@strapi/content-manager 0.0.0-experimental.d954d57341a6623992a0d211daaec8e245c3517d → 0.0.0-experimental.dd1d47ef78ef6cfec4ed62576108500bd9f13740

package/dist/server/index.js

@@ -33,10 +33,10 @@ const isNil__default = /* @__PURE__ */ _interopDefault(isNil);
 const ___default = /* @__PURE__ */ _interopDefault(_);
 const qs__default = /* @__PURE__ */ _interopDefault(qs);
 const slugify__default = /* @__PURE__ */ _interopDefault(slugify);
-const getService$1 = (name) => {
+const getService$2 = (name) => {
   return strapi.plugin("content-manager").service(name);
 };
-function getService(strapi2, name) {
+function getService$1(strapi2, name) {
   return strapi2.service(`plugin::content-manager.${name}`);
 }
 const historyRestoreVersionSchema = yup__namespace.object().shape({
@@ -72,7 +72,7 @@ const createHistoryVersionController = ({ strapi: strapi2 }) => {
       if (!isSingleType && (!contentTypeUid || !ctx.query.documentId)) {
         throw new strapiUtils.errors.ForbiddenError("contentType and documentId are required");
       }
-      const permissionChecker2 = getService$1("permission-checker").create({
+      const permissionChecker2 = getService$2("permission-checker").create({
         userAbility: ctx.state.userAbility,
         model: ctx.query.contentType
       });
@@ -80,7 +80,7 @@ const createHistoryVersionController = ({ strapi: strapi2 }) => {
         return ctx.forbidden();
       }
       const query = await permissionChecker2.sanitizeQuery(ctx.query);
-      const { results, pagination } = await getService(strapi2, "history").findVersionsPage({
+      const { results, pagination } = await getService$1(strapi2, "history").findVersionsPage({
         query: {
           ...query,
           ...getValidPagination({ page: query.page, pageSize: query.pageSize })
@@ -105,14 +105,14 @@ const createHistoryVersionController = ({ strapi: strapi2 }) => {
     async restoreVersion(ctx) {
       const request = ctx.request;
       await validateRestoreVersion(request.body, "contentType is required");
-      const permissionChecker2 = getService$1("permission-checker").create({
+      const permissionChecker2 = getService$2("permission-checker").create({
         userAbility: ctx.state.userAbility,
         model: request.body.contentType
       });
       if (permissionChecker2.cannot.update()) {
         throw new strapiUtils.errors.ForbiddenError();
       }
-      const restoredDocument = await getService(strapi2, "history").restoreVersion(
+      const restoredDocument = await getService$1(strapi2, "history").restoreVersion(
         request.params.versionId
       );
       return {
@@ -121,7 +121,7 @@ const createHistoryVersionController = ({ strapi: strapi2 }) => {
     }
   };
 };
-const controllers$1 = {
+const controllers$2 = {
   "history-version": createHistoryVersionController
   /**
    * Casting is needed because the types aren't aware that Strapi supports
@@ -199,7 +199,9 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
     return strapi2.db.query("plugin::upload.file").findOne({ where: { id: versionRelationData.id } });
   };
   const localesService = strapi2.plugin("i18n")?.service("locales");
+  const i18nContentTypeService = strapi2.plugin("i18n")?.service("content-types");
   const getDefaultLocale = async () => localesService ? localesService.getDefaultLocale() : null;
+  const isLocalizedContentType = (model) => i18nContentTypeService ? i18nContentTypeService.isLocalizedContentType(model) : false;
   const getLocaleDictionary = async () => {
     if (!localesService)
       return {};
@@ -226,31 +228,53 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
     const meta = await documentMetadataService.getMetadata(contentTypeUid, document);
     return documentMetadataService.getStatus(document, meta.availableStatus);
   };
-  const getDeepPopulate2 = (uid2) => {
+  const getComponentFields = (componentUID) => {
+    return Object.entries(strapi2.getModel(componentUID).attributes).reduce(
+      (fieldsAcc, [key, attribute]) => {
+        if (!["relation", "media", "component", "dynamiczone"].includes(attribute.type)) {
+          fieldsAcc.push(key);
+        }
+        return fieldsAcc;
+      },
+      []
+    );
+  };
+  const getDeepPopulate2 = (uid2, useDatabaseSyntax = false) => {
     const model = strapi2.getModel(uid2);
     const attributes = Object.entries(model.attributes);
+    const fieldSelector = useDatabaseSyntax ? "select" : "fields";
     return attributes.reduce((acc, [attributeName, attribute]) => {
       switch (attribute.type) {
         case "relation": {
+          const isMorphRelation = attribute.relation.toLowerCase().startsWith("morph");
+          if (isMorphRelation) {
+            break;
+          }
           const isVisible2 = strapiUtils.contentTypes.isVisibleAttribute(model, attributeName);
           if (isVisible2) {
-            acc[attributeName] = { fields: ["documentId", "locale", "publishedAt"] };
+            acc[attributeName] = { [fieldSelector]: ["documentId", "locale", "publishedAt"] };
           }
           break;
         }
         case "media": {
-          acc[attributeName] = { fields: ["id"] };
+          acc[attributeName] = { [fieldSelector]: ["id"] };
           break;
         }
         case "component": {
           const populate = getDeepPopulate2(attribute.component);
-          acc[attributeName] = { populate };
+          acc[attributeName] = {
+            populate,
+            [fieldSelector]: getComponentFields(attribute.component)
+          };
           break;
         }
         case "dynamiczone": {
           const populatedComponents = (attribute.components || []).reduce(
             (acc2, componentUID) => {
-              acc2[componentUID] = { populate: getDeepPopulate2(componentUID) };
+              acc2[componentUID] = {
+                populate: getDeepPopulate2(componentUID),
+                [fieldSelector]: getComponentFields(componentUID)
+              };
               return acc2;
             },
             {}
@@ -312,6 +336,7 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
     getRelationRestoreValue,
     getMediaRestoreValue,
     getDefaultLocale,
+    isLocalizedContentType,
     getLocaleDictionary,
     getRetentionDays,
     getVersionStatus,
@@ -334,7 +359,13 @@ const createHistoryService = ({ strapi: strapi2 }) => {
       });
     },
     async findVersionsPage(params) {
-      const locale = params.query.locale || await serviceUtils.getDefaultLocale();
+      const model = strapi2.getModel(params.query.contentType);
+      const isLocalizedContentType = serviceUtils.isLocalizedContentType(model);
+      const defaultLocale = await serviceUtils.getDefaultLocale();
+      let locale = null;
+      if (isLocalizedContentType) {
+        locale = params.query.locale || defaultLocale;
+      }
       const [{ results, pagination }, localeDictionary] = await Promise.all([
         query.findPage({
           ...params.query,
@@ -356,7 +387,7 @@ const createHistoryService = ({ strapi: strapi2 }) => {
             const attributeValue = entry.data[attributeKey];
             const attributeValues = Array.isArray(attributeValue) ? attributeValue : [attributeValue];
             if (attributeSchema.type === "media") {
-              const permissionChecker2 = getService$1("permission-checker").create({
+              const permissionChecker2 = getService$2("permission-checker").create({
                 userAbility: params.state.userAbility,
                 model: "plugin::upload.file"
               });
@@ -379,7 +410,12 @@ const createHistoryService = ({ strapi: strapi2 }) => {
                     if (userToPopulate == null) {
                       return null;
                     }
-                    return strapi2.query("admin::user").findOne({ where: { id: userToPopulate.id } });
+                    return strapi2.query("admin::user").findOne({
+                      where: {
+                        ...userToPopulate.id ? { id: userToPopulate.id } : {},
