1 = {
+  preview: createPreviewController
+  /**
+   * Casting is needed because the types aren't aware that Strapi supports
+   * passing a controller factory as the value, instead of a controller object directly
+   */
+};
+const createPreviewService = ({ strapi: strapi2 }) => {
+  const config = getService(strapi2, "preview-config");
+  return {
+    async getPreviewUrl(uid2, params) {
+      const handler = config.getPreviewHandler();
+      try {
+        return handler(uid2, params);
+      } catch (error) {
+        strapi2.log.error(`Failed to get preview URL: ${error}`);
+        throw new errors.ApplicationError("Failed to get preview URL");
+      }
+      return;
+    }
+  };
+};
+const extendMiddlewareConfiguration = (middleware = { name: "", config: {} }) => {
+  const middlewares = strapi.config.get("middlewares");
+  const configuredMiddlewares = middlewares.map((currentMiddleware) => {
+    if (currentMiddleware === middleware.name) {
+      return middleware;
+    }
+    if (currentMiddleware.name === middleware.name) {
+      return mergeWith(
+        (objValue, srcValue) => {
+          if (Array.isArray(objValue)) {
+            return objValue.concat(srcValue);
+          }
+          return void 0;
+        },
+        currentMiddleware,
+        middleware
+      );
+    }
+    return currentMiddleware;
+  });
+  strapi.config.set("middlewares", configuredMiddlewares);
+};
+const createPreviewConfigService = ({ strapi: strapi2 }) => {
+  return {
+    register() {
+      if (!this.isEnabled()) {
+        return;
+      }
+      const config = strapi2.config.get("admin.preview");
+      if (config.config?.allowedOrigins) {
+        extendMiddlewareConfiguration({
+          name: "strapi::security",
+          config: {
+            contentSecurityPolicy: {
+              directives: {
+                "frame-src": config.config.allowedOrigins
+              }
+            }
+          }
+        });
+      }
+    },
+    isEnabled() {
+      const config = strapi2.config.get("admin.preview");
+      if (!config) {
+        return false;
+      }
+      return config?.enabled ?? true;
+    },
+    /**
+     * Validate if the configuration is valid
+     */
+    validate() {
+      if (!this.isEnabled()) {
+        return;
+      }
+      const handler = this.getPreviewHandler();
+      if (typeof handler !== "function") {
+        throw new errors.ValidationError(
+          "Preview configuration is invalid. Handler must be a function"
+        );
+      }
+    },
+    /**
+     * Utility to get the preview handler from the configuration
+     */
+    getPreviewHandler() {
+      const config = strapi2.config.get("admin.preview");
+      const emptyHandler = () => {
+        return void 0;
+      };
+      if (!this.isEnabled()) {
+        return emptyHandler;
+      }
+      return config?.config?.handler || emptyHandler;
+    }
+  };
+};
+const services$1 = {
+  preview: createPreviewService,
+  "preview-config": createPreviewConfigService
+};
+const getFeature = () => {
+  return {
+    register() {
+      const config = getService(strapi, "preview-config");
+      config.validate();
+      config.register();
+    },
+    bootstrap() {
+    },
+    routes: routes$1,
+    controllers: controllers$1,
+    services: services$1
+  };
+};
+const preview = getFeature();
 const register = async ({ strapi: strapi2 }) => {
   await history.register?.({ strapi: strapi2 });
+  await preview.register?.({ strapi: strapi2 });
 };
 const ALLOWED_WEBHOOK_EVENTS = {
   ENTRY_PUBLISH: "entry.publish",
@@ -669,11 +919,12 @@ const bootstrap = async () => {
   Object.entries(ALLOWED_WEBHOOK_EVENTS).forEach(([key, value]) => {
     strapi.get("webhookStore").addAllowedEvent(key, value);
   });
-  getService$1("field-sizes").setCustomFieldInputSizes();
-  await getService$1("components").syncConfigurations();
-  await getService$1("content-types").syncConfigurations();
-  await getService$1("permission").registerPermissions();
+  getService$2("field-sizes").setCustomFieldInputSizes();
+  await getService$2("components").syncConfigurations();
+  await getService$2("content-types").syncConfigurations();
+  await getService$2("permission").registerPermissions();
   await history.bootstrap?.({ strapi });
+  await preview.bootstrap?.({ strapi });
 };
 const destroy = async ({ strapi: strapi2 }) => {
   await history.destroy?.({ strapi: strapi2 });
@@ -1163,7 +1414,8 @@ const admin = {
 };
 const routes = {
   admin,
-  ...history.routes ? history.routes : {}
+  ...history.routes ? history.routes : {},
+  ...preview.routes ? preview.routes : {}
 };
 const hasPermissionsSchema = yup$1.object({
   actions: yup$1.array().of(yup$1.string()),
@@ -1174,6 +1426,11 @@ const { createPolicy } = policy;
 const hasPermissions = createPolicy({
   name: "plugin::content-manager.hasPermissions",
   validator: validateHasPermissionsInput,
+  /**
+   * NOTE: Action aliases are currently not checked at this level (policy).
+   *       This is currently the intended behavior to avoid changing the behavior of API related permissions.
+   *       If you want to add support for it, please create a dedicated RFC with a list of potential side effect this could have.
