directus 9.7.0 → 9.7.1

package/dist/database/index.js

@@ -235,9 +235,6 @@ exports.validateDatabaseExtensions = validateDatabaseExtensions;
 async function validateDatabaseCharset(database) {
     database = database !== null && database !== void 0 ? database : getDatabase();
     if (getDatabaseClient(database) === 'mysql') {
-        if (env_1.default.DB_CHARSET) {
-            logger_1.default.warn(`Using custom DB_CHARSET "${env_1.default.DB_CHARSET}". Using a charset different from the database's default can cause problems in relationships. Omitting DB_CHARSET is strongly recommended.`);
-        }
         const { collation } = await database.select(database.raw(`@@collation_database as collation`)).first();
         const tables = await database('information_schema.tables')
             .select({ name: 'TABLE_NAME', collation: 'TABLE_COLLATION' })

package/dist/database/migrations/20220314A-add-translation-strings.d.ts

@@ -0,0 +1,3 @@
+import { Knex } from 'knex';
+export declare function up(knex: Knex): Promise<void>;
+export declare function down(knex: Knex): Promise<void>;

package/dist/database/migrations/20220314A-add-translation-strings.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.down = exports.up = void 0;
+async function up(knex) {
+    await knex.schema.alterTable('directus_settings', (table) => {
+        table.json('translation_strings');
+    });
+}
+exports.up = up;
+async function down(knex) {
+    await knex.schema.alterTable('directus_settings', (table) => {
+        table.dropColumn('translation_strings');
+    });
+}
+exports.down = down;

package/dist/database/migrations/20220322A-rename-field-typecast-flags.d.ts

@@ -0,0 +1,3 @@
+import { Knex } from 'knex';
+export declare function up(knex: Knex): Promise<void>;
+export declare function down(knex: Knex): Promise<void>;

package/dist/database/migrations/20220322A-rename-field-typecast-flags.js

@@ -0,0 +1,73 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.down = exports.up = void 0;
+const utils_1 = require("@directus/shared/utils");
+const lodash_1 = require("lodash");
+async function up(knex) {
+    const fields = await knex
+        .select('id', 'special')
+        .from('directus_fields')
+        .whereNotNull('special')
+        .orWhere('special', '<>', '');
+    for (const { id, special } of fields) {
+        let parsedSpecial;
+        try {
+            parsedSpecial = (0, utils_1.toArray)(special);
+        }
+        catch {
+            continue;
+        }
+        if (parsedSpecial && (0, lodash_1.isArray)(parsedSpecial)) {
+            let updateRequired = false;
+            parsedSpecial = parsedSpecial.map((special) => {
+                switch (special) {
+                    case 'boolean':
+                    case 'csv':
+                    case 'json':
+                        updateRequired = true;
+                        return 'cast-' + special;
+                    default:
+                        return special;
+                }
+            });
+            if (updateRequired) {
+                await knex('directus_fields').update({ special: parsedSpecial }).where({ id });
+            }
+        }
+    }
+}
+exports.up = up;
+async function down(knex) {
+    const fields = await knex
+        .select('id', 'special')
+        .from('directus_fields')
+        .whereNotNull('special')
+        .orWhere('special', '<>', '');
+    for (const { id, special } of fields) {
+        let parsedSpecial;
+        try {
+            parsedSpecial = (0, utils_1.toArray)(special);
+        }
+        catch {
+            continue;
+        }
+        if (parsedSpecial && (0, lodash_1.isArray)(parsedSpecial)) {
+            let updateRequired = false;
+            parsedSpecial = parsedSpecial.map((special) => {
+                switch (special) {
+                    case 'cast-boolean':
+                    case 'cast-csv':
+                    case 'cast-json':
+                        updateRequired = true;
+                        return special.replace('cast-', '');
+                    default:
+                        return special;
+                }
+            });
+            if (updateRequired) {
+                await knex('directus_fields').update({ special: parsedSpecial }).where({ id });
+            }
+        }
+    }
+}
+exports.down = down;

package/dist/database/migrations/run.js

@@ -63,7 +63,7 @@ async function run(database, direction, log = true) {
         await database.insert({ version: nextVersion.version, name: nextVersion.name }).into('directus_migrations');
     }
     async function down() {
-        const lastAppliedMigration = (0, lodash_1.orderBy)(completedMigrations, ['timestamp'], ['desc'])[0];
+        const lastAppliedMigration = (0, lodash_1.orderBy)(completedMigrations, ['timestamp', 'version'], ['desc', 'desc'])[0];
         if (!lastAppliedMigration) {
             throw Error('Nothing to downgrade');
         }

package/dist/database/system-data/fields/collections.yaml

@@ -42,21 +42,21 @@ fields:
     width: full
 
   - field: hidden
-    special: boolean
+    special: cast-boolean
     interface: boolean
     options:
       label: $t:field_options.directus_collections.hidden_label
     width: half
 