+                        ...userToPopulate.documentId ? { documentId: userToPopulate.documentId } : {}
+                      }
+                    });
                   })
                 );
                 return {
@@ -392,7 +428,7 @@ const createHistoryService = ({ strapi: strapi2 }) => {
                   [attributeKey]: adminUsers
                 };
               }
-              const permissionChecker2 = getService$1("permission-checker").create({
+              const permissionChecker2 = getService$2("permission-checker").create({
                 userAbility: params.state.userAbility,
                 model: attributeSchema.target
               });
@@ -490,13 +526,47 @@ const createHistoryService = ({ strapi: strapi2 }) => {
     }
   };
 };
+const shouldCreateHistoryVersion = (context) => {
+  if (!strapi.requestContext.get()?.request.url.startsWith("/content-manager")) {
+    return false;
+  }
+  if (context.action !== "create" && context.action !== "update" && context.action !== "clone" && context.action !== "publish" && context.action !== "unpublish" && context.action !== "discardDraft") {
+    return false;
+  }
+  if (context.action === "update" && strapi.requestContext.get()?.request.url.endsWith("/actions/publish")) {
+    return false;
+  }
+  if (!context.contentType.uid.startsWith("api::")) {
+    return false;
+  }
+  return true;
+};
+const getSchemas = (uid2) => {
+  const attributesSchema = strapi.getModel(uid2).attributes;
+  const componentsSchemas = Object.keys(attributesSchema).reduce(
+    (currentComponentSchemas, key) => {
+      const fieldSchema = attributesSchema[key];
+      if (fieldSchema.type === "component") {
+        const componentSchema = strapi.getModel(fieldSchema.component).attributes;
+        return {
+          ...currentComponentSchemas,
+          [fieldSchema.component]: componentSchema
+        };
+      }
+      return currentComponentSchemas;
+    },
+    {}
+  );
+  return {
+    schema: fp.omit(FIELDS_TO_IGNORE, attributesSchema),
+    componentsSchemas
+  };
+};
 const createLifecyclesService = ({ strapi: strapi2 }) => {
   const state = {
     deleteExpiredJob: null,
     isInitialized: false
   };
-  const query = strapi2.db.query(HISTORY_VERSION_UID);
-  const historyService = getService(strapi2, "history");
   const serviceUtils = createServiceUtils({ strapi: strapi2 });
   return {
     async bootstrap() {
@@ -504,76 +574,62 @@ const createLifecyclesService = ({ strapi: strapi2 }) => {
         return;
       }
       strapi2.documents.use(async (context, next) => {
-        if (!strapi2.requestContext.get()?.request.url.startsWith("/content-manager")) {
-          return next();
-        }
-        if (context.action !== "create" && context.action !== "update" && context.action !== "clone" && context.action !== "publish" && context.action !== "unpublish" && context.action !== "discardDraft") {
-          return next();
-        }
-        if (context.action === "update" && strapi2.requestContext.get()?.request.url.endsWith("/actions/publish")) {
-          return next();
-        }
-        const contentTypeUid = context.contentType.uid;
-        if (!contentTypeUid.startsWith("api::")) {
-          return next();
-        }
         const result = await next();
-        const documentContext = {
-          documentId: context.action === "create" || context.action === "clone" ? result.documentId : context.params.documentId,
-          locale: context.params?.locale
-        };
+        if (!shouldCreateHistoryVersion(context)) {
+          return result;
+        }
+        const documentId = context.action === "create" || context.action === "clone" ? result.documentId : context.params.documentId;
         const defaultLocale = await serviceUtils.getDefaultLocale();
-        const locale = documentContext.locale || defaultLocale;
-        if (Array.isArray(locale)) {
-          strapi2.log.warn(
-            "[Content manager history middleware]: An array of locales was provided, but only a single locale is supported for the findOne operation."
-          );
-          return next();
+        const locales = fp.castArray(context.params?.locale || defaultLocale);
+        if (!locales.length) {
+          return result;
         }
-        const document = await strapi2.documents(contentTypeUid).findOne({
-          documentId: documentContext.documentId,
-          locale,
-          populate: serviceUtils.getDeepPopulate(contentTypeUid)
+        const uid2 = context.contentType.uid;
+        const schemas = getSchemas(uid2);
+        const model = strapi2.getModel(uid2);
+        const isLocalizedContentType = serviceUtils.isLocalizedContentType(model);
+        const localeEntries = await strapi2.db.query(uid2).findMany({
+          where: {
+            documentId,
+            ...isLocalizedContentType ? { locale: { $in: locales } } : {},
+            ...strapiUtils.contentTypes.hasDraftAndPublish(strapi2.contentTypes[uid2]) ? { publishedAt: null } : {}
+          },
+          populate: serviceUtils.getDeepPopulate(
+            uid2,
+            true
+            /* use database syntax */
+          )
         });
-        const status = await serviceUtils.getVersionStatus(contentTypeUid, document);
-        const attributesSchema = strapi2.getModel(contentTypeUid).attributes;
-        const componentsSchemas = Object.keys(
-          attributesSchema
-        ).reduce((currentComponentSchemas, key) => {
-          const fieldSchema = attributesSchema[key];
-          if (fieldSchema.type === "component") {
-            const componentSchema = strapi2.getModel(fieldSchema.component).attributes;
-            return {
-              ...currentComponentSchemas,
-              [fieldSchema.component]: componentSchema
-            };
-          }
-          return currentComponentSchemas;
-        }, {});
         await strapi2.db.transaction(async ({ onCommit }) => {
-          onCommit(() => {
-            historyService.createVersion({
-              contentType: contentTypeUid,
-              data: fp.omit(FIELDS_TO_IGNORE, document),
-              schema: fp.omit(FIELDS_TO_IGNORE, attributesSchema),
-              componentsSchemas,
-              relatedDocumentId: documentContext.documentId,
-              locale,
-              status
-            });
+          onCommit(async () => {
+            for (const entry of localeEntries) {
+              const status = await serviceUtils.getVersionStatus(uid2, entry);
+              await getService$1(strapi2, "history").createVersion({
+                contentType: uid2,
+                data: fp.omit(FIELDS_TO_IGNORE, entry),
+                relatedDocumentId: documentId,
+                locale: entry.locale,
+                status,
+                ...schemas
+              });
+            }
           });
         });
         return result;
       });
-      state.deleteExpiredJob = nodeSchedule.scheduleJob("0 0 * * *", () => {
+      state.deleteExpiredJob = nodeSchedule.scheduleJob("historyDaily", "0 0 * * *", () => {
         const retentionDaysInMilliseconds = serviceUtils.getRetentionDays() * 24 * 60 * 60 * 1e3;
         const expirationDate = new Date(Date.now() - retentionDaysInMilliseconds);
-        query.deleteMany({
+        strapi2.db.query(HISTORY_VERSION_UID).deleteMany({
           where: {
             created_at: {
-              $lt: expirationDate.toISOString()
+              $lt: expirationDate
             }
           }
+        }).catch((error) => {
+          if (error instanceof Error) {
+            strapi2.log.error("Error deleting expired history versions", error.message);
+          }
         });
       });
       state.isInitialized = true;
@@ -585,17 +641,17 @@ const createLifecyclesService = ({ strapi: strapi2 }) => {
     }
   };
 };
-const services$1 = {
+const services$2 = {
   history: createHistoryService,
   lifecycles: createLifecyclesService
 };
-const info = { pluginName: "content-manager", type: "admin" };
