directus 9.3.0 → 9.4.0

package/dist/utils/apply-query.js

@@ -76,44 +76,44 @@ function applyQuery(knex, collection, dbQuery, query, schema, subQuery = false)
     return dbQuery;
 }
 exports.default = applyQuery;
-/**
- * Apply a given filter object to the Knex QueryBuilder instance.
- *
- * Relational nested filters, like the following example:
- *
- * ```json
- * // Fetch pages that have articles written by Rijk
- *
- * {
- *   "articles": {
- *     "author": {
- *       "name": {
- *         "_eq": "Rijk"
- *       }
- *     }
- *   }
- * }
- * ```
- *
- * are handled by joining the nested tables, and using a where statement on the top level on the
- * nested field through the join. This allows us to filter the top level items based on nested data.
- * The where on the root is done with a subquery to prevent duplicates, any nested joins are done
- * with aliases to prevent naming conflicts.
- *
- * The output SQL for the above would look something like:
- *
- * ```sql
- * SELECT *
- * FROM pages
- * WHERE
- *   pages.id in (
- *     SELECT articles.page_id AS page_id
- *     FROM articles
- *     LEFT JOIN authors AS xviqp ON articles.author = xviqp.id
- *     WHERE xviqp.name = 'Rijk'
- *   )
- * ```
- */
+function getRelationInfo(relations, collection, field) {
+    var _a, _b;
+    const implicitRelation = (_a = field.match(/^\$FOLLOW\((.*?),(.*?)(?:,(.*?))?\)$/)) === null || _a === void 0 ? void 0 : _a.slice(1);
+    if (implicitRelation) {
+        if (implicitRelation[2] === undefined) {
+            const [m2oCollection, m2oField] = implicitRelation;
+            const relation = {
+                collection: m2oCollection,
+                field: m2oField,
+                related_collection: collection,
+                schema: null,
+                meta: null,
+            };
+            return { relation, relationType: 'o2m' };
+        }
+        else {
+            const [a2oCollection, a2oItemField, a2oCollectionField] = implicitRelation;
+            const relation = {
+                collection: a2oCollection,
+                field: a2oItemField,
+                related_collection: collection,
+                schema: null,
+                meta: {
+                    one_collection_field: a2oCollectionField,
+                    one_field: field,
+                },
+            };
+            return { relation, relationType: 'o2a' };
+        }
+    }
+    const relation = (_b = relations.find((relation) => {
+        var _a;
+        return ((relation.collection === collection && relation.field === field) ||
+            (relation.related_collection === collection && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field) === field));
+    })) !== null && _b !== void 0 ? _b : null;
+    const relationType = relation ? (0, get_relation_type_1.getRelationType)({ relation, collection, field }) : null;
+    return { relation, relationType };
+}
 function applyFilter(knex, schema, rootQuery, rootFilter, collection, subQuery = false) {
     const helpers = (0, helpers_1.getHelpers)(knex);
     const relations = schema.relations;
@@ -143,31 +143,34 @@ function applyFilter(knex, schema, rootQuery, rootFilter, collection, subQuery =
             followRelation(path);
             function followRelation(pathParts, parentCollection = collection, parentAlias) {
                 /**
-                 * For M2A fields, the path can contain an optional collection scope <field>:<scope>
+                 * For A2M fields, the path can contain an optional collection scope <field>:<scope>
                  */
                 const pathRoot = pathParts[0].split(':')[0];
-                const relation = relations.find((relation) => {
-                    var _a;
-                    return ((relation.collection === parentCollection && relation.field === pathRoot) ||
