npm - @strapi/content-manager - Versions diffs - 0.0.0-experimental.e60ec1829240dae21c1e1d29076681c322288813 → 0.0.0-experimental.e9122b401c96877b6707775c4f893660eab93ae3 - Mend

@strapi/content-manager 0.0.0-experimental.e60ec1829240dae21c1e1d29076681c322288813 → 0.0.0-experimental.e9122b401c96877b6707775c4f893660eab93ae3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (180) hide show

package/dist/server/index.mjs CHANGED Viewed

@@ -1,5 +1,5 @@
-import strapiUtils, { validateYupSchema, errors, async, contentTypes as contentTypes$1, yup as yup$1, validateYupSchemaSync, policy, traverse, setCreatorFields, isOperatorOfType, relations as relations$1, sanitize } from "@strapi/utils";
-import { pick, omit, difference, intersection, pipe, propOr, isEqual, isEmpty, set, isNil as isNil$1, has, prop, assoc, mapValues, flow, uniq, uniqBy, concat, getOr, propEq, merge, groupBy, castArray } from "lodash/fp";
+import strapiUtils, { validateYupSchema, errors, async, contentTypes as contentTypes$1, yup as yup$1, validateYupSchemaSync, policy, traverse, setCreatorFields, isOperatorOfType, relations as relations$1, traverseEntity, pagination } from "@strapi/utils";
+import { pick, omit, difference, castArray, intersection, pipe, propOr, isEqual, isEmpty, set, isNil as isNil$1, has, prop, assoc, mapValues, flow, uniq, uniqBy, concat, getOr, propEq, merge, groupBy } from "lodash/fp";
 import "@strapi/types";
 import * as yup from "yup";
 import { scheduleJob } from "node-schedule";
@@ -54,7 +54,7 @@ const createHistoryVersionController = ({ strapi: strapi2 }) => {
         return ctx.forbidden();
       }
       const query = await permissionChecker2.sanitizeQuery(ctx.query);
-      const { results, pagination } = await getService(strapi2, "history").findVersionsPage({
+      const { results, pagination: pagination2 } = await getService(strapi2, "history").findVersionsPage({
         query: {
           ...query,
           ...getValidPagination({ page: query.page, pageSize: query.pageSize })
@@ -73,7 +73,7 @@ const createHistoryVersionController = ({ strapi: strapi2 }) => {
       );
       return {
         data: sanitizedResults,
-        meta: { pagination }
+        meta: { pagination: pagination2 }
       };
     },
     async restoreVersion(ctx) {
@@ -173,7 +173,9 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
     return strapi2.db.query("plugin::upload.file").findOne({ where: { id: versionRelationData.id } });
   };
   const localesService = strapi2.plugin("i18n")?.service("locales");
+  const i18nContentTypeService = strapi2.plugin("i18n")?.service("content-types");
   const getDefaultLocale = async () => localesService ? localesService.getDefaultLocale() : null;
+  const isLocalizedContentType = (model) => i18nContentTypeService ? i18nContentTypeService.isLocalizedContentType(model) : false;
   const getLocaleDictionary = async () => {
     if (!localesService)
       return {};
@@ -200,20 +202,25 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
     const meta = await documentMetadataService.getMetadata(contentTypeUid, document);
     return documentMetadataService.getStatus(document, meta.availableStatus);
   };
-  const getDeepPopulate2 = (uid2) => {
+  const getDeepPopulate2 = (uid2, useDatabaseSyntax = false) => {
     const model = strapi2.getModel(uid2);
     const attributes = Object.entries(model.attributes);
+    const fieldSelector = useDatabaseSyntax ? "select" : "fields";
     return attributes.reduce((acc, [attributeName, attribute]) => {
       switch (attribute.type) {
         case "relation": {
+          const isMorphRelation = attribute.relation.toLowerCase().startsWith("morph");
+          if (isMorphRelation) {
+            break;
+          }
           const isVisible2 = contentTypes$1.isVisibleAttribute(model, attributeName);
           if (isVisible2) {
-            acc[attributeName] = { fields: ["documentId", "locale", "publishedAt"] };
+            acc[attributeName] = { [fieldSelector]: ["documentId", "locale", "publishedAt"] };
           }
           break;
         }
         case "media": {
-          acc[attributeName] = { fields: ["id"] };
+          acc[attributeName] = { [fieldSelector]: ["id"] };
           break;
         }
         case "component": {
@@ -286,6 +293,7 @@ const createServiceUtils = ({ strapi: strapi2 }) => {
     getRelationRestoreValue,
     getMediaRestoreValue,
     getDefaultLocale,
+    isLocalizedContentType,
     getLocaleDictionary,
     getRetentionDays,
     getVersionStatus,
@@ -308,8 +316,14 @@ const createHistoryService = ({ strapi: strapi2 }) => {
       });
     },
     async findVersionsPage(params) {
-      const locale = params.query.locale || await serviceUtils.getDefaultLocale();
-      const [{ results, pagination }, localeDictionary] = await Promise.all([
+      const model = strapi2.getModel(params.query.contentType);
+      const isLocalizedContentType = serviceUtils.isLocalizedContentType(model);
+      const defaultLocale = await serviceUtils.getDefaultLocale();
+      let locale = null;
+      if (isLocalizedContentType) {
+        locale = params.query.locale || defaultLocale;
+      }
+      const [{ results, pagination: pagination2 }, localeDictionary] = await Promise.all([
         query.findPage({
           ...params.query,
           where: {
@@ -408,7 +422,7 @@ const createHistoryService = ({ strapi: strapi2 }) => {
       );
       return {
         results: formattedResults,
-        pagination
+        pagination: pagination2
       };
     },
     async restoreVersion(versionId) {
@@ -464,13 +478,47 @@ const createHistoryService = ({ strapi: strapi2 }) => {
     }
   };
 };
+const shouldCreateHistoryVersion = (context) => {
+  if (!strapi.requestContext.get()?.request.url.startsWith("/content-manager")) {
+    return false;
+  }
+  if (context.action !== "create" && context.action !== "update" && context.action !== "clone" && context.action !== "publish" && context.action !== "unpublish" && context.action !== "discardDraft") {
+    return false;
+  }
+  if (context.action === "update" && strapi.requestContext.get()?.request.url.endsWith("/actions/publish")) {
+    return false;
+  }
