Improve related authorized checks

[cristijora]

1. Reorder authorization check in RelatedCollection

Problem

In RelatedCollection::forRequest(), the authorized() method runs before inRequest(), causing authorization checks on ALL related fields defined in a repository, even when only a subset is requested.

Example: A repository with 9 related fields (activities, contacts, invoices, notes, addresses, etc.) will authorize all 9 fields even when the request only includes ?related=addresses.

With 50 items per page, this results in 450 authorization checks instead of 50.

For example /restify/customers?related=addresses if the customer repository had 10 relationships, it would go through other relationships and to authorized checks even if those relationships are no part of the request.

Solution

Swap the order so filtering happens before authorization:

Impact

• Before: Authorizes N fields x M items per request (e.g., 9 x 50 = 450 checks)
• After: Authorizes only requested fields x M items (e.g., 1 x 50 = 50 checks)
• Measured improvement: 50-100ms reduction per request when fetching 100 items

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
laravel-restify	Error			Nov 30, 2025 4:27pm
laravel-restify-ol4i	Error			Nov 30, 2025 4:27pm