From 252881b8d16b9e967c1a20f4c130a48d45ea4f2a Mon Sep 17 00:00:00 2001
From: Marcel <marcel@familienarchiv>
Date: Mon, 30 Mar 2026 12:27:57 +0200
Subject: [PATCH] fix(backend): reject whitespace-only person search queries

A query of only spaces previously fell through to findAllWithDocumentCount,
exposing the full person list. Whitespace-only queries now return empty.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../raddatz/familienarchiv/service/PersonService.java    | 9 ++++++---
 .../familienarchiv/service/PersonServiceTest.java        | 9 +++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/backend/src/main/java/org/raddatz/familienarchiv/service/PersonService.java b/backend/src/main/java/org/raddatz/familienarchiv/service/PersonService.java
index db5249a1..f295715f 100644
--- a/backend/src/main/java/org/raddatz/familienarchiv/service/PersonService.java
+++ b/backend/src/main/java/org/raddatz/familienarchiv/service/PersonService.java
@@ -24,10 +24,13 @@ public class PersonService {
     private final PersonRepository personRepository;
 
     public List<PersonSummaryDTO> findAll(String q) {
-        if (q != null && !q.isBlank()) {
-            return personRepository.searchWithDocumentCount(q);
+        if (q == null) {
+            return personRepository.findAllWithDocumentCount();
         }
-        return personRepository.findAllWithDocumentCount();
+        if (q.isBlank()) {
+            return List.of();
+        }
+        return personRepository.searchWithDocumentCount(q.trim());
     }
 
     public Person getById(UUID id) {
diff --git a/backend/src/test/java/org/raddatz/familienarchiv/service/PersonServiceTest.java b/backend/src/test/java/org/raddatz/familienarchiv/service/PersonServiceTest.java
index e0638a00..f229f8b9 100644
--- a/backend/src/test/java/org/raddatz/familienarchiv/service/PersonServiceTest.java
+++ b/backend/src/test/java/org/raddatz/familienarchiv/service/PersonServiceTest.java
@@ -62,12 +62,9 @@ class PersonServiceTest {
     }
 
     @Test
-    void findAll_returnsAll_whenQueryIsBlank() {
-        List<PersonSummaryDTO> expected = List.of();
-        when(personRepository.findAllWithDocumentCount()).thenReturn(expected);
-
-        assertThat(personService.findAll("   ")).isEqualTo(expected);
-        verify(personRepository).findAllWithDocumentCount();
+    void findAll_returnsEmpty_whenQueryIsWhitespaceOnly() {
+        assertThat(personService.findAll("   ")).isEmpty();
+        verify(personRepository, never()).findAllWithDocumentCount();
         verify(personRepository, never()).searchWithDocumentCount(any());
     }