npm - @webiny/api-headless-cms - Versions diffs - 5.36.2 → 5.37.0-beta.1 - Mend

@webiny/api-headless-cms 5.36.2 → 5.37.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (227) hide show

package/constants.d.ts +1 -0
package/constants.js +8 -0
package/constants.js.map +1 -0
package/context.js +37 -5
package/context.js.map +1 -1
package/crud/contentEntry/afterDelete.js.map +1 -1
package/crud/contentEntry/beforeCreate.js.map +1 -1
package/crud/contentEntry/beforeUpdate.js.map +1 -1
package/crud/contentEntry/entryDataValidation.js.map +1 -1
package/crud/contentEntry/markLockedFields.js.map +1 -1
package/crud/contentEntry/referenceFieldsMapping.js.map +1 -1
package/crud/contentEntry/searchableFields.js.map +1 -1
package/crud/contentEntry.crud.d.ts +4 -0
package/crud/contentEntry.crud.js +206 -53
package/crud/contentEntry.crud.js.map +1 -1
package/crud/contentModel/afterCreate.js.map +1 -1
package/crud/contentModel/afterCreateFrom.js.map +1 -1
package/crud/contentModel/afterDelete.js.map +1 -1
package/crud/contentModel/afterUpdate.js.map +1 -1
package/crud/contentModel/beforeCreate.js.map +1 -1
package/crud/contentModel/beforeDelete.js.map +1 -1
package/crud/contentModel/beforeUpdate.js.map +1 -1
package/crud/contentModel/compatibility/modelApiName.js.map +1 -1
package/crud/contentModel/contentModelManagerFactory.js.map +1 -1
package/crud/contentModel/createFieldStorageId.js.map +1 -1
package/crud/contentModel/defaultFields.js.map +1 -1
package/crud/contentModel/fields/descriptionField.js.map +1 -1
package/crud/contentModel/fields/imageField.js.map +1 -1
package/crud/contentModel/fields/titleField.js.map +1 -1
package/crud/contentModel/validate/endingAllowed.js.map +1 -1
package/crud/contentModel/validate/isModelEndingAllowed.js.map +1 -1
package/crud/contentModel/validate/modelId.js.map +1 -1
package/crud/contentModel/validate/pluralApiName.js.map +1 -1
package/crud/contentModel/validate/singularApiName.js.map +1 -1
package/crud/contentModel/validateLayout.js.map +1 -1
package/crud/contentModel/validateModel.js.map +1 -1
package/crud/contentModel/validateModelFields.js +1 -1
package/crud/contentModel/validateModelFields.js.map +1 -1
package/crud/contentModel/validation.d.ts +246 -206
package/crud/contentModel/validation.js.map +1 -1
package/crud/contentModel.crud.d.ts +2 -0
package/crud/contentModel.crud.js +22 -12
package/crud/contentModel.crud.js.map +1 -1
package/crud/contentModelGroup/beforeCreate.js.map +1 -1
package/crud/contentModelGroup/beforeDelete.js.map +1 -1
package/crud/contentModelGroup/beforeUpdate.js.map +1 -1
package/crud/contentModelGroup/validation.d.ts +4 -4
package/crud/contentModelGroup/validation.js.map +1 -1
package/crud/contentModelGroup.crud.d.ts +2 -0
package/crud/contentModelGroup.crud.js +41 -20
package/crud/contentModelGroup.crud.js.map +1 -1
package/crud/settings.crud.d.ts +2 -0
package/crud/settings.crud.js +2 -6
package/crud/settings.crud.js.map +1 -1
package/crud/system.crud.js.map +1 -1
package/fieldConverters/CmsModelDefaultFieldConverterPlugin.js.map +1 -1
package/fieldConverters/CmsModelDynamicZoneFieldConverterPlugin.js.map +1 -1
package/fieldConverters/CmsModelObjectFieldConverterPlugin.js +1 -1
package/fieldConverters/CmsModelObjectFieldConverterPlugin.js.map +1 -1
package/fieldConverters/index.js.map +1 -1
