directus 9.0.1 → 9.1.0

package/dist/app.js

@@ -40,6 +40,7 @@ const graphql_1 = __importDefault(require("./controllers/graphql"));
 const items_1 = __importDefault(require("./controllers/items"));
 const not_found_1 = __importDefault(require("./controllers/not-found"));
 const panels_1 = __importDefault(require("./controllers/panels"));
+const notifications_1 = __importDefault(require("./controllers/notifications"));
 const permissions_1 = __importDefault(require("./controllers/permissions"));
 const presets_1 = __importDefault(require("./controllers/presets"));
 const relations_1 = __importDefault(require("./controllers/relations"));
@@ -163,6 +164,7 @@ async function createApp() {
     app.use('/files', files_1.default);
     app.use('/folders', folders_1.default);
     app.use('/items', items_1.default);
+    app.use('/notifications', notifications_1.default);
     app.use('/panels', panels_1.default);
     app.use('/permissions', permissions_1.default);
     app.use('/presets', presets_1.default);

package/dist/auth/drivers/ldap.js

@@ -91,21 +91,16 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
         });
     }
     async fetchUserDn(identifier) {
-        const { userDn, userAttribute } = this.config;
+        const { userDn, userAttribute, userScope } = this.config;
         return new Promise((resolve, reject) => {
             // Search for the user in LDAP by attribute
-            this.bindClient.search(userDn, {
-                attributes: ['cn'],
-                filter: `(${userAttribute !== null && userAttribute !== void 0 ? userAttribute : 'cn'}=${identifier})`,
-                scope: 'one',
-            }, (err, res) => {
+            this.bindClient.search(userDn, { filter: `(${userAttribute !== null && userAttribute !== void 0 ? userAttribute : 'cn'}=${identifier})`, scope: userScope !== null && userScope !== void 0 ? userScope : 'one' }, (err, res) => {
                 if (err) {
                     reject(handleError(err));
                     return;
                 }
                 res.on('searchEntry', ({ object }) => {
-                    const userCn = typeof object.cn === 'object' ? object.cn[0] : object.cn;
-                    resolve(`cn=${userCn},${userDn}`.toLowerCase());
+                    resolve(object.dn.toLowerCase());
                 });
                 res.on('error', (err) => {
                     reject(handleError(err));
@@ -147,7 +142,7 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
         });
     }
     async fetchUserGroups(userDn) {
-        const { groupDn, groupAttribute } = this.config;
+        const { groupDn, groupAttribute, groupScope } = this.config;
         if (!groupDn) {
             return Promise.resolve([]);
         }
@@ -157,7 +152,7 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
             this.bindClient.search(groupDn, {
                 attributes: ['cn'],
                 filter: `(${groupAttribute !== null && groupAttribute !== void 0 ? groupAttribute : 'member'}=${userDn})`,
-                scope: 'one',
+                scope: groupScope !== null && groupScope !== void 0 ? groupScope : 'one',
             }, (err, res) => {
                 if (err) {
                     reject(handleError(err));
@@ -244,12 +239,13 @@ class LDAPAuthDriver extends auth_1.AuthDriver {
                 reject(handleError(err));
             });
             client.bind(user.external_identifier, password, (err) => {
-                client.destroy();
                 if (err) {
                     reject(handleError(err));
-                    return;
                 }
-                resolve();
+                else {
+                    resolve();
+                }
+                client.destroy();
             });
         });
     }

package/dist/auth/drivers/oauth2.d.ts

@@ -13,7 +13,7 @@ export declare class OAuth2AuthDriver extends LocalAuthDriver {
     generateAuthUrl(codeVerifier: string): string;
     private fetchUserId;
     getUserID(payload: Record<string, any>): Promise<string>;
-    login(user: User, sessionData: SessionData): Promise<SessionData>;
+    login(user: User): Promise<SessionData>;
     refresh(user: User, sessionData: SessionData): Promise<SessionData>;
 }
 export declare function createOAuth2AuthRouter(providerName: string): Router;

package/dist/auth/drivers/oauth2.js

@@ -123,8 +123,8 @@ class OAuth2AuthDriver extends local_1.LocalAuthDriver {
         });
         return (await this.fetchUserId(identifier));
     }
-    async login(user, sessionData) {
-        return this.refresh(user, sessionData);
+    async login(user) {
+        return this.refresh(user, null);
     }
     async refresh(user, sessionData) {
         let authData = user.auth_data;

