directus 9.2.2 → 9.4.2

package/dist/services/graphql.js

@@ -34,6 +34,7 @@ const revisions_1 = require("./revisions");
 const roles_1 = require("./roles");
 const server_1 = require("./server");
 const settings_1 = require("./settings");
+const shares_1 = require("./shares");
 const specifications_1 = require("./specifications");
 const tfa_1 = require("./tfa");
 const users_1 = require("./users");
@@ -112,15 +113,23 @@ class GraphQLService {
         return formattedResult;
     }
     getSchema(type = 'schema') {
-        var _a, _b, _c, _d;
+        var _a, _b, _c, _d, _e, _f, _g, _h;
         // eslint-disable-next-line @typescript-eslint/no-this-alias
         const self = this;
         const schemaComposer = new graphql_compose_1.SchemaComposer();
         const schema = {
-            read: ((_a = this.accountability) === null || _a === void 0 ? void 0 : _a.admin) === true ? this.schema : (0, reduce_schema_1.reduceSchema)(this.schema, this.accountability, ['read']),
-            create: ((_b = this.accountability) === null || _b === void 0 ? void 0 : _b.admin) === true ? this.schema : (0, reduce_schema_1.reduceSchema)(this.schema, this.accountability, ['create']),
-            update: ((_c = this.accountability) === null || _c === void 0 ? void 0 : _c.admin) === true ? this.schema : (0, reduce_schema_1.reduceSchema)(this.schema, this.accountability, ['update']),
-            delete: ((_d = this.accountability) === null || _d === void 0 ? void 0 : _d.admin) === true ? this.schema : (0, reduce_schema_1.reduceSchema)(this.schema, this.accountability, ['delete']),
+            read: ((_a = this.accountability) === null || _a === void 0 ? void 0 : _a.admin) === true
+                ? this.schema
+                : (0, reduce_schema_1.reduceSchema)(this.schema, ((_b = this.accountability) === null || _b === void 0 ? void 0 : _b.permissions) || null, ['read']),
+            create: ((_c = this.accountability) === null || _c === void 0 ? void 0 : _c.admin) === true
+                ? this.schema
+                : (0, reduce_schema_1.reduceSchema)(this.schema, ((_d = this.accountability) === null || _d === void 0 ? void 0 : _d.permissions) || null, ['create']),
+            update: ((_e = this.accountability) === null || _e === void 0 ? void 0 : _e.admin) === true
+                ? this.schema
+                : (0, reduce_schema_1.reduceSchema)(this.schema, ((_f = this.accountability) === null || _f === void 0 ? void 0 : _f.permissions) || null, ['update']),
+            delete: ((_g = this.accountability) === null || _g === void 0 ? void 0 : _g.admin) === true
+                ? this.schema
+                : (0, reduce_schema_1.reduceSchema)(this.schema, ((_h = this.accountability) === null || _h === void 0 ? void 0 : _h.permissions) || null, ['delete']),
         };
         const { ReadCollectionTypes } = getReadableTypes();
         const { CreateCollectionTypes, UpdateCollectionTypes, DeleteCollectionTypes } = getWritableTypes();
@@ -325,6 +334,8 @@ class GraphQLService {
             }
             for (const relation of schema[action].relations) {
                 if (relation.related_collection) {
+                    if (SYSTEM_DENY_LIST.includes(relation.related_collection))
+                        continue;
                     (_a = CollectionTypes[relation.collection]) === null || _a === void 0 ? void 0 : _a.addFields({
                         [relation.field]: {
                             type: CollectionTypes[relation.related_collection],
@@ -759,6 +770,8 @@ class GraphQLService {
             }
             for (const relation of schema.read.relations) {
                 if (relation.related_collection) {
+                    if (SYSTEM_DENY_LIST.includes(relation.related_collection))
+                        continue;
                     (_a = ReadableCollectionFilterTypes[relation.collection]) === null || _a === void 0 ? void 0 : _a.addFields({
                         [relation.field]: ReadableCollectionFilterTypes[relation.related_collection],
                     });
@@ -1268,6 +1281,8 @@ class GraphQLService {
                 return new users_1.UsersService(opts);
             case 'directus_webhooks':
                 return new webhooks_1.WebhooksService(opts);
+            case 'directus_shares':
+                return new shares_1.SharesService(opts);
             default:
                 return new items_1.ItemsService(collection, opts);
         }
@@ -1292,7 +1307,7 @@ class GraphQLService {
         })).filter((s) => s);
         return result;
     }
-    injectSystemResolvers(schemaComposer, { CreateCollectionTypes, ReadCollectionTypes, DeleteCollectionTypes, }, schema) {
+    injectSystemResolvers(schemaComposer, { CreateCollectionTypes, ReadCollectionTypes, UpdateCollectionTypes, DeleteCollectionTypes, }, schema) {
         var _a, _b, _c, _d, _e;
         const AuthTokens = schemaComposer.createObjectTC({
             name: 'auth_tokens',
@@ -2116,6 +2131,32 @@ class GraphQLService {
                 },
             });
         }
+        if ('directus_users' in schema.update.collections) {
+            schemaComposer.Mutation.addFields({
+                update_users_me: {
+                    type: ReadCollectionTypes['directus_users'],
+                    args: {
+                        data: (0, graphql_compose_1.toInputObjectType)(UpdateCollectionTypes['directus_users']),
+                    },
+                    resolve: async (_, args, __, info) => {
+                        var _a, _b, _c;
+                        if (!((_a = this.accountability) === null || _a === void 0 ? void 0 : _a.user))
+                            return null;
+                        const service = new users_1.UsersService({
+                            schema: this.schema,
+                            accountability: this.accountability,
+                        });
+                        await service.updateOne(this.accountability.user, args.data);
+                        if ('directus_users' in ReadCollectionTypes) {
+                            const selections = this.replaceFragmentsInSelections((_c = (_b = info.fieldNodes[0]) === null || _b === void 0 ? void 0 : _b.selectionSet) === null || _c === void 0 ? void 0 : _c.selections, info.fragments);
+                            const query = this.getQuery(args, selections || [], info.variableValues);
+                            return await service.readOne(this.accountability.user, query);
+                        }
+                        return true;
+                    },
+                },
+            });
+        }
         if ('directus_activity' in schema.create.collections) {
             schemaComposer.Mutation.addFields({
                 create_comment: {