package/graphql/buildSchemaPlugins.js +4 -0
package/graphql/buildSchemaPlugins.js.map +1 -1
package/graphql/checkEndpointAccess.js.map +1 -1
package/graphql/createExecutableSchema.js.map +1 -1
package/graphql/createRequestBody.js.map +1 -1
package/graphql/formatErrorPayload.js.map +1 -1
package/graphql/generateSchema.js.map +1 -1
package/graphql/getSchema.js +1 -1
package/graphql/getSchema.js.map +1 -1
package/graphql/graphQLHandlerFactory.js.map +1 -1
package/graphql/handleRequest.js.map +1 -1
package/graphql/index.d.ts +1 -1
package/graphql/index.js.map +1 -1
package/graphql/schema/baseContentSchema.js.map +1 -1
package/graphql/schema/baseSchema.js +16 -0
package/graphql/schema/baseSchema.js.map +1 -1
package/graphql/schema/contentEntries.js +9 -4
package/graphql/schema/contentEntries.js.map +1 -1
package/graphql/schema/contentModelGroups.js.map +1 -1
package/graphql/schema/contentModels.js.map +1 -1
package/graphql/schema/createFieldResolvers.js +1 -1
package/graphql/schema/createFieldResolvers.js.map +1 -1
package/graphql/schema/createFieldTypePluginRecords.js.map +1 -1
package/graphql/schema/createManageResolvers.d.ts +1 -1
package/graphql/schema/createManageResolvers.js +10 -0
package/graphql/schema/createManageResolvers.js.map +1 -1
package/graphql/schema/createManageSDL.js +18 -3
package/graphql/schema/createManageSDL.js.map +1 -1
package/graphql/schema/createPreviewResolvers.js.map +1 -1
package/graphql/schema/createReadResolvers.js.map +1 -1
package/graphql/schema/createReadSDL.js +1 -0
package/graphql/schema/createReadSDL.js.map +1 -1
package/graphql/schema/resolvers/commonFieldResolvers.js.map +1 -1
package/graphql/schema/resolvers/manage/resolveCreate.js.map +1 -1
package/graphql/schema/resolvers/manage/resolveCreateFrom.js.map +1 -1
package/graphql/schema/resolvers/manage/resolveDelete.js.map +1 -1
package/graphql/schema/resolvers/manage/resolveDeleteMultiple.js.map +1 -1
package/graphql/schema/resolvers/manage/resolveGet.js.map +1 -1
package/graphql/schema/resolvers/manage/resolveGetByIds.js.map +1 -1
package/graphql/schema/resolvers/manage/resolveGetRevisions.js.map +1 -1
package/graphql/schema/resolvers/manage/resolveGetUniqueFieldValues.js.map +1 -1
package/graphql/schema/resolvers/manage/resolveList.js.map +1 -1
package/graphql/schema/resolvers/manage/resolveMove.d.ts +8 -0
package/graphql/schema/resolvers/manage/resolveMove.js +25 -0
package/graphql/schema/resolvers/manage/resolveMove.js.map +1 -0
package/graphql/schema/resolvers/manage/resolvePublish.js.map +1 -1
package/graphql/schema/resolvers/manage/resolveRepublish.js.map +1 -1
package/graphql/schema/resolvers/manage/resolveUnpublish.js.map +1 -1
package/graphql/schema/resolvers/manage/resolveUpdate.js.map +1 -1
package/graphql/schema/resolvers/preview/resolveGet.js.map +1 -1
package/graphql/schema/resolvers/preview/resolveList.js.map +1 -1
package/graphql/schema/resolvers/read/resolveGet.js.map +1 -1
package/graphql/schema/resolvers/read/resolveList.js.map +1 -1
package/graphql/schema/schemaPlugins.js.map +1 -1
package/graphql/system.d.ts +2 -5
package/graphql/system.js +1 -11
package/graphql/system.js.map +1 -1
package/graphqlFields/boolean.js.map +1 -1
package/graphqlFields/datetime.js.map +1 -1
package/graphqlFields/dynamicZone/dynamicZoneField.js.map +1 -1
package/graphqlFields/dynamicZone/dynamicZoneStorage.js.map +1 -1
