Merge pull request #769 from utopia-php/count-with-find

abnegate · web-flow · commit e2248ed419ac · 2025-12-02T06:47:38.000Z
Throw Auth in count and Sum methods - Remove order queries too
diff --git a/src/Database/Adapter/SQL.php b/src/Database/Adapter/SQL.php
@@ -2963,7 +2963,6 @@ protected function convertArrayToWKT(array $geometry): string
      */
     public function find(Document $collection, array $queries = [], ?int $limit = 25, ?int $offset = null, array $orderAttributes = [], array $orderTypes = [], array $cursor = [], string $cursorDirection = Database::CURSOR_AFTER, string $forPermission = Database::PERMISSION_READ): array
     {
-        $attributes = $collection->getAttribute('attributes', []);
         $collection = $collection->getId();
         $name = $this->filter($collection);
         $roles = $this->authorization->getRoles();
@@ -3180,7 +3179,6 @@ public function find(Document $collection, array $queries = [], ?int $limit = 25
      */
     public function count(Document $collection, array $queries = [], ?int $max = null): int
     {
-        $attributes = $collection->getAttribute("attributes", []);
         $collection = $collection->getId();
         $name = $this->filter($collection);
         $roles = $this->authorization->getRoles();
@@ -3196,13 +3194,9 @@ public function count(Document $collection, array $queries = [], ?int $max = nul
 
         $queries = array_map(fn ($query) => clone $query, $queries);
 
-        // Extract vector queries (used for ORDER BY) and keep non-vector for WHERE
-        $vectorQueries = [];
         $otherQueries = [];
         foreach ($queries as $query) {
-            if (in_array($query->getMethod(), Query::VECTOR_TYPES)) {
-                $vectorQueries[] = $query;
-            } else {
+            if (!in_array($query->getMethod(), Query::VECTOR_TYPES)) {
                 $otherQueries[] = $query;
             }
         }
@@ -3225,22 +3219,11 @@ public function count(Document $collection, array $queries = [], ?int $max = nul
             ? 'WHERE ' . \implode(' AND ', $where)
             : '';
 
-        // Add vector distance calculations to ORDER BY (similarity-aware LIMIT)
-        $vectorOrders = [];
-        foreach ($vectorQueries as $query) {
-            $vectorOrder = $this->getVectorDistanceOrder($query, $binds, $alias);
-            if ($vectorOrder) {
-                $vectorOrders[] = $vectorOrder;
-            }
-        }
-        $sqlOrder = !empty($vectorOrders) ? 'ORDER BY ' . implode(', ', $vectorOrders) : '';
-
         $sql = "
 			SELECT COUNT(1) as sum FROM (
 				SELECT 1
 				FROM {$this->getSQLTable($name)} AS {$this->quote($alias)}
                 {$sqlWhere}
-                {$sqlOrder}
                 {$limit}
 			) table_count
         ";
@@ -3277,7 +3260,6 @@ public function count(Document $collection, array $queries = [], ?int $max = nul
      */
     public function sum(Document $collection, string $attribute, array $queries = [], ?int $max = null): int|float
     {
-        $collectionAttributes = $collection->getAttribute("attributes", []);
         $collection = $collection->getId();
         $name = $this->filter($collection);
         $attribute = $this->filter($attribute);
@@ -3294,13 +3276,9 @@ public function sum(Document $collection, string $attribute, array $queries = []
 
         $queries = array_map(fn ($query) => clone $query, $queries);
 
-        // Extract vector queries (used for ORDER BY) and keep non-vector for WHERE
-        $vectorQueries = [];
         $otherQueries = [];
         foreach ($queries as $query) {
-            if (in_array($query->getMethod(), Query::VECTOR_TYPES)) {
-                $vectorQueries[] = $query;
-            } else {
+            if (!in_array($query->getMethod(), Query::VECTOR_TYPES)) {
                 $otherQueries[] = $query;
             }
         }
@@ -3323,22 +3301,11 @@ public function sum(Document $collection, string $attribute, array $queries = []
             ? 'WHERE ' . \implode(' AND ', $where)
             : '';
 
-        // Add vector distance calculations to ORDER BY (similarity-aware LIMIT)
-        $vectorOrders = [];
-        foreach ($vectorQueries as $query) {
-            $vectorOrder = $this->getVectorDistanceOrder($query, $binds, $alias);
-            if ($vectorOrder) {
-                $vectorOrders[] = $vectorOrder;
-            }
-        }
-        $sqlOrder = !empty($vectorOrders) ? 'ORDER BY ' . implode(', ', $vectorOrders) : '';
-
         $sql = "
 			SELECT SUM({$this->quote($attribute)}) as sum FROM (
 				SELECT {$this->quote($attribute)}
 				FROM {$this->getSQLTable($name)} AS {$this->quote($alias)}
 				{$sqlWhere}
-				{$sqlOrder}
 				{$limit}
 			) table_count
         ";
diff --git a/src/Database/Database.php b/src/Database/Database.php
@@ -7729,7 +7729,6 @@ public function find(string $collection, array $queries = [], string $forPermiss
         $documentSecurity = $collection->getAttribute('documentSecurity', false);
         $skipAuth = $this->authorization->isValid(new Input($forPermission, $collection->getPermissionsByType($forPermission)));
 
-
         if (!$skipAuth && !$documentSecurity && $collection->getId() !== self::METADATA) {
             throw new AuthorizationException($this->authorization->getDescription());
         }
@@ -7963,7 +7962,13 @@ public function count(string $collection, array $queries = [], ?int $max = null)
             }
         }
 
+        $documentSecurity = $collection->getAttribute('documentSecurity', false);
         $skipAuth = $this->authorization->isValid(new Input(self::PERMISSION_READ, $collection->getRead()));
+
+        if (!$skipAuth && !$documentSecurity && $collection->getId() !== self::METADATA) {
+            throw new AuthorizationException($this->authorization->getDescription());
+        }
+
         $relationships = \array_filter(
             $collection->getAttribute('attributes', []),
             fn (Document $attribute) => $attribute->getAttribute('type') === self::VAR_RELATIONSHIP
@@ -8025,8 +8030,13 @@ public function sum(string $collection, string $attribute, array $queries = [],
             }
         }
 
+        $documentSecurity = $collection->getAttribute('documentSecurity', false);
         $skipAuth = $this->authorization->isValid(new Input(self::PERMISSION_READ, $collection->getRead()));
 
+        if (!$skipAuth && !$documentSecurity && $collection->getId() !== self::METADATA) {
+            throw new AuthorizationException($this->authorization->getDescription());
+        }
+
         $relationships = \array_filter(
             $collection->getAttribute('attributes', []),
             fn (Document $attribute) => $attribute->getAttribute('type') === self::VAR_RELATIONSHIP
diff --git a/tests/e2e/Adapter/Scopes/PermissionTests.php b/tests/e2e/Adapter/Scopes/PermissionTests.php
@@ -460,10 +460,12 @@ public function testCollectionPermissionsCountThrowsException(array $data): void
         /** @var Database $database */
         $database = $this->getDatabase();
 
-        $count = $database->count(
-            $collection->getId()
-        );
-        $this->assertEmpty($count);
+        try {
+            $database->count($collection->getId());
+            $this->fail('Failed to throw exception');
+        } catch (\Throwable $th) {
+            $this->assertInstanceOf(AuthorizationException::class, $th);
+        }
     }
 
     /**