+   */
   handler(ctx, config = {}) {
     const { actions = [], hasAtLeastOne = false } = config;
     const { userAbility } = ctx.state;
@@ -1221,8 +1478,7 @@ const isSortable = (schema, name) => {
   if (!_.has(schema.attributes, name)) {
     return false;
   }
-  if (schema.modelType === "component" && name === "id")
-    return false;
+  if (schema.modelType === "component" && name === "id") return false;
   const attribute = schema.attributes[name];
   if (NON_SORTABLES.includes(attribute.type)) {
     return false;
@@ -1367,8 +1623,7 @@ const createDefaultSettings = async (schema) => {
   };
 };
 const syncSettings = async (configuration, schema) => {
-  if (isEmpty(configuration.settings))
-    return createDefaultSettings(schema);
+  if (isEmpty(configuration.settings)) return createDefaultSettings(schema);
   const defaultField = getDefaultMainField(schema);
   const { mainField = defaultField, defaultSortBy = defaultField } = configuration.settings || {};
   return {
@@ -1415,7 +1670,7 @@ const createMetadasSchema = (schema) => {
             if (!value) {
               return yup$1.string();
             }
-            const targetSchema = getService$1("content-types").findContentType(
+            const targetSchema = getService$2("content-types").findContentType(
               schema.attributes[key].targetModel
             );
             if (!targetSchema) {
@@ -1544,8 +1799,7 @@ const excludeNotCreatableFields = (uid2, permissionChecker2) => (body, path = []
     }
     switch (attribute.type) {
       case "relation": {
-        if (canCreate(attributePath))
-          return body2;
+        if (canCreate(attributePath)) return body2;
         return set(attributePath, { set: [] }, body2);
       }
       case "component": {
@@ -1555,8 +1809,7 @@ const excludeNotCreatableFields = (uid2, permissionChecker2) => (body, path = []
         ]);
       }
       default: {
-        if (canCreate(attributePath))
-          return body2;
+        if (canCreate(attributePath)) return body2;
         return set(attributePath, null, body2);
       }
     }
@@ -1567,9 +1820,11 @@ const multipleLocaleSchema = yup$1.lazy(
   (value) => Array.isArray(value) ? yup$1.array().of(singleLocaleSchema.required()) : singleLocaleSchema
 );
 const statusSchema = yup$1.mixed().oneOf(["draft", "published"], "Invalid status");
-const getDocumentLocaleAndStatus = async (request, opts = { allowMultipleLocales: false }) => {
+const getDocumentLocaleAndStatus = async (request, model, opts = { allowMultipleLocales: false }) => {
   const { allowMultipleLocales } = opts;
-  const { locale, status, ...rest } = request || {};
+  const { locale, status: providedStatus, ...rest } = request || {};
+  const defaultStatus = contentTypes$1.hasDraftAndPublish(strapi.getModel(model)) ? void 0 : "published";
+  const status = providedStatus !== void 0 ? providedStatus : defaultStatus;
   const schema = yup$1.object().shape({
     locale: allowMultipleLocales ? multipleLocaleSchema : singleLocaleSchema,
     status: statusSchema
@@ -1582,7 +1837,7 @@ const getDocumentLocaleAndStatus = async (request, opts = { allowMultipleLocales
   }
 };
 const formatDocumentWithMetadata = async (permissionChecker2, uid2, document, opts = {}) => {
-  const documentMetadata2 = getService$1("document-metadata");
+  const documentMetadata2 = getService$2("document-metadata");
   const serviceOutput = await documentMetadata2.formatDocumentWithMetadata(uid2, document, opts);
   let {
     meta: { availableLocales, availableStatus }
@@ -1608,8 +1863,8 @@ const createDocument = async (ctx, opts) => {
   const { userAbility, user } = ctx.state;
   const { model } = ctx.params;
   const { body } = ctx.request;
-  const documentManager2 = getService$1("document-manager");
-  const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+  const documentManager2 = getService$2("document-manager");
+  const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
   if (permissionChecker2.cannot.create()) {
     throw new errors.ForbiddenError();
   }
@@ -1617,7 +1872,7 @@ const createDocument = async (ctx, opts) => {
   const setCreator = setCreatorFields({ user });
   const sanitizeFn = async.pipe(pickPermittedFields, setCreator);
   const sanitizedBody = await sanitizeFn(body);
-  const { locale, status = "draft" } = await getDocumentLocaleAndStatus(body);
+  const { locale, status } = await getDocumentLocaleAndStatus(body, model);
   return documentManager2.create(model, {
     data: sanitizedBody,
     locale,
@@ -1629,14 +1884,14 @@ const updateDocument = async (ctx, opts) => {
   const { userAbility, user } = ctx.state;
   const { id, model } = ctx.params;
   const { body } = ctx.request;
-  const documentManager2 = getService$1("document-manager");
-  const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+  const documentManager2 = getService$2("document-manager");
+  const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
   if (permissionChecker2.cannot.update()) {
     throw new errors.ForbiddenError();
   }
   const permissionQuery = await permissionChecker2.sanitizedQuery.update(ctx.query);
-  const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-  const { locale } = await getDocumentLocaleAndStatus(body);
+  const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
+  const { locale } = await getDocumentLocaleAndStatus(body, model);
   const [documentVersion, documentExists] = await Promise.all([
     documentManager2.findOne(id, model, { populate, locale, status: "draft" }),
     documentManager2.exists(model, id)
@@ -1652,7 +1907,7 @@ const updateDocument = async (ctx, opts) => {
     throw new errors.ForbiddenError();
   }
   const pickPermittedFields = documentVersion ? permissionChecker2.sanitizeUpdateInput(documentVersion) : permissionChecker2.sanitizeCreateInput;
-  const setCreator = setCreatorFields({ user, isEdition: true });
+  const setCreator = documentVersion ? setCreatorFields({ user, isEdition: true }) : setCreatorFields({ user });
   const sanitizeFn = async.pipe(pickPermittedFields, setCreator);
   const sanitizedBody = await sanitizeFn(body);
   return documentManager2.update(documentVersion?.documentId || id, model, {
@@ -1666,15 +1921,15 @@ const collectionTypes = {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { query } = ctx.request;
-    const documentMetadata2 = getService$1("document-metadata");
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentMetadata2 = getService$2("document-metadata");
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(1).countRelations({ toOne: false, toMany: true }).build();
-    const { locale, status } = await getDocumentLocaleAndStatus(query);
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(1).countRelations({ toOne: false, toMany: true }).build();
+    const { locale, status } = await getDocumentLocaleAndStatus(query, model);
     const { results: documents, pagination: pagination2 } = await documentManager2.findPage(
       { ...permissionQuery, populate, locale, status },
       model
@@ -1702,14 +1957,14 @@ const collectionTypes = {
   async findOne(ctx) {
     const { userAbility } = ctx.state;
     const { model, id } = ctx.params;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
-    const { locale, status = "draft" } = await getDocumentLocaleAndStatus(ctx.query);
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
+    const { locale, status } = await getDocumentLocaleAndStatus(ctx.query, model);
     const version = await documentManager2.findOne(id, model, {
       populate,
       locale,
@@ -1724,7 +1979,7 @@ const collectionTypes = {
         permissionChecker2,
         model,
         // @ts-expect-error TODO: fix
-        { id, locale, publishedAt: null },
+        { documentId: id, locale, publishedAt: null },
         { availableLocales: true, availableStatus: false }
       );
       ctx.body = { data: {}, meta };
@@ -1739,7 +1994,7 @@ const collectionTypes = {