package/dist/services/index.d.ts

@@ -26,3 +26,4 @@ export * from './tfa';
 export * from './users';
 export * from './utils';
 export * from './webhooks';
+export * from './shares';

package/dist/services/index.js

@@ -39,3 +39,4 @@ __exportStar(require("./tfa"), exports);
 __exportStar(require("./users"), exports);
 __exportStar(require("./utils"), exports);
 __exportStar(require("./webhooks"), exports);
+__exportStar(require("./shares"), exports);

package/dist/services/items.d.ts

@@ -1,25 +1,11 @@
 import { Knex } from 'knex';
 import Keyv from 'keyv';
 import { Accountability, Query, PermissionsAction } from '@directus/shared/types';
-import { AbstractService, AbstractServiceOptions, Item as AnyItem, PrimaryKey, SchemaOverview } from '../types';
+import { AbstractService, AbstractServiceOptions, Item as AnyItem, PrimaryKey, SchemaOverview, MutationOptions } from '../types';
 export declare type QueryOptions = {
     stripNonRequested?: boolean;
     permissionsAction?: PermissionsAction;
 };
-export declare type MutationOptions = {
-    /**
-     * Callback function that's fired whenever a revision is made in the mutation
-     */
-    onRevisionCreate?: (pk: PrimaryKey) => void;
-    /**
-     * Flag to disable the auto purging of the cache. Is ignored when CACHE_AUTO_PURGE isn't enabled.
-     */
-    autoPurgeCache?: false;
-    /**
-     * Allow disabling the emitting of hooks. Useful if a custom hook is fired (like files.upload)
-     */
-    emitEvents?: boolean;
-};
 export declare class ItemsService<Item extends AnyItem = AnyItem> implements AbstractService {
     collection: string;
     knex: Knex;

package/dist/services/notifications.d.ts

@@ -1,6 +1,6 @@
 import { UsersService, MailService } from '.';
-import { AbstractServiceOptions, PrimaryKey } from '../types';
-import { ItemsService, MutationOptions } from './items';
+import { AbstractServiceOptions, PrimaryKey, MutationOptions } from '../types';
+import { ItemsService } from './items';
 import { Notification } from '@directus/shared/types';
 export declare class NotificationsService extends ItemsService {
     usersService: UsersService;

package/dist/services/permissions.d.ts

@@ -1,5 +1,5 @@
-import { ItemsService, QueryOptions, MutationOptions } from '../services/items';
-import { AbstractServiceOptions, Item, PrimaryKey } from '../types';
+import { ItemsService, QueryOptions } from '../services/items';
+import { AbstractServiceOptions, Item, PrimaryKey, MutationOptions } from '../types';
 import { Query, PermissionsAction } from '@directus/shared/types';
 import Keyv from 'keyv';
 export declare class PermissionsService extends ItemsService {

