directus 9.7.1 → 9.8.0

package/dist/database/migrations/20220325B-add-default-language.js

@@ -0,0 +1,28 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.down = exports.up = void 0;
+const helpers_1 = require("../helpers");
+async function up(knex) {
+    const helper = (0, helpers_1.getHelpers)(knex).schema;
+    await knex.schema.alterTable('directus_settings', (table) => {
+        table.string('default_language').notNullable().defaultTo('en-US');
+    });
+    await helper.changeToString('directus_users', 'language', {
+        nullable: true,
+        default: null,
+        length: 255,
+    });
+}
+exports.up = up;
+async function down(knex) {
+    const helper = (0, helpers_1.getHelpers)(knex).schema;
+    await knex.schema.alterTable('directus_settings', (table) => {
+        table.dropColumn('default_language');
+    });
+    await helper.changeToString('directus_users', 'language', {
+        nullable: true,
+        default: 'en-US',
+        length: 255,
+    });
+}
+exports.down = down;

package/dist/database/run-ast.js

@@ -151,7 +151,7 @@ function getColumnPreprocessor(knex, schema, table) {
         if (field.type.startsWith('geometry')) {
             return helpers.st.asText(table, field.field);
         }
-        return (0, get_column_1.getColumn)(knex, table, fieldNode.name, alias);
+        return (0, get_column_1.getColumn)(knex, table, fieldNode.name, alias, schema);
     };
 }
 function getDBQuery(schema, knex, table, fieldNodes, query) {
@@ -244,7 +244,9 @@ function mergeWithParentItems(schema, nestedItem, parentItem, nestedNode) {
             if (nestedNode.query.offset && nestedNode.query.offset >= 0) {
                 parentItem[nestedNode.fieldKey] = parentItem[nestedNode.fieldKey].slice(nestedNode.query.offset);
             }
-            parentItem[nestedNode.fieldKey] = parentItem[nestedNode.fieldKey].slice(0, (_a = nestedNode.query.limit) !== null && _a !== void 0 ? _a : 100);
+            if (nestedNode.query.limit !== -1) {
+                parentItem[nestedNode.fieldKey] = parentItem[nestedNode.fieldKey].slice(0, (_a = nestedNode.query.limit) !== null && _a !== void 0 ? _a : 100);
+            }
             parentItem[nestedNode.fieldKey] = parentItem[nestedNode.fieldKey].sort((a, b) => {
                 // This is pre-filled in get-ast-from-query
                 const sortField = nestedNode.query.sort[0];

package/dist/database/system-data/fields/activity.yaml

@@ -46,19 +46,19 @@ fields:
     width: half
 
   - field: comment
-    display: formatted-text
+    display: formatted-value
     display_options:
-      subdued: true
+      color: 'var(--foreground-subdued)'
     width: half
 
   - field: user_agent
-    display: formatted-text
+    display: formatted-value
     display_options:
       font: monospace
     width: half
 
   - field: ip
-    display: formatted-text
+    display: formatted-value
     display_options:
       font: monospace
     width: half

package/dist/database/system-data/fields/fields.yaml

@@ -84,3 +84,12 @@ fields:
     field: conditions
     hidden: true
     special: cast-json
+
+  - collection: directus_fields
+    field: validation
+    hidden: true
+    special: cast-json
+
+  - collection: directus_fields
+    field: validation_message
+    hidden: true

package/dist/database/system-data/fields/presets.yaml

@@ -15,9 +15,17 @@ fields:
 
   - field: role
     width: half
+    special: m2o
+    display: related-values
+    display_options:
+      template: '{{ name }}'
 
   - field: user
     width: half
+    special: m2o
+    display: related-values
+    display_options:
+      template: '{{ email }}'
 
   - field: id
     width: half
@@ -25,6 +33,12 @@ fields:
   - field: bookmark
     width: half
 
+  - field: icon
+    width: half
+
+  - field: color
+    width: half
+
   - field: search
     width: half
 

package/dist/database/system-data/fields/settings.yaml

@@ -32,7 +32,18 @@ fields:
     translations:
       language: en-US
       translations: Website
-    width: full
+    width: half
+
+  - field: default_language
+    interface: system-language
+    options:
+      iconRight: language
+      placeholder: en-US
+      includeProjectDefault: false
+    translations:
+      language: en-US
+      translations: Default Language
+    width: half
 
