Seperate query classes from xml classes to allow specifying more information in the query

src/Backend/ISearchBackend.php

@@ -21,9 +21,7 @@
 
 namespace SearchDAV\Backend;
 
-use Sabre\DAV\INode;
+use SearchDAV\Query\Query;
-use SearchDAV\XML\BasicSearch;
-use SearchDAV\XML\Scope;
 
 interface ISearchBackend {
 	/**
@@ -79,8 +77,8 @@ interface ISearchBackend {
 	 * To return the properties requested by the query sabre's existing PropFind method is used, thus the search implementation
 	 * is not required to collect these properties and is free to ignore the `select` part of the query
 	 *
-	 * @param BasicSearch $query
+	 * @param Query $query
 	 * @return SearchResult[]
 	 */
-	public function search(BasicSearch $query);
+	public function search(Query $query);
 }

src/DAV/SearchHandler.php

@@ -21,11 +21,16 @@
 
 namespace SearchDAV\DAV;
 
+use Sabre\DAV\Exception\BadRequest;
 use Sabre\DAV\PropFind;
 use Sabre\DAV\Server;
 use Sabre\HTTP\ResponseInterface;
 use SearchDAV\Backend\ISearchBackend;
+use SearchDAV\Backend\SearchPropertyDefinition;
 use SearchDAV\Backend\SearchResult;
+use SearchDAV\Query\Operator;
+use SearchDAV\Query\Order;
+use SearchDAV\Query\Query;
 use SearchDAV\XML\BasicSearch;
 
 class SearchHandler {
@@ -69,15 +74,79 @@ class SearchHandler {
 		}
 		$response->setStatus(207);
 		$response->setHeader('Content-Type', 'application/xml; charset="utf-8"');
+		$allProps = [];
 		foreach ($query->from as $scope) {
 			$scope->path = $this->pathHelper->getPathFromUri($scope->href);
+			$props = $this->searchBackend->getPropertyDefinitionsForScope($scope->href, $scope->path);
+			foreach ($props as $prop) {
+				$allProps[$prop->name] = $prop;
+			}
+		}
+		try {
+			$results = $this->searchBackend->search($this->getQueryForXML($query, $allProps));
+		} catch (BadRequest $e) {
+			$response->setStatus(400);
+			$response->setBody($e->getMessage());
+			return false;
 		}
-		$results = $this->searchBackend->search($query);
 		$data = $this->server->generateMultiStatus(iterator_to_array($this->getPropertiesIteratorResults($results, $query->select)), false);
 		$response->setBody($data);
 		return false;
 	}
 
+	/**
+	 * @param BasicSearch $xml
+	 * @param SearchPropertyDefinition[] $allProps
+	 * @return Query
+	 */
+	private function getQueryForXML(BasicSearch $xml, array $allProps) {
+		$orderBy = array_map(function (\SearchDAV\XML\Order $order) use ($allProps) {
+			if (!isset($allProps[$order->property])) {
+				throw new BadRequest('requested order by property is not a valid property for this scope');
+			}
+			$prop = $allProps[$order->property];
+			if (!$prop->sortable) {
+				throw new BadRequest('requested order by property is not sortable');
+			}
+			return new Order($prop, $order->order);
+		}, $xml->orderBy);
+		$select = array_map(function ($propName) use ($allProps) {
+			if (!isset($allProps[$propName])) {
+				throw new BadRequest('requested property is not a valid property for this scope');
+			}
+			$prop = $allProps[$propName];
+			if (!$prop->selectable) {
+				throw new BadRequest('requested property is not selectable');
+			}
+			return $prop;
+		}, $xml->select);
+
+		$where = $this->transformOperator($xml->where, $allProps);
+
+		return new Query($select, $xml->from, $where, $orderBy, $xml->limit);
+	}
+
+	private function transformOperator(\SearchDAV\XML\Operator $operator, array $allProps) {
+		$arguments = array_map(function ($argument) use ($allProps) {
+			if (is_string($argument)) {
+				if (!isset($allProps[$argument])) {
+					throw new BadRequest('requested search property is not a valid property for this scope');
+				}
+				$prop = $allProps[$argument];
+				if (!$prop->searchable) {
+					throw new BadRequest('requested search property is not searchable');
+				}
+				return $prop;
+			} else if ($argument instanceof \SearchDAV\XML\Operator) {
+				return $this->transformOperator($argument, $allProps);
+			} else {
+				return $argument;
+			}
+		}, $operator->arguments);
+
+		return new Operator($operator->type, $arguments);
+	}
+
 	/**
 	 * Returns a list of properties for a given path
 	 *