package/dist/auth/drivers/openid.d.ts

@@ -13,7 +13,7 @@ export declare class OpenIDAuthDriver extends LocalAuthDriver {
     generateAuthUrl(codeVerifier: string): Promise<string>;
     private fetchUserId;
     getUserID(payload: Record<string, any>): Promise<string>;
-    login(user: User, sessionData: SessionData): Promise<SessionData>;
+    login(user: User): Promise<SessionData>;
     refresh(user: User, sessionData: SessionData): Promise<SessionData>;
 }
 export declare function createOpenIDAuthRouter(providerName: string): Router;

package/dist/auth/drivers/openid.js

@@ -31,6 +31,12 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
         this.client = new Promise((resolve, reject) => {
             openid_client_1.Issuer.discover(issuerUrl)
                 .then((issuer) => {
+                const supportedTypes = issuer.metadata.response_types_supported;
+                if (!(supportedTypes === null || supportedTypes === void 0 ? void 0 : supportedTypes.includes('code'))) {
+                    reject(new exceptions_1.InvalidConfigException('OpenID provider does not support required code flow', {
+                        provider: additionalConfig.provider,
+                    }));
+                }
                 resolve(new issuer.Client({
                     client_id: clientId,
                     client_secret: clientSecret,
@@ -125,8 +131,8 @@ class OpenIDAuthDriver extends local_1.LocalAuthDriver {
         });
         return (await this.fetchUserId(identifier));
     }
-    async login(user, sessionData) {
-        return this.refresh(user, sessionData);
+    async login(user) {
+        return this.refresh(user, null);
     }
     async refresh(user, sessionData) {
         let authData = user.auth_data;

package/dist/controllers/notifications.d.ts

@@ -0,0 +1,2 @@
+declare const router: import("express-serve-static-core").Router;
+export default router;

package/dist/controllers/notifications.js

@@ -0,0 +1,147 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const express_1 = __importDefault(require("express"));
+const exceptions_1 = require("../exceptions");
+const respond_1 = require("../middleware/respond");
+const use_collection_1 = __importDefault(require("../middleware/use-collection"));
+const validate_batch_1 = require("../middleware/validate-batch");
+const services_1 = require("../services");
+const async_handler_1 = __importDefault(require("../utils/async-handler"));
+const router = express_1.default.Router();
+router.use((0, use_collection_1.default)('directus_notifications'));
+router.post('/', (0, async_handler_1.default)(async (req, res, next) => {
+    const service = new services_1.NotificationsService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
+    const savedKeys = [];
+    if (Array.isArray(req.body)) {
+        const keys = await service.createMany(req.body);
+        savedKeys.push(...keys);
+    }
+    else {
+        const key = await service.createOne(req.body);
+        savedKeys.push(key);
+    }
+    try {
+        if (Array.isArray(req.body)) {
+            const records = await service.readMany(savedKeys, req.sanitizedQuery);
+            res.locals.payload = { data: records };
+        }
+        else {
+            const record = await service.readOne(savedKeys[0], req.sanitizedQuery);
+            res.locals.payload = { data: record };
+        }
+    }
+    catch (error) {
+        if (error instanceof exceptions_1.ForbiddenException) {
+            return next();
+        }
+        throw error;
+    }
+    return next();
+}), respond_1.respond);
+const readHandler = (0, async_handler_1.default)(async (req, res, next) => {
+    const service = new services_1.NotificationsService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
+    const metaService = new services_1.MetaService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
+    let result;
+    if (req.singleton) {
+        result = await service.readSingleton(req.sanitizedQuery);
+    }
+    else if (req.body.keys) {
+        result = await service.readMany(req.body.keys, req.sanitizedQuery);
+    }
+    else {
+        result = await service.readByQuery(req.sanitizedQuery);
+    }
+    const meta = await metaService.getMetaForQuery('directus_presets', req.sanitizedQuery);
+    res.locals.payload = { data: result, meta };
+    return next();
+});
+router.get('/', (0, validate_batch_1.validateBatch)('read'), readHandler, respond_1.respond);
+router.search('/', (0, validate_batch_1.validateBatch)('read'), readHandler, respond_1.respond);
+router.get('/:pk', (0, async_handler_1.default)(async (req, res, next) => {
+    const service = new services_1.NotificationsService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
+    const record = await service.readOne(req.params.pk, req.sanitizedQuery);
+    res.locals.payload = { data: record || null };
+    return next();
+}), respond_1.respond);
+router.patch('/', (0, validate_batch_1.validateBatch)('update'), (0, async_handler_1.default)(async (req, res, next) => {
+    const service = new services_1.NotificationsService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
+    let keys = [];
+    if (req.body.keys) {
+        keys = await service.updateMany(req.body.keys, req.body.data);
+    }
+    else {
+        keys = await service.updateByQuery(req.body.query, req.body.data);
+    }
+    try {
+        const result = await service.readMany(keys, req.sanitizedQuery);
+        res.locals.payload = { data: result };
+    }
+    catch (error) {
+        if (error instanceof exceptions_1.ForbiddenException) {
+            return next();
+        }
+        throw error;
+    }
+    return next();
+}), respond_1.respond);
+router.patch('/:pk', (0, async_handler_1.default)(async (req, res, next) => {
+    const service = new services_1.NotificationsService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
+    const primaryKey = await service.updateOne(req.params.pk, req.body);
+    try {
+        const record = await service.readOne(primaryKey, req.sanitizedQuery);
+        res.locals.payload = { data: record };
+    }
+    catch (error) {
+        if (error instanceof exceptions_1.ForbiddenException) {
+            return next();
+        }
+        throw error;
+    }
+    return next();
+}), respond_1.respond);
+router.delete('/', (0, validate_batch_1.validateBatch)('delete'), (0, async_handler_1.default)(async (req, res, next) => {
+    const service = new services_1.NotificationsService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
+    if (Array.isArray(req.body)) {
+        await service.deleteMany(req.body);
+    }
+    else if (req.body.keys) {
+        await service.deleteMany(req.body.keys);
+    }
+    else {
+        await service.deleteByQuery(req.body.query);
+    }
+    return next();
+}), respond_1.respond);
+router.delete('/:pk', (0, async_handler_1.default)(async (req, res, next) => {
+    const service = new services_1.NotificationsService({
+        accountability: req.accountability,
+        schema: req.schema,
+    });
+    await service.deleteOne(req.params.pk);
+    return next();
+}), respond_1.respond);
+exports.default = router;

