diff --git a/lib/Db/FormMapper.php b/lib/Db/FormMapper.php index 649494b3b..8f79496a6 100644 --- a/lib/Db/FormMapper.php +++ b/lib/Db/FormMapper.php @@ -108,16 +108,16 @@ public function findSharedForms(string $userId, array $groups = [], array $teams // share type user and share with current user $memberships->add( $qbShares->expr()->andX( - $qbShares->expr()->eq('shares.share_type', $qbShares->createNamedParameter(IShare::TYPE_USER)), - $qbShares->expr()->eq('shares.share_with', $qbShares->createNamedParameter($userId, IQueryBuilder::PARAM_STR)), + $qbShares->expr()->eq('shares.share_type', $qbShares->createNamedParameter(IShare::TYPE_USER, IQueryBuilder::PARAM_STR, ':share_type_user')), + $qbShares->expr()->eq('shares.share_with', $qbShares->createNamedParameter($userId, IQueryBuilder::PARAM_STR, ':share_with_user')), ), ); // share type group and one of the user groups if (!empty($groups)) { $memberships->add( $qbShares->expr()->andX( - $qbShares->expr()->eq('shares.share_type', $qbShares->createNamedParameter(IShare::TYPE_GROUP)), - $qbShares->expr()->in('shares.share_with', $qbShares->createNamedParameter($groups, IQueryBuilder::PARAM_STR_ARRAY)), + $qbShares->expr()->eq('shares.share_type', $qbShares->createNamedParameter(IShare::TYPE_GROUP, IQueryBuilder::PARAM_STR, ':share_type_group')), + $qbShares->expr()->in('shares.share_with', $qbShares->createNamedParameter($groups, IQueryBuilder::PARAM_STR_ARRAY, ':share_with_groups')), ), ); } @@ -125,19 +125,19 @@ public function findSharedForms(string $userId, array $groups = [], array $teams if (!empty($teams)) { $memberships->add( $qbShares->expr()->andX( - $qbShares->expr()->eq('shares.share_type', $qbShares->createNamedParameter(IShare::TYPE_CIRCLE)), - $qbShares->expr()->in('shares.share_with', $qbShares->createNamedParameter($teams, IQueryBuilder::PARAM_STR_ARRAY)), + $qbShares->expr()->eq('shares.share_type', $qbShares->createNamedParameter(IShare::TYPE_CIRCLE, IQueryBuilder::PARAM_STR, ':share_type_team')), + $qbShares->expr()->in('shares.share_with', $qbShares->createNamedParameter($teams, IQueryBuilder::PARAM_STR_ARRAY, ':share_with_teams')), ), ); } - // build expression for publicy shared forms (default only directly shown) + // build expression for publicly shared forms (default only directly shown) if ($filterShown) { // Only shown - $access = $qbShares->expr()->in('access_enum', $qbShares->createNamedParameter(Constants::FORM_ACCESS_ARRAY_SHOWN, IQueryBuilder::PARAM_INT_ARRAY)); + $access = $qbShares->expr()->in('access_enum', $qbShares->createNamedParameter(Constants::FORM_ACCESS_ARRAY_SHOWN, IQueryBuilder::PARAM_INT_ARRAY, ':access_shown')); } else { // All - $access = $qbShares->expr()->neq('access_enum', $qbShares->createNamedParameter(Constants::FORM_ACCESS_NOPUBLICSHARE, IQueryBuilder::PARAM_INT)); + $access = $qbShares->expr()->neq('access_enum', $qbShares->createNamedParameter(Constants::FORM_ACCESS_NOPUBLICSHARE, IQueryBuilder::PARAM_INT, ':access_nopublicshare')); } // Select all DISTINCT IDs of shared forms @@ -146,7 +146,7 @@ public function findSharedForms(string $userId, array $groups = [], array $teams ->leftJoin('forms', $this->shareMapper->getTableName(), 'shares', $qbShares->expr()->eq('forms.id', 'shares.form_id')) ->where($memberships) ->orWhere($access) - ->andWhere($qbShares->expr()->neq('forms.owner_id', $qbShares->createNamedParameter($userId, IQueryBuilder::PARAM_STR))); + ->andWhere($qbShares->expr()->neq('forms.owner_id', $qbShares->createNamedParameter($userId, IQueryBuilder::PARAM_STR, ':owner_id'))); // Select the whole forms for the DISTINCT shared forms IDs $qbForms->select('*') @@ -158,12 +158,20 @@ public function findSharedForms(string $userId, array $groups = [], array $teams ->addOrderBy('created', 'DESC'); if ($queryTerm) { - $qbForms->andWhere($qbForms->expr()->iLike('title', $qbForms->createNamedParameter('%' . $this->db->escapeLikeParameter($queryTerm) . '%')) . - ' OR ' . $qbForms->expr()->iLike('description', $qbForms->createNamedParameter('%' . $this->db->escapeLikeParameter($queryTerm) . '%'))); + $likeParameter = '%' . $this->db->escapeLikeParameter($queryTerm) . '%'; + $qbForms->andWhere( + $qbForms->expr()->orX( + $qbForms->expr()->iLike('title', $qbForms->createNamedParameter($likeParameter, IQueryBuilder::PARAM_STR, ':query_term_title')), + $qbForms->expr()->iLike('description', $qbForms->createNamedParameter($likeParameter, IQueryBuilder::PARAM_STR, ':query_term_description')) + ) + ); } - // We need to add the parameters from the shared forms IDs select to the final select query - $qbForms->setParameters($qbShares->getParameters(), $qbShares->getParameterTypes()); + // Merge parameters and parameter types from $qbShares and $qbForms + $qbFormsParams = array_merge($qbShares->getParameters(), $qbForms->getParameters()); + $qbFormsParamTypes = array_merge($qbShares->getParameterTypes(), $qbForms->getParameterTypes()); + + $qbForms->setParameters($qbFormsParams, $qbFormsParamTypes); return $this->findEntities($qbForms); } @@ -185,8 +193,13 @@ public function findAllByOwnerId(string $ownerId, ?string $queryTerm = null): ar ->addOrderBy('created', 'DESC'); if ($queryTerm) { - $qb->andWhere($qb->expr()->iLike('title', $qb->createNamedParameter('%' . $this->db->escapeLikeParameter($queryTerm) . '%')) . - ' OR ' . $qb->expr()->iLike('description', $qb->createNamedParameter('%' . $this->db->escapeLikeParameter($queryTerm) . '%'))); + $likeParameter = '%' . $this->db->escapeLikeParameter($queryTerm) . '%'; + $qb->andWhere( + $qb->expr()->orX( + $qb->expr()->iLike('title', $qb->createNamedParameter($likeParameter, IQueryBuilder::PARAM_STR, ':query_term_title')), + $qb->expr()->iLike('description', $qb->createNamedParameter($likeParameter, IQueryBuilder::PARAM_STR, ':query_term_description')) + ) + ); } return $this->findEntities($qb);