import { AbstractServiceOptions, PermissionsAction, Query, Item, PrimaryKey } from '../types'; import { ItemsService } from '../services/items'; import { filterItems } from '../utils/filter-items'; import { appAccessMinimalPermissions } from '../database/system-data/app-access-permissions'; export class PermissionsService extends ItemsService { constructor(options: AbstractServiceOptions) { super('directus_permissions', options); } getAllowedFields(action: PermissionsAction, collection?: string) { const results = this.schema.permissions.filter((permission) => { let matchesCollection = true; if (collection) { matchesCollection = permission.collection === collection; } return permission.action === action; }); const fieldsPerCollection: Record = {}; for (const result of results) { const { collection, fields } = result; if (!fieldsPerCollection[collection]) fieldsPerCollection[collection] = []; fieldsPerCollection[collection].push(...(fields ?? [])); } return fieldsPerCollection; } async readByQuery( query: Query, opts?: { stripNonRequested?: boolean } ): Promise | Partial[]> { const result = await super.readByQuery(query, opts); if (Array.isArray(result) && this.accountability && this.accountability.app === true) { result.push( ...filterItems( appAccessMinimalPermissions.map((permission) => ({ ...permission, role: this.accountability!.role, })), query.filter ) ); } return result; } readByKey(keys: PrimaryKey[], query?: Query, action?: PermissionsAction): Promise[]>; readByKey(key: PrimaryKey, query?: Query, action?: PermissionsAction): Promise>; async readByKey( key: PrimaryKey | PrimaryKey[], query: Query = {}, action: PermissionsAction = 'read' ): Promise | Partial[]> { const result = await super.readByKey(key as any, query, action); if (Array.isArray(result) && this.accountability && this.accountability.app === true) { result.push( ...filterItems( appAccessMinimalPermissions.map((permission) => ({ ...permission, role: this.accountability!.role, })), query.filter ) ); } return result; } }