Restrict the Customers shown during auto-completion of the "To:" field

This commit is contained in:
Antoine Le Gonidec 2024-07-05 18:03:05 +02:00
parent 5fad34c6b6
commit f03b73dc75
Signed by: vv221
GPG key ID: 636B78F91CEB80D8

View file

@ -246,9 +246,10 @@ class CustomersController extends BaseCustomersController {
} }
} }
// Group the search terms query to avoid them from messing up the restriction by Mailbox.
$customers_query->where(function($customers_query) use($request, $q) {
if ($request->search_by == 'all' || $request->search_by == 'email') { if ($request->search_by == 'all' || $request->search_by == 'email') {
$customers_query->where('emails.email', 'like', '%'.$q.'%'); $customers_query->where('emails.email', 'like', '%'.$q.'%');
}
if ($request->exclude_email) { if ($request->exclude_email) {
$customers_query->where('emails.email', '<>', $request->exclude_email); $customers_query->where('emails.email', '<>', $request->exclude_email);
} }
@ -263,6 +264,14 @@ class CustomersController extends BaseCustomersController {
} }
$customers_query->where('customers.phones', 'like', '%'.$phone_numeric.'%'); $customers_query->where('customers.phones', 'like', '%'.$phone_numeric.'%');
} }
});
// Get the list of Mailboxes the current User has access to.
$user = auth()->user();
$mailboxes = $user->mailboxesIdsCanView();
// Restrict the query to the Customers the current User is allowed to access.
$customers_query->whereIn('customers.mailbox_id', $mailboxes);
$customers = $customers_query->paginate(20); $customers = $customers_query->paginate(20);