SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190
							# Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/

class User
  module Search
    extend ActiveSupport::Concern

    # methods defined here are going to extend the class, not the instance of it
    class_methods do

=begin

search user preferences

  result = User.search_preferences(user_model)

returns if user has permissions to search

  result = {
    prio: 1000,
    direct_search_index: true
  }

returns if user has no permissions to search

  result = false

=end

      def search_preferences(current_user)
        return false if !current_user.permissions?(['ticket.agent', 'admin.user'])

        {
          prio:                2000,
          direct_search_index: true,
        }
      end

=begin

search user

  result = User.search(
    query: 'some search term',
    limit: 15,
    offset: 100,
    current_user: user_model,
  )

or with certain role_ids | permissions

  result = User.search(
    query: 'some search term',
    limit: 15,
    offset: 100,
    current_user: user_model,
    role_ids: [1,2,3],
    group_ids: [1,2,3],
    permissions: ['ticket.agent']

    # sort single column
    sort_by: 'created_at',
    order_by: 'asc',

    # sort multiple columns
    sort_by: [ 'created_at', 'updated_at' ],
    order_by: [ 'asc', 'desc' ],
  )

returns

  result = [user_model1, user_model2, ...]

=end

      def search(params)

        # get params
        query = params[:query]
        limit = params[:limit] || 10
        offset = params[:offset] || 0
        current_user = params[:current_user]

        sql_helper = ::SqlHelper.new(object: self)

        # check sort - positions related to order by
        sort_by = sql_helper.get_sort_by(params, %w[active updated_at])

        # check order - positions related to sort by
        order_by = sql_helper.get_order_by(params, %w[desc desc])

        # enable search only for agents and admins
        return [] if !search_preferences(current_user)

        is_query = query.present? && query != '*'

        # lookup for roles of permission
        if params[:permissions].present?
          params[:role_ids] ||= []
          role_ids = Role.with_permissions(params[:permissions]).pluck(:id)
          params[:role_ids].concat(role_ids)
        end

        # try search index backend
        if SearchIndexBackend.enabled? && is_query
          query_extension = {}
          if params[:role_ids].present?
            query_extension['bool'] ||= {}
            query_extension['bool']['must'] ||= []
            if !params[:role_ids].is_a?(Array)
              params[:role_ids] = [params[:role_ids]]
            end
            access_condition = {
              'query_string' => { 'default_field' => 'role_ids', 'query' => "\"#{params[:role_ids].join('" OR "')}\"" }
            }
            query_extension['bool']['must'].push access_condition
          end

          user_ids = []
          if params[:group_ids].present?
            params[:group_ids].each do |group_id, access|
              user_ids |= User.group_access(group_id.to_i, access).pluck(:id)
            end
            return [] if user_ids.blank?
          end
          if params[:ids].present?
            user_ids |= params[:ids].map(&:to_i)
          end
          if user_ids.present?
            query_extension['bool'] ||= {}
            query_extension['bool']['must'] ||= []
            query_extension['bool']['must'].push({ 'terms' => { '_id' => user_ids } })
          end

          items = SearchIndexBackend.search(query, 'User', limit:           limit,
                                                           query_extension: query_extension,
                                                           from:            offset,
                                                           sort_by:         sort_by,
                                                           order_by:        order_by)
          users = []
          items.each do |item|
            user = User.lookup(id: item[:id])
            next if !user

            users.push user
          end
          return users
        end

        order_sql = sql_helper.get_order(sort_by, order_by, 'users.updated_at DESC')

        # fallback do sql query
        # - stip out * we already search for *query* -
        query.delete! '*'

        statement = User
        if params[:ids].present?
          statement = statement.where(id: params[:ids])
        end

        if params[:role_ids]
          statement = statement.joins(:roles).where('roles.id' => params[:role_ids])
        end
        if params[:group_ids]
          user_ids = []
          params[:group_ids].each do |group_id, access|
            user_ids |= User.group_access(group_id.to_i, access).pluck(:id)
          end
          statement = if user_ids.present?
                        statement.where(id: user_ids)
                      else
                        statement.none
                      end
        end

        if is_query
          statement = statement.where(
            '(users.firstname LIKE :query OR users.lastname LIKE :query OR users.email LIKE :query OR users.login LIKE :query)', query: "%#{SqlHelper.quote_like(query)}%"
          )
        end

        # Fixes #3755 - User with user_id 1 is show in admin interface (which should not)
        statement = statement.where('users.id != 1')

        statement.reorder(Arel.sql(order_sql))
          .offset(offset)
          .limit(limit)
      end
    end
  end
end