-                        (relation.related_collection === parentCollection && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field) === pathRoot));
-                });
-                if (!relation)
+                const { relation, relationType } = getRelationInfo(relations, parentCollection, pathRoot);
+                if (!relation) {
                     return;
-                const relationType = (0, get_relation_type_1.getRelationType)({ relation, collection: parentCollection, field: pathRoot });
+                }
                 const alias = generateAlias();
                 (0, lodash_1.set)(aliasMap, parentAlias ? [parentAlias, ...pathParts] : pathParts, alias);
                 if (relationType === 'm2o') {
                     dbQuery.leftJoin({ [alias]: relation.related_collection }, `${parentAlias || parentCollection}.${relation.field}`, `${alias}.${schema.collections[relation.related_collection].primary}`);
                 }
-                if (relationType === 'm2a') {
+                if (relationType === 'a2o') {
                     const pathScope = pathParts[0].split(':')[1];
                     if (!pathScope) {
                         throw new exceptions_1.InvalidQueryException(`You have to provide a collection scope when filtering on a many-to-any item`);
                     }
                     dbQuery.leftJoin({ [alias]: pathScope }, (joinClause) => {
                         joinClause
-                            .on(`${parentAlias || parentCollection}.${relation.field}`, '=', knex.raw(`CAST(?? AS CHAR(255))`, `${alias}.${schema.collections[pathScope].primary}`))
-                            .andOnVal(relation.meta.one_collection_field, '=', pathScope);
+                            .onVal(relation.meta.one_collection_field, '=', pathScope)
+                            .andOn(`${parentAlias || parentCollection}.${relation.field}`, '=', knex.raw(`CAST(?? AS CHAR(255))`, `${alias}.${schema.collections[pathScope].primary}`));
+                    });
+                }
+                if (relationType === 'o2a') {
+                    dbQuery.leftJoin({ [alias]: relation.collection }, (joinClause) => {
+                        joinClause
+                            .onVal(relation.meta.one_collection_field, '=', parentCollection)
+                            .andOn(`${alias}.${relation.field}`, '=', knex.raw(`CAST(?? AS CHAR(255))`, `${parentAlias || parentCollection}.${schema.collections[parentCollection].primary}`));
                     });
                 }
                 // Still join o2m relations when in subquery OR when the o2m relation is not at the root level
@@ -179,7 +182,7 @@ function applyFilter(knex, schema, rootQuery, rootFilter, collection, subQuery =
                     if (relationType === 'm2o') {
                         parent = relation.related_collection;
                     }
-                    else if (relationType === 'm2a') {
+                    else if (relationType === 'a2o') {
                         const pathScope = pathParts[0].split(':')[1];
                         if (!pathScope) {
                             throw new exceptions_1.InvalidQueryException(`You have to provide a collection scope when filtering on a many-to-any item`);
@@ -215,17 +218,12 @@ function applyFilter(knex, schema, rootQuery, rootFilter, collection, subQuery =
             }
             const filterPath = getFilterPath(key, value);
             /**
-             * For M2A fields, the path can contain an optional collection scope <field>:<scope>
+             * For A2M fields, the path can contain an optional collection scope <field>:<scope>
              */
             const pathRoot = filterPath[0].split(':')[0];
