From: Jean-Philippe Lang Date: Mon, 24 Sep 2007 17:46:25 +0000 (+0000) Subject: Search engine now only searches objects the user is allowed to view. X-Git-Tag: 0.6.0~124 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=42fe6c6e045659d4481eefbb824f9d15f5bdd29f;p=redmine.git Search engine now only searches objects the user is allowed to view. git-svn-id: http://redmine.rubyforge.org/svn/trunk@758 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/app/controllers/search_controller.rb b/app/controllers/search_controller.rb index 01e78dc02..eeb9a679c 100644 --- a/app/controllers/search_controller.rb +++ b/app/controllers/search_controller.rb @@ -25,10 +25,9 @@ class SearchController < ApplicationController @question = params[:q] || "" @question.strip! @all_words = params[:all_words] || (params[:submit] ? false : true) - @scope = params[:scope] || (params[:submit] ? [] : %w(projects issues changesets news documents wiki messages) ) # quick jump to an issue - if @scope.include?('issues') && @question.match(/^#?(\d+)$/) && Issue.find_by_id($1, :include => :project, :conditions => Project.visible_by(logged_in_user)) + if @question.match(/^#?(\d+)$/) && Issue.find_by_id($1, :include => :project, :conditions => Project.visible_by(logged_in_user)) redirect_to :controller => "issues", :action => "show", :id => $1 return end @@ -38,6 +37,20 @@ class SearchController < ApplicationController return unless check_project_privacy end + if @project + @object_types = %w(projects issues changesets news documents wiki_pages messages) + @object_types.delete('wiki_pages') unless @project.wiki + @object_types.delete('changesets') unless @project.repository + # only show what the user is allowed to view + @object_types = @object_types.select {|o| User.current.allowed_to?("view_#{o}".to_sym, @project)} + + @scope = @object_types.select {|t| params[t]} + # default objects to search if none is specified in parameters + @scope = @object_types if @scope.empty? + else + @scope = %w(projects) + end + # tokens must be at least 3 character long @tokens = @question.split.uniq.select {|w| w.length > 2 } @@ -49,7 +62,7 @@ class SearchController < ApplicationController operator = @all_words ? " AND " : " OR " limit = 10 @results = [] - if @project + if @project @results += @project.issues.find(:all, :limit => limit, :include => :author, :conditions => [ (["(LOWER(subject) like ? OR LOWER(description) like ?)"] * like_tokens.size).join(operator), * (like_tokens * 2).sort] ) if @scope.include? 'issues' Journal.with_scope :find => {:conditions => ["#{Issue.table_name}.project_id = ?", @project.id]} do @results += Journal.find(:all, :include => :issue, :limit => limit, :conditions => [ (["(LOWER(notes) like ? OR LOWER(notes) like ?)"] * like_tokens.size).join(operator), * (like_tokens * 2).sort] ).collect(&:issue) if @scope.include? 'issues' @@ -57,7 +70,7 @@ class SearchController < ApplicationController @results.uniq! @results += @project.news.find(:all, :limit => limit, :conditions => [ (["(LOWER(title) like ? OR LOWER(description) like ?)"] * like_tokens.size).join(operator), * (like_tokens * 2).sort], :include => :author ) if @scope.include? 'news' @results += @project.documents.find(:all, :limit => limit, :conditions => [ (["(LOWER(title) like ? OR LOWER(description) like ?)"] * like_tokens.size).join(operator), * (like_tokens * 2).sort] ) if @scope.include? 'documents' - @results += @project.wiki.pages.find(:all, :limit => limit, :include => :content, :conditions => [ (["(LOWER(title) like ? OR LOWER(text) like ?)"] * like_tokens.size).join(operator), * (like_tokens * 2).sort] ) if @project.wiki && @scope.include?('wiki') + @results += @project.wiki.pages.find(:all, :limit => limit, :include => :content, :conditions => [ (["(LOWER(title) like ? OR LOWER(text) like ?)"] * like_tokens.size).join(operator), * (like_tokens * 2).sort] ) if @project.wiki && @scope.include?('wiki_pages') @results += @project.repository.changesets.find(:all, :limit => limit, :conditions => [ (["(LOWER(comments) like ?)"] * like_tokens.size).join(operator), * (like_tokens).sort] ) if @project.repository && @scope.include?('changesets') Message.with_scope :find => {:conditions => ["#{Board.table_name}.project_id = ?", @project.id]} do @results += Message.find(:all, :include => :board, :limit => limit, :conditions => [ (["(LOWER(subject) like ? OR LOWER(content) like ?)"] * like_tokens.size).join(operator), * (like_tokens * 2).sort] ) if @scope.include? 'messages' diff --git a/app/views/search/index.rhtml b/app/views/search/index.rhtml index 082527373..05b96cfc7 100644 --- a/app/views/search/index.rhtml +++ b/app/views/search/index.rhtml @@ -5,21 +5,8 @@

<%= text_field_tag 'q', @question, :size => 30, :id => 'search-input' %> <%= javascript_tag "Field.focus('search-input')" %> -<% if @project %> - <%= check_box_tag 'scope[]', 'issues', (@scope.include? 'issues') %> - <% if @project.repository %> - <%= check_box_tag 'scope[]', 'changesets', (@scope.include? 'changesets') %> - <% end %> - <%= check_box_tag 'scope[]', 'news', (@scope.include? 'news') %> - <%= check_box_tag 'scope[]', 'documents', (@scope.include? 'documents') %> - <% if @project.wiki %> - <%= check_box_tag 'scope[]', 'wiki', (@scope.include? 'wiki') %> - <% end %> - <% if @project.boards.any? %> - <%= check_box_tag 'scope[]', 'messages', (@scope.include? 'messages') %> - <% end %> -<% else %> - <%= check_box_tag 'scope[]', 'projects', (@scope.include? 'projects') %> +<% @object_types.each do |t| %> + <% end %>
<%= check_box_tag 'all_words', 1, @all_words %> <%= l(:label_all_words) %>