directus 9.7.1 → 9.9.1

package/dist/database/system-data/fields/fields.yaml

@@ -84,3 +84,12 @@ fields:
     field: conditions
     hidden: true
     special: cast-json
+
+  - collection: directus_fields
+    field: validation
+    hidden: true
+    special: cast-json
+
+  - collection: directus_fields
+    field: validation_message
+    hidden: true

package/dist/database/system-data/fields/presets.yaml

@@ -15,9 +15,17 @@ fields:
 
   - field: role
     width: half
+    special: m2o
+    display: related-values
+    display_options:
+      template: '{{ name }}'
 
   - field: user
     width: half
+    special: m2o
+    display: related-values
+    display_options:
+      template: '{{ email }}'
 
   - field: id
     width: half
@@ -25,6 +33,12 @@ fields:
   - field: bookmark
     width: half
 
+  - field: icon
+    width: half
+
+  - field: color
+    width: half
+
   - field: search
     width: half
 

package/dist/database/system-data/fields/settings.yaml

@@ -32,7 +32,17 @@ fields:
     translations:
       language: en-US
       translations: Website
-    width: full
+    width: half
+
+  - field: default_language
+    interface: system-language
+    options:
+      iconRight: language
+      placeholder: en-US
+    translations:
+      language: en-US
+      translations: Default Language
+    width: half
 
   - field: branding_divider
     interface: presentation-divider
@@ -380,4 +390,5 @@ fields:
               placeholder: $t:fields.directus_settings.attribution_placeholder
 
   - field: translation_strings
+    special: cast-json
     hidden: true

package/dist/database/system-data/fields/users.yaml

@@ -72,6 +72,8 @@ fields:
   - field: language
     interface: system-language
     width: half
+    options:
+      includeProjectDefault: true
 
   - field: theme
     interface: select-dropdown
@@ -152,6 +154,7 @@ fields:
   - field: last_access
     width: half
     display: datetime
+    readonly: true
     display_options:
       relative: true
 

package/dist/env.js

@@ -14,7 +14,7 @@ const lodash_1 = require("lodash");
 const path_1 = __importDefault(require("path"));
 const require_yaml_1 = require("./utils/require-yaml");
 const utils_1 = require("@directus/shared/utils");
-const acceptedEnvTypes = ['string', 'number', 'regex', 'array'];
+const acceptedEnvTypes = ['string', 'number', 'regex', 'array', 'json'];
 const defaults = {
     CONFIG_PATH: path_1.default.resolve(process.cwd(), '.env'),
     HOST: '0.0.0.0',
@@ -69,6 +69,7 @@ const defaults = {
     SERVE_APP: true,
     RELATIONAL_BATCH_SIZE: 25000,
     EXPORT_BATCH_SIZE: 5000,
+    FILE_METADATA_ALLOW_LIST: 'ifd0.Make,ifd0.Model,exif.FNumber,exif.ExposureTime,exif.FocalLength,exif.ISO',
 };
 // Allows us to force certain environment variable into a type, instead of relying
 // on the auto-parsed type in processValues. ref #3705
@@ -82,11 +83,12 @@ const typeMap = {
     DB_PORT: 'number',
     DB_EXCLUDE_TABLES: 'array',
     IMPORT_IP_DENY_LIST: 'array',
+    FILE_METADATA_ALLOW_LIST: 'array',
 };
 let env = {
     ...defaults,
-    ...getEnv(),
     ...process.env,
+    ...getEnv(),
 };
 process.env = env;
 env = processValues(env);
@@ -98,8 +100,8 @@ exports.default = env;
 function refreshEnv() {
     env = {
         ...defaults,
-        ...getEnv(),
         ...process.env,
+        ...getEnv(),
     };
     process.env = env;
     env = processValues(env);

package/dist/exceptions/index.d.ts

@@ -13,6 +13,7 @@ export * from './method-not-allowed';
 export * from './range-not-satisfiable';
 export * from './route-not-found';
 export * from './service-unavailable';
+export * from './token-expired';
 export * from './unprocessable-entity';
 export * from './unsupported-media-type';
 export * from './user-suspended';

package/dist/exceptions/index.js

@@ -25,6 +25,7 @@ __exportStar(require("./method-not-allowed"), exports);
 __exportStar(require("./range-not-satisfiable"), exports);
 __exportStar(require("./route-not-found"), exports);
 __exportStar(require("./service-unavailable"), exports);
+__exportStar(require("./token-expired"), exports);
 __exportStar(require("./unprocessable-entity"), exports);
 __exportStar(require("./unsupported-media-type"), exports);
 __exportStar(require("./user-suspended"), exports);

