directus
226 строк · 5.4 Кб
1import { ErrorCode, isDirectusError } from '@directus/errors';2import type { PrimaryKey } from '@directus/types';3import express from 'express';4import { respond } from '../middleware/respond.js';5import useCollection from '../middleware/use-collection.js';6import { validateBatch } from '../middleware/validate-batch.js';7import { MetaService } from '../services/meta.js';8import { PermissionsService } from '../services/permissions/index.js';9import asyncHandler from '../utils/async-handler.js';10import { sanitizeQuery } from '../utils/sanitize-query.js';11const router = express.Router();13router.use(useCollection('directus_permissions'));15router.post(17'/',18asyncHandler(async (req, res, next) => {19const service = new PermissionsService({20accountability: req.accountability,21schema: req.schema,22});23const savedKeys: PrimaryKey[] = [];25if (Array.isArray(req.body)) {27const keys = await service.createMany(req.body);28savedKeys.push(...keys);29} else {30const key = await service.createOne(req.body);31savedKeys.push(key);32}33try {35if (Array.isArray(req.body)) {36const items = await service.readMany(savedKeys, req.sanitizedQuery);37res.locals['payload'] = { data: items };38} else {39const item = await service.readOne(savedKeys[0]!, req.sanitizedQuery);40res.locals['payload'] = { data: item };41}42} catch (error: any) {43if (isDirectusError(error, ErrorCode.Forbidden)) {44return next();45}46throw error;48}49return next();51}),52respond,53);54const readHandler = asyncHandler(async (req, res, next) => {56const service = new PermissionsService({57accountability: req.accountability,58schema: req.schema,59});60const metaService = new MetaService({62accountability: req.accountability,63schema: req.schema,64});65let result;67// TODO fix this at the service level69// temporary fix for missing permissions https://github.com/directus/directus/issues/1865470const temporaryQuery = { ...req.sanitizedQuery, limit: -1 };71if (req.singleton) {73result = await service.readSingleton(temporaryQuery);74} else if (req.body.keys) {75result = await service.readMany(req.body.keys, temporaryQuery);76} else {77result = await service.readByQuery(temporaryQuery);78}79const meta = await metaService.getMetaForQuery('directus_permissions', temporaryQuery);81res.locals['payload'] = { data: result, meta };83return next();84});85router.get('/', validateBatch('read'), readHandler, respond);87router.search('/', validateBatch('read'), readHandler, respond);88router.get(90'/:pk',91asyncHandler(async (req, res, next) => {92if (req.path.endsWith('me')) return next();93const service = new PermissionsService({95accountability: req.accountability,96schema: req.schema,97});98const record = await service.readOne(req.params['pk']!, req.sanitizedQuery);100res.locals['payload'] = { data: record };102return next();103}),104respond,105);106router.patch(108'/',109validateBatch('update'),110asyncHandler(async (req, res, next) => {111const service = new PermissionsService({112accountability: req.accountability,113schema: req.schema,114});115let keys: PrimaryKey[] = [];117if (Array.isArray(req.body)) {119keys = await service.updateBatch(req.body);120} else if (req.body.keys) {121keys = await service.updateMany(req.body.keys, req.body.data);122} else {123const sanitizedQuery = sanitizeQuery(req.body.query, req.accountability);124keys = await service.updateByQuery(sanitizedQuery, req.body.data);125}126try {128const result = await service.readMany(keys, req.sanitizedQuery);129res.locals['payload'] = { data: result };130} catch (error: any) {131if (isDirectusError(error, ErrorCode.Forbidden)) {132return next();133}134throw error;136}137return next();139}),140respond,141);142router.patch(144'/:pk',145asyncHandler(async (req, res, next) => {146const service = new PermissionsService({147accountability: req.accountability,148schema: req.schema,149});150const primaryKey = await service.updateOne(req.params['pk']!, req.body);152try {154const item = await service.readOne(primaryKey, req.sanitizedQuery);155res.locals['payload'] = { data: item || null };156} catch (error: any) {157if (isDirectusError(error, ErrorCode.Forbidden)) {158return next();159}160throw error;162}163return next();165}),166respond,167);168router.delete(170'/',171validateBatch('delete'),172asyncHandler(async (req, _res, next) => {173const service = new PermissionsService({174accountability: req.accountability,175schema: req.schema,176});177if (Array.isArray(req.body)) {179await service.deleteMany(req.body);180} else if (req.body.keys) {181await service.deleteMany(req.body.keys);182} else {183const sanitizedQuery = sanitizeQuery(req.body.query, req.accountability);184await service.deleteByQuery(sanitizedQuery);185}186return next();188}),189respond,190);191router.delete(193'/:pk',194asyncHandler(async (req, _res, next) => {195const service = new PermissionsService({196accountability: req.accountability,197schema: req.schema,198});199await service.deleteOne(req.params['pk']!);201return next();203}),204respond,205);206router.get(208'/me/:collection/:pk?',209asyncHandler(async (req, res, next) => {210const { collection, pk } = req.params;211const service = new PermissionsService({213accountability: req.accountability,214schema: req.schema,215});216const itemPermissions = await service.getItemPermissions(collection!, pk);218res.locals['payload'] = { data: itemPermissions };220return next();222}),223respond,224);225export default router;227