diff --git a/src/Concerns/Resource/ConfiguresRestParameters.php b/src/Concerns/Resource/ConfiguresRestParameters.php index 0e0dfce..3564b0d 100644 --- a/src/Concerns/Resource/ConfiguresRestParameters.php +++ b/src/Concerns/Resource/ConfiguresRestParameters.php @@ -57,7 +57,7 @@ public function isNestedField(string $field, Relation $relation = null) $fieldRelation = $this->relation(Str::before($field, '.')); - return $fieldRelation->resource()->isNestedField(Str::after($field, '.'), $fieldRelation); + return $fieldRelation?->resource()->isNestedField(Str::after($field, '.'), $fieldRelation) ?? false; } return in_array($field, $this->getFields(App::make(RestRequest::class))); diff --git a/tests/Feature/Controllers/SearchFilteringOperationsTest.php b/tests/Feature/Controllers/SearchFilteringOperationsTest.php index 60d44f8..28dcab7 100644 --- a/tests/Feature/Controllers/SearchFilteringOperationsTest.php +++ b/tests/Feature/Controllers/SearchFilteringOperationsTest.php @@ -36,6 +36,28 @@ public function test_getting_a_list_of_resources_filtered_by_not_authorized_fiel $response->assertJsonStructure(['message', 'errors' => ['search.filters.0.field']]); } + public function test_getting_a_list_of_resources_filtered_by_not_authorized_relation_field(): void + { + ModelFactory::new()->count(2)->create(); + + Gate::policy(Model::class, GreenPolicy::class); + + $response = $this->post( + '/api/models/search', + [ + 'search' => [ + 'filters' => [ + ['field' => 'non_authorized_relation.field', 'value' => 'value'], + ], + ], + ], + ['Accept' => 'application/json'] + ); + + $response->assertStatus(422); + $response->assertJsonStructure(['message', 'errors' => ['search.filters.0.field']]); + } + public function test_getting_a_list_of_resources_filtered_by_model_field_using_default_operator(): void { $matchingModel = ModelFactory::new()->create(['name' => 'match'])->fresh();