package/dist/exceptions/token-expired.d.ts

@@ -0,0 +1,4 @@
+import { BaseException } from '@directus/shared/exceptions';
+export declare class TokenExpiredException extends BaseException {
+    constructor(message?: string);
+}

package/dist/exceptions/token-expired.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenExpiredException = void 0;
+const exceptions_1 = require("@directus/shared/exceptions");
+class TokenExpiredException extends exceptions_1.BaseException {
+    constructor(message = 'Token expired.') {
+        super(message, 401, 'TOKEN_EXPIRED');
+    }
+}
+exports.TokenExpiredException = TokenExpiredException;

package/dist/logger.js

@@ -28,6 +28,7 @@ const pino_http_1 = __importStar(require("pino-http"));
 const get_config_from_env_1 = require("./utils/get-config-from-env");
 const url_1 = require("url");
 const env_1 = __importDefault(require("./env"));
+const utils_1 = require("@directus/shared/utils");
 const pinoOptions = {
     level: env_1.default.LOG_LEVEL || 'info',
     redact: {
@@ -43,7 +44,7 @@ const loggerEnvConfig = (0, get_config_from_env_1.getConfigFromEnv)('LOGGER_', '
 // Expose custom log levels into formatter function
 if (loggerEnvConfig.levels) {
     const customLogLevels = {};
-    for (const el of loggerEnvConfig.levels.split(',')) {
+    for (const el of (0, utils_1.toArray)(loggerEnvConfig.levels)) {
         const key_val = el.split(':');
         customLogLevels[key_val[0].trim()] = key_val[1].trim();
     }

package/dist/middleware/cache.js

@@ -19,6 +19,8 @@ const checkCacheMiddleware = (0, async_handler_1.default)(async (req, res, next)
     if (!cache)
         return next();
     if (((_a = req.headers['cache-control']) === null || _a === void 0 ? void 0 : _a.includes('no-store')) || ((_b = req.headers['Cache-Control']) === null || _b === void 0 ? void 0 : _b.includes('no-store'))) {
+        if (env_1.default.CACHE_STATUS_HEADER)
+            res.setHeader(`${env_1.default.CACHE_STATUS_HEADER}`, 'MISS');
         return next();
     }
     const key = (0, get_cache_key_1.getCacheKey)(req);
@@ -28,6 +30,8 @@ const checkCacheMiddleware = (0, async_handler_1.default)(async (req, res, next)
     }
     catch (err) {
         logger_1.default.warn(err, `[cache] Couldn't read key ${key}. ${err.message}`);
+        if (env_1.default.CACHE_STATUS_HEADER)
+            res.setHeader(`${env_1.default.CACHE_STATUS_HEADER}`, 'MISS');
         return next();
     }
     if (cachedData) {
@@ -37,14 +41,20 @@ const checkCacheMiddleware = (0, async_handler_1.default)(async (req, res, next)
         }
         catch (err) {
             logger_1.default.warn(err, `[cache] Couldn't read key ${`${key}__expires_at`}. ${err.message}`);
+            if (env_1.default.CACHE_STATUS_HEADER)
+                res.setHeader(`${env_1.default.CACHE_STATUS_HEADER}`, 'MISS');
             return next();
         }
         const cacheTTL = cacheExpiryDate ? cacheExpiryDate - Date.now() : null;
         res.setHeader('Cache-Control', (0, get_cache_headers_1.getCacheControlHeader)(req, cacheTTL));
         res.setHeader('Vary', 'Origin, Cache-Control');
+        if (env_1.default.CACHE_STATUS_HEADER)
+            res.setHeader(`${env_1.default.CACHE_STATUS_HEADER}`, 'HIT');
         return res.json(cachedData);
     }
     else {
+        if (env_1.default.CACHE_STATUS_HEADER)
+            res.setHeader(`${env_1.default.CACHE_STATUS_HEADER}`, 'MISS');
         return next();
     }
 });

package/dist/services/activity.js

@@ -16,6 +16,7 @@ const user_name_1 = require("../utils/user-name");
 const lodash_1 = require("lodash");
 const env_1 = __importDefault(require("../env"));
 const uuid_validate_1 = __importDefault(require("uuid-validate"));
+const url_1 = require("../utils/url");
 class ActivityService extends items_1.ItemsService {
     constructor(options) {
         super('directus_activity', options);
@@ -70,7 +71,9 @@ ${(0, user_name_1.userName)(sender)} has mentioned you in a comment:
 