+  if (!context.contentType.uid.startsWith("api::")) {
+    return false;
+  }
+  return true;
+};
+const getSchemas = (uid2) => {
+  const attributesSchema = strapi.getModel(uid2).attributes;
+  const componentsSchemas = Object.keys(attributesSchema).reduce(
+    (currentComponentSchemas, key) => {
+      const fieldSchema = attributesSchema[key];
+      if (fieldSchema.type === "component") {
+        const componentSchema = strapi.getModel(fieldSchema.component).attributes;
+        return {
+          ...currentComponentSchemas,
+          [fieldSchema.component]: componentSchema
+        };
+      }
+      return currentComponentSchemas;
+    },
+    {}
+  );
+  return {
+    schema: omit(FIELDS_TO_IGNORE, attributesSchema),
+    componentsSchemas
+  };
+};
 const createLifecyclesService = ({ strapi: strapi2 }) => {
   const state = {
     deleteExpiredJob: null,
     isInitialized: false
   };
-  const query = strapi2.db.query(HISTORY_VERSION_UID);
-  const historyService = getService(strapi2, "history");
   const serviceUtils = createServiceUtils({ strapi: strapi2 });
   return {
     async bootstrap() {
@@ -478,60 +526,53 @@ const createLifecyclesService = ({ strapi: strapi2 }) => {
         return;
       }
       strapi2.documents.use(async (context, next) => {
-        if (!strapi2.requestContext.get()?.request.url.startsWith("/content-manager")) {
-          return next();
-        }
-        if (context.action !== "create" && context.action !== "update" && context.action !== "publish" && context.action !== "unpublish" && context.action !== "discardDraft") {
-          return next();
-        }
-        const contentTypeUid = context.contentType.uid;
-        if (!contentTypeUid.startsWith("api::")) {
-          return next();
-        }
         const result = await next();
-        const documentContext = context.action === "create" ? { documentId: result.documentId, locale: context.params?.locale } : { documentId: context.params.documentId, locale: context.params?.locale };
+        if (!shouldCreateHistoryVersion(context)) {
+          return result;
+        }
+        const documentId = context.action === "create" || context.action === "clone" ? result.documentId : context.params.documentId;
         const defaultLocale = await serviceUtils.getDefaultLocale();
-        const locale = documentContext.locale || defaultLocale;
-        const document = await strapi2.documents(contentTypeUid).findOne({
-          documentId: documentContext.documentId,
-          locale,
-          populate: serviceUtils.getDeepPopulate(contentTypeUid)
+        const locales = castArray(context.params?.locale || defaultLocale);
+        if (!locales.length) {
+          return result;
+        }
+        const uid2 = context.contentType.uid;
+        const schemas = getSchemas(uid2);
+        const model = strapi2.getModel(uid2);
+        const isLocalizedContentType = serviceUtils.isLocalizedContentType(model);
+        const localeEntries = await strapi2.db.query(uid2).findMany({
+          where: {
+            documentId,
+            ...isLocalizedContentType ? { locale: { $in: locales } } : {},
+            ...contentTypes$1.hasDraftAndPublish(strapi2.contentTypes[uid2]) ? { publishedAt: null } : {}
+          },
+          populate: serviceUtils.getDeepPopulate(
+            uid2,
+            true
+            /* use database syntax */
+          )
         });
-        const status = await serviceUtils.getVersionStatus(contentTypeUid, document);
-        const attributesSchema = strapi2.getModel(contentTypeUid).attributes;
-        const componentsSchemas = Object.keys(
-          attributesSchema
-        ).reduce((currentComponentSchemas, key) => {
-          const fieldSchema = attributesSchema[key];
-          if (fieldSchema.type === "component") {
-            const componentSchema = strapi2.getModel(fieldSchema.component).attributes;
-            return {
-              ...currentComponentSchemas,
-              [fieldSchema.component]: componentSchema
-            };
-          }
-          return currentComponentSchemas;
-        }, {});
         await strapi2.db.transaction(async ({ onCommit }) => {
-          onCommit(() => {
-            historyService.createVersion({
-              contentType: contentTypeUid,
-              data: omit(FIELDS_TO_IGNORE, document),
-              schema: omit(FIELDS_TO_IGNORE, attributesSchema),
-              componentsSchemas,
-              relatedDocumentId: documentContext.documentId,
-              locale,
-              status
-            });
+          onCommit(async () => {
+            for (const entry of localeEntries) {
+              const status = await serviceUtils.getVersionStatus(uid2, entry);
+              await getService(strapi2, "history").createVersion({
+                contentType: uid2,
+                data: omit(FIELDS_TO_IGNORE, entry),
+                relatedDocumentId: documentId,
+                locale: entry.locale,
+                status,
+                ...schemas
+              });
+            }
           });
         });
         return result;
       });
-      const retentionDays = serviceUtils.getRetentionDays();
       state.deleteExpiredJob = scheduleJob("0 0 * * *", () => {
-        const retentionDaysInMilliseconds = retentionDays * 24 * 60 * 60 * 1e3;
+        const retentionDaysInMilliseconds = serviceUtils.getRetentionDays() * 24 * 60 * 60 * 1e3;
         const expirationDate = new Date(Date.now() - retentionDaysInMilliseconds);
-        query.deleteMany({
+        strapi2.db.query(HISTORY_VERSION_UID).deleteMany({
           where: {
             created_at: {
               $lt: expirationDate.toISOString()
@@ -1163,6 +1204,11 @@ const { createPolicy } = policy;
 const hasPermissions = createPolicy({
   name: "plugin::content-manager.hasPermissions",
   validator: validateHasPermissionsInput,
+  /**
+   * NOTE: Action aliases are currently not checked at this level (policy).
+   *       This is currently the intended behavior to avoid changing the behavior of API related permissions.
+   *       If you want to add support for it, please create a dedicated RFC with a list of potential side effect this could have.
