feat: don't add inbox condition for admins in search (#12028)

2025-07-23 16:30:07 +04:00
parent eb412b67bd
commit e5ee6027b4
2 changed files with 47 additions and 2 deletions
--- a/spec/services/search_service_spec.rb
+++ b/spec/services/search_service_spec.rb
@@ -185,6 +185,46 @@ describe SearchService do
    end
  end

+  describe '#message_base_query' do
+    let(:params) { { q: 'test' } }
+    let(:search_type) { 'Message' }
+
+    context 'when user is admin' do
+      let(:admin_user) { create(:user) }
+      let(:admin_search) do
+        create(:account_user, account: account, user: admin_user, role: 'administrator')
+        described_class.new(current_user: admin_user, current_account: account, params: params, search_type: search_type)
+      end
+
+      it 'does not filter by inbox_id' do
+        # Testing the private method itself seems like the best way to ensure
+        # that the inboxes are not added to the search query
+        base_query = admin_search.send(:message_base_query)
+
+        # Should only have the time filter, not inbox filter
+        expect(base_query.to_sql).to include('created_at >= ')
+        expect(base_query.to_sql).not_to include('inbox_id')
+      end
+    end
+
+    context 'when user is not admin' do
+      before do
+        account_user = account.account_users.find_or_create_by(user: user)
+        account_user.update!(role: 'agent')
+      end
+
+      it 'filters by accessible inbox_id' do
+        # Testing the private method itself seems like the best way to ensure
+        # that the inboxes are not added to the search query
+        base_query = search.send(:message_base_query)
+
+        # Should have both time and inbox filters
+        expect(base_query.to_sql).to include('created_at >= ')
+        expect(base_query.to_sql).to include('inbox_id')
+      end
+    end
+  end
+
  describe '#use_gin_search' do
    let(:params) { { q: 'test' } }