   - field: branding_divider
     interface: presentation-divider
@@ -380,4 +391,5 @@ fields:
               placeholder: $t:fields.directus_settings.attribution_placeholder
 
   - field: translation_strings
+    special: cast-json
     hidden: true

package/dist/logger.js

@@ -28,6 +28,7 @@ const pino_http_1 = __importStar(require("pino-http"));
 const get_config_from_env_1 = require("./utils/get-config-from-env");
 const url_1 = require("url");
 const env_1 = __importDefault(require("./env"));
+const utils_1 = require("@directus/shared/utils");
 const pinoOptions = {
     level: env_1.default.LOG_LEVEL || 'info',
     redact: {
@@ -43,7 +44,7 @@ const loggerEnvConfig = (0, get_config_from_env_1.getConfigFromEnv)('LOGGER_', '
 // Expose custom log levels into formatter function
 if (loggerEnvConfig.levels) {
     const customLogLevels = {};
-    for (const el of loggerEnvConfig.levels.split(',')) {
+    for (const el of (0, utils_1.toArray)(loggerEnvConfig.levels)) {
         const key_val = el.split(':');
         customLogLevels[key_val[0].trim()] = key_val[1].trim();
     }

package/dist/services/activity.js

@@ -16,6 +16,7 @@ const user_name_1 = require("../utils/user-name");
 const lodash_1 = require("lodash");
 const env_1 = __importDefault(require("../env"));
 const uuid_validate_1 = __importDefault(require("uuid-validate"));
+const url_1 = require("../utils/url");
 class ActivityService extends items_1.ItemsService {
     constructor(options) {
         super('directus_activity', options);
@@ -70,7 +71,9 @@ ${(0, user_name_1.userName)(sender)} has mentioned you in a comment:
 
 ${comment}
 
-<a href="${env_1.default.PUBLIC_URL}/admin/content/${data.collection}/${data.item}">Click here to view.</a>
+<a href="${new url_1.Url(env_1.default.PUBLIC_URL)
+                        .addPath('admin', 'content', data.collection, data.item)
+                        .toString()}">Click here to view.</a>
 `;
                     await this.notificationsService.createOne({
                         recipient: userID,

package/dist/services/authorization.d.ts

@@ -1,6 +1,6 @@
+import { Accountability, PermissionsAction, SchemaOverview } from '@directus/shared/types';
 import { Knex } from 'knex';
 import { AbstractServiceOptions, AST, Item, PrimaryKey } from '../types';
-import { PermissionsAction, Accountability, SchemaOverview } from '@directus/shared/types';
 import { PayloadService } from './payload';
 export declare class AuthorizationService {
     knex: Knex;

