Improve search to find only accessible items

application/controllers/search.php

@@ -23,8 +23,8 @@ class Search extends CI_Controller {
 		if ($this->input->get('query') != '') {
 			$query = explode(" ", $this->input->get('query'));
 
-			$data['projects'] = $this->project->search($this->input->get('query'));
-			$data['experiments'] = $this->experiment->search($this->input->get('query'));
+			$data['projects'] = $this->project->search($this->input->get('query'), $this->access->isAdmin());
+			$data['experiments'] = $this->experiment->search($this->input->get('query'), false, $this->access->isAdmin());
 
 			$this->load->view('search/results', $data);
 		} else {

application/models/experiment.php

@@ -153,14 +153,30 @@ class Experiment extends CI_Model {
 	 * Search for a specific experiment and return a list of possible results.
 	 *
 	 * @param string $needle The needle to look for in the haystack
-	 * @param string $projectId
+	 * @param string $projectId Search only in a specific project
+	 * @param boolean $searchAll Search all experiments
+	 * @return array Returns an array of all found experiments.
 	 */
-	public function search($needle, $projectId = false) {
+	public function search($needle, $projectId = false, $searchAll = false) {
 		if ($projectId) {
-			$this->db->where('project_id', $projectId);
+			$this->db->where('projects.id', $projectId);
 		}
 
+		if ($searchAll) {
 			$query = $this->db->like('name', $needle)->get('experiments');
+		} else {
+			$this->db->select('experiments.*')->from('experiments');
+			$this->db->join('projects', 'projects.id = experiments.project_id');
+			$this->db->join('shares', 'shares.project_id = projects.id');
+
+			$this->db->where("(`shares`.`user_id` = " . $this->db->escape($this->session->userdata('user_id'))
+					. " OR `projects`.`owner` = " . $this->db->escape($this->session->userdata('user_id'))
+					. " OR `projects`.`public` = 1)");
+
+			$this->db->like('experiments.name', $needle);
+
+			$query = $this->db->get();
+		}
 
 		return $query->result_array();
 	}

application/models/project.php

@@ -155,30 +155,27 @@ class Project extends CI_Model {
 	/**
 	 * Search for a specific project and return a list of possible results.
 	 *
-	 * @param string $needle The needle to look for in the haystack.
+	 * @param string $needle The needle to look for in the haystack
+	 * @param boolean $searchAll Search all projects
+	 * @return array Returns an array of all found projects.
 	 */
-	public function search($needle) {
-		// get matching projects that are public
-		$query = $this->db->where('public', 1)->like('name', $needle)->get('projects');
-		$public_results = $query->result_array();
+	public function search($needle, $searchAll = false) {
+		if ($searchAll) {
+			$query = $this->db->like('name', $needle)->get('projects');
+		} else {
+			$this->db->select('projects.*')->from('projects');
+			$this->db->join('shares', 'shares.project_id = projects.id');
 
-		// or belong directly to the user
-		$query = $this->db->where('owner', $this->session->userdata('user_id'));
-		$query = $this->db->query("SELECT * FROM `projects` WHERE `owner`=".$this->db->escape($this->session->userdata('user_id'))
-				." AND `name` LIKE ".$this->db->escape('%'.$needle.'%'));
-		$own_results = $query->result_array();
+			$this->db->where("(`shares`.`user_id` = " . $this->db->escape($this->session->userdata('user_id'))
+					. " OR `projects`.`owner` = " . $this->db->escape($this->session->userdata('user_id'))
+					. " OR `projects`.`public` = 1)");
 
+			$this->db->like('projects.name', $needle);
 
-		// get matching projects that are shared to the user
-		$this->db->select('*')->from('shares')
-				->where(array('user_id' => $this->session->userdata('user_id')))
-				->like('name', $needle);
-		$this->db->join('projects', 'projects.id = shares.project_id');
 			$query = $this->db->get();
+		}
 
-		$shared_results = $query->result_array();
-
-		return $this->_addShortNames(array_merge($public_results, $own_results, $shared_results));
+		return $this->_addShortNames($query->result_array());
 	}
 
 	/**