X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a6633642232efd164d4708967ab59e498fbff896..refs/pull/2734/head:/app/Entities/Tools/SearchRunner.php diff --git a/app/Entities/Tools/SearchRunner.php b/app/Entities/Tools/SearchRunner.php index acfe8d956..fc127f906 100644 --- a/app/Entities/Tools/SearchRunner.php +++ b/app/Entities/Tools/SearchRunner.php @@ -1,6 +1,7 @@ permissionService->enforceEntityRestrictions($entityType, $entitySelect, $action); + return $this->permissionService->enforceEntityRestrictions($entity, $entitySelect, $action); } /** @@ -270,24 +271,29 @@ class SearchRunner protected function filterCreatedBy(EloquentBuilder $query, Entity $model, $input) { - if (!is_numeric($input) && $input !== 'me') { - return; - } - if ($input === 'me') { - $input = user()->id; + $userSlug = $input === 'me' ? user()->slug : trim($input); + $user = User::query()->where('slug', '=', $userSlug)->first(['id']); + if ($user) { + $query->where('created_by', '=', $user->id); } - $query->where('created_by', '=', $input); } protected function filterUpdatedBy(EloquentBuilder $query, Entity $model, $input) { - if (!is_numeric($input) && $input !== 'me') { - return; + $userSlug = $input === 'me' ? user()->slug : trim($input); + $user = User::query()->where('slug', '=', $userSlug)->first(['id']); + if ($user) { + $query->where('updated_by', '=', $user->id); } - if ($input === 'me') { - $input = user()->id; + } + + protected function filterOwnedBy(EloquentBuilder $query, Entity $model, $input) + { + $userSlug = $input === 'me' ? user()->slug : trim($input); + $user = User::query()->where('slug', '=', $userSlug)->first(['id']); + if ($user) { + $query->where('owned_by', '=', $user->id); } - $query->where('updated_by', '=', $input); } protected function filterInName(EloquentBuilder $query, Entity $model, $input)