+const info$1 = { pluginName: "content-manager", type: "admin" };
 const historyVersionRouter = {
   type: "admin",
   routes: [
     {
       method: "GET",
-      info,
+      info: info$1,
       path: "/history-versions",
       handler: "history-version.findMany",
       config: {
@@ -604,7 +660,7 @@ const historyVersionRouter = {
     },
     {
       method: "PUT",
-      info,
+      info: info$1,
       path: "/history-versions/:versionId/restore",
       handler: "history-version.restoreVersion",
       config: {
@@ -613,7 +669,7 @@ const historyVersionRouter = {
     }
   ]
 };
-const routes$1 = {
+const routes$2 = {
   "history-version": historyVersionRouter
 };
 const historyVersion = {
@@ -660,21 +716,21 @@ const historyVersion = {
     }
   }
 };
-const getFeature = () => {
+const getFeature$1 = () => {
   if (strapi.ee.features.isEnabled("cms-content-history")) {
     return {
       register({ strapi: strapi2 }) {
         strapi2.get("models").add(historyVersion);
       },
       bootstrap({ strapi: strapi2 }) {
-        getService(strapi2, "lifecycles").bootstrap();
+        getService$1(strapi2, "lifecycles").bootstrap();
       },
       destroy({ strapi: strapi2 }) {
-        getService(strapi2, "lifecycles").destroy();
+        getService$1(strapi2, "lifecycles").destroy();
       },
-      controllers: controllers$1,
-      services: services$1,
-      routes: routes$1
+      controllers: controllers$2,
+      services: services$2,
+      routes: routes$2
     };
   }
   return {
@@ -683,7 +739,7 @@ const getFeature = () => {
     }
   };
 };
-const history = getFeature();
+const history = getFeature$1();
 const register = async ({ strapi: strapi2 }) => {
   await history.register?.({ strapi: strapi2 });
 };
@@ -691,15 +747,165 @@ const ALLOWED_WEBHOOK_EVENTS = {
   ENTRY_PUBLISH: "entry.publish",
   ENTRY_UNPUBLISH: "entry.unpublish"
 };
+const FEATURE_ID = "preview";
+const info = { pluginName: "content-manager", type: "admin" };
+const previewRouter = {
+  type: "admin",
+  routes: [
+    {
+      method: "GET",
+      info,
+      path: "/preview/url/:contentType",
+      handler: "preview.getPreviewUrl",
+      config: {
+        policies: ["admin::isAuthenticatedAdmin"]
+      }
+    }
+  ]
+};
+const routes$1 = {
+  preview: previewRouter
+};
+function getService(strapi2, name) {
+  return strapi2.service(`plugin::content-manager.${name}`);
+}
+const getPreviewUrlSchema = yup__namespace.object().shape({
+  // Will be undefined for single types
+  documentId: yup__namespace.string(),
+  locale: yup__namespace.string().nullable(),
+  status: yup__namespace.string()
+}).required();
+const validatePreviewUrl = async (strapi2, uid2, params) => {
+  await strapiUtils.validateYupSchema(getPreviewUrlSchema)(params);
+  const newParams = fp.pick(["documentId", "locale", "status"], params);
+  const model = strapi2.getModel(uid2);
+  if (!model || model.modelType !== "contentType") {
+    throw new strapiUtils.errors.ValidationError("Invalid content type");
+  }
+  const isSingleType = model?.kind === "singleType";
+  if (!isSingleType && !params.documentId) {
+    throw new strapiUtils.errors.ValidationError("documentId is required for Collection Types");
+  }
+  if (isSingleType) {
+    const doc = await strapi2.documents(uid2).findFirst();
+    if (!doc) {
+      throw new strapiUtils.errors.NotFoundError("Document not found");
+    }
+    newParams.documentId = doc?.documentId;
+  }
+  return newParams;
+};
+const createPreviewController = () => {
+  return {
+    /**
+     * Transforms an entry into a preview URL, so that it can be previewed
+     * in the Content Manager.
+     */
+    async getPreviewUrl(ctx) {
+      const uid2 = ctx.params.contentType;
+      const query = ctx.request.query;
+      const params = await validatePreviewUrl(strapi, uid2, query);
+      const previewService = getService(strapi, "preview");
+      const url = await previewService.getPreviewUrl(uid2, params);
+      if (!url) {
+        ctx.status = 204;
+      }
+      return {
+        data: { url }
+      };
+    }
+  };
+};
+const controllers$1 = {
+  preview: createPreviewController
+  /**
+   * Casting is needed because the types aren't aware that Strapi supports
+   * passing a controller factory as the value, instead of a controller object directly
+   */
+};
+const createPreviewService = ({ strapi: strapi2 }) => {
+  const config = getService(strapi2, "preview-config");
+  return {
+    async getPreviewUrl(uid2, params) {
+      const handler = config.getPreviewHandler();
+      try {
+        return handler(uid2, params);
+      } catch (error) {
+        strapi2.log.error(`Failed to get preview URL: ${error}`);
+        throw new strapiUtils.errors.ApplicationError("Failed to get preview URL");
+      }
+      return;
+    }
+  };
+};
+const createPreviewConfigService = ({ strapi: strapi2 }) => {
+  return {
+    isEnabled() {
+      const config = strapi2.config.get("admin.preview");
+      if (!config) {
+        return false;
+      }
+      return config?.enabled ?? true;
+    },
+    /**
+     * Validate if the configuration is valid
+     */
+    validate() {
+      if (!this.isEnabled()) {
+        return;
+      }
+      const handler = this.getPreviewHandler();
+      if (typeof handler !== "function") {
+        throw new strapiUtils.errors.ValidationError(
+          "Preview configuration is invalid. Handler must be a function"
+        );
+      }
+    },
+    /**
+     * Utility to get the preview handler from the configuration
+     */
+    getPreviewHandler() {
+      const config = strapi2.config.get("admin.preview");
+      const emptyHandler = () => {
+        return void 0;
+      };
+      if (!this.isEnabled()) {
+        return emptyHandler;
+      }
+      return config?.config?.handler || emptyHandler;
+    }
+  };
+};
+const services$1 = {
+  preview: createPreviewService,
+  "preview-config": createPreviewConfigService
+};
+const getFeature = () => {
+  if (!strapi.features.future.isEnabled(FEATURE_ID)) {
+    return {};
+  }
+  return {
+    bootstrap() {
+      console.log("Bootstrapping preview server");
+      const config = getService(strapi, "preview-config");
+      config.validate();
+    },
+    routes: routes$1,
+    controllers: controllers$1,
+    services: services$1
+  };
+};
+const preview = getFeature();
 const bootstrap = async () => {
   Object.entries(ALLOWED_WEBHOOK_EVENTS).forEach(([key, value]) => {
     strapi.get("webhookStore").addAllowedEvent(key, value);
   });
-  getService$1("field-sizes").setCustomFieldInputSizes();
-  await getService$1("components").syncConfigurations();
-  await getService$1("content-types").syncConfigurations();
-  await getService$1("permission").registerPermissions();
+  getService$2("field-sizes").setCustomFieldInputSizes();
+  await getService$2("components").syncConfigurations();
+  await getService$2("content-types").syncConfigurations();
+  await getService$2("permission").registerPermissions();
   await history.bootstrap?.({ strapi });
+  await preview.bootstrap?.({ strapi });
 };
 const destroy = async ({ strapi: strapi2 }) => {
   await history.destroy?.({ strapi: strapi2 });
@@ -1189,7 +1395,8 @@ const admin = {
 };
 const routes = {
   admin,
-  ...history.routes ? history.routes : {}
+  ...history.routes ? history.routes : {},
+  ...preview.routes ? preview.routes : {}
 };
 const hasPermissionsSchema = strapiUtils.yup.object({
   actions: strapiUtils.yup.array().of(strapiUtils.yup.string()),
@@ -1200,6 +1407,11 @@ const { createPolicy } = strapiUtils.policy;
 const hasPermissions = createPolicy({
   name: "plugin::content-manager.hasPermissions",
   validator: validateHasPermissionsInput,
+  /**
+   * NOTE: Action aliases are currently not checked at this level (policy).
+   *       This is currently the intended behavior to avoid changing the behavior of API related permissions.
+   *       If you want to add support for it, please create a dedicated RFC with a list of potential side effect this could have.
