From 06068c04066e41b91992c42e59156cb82c0dc701 Mon Sep 17 00:00:00 2001
From: fogelito <fogelshmuel@gmail.com>
Date: Tue, 12 May 2026 20:51:57 +0300
Subject: [PATCH 1/4] skip subQueryTargets

---
 app/controllers/api/users.php | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/app/controllers/api/users.php b/app/controllers/api/users.php
index 3f52069609..2251520a92 100644
--- a/app/controllers/api/users.php
+++ b/app/controllers/api/users.php
@@ -731,6 +731,13 @@ Http::get('/v1/users')
             $cursor->setValue($cursorDocument);
         }
 
+        $skipFilters = ['subQueryAuthenticators', 'subQuerySessions', 'subQueryTokens', 'subQueryChallenges', 'subQueryMemberships'];
+
+        $selects = Query::getByType($queries, [Query::TYPE_SELECT]);
+        if (empty($selects)) {
+            $skipFilters[] = 'subQueryTargets';
+        }
+
         $users = [];
         $total = 0;
 
@@ -743,7 +750,28 @@ Http::get('/v1/users')
             } catch (QueryException $e) {
                 throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage());
             }
-        }, ['subQueryAuthenticators', 'subQuerySessions', 'subQueryTokens', 'subQueryChallenges', 'subQueryMemberships']);
+        }, $skipFilters);
+
+        if (empty($selects) && !empty($users)) {
+            $sequences = [];
+            foreach ($users as $user) {
+                $sequences[] = $user->getSequence();
+            }
+
+            $targets = $dbForProject->find('targets', [
+                Query::equal('userInternalId', $sequences),
+                Query::limit(PHP_INT_MAX),
+            ]);
+
+            $targetsByUser = [];
+            foreach ($targets as $target) {
+                $targetsByUser[$target->getAttribute('userInternalId')][] = $target;
+            }
+
+            foreach ($users as $user) {
+                $user->setAttribute('targets', $targetsByUser[$user->getSequence()] ?? []);
+            }
+        }
 
         $response->dynamic(new Document([
             'users' => $users,

From 2ea66a0d8ba1ab6ddedcddc0c6d85994aaba5165 Mon Sep 17 00:00:00 2001
From: fogelito <fogelshmuel@gmail.com>
Date: Wed, 13 May 2026 08:36:57 +0300
Subject: [PATCH 2/4] APP_LIMIT_SUBQUERY

---
 app/controllers/api/users.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/users.php b/app/controllers/api/users.php
index 2251520a92..38f1fb2159 100644
--- a/app/controllers/api/users.php
+++ b/app/controllers/api/users.php
@@ -760,7 +760,7 @@ Http::get('/v1/users')
 
             $targets = $dbForProject->find('targets', [
                 Query::equal('userInternalId', $sequences),
-                Query::limit(PHP_INT_MAX),
+                Query::limit(\count($sequences) * APP_LIMIT_SUBQUERY),
             ]);
 
             $targetsByUser = [];

From 1435e2c526f8472df6ecc622c3d840278b38a9bc Mon Sep 17 00:00:00 2001
From: fogelito <fogelshmuel@gmail.com>
Date: Wed, 13 May 2026 08:41:14 +0300
Subject: [PATCH 3/4] use max

---
 app/controllers/api/users.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/users.php b/app/controllers/api/users.php
index 38f1fb2159..2251520a92 100644
--- a/app/controllers/api/users.php
+++ b/app/controllers/api/users.php
@@ -760,7 +760,7 @@ Http::get('/v1/users')
 
             $targets = $dbForProject->find('targets', [
                 Query::equal('userInternalId', $sequences),
-                Query::limit(\count($sequences) * APP_LIMIT_SUBQUERY),
+                Query::limit(PHP_INT_MAX),
             ]);
 
             $targetsByUser = [];

From d9446fa8926bc1743940dbd65868ecf369d5501b Mon Sep 17 00:00:00 2001
From: fogelito <fogelshmuel@gmail.com>
Date: Thu, 14 May 2026 14:45:00 +0300
Subject: [PATCH 4/4] address

---
 app/controllers/api/users.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/app/controllers/api/users.php b/app/controllers/api/users.php
index 2251520a92..9230ae0190 100644
--- a/app/controllers/api/users.php
+++ b/app/controllers/api/users.php
@@ -758,10 +758,14 @@ Http::get('/v1/users')
                 $sequences[] = $user->getSequence();
             }
 
-            $targets = $dbForProject->find('targets', [
-                Query::equal('userInternalId', $sequences),
-                Query::limit(PHP_INT_MAX),
-            ]);
+            try {
+                $targets = $dbForProject->getAuthorization()->skip(fn () => $dbForProject->find('targets', [
+                    Query::equal('userInternalId', $sequences),
+                    Query::limit(PHP_INT_MAX),
+                ]));
+            } catch (QueryException $e) {
+                throw new Exception(Exception::GENERAL_QUERY_INVALID, $e->getMessage());
+            }
 
             $targetsByUser = [];
             foreach ($targets as $target) {