package/graphqlFields/dynamicZone/index.js.map +1 -1
package/graphqlFields/file.js.map +1 -1
package/graphqlFields/helpers.js.map +1 -1
package/graphqlFields/index.js.map +1 -1
package/graphqlFields/longText.js.map +1 -1
package/graphqlFields/number.js +1 -0
package/graphqlFields/number.js.map +1 -1
package/graphqlFields/object.js +3 -3
package/graphqlFields/object.js.map +1 -1
package/graphqlFields/ref.js.map +1 -1
package/graphqlFields/richText.js.map +1 -1
package/graphqlFields/text.js +2 -0
package/graphqlFields/text.js.map +1 -1
package/index.d.ts +1 -1
package/index.js.map +1 -1
package/modelManager/DefaultCmsModelManager.js.map +1 -1
package/modelManager/index.js.map +1 -1
package/package.json +25 -29
package/parameters/context.js.map +1 -1
package/parameters/header.js +3 -3
package/parameters/header.js.map +1 -1
package/parameters/index.js.map +1 -1
package/parameters/manual.js.map +1 -1
package/parameters/path.js.map +1 -1
package/plugins/CmsGraphQLSchemaPlugin.js.map +1 -1
package/plugins/CmsGraphQLSchemaSorterPlugin.js.map +1 -1
package/plugins/CmsGroupPlugin.js.map +1 -1
package/plugins/CmsModelFieldConverterPlugin.js.map +1 -1
package/plugins/CmsModelPlugin.js.map +1 -1
package/plugins/CmsParametersPlugin.js +4 -0
package/plugins/CmsParametersPlugin.js.map +1 -1
package/plugins/StorageOperationsCmsModelPlugin.js.map +1 -1
package/plugins/StorageTransformPlugin.js.map +1 -1
package/plugins/index.js.map +1 -1
package/storage/default.js.map +1 -1
package/storage/object.js.map +1 -1
package/types.d.ts +68 -5
package/types.js +7 -4
package/types.js.map +1 -1
package/utils/converters/Converter.js.map +1 -1
package/utils/converters/ConverterCollection.js.map +1 -1
package/utils/converters/valueKeyStorageConverter.js +5 -0
package/utils/converters/valueKeyStorageConverter.js.map +1 -1
package/utils/createTypeFromFields.js +1 -1
package/utils/createTypeFromFields.js.map +1 -1
package/utils/createTypeName.js.map +1 -1
package/utils/entryStorage.js.map +1 -1
package/utils/filterAsync.js.map +1 -1
package/utils/getBaseFieldType.js.map +1 -1
package/utils/getEntryDescription.js.map +1 -1
package/utils/getEntryImage.js.map +1 -1
package/utils/getEntryTitle.js.map +1 -1
package/utils/getSchemaFromFieldPlugins.js.map +1 -1
package/utils/incrementEntryIdVersion.js.map +1 -1
package/utils/permissions/EntriesPermissions.d.ts +4 -0
package/utils/permissions/EntriesPermissions.js +9 -0
package/utils/permissions/EntriesPermissions.js.map +1 -0
package/utils/permissions/ModelGroupsPermissions.d.ts +11 -0
package/utils/permissions/ModelGroupsPermissions.js +48 -0
package/utils/permissions/ModelGroupsPermissions.js.map +1 -0
package/utils/permissions/ModelsPermissions.d.ts +20 -0
package/utils/permissions/ModelsPermissions.js +91 -0
package/utils/permissions/ModelsPermissions.js.map +1 -0
package/utils/permissions/SettingsPermissions.d.ts +4 -0
package/utils/permissions/SettingsPermissions.js +9 -0
package/utils/permissions/SettingsPermissions.js.map +1 -0
package/utils/renderFields.js.map +1 -1
package/utils/renderGetFilterFields.js.map +1 -1
package/utils/renderInputFields.js.map +1 -1
package/utils/renderListFilterFields.d.ts +1 -0
package/utils/renderListFilterFields.js +12 -6
package/utils/renderListFilterFields.js.map +1 -1
package/utils/renderSortEnum.d.ts +1 -1
