directus 9.1.2 → 9.3.0

package/dist/utils/get-permissions.js

@@ -16,14 +16,31 @@ const object_hash_1 = __importDefault(require("object-hash"));
 const env_1 = __importDefault(require("../env"));
 async function getPermissions(accountability, schema) {
     const database = (0, database_1.default)();
-    const { systemCache } = (0, cache_1.getCache)();
+    const { systemCache, cache } = (0, cache_1.getCache)();
     let permissions = [];
     const { user, role, app, admin } = accountability;
     const cacheKey = `permissions-${(0, object_hash_1.default)({ user, role, app, admin })}`;
     if (env_1.default.CACHE_PERMISSIONS !== false) {
         const cachedPermissions = await systemCache.get(cacheKey);
         if (cachedPermissions) {
-            return cachedPermissions;
+            if (!cachedPermissions.containDynamicData) {
+                return processPermissions(accountability, cachedPermissions.permissions, {});
+            }
+            const cachedFilterContext = await (cache === null || cache === void 0 ? void 0 : cache.get(`filterContext-${(0, object_hash_1.default)({ user, role, permissions: cachedPermissions.permissions })}`));
+            if (cachedFilterContext) {
+                return processPermissions(accountability, cachedPermissions.permissions, cachedFilterContext);
+            }
+            else {
+                const { permissions: parsedPermissions, requiredPermissionData, containDynamicData, } = parsePermissions(cachedPermissions.permissions);
+                permissions = parsedPermissions;
+                const filterContext = containDynamicData
+                    ? await getFilterContext(schema, accountability, requiredPermissionData)
+                    : {};
+                if (containDynamicData && env_1.default.CACHE_ENABLED !== false) {
+                    await (cache === null || cache === void 0 ? void 0 : cache.set(`filterContext-${(0, object_hash_1.default)({ user, role, permissions })}`, filterContext));
+                }
+                return processPermissions(accountability, permissions, filterContext);
+            }
         }
     }
     if (accountability.admin !== true) {
@@ -31,76 +48,96 @@ async function getPermissions(accountability, schema) {
             .select('*')
             .from('directus_permissions')
             .where({ role: accountability.role });
-        const requiredPermissionData = {
-            $CURRENT_USER: [],
-            $CURRENT_ROLE: [],
-        };
-        permissions = permissionsForRole.map((permissionRaw) => {
-            const permission = (0, lodash_1.cloneDeep)(permissionRaw);
-            if (permission.permissions && typeof permission.permissions === 'string') {
-                permission.permissions = JSON.parse(permission.permissions);
-            }
-            else if (permission.permissions === null) {
-                permission.permissions = {};
-            }
-            if (permission.validation && typeof permission.validation === 'string') {
-                permission.validation = JSON.parse(permission.validation);
-            }
-            else if (permission.validation === null) {
-                permission.validation = {};
-            }
-            if (permission.presets && typeof permission.presets === 'string') {
-                permission.presets = JSON.parse(permission.presets);
-            }
-            else if (permission.presets === null) {
-                permission.presets = {};
-            }
-            if (permission.fields && typeof permission.fields === 'string') {
-                permission.fields = permission.fields.split(',');
-            }
-            else if (permission.fields === null) {
-                permission.fields = [];
-            }
-            const extractPermissionData = (val) => {
-                if (typeof val === 'string' && val.startsWith('$CURRENT_USER.')) {
-                    requiredPermissionData.$CURRENT_USER.push(val.replace('$CURRENT_USER.', ''));
-                }
-                if (typeof val === 'string' && val.startsWith('$CURRENT_ROLE.')) {
-                    requiredPermissionData.$CURRENT_ROLE.push(val.replace('$CURRENT_ROLE.', ''));
-                }
-                return val;
-            };
-            (0, utils_1.deepMap)(permission.permissions, extractPermissionData);
-            (0, utils_1.deepMap)(permission.validation, extractPermissionData);
-            (0, utils_1.deepMap)(permission.presets, extractPermissionData);
-            return permission;
-        });
+        const { permissions: parsedPermissions, requiredPermissionData, containDynamicData, } = parsePermissions(permissionsForRole);
+        permissions = parsedPermissions;
         if (accountability.app === true) {
             permissions = (0, merge_permissions_1.mergePermissions)(permissions, app_access_permissions_1.appAccessMinimalPermissions.map((perm) => ({ ...perm, role: accountability.role })));
         }
-        const usersService = new users_1.UsersService({ schema });
-        const rolesService = new roles_1.RolesService({ schema });
-        const filterContext = {};
-        if (accountability.user && requiredPermissionData.$CURRENT_USER.length > 0) {
