People should not see any tasks during a search when they are not associated to a project

2 files changed, 7 insertions, 2 deletions

diff --git a/app/Controller/App.php b/app/Controller/App.php
index 01a74c7a..2fae004c 100644
--- a/app/Controller/App.php
+++ b/app/Controller/App.php
@@ -227,10 +227,15 @@ class App extends Base
     public function autocomplete()
     {
         $search = $this->request->getStringParam('term');
+        $projects = $this->projectPermission->getActiveMemberProjectIds($this->userSession->getId());
+
+        if (empty($projects)) {
+            $this->response->json(array());
+        }
 
         $filter = $this->taskFilterAutoCompleteFormatter
             ->create()
-            ->filterByProjects($this->projectPermission->getActiveMemberProjectIds($this->userSession->getId()))
+            ->filterByProjects($projects)
             ->excludeTasks(array($this->request->getIntegerParam('exclude_task_id')));
 
         // Search by task id or by title
diff --git a/app/Controller/Search.php b/app/Controller/Search.php
index 08dda1c8..0aff9073 100644
--- a/app/Controller/Search.php
+++ b/app/Controller/Search.php
@@ -22,7 +22,7 @@ class Search extends Base
                 ->setOrder('tasks.id')
                 ->setDirection('DESC');
 
-        if ($search !== '') {
+        if ($search !== '' && ! empty($projects)) {
             $query = $this
                 ->taskFilter
                 ->search($search)