Fix missing project filter for /api/v1/violation/project

Regression from #2658

Signed-off-by: nscuro <nscuro@protonmail.com>

Author: nscuro

src/main/java/org/dependencytrack/persistence/PolicyQueryManager.java

@@ -269,16 +269,17 @@ public List<PolicyViolation> getAllPolicyViolations(final Project project) {
     @SuppressWarnings("unchecked")
     public PaginatedResult getPolicyViolations(final Project project, boolean includeSuppressed) {
         PaginatedResult result;
-        final String projectFilter = includeSuppressed ? "project.id == :pid" : "project.id == :pid && (analysis.suppressed == false || analysis.suppressed == null)";
+        final String queryFilter = includeSuppressed ? "project.id == :pid" : "project.id == :pid && (analysis.suppressed == false || analysis.suppressed == null)";
         final Query<PolicyViolation> query = pm.newQuery(PolicyViolation.class);
         if (orderBy == null) {
             query.setOrdering("timestamp desc, component.name, component.version");
         }
         if (filter != null) {
-            query.setFilter(projectFilter + " && (policyCondition.policy.name.toLowerCase().matches(:filter) || component.name.toLowerCase().matches(:filter))");
+            query.setFilter(queryFilter + " && (policyCondition.policy.name.toLowerCase().matches(:filter) || component.name.toLowerCase().matches(:filter))");
             final String filterString = ".*" + filter.toLowerCase() + ".*";
             result = execute(query, project.getId(), filterString);
         } else {
+            query.setFilter(queryFilter);
             result = execute(query, project.getId());
         }
         for (final PolicyViolation violation: result.getList(PolicyViolation.class)) {

src/test/java/org/dependencytrack/resources/v1/PolicyViolationResourceTest.java

@@ -179,6 +179,46 @@ public void getViolationsByProjectTest() {
         assertThat(jsonObject1.getJsonObject("component").getString("name")).isEqualTo("Acme Component 0");
     }
 
+    @Test
+    public void getViolationsByProjectIssue2766() {
+        initializeWithPermissions(Permissions.VIEW_POLICY_VIOLATION);
+
+        final Project projectA = qm.createProject("acme-app-a", null, "1.0", null, null, null, true, false);
+        final var componentA = new Component();
+        componentA.setProject(projectA);
+        componentA.setName("acme-lib-a");
+        componentA.setVersion("1.0.1");
+        qm.persist(componentA);
+
+        final Project projectB = qm.createProject("acme-app-b", null, "2.0", null, null, null, true, false);
+        final var componentB = new Component();
+        componentB.setProject(projectB);
+        componentB.setName("acme-lib-b");
+        componentB.setVersion("2.0.1");
+        qm.persist(componentB);
+
+        final Policy policy = qm.createPolicy("policy", Policy.Operator.ALL, Policy.ViolationState.FAIL);
+        final PolicyCondition condition = qm.createPolicyCondition(policy, PolicyCondition.Subject.VERSION, PolicyCondition.Operator.NUMERIC_EQUAL, "1.0.1");
+        final var violation = new PolicyViolation();
+        violation.setPolicyCondition(condition);
+        violation.setComponent(componentA);
+        violation.setType(PolicyViolation.Type.OPERATIONAL);
+        violation.setTimestamp(new Date());
+        qm.persist(violation);
+
+        // Requesting violations for projectB must not yield violations for projectA.
+        final Response response = target(V1_POLICY_VIOLATION)
+                .path("/project/" + projectB.getUuid())
+                .request()
+                .header(X_API_KEY, apiKey)
+                .get();
+        assertThat(response.getStatus()).isEqualTo(Response.Status.OK.getStatusCode());
+        assertThat(response.getHeaderString(TOTAL_COUNT_HEADER)).isEqualTo("0");
+
+        final JsonArray jsonArray = parseJsonArray(response);
+        assertThat(jsonArray).hasSize(0);
+    }
+
     @Test
     public void getViolationsByProjectUnauthorizedTest() {
         final Response response = target(V1_POLICY_VIOLATION)