-            const relation = relations.find((relation) => {
-                var _a;
-                return ((relation.collection === collection && relation.field === pathRoot) ||
-                    (relation.related_collection === collection && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field) === pathRoot));
-            });
+            const { relation, relationType } = getRelationInfo(relations, collection, pathRoot);
             const { operator: filterOperator, value: filterValue } = getOperation(key, value);
-            const relationType = relation ? (0, get_relation_type_1.getRelationType)({ relation, collection: collection, field: pathRoot }) : null;
-            if (relationType === 'm2o' || relationType === 'm2a' || relationType === null) {
+            if (relationType === 'm2o' || relationType === 'a2o' || relationType === null) {
                 if (filterPath.length > 1) {
                     const columnName = getWhereColumn(filterPath, collection);
                     if (!columnName)
@@ -237,7 +235,13 @@ function applyFilter(knex, schema, rootQuery, rootFilter, collection, subQuery =
                 }
             }
             else if (subQuery === false) {
-                const pkField = `${collection}.${schema.collections[relation.related_collection].primary}`;
+                if (!relation)
+                    continue;
+                let pkField = `${collection}.${schema.collections[relation.related_collection].primary}`;
+                if (relationType === 'o2a') {
+                    pkField = knex.raw(`CAST(?? AS CHAR(255))`, [pkField]);
+                }
+                // Note: knex's types don't appreciate knex.raw in whereIn, even though it's officially supported
                 dbQuery[logical].whereIn(pkField, (subQueryKnex) => {
                     const field = relation.field;
                     const collection = relation.collection;
@@ -376,22 +380,17 @@ function applyFilter(knex, schema, rootQuery, rootFilter, collection, subQuery =
             return followRelation(path);
             function followRelation(pathParts, parentCollection = collection, parentAlias) {
                 /**
-                 * For M2A fields, the path can contain an optional collection scope <field>:<scope>
+                 * For A2M fields, the path can contain an optional collection scope <field>:<scope>
                  */
                 const pathRoot = pathParts[0].split(':')[0];
-                const relation = relations.find((relation) => {
-                    var _a;
-                    return ((relation.collection === parentCollection && relation.field === pathRoot) ||
-                        (relation.related_collection === parentCollection && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field) === pathRoot));
-                });
+                const { relation, relationType } = getRelationInfo(relations, parentCollection, pathRoot);
                 if (!relation) {
                     throw new exceptions_1.InvalidQueryException(`"${parentCollection}.${pathRoot}" is not a relational field`);
                 }
-                const relationType = (0, get_relation_type_1.getRelationType)({ relation, collection: parentCollection, field: pathRoot });
                 const alias = (0, lodash_1.get)(aliasMap, parentAlias ? [parentAlias, ...pathParts] : pathParts);
                 const remainingParts = pathParts.slice(1);
                 let parent;
-                if (relationType === 'm2a') {
+                if (relationType === 'a2o') {
                     const pathScope = pathParts[0].split(':')[1];
                     if (!pathScope) {
                         throw new exceptions_1.InvalidQueryException(`You have to provide a collection scope when filtering on a many-to-any item`);