+   */
   handler(ctx, config = {}) {
     const { actions = [], hasAtLeastOne = false } = config;
     const { userAbility } = ctx.state;
@@ -1452,7 +1498,7 @@ const { PaginationError, ValidationError } = errors;
 const TYPES = ["singleType", "collectionType"];
 const kindSchema = yup$1.string().oneOf(TYPES).nullable();
 const bulkActionInputSchema = yup$1.object({
-  ids: yup$1.array().of(yup$1.strapiID()).min(1).required()
+  documentIds: yup$1.array().of(yup$1.strapiID()).min(1).required()
 }).required();
 const generateUIDInputSchema = yup$1.object({
   contentTypeUID: yup$1.string().required(),
@@ -1551,15 +1597,49 @@ const excludeNotCreatableFields = (uid2, permissionChecker2) => (body, path = []
     }
   }, body);
 };
-const getDocumentLocaleAndStatus = (request) => {
-  const { locale, status, ...rest } = request || {};
-  if (!isNil$1(locale) && typeof locale !== "string") {
-    throw new errors.ValidationError(`Invalid locale: ${locale}`);
-  }
-  if (!isNil$1(status) && !["draft", "published"].includes(status)) {
-    throw new errors.ValidationError(`Invalid status: ${status}`);
+const singleLocaleSchema = yup$1.string().nullable();
+const multipleLocaleSchema = yup$1.lazy(
+  (value) => Array.isArray(value) ? yup$1.array().of(singleLocaleSchema.required()) : singleLocaleSchema
+);
+const statusSchema = yup$1.mixed().oneOf(["draft", "published"], "Invalid status");
+const getDocumentLocaleAndStatus = async (request, model, opts = { allowMultipleLocales: false }) => {
+  const { allowMultipleLocales } = opts;
+  const { locale, status: providedStatus, ...rest } = request || {};
+  const defaultStatus = contentTypes$1.hasDraftAndPublish(strapi.getModel(model)) ? void 0 : "published";
+  const status = providedStatus !== void 0 ? providedStatus : defaultStatus;
+  const schema = yup$1.object().shape({
+    locale: allowMultipleLocales ? multipleLocaleSchema : singleLocaleSchema,
+    status: statusSchema
+  });
+  try {
+    await validateYupSchema(schema, { strict: true, abortEarly: false })(request);
+    return { locale, status, ...rest };
+  } catch (error) {
+    throw new errors.ValidationError(`Validation error: ${error.message}`);
   }
-  return { locale, status, ...rest };
+};
+const formatDocumentWithMetadata = async (permissionChecker2, uid2, document, opts = {}) => {
+  const documentMetadata2 = getService$1("document-metadata");
+  const serviceOutput = await documentMetadata2.formatDocumentWithMetadata(uid2, document, opts);
+  let {
+    meta: { availableLocales, availableStatus }
+  } = serviceOutput;
+  const metadataSanitizer = permissionChecker2.sanitizeOutput;
+  availableLocales = await async.map(
+    availableLocales,
+    async (localeDocument) => metadataSanitizer(localeDocument)
+  );
+  availableStatus = await async.map(
+    availableStatus,
+    async (statusDocument) => metadataSanitizer(statusDocument)
+  );
+  return {
+    ...serviceOutput,
+    meta: {
+      availableLocales,
+      availableStatus
+    }
+  };
 };
 const createDocument = async (ctx, opts) => {
   const { userAbility, user } = ctx.state;
@@ -1574,7 +1654,7 @@ const createDocument = async (ctx, opts) => {
   const setCreator = setCreatorFields({ user });
   const sanitizeFn = async.pipe(pickPermittedFields, setCreator);
   const sanitizedBody = await sanitizeFn(body);
-  const { locale, status = "draft" } = getDocumentLocaleAndStatus(body);
+  const { locale, status } = await getDocumentLocaleAndStatus(body, model);
   return documentManager2.create(model, {
     data: sanitizedBody,
     locale,
@@ -1593,7 +1673,7 @@ const updateDocument = async (ctx, opts) => {
   }
   const permissionQuery = await permissionChecker2.sanitizedQuery.update(ctx.query);
   const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-  const { locale } = getDocumentLocaleAndStatus(body);
+  const { locale } = await getDocumentLocaleAndStatus(body, model);
   const [documentVersion, documentExists] = await Promise.all([
     documentManager2.findOne(id, model, { populate, locale, status: "draft" }),
     documentManager2.exists(model, id)
@@ -1631,8 +1711,8 @@ const collectionTypes = {
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(1).countRelations({ toOne: false, toMany: true }).build();
-    const { locale, status } = getDocumentLocaleAndStatus(query);
-    const { results: documents, pagination } = await documentManager2.findPage(
+    const { locale, status } = await getDocumentLocaleAndStatus(query, model);
+    const { results: documents, pagination: pagination2 } = await documentManager2.findPage(
       { ...permissionQuery, populate, locale, status },
       model
     );
@@ -1653,21 +1733,20 @@ const collectionTypes = {
     );
     ctx.body = {
       results,
-      pagination
+      pagination: pagination2
     };
   },
   async findOne(ctx) {
     const { userAbility } = ctx.state;
     const { model, id } = ctx.params;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(ctx.query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
-    const { locale, status = "draft" } = getDocumentLocaleAndStatus(ctx.query);
+    const { locale, status } = await getDocumentLocaleAndStatus(ctx.query, model);
     const version = await documentManager2.findOne(id, model, {
       populate,
       locale,
@@ -1678,9 +1757,11 @@ const collectionTypes = {
       if (!exists) {
         return ctx.notFound();
       }
-      const { meta } = await documentMetadata2.formatDocumentWithMetadata(
+      const { meta } = await formatDocumentWithMetadata(
+        permissionChecker2,
         model,
-        { id, locale, publishedAt: null },
+        // @ts-expect-error TODO: fix
+        { documentId: id, locale, publishedAt: null },
         { availableLocales: true, availableStatus: false }
       );
       ctx.body = { data: {}, meta };
@@ -1690,12 +1771,11 @@ const collectionTypes = {
       return ctx.forbidden();
     }
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(version);
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedDocument);
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument);
   },
   async create(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     const [totalEntries, document] = await Promise.all([
       strapi.db.query(model).count(),
@@ -1703,7 +1783,7 @@ const collectionTypes = {
     ]);
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(document);
     ctx.status = 201;
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedDocument, {
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument, {
       // Empty metadata as it's not relevant for a new document
       availableLocales: false,
       availableStatus: false
@@ -1717,25 +1797,23 @@ const collectionTypes = {
   async update(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     const updatedVersion = await updateDocument(ctx);
     const sanitizedVersion = await permissionChecker2.sanitizeOutput(updatedVersion);
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedVersion);
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedVersion);
   },
   async clone(ctx) {
     const { userAbility, user } = ctx.state;
     const { model, sourceId: id } = ctx.params;
     const { body } = ctx.request;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.create()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.create(ctx.query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale } = getDocumentLocaleAndStatus(body);
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await documentManager2.findOne(id, model, {
       populate,
       locale,
@@ -1751,7 +1829,7 @@ const collectionTypes = {
     const sanitizedBody = await sanitizeFn(body);
     const clonedDocument = await documentManager2.clone(document.documentId, sanitizedBody, model);