package/dist/database/migrations/20211118A-add-notifications.d.ts

@@ -0,0 +1,3 @@
+import { Knex } from 'knex';
+export declare function up(knex: Knex): Promise<void>;
+export declare function down(knex: Knex): Promise<void>;

package/dist/database/migrations/20211118A-add-notifications.js

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.down = exports.up = void 0;
+async function up(knex) {
+    await knex.schema.createTable('directus_notifications', (table) => {
+        table.increments();
+        table.timestamp('timestamp').notNullable();
+        table.string('status').defaultTo('inbox');
+        table.uuid('recipient').notNullable().references('id').inTable('directus_users').onDelete('CASCADE');
+        table.uuid('sender').notNullable().references('id').inTable('directus_users');
+        table.string('subject').notNullable();
+        table.text('message');
+        table.string('collection', 64);
+        table.string('item');
+    });
+    await knex.schema.alterTable('directus_users', (table) => {
+        table.boolean('email_notifications').defaultTo(true);
+    });
+    await knex('directus_users').update({ email_notifications: true });
+}
+exports.up = up;
+async function down(knex) {
+    await knex.schema.dropTable('directus_notifications');
+    await knex.schema.alterTable('directus_users', (table) => {
+        table.dropColumn('email_notifications');
+    });
+}
+exports.down = down;

package/dist/database/system-data/app-access-permissions/app-access-permissions.yaml

@@ -72,6 +72,20 @@
 - collection: directus_settings
   action: read
 
+- collection: directus_notifications
+  action: read
+  permissions:
+    recipient:
+      _eq: $CURRENT_USER
+  fields: '*'
+
+- collection: directus_notifications
+  action: update
+  permissions:
+    recipient:
+      _eq: $CURRENT_USER
+  fields: 'status'
+
 - collection: directus_users
   action: read
   permissions:

package/dist/database/system-data/collections/collections.yaml

@@ -63,3 +63,5 @@ data:
     note: $t:directus_collection.directus_dashboards
   - collection: directus_panels
     note: $t:directus_collection.directus_panels
+  - collection: directus_notifications
+    note: $t:directus_collection.directus_notifications

