directus 9.2.0 → 9.4.0

package/dist/utils/apply-query.js

@@ -8,7 +8,6 @@ const lodash_1 = require("lodash");
 const nanoid_1 = require("nanoid");
 const uuid_validate_1 = __importDefault(require("uuid-validate"));
 const exceptions_1 = require("../exceptions");
-const apply_function_to_column_name_1 = require("./apply-function-to-column-name");
 const get_column_1 = require("./get-column");
 const get_relation_type_1 = require("./get-relation-type");
 const helpers_1 = require("../database/helpers");
@@ -44,7 +43,7 @@ function applyQuery(knex, collection, dbQuery, query, schema, subQuery = false)
         applySearch(schema, dbQuery, query.search, collection);
     }
     if (query.group) {
-        dbQuery.groupBy(`${collection}.${query.group.map(apply_function_to_column_name_1.applyFunctionToColumnName)}`);
+        dbQuery.groupBy(query.group.map((column) => (0, get_column_1.getColumn)(knex, collection, column, false)));
     }
     if (query.aggregate) {
         applyAggregate(dbQuery, query.aggregate, collection);
@@ -77,44 +76,44 @@ function applyQuery(knex, collection, dbQuery, query, schema, subQuery = false)
     return dbQuery;
 }
 exports.default = applyQuery;
-/**
- * Apply a given filter object to the Knex QueryBuilder instance.
- *
- * Relational nested filters, like the following example:
- *
- * ```json
- * // Fetch pages that have articles written by Rijk
- *
- * {
- *   "articles": {
- *     "author": {
- *       "name": {
- *         "_eq": "Rijk"
- *       }
- *     }
- *   }
- * }
- * ```
- *
- * are handled by joining the nested tables, and using a where statement on the top level on the
- * nested field through the join. This allows us to filter the top level items based on nested data.
- * The where on the root is done with a subquery to prevent duplicates, any nested joins are done
- * with aliases to prevent naming conflicts.
- *
- * The output SQL for the above would look something like:
- *
- * ```sql
- * SELECT *
- * FROM pages
- * WHERE
- *   pages.id in (
- *     SELECT articles.page_id AS page_id
- *     FROM articles
- *     LEFT JOIN authors AS xviqp ON articles.author = xviqp.id
- *     WHERE xviqp.name = 'Rijk'
- *   )
- * ```
- */
+function getRelationInfo(relations, collection, field) {
+    var _a, _b;
+    const implicitRelation = (_a = field.match(/^\$FOLLOW\((.*?),(.*?)(?:,(.*?))?\)$/)) === null || _a === void 0 ? void 0 : _a.slice(1);
+    if (implicitRelation) {
+        if (implicitRelation[2] === undefined) {
+            const [m2oCollection, m2oField] = implicitRelation;
+            const relation = {
+                collection: m2oCollection,
+                field: m2oField,
+                related_collection: collection,
+                schema: null,
+                meta: null,
+            };
+            return { relation, relationType: 'o2m' };
+        }
+        else {
+            const [a2oCollection, a2oItemField, a2oCollectionField] = implicitRelation;
+            const relation = {
+                collection: a2oCollection,
+                field: a2oItemField,
+                related_collection: collection,
+                schema: null,
+                meta: {
+                    one_collection_field: a2oCollectionField,
+                    one_field: field,
+                },
+            };
+            return { relation, relationType: 'o2a' };
+        }
+    }
+    const relation = (_b = relations.find((relation) => {
+        var _a;
+        return ((relation.collection === collection && relation.field === field) ||
+            (relation.related_collection === collection && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field) === field));
+    })) !== null && _b !== void 0 ? _b : null;
+    const relationType = relation ? (0, get_relation_type_1.getRelationType)({ relation, collection, field }) : null;
+    return { relation, relationType };
+}
 function applyFilter(knex, schema, rootQuery, rootFilter, collection, subQuery = false) {
     const helpers = (0, helpers_1.getHelpers)(knex);
     const relations = schema.relations;
@@ -144,31 +143,34 @@ function applyFilter(knex, schema, rootQuery, rootFilter, collection, subQuery =
             followRelation(path);
             function followRelation(pathParts, parentCollection = collection, parentAlias) {
                 /**
-                 * For M2A fields, the path can contain an optional collection scope <field>:<scope>
+                 * For A2M fields, the path can contain an optional collection scope <field>:<scope>
                  */
                 const pathRoot = pathParts[0].split(':')[0];
-                const relation = relations.find((relation) => {
-                    var _a;
-                    return ((relation.collection === parentCollection && relation.field === pathRoot) ||
-                        (relation.related_collection === parentCollection && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field) === pathRoot));
-                });
-                if (!relation)
+                const { relation, relationType } = getRelationInfo(relations, parentCollection, pathRoot);
+                if (!relation) {
                     return;
-                const relationType = (0, get_relation_type_1.getRelationType)({ relation, collection: parentCollection, field: pathRoot });
+                }
                 const alias = generateAlias();
                 (0, lodash_1.set)(aliasMap, parentAlias ? [parentAlias, ...pathParts] : pathParts, alias);
                 if (relationType === 'm2o') {
                     dbQuery.leftJoin({ [alias]: relation.related_collection }, `${parentAlias || parentCollection}.${relation.field}`, `${alias}.${schema.collections[relation.related_collection].primary}`);
                 }
-                if (relationType === 'm2a') {
+                if (relationType === 'a2o') {
                     const pathScope = pathParts[0].split(':')[1];
                     if (!pathScope) {
                         throw new exceptions_1.InvalidQueryException(`You have to provide a collection scope when filtering on a many-to-any item`);
                     }
                     dbQuery.leftJoin({ [alias]: pathScope }, (joinClause) => {
