Closed igmarketing closed 4 days ago
The filter keys don't support dot-notation for nested fields (eg "department_id.company_id"
). Can you try it with:
{
"department_id": {
"company_id": {
"_in": "$CURRENT_USER.n8n_user_id.n8n_user_companies.company_id"
}
}
}
instead?
Heya! There isn't enough information available to keep investigating this issue at present time, so it'll be closed until more information becomes available. Thanks!
Describe the Bug
I’m encountering an “Invalid filter key” error when applying row-level security (RLS) policies that reference nested Many-to-One (M2O) relationships. Specifically, I want to filter
n8n_workflows
by itsdepartment_id
(which referencesn8n_departments
), then further by that department’scompany_id
(which referencesn8n_companies
).My RLS Policy Snippet
Below is an example excerpt from my
policies
JSON, showing how I’m trying to filter ondepartment_id.company_id
:When my Company User tries to read data, Directus returns:
However, as Superadmin, I can query
n8n_workflows?fields=*,department_id.*
and seedepartment_id
expand to the related department object.Collections & Relationships
n8n_workflows
department_id
→ M2O →n8n_departments.id
n8n_departments
company_id
→ M2O →n8n_companies.id
I have verified that in the Directus “Data Model” UI, both are set up as Many-to-One fields.
What I Expected
I expected the row-level policy to allow me to nest
department_id.company_id
so that a Company User can only see workflows where the department’scompany_id
matches their assigned company. Essentially, we want this chain of references:What Happened Instead
Directus reports “invalid filter key,” implying it doesn’t recognize the nested property. This works fine for superadmin (who likely bypasses constraints) but breaks for the company user role.
I’ve tried variations like:
and
but all produce the same error.
To Reproduce
Create three collections in Directus:
n8n_workflows
(with adepartment_id
M2O referencingn8n_departments
)n8n_departments
(with acompany_id
M2O referencingn8n_companies
)n8n_companies
Set a row-level policy for a non-admin role (e.g. “Company User”) that attempts:
Log in as that Company User and perform a
GET /items/n8n_workflows
.Observe the error in the response:
Additional Steps or Logs
/items/n8n_workflows?fields=*,department_id.*
successfully/items/n8n_workflows
returns all workflows as expectedScreenshots / Exports
Below are some relevant screenshots:
Screenshot of
department_id
relationship in “Data Model” (Many-to-One ton8n_departments
):Screenshot of
company_id
inn8n_departments
(Many-to-One ton8n_companies
):Policy JSON
Database exports:
n8n_workflows
CSV: n8n_workflows 20250110-22203.csvSummary
In short, I’m unable to chain two M2O relationships (
department_id.company_id
) in a single row-level policy. I need assistance or a workaround to ensure my Company Users can only seen8n_workflows
belonging to their assigned company.Thank you for any guidance or suggestions!
Directus Version
11.3.5
Hosting Strategy
Self-Hosted (Custom)
Database
PostgreSQL 17.2