package/dist/database/system-data/fields/notifications.yaml

@@ -0,0 +1,12 @@
+table: directus_notifications
+
+fields:
+  - field: id
+  - field: timestamp
+    special: date-created
+  - field: recipient
+  - field: sender
+  - field: subject
+  - field: message
+  - field: collection
+  - field: item

package/dist/database/system-data/fields/users.yaml

@@ -90,6 +90,11 @@ fields:
     special: conceal
     width: half
 
+  - field: email_notifications
+    interface: boolean
+    width: half
+    special: boolean
+
   - field: admin_divider
     interface: presentation-divider
     options:

package/dist/database/system-data/relations/relations.yaml

@@ -82,3 +82,9 @@ data:
   - many_collection: directus_panels
     many_field: user_created
     one_collection: directus_users
+  - many_collection: directus_notifications
+    many_field: recipient
+    one_collection: directus_users
+  - many_collection: directus_notifications
+    many_field: sender
+    one_collection: directus_users

package/dist/middleware/get-permissions.js

@@ -3,112 +3,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-const utils_1 = require("@directus/shared/utils");
-const lodash_1 = require("lodash");
-const database_1 = __importDefault(require("../database"));
-const app_access_permissions_1 = require("../database/system-data/app-access-permissions");
 const async_handler_1 = __importDefault(require("../utils/async-handler"));
-const merge_permissions_1 = require("../utils/merge-permissions");
-const users_1 = require("../services/users");
-const roles_1 = require("../services/roles");
-const cache_1 = require("../cache");
-const object_hash_1 = __importDefault(require("object-hash"));
-const env_1 = __importDefault(require("../env"));
+const get_permissions_1 = require("../utils/get-permissions");
 const getPermissions = (0, async_handler_1.default)(async (req, res, next) => {
-    const database = (0, database_1.default)();
-    const { systemCache } = (0, cache_1.getCache)();
-    let permissions = [];
     if (!req.accountability) {
-        throw new Error('"getPermissions" needs to be used after the "authenticate" middleware');
+        throw new Error('getPermissions middleware needs to be called after authenticate');
     }
-    if (!req.schema) {
-        throw new Error('"getPermissions" needs to be used after the "schema" middleware');
-    }
-    const { user, role, app, admin } = req.accountability;
-    const cacheKey = `permissions-${(0, object_hash_1.default)({ user, role, app, admin })}`;
-    if (env_1.default.CACHE_PERMISSIONS !== false) {
-        const cachedPermissions = await systemCache.get(cacheKey);
-        if (cachedPermissions) {
-            req.accountability.permissions = cachedPermissions;
-            return next();
-        }
-    }
-    if (req.accountability.admin !== true) {
-        const permissionsForRole = await database
-            .select('*')
-            .from('directus_permissions')
-            .where({ role: req.accountability.role });
-        const requiredPermissionData = {
-            $CURRENT_USER: [],
-            $CURRENT_ROLE: [],
-        };
-        permissions = permissionsForRole.map((permissionRaw) => {
-            const permission = (0, lodash_1.cloneDeep)(permissionRaw);
-            if (permission.permissions && typeof permission.permissions === 'string') {
-                permission.permissions = JSON.parse(permission.permissions);
-            }
-            else if (permission.permissions === null) {
-                permission.permissions = {};
-            }
-            if (permission.validation && typeof permission.validation === 'string') {
-                permission.validation = JSON.parse(permission.validation);
-            }
-            else if (permission.validation === null) {
-                permission.validation = {};
-            }
-            if (permission.presets && typeof permission.presets === 'string') {
-                permission.presets = JSON.parse(permission.presets);
-            }
-            else if (permission.presets === null) {
-                permission.presets = {};
-            }
-            if (permission.fields && typeof permission.fields === 'string') {
-                permission.fields = permission.fields.split(',');
-            }
-            else if (permission.fields === null) {
-                permission.fields = [];
-            }
-            const extractPermissionData = (val) => {
-                if (typeof val === 'string' && val.startsWith('$CURRENT_USER.')) {
-                    requiredPermissionData.$CURRENT_USER.push(val.replace('$CURRENT_USER.', ''));
-                }
-                if (typeof val === 'string' && val.startsWith('$CURRENT_ROLE.')) {
-                    requiredPermissionData.$CURRENT_ROLE.push(val.replace('$CURRENT_ROLE.', ''));
-                }
-                return val;
-            };
-            (0, utils_1.deepMap)(permission.permissions, extractPermissionData);
-            (0, utils_1.deepMap)(permission.validation, extractPermissionData);
-            (0, utils_1.deepMap)(permission.presets, extractPermissionData);
-            return permission;
-        });
-        if (req.accountability.app === true) {
-            permissions = (0, merge_permissions_1.mergePermissions)(permissions, app_access_permissions_1.appAccessMinimalPermissions.map((perm) => ({ ...perm, role: req.accountability.role })));
-        }
-        const usersService = new users_1.UsersService({ schema: req.schema });
-        const rolesService = new roles_1.RolesService({ schema: req.schema });
-        const filterContext = {};
-        if (req.accountability.user && requiredPermissionData.$CURRENT_USER.length > 0) {
-            filterContext.$CURRENT_USER = await usersService.readOne(req.accountability.user, {
-                fields: requiredPermissionData.$CURRENT_USER,
-            });
-        }
-        if (req.accountability.role && requiredPermissionData.$CURRENT_ROLE.length > 0) {
-            filterContext.$CURRENT_ROLE = await rolesService.readOne(req.accountability.role, {
-                fields: requiredPermissionData.$CURRENT_ROLE,
-            });
-        }
-        permissions = permissions.map((permission) => {
-            permission.permissions = (0, utils_1.parseFilter)(permission.permissions, req.accountability, filterContext);
-            permission.validation = (0, utils_1.parseFilter)(permission.validation, req.accountability, filterContext);
-            permission.presets = (0, utils_1.parseFilter)(permission.presets, req.accountability, filterContext);
-            return permission;
-        });
-        if (env_1.default.CACHE_PERMISSIONS !== false) {
-            await systemCache.set(cacheKey, permissions);
-        }
-    }
-    req.accountability.permissions = permissions;
+    req.accountability.permissions = await (0, get_permissions_1.getPermissions)(req.accountability, req.schema);
     return next();
 });
 exports.default = getPermissions;