 ${comment}
 
-<a href="${env_1.default.PUBLIC_URL}/admin/content/${data.collection}/${data.item}">Click here to view.</a>
+<a href="${new url_1.Url(env_1.default.PUBLIC_URL)
+                        .addPath('admin', 'content', data.collection, data.item)
+                        .toString()}">Click here to view.</a>
 `;
                     await this.notificationsService.createOne({
                         recipient: userID,

package/dist/services/authorization.d.ts

@@ -1,6 +1,6 @@
+import { Accountability, PermissionsAction, SchemaOverview } from '@directus/shared/types';
 import { Knex } from 'knex';
 import { AbstractServiceOptions, AST, Item, PrimaryKey } from '../types';
-import { PermissionsAction, Accountability, SchemaOverview } from '@directus/shared/types';
 import { PayloadService } from './payload';
 export declare class AuthorizationService {
     knex: Knex;

package/dist/services/authorization.js

@@ -4,14 +4,14 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthorizationService = void 0;
+const exceptions_1 = require("@directus/shared/exceptions");
+const utils_1 = require("@directus/shared/utils");
 const lodash_1 = require("lodash");
 const database_1 = __importDefault(require("../database"));
-const exceptions_1 = require("../exceptions");
-const exceptions_2 = require("@directus/shared/exceptions");
-const utils_1 = require("@directus/shared/utils");
+const exceptions_2 = require("../exceptions");
+const strip_function_1 = require("../utils/strip-function");
 const items_1 = require("./items");
 const payload_1 = require("./payload");
-const strip_function_1 = require("../utils/strip-function");
 class AuthorizationService {
     constructor(options) {
         this.knex = options.knex || (0, database_1.default)();
@@ -32,10 +32,10 @@ class AuthorizationService {
         // If the permissions don't match the collections, you don't have permission to read all of them
         const uniqueCollectionsRequestedCount = (0, lodash_1.uniq)(collectionsRequested.map(({ collection }) => collection)).length;
         if (uniqueCollectionsRequestedCount !== permissionsForCollections.length) {
-            throw new exceptions_1.ForbiddenException();
+            throw new exceptions_2.ForbiddenException();
         }
         validateFields(ast);
-        validateFilterPermissions(ast, this.schema, this.accountability);
+        validateFilterPermissions(ast, this.schema, action, this.accountability);
         applyFilters(ast, this.accountability);
         return ast;
         /**
@@ -87,8 +87,10 @@ class AuthorizationService {
                         if (!aliasMap)
                             continue;
                         for (const column of Object.values(aliasMap)) {
+                            if (column === '*')
+                                continue;
                             if (allowedFields.includes(column) === false)
-                                throw new exceptions_1.ForbiddenException();
+                                throw new exceptions_2.ForbiddenException();
                         }
                     }
                 }
@@ -101,65 +103,177 @@ class AuthorizationService {
                         continue;
                     const fieldKey = (0, strip_function_1.stripFunction)(childNode.name);
                     if (allowedFields.includes(fieldKey) === false) {
-                        throw new exceptions_1.ForbiddenException();
+                        throw new exceptions_2.ForbiddenException();
                     }
                 }
             }
         }
-        function validateFilterPermissions(ast, schema, accountability) {
+        function validateFilterPermissions(ast, schema, action, accountability) {
             var _a, _b, _c, _d, _e;
+            let requiredFieldPermissions = {};
             if (ast.type !== 'field') {
                 if (ast.type === 'a2o') {
                     for (const collection of Object.keys(ast.children)) {
-                        checkFilter(collection, (_c = (_b = (_a = ast.query) === null || _a === void 0 ? void 0 : _a[collection]) === null || _b === void 0 ? void 0 : _b.filter) !== null && _c !== void 0 ? _c : {});
+                        requiredFieldPermissions = mergeRequiredFieldPermissions(requiredFieldPermissions, extractRequiredFieldPermissions(collection, (_c = (_b = (_a = ast.query) === null || _a === void 0 ? void 0 : _a[collection]) === null || _b === void 0 ? void 0 : _b.filter) !== null && _c !== void 0 ? _c : {}));
                         for (const child of ast.children[collection]) {
-                            validateFilterPermissions(child, schema, accountability);
+                            const childPermissions = validateFilterPermissions(child, schema, action, accountability);
+                            if (Object.keys(childPermissions).length > 0) {
+                                //Only add relational field if deep child has a filter
+                                if (child.type !== 'field') {
+                                    (requiredFieldPermissions[collection] || (requiredFieldPermissions[collection] = new Set())).add(child.fieldKey);
+                                }
+                                requiredFieldPermissions = mergeRequiredFieldPermissions(requiredFieldPermissions, childPermissions);
+                            }
                         }
                     }
                 }
                 else {
-                    checkFilter(ast.name, (_e = (_d = ast.query) === null || _d === void 0 ? void 0 : _d.filter) !== null && _e !== void 0 ? _e : {});