package/dist/services/authorization.js

@@ -4,14 +4,14 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthorizationService = void 0;
+const exceptions_1 = require("@directus/shared/exceptions");
+const utils_1 = require("@directus/shared/utils");
 const lodash_1 = require("lodash");
 const database_1 = __importDefault(require("../database"));
-const exceptions_1 = require("../exceptions");
-const exceptions_2 = require("@directus/shared/exceptions");
-const utils_1 = require("@directus/shared/utils");
+const exceptions_2 = require("../exceptions");
+const strip_function_1 = require("../utils/strip-function");
 const items_1 = require("./items");
 const payload_1 = require("./payload");
-const strip_function_1 = require("../utils/strip-function");
 class AuthorizationService {
     constructor(options) {
         this.knex = options.knex || (0, database_1.default)();
@@ -32,7 +32,7 @@ class AuthorizationService {
         // If the permissions don't match the collections, you don't have permission to read all of them
         const uniqueCollectionsRequestedCount = (0, lodash_1.uniq)(collectionsRequested.map(({ collection }) => collection)).length;
         if (uniqueCollectionsRequestedCount !== permissionsForCollections.length) {
-            throw new exceptions_1.ForbiddenException();
+            throw new exceptions_2.ForbiddenException();
         }
         validateFields(ast);
         validateFilterPermissions(ast, this.schema, this.accountability);
@@ -88,7 +88,7 @@ class AuthorizationService {
                             continue;
                         for (const column of Object.values(aliasMap)) {
                             if (allowedFields.includes(column) === false)
-                                throw new exceptions_1.ForbiddenException();
+                                throw new exceptions_2.ForbiddenException();
                         }
                     }
                 }
@@ -101,65 +101,137 @@ class AuthorizationService {
                         continue;
                     const fieldKey = (0, strip_function_1.stripFunction)(childNode.name);
                     if (allowedFields.includes(fieldKey) === false) {
-                        throw new exceptions_1.ForbiddenException();
+                        throw new exceptions_2.ForbiddenException();
                     }
                 }
             }
         }
         function validateFilterPermissions(ast, schema, accountability) {
             var _a, _b, _c, _d, _e;
+            let requiredFieldPermissions = {};
             if (ast.type !== 'field') {
                 if (ast.type === 'a2o') {
                     for (const collection of Object.keys(ast.children)) {
-                        checkFilter(collection, (_c = (_b = (_a = ast.query) === null || _a === void 0 ? void 0 : _a[collection]) === null || _b === void 0 ? void 0 : _b.filter) !== null && _c !== void 0 ? _c : {});
+                        requiredFieldPermissions = mergeRequiredFieldPermissions(requiredFieldPermissions, extractRequiredFieldPermissions(collection, (_c = (_b = (_a = ast.query) === null || _a === void 0 ? void 0 : _a[collection]) === null || _b === void 0 ? void 0 : _b.filter) !== null && _c !== void 0 ? _c : {}));
                         for (const child of ast.children[collection]) {
-                            validateFilterPermissions(child, schema, accountability);
+                            // Always add relational field as a deep child may have a filter
+                            if (child.type !== 'field') {
+                                (requiredFieldPermissions[collection] || (requiredFieldPermissions[collection] = new Set())).add(child.fieldKey);
+                            }
+                            requiredFieldPermissions = mergeRequiredFieldPermissions(requiredFieldPermissions, validateFilterPermissions(child, schema, accountability));
                         }
                     }
                 }
                 else {
-                    checkFilter(ast.name, (_e = (_d = ast.query) === null || _d === void 0 ? void 0 : _d.filter) !== null && _e !== void 0 ? _e : {});
+                    requiredFieldPermissions = mergeRequiredFieldPermissions(requiredFieldPermissions, extractRequiredFieldPermissions(ast.name, (_e = (_d = ast.query) === null || _d === void 0 ? void 0 : _d.filter) !== null && _e !== void 0 ? _e : {}));
                     for (const child of ast.children) {
-                        validateFilterPermissions(child, schema, accountability);
+                        // Always add relational field as a deep child may have a filter
+                        if (child.type !== 'field') {
+                            (requiredFieldPermissions[ast.name] || (requiredFieldPermissions[ast.name] = new Set())).add(child.fieldKey);
+                        }
+                        requiredFieldPermissions = mergeRequiredFieldPermissions(requiredFieldPermissions, validateFilterPermissions(child, schema, accountability));
                     }
                 }
             }
-            function checkFilter(collection, filter) {
-                var _a;
-                const permissions = (_a = accountability === null || accountability === void 0 ? void 0 : accountability.permissions) === null || _a === void 0 ? void 0 : _a.find((permission) => permission.collection === collection);
-                if (!permissions)
-                    throw new exceptions_1.ForbiddenException();
-                const allowedFields = permissions.fields || [];
-                for (const [key, value] of Object.entries(filter)) {
-                    if (key.startsWith('_')) {
-                        // Continue checking for _and and _or
-                        if ((0, lodash_1.isArray)(value)) {