+   */
   handler(ctx, config = {}) {
     const { actions = [], hasAtLeastOne = false } = config;
     const { userAbility } = ctx.state;
@@ -1441,7 +1653,7 @@ const createMetadasSchema = (schema) => {
             if (!value) {
               return strapiUtils.yup.string();
             }
-            const targetSchema = getService$1("content-types").findContentType(
+            const targetSchema = getService$2("content-types").findContentType(
               schema.attributes[key].targetModel
             );
             if (!targetSchema) {
@@ -1593,9 +1805,11 @@ const multipleLocaleSchema = strapiUtils.yup.lazy(
   (value) => Array.isArray(value) ? strapiUtils.yup.array().of(singleLocaleSchema.required()) : singleLocaleSchema
 );
 const statusSchema = strapiUtils.yup.mixed().oneOf(["draft", "published"], "Invalid status");
-const getDocumentLocaleAndStatus = async (request, opts = { allowMultipleLocales: false }) => {
+const getDocumentLocaleAndStatus = async (request, model, opts = { allowMultipleLocales: false }) => {
   const { allowMultipleLocales } = opts;
-  const { locale, status, ...rest } = request || {};
+  const { locale, status: providedStatus, ...rest } = request || {};
+  const defaultStatus = strapiUtils.contentTypes.hasDraftAndPublish(strapi.getModel(model)) ? void 0 : "published";
+  const status = providedStatus !== void 0 ? providedStatus : defaultStatus;
   const schema = strapiUtils.yup.object().shape({
     locale: allowMultipleLocales ? multipleLocaleSchema : singleLocaleSchema,
     status: statusSchema
@@ -1608,7 +1822,7 @@ const getDocumentLocaleAndStatus = async (request, opts = { allowMultipleLocales
   }
 };
 const formatDocumentWithMetadata = async (permissionChecker2, uid2, document, opts = {}) => {
-  const documentMetadata2 = getService$1("document-metadata");
+  const documentMetadata2 = getService$2("document-metadata");
   const serviceOutput = await documentMetadata2.formatDocumentWithMetadata(uid2, document, opts);
   let {
     meta: { availableLocales, availableStatus }
@@ -1634,8 +1848,8 @@ const createDocument = async (ctx, opts) => {
   const { userAbility, user } = ctx.state;
   const { model } = ctx.params;
   const { body } = ctx.request;
-  const documentManager2 = getService$1("document-manager");
-  const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+  const documentManager2 = getService$2("document-manager");
+  const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
   if (permissionChecker2.cannot.create()) {
     throw new strapiUtils.errors.ForbiddenError();
   }
@@ -1643,7 +1857,7 @@ const createDocument = async (ctx, opts) => {
   const setCreator = strapiUtils.setCreatorFields({ user });
   const sanitizeFn = strapiUtils.async.pipe(pickPermittedFields, setCreator);
   const sanitizedBody = await sanitizeFn(body);
-  const { locale, status = "draft" } = await getDocumentLocaleAndStatus(body);
+  const { locale, status } = await getDocumentLocaleAndStatus(body, model);
   return documentManager2.create(model, {
     data: sanitizedBody,
     locale,
@@ -1655,14 +1869,14 @@ const updateDocument = async (ctx, opts) => {
   const { userAbility, user } = ctx.state;
   const { id, model } = ctx.params;
   const { body } = ctx.request;
-  const documentManager2 = getService$1("document-manager");
-  const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+  const documentManager2 = getService$2("document-manager");
+  const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
   if (permissionChecker2.cannot.update()) {
     throw new strapiUtils.errors.ForbiddenError();
   }
   const permissionQuery = await permissionChecker2.sanitizedQuery.update(ctx.query);
-  const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-  const { locale } = await getDocumentLocaleAndStatus(body);
+  const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
+  const { locale } = await getDocumentLocaleAndStatus(body, model);
   const [documentVersion, documentExists] = await Promise.all([
     documentManager2.findOne(id, model, { populate, locale, status: "draft" }),
     documentManager2.exists(model, id)
@@ -1678,7 +1892,7 @@ const updateDocument = async (ctx, opts) => {
     throw new strapiUtils.errors.ForbiddenError();
   }
   const pickPermittedFields = documentVersion ? permissionChecker2.sanitizeUpdateInput(documentVersion) : permissionChecker2.sanitizeCreateInput;
-  const setCreator = strapiUtils.setCreatorFields({ user, isEdition: true });
+  const setCreator = documentVersion ? strapiUtils.setCreatorFields({ user, isEdition: true }) : strapiUtils.setCreatorFields({ user });
   const sanitizeFn = strapiUtils.async.pipe(pickPermittedFields, setCreator);
   const sanitizedBody = await sanitizeFn(body);
   return documentManager2.update(documentVersion?.documentId || id, model, {
@@ -1692,15 +1906,15 @@ const collectionTypes = {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { query } = ctx.request;
-    const documentMetadata2 = getService$1("document-metadata");
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentMetadata2 = getService$2("document-metadata");
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(1).countRelations({ toOne: false, toMany: true }).build();
-    const { locale, status } = await getDocumentLocaleAndStatus(query);
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(1).countRelations({ toOne: false, toMany: true }).build();
+    const { locale, status } = await getDocumentLocaleAndStatus(query, model);
     const { results: documents, pagination } = await documentManager2.findPage(
       { ...permissionQuery, populate, locale, status },
       model
@@ -1728,14 +1942,14 @@ const collectionTypes = {
   async findOne(ctx) {
     const { userAbility } = ctx.state;
     const { model, id } = ctx.params;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
-    const { locale, status = "draft" } = await getDocumentLocaleAndStatus(ctx.query);
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
+    const { locale, status } = await getDocumentLocaleAndStatus(ctx.query, model);
     const version = await documentManager2.findOne(id, model, {
       populate,
       locale,
@@ -1750,7 +1964,7 @@ const collectionTypes = {
         permissionChecker2,
         model,
         // @ts-expect-error TODO: fix
-        { id, locale, publishedAt: null },
+        { documentId: id, locale, publishedAt: null },
         { availableLocales: true, availableStatus: false }
       );
       ctx.body = { data: {}, meta };
@@ -1765,7 +1979,7 @@ const collectionTypes = {
   async create(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     const [totalEntries, document] = await Promise.all([
       strapi.db.query(model).count(),
       createDocument(ctx)
@@ -1786,7 +2000,7 @@ const collectionTypes = {
   async update(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     const updatedVersion = await updateDocument(ctx);
     const sanitizedVersion = await permissionChecker2.sanitizeOutput(updatedVersion);
     ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedVersion);
@@ -1795,14 +2009,14 @@ const collectionTypes = {
     const { userAbility, user } = ctx.state;
     const { model, sourceId: id } = ctx.params;
     const { body } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.create()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.create(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale } = await getDocumentLocaleAndStatus(body);
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await documentManager2.findOne(id, model, {
       populate,
       locale,
@@ -1840,14 +2054,14 @@ const collectionTypes = {
   async delete(ctx) {
     const { userAbility } = ctx.state;
     const { id, model } = ctx.params;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.delete()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.delete(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale } = await getDocumentLocaleAndStatus(ctx.query);
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
+    const { locale } = await getDocumentLocaleAndStatus(ctx.query, model);
     const documentLocales = await documentManager2.findLocales(id, model, { populate, locale });
     if (documentLocales.length === 0) {
       return ctx.notFound();
@@ -1868,19 +2082,42 @@ const collectionTypes = {
     const { userAbility } = ctx.state;
     const { id, model } = ctx.params;
     const { body } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.publish()) {
       return ctx.forbidden();
     }
     const publishedDocument = await strapi.db.transaction(async () => {
       const permissionQuery = await permissionChecker2.sanitizedQuery.publish(ctx.query);