package/dist/utils/get-ast-from-query.js

@@ -88,7 +88,7 @@ async function getASTFromQuery(collection, query, schema, options) {
                 const parts = name.split('.');
                 let rootField = parts[0];
                 let collectionScope = null;
-                // m2a related collection scoped field selector `fields=sections.section_id:headings.title`
+                // a2o related collection scoped field selector `fields=sections.section_id:headings.title`
                 if (rootField.includes(':')) {
                     const [key, scope] = rootField.split(':');
                     rootField = key;
@@ -136,14 +136,14 @@ async function getASTFromQuery(collection, query, schema, options) {
             if (!relationType)
                 continue;
             let child = null;
-            if (relationType === 'm2a') {
+            if (relationType === 'a2o') {
                 const allowedCollections = relation.meta.one_allowed_collections.filter((collection) => {
                     if (!permissions)
                         return true;
                     return permissions.some((permission) => permission.collection === collection);
                 });
                 child = {
-                    type: 'm2a',
+                    type: 'a2o',
                     names: allowedCollections,
                     children: {},
                     query: {},

package/dist/utils/get-permissions.js

@@ -9,6 +9,7 @@ const lodash_1 = require("lodash");
 const database_1 = __importDefault(require("../database"));
 const app_access_permissions_1 = require("../database/system-data/app-access-permissions");
 const merge_permissions_1 = require("../utils/merge-permissions");
+const merge_permissions_for_share_1 = require("./merge-permissions-for-share");
 const users_1 = require("../services/users");
 const roles_1 = require("../services/roles");
 const cache_1 = require("../cache");
@@ -18,8 +19,8 @@ async function getPermissions(accountability, schema) {
     const database = (0, database_1.default)();
     const { systemCache, cache } = (0, cache_1.getCache)();
     let permissions = [];
-    const { user, role, app, admin } = accountability;
-    const cacheKey = `permissions-${(0, object_hash_1.default)({ user, role, app, admin })}`;
+    const { user, role, app, admin, share_scope } = accountability;
+    const cacheKey = `permissions-${(0, object_hash_1.default)({ user, role, app, admin, share_scope })}`;
     if (env_1.default.CACHE_PERMISSIONS !== false) {
         const cachedPermissions = await systemCache.get(cacheKey);
         if (cachedPermissions) {
@@ -44,14 +45,21 @@ async function getPermissions(accountability, schema) {
         }
     }
     if (accountability.admin !== true) {
-        const permissionsForRole = await database
-            .select('*')
-            .from('directus_permissions')
-            .where({ role: accountability.role });
+        const query = database.select('*').from('directus_permissions');
+        if (accountability.role) {
+            query.where({ role: accountability.role });
+        }
+        else {
+            query.whereNull('role');
+        }
+        const permissionsForRole = await query;
         const { permissions: parsedPermissions, requiredPermissionData, containDynamicData, } = parsePermissions(permissionsForRole);
         permissions = parsedPermissions;
         if (accountability.app === true) {
-            permissions = (0, merge_permissions_1.mergePermissions)(permissions, app_access_permissions_1.appAccessMinimalPermissions.map((perm) => ({ ...perm, role: accountability.role })));
+            permissions = (0, merge_permissions_1.mergePermissions)('or', permissions, app_access_permissions_1.appAccessMinimalPermissions.map((perm) => ({ ...perm, role: accountability.role })));
+        }
+        if (accountability.share_scope) {
+            permissions = (0, merge_permissions_for_share_1.mergePermissionsForShare)(permissions, accountability, schema);
         }
         const filterContext = containDynamicData
             ? await getFilterContext(schema, accountability, requiredPermissionData)

package/dist/utils/get-relation-type.d.ts

@@ -3,4 +3,4 @@ export declare function getRelationType(getRelationOptions: {
     relation: Relation;
     collection: string | null;
     field: string;
-}): 'm2o' | 'o2m' | 'm2a' | null;
+}): 'm2o' | 'o2m' | 'a2o' | null;

package/dist/utils/get-relation-type.js

@@ -10,7 +10,7 @@ function getRelationType(getRelationOptions) {
         relation.field === field &&
         ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_collection_field) &&
         ((_b = relation.meta) === null || _b === void 0 ? void 0 : _b.one_allowed_collections)) {
-        return 'm2a';
+        return 'a2o';
     }
     if (relation.collection === collection && relation.field === field) {
         return 'm2o';

package/dist/utils/merge-permissions-for-share.d.ts

@@ -0,0 +1,5 @@
+import { Permission, Accountability, Filter } from '@directus/shared/types';
+import { SchemaOverview } from '../types';
+export declare function mergePermissionsForShare(currentPermissions: Permission[], accountability: Accountability, schema: SchemaOverview): Permission[];
+export declare function traverse(schema: SchemaOverview, rootItemPrimaryKeyField: string, rootItemPrimaryKey: string, currentCollection: string, parentCollections?: string[], path?: string[]): Partial<Permission>[];
+export declare function getFilterForPath(type: 'o2m' | 'm2o' | 'a2o', path: string[], rootPrimaryKeyField: string, rootPrimaryKey: string): Filter;

