UNPKG

@directus/api

Version:

Directus is a real-time API and App dashboard for managing SQL database content

directus.io

directus/directus

70 lines (69 loc) 3.42 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
import { getRelation } from '@directus/utils'; import { cloneDeep } from 'lodash-es'; import { fetchAllowedFields } from '../../../permissions/modules/fetch-allowed-fields/fetch-allowed-fields.js'; import { parseFilterKey } from '../../../utils/parse-filter-key.js'; export async function convertWildcards(options, context) { const fields = cloneDeep(options.fields); const fieldsInCollection = Object.entries(context.schema.collections[options.collection].fields).map(([name]) => name); let allowedFields = fieldsInCollection; if (options.accountability && options.accountability.admin === false) { allowedFields = await fetchAllowedFields({ collection: options.collection, action: 'read', accountability: options.accountability, }, context); } if (!allowedFields || allowedFields.length === 0) return []; // In case of full read permissions if (allowedFields[0] === '*') allowedFields = fieldsInCollection; for (let index = 0; index < fields.length; index++) { const fieldKey = fields[index]; if (fieldKey.includes('*') === false) continue; if (fieldKey === '*') { const aliases = Object.keys(options.alias ?? {}); // Set to all fields in collection if (allowedFields.includes('*')) { fields.splice(index, 1, ...fieldsInCollection, ...aliases); } else { // Set to all allowed fields const allowedAliases = aliases.filter((fieldKey) => { const { fieldName } = parseFilterKey(options.alias[fieldKey]); return allowedFields.includes(fieldName); }); fields.splice(index, 1, ...allowedFields, ...allowedAliases); } } // Swap *.* case for *,<relational-field>.*,<another-relational>.* if (fieldKey.includes('.') && fieldKey.split('.')[0] === '*') { const parts = fieldKey.split('.'); const relationalFields = allowedFields.includes('*') ? context.schema.relations .filter((relation) => relation.collection === options.collection || relation.related_collection === options.collection) .map((relation) => { const isMany = relation.collection === options.collection; return isMany ? relation.field : relation.meta?.one_field; }) : allowedFields.filter((fieldKey) => !!getRelation(context.schema.relations, options.collection, fieldKey)); const nonRelationalFields = allowedFields.filter((fieldKey) => relationalFields.includes(fieldKey) === false); const aliasFields = Object.keys(options.alias ?? {}).map((fieldKey) => { const name = options.alias[fieldKey]; if (relationalFields.includes(name)) { return `${fieldKey}.${parts.slice(1).join('.')}`; } return fieldKey; }); fields.splice(index, 1, ...[ ...relationalFields.map((relationalField) => { return `${relationalField}.${parts.slice(1).join('.')}`; }), ...nonRelationalFields, ...aliasFields, ]); } } return fields; }