api/clone_ticket.php

<?php
/**
 * Clone Ticket API
 * Creates a copy of an existing ticket with the same properties
 */

ini_set('display_errors', 0);
error_reporting(E_ALL);

require_once dirname(__DIR__) . '/middleware/RateLimitMiddleware.php';
RateLimitMiddleware::apply('api');

try {
    require_once dirname(__DIR__) . '/config/config.php';
    require_once dirname(__DIR__) . '/helpers/Database.php';
    require_once dirname(__DIR__) . '/models/TicketModel.php';
    require_once dirname(__DIR__) . '/models/AuditLogModel.php';

    // Check authentication
    if (session_status() === PHP_SESSION_NONE) {
        session_start();
    }
    if (!isset($_SESSION['user']) || !isset($_SESSION['user']['user_id'])) {
        http_response_code(401);
        echo json_encode(['success' => false, 'error' => 'Authentication required']);
        exit;
    }

    // CSRF Protection
    require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php';
    $csrfToken = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
    if (!CsrfMiddleware::validateToken($csrfToken)) {
        http_response_code(403);
        echo json_encode(['success' => false, 'error' => 'Invalid CSRF token']);
        exit;
    }

    // Only accept POST
    if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
        http_response_code(405);
        echo json_encode(['success' => false, 'error' => 'Method not allowed']);
        exit;
    }

    // Get request data
    $input = file_get_contents('php://input');
    $data = json_decode($input, true);

    if (!$data || empty($data['ticket_id'])) {
        http_response_code(400);
        echo json_encode(['success' => false, 'error' => 'Missing ticket_id']);
        exit;
    }

    $sourceTicketId = (int)$data['ticket_id'];
    if ($sourceTicketId <= 0) {
        http_response_code(400);
        echo json_encode(['success' => false, 'error' => 'Invalid ticket ID']);
        exit;
    }
    $userId = $_SESSION['user']['user_id'];
    $isAdmin = $_SESSION['user']['is_admin'] ?? false;

    // Get database connection
    $conn = Database::getConnection();

    // Get the source ticket
    $ticketModel = new TicketModel($conn);
    $sourceTicket = $ticketModel->getTicketById($sourceTicketId);

    if (!$sourceTicket) {
        http_response_code(404);
        echo json_encode(['success' => false, 'error' => 'Source ticket not found']);
        exit;
    }

    // Authorization: non-admins cannot clone internal tickets unless they created/are assigned
    if (!$isAdmin && ($sourceTicket['visibility'] ?? 'public') === 'internal') {
        if ($sourceTicket['created_by'] != $userId && $sourceTicket['assigned_to'] != $userId) {
            http_response_code(403);
            echo json_encode(['success' => false, 'error' => 'Permission denied']);
            exit;
        }
    }

    // Prepare cloned ticket data
    $clonedTicketData = [
        'title' => '[CLONE] ' . $sourceTicket['title'],
        'description' => $sourceTicket['description'],
        'priority' => $sourceTicket['priority'],
        'category' => $sourceTicket['category'],
        'type' => $sourceTicket['type'],
        'visibility' => $sourceTicket['visibility'] ?? 'public',
        'visibility_groups' => $sourceTicket['visibility_groups'] ?? null
    ];

    // Create the cloned ticket
    $result = $ticketModel->createTicket($clonedTicketData, $userId);

    if ($result['success']) {
        // Log the clone operation
        $auditLog = new AuditLogModel($conn);
        $auditLog->log($userId, 'create', 'ticket', $result['ticket_id'], [
            'action' => 'clone',
            'source_ticket_id' => $sourceTicketId,
            'title' => $clonedTicketData['title']
        ]);