                         joinClause
-                            .on(`${parentAlias || parentCollection}.${relation.field}`, '=', knex.raw(`CAST(?? AS CHAR(255))`, `${alias}.${schema.collections[pathScope].primary}`))
-                            .andOnVal(relation.meta.one_collection_field, '=', pathScope);
+                            .onVal(relation.meta.one_collection_field, '=', pathScope)
+                            .andOn(`${parentAlias || parentCollection}.${relation.field}`, '=', knex.raw(`CAST(?? AS CHAR(255))`, `${alias}.${schema.collections[pathScope].primary}`));
+                    });
+                }
+                if (relationType === 'o2a') {
+                    dbQuery.leftJoin({ [alias]: relation.collection }, (joinClause) => {
+                        joinClause
+                            .onVal(relation.meta.one_collection_field, '=', parentCollection)
+                            .andOn(`${alias}.${relation.field}`, '=', knex.raw(`CAST(?? AS CHAR(255))`, `${parentAlias || parentCollection}.${schema.collections[parentCollection].primary}`));
                     });
                 }
                 // Still join o2m relations when in subquery OR when the o2m relation is not at the root level
@@ -180,7 +182,7 @@ function applyFilter(knex, schema, rootQuery, rootFilter, collection, subQuery =
                     if (relationType === 'm2o') {
                         parent = relation.related_collection;
                     }
-                    else if (relationType === 'm2a') {
+                    else if (relationType === 'a2o') {
                         const pathScope = pathParts[0].split(':')[1];
                         if (!pathScope) {
                             throw new exceptions_1.InvalidQueryException(`You have to provide a collection scope when filtering on a many-to-any item`);
@@ -216,17 +218,12 @@ function applyFilter(knex, schema, rootQuery, rootFilter, collection, subQuery =
             }
             const filterPath = getFilterPath(key, value);
             /**
-             * For M2A fields, the path can contain an optional collection scope <field>:<scope>
+             * For A2M fields, the path can contain an optional collection scope <field>:<scope>
              */
             const pathRoot = filterPath[0].split(':')[0];
-            const relation = relations.find((relation) => {
-                var _a;
-                return ((relation.collection === collection && relation.field === pathRoot) ||
-                    (relation.related_collection === collection && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field) === pathRoot));
-            });
+            const { relation, relationType } = getRelationInfo(relations, collection, pathRoot);
             const { operator: filterOperator, value: filterValue } = getOperation(key, value);
-            const relationType = relation ? (0, get_relation_type_1.getRelationType)({ relation, collection: collection, field: pathRoot }) : null;
-            if (relationType === 'm2o' || relationType === 'm2a' || relationType === null) {
+            if (relationType === 'm2o' || relationType === 'a2o' || relationType === null) {
                 if (filterPath.length > 1) {
                     const columnName = getWhereColumn(filterPath, collection);
                     if (!columnName)
@@ -238,7 +235,13 @@ function applyFilter(knex, schema, rootQuery, rootFilter, collection, subQuery =
                 }
             }
             else if (subQuery === false) {
-                const pkField = `${collection}.${schema.collections[relation.related_collection].primary}`;
+                if (!relation)
+                    continue;
+                let pkField = `${collection}.${schema.collections[relation.related_collection].primary}`;
+                if (relationType === 'o2a') {
+                    pkField = knex.raw(`CAST(?? AS CHAR(255))`, [pkField]);
+                }
+                // Note: knex's types don't appreciate knex.raw in whereIn, even though it's officially supported
                 dbQuery[logical].whereIn(pkField, (subQueryKnex) => {
                     const field = relation.field;
                     const collection = relation.collection;
@@ -377,22 +380,17 @@ function applyFilter(knex, schema, rootQuery, rootFilter, collection, subQuery =
             return followRelation(path);
             function followRelation(pathParts, parentCollection = collection, parentAlias) {
                 /**
-                 * For M2A fields, the path can contain an optional collection scope <field>:<scope>
+                 * For A2M fields, the path can contain an optional collection scope <field>:<scope>
                  */
                 const pathRoot = pathParts[0].split(':')[0];
-                const relation = relations.find((relation) => {
-                    var _a;
-                    return ((relation.collection === parentCollection && relation.field === pathRoot) ||
-                        (relation.related_collection === parentCollection && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field) === pathRoot));
-                });
+                const { relation, relationType } = getRelationInfo(relations, parentCollection, pathRoot);
                 if (!relation) {
                     throw new exceptions_1.InvalidQueryException(`"${parentCollection}.${pathRoot}" is not a relational field`);
                 }
-                const relationType = (0, get_relation_type_1.getRelationType)({ relation, collection: parentCollection, field: pathRoot });
                 const alias = (0, lodash_1.get)(aliasMap, parentAlias ? [parentAlias, ...pathParts] : pathParts);
                 const remainingParts = pathParts.slice(1);
                 let parent;
-                if (relationType === 'm2a') {
+                if (relationType === 'a2o') {
                     const pathScope = pathParts[0].split(':')[1];
                     if (!pathScope) {
                         throw new exceptions_1.InvalidQueryException(`You have to provide a collection scope when filtering on a many-to-any item`);

