Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* Template Management API
|
|
|
|
|
* CRUD operations for ticket_templates table
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
ini_set('display_errors', 0);
|
|
|
|
|
error_reporting(E_ALL);
|
|
|
|
|
|
|
|
|
|
require_once dirname(__DIR__) . '/middleware/RateLimitMiddleware.php';
|
|
|
|
|
RateLimitMiddleware::apply('api');
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
require_once dirname(__DIR__) . '/config/config.php';
|
|
|
|
|
|
|
|
|
|
// Check authentication
|
|
|
|
|
session_start();
|
|
|
|
|
if (!isset($_SESSION['user']) || !isset($_SESSION['user']['user_id'])) {
|
|
|
|
|
http_response_code(401);
|
|
|
|
|
echo json_encode(['success' => false, 'error' => 'Authentication required']);
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check admin privileges for write operations
|
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'GET' && !$_SESSION['user']['is_admin']) {
|
|
|
|
|
http_response_code(403);
|
|
|
|
|
echo json_encode(['success' => false, 'error' => 'Admin privileges required']);
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// CSRF Protection for write operations
|
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'GET') {
|
|
|
|
|
require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php';
|
|
|
|
|
$csrfToken = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
|
|
|
|
|
if (!CsrfMiddleware::validateToken($csrfToken)) {
|
|
|
|
|
http_response_code(403);
|
|
|
|
|
echo json_encode(['success' => false, 'error' => 'Invalid CSRF token']);
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$conn = new mysqli(
|
|
|
|
|
$GLOBALS['config']['DB_HOST'],
|
|
|
|
|
$GLOBALS['config']['DB_USER'],
|
|
|
|
|
$GLOBALS['config']['DB_PASS'],
|
|
|
|
|
$GLOBALS['config']['DB_NAME']
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if ($conn->connect_error) {
|
|
|
|
|
throw new Exception("Database connection failed");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
|
|
|
|
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
|
|
|
$id = isset($_GET['id']) ? (int)$_GET['id'] : null;
|
|
|
|
|
|
|
|
|
|
switch ($method) {
|
|
|
|
|
case 'GET':
|
|
|
|
|
if ($id) {
|
|
|
|
|
// Get single template
|
|
|
|
|
$stmt = $conn->prepare("SELECT * FROM ticket_templates WHERE template_id = ?");
|
|
|
|
|
$stmt->bind_param('i', $id);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
$result = $stmt->get_result();
|
|
|
|
|
$template = $result->fetch_assoc();
|
|
|
|
|
$stmt->close();
|
|
|
|
|
echo json_encode(['success' => true, 'template' => $template]);
|
|
|
|
|
} else {
|
|
|
|
|
// Get all templates
|
|
|
|
|
$result = $conn->query("SELECT * FROM ticket_templates ORDER BY template_name");
|
|
|
|
|
$templates = [];
|
|
|
|
|
while ($row = $result->fetch_assoc()) {
|
|
|
|
|
$templates[] = $row;
|
|
|
|
|
}
|
|
|
|
|
echo json_encode(['success' => true, 'templates' => $templates]);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'POST':
|
|
|
|
|
$data = json_decode(file_get_contents('php://input'), true);
|
|
|
|
|
|
|
|
|
|
$stmt = $conn->prepare("INSERT INTO ticket_templates
|
2026-01-26 11:21:29 -05:00
|
|
|
(template_name, title_template, description_template, category, type, default_priority, is_active)
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
VALUES (?, ?, ?, ?, ?, ?, ?)");
|
|
|
|
|
$stmt->bind_param('sssssii',
|
|
|
|
|
$data['template_name'],
|
|
|
|
|
$data['title_template'],
|
|
|
|
|
$data['description_template'],
|
|
|
|
|
$data['category'],
|
|
|
|
|
$data['type'],
|
2026-01-26 11:21:29 -05:00
|
|
|
$data['default_priority'] ?? 4,
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
$data['is_active'] ?? 1
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if ($stmt->execute()) {
|
|
|
|
|
echo json_encode(['success' => true, 'template_id' => $conn->insert_id]);
|
|
|
|
|
} else {
|
|
|
|
|
echo json_encode(['success' => false, 'error' => $stmt->error]);
|
|
|
|
|
}
|
|
|
|
|
$stmt->close();
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'PUT':
|
|
|
|
|
if (!$id) {
|
|
|
|
|
echo json_encode(['success' => false, 'error' => 'ID required']);
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$data = json_decode(file_get_contents('php://input'), true);
|
|
|
|
|
|
|
|
|
|
$stmt = $conn->prepare("UPDATE ticket_templates SET
|
|
|
|
|
template_name = ?, title_template = ?, description_template = ?,
|
2026-01-26 11:21:29 -05:00
|
|
|
category = ?, type = ?, default_priority = ?, is_active = ?
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
WHERE template_id = ?");
|
|
|
|
|
$stmt->bind_param('sssssiii',
|
|
|
|
|
$data['template_name'],
|
|
|
|
|
$data['title_template'],
|
|
|
|
|
$data['description_template'],
|
|
|
|
|
$data['category'],
|
|
|
|
|
$data['type'],
|
2026-01-26 11:21:29 -05:00
|
|
|
$data['default_priority'] ?? 4,
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
$data['is_active'] ?? 1,
|
|
|
|
|
$id
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
echo json_encode(['success' => $stmt->execute()]);
|
|
|
|
|
$stmt->close();
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'DELETE':
|
|
|
|
|
if (!$id) {
|
|
|
|
|
echo json_encode(['success' => false, 'error' => 'ID required']);
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$stmt = $conn->prepare("DELETE FROM ticket_templates WHERE template_id = ?");
|
|
|
|
|
$stmt->bind_param('i', $id);
|
|
|
|
|
echo json_encode(['success' => $stmt->execute()]);
|
|
|
|
|
$stmt->close();
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
http_response_code(405);
|
|
|
|
|
echo json_encode(['success' => false, 'error' => 'Method not allowed']);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$conn->close();
|
|
|
|
|
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
http_response_code(500);
|
|
|
|
|
echo json_encode(['success' => false, 'error' => $e->getMessage()]);
|
|
|
|
|
}
|