From a57dfe44785f5c5efc7ac6a1042a020e196bc631 Mon Sep 17 00:00:00 2001
From: Pranav <pranav@chatwoot.com>
Date: Thu, 8 May 2025 20:12:05 -0700
Subject: [PATCH] fix: Allow resource access without filter type in
 custom_filters API (#11445)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The custom filters API previously required a filter_type attribute, even
when accessing a resource by its ID, which isn’t necessary. This PR
removes that condition.

Fixes https://github.com/chatwoot/chatwoot/issues/11384
---
 .../api/v1/accounts/custom_filters_controller.rb   | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/app/controllers/api/v1/accounts/custom_filters_controller.rb b/app/controllers/api/v1/accounts/custom_filters_controller.rb
index f458c018f..b4345bb8a 100644
--- a/app/controllers/api/v1/accounts/custom_filters_controller.rb
+++ b/app/controllers/api/v1/accounts/custom_filters_controller.rb
@@ -1,6 +1,6 @@
 class Api::V1::Accounts::CustomFiltersController < Api::V1::Accounts::BaseController
   before_action :check_authorization
-  before_action :fetch_custom_filters, except: [:create]
+  before_action :fetch_custom_filters, only: [:index]
   before_action :fetch_custom_filter, only: [:show, :update, :destroy]
   DEFAULT_FILTER_TYPE = 'conversation'.freeze
 
@@ -9,8 +9,8 @@ class Api::V1::Accounts::CustomFiltersController < Api::V1::Accounts::BaseContro
   def show; end
 
   def create
-    @custom_filter = current_user.custom_filters.create!(
-      permitted_payload.merge(account_id: Current.account.id)
+    @custom_filter = Current.account.custom_filters.create!(
+      permitted_payload.merge(user: Current.user)
     )
     render json: { error: @custom_filter.errors.messages }, status: :unprocessable_entity and return unless @custom_filter.valid?
   end
@@ -27,14 +27,16 @@ class Api::V1::Accounts::CustomFiltersController < Api::V1::Accounts::BaseContro
   private
 
   def fetch_custom_filters
-    @custom_filters = current_user.custom_filters.where(
-      account_id: Current.account.id,
+    @custom_filters = Current.account.custom_filters.where(
+      user: Current.user,
       filter_type: permitted_params[:filter_type] || DEFAULT_FILTER_TYPE
     )
   end
 
   def fetch_custom_filter
-    @custom_filter = @custom_filters.find(permitted_params[:id])
+    @custom_filter = Current.account.custom_filters.where(
+      user: Current.user
+    ).find(permitted_params[:id])
   end
 
   def permitted_payload