src/Query/Limit.php

@@ -0,0 +1,40 @@
+<?php
+/**
+ * @copyright Copyright (c) 2018 Robin Appelman <robin@icewind.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace SearchDAV\Query;
+
+
+class Limit {
+	/**
+	 * @var integer
+	 *
+	 * The maximum number of results to be returned
+	 *
+	 * If set to 0 then no limit should be imposed
+	 */
+	public $maxResults = 0;
+	/**
+	 * @var integer
+	 *
+	 * The index of the first result to be returned (offset)
+	 */
+	public $firstResult = 0;
+}

src/Query/Literal.php

@@ -0,0 +1,41 @@
+<?php
+/**
+ * @copyright Copyright (c) 2018 Robin Appelman <robin@icewind.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace SearchDAV\Query;
+
+
+class Literal {
+	/**
+	 * @var string|boolean|\DateTime|integer
+	 *
+	 * The value of the literal
+	 */
+	public $value;
+
+	/**
+	 * Literal constructor.
+	 *
+	 * @param bool|\DateTime|int|string $value
+	 */
+	public function __construct($value = '') {
+		$this->value = $value;
+	}
+}

src/Query/Operator.php

@@ -0,0 +1,67 @@
+<?php
+/**
+ * @copyright Copyright (c) 2018 Robin Appelman <robin@icewind.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace SearchDAV\Query;
+
+class Operator {
+	const OPERATION_AND = '{DAV:}and';
+	const OPERATION_OR = '{DAV:}or';
+	const OPERATION_NOT = '{DAV:}not';
+	const OPERATION_EQUAL = '{DAV:}eq';
+	const OPERATION_LESS_THAN = '{DAV:}lt';
+	const OPERATION_LESS_OR_EQUAL_THAN = '{DAV:}lte';
+	const OPERATION_GREATER_THAN = '{DAV:}gt';
+	const OPERATION_GREATER_OR_EQUAL_THAN = '{DAV:}gte';
+	const OPERATION_IS_COLLECTION = '{DAV:}is-collection';
+	const OPERATION_IS_DEFINED = '{DAV:}is-defined';
+	const OPERATION_IS_LIKE = '{DAV:}like';
+	const OPERATION_CONTAINS = '{DAV:}contains';
+
+	/**
+	 * @var string
+	 *
+	 * The type of operation, one of the Operator::OPERATION_* constants
+	 */
+	public $type;
+	/**
+	 * @var (Literal|SearchPropDefinition|Operation)[]
+	 *
+	 * The list of arguments for the operation
+	 *
+	 *  - SearchPropDefinition: property for comparison
+	 *  - Literal: literal value for comparison
+	 *  - Operation: nested operation for and/or/not operations
+	 *
+	 * Which type and what number of argument an Operator takes depends on the operator type.
+	 */
+	public $arguments;
+
+	/**
+	 * Operator constructor.
+	 *
+	 * @param string $type
+	 * @param array $arguments
+	 */
+	public function __construct($type = '', array $arguments = []) {
+		$this->type = $type;
+		$this->arguments = $arguments;
+	}
+}

src/Query/Order.php

@@ -0,0 +1,53 @@
+<?php
+/**
+ * @copyright Copyright (c) 2018 Robin Appelman <robin@icewind.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace SearchDAV\Query;
+
+
+use SearchDAV\Backend\SearchPropertyDefinition;
+
+class Order {
+	const ASC = 'ascending';
+	const DESC = 'descending';
+
+	/**
+	 * @var SearchPropertyDefinition
+	 *
+	 * The property that should be sorted on.
+	 */
+	public $property;
+	/**
+	 * @var string 'ascending' or 'descending'
+	 *
+	 * The sort direction
+	 */
+	public $order;
+
+	/**
+	 * Order constructor.
+	 * @param SearchPropertyDefinition $property
+	 * @param string $order
+	 */
+	public function __construct(SearchPropertyDefinition $property, $order) {
+		$this->property = $property;
+		$this->order = $order;
+	}
+}

