[ROMM-2976] Fix no games displayed for status filter

[gantoine]

Description
^{Explain the changes or enhancements you are proposing with this pull request.}

Fixes #2976

Checklist
^{Please check all that apply.}

• I've tested the changes locally
• I've updated relevant comments
• I've assigned reviewers for this PR
• I've added unit tests that cover the changes

[gemini-code-assist]

Summary of Changes

Hello @gantoine, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the ROM filtering capabilities by refactoring the backend's status filtering logic to be more versatile and by standardizing how status data is handled across the frontend components. These changes provide a more consistent and powerful filtering experience for users. Additionally, it includes routine updates to various development dependencies and linters to maintain code quality and security.

Highlights

• Backend Status Filtering Refinement: The _filter_by_status method in roms_handler.py has been significantly refactored to support more flexible filtering options, including match_all, match_none, and proper handling of hidden statuses, improving the robustness of ROM status queries.
• Frontend Status Filter Data Standardization: The frontend now consistently uses status keys (e.g., "now_playing", "backlogged") instead of display texts for filtering. This involved updating galleryFilter.ts to store keys, Base.vue to map these keys to display text for UI, and CreateSmartCollection.vue to directly use the keys, streamlining data handling.
• Linter and Dependency Updates: Several development dependencies and linters, including eslint, bandit, black, checkov, prettier, @vue/compiler-sfc, ruff, trivy, and trufflehog, have been updated to their latest versions in .trunk/trunk.yaml.

Changelog

• .trunk/trunk.yaml
  • Updated eslint from 9.39.2 to 10.0.0.
  • Updated bandit from 1.9.2 to 1.9.3.
  • Updated black from 25.12.0 to 26.1.0.
  • Updated checkov from 3.2.497 to 3.2.500.
  • Updated prettier from 3.8.0 to 3.8.1.
  • Updated @vue/compiler-sfc from 3.5.26 to 3.5.27.
  • Updated ruff from 0.14.13 to 0.15.0.
  • Updated trivy from 0.68.2 to 0.69.1.
  • Updated trufflehog from 3.92.5 to 3.93.1.
• backend/handler/database/roms_handler.py
  • Refactored _filter_by_status to accept session, values, match_all, and match_none parameters, replacing the simpler statuses.
  • Implemented match_all and match_none logic within _filter_by_status for more flexible filtering.
  • Ensured RomUser.hidden.is_(False) is applied by default unless "hidden" status is explicitly requested.
  • Integrated the refactored _filter_by_status into the main filter_roms method's dynamic filter application.
  • Removed the old, less flexible conditional call to _filter_by_status in filter_roms.
• frontend/src/components/Gallery/AppBar/common/FilterDrawer/Base.vue
  • Added import for ref from vue.
  • Imported romStatusMap and PlayingStatus from @/utils.
  • Introduced mappedStatuses computed property to display user-friendly status names in the filter drawer.
  • Updated the status filter items to use mappedStatuses for display.
• frontend/src/components/common/Collection/Dialog/CreateSmartCollection.vue
  • Removed the import of getStatusKeyForText.
  • Simplified status key extraction, directly using selectedStatuses.value which now contains keys instead of display text.
• frontend/src/stores/galleryFilter.ts
  • Modified filterStatuses initialization to store Object.keys(romStatusMap) (status keys) instead of mapped display texts.
• frontend/src/utils/index.ts
  • Exported the PlayingStatus type.
  • Removed the getStatusKeyForText utility function.

Activity

• The author has tested the changes locally.
• The author has updated relevant comments.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Test Results

801 tests  ±0   800 ✅ ±0   2m 2s ⏱️ ±0s
  1 suites ±0     1 💤 ±0 
  1 files   ±0     0 ❌ ±0 

Results for commit 5596999. ± Comparison against base commit 8b359a9.

♻️ This comment has been updated with latest results.

[github-actions]

☂️ Python Coverage

current status: ✅

Overall Coverage

Lines	Covered	Coverage	Threshold	Status
12863	8479	66%	0%	🟢

New Files

No new covered files...

Modified Files

File	Coverage	Status
backend/handler/database/roms_handler.py	54%	🟢
TOTAL	54%	🟢

updated for commit: 5596999 by action🐍

[gemini-code-assist]

Code Review

This pull request refactors the ROM filtering logic, focusing on user statuses and updating development tools. While the backend enhances status filters to support 'all' and 'none' matching and the frontend uses status keys for robustness, the changes introduce significant regressions in roms_handler.py. Specifically, the status filtering now allows for potential privacy leaks and performance issues when no user_id is provided, and it incorrectly prevents users from accessing their own hidden ROMs. Furthermore, there is an outdated docstring in the refactored _filter_by_status method and a logic error in how hidden ROMs are excluded, which could lead to incorrect filter results. These issues should be addressed.

[gantoine]

/gemini review

[gemini-code-assist]

Code Review

This pull request refactors the status filtering logic on both the backend and frontend, fixing an issue where games were not displayed correctly when filtering by status. While the refactoring is well-implemented, the backend implementation in roms_handler.py introduces a security vulnerability. Specifically, the _filter_by_status method lacks a user_id restriction, which could lead to the disclosure of private user activity and hidden games. It is recommended to update the filter logic to enforce user-level access control.

[gantoine]

/gemini review

[gemini-code-assist]

Code Review

This pull request effectively resolves an issue with the status filter by refactoring the filtering logic on both the backend and frontend. It successfully addresses the display issue by correctly mapping status keys. However, a security regression was identified where hidden ROMs are no longer excluded when other status filters are active, which needs remediation to maintain the intended privacy behavior of the hidden flag. Additionally, backend filtering logic has been made more generic, and several dependencies have been updated.