Merge branch 'main' of https://github.com/directus/next into main

api/src/middleware/sanitize-query.ts

@@ -56,13 +56,6 @@ const sanitizeQuery: RequestHandler = (req, res, next) => {
 		query.search = req.query.search;
 	}
 
-	if (req.permissions) {
-		query.filter = {
-			...(query.filter || {}),
-			...(req.permissions.permissions || {}),
-		};
-	}
-
 	req.sanitizedQuery = query;
 	return next();
 };

api/src/services/authorization.ts

@@ -16,6 +16,7 @@ import { ForbiddenException, InvalidPayloadException } from '../exceptions';
 import { uniq, merge } from 'lodash';
 import generateJoi from '../utils/generate-joi';
 import ItemsService from './items';
+import { deepMap } from '../utils/deep-map';
 
 export default class AuthorizationService {
 	knex: Knex;
@@ -64,8 +65,7 @@ export default class AuthorizationService {
 		}
 
 		validateFields(ast);
-
-		applyFilters(ast);
+		applyFilters(ast, this.accountability);
 
 		return ast;
 
@@ -126,7 +126,8 @@ export default class AuthorizationService {
 		}
 
 		function applyFilters(
-			ast: AST | NestedCollectionAST | FieldAST
+			ast: AST | NestedCollectionAST | FieldAST,
+			accountability: Accountability | null,
 		): AST | NestedCollectionAST | FieldAST {
 			if (ast.type === 'collection') {
 				const collection = ast.name;
@@ -136,11 +137,19 @@ export default class AuthorizationService {
 					(permission) => permission.collection === collection
 				)!;
 
+				const parsedPermissions = deepMap(permissions.permissions, (val: any) => {
+					if (val === '$NOW') return new Date();
+					if (val === '$CURRENT_USER') return accountability?.user || null;
+					if (val === '$CURRENT_ROLE') return accountability?.role || null;
+
+					return val;
+				});
+
 				ast.query = {
 					...ast.query,
 					filter: {
 						...(ast.query.filter || {}),
-						...permissions.permissions,
+						...parsedPermissions,
 					},
 				};
 
@@ -155,7 +164,7 @@ export default class AuthorizationService {
 					ast.query.limit = permissions.limit;
 				}
 
-				ast.children = ast.children.map(applyFilters) as (NestedCollectionAST | FieldAST)[];
+				ast.children = ast.children.map(child => applyFilters(child, accountability)) as (NestedCollectionAST | FieldAST)[];
 			}
 
 			return ast;

api/src/services/payload.ts

@@ -305,4 +305,3 @@ export default class PayloadService {
 		}
 	}
 }
-0

api/src/utils/deep-map.ts

@@ -0,0 +1,7 @@
+import { transform, isPlainObject } from 'lodash';
+
+export function deepMap(obj: Record<string, any>, iterator: Function, context?: Function) {
+	return transform(obj, function(result: any, val, key) {
+		result[key] = isPlainObject(val) ? deepMap(val, iterator, context) : iterator.call(context, val, key, obj)
+	});
+}

app/src/modules/settings/routes/data-model/new-collection.vue

@@ -343,6 +343,7 @@ export default defineComponent({
 						hidden: true,
 						width: 'full',
 					},
+					schema: {},
 				});
 			}
 
@@ -361,6 +362,7 @@ export default defineComponent({
 						hidden: true,
 						width: 'full',
 					},
+					schema: {},
 				});
 			}
 
@@ -375,6 +377,7 @@ export default defineComponent({
 						hidden: true,
 						width: 'full',
 					},
+					schema: {},
 				});
 			}