package/dist/utils/merge-permissions-for-share.js

@@ -0,0 +1,116 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getFilterForPath = exports.traverse = exports.mergePermissionsForShare = void 0;
+const lodash_1 = require("lodash");
+const merge_permissions_1 = require("./merge-permissions");
+const app_access_permissions_1 = require("../database/system-data/app-access-permissions");
+const reduce_schema_1 = require("./reduce-schema");
+function mergePermissionsForShare(currentPermissions, accountability, schema) {
+    const defaults = {
+        action: 'read',
+        role: accountability.role,
+        collection: '',
+        permissions: {},
+        validation: null,
+        presets: null,
+        fields: null,
+    };
+    const { collection, item } = accountability.share_scope;
+    const parentPrimaryKeyField = schema.collections[collection].primary;
+    const reducedSchema = (0, reduce_schema_1.reduceSchema)(schema, currentPermissions, ['read']);
+    const relationalPermissions = traverse(reducedSchema, parentPrimaryKeyField, item, collection);
+    const parentCollectionPermission = (0, lodash_1.assign)({}, defaults, {
+        collection,
+        permissions: {
+            [parentPrimaryKeyField]: {
+                _eq: item,
+            },
+        },
+    });
+    // All permissions that will be merged into the original permissions set
+    const allGeneratedPermissions = [
+        parentCollectionPermission,
+        ...relationalPermissions.map((generated) => (0, lodash_1.assign)({}, defaults, generated)),
+        ...app_access_permissions_1.schemaPermissions,
+    ];
+    // All the collections that are touched through the relational tree from the current root collection, and the schema collections
+    const allowedCollections = (0, lodash_1.uniq)(allGeneratedPermissions.map(({ collection }) => collection));
+    const generatedPermissions = [];
+    // Merge all the permissions that relate to the same collection with an _or (this allows you to properly retrieve)
+    // the items of a collection if you entered that collection from multiple angles
+    for (const collection of allowedCollections) {
+        const permissionsForCollection = allGeneratedPermissions.filter((permission) => permission.collection === collection);
+        if (permissionsForCollection.length > 0) {
+            generatedPermissions.push(...(0, merge_permissions_1.mergePermissions)('or', permissionsForCollection));
+        }
+        else {
+            generatedPermissions.push(...permissionsForCollection);
+        }
+    }
+    // Explicitly filter out permissions to collections unrelated to the root parent item.
+    const limitedPermissions = currentPermissions.filter(({ collection }) => allowedCollections.includes(collection));
+    return (0, merge_permissions_1.mergePermissions)('and', limitedPermissions, generatedPermissions);
+}
+exports.mergePermissionsForShare = mergePermissionsForShare;
+function traverse(schema, rootItemPrimaryKeyField, rootItemPrimaryKey, currentCollection, parentCollections = [], path = []) {