package/dist/services/activity.d.ts

@@ -1,8 +1,10 @@
-import { AbstractServiceOptions } from '../types';
-import { ItemsService } from './index';
-/**
- * @TODO only return activity of the collections you have access to
- */
+import { AbstractServiceOptions, PrimaryKey, Item } from '../types';
+import { ItemsService, MutationOptions } from './index';
+import { NotificationsService } from './notifications';
+import { UsersService } from './users';
 export declare class ActivityService extends ItemsService {
+    notificationsService: NotificationsService;
+    usersService: UsersService;
     constructor(options: AbstractServiceOptions);
+    createOne(data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey>;
 }

package/dist/services/activity.js

@@ -1,13 +1,92 @@
 "use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ActivityService = void 0;
+const types_1 = require("../types");
 const index_1 = require("./index");
-/**
- * @TODO only return activity of the collections you have access to
- */
+const notifications_1 = require("./notifications");
+const users_1 = require("./users");
+const authorization_1 = require("./authorization");
+const get_permissions_1 = require("../utils/get-permissions");
+const forbidden_1 = require("../exceptions/forbidden");
+const logger_1 = __importDefault(require("../logger"));
+const user_name_1 = require("../utils/user-name");
+const lodash_1 = require("lodash");
+const env_1 = __importDefault(require("../env"));
 class ActivityService extends index_1.ItemsService {
     constructor(options) {
         super('directus_activity', options);
+        this.notificationsService = new notifications_1.NotificationsService({ schema: this.schema });
+        this.usersService = new users_1.UsersService({ schema: this.schema });
+    }
+    async createOne(data, opts) {
+        var _a, _b, _c, _d, _e, _f, _g, _h;
+        if (data.action === types_1.Action.COMMENT && typeof data.comment === 'string') {
+            const usersRegExp = new RegExp(/@[0-9A-F]{8}-[0-9A-F]{4}-4[0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}/gi);
+            const mentions = (0, lodash_1.uniq)((_a = data.comment.match(usersRegExp)) !== null && _a !== void 0 ? _a : []);
+            const sender = await this.usersService.readOne(this.accountability.user, {
+                fields: ['id', 'first_name', 'last_name', 'email'],
+            });
+            for (const mention of mentions) {
+                const userID = mention.substring(1);
+                const user = await this.usersService.readOne(userID, {
+                    fields: ['id', 'first_name', 'last_name', 'email', 'role.id', 'role.admin_access', 'role.app_access'],
+                });
+                const accountability = {
+                    user: userID,
+                    role: (_c = (_b = user.role) === null || _b === void 0 ? void 0 : _b.id) !== null && _c !== void 0 ? _c : null,
+                    admin: (_e = (_d = user.role) === null || _d === void 0 ? void 0 : _d.admin_access) !== null && _e !== void 0 ? _e : null,
+                    app: (_g = (_f = user.role) === null || _f === void 0 ? void 0 : _f.app_access) !== null && _g !== void 0 ? _g : null,
+                };
+                accountability.permissions = await (0, get_permissions_1.getPermissions)(accountability, this.schema);
+                const authorizationService = new authorization_1.AuthorizationService({ schema: this.schema, accountability });
+                const usersService = new users_1.UsersService({ schema: this.schema, accountability });
+                try {
+                    await authorizationService.checkAccess('read', data.collection, data.item);
+                    const templateData = await usersService.readByQuery({
+                        fields: ['id', 'first_name', 'last_name', 'email'],
+                        filter: { id: { _in: mentions.map((mention) => mention.substring(1)) } },
