add department test and escape query
This commit is contained in:
Guillermo
parent
b9e4a55b91
commit
f9e8a0abec
|
|
@ -111,21 +111,22 @@ class SearchController extends Controller {
|
|||
'query' => Controller::request('query'),
|
||||
'orderBy' => json_decode(Controller::request('orderBy'),true),
|
||||
'page' => Controller::request('page'),
|
||||
'user' => Controller::getLoggedUser(),
|
||||
'allowedDepartments' => Controller::getLoggedUser()->sharedDepartmentList->toArray(),
|
||||
];
|
||||
|
||||
|
||||
$query = $this->getSQLQuery($inputs);
|
||||
$queryWithOrder = $this->getSQLQueryWithOrder($inputs);
|
||||
$totalCount = RedBean::getAll("SELECT COUNT(*) FROM (SELECT COUNT(*) " . $query . " ) AS T2")[0]['COUNT(*)'];
|
||||
$ticketIdList = RedBean::getAll($queryWithOrder);
|
||||
$totalCount = RedBean::getAll("SELECT COUNT(*) FROM (SELECT COUNT(*) " . $query . " ) AS T2", [':query' => $inputs['query']])[0]['COUNT(*)'];
|
||||
$ticketIdList = RedBean::getAll($queryWithOrder, [':query' => "%" . $inputs['query'] . "%"]);
|
||||
$ticketList = [];
|
||||
|
||||
foreach ($ticketIdList as $item) {
|
||||
$ticket = Ticket::getDataStore($item['id']);
|
||||
array_push($ticketList, $ticket->toArray());
|
||||
}
|
||||
|
||||
$ticketTableExists = RedBean::exec("select table_name from information_schema.tables where table_name = 'ticket';");
|
||||
|
||||
if($ticketTableExists){
|
||||
Response::respondSuccess([
|
||||
'tickets' => $ticketList,
|
||||
|
|
@ -171,7 +172,7 @@ class SearchController extends Controller {
|
|||
if(array_key_exists('unreadStaff',$inputs)) $this->setSeenFilter($inputs['unreadStaff'], $filters);
|
||||
if(array_key_exists('priority',$inputs)) $this->setPriorityFilter($inputs['priority'], $filters);
|
||||
if(array_key_exists('dateRange',$inputs)) $this->setDateFilter($inputs['dateRange'], $filters);
|
||||
if(array_key_exists('departments',$inputs)) $this->setDepartmentFilter($inputs['departments'],$inputs['user'], $filters);
|
||||
if(array_key_exists('departments',$inputs)) $this->setDepartmentFilter($inputs['departments'],$inputs['allowedDepartments'], $filters);
|
||||
if(array_key_exists('authors',$inputs)) $this->setAuthorFilter($inputs['authors'], $filters);
|
||||
if(array_key_exists('query',$inputs)) $this->setStringFilter($inputs['query'], $filters);
|
||||
if($filters != "") $filters = " WHERE " . $filters;
|
||||
|
|
@ -243,9 +244,8 @@ class SearchController extends Controller {
|
|||
}
|
||||
}
|
||||
|
||||
private function setDepartmentFilter($departments,$user, &$filters){
|
||||
|
||||
$validDepartments = $this->generateValidDepartmentList($departments, $user);
|
||||
private function setDepartmentFilter($departments,$allowedDepartments, &$filters){
|
||||
$validDepartments = $this->generateValidDepartmentList($departments, $allowedDepartments);
|
||||
if ($filters != "") $filters .= " and ";
|
||||
$first = TRUE;
|
||||
|
||||
|
|
@ -302,16 +302,16 @@ class SearchController extends Controller {
|
|||
|
||||
if($search != null){
|
||||
if ($filters != "") $filters .= " and ";
|
||||
$ticketevent = ( $ticketEventTableExists ? " or (ticketevent.type = 'COMMENT' and ticketevent.content LIKE '%" . $search ."%')" : "");
|
||||
$filters .= " (ticket.title LIKE '%" . $search . "%' or ticket.content LIKE '%" . $search . "%' or ticket.ticket_number LIKE '%" . $search . "%'". $ticketevent ." )";
|
||||
$ticketevent = ( $ticketEventTableExists ? " or (ticketevent.type = 'COMMENT' and ticketevent.content LIKE :query)" : "");
|
||||
$filters .= " (ticket.title LIKE :query or ticket.content LIKE :query or ticket.ticket_number LIKE :query". $ticketevent ." )";
|
||||
};
|
||||
}
|
||||
|
||||
private function generateValidDepartmentList($departments, $user){
|
||||
private function generateValidDepartmentList($departments, $allowedDepartments){
|
||||
$result = [];
|
||||
$managedDepartments = [];
|
||||
if($departments == null) $departments = [];
|
||||
foreach ($user->sharedDepartmentList->toArray() as $department) {
|
||||
foreach ($allowedDepartments as $department) {
|
||||
array_push($managedDepartments,$department['id']);
|
||||
}
|
||||
$result = array_intersect($departments,$managedDepartments);
|
||||
|
|
|
|||
|
|
@ -1,19 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace CustomValidations;
|
||||
|
||||
use Respect\Validation\Rules\AbstractRule;
|
||||
|
||||
class ValidPrioritys extends AbstractRule {
|
||||
public function validate($prioritys) {
|
||||
$PriorityList = json_decode($prioritys);
