From cb8ea67deed9d6574b5c501b6b28f276298f15a5 Mon Sep 17 00:00:00 2001 From: Esteban Gallego Date: Fri, 17 Nov 2023 20:46:32 -0500 Subject: [PATCH 1/2] Filter only the Projects that belong to the User --- resources/js/components/shared/PmqlInputFilters.vue | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/resources/js/components/shared/PmqlInputFilters.vue b/resources/js/components/shared/PmqlInputFilters.vue index 7f4afb711d..41238b3c33 100644 --- a/resources/js/components/shared/PmqlInputFilters.vue +++ b/resources/js/components/shared/PmqlInputFilters.vue @@ -695,10 +695,12 @@ export default { this.allLoading(true); const { data } = await ProcessMaker.apiClient.get("/projects/search?type=project_all"); - - if (data.projects) { - this.projectOptions = data.projects; + const projectsFilter = await ProcessMaker.apiClient.get("/projects?status=all&per_page=100"); + + if (projectsFilter.data.data) { + this.projectOptions = projectsFilter.data.data; } + if (data.members?.users) { const usersWithMappedNames = data.members.users .filter(user => !!user) From 990a5df8a0f80e9479a0f67b8bec793d91043d0f Mon Sep 17 00:00:00 2001 From: Sanja Date: Tue, 21 Nov 2023 09:54:42 -0800 Subject: [PATCH 2/2] Refactor project search endpoint to filter projects where the user is an owner or member --- .../Traits/SearchAutocompleteTrait.php | 35 ++++++++++++++----- .../js/components/shared/PmqlInputFilters.vue | 7 ++-- 2 files changed, 28 insertions(+), 14 deletions(-) diff --git a/ProcessMaker/Traits/SearchAutocompleteTrait.php b/ProcessMaker/Traits/SearchAutocompleteTrait.php index f1aba417f5..5b4cad62c2 100644 --- a/ProcessMaker/Traits/SearchAutocompleteTrait.php +++ b/ProcessMaker/Traits/SearchAutocompleteTrait.php @@ -190,21 +190,38 @@ private function searchProjects($query) $projectModalClass = 'ProcessMaker\Package\Projects\Models\Project'; $project = new $projectModalClass; - if (empty($query)) { - $results = $project->get(); - } else { - $results = $project->pmql('title = "' . $query . '"', function ($expression) { - return function ($query) use ($expression) { - $query->where($expression->field->field(), 'LIKE', '%' . $expression->value->value() . '%'); - }; - })->get(); - } + $projectMemberModalClass = 'ProcessMaker\Package\Projects\Models\ProjectMember'; + $projectMember = new $projectMemberModalClass; + $user = Auth::user(); + $ids = $projectMember->getProjectWhereTheUserIsMember($user); + + $results = empty($query) + ? $this->searchProjectsNoQuery($project, $user, $ids) + : $this->searchProjectsWithQuery($project, $query, $user, $ids); return $results->map(function ($request) { return $request->only(['id', 'title']); }); } + private function searchProjectsNoQuery($project, $user, $ids) + { + return $project->where(function ($query) use ($user, $ids) { + $query->owner($user->id)->orWhereIn('id', $ids); + })->get(); + } + + private function searchProjectsWithQuery($project, $query, $user, $ids) + { + return $project->pmql('title = "' . $query . '"', function ($expression) use ($user, $ids) { + return function ($query) use ($expression, $user, $ids) { + $query->owner($user->id) + ->orWhereIn('id', $ids) + ->where($expression->field->field(), 'LIKE', '%' . $expression->value->value() . '%'); + }; + })->get(); + } + private function searchProjectMembers($query) { return (object) [ diff --git a/resources/js/components/shared/PmqlInputFilters.vue b/resources/js/components/shared/PmqlInputFilters.vue index 41238b3c33..836fe931db 100644 --- a/resources/js/components/shared/PmqlInputFilters.vue +++ b/resources/js/components/shared/PmqlInputFilters.vue @@ -695,12 +695,9 @@ export default { this.allLoading(true); const { data } = await ProcessMaker.apiClient.get("/projects/search?type=project_all"); - const projectsFilter = await ProcessMaker.apiClient.get("/projects?status=all&per_page=100"); - if (projectsFilter.data.data) { - this.projectOptions = projectsFilter.data.data; - } - + this.projectOptions = data.projects ? data.projects : []; + if (data.members?.users) { const usersWithMappedNames = data.members.users .filter(user => !!user)