Projects API returns empty results when combining search and owned=true parameters

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Summary

The GitLab Projects API fails to return results when using both the search parameter and the owned=true parameter together. Searching works properly when the owned parameter is removed, and the owned parameter works properly when the search parameter is removed.

Steps to reproduce

  1. Authenticate with a valid GitLab API token
  2. Make a GET request to /api/v4/projects endpoint with the parameters search=yourterm AND owned=true
  3. Observe that no projects are returned, even when matching projects exist
  4. Remove the owned=true parameter and make the same request
  5. Observe that matching projects are now returned
  6. Alternatively, make a request with only owned=true (no search parameter)
  7. Observe that owned projects are correctly returned

Example Project

Any GitLab instance where a user has ownership of repositories can demonstrate this issue. The problem is reproducible on GitLab.com.

What is the current bug behavior?

When making an API request to the /projects endpoint with both search and owned=true parameters, an empty array is returned regardless of whether matching projects exist.

GET /api/v4/projects?search=myproject&owned=true

Returns:

[]

However, when using only owned=true without a search parameter, results are correctly returned (the projects of my owner). Similarly, when using only the search parameter without owned=true (searching all projects on GitLab), results are also returned correctly. The issue only occurs when combining both parameters.

What is the expected correct behavior?

The API should return all projects owned by the current user that match the search term. Both parameters should work together as filters, as documented in the API reference.

Relevant logs and/or screenshots

Example API request with both parameters:

GET /api/v4/projects?search=myproject&owned=true&visibility=private

Response:

[]

With only the owned parameter:

GET /api/v4/projects?owned=true&visibility=private

Response:

[
  {
    "id": 123,
    "name": "My Project",
    "path_with_namespace": "username/myproject",
    ...
  },
  {
    "id": 456,
    "name": "Another Project",
    "path_with_namespace": "username/another-project",
    ...
  }
]

With only the search parameter:

GET /api/v4/projects?search=myproject&visibility=private

Response:

[
  {
    "id": 123,
    "name": "My Project",
    "path_with_namespace": "username/myproject",
    ...
  }
]

Output of checks

This bug happens on GitLab.com

Possible fixes

The issue likely lies in how the search and ownership filters are combined in the query. The API might be using an incorrect join condition or applying the filters in an order that causes unexpected results.

According to the Projects API documentation, both parameters should be compatible with each other:

  • The search parameter is documented to "Return list of projects with a path, name, or description matching the search criteria"
  • The owned parameter is meant to "Limit by projects explicitly owned by the current user"
Edited by 🤖 GitLab Bot 🤖