src/Query/Query.php

@@ -0,0 +1,79 @@
+<?php
+/**
+ * @copyright Copyright (c) 2018 Robin Appelman <robin@icewind.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace SearchDAV\Query;
+
+
+use SearchDAV\Backend\SearchPropertyDefinition;
+
+class Query {
+	/**
+	 * @var SearchPropertyDefinition[]
+	 *
+	 * The list of properties to be selected
+	 */
+	public $select;
+	/**
+	 * @var Scope[]
+	 *
+	 * The collections to perform the search in
+	 */
+	public $from;
+	/**
+	 * @var Operator
+	 *
+	 * The search operator, either a comparison ('gt', 'eq', ...) or a boolean operator ('and', 'or', 'not')
+	 */
+	public $where;
+	/**
+	 * @var Order[]
+	 *
+	 * The list of order operations that should be used to order the results.
+	 *
+	 * Each order operations consists of a property to sort on and a sort direction.
+	 * If more then one order operations are specified, the comparisons for ordering should
+	 * be applied in the order that the order operations are defined in with the earlier comparisons being
+	 * more significant.
+	 */
+	public $orderBy;
+	/**
+	 * @var Limit
+	 *
+	 * The limit and offset for the search query
+	 */
+	public $limit;
+
+	/**
+	 * Query constructor.
+	 * @param SearchPropertyDefinition[] $select
+	 * @param Scope[] $from
+	 * @param Operator $where
+	 * @param Order[] $orderBy
+	 * @param Limit $limit
+	 */
+	public function __construct(array $select, array $from, Operator $where, array $orderBy, Limit $limit) {
+		$this->select = $select;
+		$this->from = $from;
+		$this->where = $where;
+		$this->orderBy = $orderBy;
+		$this->limit = $limit;
+	}
+}

src/Query/Scope.php

@@ -0,0 +1,60 @@
+<?php
+/**
+ * @copyright Copyright (c) 2018 Robin Appelman <robin@icewind.nl>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace SearchDAV\Query;
+
+
+class Scope {
+	/**
+	 * @var string
+	 *
+	 * The scope of the search, either as absolute uri or as a path relative to the
+	 * search arbiter.
+	 */
+	public $href;
+
+	/**
+	 * @var string|int 0, 1 or 'infinite'
+	 *
+	 * How deep the search query should be with 0 being only the scope itself,
+	 * 1 being all direct child entries of the scope and infinite being all entries
+	 * in the scope collection at any depth.
+	 */
+	public $depth;
+
+	/**
+	 * @var string|null
+	 *
+	 * the path of the search scope relative to the dav server, or null if the scope is outside the dav server
+	 */
+	public $path;
+
+	/**
+	 * @param string $href
+	 * @param int|string $depth
+	 * @param string|null $path
+	 */
+	public function __construct($href = '', $depth = 1, $path = null) {
+		$this->href = $href;
+		$this->depth = $depth;
+		$this->path = $path;
+	}
+}

src/XML/Limit.php

@@ -28,22 +28,7 @@ use SearchDAV\DAV\SearchPlugin;
 /**
  * The limit and offset of a search query
  */
-class Limit implements XmlDeserializable {
+class Limit extends \SearchDAV\Query\Limit implements XmlDeserializable {
-	/**
-	 * @var integer
-	 *
-	 * The maximum number of results to be returned
-	 *
-	 * If set to 0 then no limit should be imposed
-	 */
-	public $maxResults = 0;
-	/**
-	 * @var integer
-	 *
-	 * The index of the first result to be returned (offset)
-	 */
-	public $firstResult = 0;
-
 	static function xmlDeserialize(Reader $reader) {
 		$limit = new self();
 

src/XML/Literal.php

@@ -25,24 +25,7 @@ namespace SearchDAV\XML;
 use Sabre\Xml\Reader;
 use Sabre\Xml\XmlDeserializable;
 
