feat: don't add inbox condition for admins in search (#12028)

2025-11-01 19:48:08 +00:00 · 2025-07-23 16:30:07 +04:00
parent eb412b67bd
commit e5ee6027b4
2 changed files with 47 additions and 2 deletions
--- a/app/services/search_service.rb
+++ b/app/services/search_service.rb
@@ -1,6 +1,10 @@
 class SearchService
  pattr_initialize [:current_user!, :current_account!, :params!, :search_type!]

+  def account_user
+    @account_user ||= current_account.account_users.find_by(user: current_user)
+  end
+
  def perform
    case search_type
    when 'Message'
@@ -78,8 +82,9 @@ class SearchService
  end

  def message_base_query
-    current_account.messages.where(inbox_id: accessable_inbox_ids)
-                   .where('created_at >= ?', 3.months.ago)
+    query = current_account.messages.where('created_at >= ?', 3.months.ago)
+    query = query.where(inbox_id: accessable_inbox_ids) unless account_user.administrator?
+    query
  end

  def use_gin_search
--- a/spec/services/search_service_spec.rb
+++ b/spec/services/search_service_spec.rb
@@ -185,6 +185,46 @@ describe SearchService do
    end
  end

+  describe '#message_base_query' do
+    let(:params) { { q: 'test' } }
+    let(:search_type) { 'Message' }
+
+    context 'when user is admin' do
+      let(:admin_user) { create(:user) }
+      let(:admin_search) do
+        create(:account_user, account: account, user: admin_user, role: 'administrator')
+        described_class.new(current_user: admin_user, current_account: account, params: params, search_type: search_type)
+      end
+
+      it 'does not filter by inbox_id' do
+        # Testing the private method itself seems like the best way to ensure
+        # that the inboxes are not added to the search query
+        base_query = admin_search.send(:message_base_query)
+
+        # Should only have the time filter, not inbox filter
+        expect(base_query.to_sql).to include('created_at >= ')
+        expect(base_query.to_sql).not_to include('inbox_id')
+      end
+    end
+
+    context 'when user is not admin' do
+      before do
+        account_user = account.account_users.find_or_create_by(user: user)
+        account_user.update!(role: 'agent')
+      end
+
+      it 'filters by accessible inbox_id' do
+        # Testing the private method itself seems like the best way to ensure
+        # that the inboxes are not added to the search query
+        base_query = search.send(:message_base_query)
+
+        # Should have both time and inbox filters
+        expect(base_query.to_sql).to include('created_at >= ')
+        expect(base_query.to_sql).to include('inbox_id')
+      end
+    end
+  end
+
  describe '#use_gin_search' do
    let(:params) { { q: 'test' } }