2026-01-01 18:36:34 -05:00
|
|
|
<?php
|
2026-01-20 09:55:01 -05:00
|
|
|
// Apply rate limiting
|
|
|
|
|
require_once dirname(__DIR__) . '/middleware/RateLimitMiddleware.php';
|
|
|
|
|
RateLimitMiddleware::apply('api');
|
|
|
|
|
|
2026-01-01 18:36:34 -05:00
|
|
|
session_start();
|
2026-01-01 19:18:57 -05:00
|
|
|
require_once dirname(__DIR__) . '/config/config.php';
|
2026-01-30 14:39:13 -05:00
|
|
|
require_once dirname(__DIR__) . '/helpers/Database.php';
|
2026-01-01 19:07:56 -05:00
|
|
|
require_once dirname(__DIR__) . '/models/TicketModel.php';
|
|
|
|
|
require_once dirname(__DIR__) . '/models/AuditLogModel.php';
|
2026-01-20 09:55:01 -05:00
|
|
|
require_once dirname(__DIR__) . '/models/UserModel.php';
|
2026-01-01 18:36:34 -05:00
|
|
|
|
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
|
|
|
|
|
|
// Check authentication
|
2026-01-01 19:07:56 -05:00
|
|
|
if (!isset($_SESSION['user']) || !isset($_SESSION['user']['user_id'])) {
|
2026-01-01 18:36:34 -05:00
|
|
|
echo json_encode(['success' => false, 'error' => 'Not authenticated']);
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-09 12:33:23 -05:00
|
|
|
// CSRF Protection
|
|
|
|
|
require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php';
|
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
|
|
|
$csrfToken = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
|
|
|
|
|
if (!CsrfMiddleware::validateToken($csrfToken)) {
|
|
|
|
|
http_response_code(403);
|
|
|
|
|
echo json_encode(['success' => false, 'error' => 'Invalid CSRF token']);
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-01 19:07:56 -05:00
|
|
|
$userId = $_SESSION['user']['user_id'];
|
|
|
|
|
|
2026-01-01 18:36:34 -05:00
|
|
|
// Get request data
|
|
|
|
|
$data = json_decode(file_get_contents('php://input'), true);
|
|
|
|
|
$ticketId = $data['ticket_id'] ?? null;
|
|
|
|
|
$assignedTo = $data['assigned_to'] ?? null;
|
|
|
|
|
|
|
|
|
|
if (!$ticketId) {
|
|
|
|
|
echo json_encode(['success' => false, 'error' => 'Ticket ID required']);
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-30 14:39:13 -05:00
|
|
|
// Use centralized database connection
|
|
|
|
|
$conn = Database::getConnection();
|
2026-01-01 19:07:56 -05:00
|
|
|
|
2026-01-01 18:36:34 -05:00
|
|
|
$ticketModel = new TicketModel($conn);
|
|
|
|
|
$auditLogModel = new AuditLogModel($conn);
|
2026-01-20 09:55:01 -05:00
|
|
|
$userModel = new UserModel($conn);
|
2026-01-01 18:36:34 -05:00
|
|
|
|
|
|
|
|
if ($assignedTo === null || $assignedTo === '') {
|
|
|
|
|
// Unassign ticket
|
2026-01-01 19:07:56 -05:00
|
|
|
$success = $ticketModel->unassignTicket($ticketId, $userId);
|
2026-01-01 18:36:34 -05:00
|
|
|
if ($success) {
|
2026-01-01 19:07:56 -05:00
|
|
|
$auditLogModel->log($userId, 'unassign', 'ticket', $ticketId);
|
2026-01-01 18:36:34 -05:00
|
|
|
}
|
|
|
|
|
} else {
|
2026-01-20 09:55:01 -05:00
|
|
|
// Validate assigned_to is a valid user ID
|
|
|
|
|
$assignedTo = (int)$assignedTo;
|
|
|
|
|
$targetUser = $userModel->getUserById($assignedTo);
|
|
|
|
|
if (!$targetUser) {
|
|
|
|
|
echo json_encode(['success' => false, 'error' => 'Invalid user ID']);
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-01 18:36:34 -05:00
|
|
|
// Assign ticket
|
2026-01-01 19:07:56 -05:00
|
|
|
$success = $ticketModel->assignTicket($ticketId, $assignedTo, $userId);
|
2026-01-01 18:36:34 -05:00
|
|
|
if ($success) {
|
2026-01-01 19:07:56 -05:00
|
|
|
$auditLogModel->log($userId, 'assign', 'ticket', $ticketId, ['assigned_to' => $assignedTo]);
|
2026-01-01 18:36:34 -05:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
echo json_encode(['success' => $success]);
|