   async create(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     const [totalEntries, document] = await Promise.all([
       strapi.db.query(model).count(),
       createDocument(ctx)
@@ -1760,7 +2015,7 @@ const collectionTypes = {
   async update(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     const updatedVersion = await updateDocument(ctx);
     const sanitizedVersion = await permissionChecker2.sanitizeOutput(updatedVersion);
     ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedVersion);
@@ -1769,14 +2024,14 @@ const collectionTypes = {
     const { userAbility, user } = ctx.state;
     const { model, sourceId: id } = ctx.params;
     const { body } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.create()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.create(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale } = await getDocumentLocaleAndStatus(body);
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await documentManager2.findOne(id, model, {
       populate,
       locale,
@@ -1814,14 +2069,14 @@ const collectionTypes = {
   async delete(ctx) {
     const { userAbility } = ctx.state;
     const { id, model } = ctx.params;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.delete()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.delete(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale } = await getDocumentLocaleAndStatus(ctx.query);
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
+    const { locale } = await getDocumentLocaleAndStatus(ctx.query, model);
     const documentLocales = await documentManager2.findLocales(id, model, { populate, locale });
     if (documentLocales.length === 0) {
       return ctx.notFound();
@@ -1842,19 +2097,42 @@ const collectionTypes = {
     const { userAbility } = ctx.state;
     const { id, model } = ctx.params;
     const { body } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.publish()) {
       return ctx.forbidden();
     }
     const publishedDocument = await strapi.db.transaction(async () => {
       const permissionQuery = await permissionChecker2.sanitizedQuery.publish(ctx.query);
-      const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
-      const document = id ? await updateDocument(ctx, { populate }) : await createDocument(ctx, { populate });
+      const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
+      let document;
+      const { locale } = await getDocumentLocaleAndStatus(body, model);
+      const isCreate = isNil$1(id);
+      if (isCreate) {
+        if (permissionChecker2.cannot.create()) {
+          throw new errors.ForbiddenError();
+        }
+        document = await createDocument(ctx, { populate });
+      }
+      const isUpdate = !isCreate;
+      if (isUpdate) {
+        const documentExists = documentManager2.exists(model, id);
+        if (!documentExists) {
+          throw new errors.NotFoundError("Document not found");
+        }
+        document = await documentManager2.findOne(id, model, { populate, locale });
+        if (!document) {
+          if (permissionChecker2.cannot.create({ locale }) || permissionChecker2.cannot.publish({ locale })) {
+            throw new errors.ForbiddenError();
+          }
+          document = await updateDocument(ctx);
+        } else if (permissionChecker2.can.update(document)) {
+          await updateDocument(ctx);
+        }
+      }
       if (permissionChecker2.cannot.publish(document)) {
         throw new errors.ForbiddenError();
       }
-      const { locale } = await getDocumentLocaleAndStatus(body);
       const publishResult = await documentManager2.publish(document.documentId, model, {
         locale
         // TODO: Allow setting creator fields on publish
@@ -1874,14 +2152,16 @@ const collectionTypes = {
     const { body } = ctx.request;
     const { documentIds } = body;
     await validateBulkActionInput(body);
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.publish()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.publish(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
-    const { locale } = await getDocumentLocaleAndStatus(body, { allowMultipleLocales: true });
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
+    const { locale } = await getDocumentLocaleAndStatus(body, model, {
+      allowMultipleLocales: true
+    });
     const entityPromises = documentIds.map(
       (documentId) => documentManager2.findLocales(documentId, model, { populate, locale, isPublished: false })
     );
@@ -1903,12 +2183,14 @@ const collectionTypes = {
     const { body } = ctx.request;
     const { documentIds } = body;
     await validateBulkActionInput(body);
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.unpublish()) {
       return ctx.forbidden();
     }
-    const { locale } = await getDocumentLocaleAndStatus(body);
+    const { locale } = await getDocumentLocaleAndStatus(body, model, {
+      allowMultipleLocales: true
+    });
     const entityPromises = documentIds.map(
       (documentId) => documentManager2.findLocales(documentId, model, { locale, isPublished: true })
     );
@@ -1931,8 +2213,8 @@ const collectionTypes = {
     const {
       body: { discardDraft, ...body }
     } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.unpublish()) {
       return ctx.forbidden();
     }
@@ -1940,8 +2222,8 @@ const collectionTypes = {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.unpublish(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale } = await getDocumentLocaleAndStatus(body);
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await documentManager2.findOne(id, model, {
       populate,
       locale,
@@ -1971,14 +2253,14 @@ const collectionTypes = {
     const { userAbility } = ctx.state;
     const { id, model } = ctx.params;
     const { body } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.discard()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.discard(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale } = await getDocumentLocaleAndStatus(body);
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await documentManager2.findOne(id, model, {
       populate,
       locale,
@@ -2002,14 +2284,14 @@ const collectionTypes = {
     const { query, body } = ctx.request;
     const { documentIds } = body;
     await validateBulkActionInput(body);
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.delete()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.delete(query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale } = await getDocumentLocaleAndStatus(body);
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
     const documentLocales = await documentManager2.findLocales(documentIds, model, {
       populate,
       locale
@@ -2029,14 +2311,14 @@ const collectionTypes = {
   async countDraftRelations(ctx) {
     const { userAbility } = ctx.state;
     const { model, id } = ctx.params;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale, status = "draft" } = await getDocumentLocaleAndStatus(ctx.query);
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
+    const { locale, status } = await getDocumentLocaleAndStatus(ctx.query, model);
     const entity = await documentManager2.findOne(id, model, { populate, locale, status });
     if (!entity) {
       return ctx.notFound();
@@ -2054,12 +2336,12 @@ const collectionTypes = {
     const ids = ctx.request.query.documentIds;
     const locale = ctx.request.query.locale;
     const { model } = ctx.params;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
-    const entities = await documentManager2.findMany(
+    const documents = await documentManager2.findMany(
       {
         filters: {
           documentId: ids
@@ -2068,7 +2350,7 @@ const collectionTypes = {
       },
       model
     );
-    if (!entities) {
+    if (!documents) {
       return ctx.notFound();
     }
     const number = await documentManager2.countManyEntriesDraftRelations(ids, model, locale);