-class Literal implements XmlDeserializable {
+class Literal extends \SearchDAV\Query\Literal implements XmlDeserializable {
-	/**
-	 * @var string|boolean|\DateTime|integer
-	 *
-	 * The value of the literal
-	 */
-	public $value;
-
-	/**
-	 * Literal constructor.
-	 *
-	 * @param bool|\DateTime|int|string $value
-	 */
-	public function __construct($value = '') {
-		$this->value = $value;
-	}
-
-
 	static function xmlDeserialize(Reader $reader) {
 		$literal = new self();
 

src/XML/Operator.php

@@ -21,28 +21,14 @@
 
 namespace SearchDAV\XML;
 
-
 use Sabre\Xml\Reader;
 use Sabre\Xml\XmlDeserializable;
 
 class Operator implements XmlDeserializable {
-	const OPERATION_AND = '{DAV:}and';
-	const OPERATION_OR = '{DAV:}or';
-	const OPERATION_NOT = '{DAV:}not';
-	const OPERATION_EQUAL = '{DAV:}eq';
-	const OPERATION_LESS_THAN = '{DAV:}lt';
-	const OPERATION_LESS_OR_EQUAL_THAN = '{DAV:}lte';
-	const OPERATION_GREATER_THAN = '{DAV:}gt';
-	const OPERATION_GREATER_OR_EQUAL_THAN = '{DAV:}gte';
-	const OPERATION_IS_COLLECTION = '{DAV:}is-collection';
-	const OPERATION_IS_DEFINED = '{DAV:}is-defined';
-	const OPERATION_IS_LIKE = '{DAV:}like';
-	const OPERATION_CONTAINS = '{DAV:}contains';
-
 	/**
 	 * @var string
 	 *
-	 * The type of operation, one of the Operation::OPERATION_* constants
+	 * The type of operation, one of the Operator::OPERATION_* constants
 	 */
 	public $type;
 	/**
@@ -69,7 +55,6 @@ class Operator implements XmlDeserializable {
 		$this->arguments = $arguments;
 	}
 
-
 	static function xmlDeserialize(Reader $reader) {
 		$operator = new self();
 

src/XML/Order.php

@@ -26,9 +26,6 @@ use Sabre\Xml\Reader;
 use Sabre\Xml\XmlDeserializable;
 
 class Order implements XmlDeserializable {
-	const ASC = 'ascending';
-	const DESC = 'descending';
-
 	/**
 	 * @var string
 	 *
@@ -48,7 +45,7 @@ class Order implements XmlDeserializable {
 	 * @param string $property
 	 * @param string $order
 	 */
-	public function __construct($property = '', $order = self::ASC) {
+	public function __construct($property = '', $order = \SearchDAV\Query\Order::ASC) {
 		$this->property = $property;
 		$this->order = $order;
 	}
@@ -58,7 +55,7 @@ class Order implements XmlDeserializable {
 
 		$childs = \Sabre\Xml\Deserializer\keyValue($reader);
 
-		$order->order = array_key_exists('{DAV:}descending', $childs) ? self::DESC : self::ASC;
+		$order->order = array_key_exists('{DAV:}descending', $childs) ? \SearchDAV\Query\Order::DESC : \SearchDAV\Query\Order::ASC;
 		$order->property = $childs['{DAV:}prop'][0];
 
 		return $order;

src/XML/Scope.php

@@ -21,46 +21,10 @@
 
 namespace SearchDAV\XML;
 
-
 use Sabre\Xml\Reader;
 use Sabre\Xml\XmlDeserializable;
 
