Directus Version: 11.11.0
1. Goal
I am trying to implement a permissions model where access to a comment (from directus_comments) is strictly determined by the user’s access to the item the comment is attached to. This must also cascade to files attached to the comment.
The desired logic is:
User can read Item X→User can read all Comments on Item X→ `User can read all Files on those Comments
`
2. Current Setup
- I have extended the
directus_commentscollection with a Many-to-Any (M2A) relationship field (e.g.,collections), linking comments to items in various other collections (e.g.,articles,pages,test). - A separate
filesrelationship field ondirectus_commentslinks to thedirectus_filescollection.
3. The Problem & What I’ve Tried
The core issue is that permissions for directus_comments cannot seem to dynamically reference the permissions of the parent item via the M2A relationship.
I tried to create a read permission rule for the directus_comments collection that checks the status of the linked item in the test collection:
Result: This does not work. Users only see their own comments, not all comments on items they have access to read.
Assumption: The permission system cannot perform a deep relational query across an M2A junction to validate the status of the parent test item.
4. Key Details
- The
testcollection has item-level permissions: users can read an item ifstatusis'published'OR if they are theuser_created. - The junction table for the M2A relationship currently has full read/create permissions.
- The goal is for the comment permissions to be dynamic and inherit the rules of their parent collection/item.
Any guidance, clarification on syntax, or suggested alternative approaches would be immensely helpful. Thank you!