package/utils/renderSortEnum.js +3 -0
package/utils/renderSortEnum.js.map +1 -1
package/utils/toSlug.js.map +1 -1
package/validators/dateGte.js.map +1 -1
package/validators/dateLte.js.map +1 -1
package/validators/dynamicZone.js.map +1 -1
package/validators/gte.js.map +1 -1
package/validators/in.js.map +1 -1
package/validators/index.js.map +1 -1
package/validators/lte.js.map +1 -1
package/validators/maxLength.js.map +1 -1
package/validators/minLength.js.map +1 -1
package/validators/pattern.js.map +1 -1
package/validators/patternPlugins/email.js.map +1 -1
package/validators/patternPlugins/index.js.map +1 -1
package/validators/patternPlugins/lowerCase.js.map +1 -1
package/validators/patternPlugins/lowerCaseSpace.js.map +1 -1
package/validators/patternPlugins/upperCase.js.map +1 -1
package/validators/patternPlugins/upperCaseSpace.js.map +1 -1
package/validators/patternPlugins/url.js.map +1 -1
package/validators/required.js.map +1 -1
package/validators/timeGte.js.map +1 -1
package/validators/timeLte.js.map +1 -1
package/validators/unique.js.map +1 -1
package/utils/access.d.ts +0 -8
package/utils/access.js +0 -76
package/utils/access.js.map +0 -1
package/utils/ownership.d.ts +0 -8
package/utils/ownership.js +0 -33
package/utils/ownership.js.map +0 -1
package/utils/permissions.d.ts +0 -7
package/utils/permissions.js +0 -91
package/utils/permissions.js.map +0 -1

package/crud/contentEntry.crud.js CHANGED Viewed

@@ -17,12 +17,11 @@ var _beforeCreate = require("./contentEntry/beforeCreate");
 var _beforeUpdate = require("./contentEntry/beforeUpdate");
 var _afterDelete = require("./contentEntry/afterDelete");
 var _referenceFieldsMapping = require("./contentEntry/referenceFieldsMapping");
-var _permissions = require("../utils/permissions");
-var _access = require("../utils/access");
-var _ownership = require("../utils/ownership");
 var _entryStorage = require("../utils/entryStorage");
 var _searchableFields = require("./contentEntry/searchableFields");
 var _filterAsync = require("../utils/filterAsync");
+var _apiSecurity = require("@webiny/api-security/");
+var _constants = require("../constants");
 const STATUS_DRAFT = _types.CONTENT_ENTRY_STATUS.DRAFT;
 exports.STATUS_DRAFT = STATUS_DRAFT;
 const STATUS_PUBLISHED = _types.CONTENT_ENTRY_STATUS.PUBLISHED;
@@ -182,6 +181,8 @@ const createSort = sort => {
 const createContentEntryCrud = params => {
   const {
     storageOperations,
+    entriesPermissions,
+    modelsPermissions,
     context,
     getIdentity,
     getTenant,
@@ -217,6 +218,13 @@ const createContentEntryCrud = params => {
   const onEntryAfterUpdate = (0, _pubsub.createTopic)("cms.onEntryAfterUpdate");
   const onEntryUpdateError = (0, _pubsub.createTopic)("cms.onEntryUpdateError");
+  /**
+   * Move
+   */
+  const onEntryBeforeMove = (0, _pubsub.createTopic)("cms.onEntryBeforeMove");
+  const onEntryAfterMove = (0, _pubsub.createTopic)("cms.onEntryAfterMove");
+  const onEntryMoveError = (0, _pubsub.createTopic)("cms.onEntryMoveError");
   /**
    * Publish
    */
@@ -283,9 +291,6 @@ const createContentEntryCrud = params => {
     context,
     onEntryAfterDelete
   });
-  const checkEntryPermissions = check => {
-    return (0, _permissions.checkPermissions)(context, "cms.contentEntry", check);
-  };
   /**
    * A helper to delete the entire entry.