package/dist/services/roles.d.ts

@@ -1,6 +1,6 @@
-import { AbstractServiceOptions, PrimaryKey } from '../types';
+import { AbstractServiceOptions, MutationOptions, PrimaryKey } from '../types';
 import { Query } from '@directus/shared/types';
-import { ItemsService, MutationOptions } from './items';
+import { ItemsService } from './items';
 export declare class RolesService extends ItemsService {
     constructor(options: AbstractServiceOptions);
     private checkForOtherAdminRoles;

package/dist/services/server.js

@@ -52,6 +52,7 @@ class ServerService {
         const projectInfo = await this.settingsService.readSingleton({
             fields: [
                 'project_name',
+                'project_descriptor',
                 'project_logo',
                 'project_color',
                 'public_foreground',

package/dist/services/shares.d.ts

@@ -0,0 +1,17 @@
+import { AbstractServiceOptions, LoginResult, Item, PrimaryKey, MutationOptions } from '../types';
+import { ItemsService } from './items';
+import { AuthorizationService } from './authorization';
+export declare class SharesService extends ItemsService {
+    authorizationService: AuthorizationService;
+    constructor(options: AbstractServiceOptions);
+    createOne(data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey>;
+    login(payload: Record<string, any>): Promise<LoginResult>;
+    /**
+     * Send a link to the given share ID to the given email(s). Note: you can only send a link to a share
+     * if you have read access to that particular share
+     */
+    invite(payload: {
+        emails: string[];
+        share: PrimaryKey;
+    }): Promise<void>;
+}

package/dist/services/shares.js

@@ -0,0 +1,135 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SharesService = void 0;
+const items_1 = require("./items");
+const argon2_1 = __importDefault(require("argon2"));
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const ms_1 = __importDefault(require("ms"));
+const exceptions_1 = require("../exceptions");
+const env_1 = __importDefault(require("../env"));
+const nanoid_1 = require("nanoid");
+const authorization_1 = require("./authorization");
+const users_1 = require("./users");
+const mail_1 = require("./mail");
+const user_name_1 = require("../utils/user-name");
+const md_1 = require("../utils/md");
+class SharesService extends items_1.ItemsService {
+    constructor(options) {
+        super('directus_shares', options);
+        this.authorizationService = new authorization_1.AuthorizationService({
+            accountability: this.accountability,
+            knex: this.knex,
+            schema: this.schema,
+        });
+    }
+    async createOne(data, opts) {
+        await this.authorizationService.checkAccess('share', data.collection, data.item);
+        return super.createOne(data, opts);
+    }
+    async login(payload) {
+        var _a, _b;
+        const record = await this.knex
+            .select({
+            share_id: 'id',
+            share_role: 'role',
+            share_item: 'item',
+            share_collection: 'collection',
+            share_start: 'date_start',
+            share_end: 'date_end',
+            share_times_used: 'times_used',
+            share_max_uses: 'max_uses',
+            share_password: 'password',
+        })
+            .from('directus_shares')
+            .where('id', payload.share)
+            .andWhere((subQuery) => {
+            subQuery.whereNull('date_end').orWhere('date_end', '>=', new Date());
+        })
+            .andWhere((subQuery) => {
+            subQuery.whereNull('date_start').orWhere('date_start', '<=', new Date());
+        })
+            .andWhere((subQuery) => {
+            subQuery.whereNull('max_uses').orWhere('max_uses', '>=', this.knex.ref('times_used'));
+        })
+            .first();
+        if (!record) {
+            throw new exceptions_1.InvalidCredentialsException();
+        }
+        if (record.share_password && !(await argon2_1.default.verify(record.share_password, payload.password))) {
+            throw new exceptions_1.InvalidCredentialsException();
+        }
+        await this.knex('directus_shares')
+            .update({ times_used: record.share_times_used + 1 })
+            .where('id', record.share_id);
+        const tokenPayload = {
+            app_access: false,
+            admin_access: false,
+            role: record.share_role,
+            share: record.share_id,
+            share_scope: {
+                item: record.share_item,
+                collection: record.share_collection,
+            },
+        };
+        const accessToken = jsonwebtoken_1.default.sign(tokenPayload, env_1.default.SECRET, {
+            expiresIn: env_1.default.ACCESS_TOKEN_TTL,
+            issuer: 'directus',
+        });
+        const refreshToken = (0, nanoid_1.nanoid)(64);
+        const refreshTokenExpiration = new Date(Date.now() + (0, ms_1.default)(env_1.default.REFRESH_TOKEN_TTL));
+        await this.knex('directus_sessions').insert({
+            token: refreshToken,
+            expires: refreshTokenExpiration,
+            ip: (_a = this.accountability) === null || _a === void 0 ? void 0 : _a.ip,
+            user_agent: (_b = this.accountability) === null || _b === void 0 ? void 0 : _b.userAgent,
+            share: record.share_id,
+        });
+        await this.knex('directus_sessions').delete().where('expires', '<', new Date());
+        return {
+            accessToken,
+            refreshToken,
+            expires: (0, ms_1.default)(env_1.default.ACCESS_TOKEN_TTL),
+        };
+    }
+    /**
+     * Send a link to the given share ID to the given email(s). Note: you can only send a link to a share
+     * if you have read access to that particular share
+     */
+    async invite(payload) {
+        var _a;
+        if (!((_a = this.accountability) === null || _a === void 0 ? void 0 : _a.user))
+            throw new exceptions_1.ForbiddenException();
+        const share = await this.readOne(payload.share, { fields: ['collection'] });
+        const usersService = new users_1.UsersService({
+            knex: this.knex,
+            schema: this.schema,
+        });
+        const mailService = new mail_1.MailService({ schema: this.schema, accountability: this.accountability });
+        const userInfo = await usersService.readOne(this.accountability.user, {
+            fields: ['first_name', 'last_name', 'email', 'id'],
+        });
+        const message = `
+Hello!
+
+${(0, user_name_1.userName)(userInfo)} has invited you to view an item in ${share.collection}.
+
+[Open](${env_1.default.PUBLIC_URL}/admin/shared/${payload.share})
+`;
+        for (const email of payload.emails) {
+            await mailService.send({
+                template: {
+                    name: 'base',
+                    data: {
+                        html: (0, md_1.md)(message),
+                    },
+                },
+                to: email,
+                subject: `${(0, user_name_1.userName)(userInfo)} has shared an item with you`,
+            });
+        }
+    }
+}
+exports.SharesService = SharesService;