@@ -2079,13 +2361,13 @@ const collectionTypes = {
 };
 const components$1 = {
   findComponents(ctx) {
-    const components2 = getService$1("components").findAllComponents();
-    const { toDto } = getService$1("data-mapper");
+    const components2 = getService$2("components").findAllComponents();
+    const { toDto } = getService$2("data-mapper");
     ctx.body = { data: components2.map(toDto) };
   },
   async findComponentConfiguration(ctx) {
     const { uid: uid2 } = ctx.params;
-    const componentService = getService$1("components");
+    const componentService = getService$2("components");
     const component = componentService.findComponent(uid2);
     if (!component) {
       return ctx.notFound("component.notFound");
@@ -2102,7 +2384,7 @@ const components$1 = {
   async updateComponentConfiguration(ctx) {
     const { uid: uid2 } = ctx.params;
     const { body } = ctx.request;
-    const componentService = getService$1("components");
+    const componentService = getService$2("components");
     const component = componentService.findComponent(uid2);
     if (!component) {
       return ctx.notFound("component.notFound");
@@ -2136,12 +2418,12 @@ const contentTypes = {
     } catch (error) {
       return ctx.send({ error }, 400);
     }
-    const contentTypes2 = getService$1("content-types").findContentTypesByKind(kind);
-    const { toDto } = getService$1("data-mapper");
+    const contentTypes2 = getService$2("content-types").findContentTypesByKind(kind);
+    const { toDto } = getService$2("data-mapper");
     ctx.body = { data: contentTypes2.map(toDto) };
   },
   async findContentTypesSettings(ctx) {
-    const { findAllContentTypes, findConfiguration } = getService$1("content-types");
+    const { findAllContentTypes, findConfiguration } = getService$2("content-types");
     const contentTypes2 = await findAllContentTypes();
     const configurations = await Promise.all(
       contentTypes2.map(async (contentType) => {
@@ -2155,7 +2437,7 @@ const contentTypes = {
   },
   async findContentTypeConfiguration(ctx) {
     const { uid: uid2 } = ctx.params;
-    const contentTypeService = getService$1("content-types");
+    const contentTypeService = getService$2("content-types");
     const contentType = await contentTypeService.findContentType(uid2);
     if (!contentType) {
       return ctx.notFound("contentType.notFound");
@@ -2177,13 +2459,13 @@ const contentTypes = {
     const { userAbility } = ctx.state;
     const { uid: uid2 } = ctx.params;
     const { body } = ctx.request;
-    const contentTypeService = getService$1("content-types");
-    const metricsService = getService$1("metrics");
+    const contentTypeService = getService$2("content-types");
+    const metricsService = getService$2("metrics");
     const contentType = await contentTypeService.findContentType(uid2);
     if (!contentType) {
       return ctx.notFound("contentType.notFound");
     }
-    if (!getService$1("permission").canConfigureContentType({ userAbility, contentType })) {
+    if (!getService$2("permission").canConfigureContentType({ userAbility, contentType })) {
       return ctx.forbidden();
     }
     let input;
@@ -2216,10 +2498,10 @@ const contentTypes = {
 };
 const init = {
   getInitData(ctx) {
-    const { toDto } = getService$1("data-mapper");
-    const { findAllComponents } = getService$1("components");
-    const { getAllFieldSizes } = getService$1("field-sizes");
-    const { findAllContentTypes } = getService$1("content-types");
+    const { toDto } = getService$2("data-mapper");
+    const { findAllComponents } = getService$2("components");
+    const { getAllFieldSizes } = getService$2("field-sizes");
+    const { findAllContentTypes } = getService$2("content-types");
     ctx.body = {
       data: {
         fieldSizes: getAllFieldSizes(),
@@ -2255,36 +2537,41 @@ const addFiltersClause = (params, filtersClause) => {
   params.filters.$and.push(filtersClause);
 };
 const sanitizeMainField = (model, mainField, userAbility) => {
-  const permissionChecker2 = getService$1("permission-checker").create({
+  const permissionChecker2 = getService$2("permission-checker").create({
     userAbility,
     model: model.uid
   });
-  if (!isListable(model, mainField)) {
+  const isMainFieldListable = isListable(model, mainField);
+  const canReadMainField = permissionChecker2.can.read(null, mainField);
+  if (!isMainFieldListable || !canReadMainField) {
     return "id";
   }
-  if (permissionChecker2.cannot.read(null, mainField)) {
-    if (model.uid === "plugin::users-permissions.role") {
-      const userPermissionChecker = getService$1("permission-checker").create({
-        userAbility,
-        model: "plugin::users-permissions.user"
-      });
-      if (userPermissionChecker.can.read()) {
-        return "name";
-      }
-    }
-    return "id";
+  if (model.uid === "plugin::users-permissions.role") {
+    return "name";
   }
   return mainField;
 };
-const addStatusToRelations = async (uid2, relations2) => {
-  if (!contentTypes$1.hasDraftAndPublish(strapi.contentTypes[uid2])) {
+const addStatusToRelations = async (targetUid, relations2) => {
+  if (!contentTypes$1.hasDraftAndPublish(strapi.getModel(targetUid))) {
+    return relations2;
+  }
+  const documentMetadata2 = getService$2("document-metadata");
+  if (!relations2.length) {
     return relations2;
   }
-  const documentMetadata2 = getService$1("document-metadata");
-  const documentsAvailableStatus = await documentMetadata2.getManyAvailableStatus(uid2, relations2);
+  const firstRelation = relations2[0];
+  const filters = {
+    documentId: { $in: relations2.map((r) => r.documentId) },
+    // NOTE: find the "opposite" status
+    publishedAt: firstRelation.publishedAt !== null ? { $null: true } : { $notNull: true }
+  };
+  const availableStatus = await strapi.query(targetUid).findMany({
+    select: ["id", "documentId", "locale", "updatedAt", "createdAt", "publishedAt"],
+    filters
+  });
   return relations2.map((relation) => {
-    const availableStatuses = documentsAvailableStatus.filter(
-      (availableDocument) => availableDocument.documentId === relation.documentId
+    const availableStatuses = availableStatus.filter(
+      (availableDocument) => availableDocument.documentId === relation.documentId && (relation.locale ? availableDocument.locale === relation.locale : true)
     );
     return {
       ...relation,
@@ -2305,11 +2592,8 @@ const validateLocale = (sourceUid, targetUid, locale) => {
   const isLocalized = strapi.plugin("i18n").service("content-types").isLocalizedContentType;
   const isSourceLocalized = isLocalized(sourceModel);
   const isTargetLocalized = isLocalized(targetModel);
-  let validatedLocale = locale;
-  if (!targetModel || !isTargetLocalized)
-    validatedLocale = void 0;
   return {
-    locale: validatedLocale,
+    locale,
     isSourceLocalized,
     isTargetLocalized
   };
@@ -2318,8 +2602,7 @@ const validateStatus = (sourceUid, status) => {
   const sourceModel = strapi.getModel(sourceUid);
   const isDP = contentTypes$1.hasDraftAndPublish;
   const isSourceDP = isDP(sourceModel);
-  if (!isSourceDP)
-    return { status: void 0 };
+  if (!isSourceDP) return { status: void 0 };
   switch (status) {
     case "published":
       return { status: "published" };
@@ -2349,7 +2632,7 @@ const relations = {
       ctx.request?.query?.locale
     );
     const { status } = validateStatus(sourceUid, ctx.request?.query?.status);
-    const permissionChecker2 = getService$1("permission-checker").create({
+    const permissionChecker2 = getService$2("permission-checker").create({
       userAbility,
       model
     });
@@ -2374,7 +2657,7 @@ const relations = {
         where.id = id;
       }
       const permissionQuery = await permissionChecker2.sanitizedQuery.read(ctx.query);
-      const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
+      const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