package/dist/utils/apply-snapshot.js

@@ -10,6 +10,7 @@ const database_1 = __importDefault(require("../database"));
 const get_schema_1 = require("./get-schema");
 const services_1 = require("../services");
 const lodash_1 = require("lodash");
+const logger_1 = __importDefault(require("../logger"));
 async function applySnapshot(snapshot, options) {
     var _a, _b, _c, _d;
     const database = (_a = options === null || options === void 0 ? void 0 : options.database) !== null && _a !== void 0 ? _a : (0, database_1.default)();
@@ -20,7 +21,13 @@ async function applySnapshot(snapshot, options) {
         const collectionsService = new services_1.CollectionsService({ knex: trx, schema });
         for (const { collection, diff } of snapshotDiff.collections) {
             if ((diff === null || diff === void 0 ? void 0 : diff[0].kind) === 'D') {
-                await collectionsService.deleteOne(collection);
+                try {
+                    await collectionsService.deleteOne(collection);
+                }
+                catch (err) {
+                    logger_1.default.error(`Failed to delete collection "${collection}"`);
+                    throw err;
+                }
             }
             if ((diff === null || diff === void 0 ? void 0 : diff[0].kind) === 'N' && diff[0].rhs) {
                 // We'll nest the to-be-created fields in the same collection creation, to prevent
@@ -28,10 +35,16 @@ async function applySnapshot(snapshot, options) {
                 const fields = snapshotDiff.fields
                     .filter((fieldDiff) => fieldDiff.collection === collection)
                     .map((fieldDiff) => fieldDiff.diff[0].rhs);
-                await collectionsService.createOne({
-                    ...diff[0].rhs,
-                    fields,
-                });
+                try {
+                    await collectionsService.createOne({
+                        ...diff[0].rhs,
+                        fields,
+                    });
+                }
+                catch (err) {
+                    logger_1.default.error(`Failed to create collection "${collection}"`);
+                    throw err;
+                }
                 // Now that the fields are in for this collection, we can strip them from the field
                 // edits
                 snapshotDiff.fields = snapshotDiff.fields.filter((fieldDiff) => fieldDiff.collection !== collection);
@@ -41,27 +54,51 @@ async function applySnapshot(snapshot, options) {
                     return field.collection === collection;
                 });
                 if (newValues) {
-                    await collectionsService.updateOne(collection, newValues);
+                    try {
+                        await collectionsService.updateOne(collection, newValues);
+                    }
+                    catch (err) {
+                        logger_1.default.error(`Failed to update collection "${collection}"`);
+                        throw err;
+                    }
                 }
             }
         }
         const fieldsService = new services_1.FieldsService({ knex: trx, schema: await (0, get_schema_1.getSchema)({ database: trx }) });
         for (const { collection, field, diff } of snapshotDiff.fields) {
             if ((diff === null || diff === void 0 ? void 0 : diff[0].kind) === 'N') {
-                await fieldsService.createField(collection, diff[0].rhs);
+                try {
+                    await fieldsService.createField(collection, diff[0].rhs);
+                }
+                catch (err) {
+                    logger_1.default.error(`Failed to create field "${collection}.${field}"`);
+                    throw err;
+                }
             }
             if ((diff === null || diff === void 0 ? void 0 : diff[0].kind) === 'E' || (diff === null || diff === void 0 ? void 0 : diff[0].kind) === 'A') {
                 const newValues = snapshot.fields.find((snapshotField) => {
                     return snapshotField.collection === collection && snapshotField.field === field;
                 });
                 if (newValues) {
-                    await fieldsService.updateField(collection, {
-                        ...newValues,
-                    });
+                    try {
+                        await fieldsService.updateField(collection, {
+                            ...newValues,
+                        });
+                    }
+                    catch (err) {
+                        logger_1.default.error(`Failed to update field "${collection}.${field}"`);
+                        throw err;
+                    }
                 }
             }
             if ((diff === null || diff === void 0 ? void 0 : diff[0].kind) === 'D') {
-                await fieldsService.deleteField(collection, field);
+                try {
+                    await fieldsService.deleteField(collection, field);
+                }
+                catch (err) {
+                    logger_1.default.error(`Failed to delete field "${collection}.${field}"`);
+                    throw err;
+                }
                 // Field deletion also cleans up the relationship. We should ignore any relationship
                 // changes attached to this now non-existing field
                 snapshotDiff.relations = snapshotDiff.relations.filter((relation) => (relation.collection === collection && relation.field === field) === false);
@@ -74,18 +111,36 @@ async function applySnapshot(snapshot, options) {
                 (0, lodash_1.set)(structure, diffEdit.path, undefined);
             }
             if ((diff === null || diff === void 0 ? void 0 : diff[0].kind) === 'N') {
-                await relationsService.createOne(diff[0].rhs);
+                try {
+                    await relationsService.createOne(diff[0].rhs);
+                }
+                catch (err) {
+                    logger_1.default.error(`Failed to create relation "${collection}.${field}"`);
+                    throw err;
+                }
             }
             if ((diff === null || diff === void 0 ? void 0 : diff[0].kind) === 'E' || (diff === null || diff === void 0 ? void 0 : diff[0].kind) === 'A') {
                 const newValues = snapshot.relations.find((relation) => {
                     return relation.collection === collection && relation.field === field;
                 });
                 if (newValues) {
-                    await relationsService.updateOne(collection, field, newValues);
+                    try {
+                        await relationsService.updateOne(collection, field, newValues);
+                    }
+                    catch (err) {
+                        logger_1.default.error(`Failed to update relation "${collection}.${field}"`);
+                        throw err;
+                    }
                 }
             }
             if ((diff === null || diff === void 0 ? void 0 : diff[0].kind) === 'D') {
-                await relationsService.deleteOne(collection, field);
+                try {
+                    await relationsService.deleteOne(collection, field);
+                }
+                catch (err) {
+                    logger_1.default.error(`Failed to delete relation "${collection}.${field}"`);
+                    throw err;
+                }
             }
         }
     });

