From 070094f2298793603705950f3c399be4328859c9 Mon Sep 17 00:00:00 2001
From: Christian Beeznest <christian.fasanando@beeznest.com>
Date: Mon, 17 Feb 2025 19:11:01 -0500
Subject: [PATCH] User: Fix filters & editable columns in extra fields for
 advanced edit - refs BT#22305

---
 main/admin/user_advanced_edit.php | 45 ++++++++++++++++++++++++------
 main/inc/lib/usermanager.lib.php  | 46 +++++++++++++++++++++++++++----
 2 files changed, 77 insertions(+), 14 deletions(-)

diff --git a/main/admin/user_advanced_edit.php b/main/admin/user_advanced_edit.php
index bd5373b2ec2..72367048ed0 100644
--- a/main/admin/user_advanced_edit.php
+++ b/main/admin/user_advanced_edit.php
@@ -81,7 +81,7 @@
     [],
     [],
     $_REQUEST,
-    null,
+    false,
     true
 );
 
@@ -126,8 +126,6 @@
 
 $tableResult = '';
 if (!empty($users)) {
-    $selectedFields = $_GET['editableFields'] ?? [];
-
     foreach ($users as &$user) {
         $userData = api_get_user_info($user['id']);
         if ($userData) {
@@ -146,21 +144,50 @@
     }
     unset($user);
 
-    if (count($users) === 1) {
-        array_unshift($users, ['id' => '', 'username' => '']);
+    $selectedFields = $_GET['editableFields'] ?? [];
+    $filtersUsed = [
+        'keywordUsername' => 'username',
+        'keywordEmail' => 'email',
+        'keywordFirstname' => 'firstname',
+        'keywordLastname' => 'lastname',
+        'keywordOfficialCode' => 'official_code',
+        'keywordStatus' => 'status'
+    ];
+
+    foreach ($filtersUsed as $filterKey => $fieldName) {
+        $getFilterKey = Security::remove_XSS($_GET[$filterKey]);
+        if (!empty($getFilterKey) && !in_array($fieldName, $selectedFields)) {
+            $selectedFields[] = $fieldName;
+        }
+    }
+
+    foreach ($extraFields as $field) {
+        $extraVariable = Security::remove_XSS($_GET['extra_'.$field['variable']]);
+        if (is_array($extraVariable)) {
+            $extraVariable = array_filter($extraVariable, function ($v) {
+                return $v !== null && $v !== '';
+            });
+        }
+        if (!empty($extraVariable) && !in_array($field['variable'], $selectedFields)) {
+            $selectedFields[] = $field['variable'];
+        }
     }
+
     $parameters = array_diff_key($parameters, array_flip(['users_direction', 'users_column']));
-    $userTable = new SortableTable('users', null, null, 0, 50);
+    $userTable = new SortableTable('users', null, null, 0, count($users));
     $userTable->set_additional_parameters($parameters);
+    $userTable->setTotalNumberOfItems(count($users));
     $userTable->set_header(0, get_lang('ID'));
     $userTable->set_header(1, get_lang('Username'));
 
+    $columnIndex = 2;
     foreach ($selectedFields as $field) {
-        $userTable->set_header(count($userTable->headers), ucfirst($field));
+        $userTable->set_header($columnIndex, ucfirst($field));
+        $columnIndex++;
     }
 
-    $userTable->set_header(count($userTable->headers), get_lang('Actions'));
-
+    $userTable->set_header($columnIndex, get_lang('Actions'));
+    $userTable->addRow([]);
     foreach ($users as $user) {
         $row = [$user['id'], $user['username']];
 
diff --git a/main/inc/lib/usermanager.lib.php b/main/inc/lib/usermanager.lib.php
index ae6bf1ccb2d..dda1af85d80 100755
--- a/main/inc/lib/usermanager.lib.php
+++ b/main/inc/lib/usermanager.lib.php
@@ -8308,17 +8308,28 @@ public static function searchUsers(array $filters = [], array $editableFields =
         }
 
         $extraField = new ExtraField('user');
-        $extraFieldResults = [];
+        $extraFieldResults = null;
         $extraFieldHasData = false;
 
         foreach ($filters as $key => $value) {
-            if (strpos($key, 'extra_') === 0 && !empty($value)) {
+            if (str_starts_with($key, 'extra_')) {
+                if (is_array($value)) {
+                    $value = array_filter($value, function ($v) {
+                        return $v !== null && $v !== '';
+                    });
+                }
+
+                if (empty($value)) {
+                    continue;
+                }
+
                 $variable = substr($key, 6);
                 $fieldInfo = $extraField->get_handler_field_info_by_field_variable($variable);
                 if ($fieldInfo) {
                     $extraFieldHasData = true;
                     $values = is_array($value) ? $value : [$value];
 
+                    $fieldResults = [];
                     foreach ($values as $singleValue) {
                         if (empty($singleValue)) {
                             continue;
@@ -8332,15 +8343,40 @@ public static function searchUsers(array $filters = [], array $editableFields =
                         }
 
                         if (!empty($result)) {
-                            $extraFieldResults = array_merge($extraFieldResults, $result);
+                            $fieldResults[] = $result;
                         }
                     }
+
+                    if (!empty($values) && empty($fieldResults)) {
+                        $extraFieldResults = [];
+                        break;
+                    }
+
+                    $mergedFieldResults = call_user_func_array('array_merge', $fieldResults);
+
+                    if ($extraFieldResults === null) {
+                        $extraFieldResults = $mergedFieldResults;
+                    } else {
+                        $extraFieldResults = array_intersect($extraFieldResults, $mergedFieldResults);
+                    }
+
+                    if (empty($extraFieldResults)) {
+                        break;
+                    }
                 }
             }
         }
 
-        if ($extraFieldHasData && !empty($extraFieldResults)) {
-            $where[] = "u.id IN ('" . implode("','", array_unique($extraFieldResults)) . "')";
+        if ($extraFieldHasData && $extraFieldResults === null) {
+            $extraFieldResults = [];
+        }
+
+        if ($extraFieldHasData) {
+            if (empty($extraFieldResults)) {
+                $where[] = "u.id IN ('-1')";
+            } else {
+                $where[] = "u.id IN ('" . implode("','", array_unique($extraFieldResults)) . "')";
+            }
         }
 
         $fields = ['u.id', 'u.username'];