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(clonedDocument);
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedDocument, {
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument, {
       // Empty metadata as it's not relevant for a new document
       availableLocales: false,
       availableStatus: false
@@ -1780,7 +1858,7 @@ const collectionTypes = {
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.delete(ctx.query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale } = getDocumentLocaleAndStatus(ctx.query);
+    const { locale } = await getDocumentLocaleAndStatus(ctx.query, model);
     const documentLocales = await documentManager2.findLocales(id, model, { populate, locale });
     if (documentLocales.length === 0) {
       return ctx.notFound();
@@ -1802,7 +1880,6 @@ const collectionTypes = {
     const { id, model } = ctx.params;
     const { body } = ctx.request;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.publish()) {
       return ctx.forbidden();
@@ -1810,25 +1887,46 @@ const collectionTypes = {
     const publishedDocument = await strapi.db.transaction(async () => {
       const permissionQuery = await permissionChecker2.sanitizedQuery.publish(ctx.query);
       const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
-      const document = id ? await updateDocument(ctx, { populate }) : await createDocument(ctx, { populate });
+      let document;
+      const { locale } = await getDocumentLocaleAndStatus(body, model);
+      const isCreate = isNil$1(id);
+      if (isCreate) {
+        if (permissionChecker2.cannot.create()) {
+          throw new errors.ForbiddenError();
+        }
+        document = await createDocument(ctx, { populate });
+      }
+      const isUpdate = !isCreate;
+      if (isUpdate) {
+        document = await documentManager2.findOne(id, model, { populate, locale });
+        if (!document) {
+          throw new errors.NotFoundError("Document not found");
+        }
+        if (permissionChecker2.can.update(document)) {
+          await updateDocument(ctx);
+        }
+      }
       if (permissionChecker2.cannot.publish(document)) {
         throw new errors.ForbiddenError();
       }
-      const { locale } = getDocumentLocaleAndStatus(body);
-      return documentManager2.publish(document.documentId, model, {
+      const publishResult = await documentManager2.publish(document.documentId, model, {
         locale
         // TODO: Allow setting creator fields on publish
         // data: setCreatorFields({ user, isEdition: true })({}),
       });
+      if (!publishResult || publishResult.length === 0) {
+        throw new errors.NotFoundError("Document not found or already published.");
+      }
+      return publishResult[0];
     });
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(publishedDocument);
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedDocument);
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument);
   },
   async bulkPublish(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { body } = ctx.request;
-    const { ids } = body;
+    const { documentIds } = body;
     await validateBulkActionInput(body);
     const documentManager2 = getService$1("document-manager");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
@@ -1837,8 +1935,13 @@ const collectionTypes = {
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.publish(ctx.query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).populateDeep(Infinity).countRelations().build();
-    const entityPromises = ids.map((id) => documentManager2.findOne(id, model, { populate }));
-    const entities = await Promise.all(entityPromises);
+    const { locale } = await getDocumentLocaleAndStatus(body, model, {
+      allowMultipleLocales: true
+    });
+    const entityPromises = documentIds.map(
+      (documentId) => documentManager2.findLocales(documentId, model, { populate, locale, isPublished: false })
+    );
+    const entities = (await Promise.all(entityPromises)).flat();
     for (const entity of entities) {
       if (!entity) {
         return ctx.notFound();
@@ -1847,24 +1950,27 @@ const collectionTypes = {
         return ctx.forbidden();
       }
     }
-    const { count } = await documentManager2.publishMany(entities, model);
+    const count = await documentManager2.publishMany(model, documentIds, locale);
     ctx.body = { count };
   },
   async bulkUnpublish(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { body } = ctx.request;
-    const { ids } = body;
+    const { documentIds } = body;
     await validateBulkActionInput(body);
     const documentManager2 = getService$1("document-manager");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.unpublish()) {
       return ctx.forbidden();
     }
-    const permissionQuery = await permissionChecker2.sanitizedQuery.publish(ctx.query);
-    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const entityPromises = ids.map((id) => documentManager2.findOne(id, model, { populate }));
-    const entities = await Promise.all(entityPromises);
+    const { locale } = await getDocumentLocaleAndStatus(body, model, {
+      allowMultipleLocales: true
+    });
+    const entityPromises = documentIds.map(
+      (documentId) => documentManager2.findLocales(documentId, model, { locale, isPublished: true })
+    );
+    const entities = (await Promise.all(entityPromises)).flat();
     for (const entity of entities) {
       if (!entity) {
         return ctx.notFound();
@@ -1873,7 +1979,8 @@ const collectionTypes = {
         return ctx.forbidden();
       }
     }
-    const { count } = await documentManager2.unpublishMany(entities, model);
+    const entitiesIds = entities.map((document) => document.documentId);
+    const { count } = await documentManager2.unpublishMany(entitiesIds, model, { locale });
     ctx.body = { count };
   },
   async unpublish(ctx) {
@@ -1883,7 +1990,6 @@ const collectionTypes = {
       body: { discardDraft, ...body }
     } = ctx.request;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.unpublish()) {
       return ctx.forbidden();
@@ -1893,7 +1999,7 @@ const collectionTypes = {
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.unpublish(ctx.query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale } = getDocumentLocaleAndStatus(body);
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await documentManager2.findOne(id, model, {
       populate,
       locale,
@@ -1915,7 +2021,7 @@ const collectionTypes = {
       ctx.body = await async.pipe(
         (document2) => documentManager2.unpublish(document2.documentId, model, { locale }),
         permissionChecker2.sanitizeOutput,
-        (document2) => documentMetadata2.formatDocumentWithMetadata(model, document2)
+        (document2) => formatDocumentWithMetadata(permissionChecker2, model, document2)
       )(document);
     });
   },
@@ -1924,14 +2030,13 @@ const collectionTypes = {
     const { id, model } = ctx.params;
     const { body } = ctx.request;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.discard()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.discard(ctx.query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale } = getDocumentLocaleAndStatus(body);
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await documentManager2.findOne(id, model, {
       populate,
       locale,
@@ -1946,14 +2051,14 @@ const collectionTypes = {
     ctx.body = await async.pipe(
       (document2) => documentManager2.discardDraft(document2.documentId, model, { locale }),
       permissionChecker2.sanitizeOutput,
-      (document2) => documentMetadata2.formatDocumentWithMetadata(model, document2)
+      (document2) => formatDocumentWithMetadata(permissionChecker2, model, document2)
     )(document);