        // Optionally create a "relates_to" dependency
        require_once dirname(__DIR__) . '/models/DependencyModel.php';
        $dependencyModel = new DependencyModel($conn);
        $dependencyModel->addDependency($result['ticket_id'], $sourceTicketId, 'relates_to', $userId);

        header('Content-Type: application/json');
        echo json_encode([
            'success' => true,
            'new_ticket_id' => $result['ticket_id'],
            'message' => 'Ticket cloned successfully'
        ]);
    } else {
        http_response_code(500);
        echo json_encode([
            'success' => false,
            'error' => $result['error'] ?? 'Failed to create cloned ticket'
        ]);
    }

} catch (Exception $e) {
    error_log("Clone ticket API error: " . $e->getMessage());
    http_response_code(500);
    echo json_encode(['success' => false, 'error' => 'An internal error occurred']);
}
Add UI enhancements and new features Keyboard Navigation: - Add J/K keys for Gmail-style ticket list navigation - Add N key for new ticket, C for comment focus - Add G then D for go to dashboard (vim-style) - Add 1-4 number keys for quick status changes on ticket page - Add Enter to open selected ticket - Update keyboard help modal with all new shortcuts Ticket Age Indicator: - Show "Last activity: X days ago" on ticket view - Visual warning (yellow pulse) for tickets idle >5 days - Critical warning (red pulse) for tickets idle >10 days Ticket Clone Feature: - Add "Clone" button on ticket view - Creates copy with [CLONE] prefix in title - Preserves description, priority, category, type, visibility - Automatically creates "relates_to" dependency to original Active Filter Badges: - Show visual badges above ticket table for active filters - Click X on badge to remove individual filter - "Clear All" button to reset all filters - Color-coded by filter type (status, priority, search) Visual Enhancements: - Add keyboard-selected row highlighting for J/K navigation - Smooth animations for filter badges Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-30 19:21:36 -05:00			`<?php`
			`/**`
			`* Clone Ticket API`
			`* Creates a copy of an existing ticket with the same properties`
			`*/`

			`ini_set('display_errors', 0);`
			`error_reporting(E_ALL);`

			`require_once dirname(__DIR__) . '/middleware/RateLimitMiddleware.php';`
			`RateLimitMiddleware::apply('api');`

			`try {`
			`require_once dirname(__DIR__) . '/config/config.php';`
			`require_once dirname(__DIR__) . '/helpers/Database.php';`
			`require_once dirname(__DIR__) . '/models/TicketModel.php';`
			`require_once dirname(__DIR__) . '/models/AuditLogModel.php';`

