fix: ensure root-level filters are not applied on includes/aggregates

alexzarbn · alexzarbn · commit 4156974c6ec2 · 2022-10-27T18:27:58.000+02:00
diff --git a/src/Drivers/Standard/QueryBuilder.php b/src/Drivers/Standard/QueryBuilder.php
@@ -119,8 +119,9 @@ public function applyScopesToQuery($query, Request $request): void
      */
     public function applyFiltersToQuery($query, Request $request, array $filterDescriptors = []): void
     {
-        if (!$filterDescriptors) {
+        if (!$filterDescriptors && !$this->intermediateMode) {
             $this->paramsValidator->validateFilters($request);
+
             $filterDescriptors = $request->get('filters', []);
         }
 
@@ -610,7 +611,7 @@ public function applyIncludesToQuery($query, Request $request, array $includeDes
     public function clone(string $resourceModelClass): self
     {
         return new static(
-            $resourceModelClass, $this->paramsValidator, $this->relationsResolver, $this->searchBuilder
+            $resourceModelClass, $this->paramsValidator, $this->relationsResolver, $this->searchBuilder, true
         );
     }
 
diff --git a/tests/Feature/StandardAggregateOperationsTest.php b/tests/Feature/StandardAggregateOperationsTest.php
@@ -144,6 +144,45 @@ public function getting_a_list_of_resources_with_min_aggregate_operation_with_fi
         );
     }
 
+    /** @test */
+    public function ensuring_root_level_filters_are_not_applied_on_aggregates(): void
+    {
+        if ((float) app()->version() < 8.0) {
+            $this->markTestSkipped('Unsupported framework version');
+        }
+
+        $user = User::query()->first();
+        $user->name = 'John Doe';
+        $user->save();
+
+        factory(Post::class)->create(['stars' => 2.8, 'user_id' => $user->id])->fresh();
+        factory(Post::class)->create(['stars' => 4.2, 'user_id' => $user->id])->fresh();
+        factory(Post::class)->create(['stars' => 5])->fresh();
+
+        Gate::policy(User::class, GreenPolicy::class);
+
+        $response = $this->post(
+            '/api/users/search',
+            [
+                'filters' => [
+                    ['field' => 'name', 'operator' => '=', 'value' => 'John Doe'],
+                ],
+                'aggregates' => [
+                    [
+                        'relation' => 'posts',
+                        'field' => 'stars',
+                        'type' => 'min',
+                    ]
+                ]
+            ]
+        );
+
+        $this->assertResourcesPaginated(
+            $response,
+            $this->makePaginator([$user->loadMin(['posts'], 'stars')->toArray()], 'users/search')
+        );
+    }
+
     /** @test */
     public function getting_a_list_of_resources_with_max_aggregate_operation(): void
     {
diff --git a/tests/Feature/StandardIncludeOperationsTest.php b/tests/Feature/StandardIncludeOperationsTest.php
@@ -2,11 +2,8 @@
 
 namespace Orion\Tests\Feature;
 
-use Carbon\Carbon;
 use Illuminate\Support\Facades\Gate;
-use Orion\Tests\Fixtures\App\Models\Company;
 use Orion\Tests\Fixtures\App\Models\Post;
-use Orion\Tests\Fixtures\App\Models\Team;
 use Orion\Tests\Fixtures\App\Models\User;
 use Orion\Tests\Fixtures\App\Policies\GreenPolicy;
 
@@ -27,8 +24,8 @@ public function getting_a_list_of_resources_with_include_operation(): void
             '/api/users/search',
             [
                 'includes' => [
-                    ['relation' => 'posts']
-                ]
+                    ['relation' => 'posts'],
+                ],
             ]
         );
 
@@ -58,16 +55,58 @@ public function getting_a_list_of_resources_with_include_operation_with_filters(
                     [
                         'relation' => 'posts',
                         'filters' => [
-                            ['field' => 'posts.stars', 'operator' => '>', 'value' => 3]
-                        ]
-                    ]
-                ]
+                            ['field' => 'posts.stars', 'operator' => '>', 'value' => 3],
+                        ],
+                    ],
+                ],
             ]
         );
 