-                            for (const val of value) {
-                                checkFilter(collection, val);
+            if (ast.type === 'root') {
+                // Validate all required permissions once at the root level
+                checkFieldPermissions(requiredFieldPermissions);
+            }
+            return requiredFieldPermissions;
+            function extractRequiredFieldPermissions(collection, filter, parentCollection, parentField) {
+                return (0, lodash_1.reduce)(filter, function (result, filterValue, filterKey) {
+                    if (filterKey.startsWith('_')) {
+                        if (filterKey === '_and' || filterKey === '_or') {
+                            if ((0, lodash_1.isArray)(filterValue)) {
+                                for (const filter of filterValue) {
+                                    const requiredPermissions = extractRequiredFieldPermissions(collection, filter, parentCollection, parentField);
+                                    result = mergeRequiredFieldPermissions(result, requiredPermissions);
+                                }
                             }
+                            return result;
                         }
+                        // Filter value is not a filter, so we should skip it
+                        return result;
                     }
                     else {
-                        if (allowedFields.length !== 0 &&
-                            allowedFields.includes('*') === false &&
-                            allowedFields.includes(key) === false) {
-                            throw new exceptions_1.ForbiddenException();
+                        if (collection) {
+                            (result[collection] || (result[collection] = new Set())).add(filterKey);
                         }
-                        const relation = schema.relations.find((relation) => {
-                            var _a;
-                            return ((relation.collection === collection && relation.field === key) ||
-                                (relation.related_collection === collection && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field) === key));
-                        });
-                        // Field is a relation
-                        if (relation) {
-                            if (relation.related_collection === collection) {
-                                checkFilter(relation.collection, value);
+                        else {
+                            const relation = schema.relations.find((relation) => {
+                                var _a;
+                                return ((relation.collection === parentCollection && relation.field === parentField) ||
+                                    (relation.related_collection === parentCollection && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field) === parentField));
+                            });
+                            if (relation) {
+                                if (relation.related_collection === parentCollection) {
+                                    (result[relation.collection] || (result[relation.collection] = new Set())).add(filterKey);
+                                    parentCollection = relation.collection;
+                                }
+                                else {
+                                    (result[relation.related_collection] || (result[relation.related_collection] = new Set())).add(filterKey);
+                                    parentCollection = relation.related_collection;
+                                }
                             }
                             else {
-                                checkFilter(relation.related_collection, value);
+                                // Filter key not found in parent collection
+                                throw new exceptions_2.ForbiddenException();
+                            }
+                        }
+                        if (typeof filterValue === 'object') {
+                            // Parent collection is undefined when we process the top level filter
+                            if (!parentCollection)
+                                parentCollection = collection;
+                            for (const [childFilterKey, childFilterValue] of Object.entries(filterValue)) {
+                                if (childFilterKey.startsWith('_')) {
+                                    if (childFilterKey === '_and' || childFilterKey === '_or') {
+                                        if ((0, lodash_1.isArray)(childFilterValue)) {
+                                            for (const filter of childFilterValue) {
+                                                const requiredPermissions = extractRequiredFieldPermissions('', filter, parentCollection, filterKey);
+                                                result = mergeRequiredFieldPermissions(result, requiredPermissions);
+                                            }
+                                        }
+                                    }
+                                }
+                                else {
+                                    const requiredPermissions = extractRequiredFieldPermissions('', filterValue, parentCollection, filterKey);
+                                    result = mergeRequiredFieldPermissions(result, requiredPermissions);
+                                }
                             }
                         }
                     }
+                    return result;
+                }, {});
+            }
+            function mergeRequiredFieldPermissions(current, child) {
+                for (const collection of Object.keys(child)) {