-class Scope implements XmlDeserializable {
+class Scope extends \SearchDAV\Query\Scope implements XmlDeserializable {
-	/**
-	 * @var string
-	 *
-	 * The scope of the search, either as absolute uri or as a path relative to the
-	 * search arbiter.
-	 */
-	public $href;
-
-	/**
-	 * @var string|int 0, 1 or 'infinite'
-	 *
-	 * How deep the search query should be with 0 being only the scope itself,
-	 * 1 being all direct child entries of the scope and infinite being all entries
-	 * in the scope collection at any depth.
-	 */
-	public $depth;
-
-	/**
-	 * @var string|null
-	 *
-	 * the path of the search scope relative to the dav server, or null if the scope is outside the dav server
-	 */
-	public $path;
-
-	/**
-	 * @param string $href
-	 * @param int|string $depth
-	 * @param string|null $path
-	 */
-	public function __construct($href = '', $depth = 1, $path = null) {
-		$this->href = $href;
-		$this->depth = $depth;
-		$this->path = $path;
-	}
-
 	static function xmlDeserialize(Reader $reader) {
 		$scope = new self();
 

tests/DummyBackend.php

@@ -26,6 +26,7 @@ use Sabre\DAV\INode;
 use Sabre\DAV\SimpleFile;
 use SearchDAV\Backend\ISearchBackend;
 use SearchDAV\Backend\SearchResult;
+use SearchDAV\Query\Query;
 use SearchDAV\XML\BasicSearch;
 use SearchDAV\Backend\SearchPropertyDefinition;
 
@@ -47,7 +48,7 @@ class DummyBackend implements ISearchBackend {
 		];
 	}
 
-	public function search(BasicSearch $query) {
+	public function search(Query $query) {
 		return [
 			new SearchResult(new SimpleFile('foo.txt', 'foobar', 'text/plain'), '/bar/foo.txt')
 		];

tests/QueryParserTest.php

@@ -50,12 +50,12 @@ class QueryParserTest extends \PHPUnit_Framework_TestCase {
 		$this->assertEquals([
 			new Scope('/container1/', 'infinity')
 		], $search->from);
-		$this->assertEquals(new Operator(Operator::OPERATION_GREATER_THAN, [
+		$this->assertEquals(new Operator(\SearchDAV\Query\Operator::OPERATION_GREATER_THAN, [
 			'{DAV:}getcontentlength',
 			new Literal(10000)
 		]), $search->where);
 		$this->assertEquals([
-			new Order('{DAV:}getcontentlength', Order::ASC)
+			new Order('{DAV:}getcontentlength', \SearchDAV\Query\Order::ASC)
 		], $search->orderBy);
 	}
 
@@ -75,12 +75,12 @@ class QueryParserTest extends \PHPUnit_Framework_TestCase {
 		$this->assertEquals([
 			new Scope('/container1/', 'infinity')
 		], $search->from);
-		$this->assertEquals(new Operator(Operator::OPERATION_GREATER_THAN, [
+		$this->assertEquals(new Operator(\SearchDAV\Query\Operator::OPERATION_GREATER_THAN, [
 			'{DAV:}getcontentlength',
 			new Literal(10000)
 		]), $search->where);
 		$this->assertEquals([
-			new Order('{DAV:}getcontentlength', Order::DESC)
+			new Order('{DAV:}getcontentlength', \SearchDAV\Query\Order::DESC)
 		], $search->orderBy);
 	}
 
@@ -101,7 +101,7 @@ class QueryParserTest extends \PHPUnit_Framework_TestCase {
 			new Scope('/container1/', 'infinity'),
 			new Scope('/container2/', 1),
 		], $search->from);
-		$this->assertEquals(new Operator(Operator::OPERATION_IS_COLLECTION, []), $search->where);
+		$this->assertEquals(new Operator(\SearchDAV\Query\Operator::OPERATION_IS_COLLECTION, []), $search->where);
 		$this->assertEquals([], $search->orderBy);
 	}
 

tests/SearchPluginTest.php

@@ -34,6 +34,7 @@ use SearchDAV\Backend\ISearchBackend;
 use SearchDAV\Backend\SearchPropertyDefinition;
 use SearchDAV\Backend\SearchResult;
 use SearchDAV\DAV\SearchPlugin;
+use SearchDAV\Query\Query;
 use SearchDAV\XML\BasicSearch;
 use SearchDAV\XML\Limit;
 use SearchDAV\XML\Literal;
@@ -275,19 +276,20 @@ class SearchPluginTest extends \PHPUnit_Framework_TestCase {
 			->method('isValidScope')
 			->willReturn(true);
 
