Restrict the Customers shown during auto-completion of the "To:" field

2024-07-05 18:03:05 +02:00 · 2024-07-05 18:03:05 +02:00 · f03b73dc75
commit f03b73dc75
parent 5fad34c6b6
1 changed files with 25 additions and 16 deletions
--- a/src/Http/Controllers/CustomersController.php
+++ b/src/Http/Controllers/CustomersController.php
@ -246,23 +246,32 @@ class CustomersController extends BaseCustomersController {
 			}
 		}

-		if ($request->search_by == 'all' || $request->search_by == 'email') {
-			$customers_query->where('emails.email', 'like', '%'.$q.'%');
-		}
-		if ($request->exclude_email) {
-			$customers_query->where('emails.email', '<>', $request->exclude_email);
-		}
-		if ($request->search_by == 'all' || $request->search_by == 'name') {
-			$customers_query->orWhere('first_name', 'like', '%'.$q.'%')
-				->orWhere('last_name', 'like', '%'.$q.'%');
-		}
-		if ($request->search_by == 'phone') {
-			$phone_numeric = \Helper::phoneToNumeric($q);
-			if (!$phone_numeric) {
-				$phone_numeric = $q;
+		// Group the search terms query to avoid them from messing up the restriction by Mailbox.
+		$customers_query->where(function($customers_query) use($request, $q) {
+			if ($request->search_by == 'all' || $request->search_by == 'email') {
+				$customers_query->where('emails.email', 'like', '%'.$q.'%');
+			if ($request->exclude_email) {
+				$customers_query->where('emails.email', '<>', $request->exclude_email);
 			}
-			$customers_query->where('customers.phones', 'like', '%'.$phone_numeric.'%');
-		}
+			if ($request->search_by == 'all' || $request->search_by == 'name') {
+				$customers_query->orWhere('first_name', 'like', '%'.$q.'%')
+					->orWhere('last_name', 'like', '%'.$q.'%');
+			}
+			if ($request->search_by == 'phone') {
+				$phone_numeric = \Helper::phoneToNumeric($q);
+				if (!$phone_numeric) {
+					$phone_numeric = $q;
+				}
+				$customers_query->where('customers.phones', 'like', '%'.$phone_numeric.'%');
+			}
+		});
+
+		// Get the list of Mailboxes the current User has access to.
+		$user = auth()->user();
+		$mailboxes = $user->mailboxesIdsCanView();
+
+		// Restrict the query to the Customers the current User is allowed to access.
+		$customers_query->whereIn('customers.mailbox_id', $mailboxes);

 		$customers = $customers_query->paginate(20);