package/dist/services/specifications.js

@@ -442,7 +442,7 @@ class OASSpecsService {
                     ],
                 };
             }
-            else if (relationType === 'm2a') {
+            else if (relationType === 'a2o') {
                 const relatedTags = tags.filter((tag) => relation.meta.one_allowed_collections.includes(tag['x-collection']));
                 propertyObject.type = 'array';
                 propertyObject.items = {

package/dist/services/users.d.ts

@@ -1,8 +1,8 @@
 import { Knex } from 'knex';
-import { AbstractServiceOptions, Item, PrimaryKey, SchemaOverview } from '../types';
+import { AbstractServiceOptions, Item, PrimaryKey, SchemaOverview, MutationOptions } from '../types';
 import { Query } from '@directus/shared/types';
 import { Accountability } from '@directus/shared/types';
-import { ItemsService, MutationOptions } from './items';
+import { ItemsService } from './items';
 export declare class UsersService extends ItemsService {
     knex: Knex;
     accountability: Accountability | null;

package/dist/services/webhooks.d.ts

@@ -1,5 +1,5 @@
-import { AbstractServiceOptions, Item, PrimaryKey, Webhook } from '../types';
-import { ItemsService, MutationOptions } from './items';
+import { AbstractServiceOptions, Item, PrimaryKey, Webhook, MutationOptions } from '../types';
+import { ItemsService } from './items';
 export declare class WebhooksService extends ItemsService<Webhook> {
     constructor(options: AbstractServiceOptions);
     createOne(data: Partial<Item>, opts?: MutationOptions): Promise<PrimaryKey>;

package/dist/types/ast.d.ts

@@ -10,8 +10,8 @@ export declare type M2ONode = {
     parentKey: string;
     relatedKey: string;
 };
-export declare type M2ANode = {
-    type: 'm2a';
+export declare type A2MNode = {
+    type: 'a2o';
     names: string[];
     children: {
         [collection: string]: (NestedCollectionNode | FieldNode)[];
@@ -36,7 +36,7 @@ export declare type O2MNode = {
     parentKey: string;
     relatedKey: string;
 };
-export declare type NestedCollectionNode = M2ONode | O2MNode | M2ANode;
+export declare type NestedCollectionNode = M2ONode | O2MNode | A2MNode;
 export declare type FieldNode = {
     type: 'field';
     name: string;