       const currentEntity = await strapi.db.query(model).findOne({
         where,
         populate
@@ -2389,7 +2672,7 @@ const relations = {
       }
       entryId = currentEntity.id;
     }
-    const modelConfig = isComponent2 ? await getService$1("components").findConfiguration(sourceSchema) : await getService$1("content-types").findConfiguration(sourceSchema);
+    const modelConfig = isComponent2 ? await getService$2("components").findConfiguration(sourceSchema) : await getService$2("content-types").findConfiguration(sourceSchema);
     const targetSchema = strapi.getModel(targetUid);
     const mainField = flow(
       prop(`metadatas.${targetField}.edit.mainField`),
@@ -2412,7 +2695,7 @@ const relations = {
       attribute,
       fieldsToSelect,
       mainField,
-      source: { schema: sourceSchema },
+      source: { schema: sourceSchema, isLocalized: isSourceLocalized },
       target: { schema: targetSchema, isLocalized: isTargetLocalized },
       sourceSchema,
       targetSchema,
@@ -2434,7 +2717,8 @@ const relations = {
       fieldsToSelect,
       mainField,
       source: {
-        schema: { uid: sourceUid, modelType: sourceModelType }
+        schema: { uid: sourceUid, modelType: sourceModelType },
+        isLocalized: isSourceLocalized
       },
       target: {
         schema: { uid: targetUid },
@@ -2442,7 +2726,7 @@ const relations = {
       }
     } = await this.extractAndValidateRequestInfo(ctx, id);
     const { idsToOmit, idsToInclude, _q, ...query } = ctx.request.query;
-    const permissionChecker2 = getService$1("permission-checker").create({
+    const permissionChecker2 = getService$2("permission-checker").create({
       userAbility: ctx.state.userAbility,
       model: targetUid
     });
@@ -2472,12 +2756,16 @@ const relations = {
       } else {
         where.id = id;
       }
-      if (status) {
-        where[`${alias}.published_at`] = getPublishedAtClause(status, targetUid);
+      const publishedAt = getPublishedAtClause(status, targetUid);
+      if (!isEmpty(publishedAt)) {
+        where[`${alias}.published_at`] = publishedAt;
       }
-      if (filterByLocale) {
+      if (isTargetLocalized && locale) {
         where[`${alias}.locale`] = locale;
       }
+      if (isSourceLocalized && locale) {
+        where.locale = locale;
+      }
       if ((idsToInclude?.length ?? 0) !== 0) {
         where[`${alias}.id`].$notIn = idsToInclude;
       }
@@ -2495,7 +2783,8 @@ const relations = {
         id: { $notIn: uniq(idsToOmit) }
       });
     }
-    const res = await strapi.db.query(targetUid).findPage(strapi.get("query-params").transform(targetUid, queryParams));
+    const dbQuery = strapi.get("query-params").transform(targetUid, queryParams);
+    const res = await strapi.db.query(targetUid).findPage(dbQuery);
     ctx.body = {
       ...res,
       results: await addStatusToRelations(targetUid, res.results)
@@ -2510,29 +2799,39 @@ const relations = {
       attribute,
       targetField,
       fieldsToSelect,
-      source: {
-        schema: { uid: sourceUid }
-      },
-      target: {
-        schema: { uid: targetUid }
-      }
+      status,
+      source: { schema: sourceSchema },
+      target: { schema: targetSchema }
     } = await this.extractAndValidateRequestInfo(ctx, id);
-    const permissionQuery = await getService$1("permission-checker").create({ userAbility, model: targetUid }).sanitizedQuery.read({ fields: fieldsToSelect });
+    const { uid: sourceUid } = sourceSchema;
+    const { uid: targetUid } = targetSchema;
+    const permissionQuery = await getService$2("permission-checker").create({ userAbility, model: targetUid }).sanitizedQuery.read({ fields: fieldsToSelect });
     const dbQuery = strapi.db.query(sourceUid);
     const loadRelations = relations$1.isAnyToMany(attribute) ? (...args) => dbQuery.loadPages(...args) : (...args) => dbQuery.load(...args).then((res2) => ({ results: res2 ? [res2] : [] }));
+    const filters = {};
+    if (sourceSchema?.options?.draftAndPublish) {
+      if (targetSchema?.options?.draftAndPublish) {
+        if (status === "published") {
+          filters.publishedAt = { $notNull: true };
+        } else {
+          filters.publishedAt = { $null: true };
+        }
+      }
+    } else if (targetSchema?.options?.draftAndPublish) {
+      filters.publishedAt = { $null: true };
+    }
     const res = await loadRelations({ id: entryId }, targetField, {
-      select: ["id", "documentId", "locale", "publishedAt"],
+      select: ["id", "documentId", "locale", "publishedAt", "updatedAt"],
       ordering: "desc",
       page: ctx.request.query.page,
-      pageSize: ctx.request.query.pageSize
+      pageSize: ctx.request.query.pageSize,
+      filters
     });
     const loadedIds = res.results.map((item) => item.id);
     addFiltersClause(permissionQuery, { id: { $in: loadedIds } });
     const sanitizedRes = await loadRelations({ id: entryId }, targetField, {
       ...strapi.get("query-params").transform(targetUid, permissionQuery),
-      ordering: "desc",
-      page: ctx.request.query.page,
-      pageSize: ctx.request.query.pageSize
+      ordering: "desc"
     });
     const relationsUnion = uniqBy("id", concat(sanitizedRes.results, res.results));
     ctx.body = {
@@ -2547,10 +2846,10 @@ const relations = {
   }
 };
 const buildPopulateFromQuery = async (query, model) => {
-  return getService$1("populate-builder")(model).populateFromQuery(query).populateDeep(Infinity).countRelations().build();
+  return getService$2("populate-builder")(model).populateFromQuery(query).populateDeep(Infinity).countRelations().build();
 };
 const findDocument = async (query, uid2, opts = {}) => {
-  const documentManager2 = getService$1("document-manager");
+  const documentManager2 = getService$2("document-manager");
   const populate = await buildPopulateFromQuery(query, uid2);
   return documentManager2.findMany({ ...opts, populate }, uid2).then((documents) => documents[0]);
 };
@@ -2558,13 +2857,13 @@ const createOrUpdateDocument = async (ctx, opts) => {
   const { user, userAbility } = ctx.state;
   const { model } = ctx.params;
   const { body, query } = ctx.request;
-  const documentManager2 = getService$1("document-manager");
-  const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+  const documentManager2 = getService$2("document-manager");
+  const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
   if (permissionChecker2.cannot.create() && permissionChecker2.cannot.update()) {
     throw new errors.ForbiddenError();
   }
   const sanitizedQuery = await permissionChecker2.sanitizedQuery.update(query);
-  const { locale } = await getDocumentLocaleAndStatus(body);
+  const { locale } = await getDocumentLocaleAndStatus(body, model);
   const [documentVersion, otherDocumentVersion] = await Promise.all([
     findDocument(sanitizedQuery, model, { locale, status: "draft" }),
     // Find the first document to check if it exists
@@ -2600,12 +2899,12 @@ const singleTypes = {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { query = {} } = ctx.request;
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(query);
-    const { locale, status } = await getDocumentLocaleAndStatus(query);
+    const { locale, status } = await getDocumentLocaleAndStatus(query, model);
     const version = await findDocument(permissionQuery, model, { locale, status });
     if (!version) {
       if (permissionChecker2.cannot.create()) {
@@ -2619,7 +2918,7 @@ const singleTypes = {
         permissionChecker2,
         model,
         // @ts-expect-error - fix types
-        { id: document.documentId, locale, publishedAt: null },
+        { documentId: document.documentId, locale, publishedAt: null },
         { availableLocales: true, availableStatus: false }
       );
       ctx.body = { data: {}, meta };
@@ -2634,7 +2933,7 @@ const singleTypes = {
   async createOrUpdate(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     const document = await createOrUpdateDocument(ctx);