package/dist/utils/get-ast-from-query.js

@@ -88,7 +88,7 @@ async function getASTFromQuery(collection, query, schema, options) {
                 const parts = name.split('.');
                 let rootField = parts[0];
                 let collectionScope = null;
-                // m2a related collection scoped field selector `fields=sections.section_id:headings.title`
+                // a2o related collection scoped field selector `fields=sections.section_id:headings.title`
                 if (rootField.includes(':')) {
                     const [key, scope] = rootField.split(':');
                     rootField = key;
@@ -136,14 +136,14 @@ async function getASTFromQuery(collection, query, schema, options) {
             if (!relationType)
                 continue;
             let child = null;
-            if (relationType === 'm2a') {
+            if (relationType === 'a2o') {
                 const allowedCollections = relation.meta.one_allowed_collections.filter((collection) => {
                     if (!permissions)
                         return true;
                     return permissions.some((permission) => permission.collection === collection);
                 });
                 child = {
-                    type: 'm2a',
+                    type: 'a2o',
                     names: allowedCollections,
                     children: {},
                     query: {},

package/dist/utils/get-permissions.d.ts

@@ -1,3 +1,3 @@
-import { Accountability } from '@directus/shared/types';
+import { Permission, Accountability } from '@directus/shared/types';
 import { SchemaOverview } from '../types';
-export declare function getPermissions(accountability: Accountability, schema: SchemaOverview): Promise<any>;
+export declare function getPermissions(accountability: Accountability, schema: SchemaOverview): Promise<Permission[]>;

