mirror of
https://github.com/directus/directus.git
synced 2026-02-02 16:14:56 -05:00
b7d87e581a
* Pass relations through schema, instead of individual reads * Fetch field transforms upfront * Fix length check * List if user has app access or not in accountability * Load permissions up front, merge app access minimal permissions * Show app access required permissions in permissions overview * Show system minimal permissions in permissions detail * Fix app access check in authenticate for jwt use * Fix minimal permissions for presets * Remove /permissions/me in favor of root use w/ permissions * Fix logical nested OR in an AND * Use root permissions endpoint with filter instead of /me * Allow filter query on /permissions * Add system minimal app access permissions into result of /permissions * Remove stray console log * Remove stray console.dir * Set current role as role for minimal permissions * Fix no-permissions state for user detail * Add filter items function that allows altering existing result set
79 lines
2.3 KiB
TypeScript
79 lines
2.3 KiB
TypeScript
import { AbstractServiceOptions, PermissionsAction, Query, Item, PrimaryKey } from '../types';
|
|
import { ItemsService } from '../services/items';
|
|
import { filterItems } from '../utils/filter-items';
|
|
|
|
import { appAccessMinimalPermissions } from '../database/system-data/app-access-permissions';
|
|
|
|
export class PermissionsService extends ItemsService {
|
|
constructor(options: AbstractServiceOptions) {
|
|
super('directus_permissions', options);
|
|
}
|
|
|
|
getAllowedFields(action: PermissionsAction, collection?: string) {
|
|
const results = this.schema.permissions.filter((permission) => {
|
|
let matchesCollection = true;
|
|
|
|
if (collection) {
|
|
matchesCollection = permission.collection === collection;
|
|
}
|
|
|
|
return permission.action === action;
|
|
});
|
|
|
|
const fieldsPerCollection: Record<string, string[]> = {};
|
|
|
|
for (const result of results) {
|
|
const { collection, fields } = result;
|
|
if (!fieldsPerCollection[collection]) fieldsPerCollection[collection] = [];
|
|
fieldsPerCollection[collection].push(...(fields ?? []));
|
|
}
|
|
|
|
return fieldsPerCollection;
|
|
}
|
|
|
|
async readByQuery(
|
|
query: Query,
|
|
opts?: { stripNonRequested?: boolean }
|
|
): Promise<null | Partial<Item> | Partial<Item>[]> {
|
|
const result = await super.readByQuery(query, opts);
|
|
|
|
if (Array.isArray(result) && this.accountability && this.accountability.app === true) {
|
|
result.push(
|
|
...filterItems(
|
|
appAccessMinimalPermissions.map((permission) => ({
|
|
...permission,
|
|
role: this.accountability!.role,
|
|
})),
|
|
query.filter
|
|
)
|
|
);
|
|
}
|
|
|
|
return result;
|
|
}
|
|
|
|
readByKey(keys: PrimaryKey[], query?: Query, action?: PermissionsAction): Promise<null | Partial<Item>[]>;
|
|
readByKey(key: PrimaryKey, query?: Query, action?: PermissionsAction): Promise<null | Partial<Item>>;
|
|
async readByKey(
|
|
key: PrimaryKey | PrimaryKey[],
|
|
query: Query = {},
|
|
action: PermissionsAction = 'read'
|
|
): Promise<null | Partial<Item> | Partial<Item>[]> {
|
|
const result = await super.readByKey(key as any, query, action);
|
|
|
|
if (Array.isArray(result) && this.accountability && this.accountability.app === true) {
|
|
result.push(
|
|
...filterItems(
|
|
appAccessMinimalPermissions.map((permission) => ({
|
|
...permission,
|
|
role: this.accountability!.role,
|
|
})),
|
|
query.filter
|
|
)
|
|
);
|
|
}
|
|
|
|
return result;
|
|
}
|
|
}
|