+                    requiredFieldPermissions = mergeRequiredFieldPermissions(requiredFieldPermissions, extractRequiredFieldPermissions(ast.name, (_e = (_d = ast.query) === null || _d === void 0 ? void 0 : _d.filter) !== null && _e !== void 0 ? _e : {}));
                     for (const child of ast.children) {
-                        validateFilterPermissions(child, schema, accountability);
+                        const childPermissions = validateFilterPermissions(child, schema, action, accountability);
+                        if (Object.keys(childPermissions).length > 0) {
+                            // Only add relational field if deep child has a filter
+                            if (child.type !== 'field') {
+                                (requiredFieldPermissions[ast.name] || (requiredFieldPermissions[ast.name] = new Set())).add(child.fieldKey);
+                            }
+                            requiredFieldPermissions = mergeRequiredFieldPermissions(requiredFieldPermissions, childPermissions);
+                        }
                     }
                 }
             }
-            function checkFilter(collection, filter) {
-                var _a;
-                const permissions = (_a = accountability === null || accountability === void 0 ? void 0 : accountability.permissions) === null || _a === void 0 ? void 0 : _a.find((permission) => permission.collection === collection);
-                if (!permissions)
-                    throw new exceptions_1.ForbiddenException();
-                const allowedFields = permissions.fields || [];
-                for (const [key, value] of Object.entries(filter)) {
-                    if (key.startsWith('_')) {
-                        // Continue checking for _and and _or
-                        if ((0, lodash_1.isArray)(value)) {
-                            for (const val of value) {
-                                checkFilter(collection, val);
+            if (ast.type === 'root') {
+                // Validate all required permissions once at the root level
+                checkFieldPermissions(ast.name, schema, action, requiredFieldPermissions);
+            }
+            return requiredFieldPermissions;
+            function extractRequiredFieldPermissions(collection, filter, parentCollection, parentField) {
+                return (0, lodash_1.reduce)(filter, function (result, filterValue, filterKey) {
+                    if (filterKey.startsWith('_')) {
+                        if (filterKey === '_and' || filterKey === '_or') {
+                            if ((0, lodash_1.isArray)(filterValue)) {
+                                for (const filter of filterValue) {
+                                    const requiredPermissions = extractRequiredFieldPermissions(collection, filter, parentCollection, parentField);
+                                    result = mergeRequiredFieldPermissions(result, requiredPermissions);
+                                }
                             }
+                            return result;
+                        }
+                        // Filter value is not a filter, so we should skip it
+                        return result;
+                    }
+                    // m2a filter in the form of `item:collection`
+                    else if (filterKey.includes(':')) {
+                        const [field, collectionScope] = filterKey.split(':');
+                        if (collection) {
+                            // Add the `item` field to the required permissions
+                            (result[collection] || (result[collection] = new Set())).add(field);
+                            // Add the `collection` field to the required permissions
+                            result[collection].add('collection');
+                        }
+                        else {
+                            const relation = schema.relations.find((relation) => {
+                                var _a;
+                                return ((relation.collection === parentCollection && relation.field === parentField) ||
+                                    (relation.related_collection === parentCollection && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field) === parentField));
+                            });
+                            // Filter key not found in parent collection
+                            if (!relation)
+                                throw new exceptions_2.ForbiddenException();
+                            const relatedCollectionName = relation.related_collection === parentCollection ? relation.collection : relation.related_collection;
+                            // Add the `item` field to the required permissions
+                            (result[relatedCollectionName] || (result[relatedCollectionName] = new Set())).add(field);
+                            // Add the `collection` field to the required permissions
+                            result[relatedCollectionName].add('collection');
                         }
+                        // Continue to parse the filter for nested `collection` afresh
+                        const requiredPermissions = extractRequiredFieldPermissions(collectionScope, filterValue);
+                        result = mergeRequiredFieldPermissions(result, requiredPermissions);
                     }
                     else {
-                        if (allowedFields.length !== 0 &&
-                            allowedFields.includes('*') === false &&
-                            allowedFields.includes(key) === false) {
-                            throw new exceptions_1.ForbiddenException();
+                        if (collection) {