   - field: singleton
-    special: boolean
+    special: cast-boolean
     interface: boolean
     options:
       label: $t:singleton_label
     width: half
 
   - field: translations
-    special: json
+    special: cast-json
     interface: list
     options:
       template: '{{ translation }} ({{ language }})'
@@ -115,7 +115,7 @@ fields:
 
   - field: archive_app_filter
     interface: boolean
-    special: boolean
+    special: cast-boolean
     options:
       label: $t:field_options.directus_collections.archive_app_filter
     width: half

package/dist/database/system-data/fields/fields.yaml

@@ -17,7 +17,7 @@ fields:
   - collection: directus_fields
     field: special
     hidden: true
-    special: csv
+    special: cast-csv
     width: half
 
   - collection: directus_fields
@@ -27,7 +27,7 @@ fields:
   - collection: directus_fields
     field: options
     hidden: true
-    special: json
+    special: cast-json
     width: half
 
   - collection: directus_fields
@@ -37,25 +37,25 @@ fields:
   - collection: directus_fields
     field: display_options
     hidden: true
-    special: json
+    special: cast-json
     width: half
 
   - collection: directus_fields
     field: readonly
     hidden: true
-    special: boolean
+    special: cast-boolean
     width: half
 
   - collection: directus_fields
     field: hidden
     hidden: true
-    special: boolean
+    special: cast-boolean
     width: half
 
   - collection: directus_fields
     field: required
     hidden: true
-    special: boolean
+    special: cast-boolean
     width: half
 
   - collection: directus_fields
@@ -73,7 +73,7 @@ fields:
   - collection: directus_fields
     field: translations
     hidden: true
-    special: json
+    special: cast-json
     width: half
 
   - collection: directus_fields
@@ -83,4 +83,4 @@ fields:
   - collection: directus_fields
     field: conditions
     hidden: true
-    special: json
+    special: cast-json

package/dist/database/system-data/fields/files.yaml

@@ -23,7 +23,7 @@ fields:
     interface: tags
     options:
       iconRight: local_offer
-    special: json
+    special: cast-json
     width: full
     display: labels
     display_options:
@@ -71,7 +71,7 @@ fields:
 
   - field: metadata
     hidden: true
-    special: json
+    special: cast-json
 
   - field: type
     display: mime-type

package/dist/database/system-data/fields/panels.yaml

@@ -9,13 +9,13 @@ fields:
   - field: note
   - field: type
   - field: show_header
-    special: boolean
+    special: cast-boolean
   - field: position_x
   - field: position_y
   - field: width
   - field: height
   - field: options
-    special: json
+    special: cast-json
   - field: date_created
     special: date-created
   - field: user_created

package/dist/database/system-data/fields/permissions.yaml

@@ -4,12 +4,12 @@ table: directus_permissions
 fields:
   - field: permissions
     hidden: true
-    special: json
+    special: cast-json
     width: half
 
   - field: presets
     hidden: true
-    special: json
+    special: cast-json
     width: half
 
   - field: role
@@ -23,11 +23,11 @@ fields:
 
   - field: fields
     width: half
-    special: csv
+    special: cast-csv
 
   - field: action
     width: half
 
   - field: validation
     width: half
-    special: json
+    special: cast-json

package/dist/database/system-data/fields/presets.yaml

@@ -3,15 +3,15 @@ table: directus_presets
 fields:
   - field: filter
     hidden: true
-    special: json
+    special: cast-json
 
   - field: layout_query
     hidden: true
-    special: json
+    special: cast-json
 
   - field: layout_options
     hidden: true
-    special: json
+    special: cast-json
 
   - field: role
     width: half

package/dist/database/system-data/fields/relations.yaml

@@ -20,7 +20,7 @@ fields:
     width: half
 
   - field: one_allowed_collections
-    special: csv
+    special: cast-csv
     width: half
 
   - field: junction_field

package/dist/database/system-data/fields/revisions.yaml

@@ -15,11 +15,11 @@ fields:
 
   - field: data
     hidden: true
-    special: json
+    special: cast-json
 
   - field: delta
     hidden: true
-    special: json
+    special: cast-json
 
   - field: parent
     width: half

package/dist/database/system-data/fields/roles.yaml

@@ -25,24 +25,24 @@ fields:
 
   - field: app_access
     interface: boolean
-    special: boolean
+    special: cast-boolean
     width: half
 
   - field: admin_access
     interface: boolean
-    special: boolean
+    special: cast-boolean
     width: half
 