+                    });
+                    const userPreviews = templateData.reduce((acc, user) => {
+                        acc[user.id] = `<em>${(0, user_name_1.userName)(user)}</em>`;
+                        return acc;
+                    }, {});
+                    let comment = data.comment;
+                    for (const mention of mentions) {
+                        comment = comment.replace(mention, (_h = userPreviews[mention.substring(1)]) !== null && _h !== void 0 ? _h : '@Unknown User');
+                    }
+                    comment = `> ${comment}`;
+                    const message = `
+Hello ${(0, user_name_1.userName)(user)},
+
+${(0, user_name_1.userName)(sender)} has mentioned you in a comment:
+
+${comment}
+
+<a href="${env_1.default.PUBLIC_URL}/admin/content/${data.collection}/${data.item}">Click here to view.</a>
+`;
+                    await this.notificationsService.createOne({
+                        recipient: userID,
+                        sender: sender.id,
+                        subject: `You were mentioned in ${data.collection}`,
+                        message,
+                        collection: data.collection,
+                        item: data.item,
+                    });
+                }
+                catch (err) {
+                    if (err instanceof forbidden_1.ForbiddenException) {
+                        logger_1.default.warn(`User ${userID} doesn't have proper permissions to receive notification for this item.`);
+                    }
+                    else {
+                        throw err;
+                    }
+                }
+            }
+        }
+        return super.createOne(data, opts);
     }
 }
 exports.ActivityService = ActivityService;

package/dist/services/collections.js

@@ -171,11 +171,22 @@ class CollectionsService {
         }));
         meta.push(...collections_1.systemCollectionRows);
         if (this.accountability && this.accountability.admin !== true) {
-            const collectionsYouHavePermissionToRead = this.accountability
+            const collectionsGroups = meta.reduce((meta, item) => ({
+                ...meta,
+                [item.collection]: item.group,
+            }), {});
+            let collectionsYouHavePermissionToRead = this.accountability
                 .permissions.filter((permission) => {
                 return permission.action === 'read';
             })
                 .map(({ collection }) => collection);
+            for (const collection of collectionsYouHavePermissionToRead) {
+                const group = collectionsGroups[collection];
+                if (group)
+                    collectionsYouHavePermissionToRead.push(group);
+                delete collectionsGroups[collection];
+            }
+            collectionsYouHavePermissionToRead = [...new Set([...collectionsYouHavePermissionToRead])];
             tablesInDatabase = tablesInDatabase.filter((table) => {
                 return collectionsYouHavePermissionToRead.includes(table.name);
             });

package/dist/services/graphql.js

@@ -28,6 +28,7 @@ const folders_1 = require("./folders");
 const items_1 = require("./items");
 const permissions_1 = require("./permissions");
 const presets_1 = require("./presets");
+const notifications_1 = require("./notifications");
 const relations_1 = require("./relations");
 const revisions_1 = require("./revisions");
 const roles_1 = require("./roles");
@@ -1252,6 +1253,8 @@ class GraphQLService {
                 return new permissions_1.PermissionsService(opts);
             case 'directus_presets':
                 return new presets_1.PresetsService(opts);
+            case 'directus_notifications':
+                return new notifications_1.NotificationsService(opts);
             case 'directus_revisions':
                 return new revisions_1.RevisionsService(opts);
             case 'directus_roles':