[2.x] Update check for filtering column from include

docs/filtering.md

@@ -4,6 +4,36 @@ Data filtering is very easy with at `Larapi` see the examples below.
 
 By default, all filters have to be explicitly allowed using `$whiteListFilter` property in specified Model. 
 
+```php
+<?php
+
+namespace App\Models;
+
+use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Model;
+
+class User extends Model
+{
+    use HasFactory;
+
+    public function author()
+    {
+        return $this->belongsTo(Author::class);
+    }
+
+    // List of all valid syntax for $whiteListFilter
+    //public static $whiteListFilter = ['*'];
+    //public static $whiteListFilter = ['id', 'title', 'author'];
+    //public static $whiteListFilter = ['id', 'title', 'author.*'];
+
+}
+```
+
+If the filter is `['*']` then all properties and sub-properties can be used for filtering.
+If the filter is `a list of model properties` then only the selected properties can be filtered.
+If some of the filter are a relationship then only the `$whiteListFilter` properties of the sub-property's model can be filtered.
+If some of the filter contains a `.*` the all sub-properties of the relationship model can be filtered (the `$whiteListFilter` is not used).
+
 For more advanced use cases, [custom filter](advanced_usage?id=custom-filter) can be used.
 
 #### Operators

src/Database/EloquentBuilderTrait.php

@@ -175,18 +175,14 @@ protected function applyFilter(Builder $queryBuilder, array $filter, $or = false
         $operator = $filter['operator'] ?? 'eq';
         $value = $filter['value'];
         $not = $filter['not'] ?? false;
-        $whiteListFilter = (get_class_vars(get_class($queryBuilder->getModel()))['whiteListFilter']) ?? [];
         $wantsRelationship = stripos($column, '.');
         $clauseOperator = true;
         $lastColumn = explode('.', $column);
         $lastColumn = end($lastColumn);
         $relationName = str_replace('.'. $lastColumn, '', $column);
         $filterRawJoinColumns = isset($this->filterRawJoinColumns) ? $this->filterRawJoinColumns : [];
 
-        // Check if column can filered.
-        if (!in_array($column, $whiteListFilter)) {
-            throw new LarapiException('Oops! You cannot filter column '. $column. '.');
-        }
+        $this->checkFilterColumn($column, get_class($queryBuilder->getModel()));
 
         // Check operator.
         switch ($operator) {
@@ -284,6 +280,50 @@ protected function applyFilter(Builder $queryBuilder, array $filter, $or = false
         }
     }
 
+    private function checkFilterColumn(String $column, String $baseClassName, array $overrideWhiteListFilter = null)
+    {
+        if (empty($column) || empty($baseClassName)) {
+            return;
+        }
+
+        // Retrieve the whiteListFilter
+        $whiteListFilter = $overrideWhiteListFilter ?? ((array)(get_class_vars($baseClassName)['whiteListFilter']) ?? []);
+
+        // Check if the whitelist filter is a star
+        if (in_array('*', $whiteListFilter)) {
+            if (count($whiteListFilter) > 1) {
+                throw new LarapiException('Oops! If you use "*" for the whiteListFilter, you cannot specify another column on ' .  $baseClassName . ' class.');
+            }
+            return;
+        }
+
+        // Check if full column can filered.
+        if (in_array($column, $whiteListFilter)) {
+            return;
+        }
+
+        $parts = explode('.', $column);
+        $firstPart = $parts[0];
+
+        $simpleColumnCheckInListFilter = in_array($firstPart, $whiteListFilter);
+        $complexColumnCheckInListFilter = in_array($firstPart . '.*', $whiteListFilter);
+
+        // Check if splitted column can filered.
+        if (!$simpleColumnCheckInListFilter && !$complexColumnCheckInListFilter) {
+            throw new LarapiException('Oops! You cannot filter column ' . $column . ' on ' .  $baseClassName . ' class.');
+        }
+
+        // Get next part and next class
+        $nextColums = join('.', array_slice($parts, 1));
+        $baseClass = new $baseClassName();
+        $nextClass = method_exists($baseClass, $firstPart) ? get_class($baseClass->$firstPart()->getRelated()) : '';
+        // If the whiteListFilter contains a column with a star we want to bypass the check for the next part
+        $nextOverrideWhiteListFilter = $complexColumnCheckInListFilter ? ['*'] : null;
+
+        // Recursive call to check sub parts
+        $this->checkFilterColumn($nextColums, $nextClass, $nextOverrideWhiteListFilter);
+    }
+
     private function hasCustomMethod($type, $key)
     {
         $methodName = sprintf('%s%s', $type, Str::studly($key));