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(document);
     ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument);
@@ -2643,14 +2942,14 @@ const singleTypes = {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { query = {} } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.delete()) {
       return ctx.forbidden();
     }
     const sanitizedQuery = await permissionChecker2.sanitizedQuery.delete(query);
     const populate = await buildPopulateFromQuery(sanitizedQuery, model);
-    const { locale } = await getDocumentLocaleAndStatus(query);
+    const { locale } = await getDocumentLocaleAndStatus(query, model);
     const documentLocales = await documentManager2.findLocales(void 0, model, {
       populate,
       locale
@@ -2672,8 +2971,8 @@ const singleTypes = {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { query = {} } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.publish()) {
       return ctx.forbidden();
     }
@@ -2687,7 +2986,7 @@ const singleTypes = {
       if (permissionChecker2.cannot.publish(document)) {
         throw new errors.ForbiddenError();
       }
-      const { locale } = await getDocumentLocaleAndStatus(document);
+      const { locale } = await getDocumentLocaleAndStatus(document, model);
       const publishResult = await documentManager2.publish(document.documentId, model, { locale });
       return publishResult.at(0);
     });
@@ -2701,8 +3000,8 @@ const singleTypes = {
       body: { discardDraft, ...body },
       query = {}
     } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.unpublish()) {
       return ctx.forbidden();
     }
@@ -2710,7 +3009,7 @@ const singleTypes = {
       return ctx.forbidden();
     }
     const sanitizedQuery = await permissionChecker2.sanitizedQuery.unpublish(query);
-    const { locale } = await getDocumentLocaleAndStatus(body);
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await findDocument(sanitizedQuery, model, { locale });
     if (!document) {
       return ctx.notFound();
@@ -2736,13 +3035,13 @@ const singleTypes = {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { body, query = {} } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.discard()) {
       return ctx.forbidden();
     }
     const sanitizedQuery = await permissionChecker2.sanitizedQuery.discard(query);
-    const { locale } = await getDocumentLocaleAndStatus(body);
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await findDocument(sanitizedQuery, model, { locale, status: "published" });
     if (!document) {
       return ctx.notFound();
@@ -2760,9 +3059,9 @@ const singleTypes = {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { query } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
-    const { locale } = await getDocumentLocaleAndStatus(query);
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
+    const { locale } = await getDocumentLocaleAndStatus(query, model);
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
@@ -2783,9 +3082,9 @@ const uid$1 = {
   async generateUID(ctx) {
     const { contentTypeUID, field, data } = await validateGenerateUIDInput(ctx.request.body);
     const { query = {} } = ctx.request;
-    const { locale } = await getDocumentLocaleAndStatus(query);
+    const { locale } = await getDocumentLocaleAndStatus(query, contentTypeUID);
     await validateUIDField(contentTypeUID, field);
-    const uidService = getService$1("uid");
+    const uidService = getService$2("uid");
     ctx.body = {
       data: await uidService.generateUIDField({ contentTypeUID, field, data, locale })
     };
@@ -2795,9 +3094,9 @@ const uid$1 = {
       ctx.request.body
     );
     const { query = {} } = ctx.request;
-    const { locale } = await getDocumentLocaleAndStatus(query);
+    const { locale } = await getDocumentLocaleAndStatus(query, contentTypeUID);
     await validateUIDField(contentTypeUID, field);
-    const uidService = getService$1("uid");
+    const uidService = getService$2("uid");
     const isAvailable = await uidService.checkUIDAvailability({
       contentTypeUID,
       field,
@@ -2818,7 +3117,8 @@ const controllers = {
   relations,
   "single-types": singleTypes,
   uid: uid$1,
-  ...history.controllers ? history.controllers : {}
+  ...history.controllers ? history.controllers : {},
+  ...preview.controllers ? preview.controllers : {}
 };
 const keys = {
   CONFIGURATION: "configuration"
@@ -2947,18 +3247,15 @@ async function syncMetadatas(configuration, schema) {
       _.set(updatedMeta, ["list", "searchable"], false);
       _.set(acc, [key], updatedMeta);
     }
-    if (!_.has(edit, "mainField"))
-      return acc;
+    if (!_.has(edit, "mainField")) return acc;
     if (!isRelation$1(attr)) {
       _.set(updatedMeta, "edit", _.omit(edit, ["mainField"]));
       _.set(acc, [key], updatedMeta);
       return acc;
     }
-    if (edit.mainField === "id")
-      return acc;
+    if (edit.mainField === "id") return acc;
     const targetSchema = getTargetSchema(attr.targetModel);
-    if (!targetSchema)
-      return acc;
+    if (!targetSchema) return acc;
     if (!isSortable(targetSchema, edit.mainField) && !isListable(targetSchema, edit.mainField)) {
       _.set(updatedMeta, ["edit", "mainField"], getDefaultMainField(targetSchema));
       _.set(acc, [key], updatedMeta);
@@ -2969,12 +3266,12 @@ async function syncMetadatas(configuration, schema) {
   return _.assign(metasWithDefaults, updatedMetas);
 }
 const getTargetSchema = (targetModel) => {
-  return getService$1("content-types").findContentType(targetModel);
+  return getService$2("content-types").findContentType(targetModel);
 };
 const DEFAULT_LIST_LENGTH = 4;
 const MAX_ROW_SIZE = 12;
 const isAllowedFieldSize = (type, size) => {
-  const { getFieldSize } = getService$1("field-sizes");
+  const { getFieldSize } = getService$2("field-sizes");
   const fieldSize = getFieldSize(type);
   if (!fieldSize.isResizable && size !== fieldSize.default) {
     return false;
@@ -2982,7 +3279,7 @@ const isAllowedFieldSize = (type, size) => {
   return size <= MAX_ROW_SIZE;
 };
 const getDefaultFieldSize = (attribute) => {
-  const { hasFieldSize, getFieldSize } = getService$1("field-sizes");
+  const { hasFieldSize, getFieldSize } = getService$2("field-sizes");
   return getFieldSize(hasFieldSize(attribute.customField) ? attribute.customField : attribute.type).default;
 };
 async function createDefaultLayouts(schema) {
@@ -3003,8 +3300,7 @@ function createDefaultEditLayout(schema) {
   return appendToEditLayout([], keys2, schema);
 }
 function syncLayouts(configuration, schema) {
-  if (_.isEmpty(configuration.layouts))
-    return createDefaultLayouts(schema);
+  if (_.isEmpty(configuration.layouts)) return createDefaultLayouts(schema);
   const { list = [], editRelations = [], edit = [] } = configuration.layouts || {};
   let cleanList = list.filter((attr) => isListable(schema, attr));
   const cleanEditRelations = editRelations.filter(
@@ -3015,9 +3311,8 @@ function syncLayouts(configuration, schema) {
   for (const row of edit) {
     const newRow = [];
     for (const el of row) {
-      if (!hasEditableAttribute(schema, el.name))
-        continue;
-      const { hasFieldSize } = getService$1("field-sizes");
+      if (!hasEditableAttribute(schema, el.name)) continue;
+      const { hasFieldSize } = getService$2("field-sizes");
       const fieldType = hasFieldSize(schema.attributes[el.name].customField) ? schema.attributes[el.name].customField : schema.attributes[el.name].type;
       if (!isAllowedFieldSize(fieldType, el.size)) {
         elementsToReAppend.push(el.name);
@@ -3047,8 +3342,7 @@ function syncLayouts(configuration, schema) {
   };
 }
 const appendToEditLayout = (layout = [], keysToAppend, schema) => {
-  if (keysToAppend.length === 0)
-    return layout;
+  if (keysToAppend.length === 0) return layout;
   let currentRowIndex = Math.max(layout.length - 1, 0);
   if (!layout[currentRowIndex]) {
