diff --git a/code/RestfulServer.php b/code/RestfulServer.php
index 8b7644e..34b7a5c 100644
--- a/code/RestfulServer.php
+++ b/code/RestfulServer.php
@@ -229,20 +229,22 @@ class RestfulServer extends Controller
         $fields = $rawFields ? explode(',', $rawFields) : null;
 
         if ($obj instanceof SS_List) {
-            $responseFormatter->setTotalSize($obj->dataQuery()->query()->unlimitedRowCount());
-            $objs = new ArrayList($obj->toArray());
+            $objs = ArrayList::create($obj->toArray());
             foreach ($objs as $obj) {
                 if (!$obj->canView($this->getMember())) {
                     $objs->remove($obj);
                 }
             }
+            $responseFormatter->setTotalSize($objs->count());
             return $responseFormatter->convertDataObjectSet($objs, $fields);
-        } elseif (!$obj) {
+        }
+
+        if (!$obj) {
             $responseFormatter->setTotalSize(0);
             return $responseFormatter->convertDataObjectSet(new ArrayList(), $fields);
-        } else {
-            return $responseFormatter->convertDataObject($obj, $fields);
         }
+
+        return $responseFormatter->convertDataObject($obj, $fields);
     }
 
     /**
diff --git a/tests/unit/RestfulServerTest.php b/tests/unit/RestfulServerTest.php
index 54a9d77..fda3346 100644
--- a/tests/unit/RestfulServerTest.php
+++ b/tests/unit/RestfulServerTest.php
@@ -463,6 +463,8 @@ class RestfulServerTest extends SapphireTest
         $response = Director::test($url, null, null, 'GET');
         $this->assertEquals($response->getStatusCode(), 200);
         $this->assertNotContains('Unspeakable', $response->getBody());
+        $responseArray = Convert::json2array($response->getBody());
+        $this->assertSame(0, $responseArray['totalSize']);
 
         // With authentication
         $_SERVER['PHP_AUTH_USER'] = 'editor@test.com';
@@ -471,6 +473,9 @@ class RestfulServerTest extends SapphireTest
         $response = Director::test($url, null, null, 'GET');
         $this->assertEquals($response->getStatusCode(), 200);
         $this->assertContains('Unspeakable', $response->getBody());
+        // Assumption: default formatter is XML
+        $responseArray = Convert::xml2array($response->getBody());
+        $this->assertEquals(1, $responseArray['@attributes']['totalSize']);
         unset($_SERVER['PHP_AUTH_USER']);
         unset($_SERVER['PHP_AUTH_PW']);
     }