From 555528274ffd98989f21ce77eb7d0ac82069c7c6 Mon Sep 17 00:00:00 2001
From: Nat Budin <nbudin@actbluetech.com>
Date: Wed, 28 Jan 2026 17:25:36 -0800
Subject: [PATCH] Don't attempt to show search results the user can't view

---
 app/graphql/types/search_result_type.rb | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/app/graphql/types/search_result_type.rb b/app/graphql/types/search_result_type.rb
index 661b16d9bb1..a7d04e65f90 100644
--- a/app/graphql/types/search_result_type.rb
+++ b/app/graphql/types/search_result_type.rb
@@ -1,5 +1,11 @@
 # frozen_string_literal: true
 class Types::SearchResultType < Types::BaseObject
-  field :entries, [Types::SearchResultEntryType], null: false
-  field :total_entries, Int, null: false
+  description "A paginated search result containing matching entries and total count"
+
+  field :entries, [Types::SearchResultEntryType], null: false, description: "The results of the search"
+  field :total_entries, Int, null: false, description: "The total number of entries matching the search query"
+
+  def entries
+    object.entries.filter { |entry| policy(entry.model).read? }
+  end
 end