From 0ba28e344b6979fc29b50fecdd9ab25e52114ac3 Mon Sep 17 00:00:00 2001
From: Joffrey JAFFEUX <j.jaffeux@gmail.com>
Date: Thu, 31 Oct 2019 01:16:23 +0100
Subject: [PATCH] FIX: tags can be filtered on categoryId without a q param
 (#8264)

---
 app/controllers/tags_controller.rb    | 36 ++++++++++++++++++---------
 spec/requests/tags_controller_spec.rb |  8 ++++++
 2 files changed, 32 insertions(+), 12 deletions(-)

diff --git a/app/controllers/tags_controller.rb b/app/controllers/tags_controller.rb
index 19629600ae0..a8a766e653c 100644
--- a/app/controllers/tags_controller.rb
+++ b/app/controllers/tags_controller.rb
@@ -193,28 +193,40 @@ class TagsController < ::ApplicationController
   end
 
   def search
-    clean_name = DiscourseTagging.clean_tag(params[:q])
-    category = params[:categoryId] ? Category.find_by_id(params[:categoryId]) : nil
+    filter_params = {
+      for_input: params[:filterForInput],
+      selected_tags: params[:selected_tags]
+    }
 
-    # Prioritize exact matches when ordering
-    order_query = Tag.sanitize_sql_for_order(
-      ["lower(name) = lower(?) DESC, topic_count DESC", clean_name]
-    )
+    if params[:categoryId]
+      filter_params[:category] = Category.find_by_id(params[:categoryId])
+    end
+
+    if params[:q]
+      clean_name = DiscourseTagging.clean_tag(params[:q])
+      filter_params[:term] = clean_name
+
+      # Prioritize exact matches when ordering
+      order_query = Tag.sanitize_sql_for_order(
+        ["lower(name) = lower(?) DESC, topic_count DESC", clean_name]
+      )
+
+      tag_query = Tag.order(order_query).limit(params[:limit])
+    else
+      tag_query = Tag.limit(params[:limit])
+    end
 
     tags_with_counts = DiscourseTagging.filter_allowed_tags(
-      Tag.order(order_query).limit(params[:limit]),
+      tag_query,
       guardian,
-      for_input: params[:filterForInput],
-      term: clean_name,
-      category: category,
-      selected_tags: params[:selected_tags]
+      filter_params
     )
 
     tags = self.class.tag_counts_json(tags_with_counts)
 
     json_response = { results: tags }
 
-    if !tags.find { |h| h[:id].downcase == clean_name.downcase } && tag = Tag.where_name(clean_name).first
+    if clean_name && !tags.find { |h| h[:id].downcase == clean_name.downcase } && tag = Tag.where_name(clean_name).first
       # filter_allowed_tags determined that the tag entered is not allowed
       json_response[:forbidden] = params[:q]
 
diff --git a/spec/requests/tags_controller_spec.rb b/spec/requests/tags_controller_spec.rb
index 26bf9591706..5d44da4e457 100644
--- a/spec/requests/tags_controller_spec.rb
+++ b/spec/requests/tags_controller_spec.rb
@@ -395,6 +395,14 @@ describe TagsController do
             category_names: category.name
           ))
         end
+
+        it "can filter on category without q param" do
+          nope = Fabricate(:tag, name: 'nope')
+          get "/tags/filter/search.json", params: { categoryId: category.id }
+          expect(response.status).to eq(200)
+          json = ::JSON.parse(response.body)
+          expect(json["results"].map { |j| j["id"] }.sort).to eq([yup.name])
+        end
       end
 
       it "matches tags after sanitizing input" do