package/dist/utils/get-permissions.js

@@ -9,6 +9,7 @@ const lodash_1 = require("lodash");
 const database_1 = __importDefault(require("../database"));
 const app_access_permissions_1 = require("../database/system-data/app-access-permissions");
 const merge_permissions_1 = require("../utils/merge-permissions");
+const merge_permissions_for_share_1 = require("./merge-permissions-for-share");
 const users_1 = require("../services/users");
 const roles_1 = require("../services/roles");
 const cache_1 = require("../cache");
@@ -16,91 +17,135 @@ const object_hash_1 = __importDefault(require("object-hash"));
 const env_1 = __importDefault(require("../env"));
 async function getPermissions(accountability, schema) {
     const database = (0, database_1.default)();
-    const { systemCache } = (0, cache_1.getCache)();
+    const { systemCache, cache } = (0, cache_1.getCache)();
     let permissions = [];
-    const { user, role, app, admin } = accountability;
-    const cacheKey = `permissions-${(0, object_hash_1.default)({ user, role, app, admin })}`;
+    const { user, role, app, admin, share_scope } = accountability;
+    const cacheKey = `permissions-${(0, object_hash_1.default)({ user, role, app, admin, share_scope })}`;
     if (env_1.default.CACHE_PERMISSIONS !== false) {
         const cachedPermissions = await systemCache.get(cacheKey);
         if (cachedPermissions) {
-            return cachedPermissions;
-        }
-    }
-    if (accountability.admin !== true) {
-        const permissionsForRole = await database
-            .select('*')
-            .from('directus_permissions')
-            .where({ role: accountability.role });
-        const requiredPermissionData = {
-            $CURRENT_USER: [],
-            $CURRENT_ROLE: [],
-        };
-        permissions = permissionsForRole.map((permissionRaw) => {
-            const permission = (0, lodash_1.cloneDeep)(permissionRaw);
-            if (permission.permissions && typeof permission.permissions === 'string') {
-                permission.permissions = JSON.parse(permission.permissions);
-            }
-            else if (permission.permissions === null) {
-                permission.permissions = {};
-            }
-            if (permission.validation && typeof permission.validation === 'string') {
-                permission.validation = JSON.parse(permission.validation);
-            }
-            else if (permission.validation === null) {
-                permission.validation = {};
-            }
-            if (permission.presets && typeof permission.presets === 'string') {
-                permission.presets = JSON.parse(permission.presets);
-            }
-            else if (permission.presets === null) {
-                permission.presets = {};
-            }
-            if (permission.fields && typeof permission.fields === 'string') {
-                permission.fields = permission.fields.split(',');
+            if (!cachedPermissions.containDynamicData) {
+                return processPermissions(accountability, cachedPermissions.permissions, {});
             }
-            else if (permission.fields === null) {
-                permission.fields = [];
+            const cachedFilterContext = await (cache === null || cache === void 0 ? void 0 : cache.get(`filterContext-${(0, object_hash_1.default)({ user, role, permissions: cachedPermissions.permissions })}`));
+            if (cachedFilterContext) {
+                return processPermissions(accountability, cachedPermissions.permissions, cachedFilterContext);
             }
-            const extractPermissionData = (val) => {
-                if (typeof val === 'string' && val.startsWith('$CURRENT_USER.')) {
-                    requiredPermissionData.$CURRENT_USER.push(val.replace('$CURRENT_USER.', ''));
+            else {
+                const { permissions: parsedPermissions, requiredPermissionData, containDynamicData, } = parsePermissions(cachedPermissions.permissions);
+                permissions = parsedPermissions;
+                const filterContext = containDynamicData
+                    ? await getFilterContext(schema, accountability, requiredPermissionData)
+                    : {};
+                if (containDynamicData && env_1.default.CACHE_ENABLED !== false) {
+                    await (cache === null || cache === void 0 ? void 0 : cache.set(`filterContext-${(0, object_hash_1.default)({ user, role, permissions })}`, filterContext));
                 }
-                if (typeof val === 'string' && val.startsWith('$CURRENT_ROLE.')) {
-                    requiredPermissionData.$CURRENT_ROLE.push(val.replace('$CURRENT_ROLE.', ''));
-                }
-                return val;
-            };
-            (0, utils_1.deepMap)(permission.permissions, extractPermissionData);
-            (0, utils_1.deepMap)(permission.validation, extractPermissionData);
-            (0, utils_1.deepMap)(permission.presets, extractPermissionData);
-            return permission;
-        });
-        if (accountability.app === true) {
-            permissions = (0, merge_permissions_1.mergePermissions)(permissions, app_access_permissions_1.appAccessMinimalPermissions.map((perm) => ({ ...perm, role: accountability.role })));
+                return processPermissions(accountability, permissions, filterContext);
+            }
+        }
+    }
+    if (accountability.admin !== true) {
+        const query = database.select('*').from('directus_permissions');
+        if (accountability.role) {
+            query.where({ role: accountability.role });
         }
-        const usersService = new users_1.UsersService({ schema });
-        const rolesService = new roles_1.RolesService({ schema });
-        const filterContext = {};
-        if (accountability.user && requiredPermissionData.$CURRENT_USER.length > 0) {