			`// Check authentication`
Fix bracket buttons rendering below text + UI/security improvements CSS fixes: - Fix [ ] brackets appearing below button text by replacing display:inline-flex with display:inline-block + white-space:nowrap on .btn — removes cross-browser flex pseudo-element inconsistency as root cause - Remove conflicting .btn::before ripple block (position:absolute was overriding bracket content positioning) - Remove overflow:hidden from .btn which was clipping bracket content - Fix body::after duplicate rule causing GPU layer blink (second position:fixed rule re-created compositor layer, overriding display:none suppression) - Replace all transition:all with scoped property transitions in dashboard.css, ticket.css, base.css (prevents full CSS property evaluation on every hover) - Convert pulse-warning/pulse-critical keyframes from box-shadow to opacity animation (GPU-composited, eliminates CPU repaints at 60fps) - Fix mobile ::before/::after blanket content:none rule — now targets only decorative frame glyphs, preserving button brackets and status indicators - Remove --terminal-green-dim override that broke .lt-btn hover backgrounds JS fixes: - Fix all lt.lt.toast.* double-prefix instances in dashboard.js - Add null guard before .appendChild() on bulkAssignUser select - Replace all remaining emoji with terminal bracket notation (dashboard.js, ticket.js, markdown.js) - Migrate all toast.() shim calls to lt.toast. across all JS files View fixes: - Remove hardcoded [ ] brackets from .btn buttons (CSS now adds them) - Replace all emoji with terminal bracket notation in all views and admin views - Add missing CSP nonces to AuditLogView.php and UserActivityView.php script tags - Bump CSS version strings to ?v=20260319b for cache busting Security fixes: - update_ticket.php: add authorization check (non-admins can only edit their own or assigned tickets) - add_comment.php: validate and cast ticket_id to integer with 400 response - clone_ticket.php: fix unconditional session_start(), add ticket ID validation, add internal ticket access check - bulk_operation.php: add HTTP 401/403 status codes on auth failures - upload_attachment.php: fix missing $conn arg in AttachmentModel constructor - assign_ticket.php: add ticket existence check and permission verification Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-19 22:20:43 -04:00			`if (session_status() === PHP_SESSION_NONE) {`
			`session_start();`
			`}`
Add UI enhancements and new features Keyboard Navigation: - Add J/K keys for Gmail-style ticket list navigation - Add N key for new ticket, C for comment focus - Add G then D for go to dashboard (vim-style) - Add 1-4 number keys for quick status changes on ticket page - Add Enter to open selected ticket - Update keyboard help modal with all new shortcuts Ticket Age Indicator: - Show "Last activity: X days ago" on ticket view - Visual warning (yellow pulse) for tickets idle >5 days - Critical warning (red pulse) for tickets idle >10 days Ticket Clone Feature: - Add "Clone" button on ticket view - Creates copy with [CLONE] prefix in title - Preserves description, priority, category, type, visibility - Automatically creates "relates_to" dependency to original Active Filter Badges: - Show visual badges above ticket table for active filters - Click X on badge to remove individual filter - "Clear All" button to reset all filters - Color-coded by filter type (status, priority, search) Visual Enhancements: - Add keyboard-selected row highlighting for J/K navigation - Smooth animations for filter badges Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-30 19:21:36 -05:00			`if (!isset($_SESSION['user']) \|\| !isset($_SESSION['user']['user_id'])) {`
			`http_response_code(401);`
			`echo json_encode(['success' => false, 'error' => 'Authentication required']);`
			`exit;`
			`}`

			`// CSRF Protection`
			`require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php';`
			`$csrfToken = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';`
			`if (!CsrfMiddleware::validateToken($csrfToken)) {`
			`http_response_code(403);`
			`echo json_encode(['success' => false, 'error' => 'Invalid CSRF token']);`
			`exit;`
			`}`

			`// Only accept POST`
			`if ($_SERVER['REQUEST_METHOD'] !== 'POST') {`
			`http_response_code(405);`
			`echo json_encode(['success' => false, 'error' => 'Method not allowed']);`
			`exit;`
			`}`

			`// Get request data`
			`$input = file_get_contents('php://input');`
			`$data = json_decode($input, true);`

			`if (!$data \|\| empty($data['ticket_id'])) {`
			`http_response_code(400);`
			`echo json_encode(['success' => false, 'error' => 'Missing ticket_id']);`
			`exit;`
			`}`