     layout[currentRowIndex] = [];
@@ -3157,17 +3451,17 @@ const configurationService$1 = createConfigurationService({
   isComponent: true,
   prefix: STORE_KEY_PREFIX,
   getModels() {
-    const { toContentManagerModel } = getService$1("data-mapper");
+    const { toContentManagerModel } = getService$2("data-mapper");
     return mapValues(toContentManagerModel, strapi.components);
   }
 });
 const components = ({ strapi: strapi2 }) => ({
   findAllComponents() {
-    const { toContentManagerModel } = getService$1("data-mapper");
+    const { toContentManagerModel } = getService$2("data-mapper");
     return Object.values(strapi2.components).map(toContentManagerModel);
   },
   findComponent(uid2) {
-    const { toContentManagerModel } = getService$1("data-mapper");
+    const { toContentManagerModel } = getService$2("data-mapper");
     const component = strapi2.components[uid2];
     return isNil$1(component) ? component : toContentManagerModel(component);
   },
@@ -3218,17 +3512,17 @@ const configurationService = createConfigurationService({
   storeUtils,
   prefix: "content_types",
   getModels() {
-    const { toContentManagerModel } = getService$1("data-mapper");
+    const { toContentManagerModel } = getService$2("data-mapper");
     return mapValues(toContentManagerModel, strapi.contentTypes);
   }
 });
 const service = ({ strapi: strapi2 }) => ({
   findAllContentTypes() {
-    const { toContentManagerModel } = getService$1("data-mapper");
+    const { toContentManagerModel } = getService$2("data-mapper");
     return Object.values(strapi2.contentTypes).map(toContentManagerModel);
   },
   findContentType(uid2) {
-    const { toContentManagerModel } = getService$1("data-mapper");
+    const { toContentManagerModel } = getService$2("data-mapper");
     const contentType = strapi2.contentTypes[uid2];
     return isNil$1(contentType) ? contentType : toContentManagerModel(contentType);
   },
@@ -3257,7 +3551,7 @@ const service = ({ strapi: strapi2 }) => ({
     return this.findConfiguration(contentType);
   },
   findComponentsConfigurations(contentType) {
-    return getService$1("components").findComponentsConfigurations(contentType);
+    return getService$2("components").findComponentsConfigurations(contentType);
   },
   syncConfigurations() {
     return configurationService.syncConfigurations();
@@ -3438,12 +3732,27 @@ const createPermissionChecker = (strapi2) => ({ userAbility, model }) => {
     ability: userAbility,
     model
   });
-  const toSubject = (entity) => entity ? permissionsManager.toSubject(entity, model) : model;
+  const { actionProvider } = strapi2.service("admin::permission");
+  const toSubject = (entity) => {
+    return entity ? permissionsManager.toSubject(entity, model) : model;
+  };
   const can = (action, entity, field) => {
-    return userAbility.can(action, toSubject(entity), field);
+    const subject = toSubject(entity);
+    const aliases = actionProvider.unstable_aliases(action, model);
+    return (
+      // Test the original action to see if it passes
+      userAbility.can(action, subject, field) || // Else try every known alias if at least one of them succeed, then the user "can"
+      aliases.some((alias) => userAbility.can(alias, subject, field))
+    );
   };
   const cannot = (action, entity, field) => {
-    return userAbility.cannot(action, toSubject(entity), field);
+    const subject = toSubject(entity);
+    const aliases = actionProvider.unstable_aliases(action, model);
+    return (
+      // Test both the original action
+      userAbility.cannot(action, subject, field) && // and every known alias, if all of them fail (cannot), then the user truly "cannot"
+      aliases.every((alias) => userAbility.cannot(alias, subject, field))
+    );
   };
   const sanitizeOutput = (data, { action = ACTIONS.read } = {}) => {
     return permissionsManager.sanitizeOutput(data, { subject: toSubject(data), action });
@@ -3514,7 +3823,7 @@ const permission = ({ strapi: strapi2 }) => ({
     return userAbility.can(action);
   },
   async registerPermissions() {
-    const displayedContentTypes = getService$1("content-types").findDisplayedContentTypes();
+    const displayedContentTypes = getService$2("content-types").findDisplayedContentTypes();
     const contentTypesUids = displayedContentTypes.map(prop("uid"));
     const actions = [
       {
@@ -3599,6 +3908,12 @@ function getPopulateForRelation(attribute, model, attributeName, { countMany, co
   if (initialPopulate) {
     return initialPopulate;
   }
+  if (attributeName === "localizations") {
+    const validationPopulate = getPopulateForValidation(model.uid);
+    return {
+      populate: validationPopulate.populate
+    };
+  }
   if (!isVisibleAttribute$1(model, attributeName)) {
     return true;
   }
@@ -3658,6 +3973,9 @@ const getDeepPopulate = (uid2, {
     return {};
   }
   const model = strapi.getModel(uid2);
+  if (!model) {
+    return {};
+  }
   return Object.keys(model.attributes).reduce(
     (populateAcc, attributeName) => merge(
       populateAcc,
@@ -3677,40 +3995,46 @@ const getDeepPopulate = (uid2, {
     {}
   );
 };
-const getValidatableFieldsPopulate = (uid2, {
-  initialPopulate = {},
-  countMany = false,
-  countOne = false,
-  maxLevel = Infinity
-} = {}, level = 1) => {
-  if (level > maxLevel) {
+const getPopulateForValidation = (uid2) => {
+  const model = strapi.getModel(uid2);
+  if (!model) {
     return {};
   }
-  const model = strapi.getModel(uid2);
   return Object.entries(model.attributes).reduce((populateAcc, [attributeName, attribute]) => {
-    if (!getDoesAttributeRequireValidation(attribute)) {
+    if (isScalarAttribute(attribute)) {
+      if (getDoesAttributeRequireValidation(attribute)) {
+        populateAcc.fields = populateAcc.fields || [];
+        populateAcc.fields.push(attributeName);
+      }
       return populateAcc;
     }
-    if (isScalarAttribute(attribute)) {
-      return merge(populateAcc, {
-        [attributeName]: true
-      });
+    if (isComponent(attribute)) {
+      const component = attribute.component;
+      const componentResult = getPopulateForValidation(component);
+      if (Object.keys(componentResult).length > 0) {
+        populateAcc.populate = populateAcc.populate || {};
+        populateAcc.populate[attributeName] = componentResult;
+      }
+      return populateAcc;
     }
-    return merge(
-      populateAcc,
-      getPopulateFor(
-        attributeName,
-        model,
-        {
-          // @ts-expect-error - improve types
-          initialPopulate: initialPopulate?.[attributeName],
-          countMany,
-          countOne,
-          maxLevel
+    if (isDynamicZone(attribute)) {
+      const components2 = attribute.components;
+      const componentsResult = (components2 || []).reduce(
+        (acc, componentUID) => {
+          const componentResult = getPopulateForValidation(componentUID);
+          if (Object.keys(componentResult).length > 0) {
+            acc[componentUID] = componentResult;
+          }
+          return acc;
         },
-        level
-      )
-    );
+        {}
+      );
+      if (Object.keys(componentsResult).length > 0) {
+        populateAcc.populate = populateAcc.populate || {};
+        populateAcc.populate[attributeName] = { on: componentsResult };
+      }
+    }
+    return populateAcc;
   }, {});
 };
 const getDeepPopulateDraftCount = (uid2) => {
@@ -3720,6 +4044,10 @@ const getDeepPopulateDraftCount = (uid2) => {
     const attribute = model.attributes[attributeName];
     switch (attribute.type) {
       case "relation": {
+        const isMorphRelation = attribute.relation.toLowerCase().startsWith("morph");
+        if (isMorphRelation) {
+          break;
+        }
         if (isVisibleAttribute$1(model, attributeName)) {
           populateAcc[attributeName] = {
             count: true,
@@ -3786,7 +4114,7 @@ const getQueryPopulate = async (uid2, query) => {
   return populateQuery;
 };