+    var _a, _b, _c;
+    const permissions = [];
+    // If there's already a permissions rule for the collection we're currently checking, we'll shortcircuit.
+    // This prevents infinite loop in recursive relationships, like articles->related_articles->articles, or
+    // articles.author->users.avatar->files.created_by->users.avatar->files.created_by->🔁
+    if (parentCollections.includes(currentCollection)) {
+        return permissions;
+    }
+    const relationsInCollection = schema.relations.filter((relation) => {
+        return relation.collection === currentCollection || relation.related_collection === currentCollection;
+    });
+    for (const relation of relationsInCollection) {
+        let type;
+        if (relation.related_collection === currentCollection) {
+            type = 'o2m';
+        }
+        else if (!relation.related_collection) {
+            type = 'a2o';
+        }
+        else {
+            type = 'm2o';
+        }
+        if (type === 'o2m') {
+            permissions.push({
+                collection: relation.collection,
+                permissions: getFilterForPath(type, [...path, relation.field], rootItemPrimaryKeyField, rootItemPrimaryKey),
+            });
+            permissions.push(...traverse(schema, rootItemPrimaryKeyField, rootItemPrimaryKey, relation.collection, [...parentCollections, currentCollection], [...path, relation.field]));
+        }
+        if (type === 'a2o' && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_allowed_collections)) {
+            for (const collection of relation.meta.one_allowed_collections) {
+                permissions.push({
+                    collection,
+                    permissions: getFilterForPath(type, [...path, `$FOLLOW(${relation.collection},${relation.field},${relation.meta.one_collection_field})`], rootItemPrimaryKeyField, rootItemPrimaryKey),
+                });
+            }
+        }
+        if (type === 'm2o') {
+            permissions.push({
+                collection: relation.related_collection,
+                permissions: getFilterForPath(type, [...path, `$FOLLOW(${relation.collection},${relation.field})`], rootItemPrimaryKeyField, rootItemPrimaryKey),
+            });
+            if ((_b = relation.meta) === null || _b === void 0 ? void 0 : _b.one_field) {
+                permissions.push(...traverse(schema, rootItemPrimaryKeyField, rootItemPrimaryKey, relation.related_collection, [...parentCollections, currentCollection], [...path, (_c = relation.meta) === null || _c === void 0 ? void 0 : _c.one_field]));
+            }
+        }
+    }
+    return permissions;
+}
+exports.traverse = traverse;
+function getFilterForPath(type, path, rootPrimaryKeyField, rootPrimaryKey) {
+    const filter = {};
+    if (type === 'm2o' || type === 'a2o') {
+        (0, lodash_1.set)(filter, path.reverse(), { [rootPrimaryKeyField]: { _eq: rootPrimaryKey } });
+    }
+    else {
+        (0, lodash_1.set)(filter, path.reverse(), { _eq: rootPrimaryKey });
+    }
+    return filter;
+}
+exports.getFilterForPath = getFilterForPath;