Fix bracket buttons rendering below text + UI/security improvements CSS fixes: - Fix [ ] brackets appearing below button text by replacing display:inline-flex with display:inline-block + white-space:nowrap on .btn — removes cross-browser flex pseudo-element inconsistency as root cause - Remove conflicting .btn::before ripple block (position:absolute was overriding bracket content positioning) - Remove overflow:hidden from .btn which was clipping bracket content - Fix body::after duplicate rule causing GPU layer blink (second position:fixed rule re-created compositor layer, overriding display:none suppression) - Replace all transition:all with scoped property transitions in dashboard.css, ticket.css, base.css (prevents full CSS property evaluation on every hover) - Convert pulse-warning/pulse-critical keyframes from box-shadow to opacity animation (GPU-composited, eliminates CPU repaints at 60fps) - Fix mobile ::before/::after blanket content:none rule — now targets only decorative frame glyphs, preserving button brackets and status indicators - Remove --terminal-green-dim override that broke .lt-btn hover backgrounds JS fixes: - Fix all lt.lt.toast.* double-prefix instances in dashboard.js - Add null guard before .appendChild() on bulkAssignUser select - Replace all remaining emoji with terminal bracket notation (dashboard.js, ticket.js, markdown.js) - Migrate all toast.() shim calls to lt.toast. across all JS files View fixes: - Remove hardcoded [ ] brackets from .btn buttons (CSS now adds them) - Replace all emoji with terminal bracket notation in all views and admin views - Add missing CSP nonces to AuditLogView.php and UserActivityView.php script tags - Bump CSS version strings to ?v=20260319b for cache busting Security fixes: - update_ticket.php: add authorization check (non-admins can only edit their own or assigned tickets) - add_comment.php: validate and cast ticket_id to integer with 400 response - clone_ticket.php: fix unconditional session_start(), add ticket ID validation, add internal ticket access check - bulk_operation.php: add HTTP 401/403 status codes on auth failures - upload_attachment.php: fix missing $conn arg in AttachmentModel constructor - assign_ticket.php: add ticket existence check and permission verification Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-19 22:20:43 -04:00			`$sourceTicketId = (int)$data['ticket_id'];`
			`if ($sourceTicketId <= 0) {`
			`http_response_code(400);`
			`echo json_encode(['success' => false, 'error' => 'Invalid ticket ID']);`
			`exit;`
			`}`
Add UI enhancements and new features Keyboard Navigation: - Add J/K keys for Gmail-style ticket list navigation - Add N key for new ticket, C for comment focus - Add G then D for go to dashboard (vim-style) - Add 1-4 number keys for quick status changes on ticket page - Add Enter to open selected ticket - Update keyboard help modal with all new shortcuts Ticket Age Indicator: - Show "Last activity: X days ago" on ticket view - Visual warning (yellow pulse) for tickets idle >5 days - Critical warning (red pulse) for tickets idle >10 days Ticket Clone Feature: - Add "Clone" button on ticket view - Creates copy with [CLONE] prefix in title - Preserves description, priority, category, type, visibility - Automatically creates "relates_to" dependency to original Active Filter Badges: - Show visual badges above ticket table for active filters - Click X on badge to remove individual filter - "Clear All" button to reset all filters - Color-coded by filter type (status, priority, search) Visual Enhancements: - Add keyboard-selected row highlighting for J/K navigation - Smooth animations for filter badges Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-30 19:21:36 -05:00			`$userId = $_SESSION['user']['user_id'];`
Fix bracket buttons rendering below text + UI/security improvements CSS fixes: - Fix [ ] brackets appearing below button text by replacing display:inline-flex with display:inline-block + white-space:nowrap on .btn — removes cross-browser flex pseudo-element inconsistency as root cause - Remove conflicting .btn::before ripple block (position:absolute was overriding bracket content positioning) - Remove overflow:hidden from .btn which was clipping bracket content - Fix body::after duplicate rule causing GPU layer blink (second position:fixed rule re-created compositor layer, overriding display:none suppression) - Replace all transition:all with scoped property transitions in dashboard.css, ticket.css, base.css (prevents full CSS property evaluation on every hover) - Convert pulse-warning/pulse-critical keyframes from box-shadow to opacity animation (GPU-composited, eliminates CPU repaints at 60fps) - Fix mobile ::before/::after blanket content:none rule — now targets only decorative frame glyphs, preserving button brackets and status indicators - Remove --terminal-green-dim override that broke .lt-btn hover backgrounds JS fixes: - Fix all lt.lt.toast.* double-prefix instances in dashboard.js - Add null guard before .appendChild() on bulkAssignUser select - Replace all remaining emoji with terminal bracket notation (dashboard.js, ticket.js, markdown.js) - Migrate all toast.() shim calls to lt.toast. across all JS files View fixes: - Remove hardcoded [ ] brackets from .btn buttons (CSS now adds them) - Replace all emoji with terminal bracket notation in all views and admin views - Add missing CSP nonces to AuditLogView.php and UserActivityView.php script tags - Bump CSS version strings to ?v=20260319b for cache busting Security fixes: - update_ticket.php: add authorization check (non-admins can only edit their own or assigned tickets) - add_comment.php: validate and cast ticket_id to integer with 400 response - clone_ticket.php: fix unconditional session_start(), add ticket ID validation, add internal ticket access check - bulk_operation.php: add HTTP 401/403 status codes on auth failures - upload_attachment.php: fix missing $conn arg in AttachmentModel constructor - assign_ticket.php: add ticket existence check and permission verification Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-19 22:20:43 -04:00			`$isAdmin = $_SESSION['user']['is_admin'] ?? false;`
Add UI enhancements and new features Keyboard Navigation: - Add J/K keys for Gmail-style ticket list navigation - Add N key for new ticket, C for comment focus - Add G then D for go to dashboard (vim-style) - Add 1-4 number keys for quick status changes on ticket page - Add Enter to open selected ticket - Update keyboard help modal with all new shortcuts Ticket Age Indicator: - Show "Last activity: X days ago" on ticket view - Visual warning (yellow pulse) for tickets idle >5 days - Critical warning (red pulse) for tickets idle >10 days Ticket Clone Feature: - Add "Clone" button on ticket view - Creates copy with [CLONE] prefix in title - Preserves description, priority, category, type, visibility - Automatically creates "relates_to" dependency to original Active Filter Badges: - Show visual badges above ticket table for active filters - Click X on badge to remove individual filter - "Clear All" button to reset all filters - Color-coded by filter type (status, priority, search) Visual Enhancements: - Add keyboard-selected row highlighting for J/K navigation - Smooth animations for filter badges Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-30 19:21:36 -05:00
			`// Get database connection`
			`$conn = Database::getConnection();`

