Merge pull request #14372 from opf/fix-filter-query

Fix `in_project` scope that is used by the members filter
opf · Dec 11, 2023 · 755035f · 755035f
2 parents b805d56 + 8f742da
commit 755035f
Show file tree

Hide file tree

Showing 10 changed files with 159 additions and 14 deletions.
diff --git a/app/models/principal.rb b/app/models/principal.rb
@@ -87,6 +87,14 @@ class Principal < ApplicationRecord
     where.not(id: Member.of_project(project).select(:user_id))
   }
 
+  scope :in_anything_in_project, ->(project) {
+    where(id: Member.of_anything_in_project(project).select(:user_id))
+  }
+
+  scope :not_in_anything_in_project, ->(project) {
+    where.not(id: Member.of_anything_in_project(project).select(:user_id))
+  }
+
   scope :in_group, ->(group) {
     within_group(group)
   }

diff --git a/app/models/queries/principals.rb b/app/models/queries/principals.rb
@@ -28,6 +28,7 @@
 
 module Queries::Principals
   ::Queries::Register.register(PrincipalQuery) do
+    filter Filters::AccessToAnythingInProjectFilter
     filter Filters::TypeFilter
     filter Filters::MemberFilter
     filter Filters::MentionableOnWorkPackageFilter

diff --git a/app/models/queries/principals/filters/access_to_anything_in_project_filter.rb b/app/models/queries/principals/filters/access_to_anything_in_project_filter.rb
@@ -0,0 +1,69 @@
+#-- copyright
+# OpenProject is an open source project management software.
+# Copyright (C) 2012-2023 the OpenProject GmbH
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
+# Copyright (C) 2006-2013 Jean-Philippe Lang
+# Copyright (C) 2010-2013 the ChiliProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+# See COPYRIGHT and LICENSE files for more details.
+#++
+
+class Queries::Principals::Filters::AccessToAnythingInProjectFilter < Queries::Principals::Filters::PrincipalFilter
+  def allowed_values
+    Project
+    .visible(User.current)
+    .active
+    .pluck(:name, :id)
+  end
+
+  def type
+    :list_optional
+  end
+
+  def self.key
+    :access_to_anything_in_project
+  end
+
+  def scope
+    case operator
+    when '='
+      visible_scope.in_anything_in_project(values)
+    when '!'
+      visible_scope.not_in_anything_in_project(values)
+    when '*'
+      member_included_scope.where.not(members: { id: nil })
+    when '!*'
+      member_included_scope.where.not(id: Member.distinct(:user_id).select(:user_id))
+    end
+  end
+
+  private
+
+  def visible_scope
+    Principal.visible(User.current)
+  end
+
+  def member_included_scope
+    visible_scope
+      .includes(:members)
+      .merge(Member.where.not(project: nil))
+  end
+end
diff --git a/app/models/queries/work_packages/filter/shared_with_user_filter.rb b/app/models/queries/work_packages/filter/shared_with_user_filter.rb
@@ -70,9 +70,8 @@ def view_shared_work_packages_allowed?
   end
 
   def visible_shared_work_packages
-    WorkPackage.joins("JOIN members ON members.entity_id = work_packages.id")
-               .where(members: { entity_type: 'WorkPackage',
-                                 project: visible_projects })
+    WorkPackage.joins("JOIN members ON members.entity_type = 'WorkPackage' AND members.entity_id = work_packages.id")
+               .where(members: { project: visible_projects })
   end
 
   def visible_projects

diff --git a/lib/api/v3/queries/schemas/access_to_project_filter_dependency_representer.rb b/lib/api/v3/queries/schemas/access_to_project_filter_dependency_representer.rb
@@ -0,0 +1,61 @@
+#-- copyright
+# OpenProject is an open source project management software.
+# Copyright (C) 2012-2023 the OpenProject GmbH
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
+# Copyright (C) 2006-2013 Jean-Philippe Lang
+# Copyright (C) 2010-2013 the ChiliProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+# See COPYRIGHT and LICENSE files for more details.
+#++
+
+module API
+  module V3
+    module Queries
+      module Schemas
+        class AccessToProjectFilterDependencyRepresenter <
+          PrincipalFilterDependencyRepresenter
+          def json_cache_key
+            if filter.project
+              super + [filter.project.id]
+            else
+              super
+            end
+          end
+
+          private
+
+          def filter_query
+            params = [{ status: { operator: '!',
+                                  values: [Principal.statuses[:locked].to_s] } }]
+
+            params << if filter.project
+                        { access_to_anything_in_project: { operator: '=', values: [filter.project.id.to_s] } }
+                      else
+                        { access_to_anything_in_project: { operator: '*', values: [] } }
+                      end
+
+            params
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/lib/api/v3/queries/schemas/assignee_or_group_filter_dependency_representer.rb b/lib/api/v3/queries/schemas/assignee_or_group_filter_dependency_representer.rb
@@ -30,8 +30,7 @@ module API
   module V3
     module Queries
       module Schemas
-        class AssigneeOrGroupFilterDependencyRepresenter <
-          AllPrincipalsFilterDependencyRepresenter
+        class AssigneeOrGroupFilterDependencyRepresenter < ProjectMembersFilterDependencyRepresenter
         end
       end
     end