-            filterContext.$CURRENT_USER = await usersService.readOne(accountability.user, {
-                fields: requiredPermissionData.$CURRENT_USER,
-            });
-        }
-        if (accountability.role && requiredPermissionData.$CURRENT_ROLE.length > 0) {
-            filterContext.$CURRENT_ROLE = await rolesService.readOne(accountability.role, {
-                fields: requiredPermissionData.$CURRENT_ROLE,
-            });
-        }
-        permissions = permissions.map((permission) => {
-            permission.permissions = (0, utils_1.parseFilter)(permission.permissions, accountability, filterContext);
-            permission.validation = (0, utils_1.parseFilter)(permission.validation, accountability, filterContext);
-            permission.presets = (0, utils_1.parseFilter)(permission.presets, accountability, filterContext);
-            return permission;
-        });
+        const filterContext = containDynamicData
+            ? await getFilterContext(schema, accountability, requiredPermissionData)
+            : {};
         if (env_1.default.CACHE_PERMISSIONS !== false) {
-            await systemCache.set(cacheKey, permissions);
+            await systemCache.set(cacheKey, { permissions, containDynamicData });
+            if (containDynamicData && env_1.default.CACHE_ENABLED !== false) {
+                await (cache === null || cache === void 0 ? void 0 : cache.set(`filterContext-${(0, object_hash_1.default)({ user, role, permissions })}`, filterContext));
+            }
         }
+        return processPermissions(accountability, permissions, filterContext);
     }
     return permissions;
 }
 exports.getPermissions = getPermissions;
+function parsePermissions(permissions) {
+    const requiredPermissionData = {
+        $CURRENT_USER: [],
+        $CURRENT_ROLE: [],
+    };
+    let containDynamicData = false;
+    permissions = permissions.map((permissionRaw) => {
+        const permission = (0, lodash_1.cloneDeep)(permissionRaw);
+        if (permission.permissions && typeof permission.permissions === 'string') {
+            permission.permissions = JSON.parse(permission.permissions);
+        }
+        else if (permission.permissions === null) {
+            permission.permissions = {};
+        }
+        if (permission.validation && typeof permission.validation === 'string') {
+            permission.validation = JSON.parse(permission.validation);
+        }
+        else if (permission.validation === null) {
+            permission.validation = {};
+        }
+        if (permission.presets && typeof permission.presets === 'string') {
+            permission.presets = JSON.parse(permission.presets);
+        }
+        else if (permission.presets === null) {
+            permission.presets = {};
+        }
+        if (permission.fields && typeof permission.fields === 'string') {
+            permission.fields = permission.fields.split(',');
+        }
+        else if (permission.fields === null) {
+            permission.fields = [];
+        }
+        const extractPermissionData = (val) => {
+            if (typeof val === 'string' && val.startsWith('$CURRENT_USER.')) {
+                requiredPermissionData.$CURRENT_USER.push(val.replace('$CURRENT_USER.', ''));
+                containDynamicData = true;
+            }
+            if (typeof val === 'string' && val.startsWith('$CURRENT_ROLE.')) {
+                requiredPermissionData.$CURRENT_ROLE.push(val.replace('$CURRENT_ROLE.', ''));
+                containDynamicData = true;
+            }
+            return val;
+        };
+        (0, utils_1.deepMap)(permission.permissions, extractPermissionData);
+        (0, utils_1.deepMap)(permission.validation, extractPermissionData);
+        (0, utils_1.deepMap)(permission.presets, extractPermissionData);
+        return permission;
+    });
+    return { permissions, requiredPermissionData, containDynamicData };
+}
+async function getFilterContext(schema, accountability, requiredPermissionData) {
+    const usersService = new users_1.UsersService({ schema });
+    const rolesService = new roles_1.RolesService({ schema });
+    const filterContext = {};
+    if (accountability.user && requiredPermissionData.$CURRENT_USER.length > 0) {
+        filterContext.$CURRENT_USER = await usersService.readOne(accountability.user, {
+            fields: requiredPermissionData.$CURRENT_USER,
+        });
+    }
+    if (accountability.role && requiredPermissionData.$CURRENT_ROLE.length > 0) {
+        filterContext.$CURRENT_ROLE = await rolesService.readOne(accountability.role, {
+            fields: requiredPermissionData.$CURRENT_ROLE,
+        });
+    }
+    return filterContext;
+}
+function processPermissions(accountability, permissions, filterContext) {
+    return permissions.map((permission) => {
+        permission.permissions = (0, utils_1.parseFilter)(permission.permissions, accountability, filterContext);
+        permission.validation = (0, utils_1.parseFilter)(permission.validation, accountability, filterContext);
+        permission.presets = (0, utils_1.parseFilter)(permission.presets, accountability, filterContext);
+        return permission;
+    });
+}