-      const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
-      const document = id ? await updateDocument(ctx, { populate }) : await createDocument(ctx, { populate });
+      const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
+      let document;
+      const { locale } = await getDocumentLocaleAndStatus(body, model);
+      const isCreate = fp.isNil(id);
+      if (isCreate) {
+        if (permissionChecker2.cannot.create()) {
+          throw new strapiUtils.errors.ForbiddenError();
+        }
+        document = await createDocument(ctx, { populate });
+      }
+      const isUpdate = !isCreate;
+      if (isUpdate) {
+        const documentExists = documentManager2.exists(model, id);
+        if (!documentExists) {
+          throw new strapiUtils.errors.NotFoundError("Document not found");
+        }
+        document = await documentManager2.findOne(id, model, { populate, locale });
+        if (!document) {
+          if (permissionChecker2.cannot.create({ locale }) || permissionChecker2.cannot.publish({ locale })) {
+            throw new strapiUtils.errors.ForbiddenError();
+          }
+          document = await updateDocument(ctx);
+        } else if (permissionChecker2.can.update(document)) {
+          await updateDocument(ctx);
+        }
+      }
       if (permissionChecker2.cannot.publish(document)) {
         throw new strapiUtils.errors.ForbiddenError();
       }
-      const { locale } = await getDocumentLocaleAndStatus(body);
       const publishResult = await documentManager2.publish(document.documentId, model, {
         locale
         // TODO: Allow setting creator fields on publish
@@ -1900,14 +2137,16 @@ const collectionTypes = {
     const { body } = ctx.request;
     const { documentIds } = body;
     await validateBulkActionInput(body);
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.publish()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.publish(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
-    const { locale } = await getDocumentLocaleAndStatus(body, { allowMultipleLocales: true });
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
+    const { locale } = await getDocumentLocaleAndStatus(body, model, {
+      allowMultipleLocales: true
+    });
     const entityPromises = documentIds.map(
       (documentId) => documentManager2.findLocales(documentId, model, { populate, locale, isPublished: false })
     );
@@ -1929,12 +2168,14 @@ const collectionTypes = {
     const { body } = ctx.request;
     const { documentIds } = body;
     await validateBulkActionInput(body);
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.unpublish()) {
       return ctx.forbidden();
     }
-    const { locale } = await getDocumentLocaleAndStatus(body);
+    const { locale } = await getDocumentLocaleAndStatus(body, model, {
+      allowMultipleLocales: true
+    });
     const entityPromises = documentIds.map(
       (documentId) => documentManager2.findLocales(documentId, model, { locale, isPublished: true })
     );
@@ -1957,8 +2198,8 @@ const collectionTypes = {
     const {
       body: { discardDraft, ...body }
     } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.unpublish()) {
       return ctx.forbidden();
     }
@@ -1966,8 +2207,8 @@ const collectionTypes = {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.unpublish(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale } = await getDocumentLocaleAndStatus(body);
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await documentManager2.findOne(id, model, {
       populate,
       locale,
@@ -1997,14 +2238,14 @@ const collectionTypes = {
     const { userAbility } = ctx.state;
     const { id, model } = ctx.params;
     const { body } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.discard()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.discard(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale } = await getDocumentLocaleAndStatus(body);
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await documentManager2.findOne(id, model, {
       populate,
       locale,
@@ -2028,14 +2269,14 @@ const collectionTypes = {
     const { query, body } = ctx.request;
     const { documentIds } = body;
     await validateBulkActionInput(body);
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.delete()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.delete(query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale } = await getDocumentLocaleAndStatus(body);
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
     const documentLocales = await documentManager2.findLocales(documentIds, model, {
       populate,
       locale
@@ -2055,14 +2296,14 @@ const collectionTypes = {
   async countDraftRelations(ctx) {
     const { userAbility } = ctx.state;
     const { model, id } = ctx.params;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale, status = "draft" } = await getDocumentLocaleAndStatus(ctx.query);
+    const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
+    const { locale, status } = await getDocumentLocaleAndStatus(ctx.query, model);
     const entity = await documentManager2.findOne(id, model, { populate, locale, status });
     if (!entity) {
       return ctx.notFound();
@@ -2080,12 +2321,12 @@ const collectionTypes = {
     const ids = ctx.request.query.documentIds;
     const locale = ctx.request.query.locale;
     const { model } = ctx.params;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
-    const entities = await documentManager2.findMany(
+    const documents = await documentManager2.findMany(
       {
         filters: {
           documentId: ids
@@ -2094,7 +2335,7 @@ const collectionTypes = {
       },
       model
     );
-    if (!entities) {
+    if (!documents) {
       return ctx.notFound();
     }
     const number = await documentManager2.countManyEntriesDraftRelations(ids, model, locale);
@@ -2105,13 +2346,13 @@ const collectionTypes = {
 };
 const components$1 = {
   findComponents(ctx) {
-    const components2 = getService$1("components").findAllComponents();
-    const { toDto } = getService$1("data-mapper");
+    const components2 = getService$2("components").findAllComponents();
+    const { toDto } = getService$2("data-mapper");
     ctx.body = { data: components2.map(toDto) };
   },
   async findComponentConfiguration(ctx) {
     const { uid: uid2 } = ctx.params;
-    const componentService = getService$1("components");
+    const componentService = getService$2("components");
     const component = componentService.findComponent(uid2);
     if (!component) {
       return ctx.notFound("component.notFound");
@@ -2128,7 +2369,7 @@ const components$1 = {
   async updateComponentConfiguration(ctx) {
     const { uid: uid2 } = ctx.params;
     const { body } = ctx.request;
-    const componentService = getService$1("components");
+    const componentService = getService$2("components");
     const component = componentService.findComponent(uid2);
     if (!component) {
       return ctx.notFound("component.notFound");
@@ -2162,12 +2403,12 @@ const contentTypes = {
     } catch (error) {
       return ctx.send({ error }, 400);
     }
-    const contentTypes2 = getService$1("content-types").findContentTypesByKind(kind);
-    const { toDto } = getService$1("data-mapper");
+    const contentTypes2 = getService$2("content-types").findContentTypesByKind(kind);
+    const { toDto } = getService$2("data-mapper");
     ctx.body = { data: contentTypes2.map(toDto) };
   },
   async findContentTypesSettings(ctx) {
-    const { findAllContentTypes, findConfiguration } = getService$1("content-types");
+    const { findAllContentTypes, findConfiguration } = getService$2("content-types");
     const contentTypes2 = await findAllContentTypes();
     const configurations = await Promise.all(
       contentTypes2.map(async (contentType) => {
@@ -2181,7 +2422,7 @@ const contentTypes = {
   },
   async findContentTypeConfiguration(ctx) {
     const { uid: uid2 } = ctx.params;
-    const contentTypeService = getService$1("content-types");
+    const contentTypeService = getService$2("content-types");
     const contentType = await contentTypeService.findContentType(uid2);
     if (!contentType) {
       return ctx.notFound("contentType.notFound");
@@ -2203,13 +2444,13 @@ const contentTypes = {
     const { userAbility } = ctx.state;
     const { uid: uid2 } = ctx.params;
     const { body } = ctx.request;
-    const contentTypeService = getService$1("content-types");
-    const metricsService = getService$1("metrics");
+    const contentTypeService = getService$2("content-types");
+    const metricsService = getService$2("metrics");
     const contentType = await contentTypeService.findContentType(uid2);
