CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-07-06 23:21:05 +12:00
Code Issues Projects Releases Wiki Activity

Database side permission check for list document count

Browse source
This commit is contained in:
Jake Barnby 2023-03-29 16:05:53 +13:00
parent 1958cef3d2
commit d23a2e2040
No known key found for this signature in database
GPG key ID: C437A8CC85B96E9C
1 changed files with 12 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
app/controllers/api/databases.php
View file

@ -2808,9 +2808,19 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/documents')
unset($filterQueries[$key]);
}
}
$documents = Authorization::skip(fn () => $dbForProject->find('database_' . $database->getInternalId() . '_collection_' . $collection->getInternalId(), $queries));
$total = Authorization::skip(fn () => $dbForProject->count('database_' . $database->getInternalId() . '_collection_' . $collection->getInternalId(), $filterQueries, APP_LIMIT_COUNT));
$documentSecurity = $collection->getAttribute('documentSecurity', false);
$validator = new Authorization(Database::PERMISSION_READ);
$valid = $validator->isValid($collection->getRead());
if (!$valid) {
$total = $documentSecurity
? $dbForProject->count('database_' . $database->getInternalId() . '_collection_' . $collection->getInternalId(), $filterQueries, APP_LIMIT_COUNT)
: 0;
} else {
$total = Authorization::skip(fn() => $dbForProject->count('database_' . $database->getInternalId() . '_collection_' . $collection->getInternalId(), $filterQueries, APP_LIMIT_COUNT));
}
// Add $collectionId and $databaseId for all documents
$processDocument = function (Document $collection, Document $document) use (&$processDocument, $dbForProject, $database): bool {
@ -2871,7 +2881,6 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/documents')
foreach ($documents as $index => $document) {
if (!$processDocument($collection, $document)) {
unset($documents[$index]);
$total--;
}
}