   },
   async bulkDelete(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
     const { query, body } = ctx.request;
-    const { ids } = body;
+    const { documentIds } = body;
     await validateBulkActionInput(body);
     const documentManager2 = getService$1("document-manager");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
@@ -1961,14 +2066,22 @@ const collectionTypes = {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.delete(query);
-    const idsWhereClause = { id: { $in: ids } };
-    const params = {
-      ...permissionQuery,
-      filters: {
-        $and: [idsWhereClause].concat(permissionQuery.filters || [])
+    const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
+    const documentLocales = await documentManager2.findLocales(documentIds, model, {
+      populate,
+      locale
+    });
+    if (documentLocales.length === 0) {
+      return ctx.notFound();
+    }
+    for (const document of documentLocales) {
+      if (permissionChecker2.cannot.delete(document)) {
+        return ctx.forbidden();
       }
-    };
-    const { count } = await documentManager2.deleteMany(params, model);
+    }
+    const localeDocumentsIds = documentLocales.map((document) => document.documentId);
+    const { count } = await documentManager2.deleteMany(localeDocumentsIds, model, { locale });
     ctx.body = { count };
   },
   async countDraftRelations(ctx) {
@@ -1981,7 +2094,7 @@ const collectionTypes = {
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(ctx.query);
     const populate = await getService$1("populate-builder")(model).populateFromQuery(permissionQuery).build();
-    const { locale, status = "draft" } = getDocumentLocaleAndStatus(ctx.query);
+    const { locale, status } = await getDocumentLocaleAndStatus(ctx.query, model);
     const entity = await documentManager2.findOne(id, model, { populate, locale, status });
     if (!entity) {
       return ctx.notFound();
@@ -1996,7 +2109,7 @@ const collectionTypes = {
   },
   async countManyEntriesDraftRelations(ctx) {
     const { userAbility } = ctx.state;
-    const ids = ctx.request.query.ids;
+    const ids = ctx.request.query.documentIds;
     const locale = ctx.request.query.locale;
     const { model } = ctx.params;
     const documentManager2 = getService$1("document-manager");
@@ -2004,16 +2117,16 @@ const collectionTypes = {
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
-    const entities = await documentManager2.findMany(
+    const documents = await documentManager2.findMany(
       {
         filters: {
-          id: ids
+          documentId: ids
         },
         locale
       },
       model
     );
-    if (!entities) {
+    if (!documents) {
       return ctx.notFound();
     }
     const number = await documentManager2.countManyEntriesDraftRelations(ids, model, locale);
@@ -2204,20 +2317,13 @@ const sanitizeMainField = (model, mainField, userAbility) => {
     userAbility,
     model: model.uid
   });
-  if (!isListable(model, mainField)) {
+  const isMainFieldListable = isListable(model, mainField);
+  const canReadMainField = permissionChecker2.can.read(null, mainField);
+  if (!isMainFieldListable || !canReadMainField) {
     return "id";
   }
-  if (permissionChecker2.cannot.read(null, mainField)) {
-    if (model.uid === "plugin::users-permissions.role") {
-      const userPermissionChecker = getService$1("permission-checker").create({
-        userAbility,
-        model: "plugin::users-permissions.user"
-      });
-      if (userPermissionChecker.can.read()) {
-        return "name";
-      }
-    }
-    return "id";
+  if (model.uid === "plugin::users-permissions.role") {
+    return "name";
   }
   return mainField;
 };
@@ -2475,9 +2581,7 @@ const relations = {
     addFiltersClause(permissionQuery, { id: { $in: loadedIds } });
     const sanitizedRes = await loadRelations({ id: entryId }, targetField, {
       ...strapi.get("query-params").transform(targetUid, permissionQuery),
-      ordering: "desc",
-      page: ctx.request.query.page,
-      pageSize: ctx.request.query.pageSize
+      ordering: "desc"
     });
     const relationsUnion = uniqBy("id", concat(sanitizedRes.results, res.results));
     ctx.body = {
@@ -2509,7 +2613,7 @@ const createOrUpdateDocument = async (ctx, opts) => {
     throw new errors.ForbiddenError();
   }
   const sanitizedQuery = await permissionChecker2.sanitizedQuery.update(query);
-  const { locale } = getDocumentLocaleAndStatus(body);
+  const { locale } = await getDocumentLocaleAndStatus(body, model);
   const [documentVersion, otherDocumentVersion] = await Promise.all([
     findDocument(sanitizedQuery, model, { locale, status: "draft" }),
     // Find the first document to check if it exists
@@ -2546,12 +2650,11 @@ const singleTypes = {
     const { model } = ctx.params;
     const { query = {} } = ctx.request;
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
-    const documentMetadata2 = getService$1("document-metadata");
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
     const permissionQuery = await permissionChecker2.sanitizedQuery.read(query);
-    const { locale, status } = getDocumentLocaleAndStatus(query);
+    const { locale, status } = await getDocumentLocaleAndStatus(query, model);
     const version = await findDocument(permissionQuery, model, { locale, status });
     if (!version) {
       if (permissionChecker2.cannot.create()) {
@@ -2561,8 +2664,10 @@ const singleTypes = {
       if (!document) {
         return ctx.notFound();
       }
-      const { meta } = await documentMetadata2.formatDocumentWithMetadata(
+      const { meta } = await formatDocumentWithMetadata(
+        permissionChecker2,
         model,
+        // @ts-expect-error - fix types
         { id: document.documentId, locale, publishedAt: null },
         { availableLocales: true, availableStatus: false }
       );
@@ -2573,16 +2678,15 @@ const singleTypes = {
       return ctx.forbidden();
     }
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(version);
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedDocument);
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument);
   },
   async createOrUpdate(ctx) {
     const { userAbility } = ctx.state;
     const { model } = ctx.params;
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     const document = await createOrUpdateDocument(ctx);
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(document);
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedDocument);
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument);
   },
   async delete(ctx) {
     const { userAbility } = ctx.state;
@@ -2595,7 +2699,7 @@ const singleTypes = {
     }
     const sanitizedQuery = await permissionChecker2.sanitizedQuery.delete(query);
     const populate = await buildPopulateFromQuery(sanitizedQuery, model);
-    const { locale } = getDocumentLocaleAndStatus(query);
+    const { locale } = await getDocumentLocaleAndStatus(query, model);
     const documentLocales = await documentManager2.findLocales(void 0, model, {
       populate,
       locale
@@ -2618,7 +2722,6 @@ const singleTypes = {
     const { model } = ctx.params;
     const { query = {} } = ctx.request;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.publish()) {
       return ctx.forbidden();
@@ -2633,11 +2736,12 @@ const singleTypes = {
       if (permissionChecker2.cannot.publish(document)) {
         throw new errors.ForbiddenError();
       }
-      const { locale } = getDocumentLocaleAndStatus(document);
-      return documentManager2.publish(document.documentId, model, { locale });
+      const { locale } = await getDocumentLocaleAndStatus(document, model);
+      const publishResult = await documentManager2.publish(document.documentId, model, { locale });