     if (!contentType) {
       return ctx.notFound("contentType.notFound");
     }
-    if (!getService$1("permission").canConfigureContentType({ userAbility, contentType })) {
+    if (!getService$2("permission").canConfigureContentType({ userAbility, contentType })) {
       return ctx.forbidden();
     }
     let input;
@@ -2242,10 +2483,10 @@ const contentTypes = {
 };
 const init = {
   getInitData(ctx) {
-    const { toDto } = getService$1("data-mapper");
-    const { findAllComponents } = getService$1("components");
-    const { getAllFieldSizes } = getService$1("field-sizes");
-    const { findAllContentTypes } = getService$1("content-types");
+    const { toDto } = getService$2("data-mapper");
+    const { findAllComponents } = getService$2("components");
+    const { getAllFieldSizes } = getService$2("field-sizes");
+    const { findAllContentTypes } = getService$2("content-types");
     ctx.body = {
       data: {
         fieldSizes: getAllFieldSizes(),
@@ -2281,36 +2522,41 @@ const addFiltersClause = (params, filtersClause) => {
   params.filters.$and.push(filtersClause);
 };
 const sanitizeMainField = (model, mainField, userAbility) => {
-  const permissionChecker2 = getService$1("permission-checker").create({
+  const permissionChecker2 = getService$2("permission-checker").create({
     userAbility,
     model: model.uid
   });
-  if (!isListable(model, mainField)) {
+  const isMainFieldListable = isListable(model, mainField);
+  const canReadMainField = permissionChecker2.can.read(null, mainField);
+  if (!isMainFieldListable || !canReadMainField) {
     return "id";
   }
-  if (permissionChecker2.cannot.read(null, mainField)) {
-    if (model.uid === "plugin::users-permissions.role") {
-      const userPermissionChecker = getService$1("permission-checker").create({
-        userAbility,
-        model: "plugin::users-permissions.user"
-      });
-      if (userPermissionChecker.can.read()) {
-        return "name";
-      }
-    }
-    return "id";
+  if (model.uid === "plugin::users-permissions.role") {
+    return "name";
   }
   return mainField;
 };
-const addStatusToRelations = async (uid2, relations2) => {
-  if (!strapiUtils.contentTypes.hasDraftAndPublish(strapi.contentTypes[uid2])) {
+const addStatusToRelations = async (targetUid, relations2) => {
+  if (!strapiUtils.contentTypes.hasDraftAndPublish(strapi.getModel(targetUid))) {
     return relations2;
   }
-  const documentMetadata2 = getService$1("document-metadata");
-  const documentsAvailableStatus = await documentMetadata2.getManyAvailableStatus(uid2, relations2);
+  const documentMetadata2 = getService$2("document-metadata");
+  if (!relations2.length) {
+    return relations2;
+  }
+  const firstRelation = relations2[0];
+  const filters = {
+    documentId: { $in: relations2.map((r) => r.documentId) },
+    // NOTE: find the "opposite" status
+    publishedAt: firstRelation.publishedAt !== null ? { $null: true } : { $notNull: true }
+  };
+  const availableStatus = await strapi.query(targetUid).findMany({
+    select: ["id", "documentId", "locale", "updatedAt", "createdAt", "publishedAt"],
+    filters
+  });
   return relations2.map((relation) => {
-    const availableStatuses = documentsAvailableStatus.filter(
-      (availableDocument) => availableDocument.documentId === relation.documentId
+    const availableStatuses = availableStatus.filter(
+      (availableDocument) => availableDocument.documentId === relation.documentId && (relation.locale ? availableDocument.locale === relation.locale : true)
     );
     return {
       ...relation,
@@ -2331,11 +2577,8 @@ const validateLocale = (sourceUid, targetUid, locale) => {
   const isLocalized = strapi.plugin("i18n").service("content-types").isLocalizedContentType;
   const isSourceLocalized = isLocalized(sourceModel);
   const isTargetLocalized = isLocalized(targetModel);
-  let validatedLocale = locale;
-  if (!targetModel || !isTargetLocalized)
-    validatedLocale = void 0;
   return {
-    locale: validatedLocale,
+    locale,
     isSourceLocalized,
     isTargetLocalized
   };
@@ -2375,7 +2618,7 @@ const relations = {
       ctx.request?.query?.locale
     );
     const { status } = validateStatus(sourceUid, ctx.request?.query?.status);
-    const permissionChecker2 = getService$1("permission-checker").create({
+    const permissionChecker2 = getService$2("permission-checker").create({
       userAbility,
       model
     });
@@ -2400,7 +2643,7 @@ const relations = {
         where.id = id;
       }
       const permissionQuery = await permissionChecker2.sanitizedQuery.read(ctx.query);
-      const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
+      const populate = await getService$2("populate-builder")(model).populateFromQuery(permissionQuery).build();
       const currentEntity = await strapi.db.query(model).findOne({
         where,
         populate
@@ -2415,7 +2658,7 @@ const relations = {
       }
       entryId = currentEntity.id;
     }
-    const modelConfig = isComponent2 ? await getService$1("components").findConfiguration(sourceSchema) : await getService$1("content-types").findConfiguration(sourceSchema);
+    const modelConfig = isComponent2 ? await getService$2("components").findConfiguration(sourceSchema) : await getService$2("content-types").findConfiguration(sourceSchema);
     const targetSchema = strapi.getModel(targetUid);
     const mainField = fp.flow(
       fp.prop(`metadatas.${targetField}.edit.mainField`),
@@ -2438,7 +2681,7 @@ const relations = {
       attribute,
       fieldsToSelect,
       mainField,
-      source: { schema: sourceSchema },
+      source: { schema: sourceSchema, isLocalized: isSourceLocalized },
       target: { schema: targetSchema, isLocalized: isTargetLocalized },
       sourceSchema,
       targetSchema,
@@ -2460,7 +2703,8 @@ const relations = {
       fieldsToSelect,
       mainField,
       source: {
-        schema: { uid: sourceUid, modelType: sourceModelType }
+        schema: { uid: sourceUid, modelType: sourceModelType },
+        isLocalized: isSourceLocalized
       },
       target: {
         schema: { uid: targetUid },
@@ -2468,7 +2712,7 @@ const relations = {
       }
     } = await this.extractAndValidateRequestInfo(ctx, id);
     const { idsToOmit, idsToInclude, _q, ...query } = ctx.request.query;
-    const permissionChecker2 = getService$1("permission-checker").create({
+    const permissionChecker2 = getService$2("permission-checker").create({
       userAbility: ctx.state.userAbility,
       model: targetUid
     });
@@ -2498,12 +2742,16 @@ const relations = {
       } else {
         where.id = id;
       }
-      if (status) {
-        where[`${alias}.published_at`] = getPublishedAtClause(status, targetUid);
+      const publishedAt = getPublishedAtClause(status, targetUid);
+      if (!fp.isEmpty(publishedAt)) {
+        where[`${alias}.published_at`] = publishedAt;
       }
-      if (filterByLocale) {
+      if (isTargetLocalized && locale) {
         where[`${alias}.locale`] = locale;
       }
+      if (isSourceLocalized && locale) {
+        where.locale = locale;
+      }
       if ((idsToInclude?.length ?? 0) !== 0) {
         where[`${alias}.id`].$notIn = idsToInclude;
       }
@@ -2521,7 +2769,8 @@ const relations = {
         id: { $notIn: fp.uniq(idsToOmit) }
       });
     }
-    const res = await strapi.db.query(targetUid).findPage(strapi.get("query-params").transform(targetUid, queryParams));
+    const dbQuery = strapi.get("query-params").transform(targetUid, queryParams);
+    const res = await strapi.db.query(targetUid).findPage(dbQuery);
     ctx.body = {
       ...res,
       results: await addStatusToRelations(targetUid, res.results)
@@ -2536,29 +2785,39 @@ const relations = {
       attribute,
       targetField,
       fieldsToSelect,
-      source: {
-        schema: { uid: sourceUid }
-      },
-      target: {
-        schema: { uid: targetUid }
-      }
+      status,
+      source: { schema: sourceSchema },
+      target: { schema: targetSchema }
     } = await this.extractAndValidateRequestInfo(ctx, id);
-    const permissionQuery = await getService$1("permission-checker").create({ userAbility, model: targetUid }).sanitizedQuery.read({ fields: fieldsToSelect });
+    const { uid: sourceUid } = sourceSchema;
+    const { uid: targetUid } = targetSchema;
+    const permissionQuery = await getService$2("permission-checker").create({ userAbility, model: targetUid }).sanitizedQuery.read({ fields: fieldsToSelect });
     const dbQuery = strapi.db.query(sourceUid);
     const loadRelations = strapiUtils.relations.isAnyToMany(attribute) ? (...args) => dbQuery.loadPages(...args) : (...args) => dbQuery.load(...args).then((res2) => ({ results: res2 ? [res2] : [] }));