+                    if (!current[collection]) {
+                        current[collection] = child[collection];
+                    }
+                    else {
+                        current[collection] = new Set([...current[collection], ...child[collection]]);
+                    }
+                }
+                return current;
+            }
+            function checkFieldPermissions(requiredPermissions) {
+                var _a;
+                if ((accountability === null || accountability === void 0 ? void 0 : accountability.admin) === true)
+                    return;
+                for (const collection of Object.keys(requiredPermissions)) {
+                    const permission = (_a = accountability === null || accountability === void 0 ? void 0 : accountability.permissions) === null || _a === void 0 ? void 0 : _a.find((permission) => permission.collection === collection && permission.action === 'read');
+                    if (!permission || !permission.fields)
+                        throw new exceptions_2.ForbiddenException();
+                    const allowedFields = permission.fields;
+                    if (allowedFields.includes('*'))
+                        continue;
+                    // Allow legacy permissions with an empty fields array, where id can be accessed
+                    if (allowedFields.length === 0)
+                        allowedFields.push('id');
+                    for (const field of requiredPermissions[collection]) {
+                        if (!allowedFields.includes(field))
+                            throw new exceptions_2.ForbiddenException();
+                    }
                 }
             }
         }
@@ -222,20 +294,24 @@ class AuthorizationService {
                 return permission.collection === collection && permission.action === action;
             });
             if (!permission)
-                throw new exceptions_1.ForbiddenException();
+                throw new exceptions_2.ForbiddenException();
             // Check if you have permission to access the fields you're trying to access
             const allowedFields = permission.fields || [];
             if (allowedFields.includes('*') === false) {
                 const keysInData = Object.keys(payload);
                 const invalidKeys = keysInData.filter((fieldKey) => allowedFields.includes(fieldKey) === false);
                 if (invalidKeys.length > 0) {
-                    throw new exceptions_1.ForbiddenException();
+                    throw new exceptions_2.ForbiddenException();
                 }
             }
         }
         const preset = (_e = permission.presets) !== null && _e !== void 0 ? _e : {};
         const payloadWithPresets = (0, lodash_1.merge)({}, preset, payload);
+        const fieldValidationRules = Object.values(this.schema.collections[collection].fields)
+            .map((field) => field.validation)
+            .filter((v) => v);
         const hasValidationRules = (0, lodash_1.isNil)(permission.validation) === false && Object.keys((_f = permission.validation) !== null && _f !== void 0 ? _f : {}).length > 0;
+        const hasFieldValidationRules = fieldValidationRules && fieldValidationRules.length > 0;
         const requiredColumns = [];
         for (const field of Object.values(this.schema.collections[collection].fields)) {
             const specials = (_g = field === null || field === void 0 ? void 0 : field.special) !== null && _g !== void 0 ? _g : [];
@@ -245,7 +321,7 @@ class AuthorizationService {
                 requiredColumns.push(field);
             }
         }
-        if (hasValidationRules === false && requiredColumns.length === 0) {
+        if (hasValidationRules === false && hasFieldValidationRules === false && requiredColumns.length === 0) {
             return payloadWithPresets;
         }
         if (requiredColumns.length > 0) {
@@ -265,8 +341,16 @@ class AuthorizationService {
                 });
             }
         }
+        if (hasFieldValidationRules) {
+            if (permission.validation) {
+                permission.validation = { _and: [permission.validation, ...fieldValidationRules] };
+            }
+            else {
+                permission.validation = { _and: fieldValidationRules };
+            }
+        }
         const validationErrors = [];
-        validationErrors.push(...(0, lodash_1.flatten)((0, utils_1.validatePayload)(permission.validation, payloadWithPresets).map((error) => error.details.map((details) => new exceptions_2.FailedValidationException(details)))));
+        validationErrors.push(...(0, lodash_1.flatten)((0, utils_1.validatePayload)(permission.validation, payloadWithPresets).map((error) => error.details.map((details) => new exceptions_1.FailedValidationException(details)))));
         if (validationErrors.length > 0)
             throw validationErrors;
         return payloadWithPresets;
@@ -286,14 +370,14 @@ class AuthorizationService {
         if (Array.isArray(pk)) {
             const result = await itemsService.readMany(pk, { ...query, limit: pk.length }, { permissionsAction: action });
             if (!result)
-                throw new exceptions_1.ForbiddenException();
+                throw new exceptions_2.ForbiddenException();
             if (result.length !== pk.length)
-                throw new exceptions_1.ForbiddenException();
+                throw new exceptions_2.ForbiddenException();
         }
         else {
             const result = await itemsService.readOne(pk, query, { permissionsAction: action });
             if (!result)
-                throw new exceptions_1.ForbiddenException();
+                throw new exceptions_2.ForbiddenException();
         }
     }
 }