+      return publishResult.at(0);
     });
     const sanitizedDocument = await permissionChecker2.sanitizeOutput(publishedDocument);
-    ctx.body = await documentMetadata2.formatDocumentWithMetadata(model, sanitizedDocument);
+    ctx.body = await formatDocumentWithMetadata(permissionChecker2, model, sanitizedDocument);
   },
   async unpublish(ctx) {
     const { userAbility } = ctx.state;
@@ -2647,7 +2751,6 @@ const singleTypes = {
       query = {}
     } = ctx.request;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.unpublish()) {
       return ctx.forbidden();
@@ -2656,7 +2759,7 @@ const singleTypes = {
       return ctx.forbidden();
     }
     const sanitizedQuery = await permissionChecker2.sanitizedQuery.unpublish(query);
-    const { locale } = getDocumentLocaleAndStatus(body);
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await findDocument(sanitizedQuery, model, { locale });
     if (!document) {
       return ctx.notFound();
@@ -2674,7 +2777,7 @@ const singleTypes = {
       ctx.body = await async.pipe(
         (document2) => documentManager2.unpublish(document2.documentId, model, { locale }),
         permissionChecker2.sanitizeOutput,
-        (document2) => documentMetadata2.formatDocumentWithMetadata(model, document2)
+        (document2) => formatDocumentWithMetadata(permissionChecker2, model, document2)
       )(document);
     });
   },
@@ -2683,13 +2786,12 @@ const singleTypes = {
     const { model } = ctx.params;
     const { body, query = {} } = ctx.request;
     const documentManager2 = getService$1("document-manager");
-    const documentMetadata2 = getService$1("document-metadata");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
     if (permissionChecker2.cannot.discard()) {
       return ctx.forbidden();
     }
     const sanitizedQuery = await permissionChecker2.sanitizedQuery.discard(query);
-    const { locale } = getDocumentLocaleAndStatus(body);
+    const { locale } = await getDocumentLocaleAndStatus(body, model);
     const document = await findDocument(sanitizedQuery, model, { locale, status: "published" });
     if (!document) {
       return ctx.notFound();
@@ -2700,7 +2802,7 @@ const singleTypes = {
     ctx.body = await async.pipe(
       (document2) => documentManager2.discardDraft(document2.documentId, model, { locale }),
       permissionChecker2.sanitizeOutput,
-      (document2) => documentMetadata2.formatDocumentWithMetadata(model, document2)
+      (document2) => formatDocumentWithMetadata(permissionChecker2, model, document2)
     )(document);
   },
   async countDraftRelations(ctx) {
@@ -2709,7 +2811,7 @@ const singleTypes = {
     const { query } = ctx.request;
     const documentManager2 = getService$1("document-manager");
     const permissionChecker2 = getService$1("permission-checker").create({ userAbility, model });
-    const { locale } = getDocumentLocaleAndStatus(query);
+    const { locale } = await getDocumentLocaleAndStatus(query, model);
     if (permissionChecker2.cannot.read()) {
       return ctx.forbidden();
     }
@@ -2730,7 +2832,7 @@ const uid$1 = {
   async generateUID(ctx) {
     const { contentTypeUID, field, data } = await validateGenerateUIDInput(ctx.request.body);
     const { query = {} } = ctx.request;
-    const { locale } = getDocumentLocaleAndStatus(query);
+    const { locale } = await getDocumentLocaleAndStatus(query, contentTypeUID);
     await validateUIDField(contentTypeUID, field);
     const uidService = getService$1("uid");
     ctx.body = {
@@ -2742,7 +2844,7 @@ const uid$1 = {
       ctx.request.body
     );
     const { query = {} } = ctx.request;
-    const { locale } = getDocumentLocaleAndStatus(query);
+    const { locale } = await getDocumentLocaleAndStatus(query, contentTypeUID);
     await validateUIDField(contentTypeUID, field);
     const uidService = getService$1("uid");
     const isAvailable = await uidService.checkUIDAvailability({
@@ -3385,12 +3487,27 @@ const createPermissionChecker = (strapi2) => ({ userAbility, model }) => {
     ability: userAbility,
     model
   });
-  const toSubject = (entity) => entity ? permissionsManager.toSubject(entity, model) : model;
+  const { actionProvider } = strapi2.service("admin::permission");
+  const toSubject = (entity) => {
+    return entity ? permissionsManager.toSubject(entity, model) : model;
+  };
   const can = (action, entity, field) => {
-    return userAbility.can(action, toSubject(entity), field);
+    const subject = toSubject(entity);
+    const aliases = actionProvider.unstable_aliases(action, model);
+    return (
+      // Test the original action to see if it passes
+      userAbility.can(action, subject, field) || // Else try every known alias if at least one of them succeed, then the user "can"
+      aliases.some((alias) => userAbility.can(alias, subject, field))
+    );
   };
   const cannot = (action, entity, field) => {
-    return userAbility.cannot(action, toSubject(entity), field);
+    const subject = toSubject(entity);
+    const aliases = actionProvider.unstable_aliases(action, model);
+    return (
+      // Test both the original action
+      userAbility.cannot(action, subject, field) && // and every known alias, if all of them fail (cannot), then the user truly "cannot"
+      aliases.every((alias) => userAbility.cannot(alias, subject, field))
+    );
   };
   const sanitizeOutput = (data, { action = ACTIONS.read } = {}) => {
     return permissionsManager.sanitizeOutput(data, { subject: toSubject(data), action });
@@ -3533,7 +3650,7 @@ const permission = ({ strapi: strapi2 }) => ({
     await strapi2.service("admin::permission").actionProvider.registerMany(actions);
   }
 });
-const { isVisibleAttribute: isVisibleAttribute$1 } = strapiUtils.contentTypes;
+const { isVisibleAttribute: isVisibleAttribute$1, isScalarAttribute, getDoesAttributeRequireValidation } = strapiUtils.contentTypes;
 const { isAnyToMany } = strapiUtils.relations;
 const { PUBLISHED_AT_ATTRIBUTE: PUBLISHED_AT_ATTRIBUTE$1 } = strapiUtils.contentTypes.constants;
 const isMorphToRelation = (attribute) => isRelation(attribute) && attribute.relation.includes("morphTo");
@@ -3624,6 +3741,42 @@ const getDeepPopulate = (uid2, {
     {}
   );
 };
+const getValidatableFieldsPopulate = (uid2, {
+  initialPopulate = {},
+  countMany = false,
+  countOne = false,
+  maxLevel = Infinity
+} = {}, level = 1) => {
+  if (level > maxLevel) {
+    return {};
+  }
+  const model = strapi.getModel(uid2);
+  return Object.entries(model.attributes).reduce((populateAcc, [attributeName, attribute]) => {
+    if (!getDoesAttributeRequireValidation(attribute)) {
+      return populateAcc;
+    }
+    if (isScalarAttribute(attribute)) {
+      return merge(populateAcc, {
+        [attributeName]: true
+      });
+    }
+    return merge(
+      populateAcc,
+      getPopulateFor(
+        attributeName,
+        model,
+        {
+          // @ts-expect-error - improve types
+          initialPopulate: initialPopulate?.[attributeName],
+          countMany,
+          countOne,
+          maxLevel
+        },
+        level
+      )
+    );
+  }, {});
+};
 const getDeepPopulateDraftCount = (uid2) => {
   const model = strapi.getModel(uid2);
   let hasRelations = false;
@@ -3631,6 +3784,10 @@ const getDeepPopulateDraftCount = (uid2) => {
     const attribute = model.attributes[attributeName];
     switch (attribute.type) {
       case "relation": {
+        const isMorphRelation = attribute.relation.toLowerCase().startsWith("morph");
+        if (isMorphRelation) {
+          break;
+        }
         if (isVisibleAttribute$1(model, attributeName)) {
           populateAcc[attributeName] = {
             count: true,
@@ -3645,22 +3802,24 @@ const getDeepPopulateDraftCount = (uid2) => {