package/dist/types/auth.d.ts

@@ -15,11 +15,42 @@ export interface User {
     provider: string;
     external_identifier: string | null;
     auth_data: string | Record<string, unknown> | null;
+    app_access: boolean;
+    admin_access: boolean;
 }
 export declare type AuthData = Record<string, any> | null;
 export interface Session {
     token: string;
     expires: Date;
     data: string | Record<string, unknown> | null;
+    share: string;
 }
 export declare type SessionData = Record<string, any> | null;
+export declare type DirectusTokenPayload = {
+    id?: string;
+    role: string | null;
+    app_access: boolean | number;
+    admin_access: boolean | number;
+    share?: string;
+    share_scope?: {
+        collection: string;
+        item: string;
+    };
+};
+export declare type ShareData = {
+    share_id: string;
+    share_role: string;
+    share_item: string;
+    share_collection: string;
+    share_start: Date;
+    share_end: Date;
+    share_times_used: number;
+    share_max_uses?: number;
+    share_password?: string;
+};
+export declare type LoginResult = {
+    accessToken: any;
+    refreshToken: any;
+    expires: any;
+    id?: any;
+};

package/dist/types/extensions.d.ts

@@ -5,6 +5,7 @@ import { Logger } from 'pino';
 import env from '../env';
 import * as exceptions from '../exceptions';
 import * as services from '../services';
+import { Emitter } from '../emitter';
 import { getSchema } from '../utils/get-schema';
 import { SchemaOverview } from './schema';
 export declare type ExtensionContext = {
@@ -12,6 +13,7 @@ export declare type ExtensionContext = {
     exceptions: typeof exceptions;
     database: Knex;
     env: typeof env;
+    emitter: Emitter;
     logger: Logger;
     getSchema: typeof getSchema;
 };

package/dist/types/items.d.ts

@@ -13,3 +13,17 @@ export declare type Alterations = {
     }[];
     delete: (number | string)[];
 };
+export declare type MutationOptions = {
+    /**
+     * Callback function that's fired whenever a revision is made in the mutation
+     */
+    onRevisionCreate?: (pk: PrimaryKey) => void;
+    /**
+     * Flag to disable the auto purging of the cache. Is ignored when CACHE_AUTO_PURGE isn't enabled.
+     */
+    autoPurgeCache?: false;
+    /**
+     * Allow disabling the emitting of hooks. Useful if a custom hook is fired (like files.upload)
+     */
+    emitEvents?: boolean;
+};

package/dist/utils/apply-query.d.ts

@@ -5,44 +5,6 @@ import { Aggregate, Filter, Query } from '@directus/shared/types';
  * Apply the Query to a given Knex query builder instance
  */
 export default function applyQuery(knex: Knex, collection: string, dbQuery: Knex.QueryBuilder, query: Query, schema: SchemaOverview, subQuery?: boolean): Knex.QueryBuilder;
-/**
- * Apply a given filter object to the Knex QueryBuilder instance.
- *
- * Relational nested filters, like the following example:
- *
- * ```json
- * // Fetch pages that have articles written by Rijk
- *
- * {
- *   "articles": {
- *     "author": {
- *       "name": {
- *         "_eq": "Rijk"
- *       }
- *     }
- *   }
- * }
- * ```
- *
- * are handled by joining the nested tables, and using a where statement on the top level on the
- * nested field through the join. This allows us to filter the top level items based on nested data.
- * The where on the root is done with a subquery to prevent duplicates, any nested joins are done
- * with aliases to prevent naming conflicts.
- *
- * The output SQL for the above would look something like:
- *
- * ```sql
- * SELECT *
- * FROM pages
- * WHERE
- *   pages.id in (
- *     SELECT articles.page_id AS page_id
- *     FROM articles
- *     LEFT JOIN authors AS xviqp ON articles.author = xviqp.id
- *     WHERE xviqp.name = 'Rijk'
- *   )
- * ```
- */
 export declare function applyFilter(knex: Knex, schema: SchemaOverview, rootQuery: Knex.QueryBuilder, rootFilter: Filter, collection: string, subQuery?: boolean): Knex.QueryBuilder<any, any>;
 export declare function applySearch(schema: SchemaOverview, dbQuery: Knex.QueryBuilder, searchQuery: string, collection: string): Promise<void>;
 export declare function applyAggregate(dbQuery: Knex.QueryBuilder, aggregate: Aggregate, collection: string): void;