package/dist/utils/sanitize-query.js

@@ -106,17 +106,6 @@ function sanitizeFilter(rawFilter, accountability) {
             logger_1.default.warn('Invalid value passed for filter query parameter.');
         }
     }
-    filters = (0, utils_1.deepMap)(filters, (val) => {
-        try {
-            const parsed = JSON.parse(val);
-            if (typeof parsed == 'number' && !Number.isSafeInteger(parsed))
-                return val;
-            return parsed;
-        }
-        catch {
-            return val;
-        }
-    });
     return (0, utils_1.parseFilter)(filters, accountability);
 }
 function sanitizeLimit(rawLimit) {
@@ -167,7 +156,7 @@ function sanitizeDeep(deep, accountability) {
                 const [parsedKey, parsedValue] = Object.entries(parsedSubQuery)[0];
                 parsedLevel[`_${parsedKey}`] = parsedValue;
             }
-            else {
+            else if ((0, lodash_1.isPlainObject)(value)) {
                 parse(value, [...path, key]);
             }
         }

package/dist/utils/validate-query.js

@@ -100,7 +100,7 @@ function validateFilterPrimitive(value, key) {
         false) {
         throw new exceptions_1.InvalidQueryException(`The filter value for "${key}" has to be a string, number, or boolean`);
     }
-    if (typeof value === 'number' && Number.isNaN(value)) {
+    if (typeof value === 'number' && (Number.isNaN(value) || !Number.isSafeInteger(value))) {
         throw new exceptions_1.InvalidQueryException(`The filter value for "${key}" is not a valid number`);
     }
     if (typeof value === 'string' && value.length === 0) {

package/dist/webhooks.js

@@ -8,7 +8,6 @@ const axios_1 = __importDefault(require("axios"));
 const database_1 = __importDefault(require("./database"));
 const emitter_1 = __importDefault(require("./emitter"));
 const logger_1 = __importDefault(require("./logger"));
-const lodash_1 = require("lodash");
 const services_1 = require("./services");
 const get_schema_1 = require("./utils/get-schema");
 let registered = [];
@@ -17,20 +16,12 @@ async function register() {
     const webhookService = new services_1.WebhooksService({ knex: (0, database_1.default)(), schema: await (0, get_schema_1.getSchema)() });
     const webhooks = await webhookService.readByQuery({ filter: { status: { _eq: 'active' } } });
     for (const webhook of webhooks) {
-        if (webhook.actions.includes('*')) {
-            const event = 'items.*';
-            const handler = createHandler(webhook);
+        for (const action of webhook.actions) {
+            const event = `items.${action}`;
+            const handler = createHandler(webhook, event);
             emitter_1.default.onAction(event, handler);
             registered.push({ event, handler });
         }
-        else {
-            for (const action of webhook.actions) {
-                const event = `items.${action}`;
-                const handler = createHandler(webhook);
-                emitter_1.default.onAction(event, handler);
-                registered.push({ event, handler });
-            }
-        }
     }
 }
 exports.register = register;
@@ -41,19 +32,20 @@ function unregister() {
     registered = [];
 }
 exports.unregister = unregister;
-function createHandler(webhook) {
-    return async (data) => {
-        if (webhook.collections.includes('*') === false && webhook.collections.includes(data.collection) === false)
+function createHandler(webhook, event) {
+    return async (meta, context) => {
+        if (webhook.collections.includes(meta.collection) === false)
             return;
-        const webhookPayload = (0, lodash_1.pick)(data, [
-            'event',
-            'accountability.user',
-            'accountability.role',
-            'collection',
-            'item',
-            'action',
-            'payload',
-        ]);
+        const webhookPayload = {
+            event,
+            accountability: context.accountability
+                ? {
+                    user: context.accountability.user,
+                    role: context.accountability.role,
+                }
+                : null,
+            ...meta,
+        };
         try {
             await (0, axios_1.default)({
                 url: webhook.url,