-            filterContext.$CURRENT_USER = await usersService.readOne(accountability.user, {
-                fields: requiredPermissionData.$CURRENT_USER,
-            });
+        else {
+            query.whereNull('role');
         }
-        if (accountability.role && requiredPermissionData.$CURRENT_ROLE.length > 0) {
-            filterContext.$CURRENT_ROLE = await rolesService.readOne(accountability.role, {
-                fields: requiredPermissionData.$CURRENT_ROLE,
-            });
+        const permissionsForRole = await query;
+        const { permissions: parsedPermissions, requiredPermissionData, containDynamicData, } = parsePermissions(permissionsForRole);
+        permissions = parsedPermissions;
+        if (accountability.app === true) {
+            permissions = (0, merge_permissions_1.mergePermissions)('or', permissions, app_access_permissions_1.appAccessMinimalPermissions.map((perm) => ({ ...perm, role: accountability.role })));
         }
-        permissions = permissions.map((permission) => {
-            permission.permissions = (0, utils_1.parseFilter)(permission.permissions, accountability, filterContext);
-            permission.validation = (0, utils_1.parseFilter)(permission.validation, accountability, filterContext);
-            permission.presets = (0, utils_1.parseFilter)(permission.presets, accountability, filterContext);
-            return permission;
-        });
+        if (accountability.share_scope) {
+            permissions = (0, merge_permissions_for_share_1.mergePermissionsForShare)(permissions, accountability, schema);
+        }
+        const filterContext = containDynamicData
+            ? await getFilterContext(schema, accountability, requiredPermissionData)
+            : {};
         if (env_1.default.CACHE_PERMISSIONS !== false) {
-            await systemCache.set(cacheKey, permissions);
+            await systemCache.set(cacheKey, { permissions, containDynamicData });
+            if (containDynamicData && env_1.default.CACHE_ENABLED !== false) {
+                await (cache === null || cache === void 0 ? void 0 : cache.set(`filterContext-${(0, object_hash_1.default)({ user, role, permissions })}`, filterContext));
+            }
         }
+        return processPermissions(accountability, permissions, filterContext);
     }
     return permissions;
 }
 exports.getPermissions = getPermissions;
+function parsePermissions(permissions) {
+    const requiredPermissionData = {
+        $CURRENT_USER: [],
+        $CURRENT_ROLE: [],
+    };
+    let containDynamicData = false;
+    permissions = permissions.map((permissionRaw) => {
+        const permission = (0, lodash_1.cloneDeep)(permissionRaw);
+        if (permission.permissions && typeof permission.permissions === 'string') {
+            permission.permissions = JSON.parse(permission.permissions);
+        }
+        else if (permission.permissions === null) {
+            permission.permissions = {};
+        }
+        if (permission.validation && typeof permission.validation === 'string') {
+            permission.validation = JSON.parse(permission.validation);
+        }
+        else if (permission.validation === null) {
+            permission.validation = {};
+        }
+        if (permission.presets && typeof permission.presets === 'string') {
+            permission.presets = JSON.parse(permission.presets);
+        }
+        else if (permission.presets === null) {
+            permission.presets = {};
+        }
+        if (permission.fields && typeof permission.fields === 'string') {
+            permission.fields = permission.fields.split(',');
+        }
+        else if (permission.fields === null) {
+            permission.fields = [];
+        }
+        const extractPermissionData = (val) => {
+            if (typeof val === 'string' && val.startsWith('$CURRENT_USER.')) {
+                requiredPermissionData.$CURRENT_USER.push(val.replace('$CURRENT_USER.', ''));
+                containDynamicData = true;
+            }
+            if (typeof val === 'string' && val.startsWith('$CURRENT_ROLE.')) {
+                requiredPermissionData.$CURRENT_ROLE.push(val.replace('$CURRENT_ROLE.', ''));
+                containDynamicData = true;
+            }
+            return val;
+        };
+        (0, utils_1.deepMap)(permission.permissions, extractPermissionData);
+        (0, utils_1.deepMap)(permission.validation, extractPermissionData);
+        (0, utils_1.deepMap)(permission.presets, extractPermissionData);
+        return permission;
+    });
+    return { permissions, requiredPermissionData, containDynamicData };
+}
+async function getFilterContext(schema, accountability, requiredPermissionData) {
+    const usersService = new users_1.UsersService({ schema });
+    const rolesService = new roles_1.RolesService({ schema });
+    const filterContext = {};
+    if (accountability.user && requiredPermissionData.$CURRENT_USER.length > 0) {
+        filterContext.$CURRENT_USER = await usersService.readOne(accountability.user, {
+            fields: requiredPermissionData.$CURRENT_USER,
+        });
+    }
+    if (accountability.role && requiredPermissionData.$CURRENT_ROLE.length > 0) {
+        filterContext.$CURRENT_ROLE = await rolesService.readOne(accountability.role, {
+            fields: requiredPermissionData.$CURRENT_ROLE,
+        });
+    }
+    return filterContext;
+}
+function processPermissions(accountability, permissions, filterContext) {
+    return permissions.map((permission) => {
+        permission.permissions = (0, utils_1.parseFilter)(permission.permissions, accountability, filterContext);
+        permission.validation = (0, utils_1.parseFilter)(permission.validation, accountability, filterContext);
+        permission.presets = (0, utils_1.parseFilter)(permission.presets, accountability, filterContext);
+        return permission;
+    });
+}