			`// Get the source ticket`
			`$ticketModel = new TicketModel($conn);`
			`$sourceTicket = $ticketModel->getTicketById($sourceTicketId);`

			`if (!$sourceTicket) {`
			`http_response_code(404);`
			`echo json_encode(['success' => false, 'error' => 'Source ticket not found']);`
			`exit;`
			`}`

Fix bracket buttons rendering below text + UI/security improvements CSS fixes: - Fix [ ] brackets appearing below button text by replacing display:inline-flex with display:inline-block + white-space:nowrap on .btn — removes cross-browser flex pseudo-element inconsistency as root cause - Remove conflicting .btn::before ripple block (position:absolute was overriding bracket content positioning) - Remove overflow:hidden from .btn which was clipping bracket content - Fix body::after duplicate rule causing GPU layer blink (second position:fixed rule re-created compositor layer, overriding display:none suppression) - Replace all transition:all with scoped property transitions in dashboard.css, ticket.css, base.css (prevents full CSS property evaluation on every hover) - Convert pulse-warning/pulse-critical keyframes from box-shadow to opacity animation (GPU-composited, eliminates CPU repaints at 60fps) - Fix mobile ::before/::after blanket content:none rule — now targets only decorative frame glyphs, preserving button brackets and status indicators - Remove --terminal-green-dim override that broke .lt-btn hover backgrounds JS fixes: - Fix all lt.lt.toast.* double-prefix instances in dashboard.js - Add null guard before .appendChild() on bulkAssignUser select - Replace all remaining emoji with terminal bracket notation (dashboard.js, ticket.js, markdown.js) - Migrate all toast.() shim calls to lt.toast. across all JS files View fixes: - Remove hardcoded [ ] brackets from .btn buttons (CSS now adds them) - Replace all emoji with terminal bracket notation in all views and admin views - Add missing CSP nonces to AuditLogView.php and UserActivityView.php script tags - Bump CSS version strings to ?v=20260319b for cache busting Security fixes: - update_ticket.php: add authorization check (non-admins can only edit their own or assigned tickets) - add_comment.php: validate and cast ticket_id to integer with 400 response - clone_ticket.php: fix unconditional session_start(), add ticket ID validation, add internal ticket access check - bulk_operation.php: add HTTP 401/403 status codes on auth failures - upload_attachment.php: fix missing $conn arg in AttachmentModel constructor - assign_ticket.php: add ticket existence check and permission verification Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-03-19 22:20:43 -04:00			`// Authorization: non-admins cannot clone internal tickets unless they created/are assigned`
			`if (!$isAdmin && ($sourceTicket['visibility'] ?? 'public') === 'internal') {`
			`if ($sourceTicket['created_by'] != $userId && $sourceTicket['assigned_to'] != $userId) {`
			`http_response_code(403);`
			`echo json_encode(['success' => false, 'error' => 'Permission denied']);`
			`exit;`
			`}`
			`}`