         $this->assertResourcesPaginated(
             $response,
-            $this->makePaginator([$user->load(['posts' => function($query) {$query->where('stars', '>', 3);}])->toArray()], 'users/search'),
+            $this->makePaginator([
+                $user->load([
+                    'posts' => function ($query) {
+                        $query->where('stars', '>', 3);
+                    },
+                ])->toArray(),
+            ], 'users/search'),
+            [],
+            false
+        );
+    }
+
+    /** @test */
+    public function ensuring_root_level_filters_are_not_applied_on_includes(): void
+    {
+        /** @var User $user */
+        $user = User::query()->first();
+        $user->name = 'John Doe';
+        $user->save();
+
+        factory(Post::class)->create(['stars' => 3, 'user_id' => $user->id])->fresh();
+        factory(Post::class)->create(['stars' => 4, 'user_id' => $user->id])->fresh();
+        factory(Post::class)->create(['stars' => 5])->fresh();
+
+        Gate::policy(User::class, GreenPolicy::class);
+
+        $response = $this->post(
+            '/api/users/search',
+            [
+                'filters' => [
+                    ['field' => 'name', 'operator' => '=', 'value' => 'John Doe'],
+                ],
+                'includes' => [
+                    [
+                        'relation' => 'posts',
+                    ],
+                ],
+            ]
+        );
+
+        $this->assertResourcesPaginated(
+            $response,
+            $this->makePaginator([$user->load(['posts'])->toArray(),], 'users/search'),
             [],
             false
         );
@@ -89,8 +128,8 @@ public function getting_a_list_of_resources_with_unauthorized_include(): void
             '/api/users/search',
             [
                 'includes' => [
-                    ['relation' => 'unauthorized']
-                ]
+                    ['relation' => 'unauthorized'],
+                ],
             ]
         );
 
@@ -116,10 +155,10 @@ public function getting_a_list_of_resources_with_unauthorized_include_filter():
                     [
                         'relation' => 'posts',
                         'filters' => [
-                            ['field' => 'unauthorized', 'operator' => '>', 'value' => 3]
-                        ]
-                    ]
-                ]
+                            ['field' => 'unauthorized', 'operator' => '>', 'value' => 3],
+                        ],
+                    ],
+                ],
             ]
         );
 
diff --git a/tests/Fixtures/app/Http/Controllers/UsersController.php b/tests/Fixtures/app/Http/Controllers/UsersController.php
@@ -23,6 +23,6 @@ public function includes(): array
 
     public function filterableBy(): array
     {
-        return ['posts.stars'];
+        return ['name','posts.stars'];
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -119,8 +119,9 @@ public function applyScopesToQuery($query, Request $request): void`
`119`	`119`	`*/`
`120`	`120`	`public function applyFiltersToQuery($query, Request $request, array $filterDescriptors = []): void`
`121`	`121`	`{`
`122`		`- if (!$filterDescriptors) {`
	`122`	`+ if (!$filterDescriptors && !$this->intermediateMode) {`
`123`	`123`	`$this->paramsValidator->validateFilters($request);`
	`124`	`+`
`124`	`125`	`$filterDescriptors = $request->get('filters', []);`
`125`	`126`	`}`
`126`	`127`
`@@ -610,7 +611,7 @@ public function applyIncludesToQuery($query, Request $request, array $includeDes`
`610`	`611`	`public function clone(string $resourceModelClass): self`
`611`	`612`	`{`
`612`	`613`	`return new static(`
`613`		`- $resourceModelClass, $this->paramsValidator, $this->relationsResolver, $this->searchBuilder`
	`614`	`+ $resourceModelClass, $this->paramsValidator, $this->relationsResolver, $this->searchBuilder, true`
`614`	`615`	`);`
`615`	`616`	`}`
`616`	`617`
Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,6 @@ public function includes(): array`
`23`	`23`
`24`	`24`	`public function filterableBy(): array`
`25`	`25`	`{`
`26`		`- return ['posts.stars'];`
	`26`	`+ return ['name','posts.stars'];`
`27`	`27`	`}`
`28`	`28`	`}`