mirror of
https://github.com/directus/directus.git
synced 2026-04-03 03:00:39 -04:00
65291b95c4
* Move permissions extraction to accountability
* Fix permissions retrieval for public user
* Fetch user / role context in permissions middleware
* Remove unnecessary parseFilter
* Rename schemaCache to systemCache
* Add permissions caching
* Add system cache invalidation on permission changes
* Improve caching perf by reducing scope
* Add note to docs
* Clarify compatibility with conditional fields/filters
* Fix lint warning
* Allow nested vars in system-filter-input
* Add custom getter function that resolves arrays
* Add is-dynamic-variable util
* Export new util
* Cleanup parse filter
* Fix build
* Move debounce up to use-items
* Remove unused prop
* 🧹
* Fix input pattern usage w/ vars
* Remove debounce from search-input, increase throttle
141 lines
4.0 KiB
TypeScript
141 lines
4.0 KiB
TypeScript
import { appAccessMinimalPermissions } from '../database/system-data/app-access-permissions';
|
|
import { ItemsService, QueryOptions, MutationOptions } from '../services/items';
|
|
import { AbstractServiceOptions, Item, PrimaryKey } from '../types';
|
|
import { Query, PermissionsAction } from '@directus/shared/types';
|
|
import { filterItems } from '../utils/filter-items';
|
|
import Keyv from 'keyv';
|
|
import { getCache } from '../cache';
|
|
|
|
export class PermissionsService extends ItemsService {
|
|
systemCache: Keyv<any>;
|
|
|
|
constructor(options: AbstractServiceOptions) {
|
|
super('directus_permissions', options);
|
|
|
|
const { systemCache } = getCache();
|
|
|
|
this.systemCache = systemCache;
|
|
}
|
|
|
|
getAllowedFields(action: PermissionsAction, collection?: string): Record<string, string[]> {
|
|
const results =
|
|
this.accountability?.permissions?.filter((permission) => {
|
|
let matchesCollection = true;
|
|
|
|
if (collection) {
|
|
matchesCollection = permission.collection === collection;
|
|
}
|
|
|
|
const matchesAction = permission.action === action;
|
|
|
|
return collection ? matchesCollection && matchesAction : matchesAction;
|
|
}) ?? [];
|
|
|
|
const fieldsPerCollection: Record<string, string[]> = {};
|
|
|
|
for (const result of results) {
|
|
const { collection, fields } = result;
|
|
if (!fieldsPerCollection[collection]) fieldsPerCollection[collection] = [];
|
|
fieldsPerCollection[collection].push(...(fields ?? []));
|
|
}
|
|
|
|
return fieldsPerCollection;
|
|
}
|
|
|
|
async readByQuery(query: Query, opts?: QueryOptions): Promise<Partial<Item>[]> {
|
|
const result = await super.readByQuery(query, opts);
|
|
|
|
if (Array.isArray(result) && this.accountability && this.accountability.app === true) {
|
|
result.push(
|
|
...filterItems(
|
|
appAccessMinimalPermissions.map((permission) => ({
|
|
...permission,
|
|
role: this.accountability!.role,
|
|
})),
|
|
query.filter
|
|
)
|
|
);
|
|
}
|
|
|
|
return result;
|
|
}
|
|
|
|
async readMany(keys: PrimaryKey[], query: Query = {}, opts?: QueryOptions): Promise<Partial<Item>[]> {
|
|
const result = await super.readMany(keys, query, opts);
|
|
|
|
if (this.accountability && this.accountability.app === true) {
|
|
result.push(
|
|
...filterItems(
|
|
appAccessMinimalPermissions.map((permission) => ({
|
|
...permission,
|
|
role: this.accountability!.role,
|
|
})),
|
|
query.filter
|
|
)
|
|
);
|
|
}
|
|
|
|
return result;
|
|
}
|
|
|
|
async createOne(data: Partial<Item>, opts?: MutationOptions) {
|
|
const res = await super.createOne(data, opts);
|
|
await this.systemCache.clear();
|
|
return res;
|
|
}
|
|
|
|
async createMany(data: Partial<Item>[], opts?: MutationOptions) {
|
|
const res = await super.createMany(data, opts);
|
|
await this.systemCache.clear();
|
|
return res;
|
|
}
|
|
|
|
async updateByQuery(query: Query, data: Partial<Item>, opts?: MutationOptions) {
|
|
const res = await super.updateByQuery(query, data, opts);
|
|
await this.systemCache.clear();
|
|
return res;
|
|
}
|
|
|
|
async updateOne(key: PrimaryKey, data: Partial<Item>, opts?: MutationOptions) {
|
|
const res = await super.updateOne(key, data, opts);
|
|
await this.systemCache.clear();
|
|
return res;
|
|
}
|
|
|
|
async updateMany(keys: PrimaryKey[], data: Partial<Item>, opts?: MutationOptions) {
|
|
const res = await super.updateMany(keys, data, opts);
|
|
await this.systemCache.clear();
|
|
return res;
|
|
}
|
|
|
|
async upsertOne(payload: Partial<Item>, opts?: MutationOptions) {
|
|
const res = await super.upsertOne(payload, opts);
|
|
await this.systemCache.clear();
|
|
return res;
|
|
}
|
|
|
|
async upsertMany(payloads: Partial<Item>[], opts?: MutationOptions) {
|
|
const res = await super.upsertMany(payloads, opts);
|
|
await this.systemCache.clear();
|
|
return res;
|
|
}
|
|
|
|
async deleteByQuery(query: Query, opts?: MutationOptions) {
|
|
const res = await super.deleteByQuery(query, opts);
|
|
await this.systemCache.clear();
|
|
return res;
|
|
}
|
|
|
|
async deleteOne(key: PrimaryKey, opts?: MutationOptions) {
|
|
const res = await super.deleteOne(key, opts);
|
|
await this.systemCache.clear();
|
|
return res;
|
|
}
|
|
|
|
async deleteMany(keys: PrimaryKey[], opts?: MutationOptions) {
|
|
const res = await super.deleteMany(keys, opts);
|
|
await this.systemCache.clear();
|
|
return res;
|
|
}
|
|
}
|