Merge pull request #102 from Lomkit/fix/filter-not-authorized-relation

🐛 including not authorized relation

Author: GautierDele

src/Concerns/Resource/ConfiguresRestParameters.php

@@ -57,7 +57,7 @@ public function isNestedField(string $field, Relation $relation = null)
 
             $fieldRelation = $this->relation(Str::before($field, '.'));
 
-            return $fieldRelation->resource()->isNestedField(Str::after($field, '.'), $fieldRelation);
+            return $fieldRelation?->resource()->isNestedField(Str::after($field, '.'), $fieldRelation) ?? false;
         }
 
         return in_array($field, $this->getFields(App::make(RestRequest::class)));

tests/Feature/Controllers/SearchFilteringOperationsTest.php

@@ -36,6 +36,28 @@ public function test_getting_a_list_of_resources_filtered_by_not_authorized_fiel
         $response->assertJsonStructure(['message', 'errors' => ['search.filters.0.field']]);
     }
 
+    public function test_getting_a_list_of_resources_filtered_by_not_authorized_relation_field(): void
+    {
+        ModelFactory::new()->count(2)->create();
+
+        Gate::policy(Model::class, GreenPolicy::class);
+
+        $response = $this->post(
+            '/api/models/search',
+            [
+                'search' => [
+                    'filters' => [
+                        ['field' => 'non_authorized_relation.field', 'value' => 'value'],
+                    ],
+                ],
+            ],
+            ['Accept' => 'application/json']
+        );
+
+        $response->assertStatus(422);
+        $response->assertJsonStructure(['message', 'errors' => ['search.filters.0.field']]);
+    }
+
     public function test_getting_a_list_of_resources_filtered_by_model_field_using_default_operator(): void
     {
         $matchingModel = ModelFactory::new()->create(['name' => 'match'])->fresh();