           attribute.component
         );
         if (childHasRelations) {
-          populateAcc[attributeName] = { populate: populate2 };
+          populateAcc[attributeName] = {
+            populate: populate2
+          };
           hasRelations = true;
         }
         break;
       }
       case "dynamiczone": {
-        const dzPopulate = (attribute.components || []).reduce((acc, componentUID) => {
-          const { populate: populate2, hasRelations: childHasRelations } = getDeepPopulateDraftCount(componentUID);
-          if (childHasRelations) {
+        const dzPopulateFragment = attribute.components?.reduce((acc, componentUID) => {
+          const { populate: componentPopulate, hasRelations: componentHasRelations } = getDeepPopulateDraftCount(componentUID);
+          if (componentHasRelations) {
             hasRelations = true;
-            return merge(acc, populate2);
+            return { ...acc, [componentUID]: { populate: componentPopulate } };
           }
           return acc;
         }, {});
-        if (!isEmpty(dzPopulate)) {
-          populateAcc[attributeName] = { populate: dzPopulate };
+        if (!isEmpty(dzPopulateFragment)) {
+          populateAcc[attributeName] = { on: dzPopulateFragment };
         }
         break;
       }
@@ -3852,41 +4011,70 @@ const AVAILABLE_STATUS_FIELDS = [
   "updatedBy",
   "status"
 ];
-const AVAILABLE_LOCALES_FIELDS = ["id", "locale", "updatedAt", "createdAt", "status"];
+const AVAILABLE_LOCALES_FIELDS = [
+  "id",
+  "locale",
+  "updatedAt",
+  "createdAt",
+  "status",
+  "publishedAt",
+  "documentId"
+];
 const CONTENT_MANAGER_STATUS = {
   PUBLISHED: "published",
   DRAFT: "draft",
   MODIFIED: "modified"
 };
-const areDatesEqual = (date1, date2, threshold) => {
-  if (!date1 || !date2) {
+const getIsVersionLatestModification = (version, otherVersion) => {
+  if (!version || !version.updatedAt) {
     return false;
   }
-  const time1 = new Date(date1).getTime();
-  const time2 = new Date(date2).getTime();
-  const difference2 = Math.abs(time1 - time2);
-  return difference2 <= threshold;
+  const versionUpdatedAt = version?.updatedAt ? new Date(version.updatedAt).getTime() : 0;
+  const otherUpdatedAt = otherVersion?.updatedAt ? new Date(otherVersion.updatedAt).getTime() : 0;
+  return versionUpdatedAt > otherUpdatedAt;
 };
 const documentMetadata = ({ strapi: strapi2 }) => ({
   /**
    * Returns available locales of a document for the current status
    */
-  getAvailableLocales(uid2, version, allVersions) {
+  async getAvailableLocales(uid2, version, allVersions, validatableFields = []) {
     const versionsByLocale = groupBy("locale", allVersions);
     delete versionsByLocale[version.locale];
-    return Object.values(versionsByLocale).map((localeVersions) => {
-      if (!contentTypes$1.hasDraftAndPublish(strapi2.getModel(uid2))) {
-        return pick(AVAILABLE_LOCALES_FIELDS, localeVersions[0]);
+    const model = strapi2.getModel(uid2);
+    const keysToKeep = [...AVAILABLE_LOCALES_FIELDS, ...validatableFields];
+    const traversalFunction = async (localeVersion) => traverseEntity(
+      ({ key }, { remove }) => {
+        if (keysToKeep.includes(key)) {
+          return;
+        }
+        remove(key);
+      },
+      { schema: model, getModel: strapi2.getModel.bind(strapi2) },
+      // @ts-expect-error fix types DocumentVersion incompatible with Data
+      localeVersion
+    );
+    const mappingResult = await async.map(
+      Object.values(versionsByLocale),
+      async (localeVersions) => {
+        const mappedLocaleVersions = await async.map(
+          localeVersions,
+          traversalFunction
+        );
+        if (!contentTypes$1.hasDraftAndPublish(model)) {
+          return mappedLocaleVersions[0];
+        }
+        const draftVersion = mappedLocaleVersions.find((v) => v.publishedAt === null);
+        const otherVersions = mappedLocaleVersions.filter((v) => v.id !== draftVersion?.id);
+        if (!draftVersion) {
+          return;
+        }
+        return {
+          ...draftVersion,
+          status: this.getStatus(draftVersion, otherVersions)
+        };
       }
-      const draftVersion = localeVersions.find((v) => v.publishedAt === null);
-      const otherVersions = localeVersions.filter((v) => v.id !== draftVersion?.id);
-      if (!draftVersion)
-        return;
-      return {
-        ...pick(AVAILABLE_LOCALES_FIELDS, draftVersion),
-        status: this.getStatus(draftVersion, otherVersions)
-      };
-    }).filter(Boolean);
+    );
+    return mappingResult.filter(Boolean);
   },
   /**
    * Returns available status of a document for the current locale
@@ -3924,26 +4112,37 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
     });
   },
   getStatus(version, otherDocumentStatuses) {
-    const isDraft = version.publishedAt === null;
-    if (!otherDocumentStatuses?.length) {
-      return isDraft ? CONTENT_MANAGER_STATUS.DRAFT : CONTENT_MANAGER_STATUS.PUBLISHED;
+    let draftVersion;
+    let publishedVersion;
+    if (version.publishedAt) {
+      publishedVersion = version;
+    } else {
+      draftVersion = version;
     }
-    if (isDraft) {
-      const publishedVersion = otherDocumentStatuses?.find((d) => d.publishedAt !== null);
-      if (!publishedVersion) {
-        return CONTENT_MANAGER_STATUS.DRAFT;
-      }
+    const otherVersion = otherDocumentStatuses?.at(0);
+    if (otherVersion?.publishedAt) {
+      publishedVersion = otherVersion;
+    } else if (otherVersion) {
+      draftVersion = otherVersion;
     }
-    if (areDatesEqual(version.updatedAt, otherDocumentStatuses.at(0)?.updatedAt, 500)) {
+    if (!draftVersion)
       return CONTENT_MANAGER_STATUS.PUBLISHED;
-    }
-    return CONTENT_MANAGER_STATUS.MODIFIED;
+    if (!publishedVersion)
+      return CONTENT_MANAGER_STATUS.DRAFT;
+    const isDraftModified = getIsVersionLatestModification(draftVersion, publishedVersion);
+    return isDraftModified ? CONTENT_MANAGER_STATUS.MODIFIED : CONTENT_MANAGER_STATUS.PUBLISHED;
   },
+  // TODO is it necessary to return metadata on every page of the CM
+  // We could refactor this so the locales are only loaded when they're
+  // needed. e.g. in the bulk locale action modal.
   async getMetadata(uid2, version, { availableLocales = true, availableStatus = true } = {}) {
+    const populate = getValidatableFieldsPopulate(uid2);
     const versions = await strapi2.db.query(uid2).findMany({
       where: { documentId: version.documentId },
-      select: ["createdAt", "updatedAt", "locale", "publishedAt", "documentId"],
       populate: {
+        // Populate only fields that require validation for bulk locale actions
+        ...populate,
+        // NOTE: creator fields are selected in this way to avoid exposing sensitive data
         createdBy: {
           select: ["id", "firstname", "lastname", "email"]
         },
@@ -3952,7 +4151,7 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
         }
       }
     });
-    const availableLocalesResult = availableLocales ? this.getAvailableLocales(uid2, version, versions) : [];
+    const availableLocalesResult = availableLocales ? await this.getAvailableLocales(uid2, version, versions, Object.keys(populate)) : [];
     const availableStatusResult = availableStatus ? this.getAvailableStatus(version, versions) : null;
     return {
       availableLocales: availableLocalesResult,
@@ -3965,8 +4164,15 @@ const documentMetadata = ({ strapi: strapi2 }) => ({
    * - Available status of the document for the current locale
    */
   async formatDocumentWithMetadata(uid2, document, opts = {}) {
-    if (!document)
-      return document;
+    if (!document) {
+      return {
+        data: document,
+        meta: {
+          availableLocales: [],
