More accurate OAS based on authenticated user

[paescuj]

Scope

What's changed:

• Return only paths / schemas that are actually available for current user (differentiating between public / normal user / admin)
• Ensure all included schemas are available
• Bit of clean-up

Potential Risks / Drawbacks

• Currently, required schemas are manually defined via x-schemas in openapi.yaml, meaning that it if the specs are updated it must be ensured that those are still correct. In the future, this could be made more dynamic by pulling in the schemas based on used $refs.

Review Notes / Questions

oas-user.json
oas-public.json
oas-user.json

[changeset-bot]

🦋 Changeset detected

Latest commit: 98dd671

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages

Name	Type
@directus/api	Patch
@directus/specs	Patch
directus	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[Luca-Dekker]

Currently this last version breaks all of the graphql introspection using a bearer token. @paescuj

[br41nslug]

@Luca-Dekker Authenticated introspection is working on my side but perhaps you're referring to SDL generation? #20490

If you mean something else do create a new issue for that instead of commenting on a potentially unrelated pull request.

[Luca-Dekker]

When fetching graphql schema's from using admin authentication/bearer token it doesn't return the full schema specifications, downgrading from 10.8.1 to 10.8.0 worked for me, I'm commenting here because this was the pull request that broke it. Just a heads up.

• ****/server/specs/graphql
• ****/server/specs/graphql/system

[br41nslug]

Feel free to add that context on the issue I linked which seems to match your issue.