|
||||
|
||||
if(is_array($PriorityList)){
|
||||
foreach (array_unique($PriorityList) as $priorityId) {
|
||||
if($priorityId != 0 && $priorityId != 1 && $priorityId != 2) return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -168,30 +168,63 @@ class SearchControllerTest extends TestCase {
|
|||
'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE (ticket.date >= 1 and ticket.date <= 2) GROUP BY ticket.id'
|
||||
);
|
||||
}
|
||||
/*
|
||||
|
||||
public function testDepartmentsFilter() {
|
||||
$this->assertEquals(
|
||||
$this->searchController->getSQLQuery([
|
||||
'departments' => null
|
||||
'departments' => null,
|
||||
'allowedDepartments' => [
|
||||
[
|
||||
'id' => 2
|
||||
],
|
||||
[
|
||||
'id' => 1
|
||||
],
|
||||
[
|
||||
'id' => 3
|
||||
]
|
||||
]
|
||||
]),
|
||||
'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) GROUP BY ticket.id'
|
||||
'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 2 or ticket.department_id = 1 or ticket.department_id = 3) GROUP BY ticket.id'
|
||||
);
|
||||
|
||||
$this->assertEquals(
|
||||
$this->searchController->getSQLQuery([
|
||||
'departments' => [1]
|
||||
'departments' => [1],
|
||||
'allowedDepartments' => [
|
||||
[
|
||||
'id' => 2
|
||||
],
|
||||
[
|
||||
'id' => 1
|
||||
],
|
||||
[
|
||||
'id' => 3
|
||||
]
|
||||
]
|
||||
]),
|
||||
'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 1) GROUP BY ticket.id'
|
||||
);
|
||||
|
||||
$this->assertEquals(
|
||||
$this->searchController->getSQLQuery([
|
||||
'departments' => [1,2,3]
|
||||
'departments' => [1,2,3],
|
||||
'allowedDepartments' => [
|
||||
[
|
||||
'id' => 2
|
||||
],
|
||||
[
|
||||
'id' => 1
|
||||
],
|
||||
[
|
||||
'id' => 3
|
||||
]
|
||||
]
|
||||
]),
|
||||
'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 1 or ticket.department_id = 2 or ticket.department_id = 3) GROUP BY ticket.id'
|
||||
);
|
||||
}
|
||||
*/
|
||||
|
||||
public function testAuthorsFilter() {
|
||||
$this->assertEquals(
|
||||
$this->searchController->getSQLQuery([
|
||||
|
|
@ -228,7 +261,8 @@ class SearchControllerTest extends TestCase {
|
|||
$this->searchController->getSQLQuery([
|
||||
'query' => 'hello world'
|
||||
]),
|
||||
"FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE (ticket.title LIKE '%hello world%' or ticket.content LIKE '%hello world%' or ticket.ticket_number LIKE '%hello world%' or (ticketevent.type = 'COMMENT' and ticketevent.content LIKE '%hello world%') ) GROUP BY ticket.id"
|
||||
"FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE (ticket.title LIKE :query or ticket.content LIKE :query or ticket.ticket_number LIKE :query or (ticketevent.type = 'COMMENT' and ticketevent.content LIKE :query) ) GROUP BY ticket.id"
|
||||
|
||||
);
|
||||
}
|
||||
public function testQueryWithOrder() {
|
||||
|
|
@ -244,7 +278,7 @@ class SearchControllerTest extends TestCase {
|
|||
'page' => 1,
|
||||
'query' => 'stark'
|
||||
]),
|
||||
"SELECT ticket.id FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE (ticket.title LIKE '%stark%' or ticket.content LIKE '%stark%' or ticket.ticket_number LIKE '%stark%' or (ticketevent.type = 'COMMENT' and ticketevent.content LIKE '%stark%') ) GROUP BY ticket.id ORDER BY CASE WHEN (ticket.ticket_number LIKE '%stark%') THEN ticket.ticket_number END desc,CASE WHEN (ticket.title LIKE '%stark%') THEN ticket.title END desc, CASE WHEN ( ticket.content LIKE '%stark%') THEN ticket.content END desc, CASE WHEN (ticketevent.type = 'COMMENT' and ticketevent.content LIKE '%stark%') THEN ticketevent.content END desc,ticket.closed asc, ticket.owner_id asc, ticket.unread_staff asc, ticket.priority desc, ticket.date desc LIMIT 10 OFFSET 0"
|
||||
"SELECT ticket.id FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE (ticket.title LIKE :query or ticket.content LIKE :query or ticket.ticket_number LIKE :query or (ticketevent.type = 'COMMENT' and ticketevent.content LIKE :query) ) GROUP BY ticket.id ORDER BY CASE WHEN (ticket.ticket_number LIKE '%stark%') THEN ticket.ticket_number END desc,CASE WHEN (ticket.title LIKE '%stark%') THEN ticket.title END desc, CASE WHEN ( ticket.content LIKE '%stark%') THEN ticket.content END desc, CASE WHEN (ticketevent.type = 'COMMENT' and ticketevent.content LIKE '%stark%') THEN ticketevent.content END desc,ticket.closed asc, ticket.owner_id asc, ticket.unread_staff asc, ticket.priority desc, ticket.date desc LIMIT 10 OFFSET 0"
|
||||
);
|
||||
|
||||
$this->assertEquals(
|
||||
|
|
|
|||
Loading…
Reference in New Issue