/**
* Build a Report criteria based on submitted values.
*
* If used cannot access requested value (eg. forged URL) the Query is modified
* to remove the offending query.
*
* @return array of \Tracker_Report_Criteria
*/
public function getSharedFieldsCriteria(User $user, Project $project, Tracker_Report $report, Tracker_CrossSearch_Query $cross_search_query)
{
$fields = $this->form_element_factory->getSharedFieldsReadableBy($user, $project);
$criteria = array();
$allowed_field_ids = array();
foreach ($fields as $field) {
$allowed_field_ids[$field->getId()] = true;
$field->setCriteriaValue($this->getSelectedValues($field, $cross_search_query->getSharedFields()));
$criteria[] = $this->buildCriteria($report, $field);
}
$cross_search_query->purgeSharedFieldNotInList($allowed_field_ids);
return $criteria;
}
public function itRemovesSharedFieldsThatAreNotInTheBlessedList()
{
$shared_field_request = array('220' => array('values' => array('350')));
$query = new Tracker_CrossSearch_Query($shared_field_request);
$query->purgeSharedFieldNotInList(array(330 => true));
$this->assertEqual($query->getSharedFields(), array());
}