+    const filters = {};
+    if (sourceSchema?.options?.draftAndPublish) {
+      if (targetSchema?.options?.draftAndPublish) {
+        if (status === "published") {
+          filters.publishedAt = { $notNull: true };
+        } else {
+          filters.publishedAt = { $null: true };
+        }
+      }
+    } else if (targetSchema?.options?.draftAndPublish) {
+      filters.publishedAt = { $null: true };
+    }
     const res = await loadRelations({ id: entryId }, targetField, {
-      select: ["id", "documentId", "locale", "publishedAt"],
+      select: ["id", "documentId", "locale", "publishedAt", "updatedAt"],
       ordering: "desc",
       page: ctx.request.query.page,
-      pageSize: ctx.request.query.pageSize
+      pageSize: ctx.request.query.pageSize,
+      filters
     });
     const loadedIds = res.results.map((item) => item.id);
     addFiltersClause(permissionQuery, { id: { $in: loadedIds } });
     const sanitizedRes = await loadRelations({ id: entryId }, targetField, {
       ...strapi.get("query-params").transform(targetUid, permissionQuery),
-      ordering: "desc",
-      page: ctx.request.query.page,
-      pageSize: ctx.request.query.pageSize
+      ordering: "desc"
     });
     const relationsUnion = fp.uniqBy("id", fp.concat(sanitizedRes.results, res.results));
     ctx.body = {
@@ -2573,10 +2832,10 @@ const relations = {
   }
 };
 const buildPopulateFromQuery = async (query, model) => {
-  return getService$1("populate-builder")(model).populateFromQuery(query).populateDeep(Infinity).countRelations().build();
+  return getService$2("populate-builder")(model).populateFromQuery(query).populateDeep(Infinity).countRelations().build();
 };
 const findDocument = async (query, uid2, opts = {}) => {
-  const documentManager2 = getService$1("document-manager");
+  const documentManager2 = getService$2("document-manager");
   const populate = await buildPopulateFromQuery(query, uid2);
   return documentManager2.findMany({ ...opts, populate }, uid2).then((documents) => documents[0]);
 };
@@ -2584,13 +2843,13 @@ const createOrUpdateDocument = async (ctx, opts) => {
   const { user, userAbility } = ctx.state;
   const { model } = ctx.params;
   const { body, query } = ctx.request;
-  const documentManager2 = getService$1("document-manager");
-  const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+  const documentManager2 = getService$2("document-manager");
+  const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
   if (permissionChecker2.cannot.create() && permissionChecker2.cannot.update()) {
     throw new strapiUtils.errors.ForbiddenError();
   }
   const sanitizedQuery = await permissionChecker2.sanitizedQuery.update(query);
-  const { locale } = await getDocumentLocaleAndStatus(body);
+  const { locale } = await getDocumentLocaleAndStatus(body, model);
   const [documentVersion, otherDocumentVersion] = await Promise.all([
     findDocument(sanitizedQuery, model, { locale, status: "draft" }),
     // Find the first document to check if it exists
@@ -2626,12 +2885,12 @@ const singleTypes = {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { query = {} } = ctx.request;
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(query);
-    const { locale, status } = await getDocumentLocaleAndStatus(query);
+    const { locale, status } = await getDocumentLocaleAndStatus(query, model);
     const version = await findDocument(permissionQuery, model, { locale, status });
     if (!version) {
       if (permissionChecker2.cannot.create()) {
@@ -2645,7 +2904,7 @@ const singleTypes = {
         permissionChecker2,
         model,
         // @ts-expect-error - fix types
-        { id: document.documentId, locale, publishedAt: null },
+        { documentId: document.documentId, locale, publishedAt: null },
         { availableLocales: true, availableStatus: false }
       );
       ctx.body = { data: {}, meta };
@@ -2660,7 +2919,7 @@ const singleTypes = {
   async createOrUpdate(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     const document = await createOrUpdateDocument(ctx);
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(document);
     ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument);
@@ -2669,14 +2928,14 @@ const singleTypes = {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { query = {} } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.delete()) {
       return ctx.forbidden();
     }
     const sanitizedQuery = await permissionChecker2.sanitizedQuery.delete(query);
     const populate = await buildPopulateFromQuery(sanitizedQuery, model);
-    const { locale } = await getDocumentLocaleAndStatus(query);
+    const { locale } = await getDocumentLocaleAndStatus(query, model);
     const documentLocales = await documentManager2.findLocales(void 0, model, {
       populate,
       locale
@@ -2698,8 +2957,8 @@ const singleTypes = {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { query = {} } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.publish()) {
       return ctx.forbidden();
     }
@@ -2713,7 +2972,7 @@ const singleTypes = {
       if (permissionChecker2.cannot.publish(document)) {
         throw new strapiUtils.errors.ForbiddenError();
       }
-      const { locale } = await getDocumentLocaleAndStatus(document);
+      const { locale } = await getDocumentLocaleAndStatus(document, model);
       const publishResult = await documentManager2.publish(document.documentId, model, { locale });
       return publishResult.at(0);
     });
@@ -2727,8 +2986,8 @@ const singleTypes = {
       body: { discardDraft, ...body },
       query = {}
     } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.unpublish()) {
       return ctx.forbidden();
     }
@@ -2736,7 +2995,7 @@ const singleTypes = {
       return ctx.forbidden();
     }
     const sanitizedQuery = await permissionChecker2.sanitizedQuery.unpublish(query);
-    const { locale } = await getDocumentLocaleAndStatus(body);
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await findDocument(sanitizedQuery, model, { locale });
     if (!document) {
       return ctx.notFound();
@@ -2762,13 +3021,13 @@ const singleTypes = {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { body, query = {} } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.discard()) {
       return ctx.forbidden();
     }
     const sanitizedQuery = await permissionChecker2.sanitizedQuery.discard(query);
-    const { locale } = await getDocumentLocaleAndStatus(body);
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await findDocument(sanitizedQuery, model, { locale, status: "published" });
     if (!document) {
       return ctx.notFound();
@@ -2786,9 +3045,9 @@ const singleTypes = {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { query } = ctx.request;
-    const documentManager2 = getService$1("document-manager");
-    const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
-    const { locale } = await getDocumentLocaleAndStatus(query);
+    const documentManager2 = getService$2("document-manager");
+    const permissionChecker2 = getService$2("permission-checker").create({ userAbility, model });
+    const { locale } = await getDocumentLocaleAndStatus(query, model);
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
@@ -2809,9 +3068,9 @@ const uid$1 = {
   async generateUID(ctx) {
     const { contentTypeUID, field, data } = await validateGenerateUIDInput(ctx.request.body);
     const { query = {} } = ctx.request;
-    const { locale } = await getDocumentLocaleAndStatus(query);
+    const { locale } = await getDocumentLocaleAndStatus(query, contentTypeUID);
     await validateUIDField(contentTypeUID, field);
-    const uidService = getService$1("uid");
+    const uidService = getService$2("uid");
     ctx.body = {
       data: await uidService.generateUIDField({ contentTypeUID, field, data, locale })
     };
@@ -2821,9 +3080,9 @@ const uid$1 = {
       ctx.request.body
     );
     const { query = {} } = ctx.request;
-    const { locale } = await getDocumentLocaleAndStatus(query);
+    const { locale } = await getDocumentLocaleAndStatus(query, contentTypeUID);
     await validateUIDField(contentTypeUID, field);
-    const uidService = getService$1("uid");
+    const uidService = getService$2("uid");
     const isAvailable = await uidService.checkUIDAvailability({
       contentTypeUID,
       field,
@@ -2844,7 +3103,8 @@ const controllers = {
   relations,
   "single-types": singleTypes,
   uid: uid$1,
-  ...history.controllers ? history.controllers : {}
+  ...history.controllers ? history.controllers : {},
+  ...preview.controllers ? preview.controllers : {}
 };
 const keys = {