+          availableStatus: []
+        }
+      };
+    }
     const hasDraftAndPublish = contentTypes$1.hasDraftAndPublish(strapi2.getModel(uid2));
     if (!hasDraftAndPublish) {
       opts.availableStatus = false;
@@ -4016,26 +4222,9 @@ const sumDraftCounts = (entity, uid2) => {
   }, 0);
 };
 const { ApplicationError } = errors;
-const { ENTRY_PUBLISH, ENTRY_UNPUBLISH } = ALLOWED_WEBHOOK_EVENTS;
 const { PUBLISHED_AT_ATTRIBUTE } = contentTypes$1.constants;
 const omitPublishedAtField = omit(PUBLISHED_AT_ATTRIBUTE);
 const omitIdField = omit("id");
-const emitEvent = async (uid2, event, document) => {
-  const modelDef = strapi.getModel(uid2);
-  const sanitizedDocument = await sanitize.sanitizers.defaultSanitizeOutput(
-    {
-      schema: modelDef,
-      getModel(uid22) {
-        return strapi.getModel(uid22);
-      }
-    },
-    document
-  );
-  strapi.eventHub.emit(event, {
-    model: modelDef.modelName,
-    entry: sanitizedDocument
-  });
-};
 const documentManager = ({ strapi: strapi2 }) => {
   return {
     async findOne(id, uid2, opts = {}) {
@@ -4054,6 +4243,9 @@ const documentManager = ({ strapi: strapi2 }) => {
       } else if (opts.locale && opts.locale !== "*") {
         where.locale = opts.locale;
       }
+      if (typeof opts.isPublished === "boolean") {
+        where.publishedAt = { $notNull: opts.isPublished };
+      }
       return strapi2.db.query(uid2).findMany({ populate: opts.populate, where });
     },
     async findMany(opts, uid2) {
@@ -4061,20 +4253,16 @@ const documentManager = ({ strapi: strapi2 }) => {
       return strapi2.documents(uid2).findMany(params);
     },
     async findPage(opts, uid2) {
-      const page = Number(opts?.page) || 1;
-      const pageSize = Number(opts?.pageSize) || 10;
+      const params = pagination.withDefaultPagination(opts || {}, {
+        maxLimit: 1e3
+      });
       const [documents, total = 0] = await Promise.all([
-        strapi2.documents(uid2).findMany(opts),
-        strapi2.documents(uid2).count(opts)
+        strapi2.documents(uid2).findMany(params),
+        strapi2.documents(uid2).count(params)
       ]);
       return {
         results: documents,
-        pagination: {
-          page,
-          pageSize,
-          pageCount: Math.ceil(total / pageSize),
-          total
-        }
+        pagination: pagination.transformPagedPaginationInfo(params, total)
       };
     },
     async create(uid2, opts = {}) {
@@ -4091,10 +4279,7 @@ const documentManager = ({ strapi: strapi2 }) => {
     async clone(id, body, uid2) {
       const populate = await buildDeepPopulate(uid2);
       const params = {
-        data: {
-          ...omitIdField(body),
-          [PUBLISHED_AT_ATTRIBUTE]: null
-        },
+        data: omitIdField(body),
         populate
       };
       return strapi2.documents(uid2).clone({ ...params, documentId: id }).then((result) => result?.entries.at(0));
@@ -4120,70 +4305,36 @@ const documentManager = ({ strapi: strapi2 }) => {
       return {};
     },
     // FIXME: handle relations
-    async deleteMany(opts, uid2) {
-      const docs = await strapi2.documents(uid2).findMany(opts);
-      for (const doc of docs) {
-        await strapi2.documents(uid2).delete({ documentId: doc.documentId });
-      }
-      return { count: docs.length };
+    async deleteMany(documentIds, uid2, opts = {}) {
+      const deletedEntries = await strapi2.db.transaction(async () => {
+        return Promise.all(documentIds.map(async (id) => this.delete(id, uid2, opts)));
+      });
+      return { count: deletedEntries.length };
     },
     async publish(id, uid2, opts = {}) {
       const populate = await buildDeepPopulate(uid2);
       const params = { ...opts, populate };
-      return strapi2.documents(uid2).publish({ ...params, documentId: id }).then((result) => result?.entries.at(0));
+      return strapi2.documents(uid2).publish({ ...params, documentId: id }).then((result) => result?.entries);
     },
-    async publishMany(entities, uid2) {
-      if (!entities.length) {
-        return null;
-      }
-      await Promise.all(
-        entities.map((document) => {
-          return strapi2.entityValidator.validateEntityCreation(
-            strapi2.getModel(uid2),
-            document,
-            void 0,
-            // @ts-expect-error - FIXME: entity here is unnecessary
-            document
-          );
-        })
-      );
-      const entitiesToPublish = entities.filter((doc) => !doc[PUBLISHED_AT_ATTRIBUTE]).map((doc) => doc.id);
-      const filters = { id: { $in: entitiesToPublish } };
-      const data = { [PUBLISHED_AT_ATTRIBUTE]: /* @__PURE__ */ new Date() };
-      const populate = await buildDeepPopulate(uid2);
-      const publishedEntitiesCount = await strapi2.db.query(uid2).updateMany({
-        where: filters,
-        data
-      });
-      const publishedEntities = await strapi2.db.query(uid2).findMany({
-        where: filters,
-        populate
+    async publishMany(uid2, documentIds, locale) {
+      return strapi2.db.transaction(async () => {
+        const results = await Promise.all(
+          documentIds.map((documentId) => this.publish(documentId, uid2, { locale }))
+        );
+        const publishedEntitiesCount = results.flat().filter(Boolean).length;
+        return publishedEntitiesCount;
       });
-      await Promise.all(
-        publishedEntities.map((doc) => emitEvent(uid2, ENTRY_PUBLISH, doc))
-      );
-      return publishedEntitiesCount;
     },
-    async unpublishMany(documents, uid2) {
-      if (!documents.length) {
-        return null;
-      }
-      const entitiesToUnpublish = documents.filter((doc) => doc[PUBLISHED_AT_ATTRIBUTE]).map((doc) => doc.id);
-      const filters = { id: { $in: entitiesToUnpublish } };
-      const data = { [PUBLISHED_AT_ATTRIBUTE]: null };
-      const populate = await buildDeepPopulate(uid2);
-      const unpublishedEntitiesCount = await strapi2.db.query(uid2).updateMany({
-        where: filters,
-        data
-      });
-      const unpublishedEntities = await strapi2.db.query(uid2).findMany({
-        where: filters,
-        populate
+    async unpublishMany(documentIds, uid2, opts = {}) {
+      const unpublishedEntries = await strapi2.db.transaction(async () => {
+        return Promise.all(
+          documentIds.map(
+            (id) => strapi2.documents(uid2).unpublish({ ...opts, documentId: id }).then((result) => result?.entries)
+          )
+        );
       });
-      await Promise.all(
-        unpublishedEntities.map((doc) => emitEvent(uid2, ENTRY_UNPUBLISH, doc))
-      );
-      return unpublishedEntitiesCount;
+      const unpublishedEntitiesCount = unpublishedEntries.flat().filter(Boolean).length;
+      return { count: unpublishedEntitiesCount };
     },
     async unpublish(id, uid2, opts = {}) {
       const populate = await buildDeepPopulate(uid2);
@@ -4208,16 +4359,20 @@ const documentManager = ({ strapi: strapi2 }) => {
       }
       return sumDraftCounts(document, uid2);
     },
-    async countManyEntriesDraftRelations(ids, uid2, locale) {
+    async countManyEntriesDraftRelations(documentIds, uid2, locale) {
       const { populate, hasRelations } = getDeepPopulateDraftCount(uid2);
       if (!hasRelations) {
         return 0;
       }
+      let localeFilter = {};
+      if (locale) {
+        localeFilter = Array.isArray(locale) ? { locale: { $in: locale } } : { locale };
+      }
       const entities = await strapi2.db.query(uid2).findMany({
         populate,
         where: {
-          id: { $in: ids },
-          ...locale ? { locale } : {}
+          documentId: { $in: documentIds },
+          ...localeFilter
         }
       });
       const totalNumberDraftRelations = entities.reduce(