Fixes #37531 - Autocomplete feature for search shows content from forbidden organization for user

[Thorben-D]

Currently, the suggestions provided by the auto-complete feature of the search-bars include content from different organizations. This PR fixes this by using the (yet to be merged) enhanced_filter function of scoped_search.

Detailed problem description:

The auto-complete functionality is handled by the action auto_complete_search of AutoCompleteSearch. The action works by first inferring the Model (DB-Table) from the name of the controller it has been called from and then forming valid SQL queries, which are shown in its own query-language. Since permissions are handled on a per-action basis, if a role permits a user to call auto_complete_search from a controller X, he is given de-facto read access to the whole DB-Table X. It has not been tested, whether the scope may be expanded past X by injecting joins, etc..

Changes: This PR filters the auto-complete suggestions by organization and only displays suggestions with content belonging to the user's current organization. This does NOT fix the root issue, which is scoped_search not properly leveraging the Foreman permission system, but provides an interim solution until an implementation is found that respects the Foreman permission model.

Relations:

• BUG #37531 - This issue
• BUG #32599 - The same root cause, not addressed here
• wvanbergen/scoped_search#221 - PR to add enhanced_filter to scoped_search