package/dist/utils/merge-permissions.d.ts

@@ -1,2 +1,14 @@
+/// <reference types="lodash" />
 import { Permission } from '@directus/shared/types';
-export declare function mergePermissions(...permissions: Permission[][]): Permission[];
+export declare function mergePermissions(strategy: 'and' | 'or', ...permissions: Permission[][]): Permission[];
+export declare function mergePermission(strategy: 'and' | 'or', currentPerm: Permission, newPerm: Permission): import("lodash").Omit<{
+    permissions: import("@directus/shared/types").Filter | null;
+    validation: import("@directus/shared/types").Filter | null;
+    fields: string[] | null;
+    presets: Record<string, any> | null;
+    id?: number | undefined;
+    role: string | null;
+    collection: string;
+    action: import("@directus/shared/types").PermissionsAction;
+    system?: true | undefined;
+}, "id" | "system">;

package/dist/utils/merge-permissions.js

@@ -1,66 +1,73 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.mergePermissions = void 0;
+exports.mergePermission = exports.mergePermissions = void 0;
 const lodash_1 = require("lodash");
-function mergePermissions(...permissions) {
+function mergePermissions(strategy, ...permissions) {
     const allPermissions = (0, lodash_1.flatten)(permissions);
     const mergedPermissions = allPermissions
         .reduce((acc, val) => {
         const key = `${val.collection}__${val.action}__${val.role || '$PUBLIC'}`;
         const current = acc.get(key);
-        acc.set(key, current ? mergePerm(current, val) : val);
+        acc.set(key, current ? mergePermission(strategy, current, val) : val);
         return acc;
     }, new Map())
         .values();
-    const result = Array.from(mergedPermissions).map((perm) => {
-        return (0, lodash_1.omit)(perm, ['id', 'system']);
-    });
-    return result;
+    return Array.from(mergedPermissions);
 }
 exports.mergePermissions = mergePermissions;
-function mergePerm(currentPerm, newPerm) {
+function mergePermission(strategy, currentPerm, newPerm) {
+    const logicalKey = `_${strategy}`;
     let permissions = currentPerm.permissions;
     let validation = currentPerm.validation;
     let fields = currentPerm.fields;
     let presets = currentPerm.presets;
     if (newPerm.permissions) {
-        if (currentPerm.permissions && Object.keys(currentPerm.permissions)[0] === '_or') {
+        if (currentPerm.permissions && Object.keys(currentPerm.permissions)[0] === logicalKey) {
             permissions = {
-                _or: [...currentPerm.permissions._or, newPerm.permissions],
+                [logicalKey]: [
+                    ...currentPerm.permissions[logicalKey],
+                    newPerm.permissions,
+                ],
             };
         }
         else if (currentPerm.permissions) {
             permissions = {
-                _or: [currentPerm.permissions, newPerm.permissions],
+                [logicalKey]: [currentPerm.permissions, newPerm.permissions],
             };
         }
         else {
             permissions = {
-                _or: [newPerm.permissions],
+                [logicalKey]: [newPerm.permissions],
             };
         }
     }
     if (newPerm.validation) {
-        if (currentPerm.validation && Object.keys(currentPerm.validation)[0] === '_or') {
+        if (currentPerm.validation && Object.keys(currentPerm.validation)[0] === logicalKey) {
             validation = {
-                _or: [...currentPerm.validation._or, newPerm.validation],
+                [logicalKey]: [
+                    ...currentPerm.validation[logicalKey],
+                    newPerm.validation,
+                ],
             };
         }
         else if (currentPerm.validation) {
             validation = {
-                _or: [currentPerm.validation, newPerm.validation],
+                [logicalKey]: [currentPerm.validation, newPerm.validation],
             };
         }
         else {
             validation = {
-                _or: [newPerm.validation],
+                [logicalKey]: [newPerm.validation],
             };
         }
     }
     if (newPerm.fields) {
-        if (Array.isArray(currentPerm.fields)) {
+        if (Array.isArray(currentPerm.fields) && strategy === 'or') {
             fields = [...new Set([...currentPerm.fields, ...newPerm.fields])];
         }
+        else if (Array.isArray(currentPerm.fields) && strategy === 'and') {
+            fields = (0, lodash_1.intersection)(currentPerm.fields, newPerm.fields);
+        }
         else {
             fields = newPerm.fields;
         }
@@ -70,11 +77,12 @@ function mergePerm(currentPerm, newPerm) {
     if (newPerm.presets) {
         presets = (0, lodash_1.merge)({}, presets, newPerm.presets);
     }
-    return {
+    return (0, lodash_1.omit)({
         ...currentPerm,
         permissions,
         validation,
         fields,
         presets,
-    };
+    }, ['id', 'system']);
 }
+exports.mergePermission = mergePermission;

package/dist/utils/reduce-schema.d.ts

@@ -1,5 +1,5 @@
 import { SchemaOverview } from '../types';
-import { Accountability, PermissionsAction } from '@directus/shared/types';
+import { Permission, PermissionsAction } from '@directus/shared/types';
 /**
  * Reduces the schema based on the included permissions. The resulting object is the schema structure, but with only
  * the allowed collections/fields/relations included based on the permissions.
@@ -7,4 +7,4 @@ import { Accountability, PermissionsAction } from '@directus/shared/types';
  * @param actions Array of permissions actions (crud)
  * @returns Reduced schema
  */
-export declare function reduceSchema(schema: SchemaOverview, accountability: Accountability | null, actions?: PermissionsAction[]): SchemaOverview;
+export declare function reduceSchema(schema: SchemaOverview, permissions: Permission[] | null, actions?: PermissionsAction[]): SchemaOverview;