 const buildDeepPopulate = (uid2) => {
-  return getService$1("populate-builder")(uid2).populateDeep(Infinity).countRelations().build();
+  return getService$2("populate-builder")(uid2).populateDeep(Infinity).countRelations().build();
 };
 const populateBuilder = (uid2) => {
   let getInitialPopulate = async () => {
@@ -3948,7 +4276,6 @@ const AVAILABLE_LOCALES_FIELDS = [
   "locale",
   "updatedAt",
   "createdAt",
-  "status",
   "publishedAt",
   "documentId"
 ];
@@ -3969,34 +4296,20 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
   /**
    * Returns available locales of a document for the current status
    */
-  async getAvailableLocales(uid2, version, allVersions, validatableFields = []) {
+  async getAvailableLocales(uid2, version, allVersions) {
     const versionsByLocale = groupBy("locale", allVersions);
-    delete versionsByLocale[version.locale];
+    if (version.locale) {
+      delete versionsByLocale[version.locale];
+    }
     const model = strapi2.getModel(uid2);
-    const keysToKeep = [...AVAILABLE_LOCALES_FIELDS, ...validatableFields];
-    const traversalFunction = async (localeVersion) => traverseEntity(
-      ({ key }, { remove }) => {
-        if (keysToKeep.includes(key)) {
-          return;
-        }
-        remove(key);
-      },
-      { schema: model, getModel: strapi2.getModel.bind(strapi2) },
-      // @ts-expect-error fix types DocumentVersion incompatible with Data
-      localeVersion
-    );
     const mappingResult = await async.map(
       Object.values(versionsByLocale),
       async (localeVersions) => {
-        const mappedLocaleVersions = await async.map(
-          localeVersions,
-          traversalFunction
-        );
         if (!contentTypes$1.hasDraftAndPublish(model)) {
-          return mappedLocaleVersions[0];
+          return localeVersions[0];
         }
-        const draftVersion = mappedLocaleVersions.find((v) => v.publishedAt === null);
-        const otherVersions = mappedLocaleVersions.filter((v) => v.id !== draftVersion?.id);
+        const draftVersion = localeVersions.find((v) => v.publishedAt === null);
+        const otherVersions = localeVersions.filter((v) => v.id !== draftVersion?.id);
         if (!draftVersion) {
           return;
         }
@@ -4018,8 +4331,7 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
       const matchStatus = status === "published" ? v.publishedAt !== null : v.publishedAt === null;
       return matchLocale && matchStatus;
     });
-    if (!availableStatus)
-      return availableStatus;
+    if (!availableStatus) return availableStatus;
     return pick(AVAILABLE_STATUS_FIELDS, availableStatus);
   },
   /**
@@ -4029,18 +4341,19 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
    * @returns
    */
   async getManyAvailableStatus(uid2, documents) {
-    if (!documents.length)
-      return [];
+    if (!documents.length) return [];
     const status = documents[0].publishedAt !== null ? "published" : "draft";
-    const locale = documents[0]?.locale;
-    const otherStatus = status === "published" ? "draft" : "published";
-    return strapi2.documents(uid2).findMany({
-      filters: {
-        documentId: { $in: documents.map((d) => d.documentId).filter(Boolean) }
-      },
-      status: otherStatus,
-      locale,
-      fields: ["documentId", "locale", "updatedAt", "createdAt", "publishedAt"]
+    const locales = documents.map((d) => d.locale).filter(Boolean);
+    const where = {
+      documentId: { $in: documents.map((d) => d.documentId).filter(Boolean) },
+      publishedAt: { $null: status === "published" }
+    };
+    if (locales.length) {
+      where.locale = { $in: locales };
+    }
+    return strapi2.query(uid2).findMany({
+      where,
+      select: ["id", "documentId", "locale", "updatedAt", "createdAt", "publishedAt"]
     });
   },
   getStatus(version, otherDocumentStatuses) {
@@ -4057,10 +4370,8 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
     } else if (otherVersion) {
       draftVersion = otherVersion;
     }
-    if (!draftVersion)
-      return CONTENT_MANAGER_STATUS.PUBLISHED;
-    if (!publishedVersion)
-      return CONTENT_MANAGER_STATUS.DRAFT;
+    if (!draftVersion) return CONTENT_MANAGER_STATUS.PUBLISHED;
+    if (!publishedVersion) return CONTENT_MANAGER_STATUS.DRAFT;
     const isDraftModified = getIsVersionLatestModification(draftVersion, publishedVersion);
     return isDraftModified ? CONTENT_MANAGER_STATUS.MODIFIED : CONTENT_MANAGER_STATUS.PUBLISHED;
   },
@@ -4068,11 +4379,9 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
   // We could refactor this so the locales are only loaded when they're
   // needed. e.g. in the bulk locale action modal.
   async getMetadata(uid2, version, { availableLocales = true, availableStatus = true } = {}) {
-    const populate = getValidatableFieldsPopulate(uid2);
-    const versions = await strapi2.db.query(uid2).findMany({
-      where: { documentId: version.documentId },
+    const { populate = {}, fields = [] } = getPopulateForValidation(uid2);
+    const params = {
       populate: {
-        // Populate only fields that require validation for bulk locale actions
         ...populate,
         // NOTE: creator fields are selected in this way to avoid exposing sensitive data
         createdBy: {
@@ -4081,9 +4390,15 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
         updatedBy: {
           select: ["id", "firstname", "lastname", "email"]
         }
+      },
+      fields: uniq([...AVAILABLE_LOCALES_FIELDS, ...fields]),
+      filters: {
+        documentId: version.documentId
       }
-    });
-    const availableLocalesResult = availableLocales ? await this.getAvailableLocales(uid2, version, versions, Object.keys(populate)) : [];
+    };
+    const dbParams = strapi2.get("query-params").transform(uid2, params);
+    const versions = await strapi2.db.query(uid2).findMany(dbParams);
+    const availableLocalesResult = availableLocales ? await this.getAvailableLocales(uid2, version, versions) : [];
     const availableStatusResult = availableStatus ? this.getAvailableStatus(version, versions) : null;
     return {
       availableLocales: availableLocalesResult,
@@ -4097,13 +4412,29 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
    */
   async formatDocumentWithMetadata(uid2, document, opts = {}) {
     if (!document) {
-      return document;
+      return {
+        data: document,
+        meta: {
+          availableLocales: [],
+          availableStatus: []
+        }
+      };
     }
     const hasDraftAndPublish = contentTypes$1.hasDraftAndPublish(strapi2.getModel(uid2));
     if (!hasDraftAndPublish) {
       opts.availableStatus = false;
     }
     const meta = await this.getMetadata(uid2, document, opts);
+    if (document.localizations) {
+      const otherStatus = await this.getManyAvailableStatus(uid2, document.localizations);
+      document.localizations = document.localizations.map((d) => {
+        const status = otherStatus.find((s) => s.documentId === d.documentId);
+        return {
+          ...d,
+          status: this.getStatus(d, status ? [status] : [])
+        };
+      });
+    }
     return {
       data: {
         ...document,
@@ -4205,10 +4536,7 @@ const documentManager = ({ strapi: strapi2 }) => {
     async clone(id, body, uid2) {
       const populate = await buildDeepPopulate(uid2);
       const params = {
-        data: {
-          ...omitIdField(body),
-          [PUBLISHED_AT_ATTRIBUTE]: null
-        },
+        data: omitIdField(body),
         populate
       };
       return strapi2.documents(uid2).clone({ ...params, documentId: id }).then((result) => result?.entries.at(0));
@@ -4324,7 +4652,8 @@ const services = {
   permission,
   "populate-builder": populateBuilder$1,
   uid,
-  ...history.services ? history.services : {}
+  ...history.services ? history.services : {},
+  ...preview.services ? preview.services : {}
 };
 const index = () => {
   return {