package/dist/utils/get-relation-type.d.ts

@@ -3,4 +3,4 @@ export declare function getRelationType(getRelationOptions: {
     relation: Relation;
     collection: string | null;
     field: string;
-}): 'm2o' | 'o2m' | 'm2a' | null;
+}): 'm2o' | 'o2m' | 'a2o' | null;

package/dist/utils/get-relation-type.js

@@ -10,7 +10,7 @@ function getRelationType(getRelationOptions) {
         relation.field === field &&
         ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_collection_field) &&
         ((_b = relation.meta) === null || _b === void 0 ? void 0 : _b.one_allowed_collections)) {
-        return 'm2a';
+        return 'a2o';
     }
     if (relation.collection === collection && relation.field === field) {
         return 'm2o';

package/dist/utils/merge-permissions-for-share.d.ts

@@ -0,0 +1,5 @@
+import { Permission, Accountability, Filter } from '@directus/shared/types';
+import { SchemaOverview } from '../types';
+export declare function mergePermissionsForShare(currentPermissions: Permission[], accountability: Accountability, schema: SchemaOverview): Permission[];
+export declare function traverse(schema: SchemaOverview, rootItemPrimaryKeyField: string, rootItemPrimaryKey: string, currentCollection: string, parentCollections?: string[], path?: string[]): Partial<Permission>[];
+export declare function getFilterForPath(type: 'o2m' | 'm2o' | 'a2o', path: string[], rootPrimaryKeyField: string, rootPrimaryKey: string): Filter;