   CONFIGURATION: "configuration"
@@ -2995,12 +3255,12 @@ async function syncMetadatas(configuration, schema) {
   return ___default.default.assign(metasWithDefaults, updatedMetas);
 }
 const getTargetSchema = (targetModel) => {
-  return getService$1("content-types").findContentType(targetModel);
+  return getService$2("content-types").findContentType(targetModel);
 };
 const DEFAULT_LIST_LENGTH = 4;
 const MAX_ROW_SIZE = 12;
 const isAllowedFieldSize = (type, size) => {
-  const { getFieldSize } = getService$1("field-sizes");
+  const { getFieldSize } = getService$2("field-sizes");
   const fieldSize = getFieldSize(type);
   if (!fieldSize.isResizable && size !== fieldSize.default) {
     return false;
@@ -3008,7 +3268,7 @@ const isAllowedFieldSize = (type, size) => {
   return size <= MAX_ROW_SIZE;
 };
 const getDefaultFieldSize = (attribute) => {
-  const { hasFieldSize, getFieldSize } = getService$1("field-sizes");
+  const { hasFieldSize, getFieldSize } = getService$2("field-sizes");
   return getFieldSize(hasFieldSize(attribute.customField) ? attribute.customField : attribute.type).default;
 };
 async function createDefaultLayouts(schema) {
@@ -3043,7 +3303,7 @@ function syncLayouts(configuration, schema) {
     for (const el of row) {
       if (!hasEditableAttribute(schema, el.name))
         continue;
-      const { hasFieldSize } = getService$1("field-sizes");
+      const { hasFieldSize } = getService$2("field-sizes");
       const fieldType = hasFieldSize(schema.attributes[el.name].customField) ? schema.attributes[el.name].customField : schema.attributes[el.name].type;
       if (!isAllowedFieldSize(fieldType, el.size)) {
         elementsToReAppend.push(el.name);
@@ -3183,17 +3443,17 @@ const configurationService$1 = createConfigurationService({
   isComponent: true,
   prefix: STORE_KEY_PREFIX,
   getModels() {
-    const { toContentManagerModel } = getService$1("data-mapper");
+    const { toContentManagerModel } = getService$2("data-mapper");
     return fp.mapValues(toContentManagerModel, strapi.components);
   }
 });
 const components = ({ strapi: strapi2 }) => ({
   findAllComponents() {
-    const { toContentManagerModel } = getService$1("data-mapper");
+    const { toContentManagerModel } = getService$2("data-mapper");
     return Object.values(strapi2.components).map(toContentManagerModel);
   },
   findComponent(uid2) {
-    const { toContentManagerModel } = getService$1("data-mapper");
+    const { toContentManagerModel } = getService$2("data-mapper");
     const component = strapi2.components[uid2];
     return fp.isNil(component) ? component : toContentManagerModel(component);
   },
@@ -3244,17 +3504,17 @@ const configurationService = createConfigurationService({
   storeUtils,
   prefix: "content_types",
   getModels() {
-    const { toContentManagerModel } = getService$1("data-mapper");
+    const { toContentManagerModel } = getService$2("data-mapper");
     return fp.mapValues(toContentManagerModel, strapi.contentTypes);
   }
 });
 const service = ({ strapi: strapi2 }) => ({
   findAllContentTypes() {
-    const { toContentManagerModel } = getService$1("data-mapper");
+    const { toContentManagerModel } = getService$2("data-mapper");
     return Object.values(strapi2.contentTypes).map(toContentManagerModel);
   },
   findContentType(uid2) {
-    const { toContentManagerModel } = getService$1("data-mapper");
+    const { toContentManagerModel } = getService$2("data-mapper");
     const contentType = strapi2.contentTypes[uid2];
     return fp.isNil(contentType) ? contentType : toContentManagerModel(contentType);
   },
@@ -3283,7 +3543,7 @@ const service = ({ strapi: strapi2 }) => ({
     return this.findConfiguration(contentType);
   },
   findComponentsConfigurations(contentType) {
-    return getService$1("components").findComponentsConfigurations(contentType);
+    return getService$2("components").findComponentsConfigurations(contentType);
   },
   syncConfigurations() {
     return configurationService.syncConfigurations();
@@ -3464,12 +3724,27 @@ const createPermissionChecker = (strapi2) => ({ userAbility, model }) => {
     ability: userAbility,
     model
   });
-  const toSubject = (entity) => entity ? permissionsManager.toSubject(entity, model) : model;
+  const { actionProvider } = strapi2.service("admin::permission");
+  const toSubject = (entity) => {
+    return entity ? permissionsManager.toSubject(entity, model) : model;
+  };
   const can = (action, entity, field) => {
-    return userAbility.can(action, toSubject(entity), field);
+    const subject = toSubject(entity);
+    const aliases = actionProvider.unstable_aliases(action, model);
+    return (
+      // Test the original action to see if it passes
+      userAbility.can(action, subject, field) || // Else try every known alias if at least one of them succeed, then the user "can"
+      aliases.some((alias) => userAbility.can(alias, subject, field))
+    );
   };
   const cannot = (action, entity, field) => {
-    return userAbility.cannot(action, toSubject(entity), field);
+    const subject = toSubject(entity);
+    const aliases = actionProvider.unstable_aliases(action, model);
+    return (
+      // Test both the original action
+      userAbility.cannot(action, subject, field) && // and every known alias, if all of them fail (cannot), then the user truly "cannot"
+      aliases.every((alias) => userAbility.cannot(alias, subject, field))
+    );
   };
   const sanitizeOutput = (data, { action = ACTIONS.read } = {}) => {
     return permissionsManager.sanitizeOutput(data, { subject: toSubject(data), action });
@@ -3540,7 +3815,7 @@ const permission = ({ strapi: strapi2 }) => ({
     return userAbility.can(action);
   },
   async registerPermissions() {
-    const displayedContentTypes = getService$1("content-types").findDisplayedContentTypes();
+    const displayedContentTypes = getService$2("content-types").findDisplayedContentTypes();
     const contentTypesUids = displayedContentTypes.map(fp.prop("uid"));
     const actions = [
       {
@@ -3746,6 +4021,10 @@ const getDeepPopulateDraftCount = (uid2) => {
     const attribute = model.attributes[attributeName];
     switch (attribute.type) {
       case "relation": {
+        const isMorphRelation = attribute.relation.toLowerCase().startsWith("morph");
+        if (isMorphRelation) {
+          break;
+        }
         if (isVisibleAttribute$1(model, attributeName)) {
           populateAcc[attributeName] = {
             count: true,
@@ -3812,7 +4091,7 @@ const getQueryPopulate = async (uid2, query) => {
   return populateQuery;
 };
 const buildDeepPopulate = (uid2) => {
-  return getService$1("populate-builder")(uid2).populateDeep(Infinity).countRelations().build();
+  return getService$2("populate-builder")(uid2).populateDeep(Infinity).countRelations().build();
 };
 const populateBuilder = (uid2) => {
   let getInitialPopulate = async () => {
@@ -3997,7 +4276,9 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
    */
   async getAvailableLocales(uid2, version, allVersions, validatableFields = []) {
     const versionsByLocale = fp.groupBy("locale", allVersions);
-    delete versionsByLocale[version.locale];
+    if (version.locale) {
+      delete versionsByLocale[version.locale];
+    }
     const model = strapi2.getModel(uid2);
     const keysToKeep = [...AVAILABLE_LOCALES_FIELDS, ...validatableFields];
     const traversalFunction = async (localeVersion) => strapiUtils.traverseEntity(
@@ -4123,7 +4404,13 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
    */
   async formatDocumentWithMetadata(uid2, document, opts = {}) {
     if (!document) {
-      return document;
+      return {
+        data: document,
+        meta: {
+          availableLocales: [],
+          availableStatus: []
+        }
+      };
     }
     const hasDraftAndPublish = strapiUtils.contentTypes.hasDraftAndPublish(strapi2.getModel(uid2));
     if (!hasDraftAndPublish) {
@@ -4231,10 +4518,7 @@ const documentManager = ({ strapi: strapi2 }) => {
     async clone(id, body, uid2) {
       const populate = await buildDeepPopulate(uid2);
       const params = {
-        data: {
-          ...omitIdField(body),
-          [PUBLISHED_AT_ATTRIBUTE]: null
-        },
+        data: omitIdField(body),
         populate
       };
       return strapi2.documents(uid2).clone({ ...params, documentId: id }).then((result) => result?.entries.at(0));
@@ -4350,7 +4634,8 @@ const services = {
   permission,
   "populate-builder": populateBuilder$1,
   uid,
-  ...history.services ? history.services : {}
+  ...history.services ? history.services : {},
+  ...preview.services ? preview.services : {}
 };
 const index = () => {
   return {