+                            (result[collection] || (result[collection] = new Set())).add(filterKey);
                         }
-                        const relation = schema.relations.find((relation) => {
-                            var _a;
-                            return ((relation.collection === collection && relation.field === key) ||
-                                (relation.related_collection === collection && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field) === key));
-                        });
-                        // Field is a relation
-                        if (relation) {
-                            if (relation.related_collection === collection) {
-                                checkFilter(relation.collection, value);
-                            }
-                            else {
-                                checkFilter(relation.related_collection, value);
+                        else {
+                            const relation = schema.relations.find((relation) => {
+                                var _a;
+                                return ((relation.collection === parentCollection && relation.field === parentField) ||
+                                    (relation.related_collection === parentCollection && ((_a = relation.meta) === null || _a === void 0 ? void 0 : _a.one_field) === parentField));
+                            });
+                            // Filter key not found in parent collection
+                            if (!relation)
+                                throw new exceptions_2.ForbiddenException();
+                            parentCollection =
+                                relation.related_collection === parentCollection ? relation.collection : relation.related_collection;
+                            (result[parentCollection] || (result[parentCollection] = new Set())).add(filterKey);
+                        }
+                        if (typeof filterValue === 'object') {
+                            // Parent collection is undefined when we process the top level filter
+                            if (!parentCollection)
+                                parentCollection = collection;
+                            for (const [childFilterKey, childFilterValue] of Object.entries(filterValue)) {
+                                if (childFilterKey.startsWith('_')) {
+                                    if (childFilterKey === '_and' || childFilterKey === '_or') {
+                                        if ((0, lodash_1.isArray)(childFilterValue)) {
+                                            for (const filter of childFilterValue) {
+                                                const requiredPermissions = extractRequiredFieldPermissions('', filter, parentCollection, filterKey);
+                                                result = mergeRequiredFieldPermissions(result, requiredPermissions);
+                                            }
+                                        }
+                                    }
+                                }
+                                else {
+                                    const requiredPermissions = extractRequiredFieldPermissions('', filterValue, parentCollection, filterKey);
+                                    result = mergeRequiredFieldPermissions(result, requiredPermissions);
+                                }
                             }
                         }
                     }
+                    return result;
+                }, {});
+            }
+            function mergeRequiredFieldPermissions(current, child) {
+                for (const collection of Object.keys(child)) {
+                    if (!current[collection]) {
+                        current[collection] = child[collection];
+                    }
+                    else {
+                        current[collection] = new Set([...current[collection], ...child[collection]]);
+                    }
+                }
+                return current;
+            }
+            function checkFieldPermissions(rootCollection, schema, action, requiredPermissions) {
+                var _a, _b;
+                if ((accountability === null || accountability === void 0 ? void 0 : accountability.admin) === true)
+                    return;
+                for (const collection of Object.keys(requiredPermissions)) {
+                    const permission = (_a = accountability === null || accountability === void 0 ? void 0 : accountability.permissions) === null || _a === void 0 ? void 0 : _a.find((permission) => permission.collection === collection && permission.action === 'read');
+                    let allowedFields;
+                    // Allow the filtering of top level ID for actions such as update and delete
+                    if (action !== 'read' && collection === rootCollection) {
+                        const actionPermission = (_b = accountability === null || accountability === void 0 ? void 0 : accountability.permissions) === null || _b === void 0 ? void 0 : _b.find((permission) => permission.collection === collection && permission.action === action);
+                        if (!actionPermission || !actionPermission.fields) {
+                            throw new exceptions_2.ForbiddenException();
+                        }
+                        allowedFields = (permission === null || permission === void 0 ? void 0 : permission.fields)
+                            ? [...permission.fields, schema.collections[collection].primary]
+                            : [schema.collections[collection].primary];
+                    }