@@ -325,14 +330,23 @@ const createContentEntryCrud = params => {
    */
   const getEntriesByIds = async (model, ids) => {
     return context.benchmark.measure("headlessCms.crud.entries.getEntriesByIds", async () => {
-      const permission = await checkEntryPermissions({
+      await entriesPermissions.ensure({
         rwd: "r"
       });
-      await (0, _access.checkModelAccess)(context, model);
+      await modelsPermissions.ensureCanAccessModel({
+        model,
+        locale: getLocale().code
+      });
       const entries = await storageOperations.entries.getByIds(model, {
         ids
       });
-      return entries.filter(entry => (0, _ownership.validateOwnership)(context, permission, entry));
+      return (0, _filterAsync.filterAsync)(entries, async entry => {
+        return entriesPermissions.ensure({
+          owns: entry.createdBy
+        }, {
+          throw: false
+        });
+      });
     });
   };
   const getEntryById = async (model, id) => {
@@ -350,27 +364,45 @@ const createContentEntryCrud = params => {
     return entry;
   };
   const getPublishedEntriesByIds = async (model, ids) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "r"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     const entries = await storageOperations.entries.getPublishedByIds(model, {
       ids
     });
-    return entries.filter(entry => (0, _ownership.validateOwnership)(context, permission, entry));
+    return (0, _filterAsync.filterAsync)(entries, async entry => {
+      return entriesPermissions.ensure({
+        owns: entry.createdBy
+      }, {
+        throw: false
+      });
+    });
   };
   const getLatestEntriesByIds = async (model, ids) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "r"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     const entries = await storageOperations.entries.getLatestByIds(model, {
       ids
     });
-    return entries.filter(entry => (0, _ownership.validateOwnership)(context, permission, entry));
+    return (0, _filterAsync.filterAsync)(entries, async entry => {
+      return entriesPermissions.ensure({
+        owns: entry.createdBy
+      }, {
+        throw: false
+      });
+    });
   };
   const getEntry = async (model, params) => {
-    await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "r"
     });
     const {
@@ -398,10 +430,21 @@ const createContentEntryCrud = params => {
     });
   };
   const listEntries = async (model, params) => {
-    const permission = await checkEntryPermissions({
-      rwd: "r"
+    try {
+      await entriesPermissions.ensure({
+        rwd: "r"
+      });
+    } catch {
+      throw new _apiSecurity.NotAuthorizedError({
+        data: {
+          reason: 'Not allowed to perform "read" on "cms.contentEntry".'
+        }
+      });
+    }
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
     });
-    await (0, _access.checkModelAccess)(context, model);
     const {
       where: initialWhere,
       limit: initialLimit
@@ -412,10 +455,10 @@ const createContentEntryCrud = params => {
      * Possibly only get records which are owned by current user.
      * Or if searching for the owner set that value - in the case that user can see other entries than their own.
      */
-    const ownedBy = permission.own ? getIdentity().id : where.ownedBy;
-    if (ownedBy !== undefined) {
-      where.ownedBy = ownedBy;
+    if (await entriesPermissions.canAccessOnlyOwnRecords()) {
+      where.ownedBy = getIdentity().id;
     }
     /**
      * Where must contain either latest or published keys.
      * We cannot list entries without one of those
@@ -474,10 +517,14 @@ const createContentEntryCrud = params => {
     }
   };
   const createEntry = async (model, inputData) => {
-    await checkEntryPermissions({
+    var _inputData$wbyAco_loc;
+    await entriesPermissions.ensure({
       rwd: "w"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     /**
      * Make sure we only work with fields that are defined in the model.
@@ -520,7 +567,10 @@ const createContentEntryCrud = params => {
       version,
       locked: false,
       status: STATUS_DRAFT,
-      values: input
+      values: input,
+      location: {
+        folderId: ((_inputData$wbyAco_loc = inputData.wbyAco_location) === null || _inputData$wbyAco_loc === void 0 ? void 0 : _inputData$wbyAco_loc.folderId) || _constants.ROOT_FOLDER
+      }
     };
     let storageEntry = null;
     try {
@@ -557,10 +607,13 @@ const createContentEntryCrud = params => {
     }
   };
   const createEntryRevisionFrom = async (model, sourceId, inputData) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "w"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     /**
      * Make sure we only work with fields that are defined in the model.
@@ -600,7 +653,9 @@ const createContentEntryCrud = params => {
       input: initialValues,
       validateEntries: false
     });
-    (0, _ownership.checkOwnership)(context, permission, originalEntry);
+    await entriesPermissions.ensure({
+      owns: originalEntry.createdBy
+    });
     const identity = getIdentity();
     const latestId = latestStorageEntry ? latestStorageEntry.id : sourceId;
     const {
@@ -662,10 +717,14 @@ const createContentEntryCrud = params => {
     }
   };
   const updateEntry = async (model, id, inputData, metaInput) => {
-    const permission = await checkEntryPermissions({
+    var _inputData$wbyAco_loc2;
+    await entriesPermissions.ensure({
       rwd: "w"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     /**
      * Make sure we only work with fields that are defined in the model.
