🐛 search query limit applied on scout fetches

src/Http/Requests/RestRequest.php

@@ -10,4 +10,14 @@ class RestRequest extends FormRequest
 {
     use InteractsWithRules;
     use Resourcable;
+
+    /**
+     * Determine if scout mode is asked for the given request.
+     *
+     * @var bool
+     */
+    public function isScoutMode()
+    {
+        return $this->has('search.text.value');
+    }
 }

src/Query/Builder.php

@@ -37,6 +37,13 @@ public function __construct(Resource $resource, \Illuminate\Database\Eloquent\Bu
      */
     protected $resource;
 
+    /**
+     * Determine if security should be disabled in case we don't want it.
+     *
+     * @var bool
+     */
+    protected bool $disableSecurity = false;
+
     /**
      * The query builder instance.
      *
@@ -49,6 +56,13 @@ public function newQueryBuilder($parameters)
         return app()->make(QueryBuilder::class, $parameters);
     }
 
+    public function disableSecurity($disable = true)
+    {
+        $this->disableSecurity = $disable;
+
+        return $this;
+    }
+
     /**
      * Convert the query builder to an Eloquent query builder.
      *

src/Query/ScoutBuilder.php

@@ -37,11 +37,10 @@ public function search(array $parameters = [])
             $this->applyInstructions($parameters['instructions']);
         });
 
-        // @TODO: instructions scout side ????
-
         $this->queryBuilder
             ->query(function (Builder $query) use ($parameters) {
                 app()->make(QueryBuilder::class, ['query' => $query, 'resource' => $this->resource])
+                    ->disableSecurity()
                     ->search(
                         collect($parameters)
                             ->except([

src/Query/Traits/PerformSearch.php

@@ -20,7 +20,9 @@ public function search(array $parameters = [])
     {
         $this->resource->authorizeTo('viewAny', $this->resource::$model);
 
-        $this->resource->searchQuery(app()->make(RestRequest::class), $this->queryBuilder);
+        $this->when(!$this->disableSecurity, function () {
+            $this->resource->searchQuery(app()->make(RestRequest::class), $this->queryBuilder);
+        });
 
         // Here we run the filters in a subquery to avoid conflicts
         $this->when(isset($parameters['filters']), function () use ($parameters) {
@@ -57,8 +59,8 @@ public function search(array $parameters = [])
             $this->applyAggregates($parameters['aggregates']);
         });
 
-        // In case we are in a relation we don't apply the limits since we dont know how much records will be related.
-        if (!$this->queryBuilder instanceof Relation) {
+        // In case we are in a relation we don't apply the limits since we don't know how much records will be related.
+        if (!$this->queryBuilder instanceof Relation && !$this->disableSecurity) {
             $this->queryBuilder->limit($parameters['limit'] ?? 50);
         }
 

src/Rules/SearchRules.php

@@ -35,16 +35,6 @@ class SearchRules implements ValidationRule, ValidatorAwareRule
      */
     protected RestRequest $request;
 
-    /**
-     * Determine if scout mode is asked for the given request.
-     *
-     * @var bool
-     */
-    public function isScoutMode()
-    {
-        return $this->request->has('search.text.value');
-    }
-
     /**
      * If the rules is specified at root level.
      *
@@ -137,7 +127,7 @@ public function textRules(\Lomkit\Rest\Http\Resource $resource, string $prefix)
      */
     public function filtersRules(\Lomkit\Rest\Http\Resource $resource, string $prefix, bool $isMaxDepth = false)
     {
-        $isScoutMode = $this->isScoutMode();
+        $isScoutMode = $this->request->isScoutMode();
 
         $operatorRules = $isScoutMode ?
             ['=', 'in', 'not in'] :
@@ -193,7 +183,7 @@ public function filtersRules(\Lomkit\Rest\Http\Resource $resource, string $prefi
      */
     protected function scopesRules(\Lomkit\Rest\Http\Resource $resource, string $prefix)
     {
-        if ($this->isScoutMode()) {
+        if ($this->request->isScoutMode()) {
             return [
                 $prefix => 'prohibited',
             ];
@@ -226,7 +216,7 @@ protected function instructionsRules(\Lomkit\Rest\Http\Resource $resource, strin
     {
         $instructionNames = Rule::in(
             collect(
-                $this->isScoutMode() ?
+                $this->request->isScoutMode() ?
                     $resource->getScoutInstructions($this->request) :
                     $resource->getInstructions($this->request)
             )
@@ -263,7 +253,7 @@ protected function instructionsRules(\Lomkit\Rest\Http\Resource $resource, strin
      */
     protected function sortsRules(\Lomkit\Rest\Http\Resource $resource, string $prefix)
     {
-        $fields = $this->isScoutMode() ?
+        $fields = $this->request->isScoutMode() ?
             Rule::in($resource->getScoutFields($this->request)) :
             Rule::in($resource->getFields($this->request));