UNPKG

@directus/api

Version:

Directus is a real-time API and App dashboard for managing SQL database content

directus/directus

177 lines (176 loc) • 6.51 kB

JavaScript

import { ErrorCode, ForbiddenError, isDirectusError } from '@directus/errors'; import express from 'express'; import getDatabase from '../database/index.js'; import { respond } from '../middleware/respond.js'; import useCollection from '../middleware/use-collection.js'; import { validateBatch } from '../middleware/validate-batch.js'; import { fetchAccountabilityCollectionAccess } from '../permissions/modules/fetch-accountability-collection-access/fetch-accountability-collection-access.js'; import { MetaService } from '../services/meta.js'; import { PermissionsService } from '../services/permissions.js'; import asyncHandler from '../utils/async-handler.js'; import { sanitizeQuery } from '../utils/sanitize-query.js'; const router = express.Router(); router.use(useCollection('directus_permissions')); router.post('/', asyncHandler(async (req, res, next) => { const service = new PermissionsService({ accountability: req.accountability, schema: req.schema, }); const savedKeys = []; if (Array.isArray(req.body)) { const keys = await service.createMany(req.body); savedKeys.push(...keys); } else { const key = await service.createOne(req.body); savedKeys.push(key); } try { if (Array.isArray(req.body)) { const items = await service.readMany(savedKeys, req.sanitizedQuery); res.locals['payload'] = { data: items }; } else { const item = await service.readOne(savedKeys[0], req.sanitizedQuery); res.locals['payload'] = { data: item }; } } catch (error) { if (isDirectusError(error, ErrorCode.Forbidden)) { return next(); } throw error; } return next(); }), respond); const readHandler = asyncHandler(async (req, res, next) => { const service = new PermissionsService({ accountability: req.accountability, schema: req.schema, }); const metaService = new MetaService({ accountability: req.accountability, schema: req.schema, }); let result; // TODO fix this at the service level // temporary fix for missing permissions https://github.com/directus/directus/issues/18654 const temporaryQuery = { ...req.sanitizedQuery, limit: -1 }; if (req.singleton) { result = await service.readSingleton(temporaryQuery); } else if (req.body.keys) { result = await service.readMany(req.body.keys, temporaryQuery); } else { result = await service.readByQuery(temporaryQuery); } const meta = await metaService.getMetaForQuery('directus_permissions', temporaryQuery); res.locals['payload'] = { data: result, meta }; return next(); }); router.get('/', validateBatch('read'), readHandler, respond); router.search('/', validateBatch('read'), readHandler, respond); router.get('/me', asyncHandler(async (req, res, next) => { if (!req.accountability?.user && !req.accountability?.role && !req.accountability?.share) throw new ForbiddenError(); const result = await fetchAccountabilityCollectionAccess(req.accountability, { schema: req.schema, knex: getDatabase(), }); res.locals['payload'] = { data: result }; return next(); }), respond); router.get('/:pk', asyncHandler(async (req, res, next) => { if (req.path.endsWith('me')) return next(); const service = new PermissionsService({ accountability: req.accountability, schema: req.schema, }); const record = await service.readOne(req.params['pk'], req.sanitizedQuery); res.locals['payload'] = { data: record }; return next(); }), respond); router.patch('/', validateBatch('update'), asyncHandler(async (req, res, next) => { const service = new PermissionsService({ accountability: req.accountability, schema: req.schema, }); let keys = []; if (Array.isArray(req.body)) { keys = await service.updateBatch(req.body); } else if (req.body.keys) { keys = await service.updateMany(req.body.keys, req.body.data); } else { const sanitizedQuery = await sanitizeQuery(req.body.query, req.schema, req.accountability); keys = await service.updateByQuery(sanitizedQuery, req.body.data); } try { const result = await service.readMany(keys, req.sanitizedQuery); res.locals['payload'] = { data: result }; } catch (error) { if (isDirectusError(error, ErrorCode.Forbidden)) { return next(); } throw error; } return next(); }), respond); router.patch('/:pk', asyncHandler(async (req, res, next) => { const service = new PermissionsService({ accountability: req.accountability, schema: req.schema, }); const primaryKey = await service.updateOne(req.params['pk'], req.body); try { const item = await service.readOne(primaryKey, req.sanitizedQuery); res.locals['payload'] = { data: item || null }; } catch (error) { if (isDirectusError(error, ErrorCode.Forbidden)) { return next(); } throw error; } return next(); }), respond); router.delete('/', validateBatch('delete'), asyncHandler(async (req, _res, next) => { const service = new PermissionsService({ accountability: req.accountability, schema: req.schema, }); if (Array.isArray(req.body)) { await service.deleteMany(req.body); } else if (req.body.keys) { await service.deleteMany(req.body.keys); } else { const sanitizedQuery = await sanitizeQuery(req.body.query, req.schema, req.accountability); await service.deleteByQuery(sanitizedQuery); } return next(); }), respond); router.delete('/:pk', asyncHandler(async (req, _res, next) => { const service = new PermissionsService({ accountability: req.accountability, schema: req.schema, }); await service.deleteOne(req.params['pk']); return next(); }), respond); router.get('/me/:collection/:pk?', asyncHandler(async (req, res, next) => { const { collection, pk } = req.params; const service = new PermissionsService({ accountability: req.accountability, schema: req.schema, }); const itemPermissions = await service.getItemPermissions(collection, pk); res.locals['payload'] = { data: itemPermissions }; return next(); }), respond); export default router;