123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190 |
- # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
- class User
- module Search
- extend ActiveSupport::Concern
- # methods defined here are going to extend the class, not the instance of it
- class_methods do
- =begin
- search user preferences
- result = User.search_preferences(user_model)
- returns if user has permissions to search
- result = {
- prio: 1000,
- direct_search_index: true
- }
- returns if user has no permissions to search
- result = false
- =end
- def search_preferences(current_user)
- return false if !current_user.permissions?(['ticket.agent', 'admin.user'])
- {
- prio: 2000,
- direct_search_index: true,
- }
- end
- =begin
- search user
- result = User.search(
- query: 'some search term',
- limit: 15,
- offset: 100,
- current_user: user_model,
- )
- or with certain role_ids | permissions
- result = User.search(
- query: 'some search term',
- limit: 15,
- offset: 100,
- current_user: user_model,
- role_ids: [1,2,3],
- group_ids: [1,2,3],
- permissions: ['ticket.agent']
- # sort single column
- sort_by: 'created_at',
- order_by: 'asc',
- # sort multiple columns
- sort_by: [ 'created_at', 'updated_at' ],
- order_by: [ 'asc', 'desc' ],
- )
- returns
- result = [user_model1, user_model2, ...]
- =end
- def search(params)
- # get params
- query = params[:query]
- limit = params[:limit] || 10
- offset = params[:offset] || 0
- current_user = params[:current_user]
- sql_helper = ::SqlHelper.new(object: self)
- # check sort - positions related to order by
- sort_by = sql_helper.get_sort_by(params, %w[active updated_at])
- # check order - positions related to sort by
- order_by = sql_helper.get_order_by(params, %w[desc desc])
- # enable search only for agents and admins
- return [] if !search_preferences(current_user)
- is_query = query.present? && query != '*'
- # lookup for roles of permission
- if params[:permissions].present?
- params[:role_ids] ||= []
- role_ids = Role.with_permissions(params[:permissions]).pluck(:id)
- params[:role_ids].concat(role_ids)
- end
- # try search index backend
- if SearchIndexBackend.enabled? && is_query
- query_extension = {}
- if params[:role_ids].present?
- query_extension['bool'] ||= {}
- query_extension['bool']['must'] ||= []
- if !params[:role_ids].is_a?(Array)
- params[:role_ids] = [params[:role_ids]]
- end
- access_condition = {
- 'query_string' => { 'default_field' => 'role_ids', 'query' => "\"#{params[:role_ids].join('" OR "')}\"" }
- }
- query_extension['bool']['must'].push access_condition
- end
- user_ids = []
- if params[:group_ids].present?
- params[:group_ids].each do |group_id, access|
- user_ids |= User.group_access(group_id.to_i, access).pluck(:id)
- end
- return [] if user_ids.blank?
- end
- if params[:ids].present?
- user_ids |= params[:ids].map(&:to_i)
- end
- if user_ids.present?
- query_extension['bool'] ||= {}
- query_extension['bool']['must'] ||= []
- query_extension['bool']['must'].push({ 'terms' => { '_id' => user_ids } })
- end
- items = SearchIndexBackend.search(query, 'User', limit: limit,
- query_extension: query_extension,
- from: offset,
- sort_by: sort_by,
- order_by: order_by)
- users = []
- items.each do |item|
- user = User.lookup(id: item[:id])
- next if !user
- users.push user
- end
- return users
- end
- order_sql = sql_helper.get_order(sort_by, order_by, 'users.updated_at DESC')
- # fallback do sql query
- # - stip out * we already search for *query* -
- query.delete! '*'
- statement = User
- if params[:ids].present?
- statement = statement.where(id: params[:ids])
- end
- if params[:role_ids]
- statement = statement.joins(:roles).where('roles.id' => params[:role_ids])
- end
- if params[:group_ids]
- user_ids = []
- params[:group_ids].each do |group_id, access|
- user_ids |= User.group_access(group_id.to_i, access).pluck(:id)
- end
- statement = if user_ids.present?
- statement.where(id: user_ids)
- else
- statement.none
- end
- end
- if is_query
- statement = statement.where(
- '(users.firstname LIKE :query OR users.lastname LIKE :query OR users.email LIKE :query OR users.login LIKE :query)', query: "%#{SqlHelper.quote_like(query)}%"
- )
- end
- # Fixes #3755 - User with user_id 1 is show in admin interface (which should not)
- statement = statement.where('users.id != 1')
- statement.reorder(Arel.sql(order_sql))
- .offset(offset)
- .limit(limit)
- end
- end
- end
- end
|