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "directus",
-	"version": "9.1.2",
+	"version": "9.3.0",
 	"license": "GPL-3.0-only",
 	"homepage": "https://github.com/directus/directus#readme",
 	"description": "Directus is a real-time API and App dashboard for managing SQL database content.",
@@ -76,16 +76,16 @@
 	],
 	"dependencies": {
 		"@aws-sdk/client-ses": "^3.40.0",
-		"@directus/app": "9.1.2",
-		"@directus/drive": "9.1.2",
-		"@directus/drive-azure": "9.1.2",
-		"@directus/drive-gcs": "9.1.2",
-		"@directus/drive-s3": "9.1.2",
-		"@directus/extensions-sdk": "9.1.2",
-		"@directus/format-title": "9.1.2",
-		"@directus/schema": "9.1.2",
-		"@directus/shared": "9.1.2",
-		"@directus/specs": "9.1.2",
+		"@directus/app": "9.3.0",
+		"@directus/drive": "9.3.0",
+		"@directus/drive-azure": "9.3.0",
+		"@directus/drive-gcs": "9.3.0",
+		"@directus/drive-s3": "9.3.0",
+		"@directus/extensions-sdk": "9.3.0",
+		"@directus/format-title": "9.3.0",
+		"@directus/schema": "9.3.0",
+		"@directus/shared": "9.3.0",
+		"@directus/specs": "9.3.0",
 		"@godaddy/terminus": "^4.9.0",
 		"@rollup/plugin-alias": "^3.1.2",
 		"@rollup/plugin-virtual": "^2.0.3",
@@ -122,7 +122,7 @@
 		"jsonwebtoken": "^8.5.1",
 		"keyv": "^4.0.3",
 		"knex": "^0.95.11",
-		"knex-schema-inspector": "1.6.4",
+		"knex-schema-inspector": "1.6.6",
 		"ldapjs": "^2.3.1",
 		"liquidjs": "^9.25.0",
 		"lodash": "^4.17.21",
@@ -169,7 +169,7 @@
 		"sqlite3": "^5.0.2",
 		"tedious": "^13.0.0"
 	},
-	"gitHead": "9bf033c18dd5bdf6fe4058d915083fd5ca393b05",
+	"gitHead": "4b444baf5b73467a74f6d57c33277146bc86285c",
 	"devDependencies": {
 		"@types/async": "3.2.10",
 		"@types/atob": "2.1.2",
@@ -199,7 +199,7 @@
 		"@types/nodemailer": "6.4.4",
 		"@types/object-hash": "2.2.1",
 		"@types/qs": "6.9.7",
-		"@types/sanitize-html": "^2.5.0",
+		"@types/sanitize-html": "2.5.0",
 		"@types/sharp": "0.29.4",
 		"@types/stream-json": "1.7.1",
 		"@types/supertest": "2.0.11",
@@ -209,6 +209,7 @@
 		"copyfiles": "2.4.1",
 		"cross-env": "7.0.3",
 		"jest": "27.3.1",
+		"knex-mock-client": "1.6.1",
 		"ts-jest": "27.0.7",
 		"ts-node-dev": "1.1.8",
 		"typescript": "4.5.2"

package/dist/database/functions/dialects/oracle.d.ts

@@ -1,14 +0,0 @@
-import { Knex } from 'knex';
-import { HelperFn } from '../types';
-export declare class HelperOracle implements HelperFn {
-    private knex;
-    constructor(knex: Knex);
-    year(table: string, column: string): Knex.Raw;
-    month(table: string, column: string): Knex.Raw;
-    week(table: string, column: string): Knex.Raw;
-    day(table: string, column: string): Knex.Raw;
-    weekday(table: string, column: string): Knex.Raw;
-    hour(table: string, column: string): Knex.Raw;
-    minute(table: string, column: string): Knex.Raw;
-    second(table: string, column: string): Knex.Raw;
-}

package/dist/database/functions/dialects/postgres.d.ts

@@ -1,14 +0,0 @@
-import { Knex } from 'knex';
-import { HelperFn } from '../types';
-export declare class HelperPostgres implements HelperFn {
-    private knex;
-    constructor(knex: Knex);
-    year(table: string, column: string): Knex.Raw;
-    month(table: string, column: string): Knex.Raw;
-    week(table: string, column: string): Knex.Raw;
-    day(table: string, column: string): Knex.Raw;
-    weekday(table: string, column: string): Knex.Raw;
-    hour(table: string, column: string): Knex.Raw;
-    minute(table: string, column: string): Knex.Raw;
-    second(table: string, column: string): Knex.Raw;
-}