-		$query = new BasicSearch();
+		$lengthProp = new SearchPropertyDefinition('{DAV:}getcontentlength', true, true, true, SearchPropertyDefinition::DATATYPE_NONNEGATIVE_INTEGER);
-		$query->orderBy = [
+		$orderBy = [
-			new Order('{DAV:}getcontentlength', Order::ASC)
+			new \SearchDAV\Query\Order($lengthProp, \SearchDAV\Query\Order::ASC)
 		];
-		$query->select = ['{DAV:}getcontentlength'];
+		$select = [$lengthProp];
-		$query->from = [
+		$from = [
 			new Scope('/container1/', 'infinity', '/container1/')
 		];
-		$query->where = new Operator(Operator::OPERATION_GREATER_THAN, [
+		$where = new \SearchDAV\Query\Operator(\SearchDAV\Query\Operator::OPERATION_GREATER_THAN, [
-			'{DAV:}getcontentlength',
+			$lengthProp,
 			new Literal(10000)
 		]);
-		$query->limit = new Limit();
+		$limit = new Limit();
+		$query = new Query($select, $from, $where, $orderBy, $limit);
 
 		$this->searchBackend->expects($this->once())
 			->method('search')
@@ -299,6 +301,12 @@ class SearchPluginTest extends \PHPUnit_Framework_TestCase {
 				)
 			]);
 
+		$this->searchBackend->expects($this->any())
+			->method('getPropertyDefinitionsForScope')
+			->willReturn([
+				$lengthProp
+			]);
+
 		$plugin->searchHandler($request, $response);
 
 		$parser = new Service();
@@ -439,4 +447,39 @@ class SearchPluginTest extends \PHPUnit_Framework_TestCase {
 
 		$this->assertEquals(new SupportedQueryGrammar(), $propFind->get('{DAV:}supported-query-grammar-set'));
 	}
+
+	public function testSearchQueryInvalidWhere() {
+		$this->searchBackend->expects($this->any())
+			->method('getArbiterPath')
+			->willReturn('foo');
+
+		$plugin = new SearchPlugin($this->searchBackend);
+		$server = new Server();
+		$plugin->initialize($server);
+
+		$request = new Request('SEARCH', '/index.php/foo', [
+			'Content-Type' => 'text/xml'
+		]);
+		$request->setBaseUrl('/index.php');
+		$request->setBody(fopen(__DIR__ . '/invalidwhere.xml', 'r'));
+		$response = new Response();
+
+		$this->searchBackend->expects($this->any())
+			->method('isValidScope')
+			->willReturn(true);
+
+		$this->searchBackend->expects($this->never())
+			->method('search');
+
+		$this->searchBackend->expects($this->once())
+			->method('getPropertyDefinitionsForScope')
+			->willReturn([
+				new SearchPropertyDefinition('{http://ns.nextcloud.com:}fileid', false, true, true, SearchPropertyDefinition::DATATYPE_NONNEGATIVE_INTEGER),
+			]);
+
+		$plugin->searchHandler($request, $response);
+
+		$this->assertEquals(400, $response->getStatus());
+	}
+
 }

tests/invalidwhere.xml

@@ -0,0 +1,32 @@
+<?xml version="1.0"?>
+<d:searchrequest xmlns:d="DAV:" xmlns:oc="http://ns.nextcloud.com">
+    <d:basicsearch>
+        <d:select>
+            <d:prop>
+                <d:getcontentlength/>
+            </d:prop>
+        </d:select>
+        <d:from>
+            <d:scope>
+                <d:href>/container1/</d:href>
+                <d:depth>infinity</d:depth>
+            </d:scope>
+        </d:from>
+        <d:where>
+            <d:gt>
+                <d:prop>
+                    <oc:fileid/>
+                </d:prop>
+                <d:literal>5</d:literal>
+            </d:gt>
+        </d:where>
+        <d:orderby>
+            <d:order>
+                <d:prop>
+                    <d:getcontentlength/>
+                </d:prop>
+                <d:ascending/>
+            </d:order>
+        </d:orderby>
+    </d:basicsearch>
+</d:searchrequest>