Merge pull request #182 from fleetbase/dev-v1.6.30

Fix: Critical cache key collision bug in ApiModelCache

Author: roncodes

composer.json

@@ -1,6 +1,6 @@
 {
     "name": "fleetbase/core-api",
-    "version": "1.6.29",
+    "version": "1.6.30",
     "description": "Core Framework and Resources for Fleetbase API",
     "keywords": [
         "fleetbase",

src/Models/Permission.php

@@ -4,6 +4,7 @@
 
 use Fleetbase\Traits\Filterable;
 use Fleetbase\Traits\HasApiModelBehavior;
+use Fleetbase\Traits\HasApiModelCache;
 use Fleetbase\Traits\HasUuid;
 use Fleetbase\Traits\Searchable;
 use Illuminate\Support\Collection;
@@ -13,6 +14,7 @@ class Permission extends BasePermission
 {
     use HasUuid;
     use HasApiModelBehavior;
+    use HasApiModelCache;
     use Searchable;
     use Filterable;
 

src/Support/ApiModelCache.php

@@ -58,21 +58,22 @@ public static function generateQueryCacheKey(Model $model, Request $request, arr
         $table       = $model->getTable();
         $companyUuid = static::getCompanyUuid($request);
 
-        // Get all relevant query parameters
-        $params = [
-            'limit'   => $request->input('limit'),
-            'offset'  => $request->input('offset'),
-            'page'    => $request->input('page'),
-            'sort'    => $request->input('sort'),
-            'order'   => $request->input('order'),
-            'query'   => $request->input('query'),
-            'search'  => $request->input('search'),
-            'filter'  => $request->input('filter'),
-            'with'    => $request->input('with'),
-            'expand'  => $request->input('expand'),
-            'columns' => $request->input('columns'),
+        // Get ALL query parameters from the request
+        // This ensures different filters (e.g., type=customer vs type=contact) generate different cache keys
+        $params = $request->query();
+
+        // Remove internal/non-cacheable parameters that shouldn't affect cache key
+        $excludedParams = [
+            '_',           // Cache-busting timestamp
+            'timestamp',   // Cache-busting timestamp
+            'nocache',     // Explicit cache bypass
+            '_method',     // Laravel method override
         ];
 
+        foreach ($excludedParams as $excluded) {
+            unset($params[$excluded]);
+        }
+
         // Merge additional parameters
         $params = array_merge($params, $additionalParams);
 

src/Traits/HasApiModelBehavior.php

@@ -1125,12 +1125,18 @@ private function applyOperators($builder, $column_name, $op_key, $op_type, $valu
      */
     public function shouldQualifyColumn($column_name)
     {
-        return in_array($column_name, [
+        $qualifiableColumns = [
             $this->getKey() ?? 'uuid',
             $this->getCreatedAtColumn() ?? 'created_at',
             $this->getUpdatedAtColumn() ?? 'updated_at',
-            $this->getDeletedAtColumn() ?? 'deleted_at',
-        ]);
+        ];
+
+        // Only include deleted_at column if model uses SoftDeletes trait
+        if (method_exists($this, 'getDeletedAtColumn')) {
+            $qualifiableColumns[] = $this->getDeletedAtColumn();
+        }
+
+        return in_array($column_name, $qualifiableColumns);
     }
 
     /**