@@ -691,7 +750,9 @@ const createContentEntryCrud = params => {
       data: input,
       entry: originalEntry
     });
-    (0, _ownership.checkOwnership)(context, permission, originalEntry);
+    await entriesPermissions.ensure({
+      owns: originalEntry.createdBy
+    });
     const initialValues = (0, _objectSpread2.default)((0, _objectSpread2.default)({}, originalEntry.values), input);
     const values = await (0, _referenceFieldsMapping.referenceFieldsMapping)({
       context,
@@ -713,6 +774,12 @@ const createContentEntryCrud = params => {
       meta,
       status: transformEntryStatus(originalEntry.status)
     });
+    const folderId = (_inputData$wbyAco_loc2 = inputData.wbyAco_location) === null || _inputData$wbyAco_loc2 === void 0 ? void 0 : _inputData$wbyAco_loc2.folderId;
+    if (folderId) {
+      entry.location = {
+        folderId
+      };
+    }
     let storageEntry = null;
     try {
       await onEntryBeforeUpdate.publish({
@@ -750,11 +817,59 @@ const createContentEntryCrud = params => {
       });
     }
   };
+  const moveEntry = async (model, id, folderId) => {
+    await entriesPermissions.ensure({
+      rwd: "w"
+    });
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
+    /**
+     * The entry we are going to move to another folder.
+     */
+    const originalStorageEntry = await storageOperations.entries.getRevisionById(model, {
+      id
+    });
+    if (!originalStorageEntry) {
+      throw new _handlerGraphql.NotFoundError(`Entry "${id}" of model "${model.modelId}" was not found.`);
+    }
+    const entry = await (0, _entryStorage.entryFromStorageTransform)(context, model, originalStorageEntry);
+    try {
+      await onEntryBeforeMove.publish({
+        entry,
+        model,
+        folderId
+      });
+      await storageOperations.entries.move(model, id, folderId);
+      await onEntryAfterMove.publish({
+        entry,
+        model,
+        folderId
+      });
+      return entry;
+    } catch (ex) {
+      await onEntryMoveError.publish({
+        entry,
+        model,
+        folderId,
+        error: ex
+      });
+      throw _error.default.from(ex, {
+        message: `Could not move entry "${id}" of model "${model.modelId}".`,
+        code: "MOVE_ENTRY_ERROR"
+      });
+    }
+  };
   const republishEntry = async (model, id) => {
-    await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "w"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     /**
      * Fetch the entry from the storage.
      */
@@ -829,10 +944,13 @@ const createContentEntryCrud = params => {
     }
   };
   const deleteEntryRevision = async (model, revisionId) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "d"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     const {
       id: entryId,
       version
@@ -850,7 +968,9 @@ const createContentEntryCrud = params => {
     if (!storageEntryToDelete) {
       throw new _handlerGraphql.NotFoundError(`Entry "${revisionId}" was not found!`);
     }
-    (0, _ownership.checkOwnership)(context, permission, storageEntryToDelete);
+    await entriesPermissions.ensure({
+      owns: storageEntryToDelete.createdBy
+    });
     const latestEntryRevisionId = latestStorageEntry ? latestStorageEntry.id : null;
     const entryToDelete = await (0, _entryStorage.entryFromStorageTransform)(context, model, storageEntryToDelete);
     /**
@@ -920,10 +1040,13 @@ const createContentEntryCrud = params => {
         entries: ids
       });
     }
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "d"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     const {
       items: entries
     } = await storageOperations.entries.list(model, {
@@ -937,7 +1060,11 @@ const createContentEntryCrud = params => {
      * We do not want to allow deleting entries that user does not own or cannot access.