   - field: ip_access
     interface: tags
     options:
       placeholder: $t:field_options.directus_roles.ip_access
-    special: csv
+    special: cast-csv
     width: full
 
   - field: enforce_tfa
     interface: boolean
-    special: boolean
+    special: cast-boolean
     width: half
 
   - field: users

package/dist/database/system-data/fields/settings.yaml

@@ -121,7 +121,7 @@ fields:
 
   - field: module_bar
     interface: system-modules
-    special: json
+    special: cast-json
 
   - field: security_divider
     interface: presentation-divider
@@ -297,7 +297,7 @@ fields:
                 ]
             width: full
       template: '{{key}}'
-    special: json
+    special: cast-json
     width: full
 
   - field: map_divider
@@ -322,7 +322,7 @@ fields:
 
   - field: basemaps
     interface: list
-    special: json
+    special: cast-json
     options:
       template: '{{name}}'
       fields:
@@ -378,3 +378,6 @@ fields:
             interface: input
             options:
               placeholder: $t:fields.directus_settings.attribution_placeholder
+
+  - field: translation_strings
+    hidden: true

package/dist/database/system-data/fields/users.yaml

@@ -50,7 +50,7 @@ fields:
 
   - field: tags
     interface: tags
-    special: json
+    special: cast-json
     width: full
     options:
       iconRight: local_offer
@@ -93,7 +93,7 @@ fields:
   - field: email_notifications
     interface: boolean
     width: half
-    special: boolean
+    special: cast-boolean
 
   - field: admin_divider
     interface: presentation-divider

package/dist/database/system-data/fields/webhooks.yaml

@@ -60,12 +60,12 @@ fields:
     interface: boolean
     options:
       label: $t:fields.directus_webhooks.data_label
-    special: boolean
+    special: cast-boolean
     width: half
     display: boolean
 
   - field: headers
-    special: json
+    special: cast-json
     interface: list
     options:
       template: '{{ header }}: {{ value }}'
@@ -105,7 +105,7 @@ fields:
           value: update
         - text: $t:delete_label
           value: delete
-    special: csv
+    special: cast-csv
     width: full
     display: labels
     display_options:
@@ -129,7 +129,7 @@ fields:
 
   - field: collections
     interface: system-collections
-    special: csv
+    special: cast-csv
     width: full
     display: labels
     display_options:

package/dist/env.js

@@ -235,6 +235,7 @@ function processValues(env) {
         }
         if (String(value).includes(',')) {
             env[key] = (0, utils_1.toArray)(value);
+            continue;
         }
         // Try converting the value to a JS object. This allows JSON objects to be passed for nested
         // config flags, or custom param names (that aren't camelCased)

package/dist/services/authorization.js

@@ -35,6 +35,7 @@ class AuthorizationService {
             throw new exceptions_1.ForbiddenException();
         }
         validateFields(ast);
+        validateFilterPermissions(ast, this.schema, this.accountability);
         applyFilters(ast, this.accountability);
         return ast;
         /**
@@ -105,6 +106,63 @@ class AuthorizationService {
                 }
             }
         }
+        function validateFilterPermissions(ast, schema, accountability) {
+            var _a, _b, _c, _d, _e;
+            if (ast.type !== 'field') {
+                if (ast.type === 'a2o') {
+                    for (const collection of Object.keys(ast.children)) {
+                        checkFilter(collection, (_c = (_b = (_a = ast.query) === null || _a === void 0 ? void 0 : _a[collection]) === null || _b === void 0 ? void 0 : _b.filter) !== null && _c !== void 0 ? _c : {});
+                        for (const child of ast.children[collection]) {
+                            validateFilterPermissions(child, schema, accountability);
+                        }
+                    }
+                }
+                else {
+                    checkFilter(ast.name, (_e = (_d = ast.query) === null || _d === void 0 ? void 0 : _d.filter) !== null && _e !== void 0 ? _e : {});
+                    for (const child of ast.children) {
+                        validateFilterPermissions(child, schema, accountability);
+                    }
+                }
+            }
+            function checkFilter(collection, filter) {
+                var _a;
+                const permissions = (_a = accountability === null || accountability === void 0 ? void 0 : accountability.permissions) === null || _a === void 0 ? void 0 : _a.find((permission) => permission.collection === collection);
+                if (!permissions)
+                    throw new exceptions_1.ForbiddenException();
+                const allowedFields = permissions.fields || [];
+                for (const [key, value] of Object.entries(filter)) {
+                    if (key.startsWith('_')) {
+                        // Continue checking for _and and _or
+                        if ((0, lodash_1.isArray)(value)) {
+                            for (const val of value) {
+                                checkFilter(collection, val);
+                            }
+                        }
+                    }
+                    else {
+                        if (allowedFields.length !== 0 &&
+                            allowedFields.includes('*') === false &&
+                            allowedFields.includes(key) === false) {
+                            throw new exceptions_1.ForbiddenException();
+                        }
+                        const relation = schema.relations.find((relation) => {
+                            var _a;
+                            return ((relation.collection === collection && relation.field === key) ||
+                                (relation.related_collection === collection && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field) === key));
+                        });
+                        // Field is a relation
+                        if (relation) {
+                            if (relation.related_collection === collection) {
+                                checkFilter(relation.collection, value);
+                            }
+                            else {
+                                checkFilter(relation.related_collection, value);
+                            }
+                        }
+                    }
+                }
+            }
+        }
         function applyFilters(ast, accountability) {
             if (ast.type !== 'field') {
                 if (ast.type === 'a2o') {