package/dist/utils/reduce-schema.js

@@ -9,13 +9,13 @@ const lodash_1 = require("lodash");
  * @param actions Array of permissions actions (crud)
  * @returns Reduced schema
  */
-function reduceSchema(schema, accountability, actions = ['create', 'read', 'update', 'delete']) {
-    var _a, _b, _c, _d, _e;
+function reduceSchema(schema, permissions, actions = ['create', 'read', 'update', 'delete']) {
+    var _a, _b, _c;
     const reduced = {
         collections: {},
         relations: [],
     };
-    const allowedFieldsInCollection = (_b = (_a = accountability === null || accountability === void 0 ? void 0 : accountability.permissions) === null || _a === void 0 ? void 0 : _a.filter((permission) => actions.includes(permission.action)).reduce((acc, permission) => {
+    const allowedFieldsInCollection = (_a = permissions === null || permissions === void 0 ? void 0 : permissions.filter((permission) => actions.includes(permission.action)).reduce((acc, permission) => {
         if (!acc[permission.collection]) {
             acc[permission.collection] = [];
         }
@@ -23,13 +23,13 @@ function reduceSchema(schema, accountability, actions = ['create', 'read', 'upda
             acc[permission.collection] = (0, lodash_1.uniq)([...acc[permission.collection], ...permission.fields]);
         }
         return acc;
-    }, {})) !== null && _b !== void 0 ? _b : {};
+    }, {})) !== null && _a !== void 0 ? _a : {};
     for (const [collectionName, collection] of Object.entries(schema.collections)) {
-        if ((_c = accountability === null || accountability === void 0 ? void 0 : accountability.permissions) === null || _c === void 0 ? void 0 : _c.some((permission) => permission.collection === collectionName && actions.includes(permission.action))) {
+        if (permissions === null || permissions === void 0 ? void 0 : permissions.some((permission) => permission.collection === collectionName && actions.includes(permission.action))) {
             const fields = {};
             for (const [fieldName, field] of Object.entries(schema.collections[collectionName].fields)) {
-                if (((_d = allowedFieldsInCollection[collectionName]) === null || _d === void 0 ? void 0 : _d.includes('*')) ||
-                    ((_e = allowedFieldsInCollection[collectionName]) === null || _e === void 0 ? void 0 : _e.includes(fieldName))) {
+                if (((_b = allowedFieldsInCollection[collectionName]) === null || _b === void 0 ? void 0 : _b.includes('*')) ||
+                    ((_c = allowedFieldsInCollection[collectionName]) === null || _c === void 0 ? void 0 : _c.includes(fieldName))) {
                     fields[fieldName] = field;
                 }
             }

package/dist/utils/user-name.js

@@ -2,6 +2,9 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.userName = void 0;
 function userName(user) {
+    if (!user) {
+        return 'Unknown User';
+    }
     if (user.first_name && user.last_name) {
         return `${user.first_name} ${user.last_name}`;
     }

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "directus",
-	"version": "9.3.0",
+	"version": "9.4.0",
 	"license": "GPL-3.0-only",
 	"homepage": "https://github.com/directus/directus#readme",
 	"description": "Directus is a real-time API and App dashboard for managing SQL database content.",
@@ -76,16 +76,16 @@
 	],
 	"dependencies": {
 		"@aws-sdk/client-ses": "^3.40.0",
-		"@directus/app": "9.3.0",
-		"@directus/drive": "9.3.0",
-		"@directus/drive-azure": "9.3.0",
-		"@directus/drive-gcs": "9.3.0",
-		"@directus/drive-s3": "9.3.0",
-		"@directus/extensions-sdk": "9.3.0",
-		"@directus/format-title": "9.3.0",
-		"@directus/schema": "9.3.0",
-		"@directus/shared": "9.3.0",
-		"@directus/specs": "9.3.0",
+		"@directus/app": "9.4.0",
+		"@directus/drive": "9.4.0",
+		"@directus/drive-azure": "9.4.0",
+		"@directus/drive-gcs": "9.4.0",
+		"@directus/drive-s3": "9.4.0",
+		"@directus/extensions-sdk": "9.4.0",
+		"@directus/format-title": "9.4.0",
+		"@directus/schema": "9.4.0",
+		"@directus/shared": "9.4.0",
+		"@directus/specs": "9.4.0",
 		"@godaddy/terminus": "^4.9.0",
 		"@rollup/plugin-alias": "^3.1.2",
 		"@rollup/plugin-virtual": "^2.0.3",
@@ -169,7 +169,7 @@
 		"sqlite3": "^5.0.2",
 		"tedious": "^13.0.0"
 	},
-	"gitHead": "4b444baf5b73467a74f6d57c33277146bc86285c",
+	"gitHead": "a47b9cec0f24a7585108744b3c816bfc620297c4",
 	"devDependencies": {
 		"@types/async": "3.2.10",
 		"@types/atob": "2.1.2",