      */
     const items = (await (0, _filterAsync.filterAsync)(entries, async entry => {
-      return (0, _ownership.validateOwnership)(context, permission, entry);
+      return entriesPermissions.ensure({
+        owns: entry.createdBy
+      }, {
+        throw: false
+      });
     })).map(entry => entry.id);
     try {
       await onEntryBeforeDeleteMultiple.publish({
@@ -972,10 +1099,13 @@ const createContentEntryCrud = params => {
     }
   };
   const deleteEntry = async (model, id, options) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "d"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     const {
       force
     } = options || {};
@@ -1007,7 +1137,9 @@ const createContentEntryCrud = params => {
         }
       });
     }
-    (0, _ownership.checkOwnership)(context, permission, storageEntry);
+    await entriesPermissions.ensure({
+      owns: storageEntry.createdBy
+    });
     const entry = await (0, _entryStorage.entryFromStorageTransform)(context, model, storageEntry);
     return await deleteEntryHelper({
       model,
@@ -1015,17 +1147,22 @@ const createContentEntryCrud = params => {
     });
   };
   const publishEntry = async (model, id) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       pw: "p"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     const originalStorageEntry = await storageOperations.entries.getRevisionById(model, {
       id
     });
     if (!originalStorageEntry) {
       throw new _handlerGraphql.NotFoundError(`Entry "${id}" in the model "${model.modelId}" was not found.`);
     }
-    (0, _ownership.checkOwnership)(context, permission, originalStorageEntry);
+    await entriesPermissions.ensure({
+      owns: originalStorageEntry.createdBy
+    });
     const originalEntry = await (0, _entryStorage.entryFromStorageTransform)(context, model, originalStorageEntry);
     const currentDate = new Date().toISOString();
     const entry = (0, _objectSpread2.default)((0, _objectSpread2.default)({}, originalEntry), {}, {
@@ -1067,7 +1204,7 @@ const createContentEntryCrud = params => {
     }
   };
   const unpublishEntry = async (model, id) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       pw: "u"
     });
     const {
@@ -1084,7 +1221,9 @@ const createContentEntryCrud = params => {
         entry: originalStorageEntry
       });
     }
-    (0, _ownership.checkOwnership)(context, permission, originalStorageEntry);
+    await entriesPermissions.ensure({
+      owns: originalStorageEntry.createdBy
+    });
     const originalEntry = await (0, _entryStorage.entryFromStorageTransform)(context, model, originalStorageEntry);
     const entry = (0, _objectSpread2.default)((0, _objectSpread2.default)({}, originalEntry), {}, {
       status: STATUS_UNPUBLISHED
@@ -1121,10 +1260,13 @@ const createContentEntryCrud = params => {
     }
   };
   const getUniqueFieldValues = async (model, params) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "r"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     const {
       where: initialWhere,
       fieldId
@@ -1134,10 +1276,10 @@ const createContentEntryCrud = params => {
      * Possibly only get records which are owned by current user.
      * Or if searching for the owner set that value - in the case that user can see other entries than their own.
      */
-    const ownedBy = permission.own ? getIdentity().id : where.ownedBy;
-    if (ownedBy !== undefined) {
-      where.ownedBy = ownedBy;
+    if (await entriesPermissions.canAccessOnlyOwnRecords()) {
+      where.ownedBy = getIdentity().id;
     }
     /**
      * Where must contain either latest or published keys.
      * We cannot list entries without one of those
@@ -1159,7 +1301,7 @@ const createContentEntryCrud = params => {
       plugins: context.plugins,
       input: []
     });
-    if (fields.includes(fieldId) === false) {
+    if (!fields.includes(fieldId)) {
       throw new _error.default("Cannot list unique entry field values if the field is not searchable.", "LIST_UNIQUE_ENTRY_VALUES_ERROR", {
         fieldId
       });
@@ -1222,6 +1364,12 @@ const createContentEntryCrud = params => {
     onEntryBeforeUpdate,
     onEntryAfterUpdate,
     onEntryUpdateError,
+    /**
+     * Move
+     */
+    onEntryBeforeMove,
+    onEntryAfterMove,
+    onEntryMoveError,
     /**
      * Delete whole entry
      */
@@ -1342,6 +1490,11 @@ const createContentEntryCrud = params => {
         return updateEntry(model, id, input, meta);
       });
     },
+    async moveEntry(model, id, folderId) {
+      return context.benchmark.measure("headlessCms.crud.entries.moveEntry", async () => {
+        return moveEntry(model, id, folderId);
+      });
+    },
     /**
      * Method used internally. Not documented and should not be used in users systems.
      * @internal