+                    else if (!permission || !permission.fields) {
+                        throw new exceptions_2.ForbiddenException();
+                    }
+                    else {
+                        allowedFields = permission.fields;
+                    }
+                    if (allowedFields.includes('*'))
+                        continue;
+                    // Allow legacy permissions with an empty fields array, where id can be accessed
+                    if (allowedFields.length === 0)
+                        allowedFields.push(schema.collections[collection].primary);
+                    for (const field of requiredPermissions[collection]) {
+                        if (!allowedFields.includes(field))
+                            throw new exceptions_2.ForbiddenException();
+                    }
                 }
             }
         }
@@ -222,20 +336,24 @@ class AuthorizationService {
                 return permission.collection === collection && permission.action === action;
             });
             if (!permission)
-                throw new exceptions_1.ForbiddenException();
+                throw new exceptions_2.ForbiddenException();
             // Check if you have permission to access the fields you're trying to access
             const allowedFields = permission.fields || [];
             if (allowedFields.includes('*') === false) {
                 const keysInData = Object.keys(payload);
                 const invalidKeys = keysInData.filter((fieldKey) => allowedFields.includes(fieldKey) === false);
                 if (invalidKeys.length > 0) {
-                    throw new exceptions_1.ForbiddenException();
+                    throw new exceptions_2.ForbiddenException();
                 }
             }
         }
         const preset = (_e = permission.presets) !== null && _e !== void 0 ? _e : {};
         const payloadWithPresets = (0, lodash_1.merge)({}, preset, payload);
+        const fieldValidationRules = Object.values(this.schema.collections[collection].fields)
+            .map((field) => field.validation)
+            .filter((v) => v);
         const hasValidationRules = (0, lodash_1.isNil)(permission.validation) === false && Object.keys((_f = permission.validation) !== null && _f !== void 0 ? _f : {}).length > 0;
+        const hasFieldValidationRules = fieldValidationRules && fieldValidationRules.length > 0;
         const requiredColumns = [];
         for (const field of Object.values(this.schema.collections[collection].fields)) {
             const specials = (_g = field === null || field === void 0 ? void 0 : field.special) !== null && _g !== void 0 ? _g : [];
@@ -245,7 +363,7 @@ class AuthorizationService {
                 requiredColumns.push(field);
             }
         }
-        if (hasValidationRules === false && requiredColumns.length === 0) {
+        if (hasValidationRules === false && hasFieldValidationRules === false && requiredColumns.length === 0) {
             return payloadWithPresets;
         }
         if (requiredColumns.length > 0) {
@@ -265,8 +383,16 @@ class AuthorizationService {
                 });
             }
         }
+        if (hasFieldValidationRules) {
+            if (permission.validation && Object.keys(permission.validation).length > 0) {
+                permission.validation = { _and: [permission.validation, ...fieldValidationRules] };
+            }
+            else {
+                permission.validation = { _and: fieldValidationRules };
+            }
+        }
         const validationErrors = [];
-        validationErrors.push(...(0, lodash_1.flatten)((0, utils_1.validatePayload)(permission.validation, payloadWithPresets).map((error) => error.details.map((details) => new exceptions_2.FailedValidationException(details)))));
+        validationErrors.push(...(0, lodash_1.flatten)((0, utils_1.validatePayload)(permission.validation, payloadWithPresets).map((error) => error.details.map((details) => new exceptions_1.FailedValidationException(details)))));
         if (validationErrors.length > 0)
             throw validationErrors;
         return payloadWithPresets;
@@ -286,14 +412,14 @@ class AuthorizationService {
         if (Array.isArray(pk)) {
             const result = await itemsService.readMany(pk, { ...query, limit: pk.length }, { permissionsAction: action });
             if (!result)
-                throw new exceptions_1.ForbiddenException();
+                throw new exceptions_2.ForbiddenException();
             if (result.length !== pk.length)
-                throw new exceptions_1.ForbiddenException();
+                throw new exceptions_2.ForbiddenException();
         }
         else {
             const result = await itemsService.readOne(pk, query, { permissionsAction: action });
             if (!result)
-                throw new exceptions_1.ForbiddenException();
+                throw new exceptions_2.ForbiddenException();
         }
     }
 }

package/dist/services/collections.d.ts

@@ -4,6 +4,7 @@ import Keyv from 'keyv';
 import { AbstractServiceOptions, Collection, CollectionMeta, MutationOptions } from '../types';
 import { Accountability, RawField, SchemaOverview } from '@directus/shared/types';
 import { Table } from 'knex-schema-inspector/dist/types/table';
+import { Helpers } from '../database/helpers';
 export declare type RawCollection = {
     collection: string;
     fields?: RawField[];
@@ -12,6 +13,7 @@ export declare type RawCollection = {
 };
 export declare class CollectionsService {
     knex: Knex;
+    helpers: Helpers;
     accountability: Accountability | null;
     schemaInspector: ReturnType<typeof SchemaInspector>;
     schema: SchemaOverview;