package/dist/database/functions/dialects/sqlite.js

@@ -1,33 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.HelperSQLite = void 0;
-class HelperSQLite {
-    constructor(knex) {
-        this.knex = knex;
-    }
-    year(table, column) {
-        return this.knex.raw("strftime('%Y', ??.??)", [table, column]);
-    }
-    month(table, column) {
-        return this.knex.raw("strftime('%m', ??.??)", [table, column]);
-    }
-    week(table, column) {
-        return this.knex.raw("strftime('%W', ??.??)", [table, column]);
-    }
-    day(table, column) {
-        return this.knex.raw("strftime('%d', ??.??)", [table, column]);
-    }
-    weekday(table, column) {
-        return this.knex.raw("strftime('%w', ??.??)", [table, column]);
-    }
-    hour(table, column) {
-        return this.knex.raw("strftime('%H', ??.??)", [table, column]);
-    }
-    minute(table, column) {
-        return this.knex.raw("strftime('%M', ??.??)", [table, column]);
-    }
-    second(table, column) {
-        return this.knex.raw("strftime('%S', ??.??)", [table, column]);
-    }
-}
-exports.HelperSQLite = HelperSQLite;

package/dist/database/functions/index.d.ts

@@ -1,3 +0,0 @@
-import { Knex } from 'knex';
-import { HelperFn } from './types';
-export declare function FunctionsHelper(knex: Knex): HelperFn;

package/dist/database/functions/index.js

@@ -1,26 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.FunctionsHelper = void 0;
-const postgres_1 = require("./dialects/postgres");
-const mysql_1 = require("./dialects/mysql");
-const mssql_1 = require("./dialects/mssql");
-const sqlite_1 = require("./dialects/sqlite");
-const oracle_1 = require("./dialects/oracle");
-function FunctionsHelper(knex) {
-    switch (knex.client.constructor.name) {
-        case 'Client_MySQL':
-            return new mysql_1.HelperMySQL(knex);
-        case 'Client_PG':
-            return new postgres_1.HelperPostgres(knex);
-        case 'Client_SQLite3':
-            return new sqlite_1.HelperSQLite(knex);
-        case 'Client_Oracledb':
-        case 'Client_Oracle':
-            return new oracle_1.HelperOracle(knex);
-        case 'Client_MSSQL':
-            return new mssql_1.HelperMSSQL(knex);
-        default:
-            throw Error('Unsupported driver used: ' + knex.client.constructor.name);
-    }
-}
-exports.FunctionsHelper = FunctionsHelper;

package/dist/database/functions/types.js

@@ -1,2 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });

package/dist/database/helpers/date.d.ts

@@ -1,8 +0,0 @@
-import { Knex } from 'knex';
-export declare function getDateHelper(): KnexDate;
-declare class KnexDate {
-    protected knex: Knex;
-    constructor(knex: Knex);
-    parseDate(date: string): string;
-}
-export {};

package/dist/database/helpers/date.js

@@ -1,44 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getDateHelper = void 0;
-const __1 = __importDefault(require(".."));
-let dateHelper;
-function getDateHelper() {
-    if (!dateHelper) {
-        const db = (0, __1.default)();
-        const client = db.client.config.client;
-        const constructor = {
-            mysql: KnexDate,
-            mariadb: KnexDate,
-            sqlite3: KnexDate_SQLITE,
-            pg: KnexDate,
-            postgres: KnexDate,
-            redshift: KnexDate,
-            mssql: KnexDate,
-            oracledb: KnexDate,
-        }[client];
-        if (!constructor) {
-            throw new Error(`Geometry helper not implemented on ${client}.`);
-        }
-        dateHelper = new constructor(db);
-    }
-    return dateHelper;
-}
-exports.getDateHelper = getDateHelper;
-class KnexDate {
-    constructor(knex) {
-        this.knex = knex;
-    }
-    parseDate(date) {
-        return date;
-    }
-}
-class KnexDate_SQLITE extends KnexDate {
-    parseDate(date) {
-        const newDate = new Date(date);
-        return (newDate.getTime() - newDate.getTimezoneOffset() * 60 * 1000).toString();
-    }
-}