From ffeffa54f9ad322e8b1a79d9ab5270854d712ea2 Mon Sep 17 00:00:00 2001 From: Frederic Guillot Date: Fri, 23 Oct 2015 19:57:43 -0400 Subject: People should not see any tasks during a search when they are not associated to a project --- ChangeLog | 4 ++++ app/Controller/App.php | 7 ++++++- app/Controller/Search.php | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2f8100b9..4efd74db 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,10 @@ Improvements: * Add Task, User and Project metadata for plugin creators * Do not show scroll-bars when a column is collapsed (IE) +Bug fixes: + +* People should not see any tasks during a search when they are not associated to a project + Version 1.0.19 -------------- diff --git a/app/Controller/App.php b/app/Controller/App.php index 01a74c7a..2fae004c 100644 --- a/app/Controller/App.php +++ b/app/Controller/App.php @@ -227,10 +227,15 @@ class App extends Base public function autocomplete() { $search = $this->request->getStringParam('term'); + $projects = $this->projectPermission->getActiveMemberProjectIds($this->userSession->getId()); + + if (empty($projects)) { + $this->response->json(array()); + } $filter = $this->taskFilterAutoCompleteFormatter ->create() - ->filterByProjects($this->projectPermission->getActiveMemberProjectIds($this->userSession->getId())) + ->filterByProjects($projects) ->excludeTasks(array($this->request->getIntegerParam('exclude_task_id'))); // Search by task id or by title diff --git a/app/Controller/Search.php b/app/Controller/Search.php index 08dda1c8..0aff9073 100644 --- a/app/Controller/Search.php +++ b/app/Controller/Search.php @@ -22,7 +22,7 @@ class Search extends Base ->setOrder('tasks.id') ->setDirection('DESC'); - if ($search !== '') { + if ($search !== '' && ! empty($projects)) { $query = $this ->taskFilter ->search($search) -- cgit v1.2.3