search.rb 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. class User
  3. module Search
  4. extend ActiveSupport::Concern
  5. # methods defined here are going to extend the class, not the instance of it
  6. class_methods do
  7. =begin
  8. search user preferences
  9. result = User.search_preferences(user_model)
  10. returns if user has permissions to search
  11. result = {
  12. prio: 1000,
  13. direct_search_index: true
  14. }
  15. returns if user has no permissions to search
  16. result = false
  17. =end
  18. def search_preferences(current_user)
  19. return false if !current_user.permissions?(['ticket.agent', 'admin.user'])
  20. {
  21. prio: 2000,
  22. direct_search_index: true,
  23. }
  24. end
  25. =begin
  26. search user
  27. result = User.search(
  28. query: 'some search term',
  29. limit: 15,
  30. offset: 100,
  31. current_user: user_model,
  32. )
  33. or with certain role_ids | permissions
  34. result = User.search(
  35. query: 'some search term',
  36. limit: 15,
  37. offset: 100,
  38. current_user: user_model,
  39. role_ids: [1,2,3],
  40. group_ids: [1,2,3],
  41. permissions: ['ticket.agent']
  42. # sort single column
  43. sort_by: 'created_at',
  44. order_by: 'asc',
  45. # sort multiple columns
  46. sort_by: [ 'created_at', 'updated_at' ],
  47. order_by: [ 'asc', 'desc' ],
  48. )
  49. returns
  50. result = [user_model1, user_model2, ...]
  51. =end
  52. def search(params)
  53. # get params
  54. query = params[:query]
  55. limit = params[:limit] || 10
  56. offset = params[:offset] || 0
  57. current_user = params[:current_user]
  58. sql_helper = ::SqlHelper.new(object: self)
  59. # check sort - positions related to order by
  60. sort_by = sql_helper.get_sort_by(params, %w[active updated_at])
  61. # check order - positions related to sort by
  62. order_by = sql_helper.get_order_by(params, %w[desc desc])
  63. # enable search only for agents and admins
  64. return [] if !search_preferences(current_user)
  65. is_query = query.present? && query != '*'
  66. # lookup for roles of permission
  67. if params[:permissions].present?
  68. params[:role_ids] ||= []
  69. role_ids = Role.with_permissions(params[:permissions]).pluck(:id)
  70. params[:role_ids].concat(role_ids)
  71. end
  72. # try search index backend
  73. if SearchIndexBackend.enabled? && is_query
  74. query_extension = {}
  75. if params[:role_ids].present?
  76. query_extension['bool'] ||= {}
  77. query_extension['bool']['must'] ||= []
  78. if !params[:role_ids].is_a?(Array)
  79. params[:role_ids] = [params[:role_ids]]
  80. end
  81. access_condition = {
  82. 'query_string' => { 'default_field' => 'role_ids', 'query' => "\"#{params[:role_ids].join('" OR "')}\"" }
  83. }
  84. query_extension['bool']['must'].push access_condition
  85. end
  86. user_ids = []
  87. if params[:group_ids].present?
  88. params[:group_ids].each do |group_id, access|
  89. user_ids |= User.group_access(group_id.to_i, access).pluck(:id)
  90. end
  91. return [] if user_ids.blank?
  92. end
  93. if params[:ids].present?
  94. user_ids |= params[:ids].map(&:to_i)
  95. end
  96. if user_ids.present?
  97. query_extension['bool'] ||= {}
  98. query_extension['bool']['must'] ||= []
  99. query_extension['bool']['must'].push({ 'terms' => { '_id' => user_ids } })
  100. end
  101. items = SearchIndexBackend.search(query, 'User', limit: limit,
  102. query_extension: query_extension,
  103. from: offset,
  104. sort_by: sort_by,
  105. order_by: order_by)
  106. users = []
  107. items.each do |item|
  108. user = User.lookup(id: item[:id])
  109. next if !user
  110. users.push user
  111. end
  112. return users
  113. end
  114. order_sql = sql_helper.get_order(sort_by, order_by, 'users.updated_at DESC')
  115. # fallback do sql query
  116. # - stip out * we already search for *query* -
  117. query.delete! '*'
  118. statement = User
  119. if params[:ids].present?
  120. statement = statement.where(id: params[:ids])
  121. end
  122. if params[:role_ids]
  123. statement = statement.joins(:roles).where('roles.id' => params[:role_ids])
  124. end
  125. if params[:group_ids]
  126. user_ids = []
  127. params[:group_ids].each do |group_id, access|
  128. user_ids |= User.group_access(group_id.to_i, access).pluck(:id)
  129. end
  130. statement = if user_ids.present?
  131. statement.where(id: user_ids)
  132. else
  133. statement.none
  134. end
  135. end
  136. if is_query
  137. statement = statement.where(
  138. '(users.firstname LIKE :query OR users.lastname LIKE :query OR users.email LIKE :query OR users.login LIKE :query)', query: "%#{SqlHelper.quote_like(query)}%"
  139. )
  140. end
  141. # Fixes #3755 - User with user_id 1 is show in admin interface (which should not)
  142. statement = statement.where('users.id != 1')
  143. statement.reorder(Arel.sql(order_sql))
  144. .offset(offset)
  145. .limit(limit)
  146. end
  147. end
  148. end
  149. end