package/dist/services/items.js

@@ -496,6 +496,7 @@ class ItemsService {
         if ((opts === null || opts === void 0 ? void 0 : opts.emitEvents) !== false) {
             emitter_1.default.emitAction(this.eventScope === 'items' ? ['items.delete', `${this.collection}.items.delete`] : `${this.eventScope}.delete`, {
                 payload: keys,
+                keys: keys,
                 collection: this.collection,
             }, {
                 // This hook is called async. If we would pass the transaction here, the hook can be

package/dist/services/payload.js

@@ -37,7 +37,7 @@ class PayloadService {
                 }
                 return value;
             },
-            async boolean({ action, value }) {
+            async 'cast-boolean'({ action, value }) {
                 if (action === 'read') {
                     if (value === true || value === 1 || value === '1') {
                         return true;
@@ -51,7 +51,7 @@ class PayloadService {
                 }
                 return value;
             },
-            async json({ action, value }) {
+            async 'cast-json'({ action, value }) {
                 if (action === 'read') {
                     if (typeof value === 'string') {
                         try {
@@ -99,7 +99,7 @@ class PayloadService {
                     return new Date();
                 return value;
             },
-            async csv({ action, value }) {
+            async 'cast-csv'({ action, value }) {
                 if (Array.isArray(value) === false && typeof value !== 'string')
                     return;
                 if (action === 'read' && Array.isArray(value) === false) {

package/dist/utils/get-local-type.js

@@ -101,11 +101,11 @@ function getLocalType(column, field) {
     const type = localTypeMap[dataType.split('(')[0]];
     const special = field === null || field === void 0 ? void 0 : field.special;
     if (special) {
-        if (special.includes('json'))
+        if (special.includes('cast-json'))
             return 'json';
         if (special.includes('hash'))
             return 'hash';
-        if (special.includes('csv'))
+        if (special.includes('cast-csv'))
             return 'csv';
         if (special.includes('uuid') || special.includes('file'))
             return 'uuid';

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "directus",
-	"version": "9.7.0",
+	"version": "9.7.1",
 	"license": "GPL-3.0-only",
 	"homepage": "https://github.com/directus/directus#readme",
 	"description": "Directus is a real-time API and App dashboard for managing SQL database content.",
@@ -78,16 +78,16 @@
 	],
 	"dependencies": {
 		"@aws-sdk/client-ses": "^3.40.0",
-		"@directus/app": "9.7.0",
-		"@directus/drive": "9.7.0",
-		"@directus/drive-azure": "9.7.0",
-		"@directus/drive-gcs": "9.7.0",
-		"@directus/drive-s3": "9.7.0",
-		"@directus/extensions-sdk": "9.7.0",
-		"@directus/format-title": "9.7.0",
-		"@directus/schema": "9.7.0",
-		"@directus/shared": "9.7.0",
-		"@directus/specs": "9.7.0",
+		"@directus/app": "9.7.1",
+		"@directus/drive": "9.7.1",
+		"@directus/drive-azure": "9.7.1",
+		"@directus/drive-gcs": "9.7.1",
+		"@directus/drive-s3": "9.7.1",
+		"@directus/extensions-sdk": "9.7.1",
+		"@directus/format-title": "9.7.1",
+		"@directus/schema": "9.7.1",
+		"@directus/shared": "9.7.1",
+		"@directus/specs": "9.7.1",
 		"@godaddy/terminus": "^4.9.0",
 		"@rollup/plugin-alias": "^3.1.9",
 		"@rollup/plugin-virtual": "^2.0.3",
@@ -173,7 +173,7 @@
 		"sqlite3": "^5.0.2",
 		"tedious": "^13.0.0"
 	},
-	"gitHead": "c1da41d6719d4efdc5d0196019fb7b2c6672c575",
+	"gitHead": "7b1594727686ab8bfac416d851b1f0063f38f893",
 	"devDependencies": {
 		"@types/async": "3.2.10",
 		"@types/body-parser": "1.19.2",