Add UI enhancements and new features Keyboard Navigation: - Add J/K keys for Gmail-style ticket list navigation - Add N key for new ticket, C for comment focus - Add G then D for go to dashboard (vim-style) - Add 1-4 number keys for quick status changes on ticket page - Add Enter to open selected ticket - Update keyboard help modal with all new shortcuts Ticket Age Indicator: - Show "Last activity: X days ago" on ticket view - Visual warning (yellow pulse) for tickets idle >5 days - Critical warning (red pulse) for tickets idle >10 days Ticket Clone Feature: - Add "Clone" button on ticket view - Creates copy with [CLONE] prefix in title - Preserves description, priority, category, type, visibility - Automatically creates "relates_to" dependency to original Active Filter Badges: - Show visual badges above ticket table for active filters - Click X on badge to remove individual filter - "Clear All" button to reset all filters - Color-coded by filter type (status, priority, search) Visual Enhancements: - Add keyboard-selected row highlighting for J/K navigation - Smooth animations for filter badges Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-30 19:21:36 -05:00			`// Prepare cloned ticket data`
			`$clonedTicketData = [`
			`'title' => '[CLONE] ' . $sourceTicket['title'],`
			`'description' => $sourceTicket['description'],`
			`'priority' => $sourceTicket['priority'],`
			`'category' => $sourceTicket['category'],`
			`'type' => $sourceTicket['type'],`
			`'visibility' => $sourceTicket['visibility'] ?? 'public',`
			`'visibility_groups' => $sourceTicket['visibility_groups'] ?? null`
			`];`

			`// Create the cloned ticket`
			`$result = $ticketModel->createTicket($clonedTicketData, $userId);`

			`if ($result['success']) {`
			`// Log the clone operation`
			`$auditLog = new AuditLogModel($conn);`
			`$auditLog->log($userId, 'create', 'ticket', $result['ticket_id'], [`
			`'action' => 'clone',`
			`'source_ticket_id' => $sourceTicketId,`
			`'title' => $clonedTicketData['title']`
			`]);`

			`// Optionally create a "relates_to" dependency`
			`require_once dirname(__DIR__) . '/models/DependencyModel.php';`
			`$dependencyModel = new DependencyModel($conn);`
			`$dependencyModel->addDependency($result['ticket_id'], $sourceTicketId, 'relates_to', $userId);`

			`header('Content-Type: application/json');`
			`echo json_encode([`
			`'success' => true,`
			`'new_ticket_id' => $result['ticket_id'],`
			`'message' => 'Ticket cloned successfully'`
			`]);`
			`} else {`
			`http_response_code(500);`
			`echo json_encode([`
			`'success' => false,`
			`'error' => $result['error'] ?? 'Failed to create cloned ticket'`
			`]);`
			`}`

			`} catch (Exception $e) {`
			`error_log("Clone ticket API error: " . $e->getMessage());`
			`http_response_code(500);`
			`echo json_encode(['success' => false, 'error' => 'An internal error occurred']);`
			`}`