diff --git a/lib/api/v3/queries/schemas/filter_dependency_representer_factory.rb b/lib/api/v3/queries/schemas/filter_dependency_representer_factory.rb
@@ -55,9 +55,9 @@ def create(filter, operator, form_embedded: false)
             CreatedAtFilter: 'DateTimeFilter',
             UpdatedAtFilter: 'DateTimeFilter',
             AuthorFilter: 'UserFilter',
-            ResponsibleFilter: 'AllPrincipalsFilter',
-            AssignedToFilter: 'AllPrincipalsFilter',
-            SharedWithUserFilter: 'AllPrincipalsFilter',
+            ResponsibleFilter: 'ProjectMembersFilter',
+            AssignedToFilter: 'ProjectMembersFilter',
+            SharedWithUserFilter: 'AccessToProjectFilter',
             WatcherFilter: 'UserFilter'
           }
 

diff --git a/...incipals_filter_dependency_representer.rb → ..._members_filter_dependency_representer.rb b/...incipals_filter_dependency_representer.rb → ..._members_filter_dependency_representer.rb
@@ -30,7 +30,7 @@ module API
   module V3
     module Queries
       module Schemas
-        class AllPrincipalsFilterDependencyRepresenter <
+        class ProjectMembersFilterDependencyRepresenter <
           PrincipalFilterDependencyRepresenter
           def json_cache_key
             if filter.project

diff --git a/spec/lib/api/v3/queries/schemas/filter_dependency_representer_factory_spec.rb b/spec/lib/api/v3/queries/schemas/filter_dependency_representer_factory_spec.rb
@@ -40,16 +40,24 @@
     context 'assigned to filter' do
       let(:filter) { Queries::WorkPackages::Filter::AssignedToFilter.create! }
 
-      it 'is a all principals dependency' do
-        expect(subject).to be_a(API::V3::Queries::Schemas::AllPrincipalsFilterDependencyRepresenter)
+      it 'is a all principals with access to project dependency' do
+        expect(subject).to be_a(API::V3::Queries::Schemas::ProjectMembersFilterDependencyRepresenter)
+      end
+    end
+
+    context 'shared with user filter' do
+      let(:filter) { Queries::WorkPackages::Filter::SharedWithUserFilter.create! }
+
+      it 'is a all principals with access to project dependency' do
+        expect(subject).to be_a(API::V3::Queries::Schemas::AccessToProjectFilterDependencyRepresenter)
       end
     end
 
     context 'responsible filter' do
       let(:filter) { Queries::WorkPackages::Filter::ResponsibleFilter.create! }
 
-      it 'is a all principals dependency' do
-        expect(subject).to be_a(API::V3::Queries::Schemas::AllPrincipalsFilterDependencyRepresenter)
+      it 'is a project members dependency' do
+        expect(subject).to be_a(API::V3::Queries::Schemas::ProjectMembersFilterDependencyRepresenter)
       end
     end
 

diff --git a/...als_filter_dependency_representer_spec.rb → ...ers_filter_dependency_representer_spec.rb b/...als_filter_dependency_representer_spec.rb → ...ers_filter_dependency_representer_spec.rb
@@ -28,7 +28,7 @@
 
 require 'spec_helper'
 
-RSpec.describe API::V3::Queries::Schemas::AllPrincipalsFilterDependencyRepresenter do
+RSpec.describe API::V3::Queries::Schemas::ProjectMembersFilterDependencyRepresenter do
   include API::V3::Utilities::PathHelper
 
   let(:project) { build_stubbed(:project) }