Database side permission check for list document count
This commit is contained in:
parent
1958cef3d2
commit
d23a2e2040
1 changed files with 12 additions and 3 deletions
|
@ -2808,9 +2808,19 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/documents')
|
||||||
unset($filterQueries[$key]);
|
unset($filterQueries[$key]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$documents = Authorization::skip(fn () => $dbForProject->find('database_' . $database->getInternalId() . '_collection_' . $collection->getInternalId(), $queries));
|
$documents = Authorization::skip(fn () => $dbForProject->find('database_' . $database->getInternalId() . '_collection_' . $collection->getInternalId(), $queries));
|
||||||
$total = Authorization::skip(fn () => $dbForProject->count('database_' . $database->getInternalId() . '_collection_' . $collection->getInternalId(), $filterQueries, APP_LIMIT_COUNT));
|
|
||||||
|
$documentSecurity = $collection->getAttribute('documentSecurity', false);
|
||||||
|
$validator = new Authorization(Database::PERMISSION_READ);
|
||||||
|
$valid = $validator->isValid($collection->getRead());
|
||||||
|
|
||||||
|
if (!$valid) {
|
||||||
|
$total = $documentSecurity
|
||||||
|
? $dbForProject->count('database_' . $database->getInternalId() . '_collection_' . $collection->getInternalId(), $filterQueries, APP_LIMIT_COUNT)
|
||||||
|
: 0;
|
||||||
|
} else {
|
||||||
|
$total = Authorization::skip(fn() => $dbForProject->count('database_' . $database->getInternalId() . '_collection_' . $collection->getInternalId(), $filterQueries, APP_LIMIT_COUNT));
|
||||||
|
}
|
||||||
|
|
||||||
// Add $collectionId and $databaseId for all documents
|
// Add $collectionId and $databaseId for all documents
|
||||||
$processDocument = function (Document $collection, Document $document) use (&$processDocument, $dbForProject, $database): bool {
|
$processDocument = function (Document $collection, Document $document) use (&$processDocument, $dbForProject, $database): bool {
|
||||||
|
@ -2871,7 +2881,6 @@ App::get('/v1/databases/:databaseId/collections/:collectionId/documents')
|
||||||
foreach ($documents as $index => $document) {
|
foreach ($documents as $index => $document) {
|
||||||
if (!$processDocument($collection, $document)) {
|
if (!$processDocument($collection, $document)) {
|
||||||
unset($documents[$index]);
|
unset($documents[$index]);
|
||||||
$total--;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue