From the doc: Users | Directus Docs, to get policies, I only need to hit /users/{id} or /users/me to get all policies given to the user. But in 11.8.0, I can’t find it. There is no policies field.
Is it a bug or there are any settings I forgot? TIA.
@ymys
Seems like user needs read access to directus_users and directus_access (latter is the joining table for users and policies). This will return user assigned policy ids. This does actually return the id of the join table row.
To also read the policy content, read access to directus_policies and sufficient query depth is also needed. To query the actual id and/or content of the policy you have to query with depth of 3 to include directus_policies table: /users/me?fields=*.*.*
(Not sure if it is intended behavior to return join ids instead of actual policy ids. Maybe someone from Directus can shed some light on this)
You may want to limit read access to $CURRENT_USER tho, so that policies of other users don’t get leaked.
All above seems only to be true for policies directly assigned to the user. Policies assigned to roles need to be queried through the role object.
Would be nice tho, to have consolidated policies of users and roles returned by /users/me endpoint…
Quickly tested /users/me on 11.8.0 as admin user and it does include the policies field.
Maybe your user is missing read permission on directus_policies table?