LotusGuild/tinker_tickets
3
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6d03f9c89b886e2996d54fe9ebbd04855a61aa25
tinker_tickets/api/bulk_operation.php

101 lines
3.0 KiB
PHP
Raw Normal View History

Feature 5: Implement Bulk Actions (Admin Only) Add comprehensive bulk operations system for admins: - Created BulkOperationsModel.php with operation tracking and processing - Added bulk_operation.php API endpoint for bulk operations - Created get_users.php API endpoint for user dropdown in bulk assign - Updated DashboardView.php with checkboxes and bulk actions toolbar - Added JavaScript functions for: - Select all/clear selection - Bulk close tickets - Bulk assign tickets - Bulk change priority - Added comprehensive CSS for bulk actions toolbar and modals - All bulk operations are admin-only (enforced server-side) - Operations tracked in bulk_operations table with audit logging - Supports bulk_close, bulk_assign, and bulk_priority operations Admins can now select multiple tickets and perform batch operations, significantly improving workflow efficiency. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-01 19:06:33 -05:00
<?php
Implement comprehensive improvement plan (Phases 1-6) Security (Phase 1-2): - Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc. - Add RateLimitMiddleware for API rate limiting - Add security event logging to AuditLogModel - Add ResponseHelper for standardized API responses - Update config.php with security constants Database (Phase 3): - Add migration 014 for additional indexes - Add migration 015 for ticket dependencies - Add migration 016 for ticket attachments - Add migration 017 for recurring tickets - Add migration 018 for custom fields Features (Phase 4-5): - Add ticket dependencies with DependencyModel and API - Add duplicate detection with check_duplicates API - Add file attachments with AttachmentModel and upload/download APIs - Add @mentions with autocomplete and highlighting - Add quick actions on dashboard rows Collaboration (Phase 5): - Add mention extraction in CommentModel - Add mention autocomplete dropdown in ticket.js - Add mention highlighting CSS styles Admin & Export (Phase 6): - Add StatsModel for dashboard widgets - Add dashboard stats cards (open, critical, unassigned, etc.) - Add CSV/JSON export via export_tickets API - Add rich text editor toolbar in markdown.js - Add RecurringTicketModel with cron job - Add CustomFieldModel for per-category fields - Add admin views: RecurringTickets, CustomFields, Workflow, Templates, AuditLog, UserActivity - Add admin APIs: manage_workflows, manage_templates, manage_recurring, custom_fields, get_users - Add admin routes in index.php Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
// Apply rate limiting
require_once dirname(__DIR__) . '/middleware/RateLimitMiddleware.php';
RateLimitMiddleware::apply('api');
Feature 5: Implement Bulk Actions (Admin Only) Add comprehensive bulk operations system for admins: - Created BulkOperationsModel.php with operation tracking and processing - Added bulk_operation.php API endpoint for bulk operations - Created get_users.php API endpoint for user dropdown in bulk assign - Updated DashboardView.php with checkboxes and bulk actions toolbar - Added JavaScript functions for: - Select all/clear selection - Bulk close tickets - Bulk assign tickets - Bulk change priority - Added comprehensive CSS for bulk actions toolbar and modals - All bulk operations are admin-only (enforced server-side) - Operations tracked in bulk_operations table with audit logging - Supports bulk_close, bulk_assign, and bulk_priority operations Admins can now select multiple tickets and perform batch operations, significantly improving workflow efficiency. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-01 19:06:33 -05:00
session_start();
Fix: Critical API and dark mode issues Fixed multiple critical issues reported by user: 1. **API Configuration Errors:** - Fixed all API files to use correct config path (config/config.php instead of config/db.php) - Fixed: get_users.php (bulk assign dropdown now loads users) - Fixed: get_template.php (templates now load correctly) - Fixed: bulk_operation.php (bulk operations now work) - Fixed: assign_ticket.php (manual assignment now works) 2. **Dark Mode Improvements:** - Added dark mode support for Activity tab content - Ensured proper text and background colors in dark mode All APIs now properly: - Load configuration from config/config.php - Use correct session variables ($_SESSION['user']['user_id']) - Create and close database connections properly - Return proper JSON responses 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-01 19:18:57 -05:00
require_once dirname(__DIR__) . '/config/config.php';
Feature 5: Implement Bulk Actions (Admin Only) Add comprehensive bulk operations system for admins: - Created BulkOperationsModel.php with operation tracking and processing - Added bulk_operation.php API endpoint for bulk operations - Created get_users.php API endpoint for user dropdown in bulk assign - Updated DashboardView.php with checkboxes and bulk actions toolbar - Added JavaScript functions for: - Select all/clear selection - Bulk close tickets - Bulk assign tickets - Bulk change priority - Added comprehensive CSS for bulk actions toolbar and modals - All bulk operations are admin-only (enforced server-side) - Operations tracked in bulk_operations table with audit logging - Supports bulk_close, bulk_assign, and bulk_priority operations Admins can now select multiple tickets and perform batch operations, significantly improving workflow efficiency. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-01 19:06:33 -05:00
require_once dirname(__DIR__) . '/models/BulkOperationsModel.php';
require_once dirname(__DIR__) . '/models/TicketModel.php';
require_once dirname(__DIR__) . '/models/AuditLogModel.php';
header('Content-Type: application/json');
// Check authentication
if (!isset($_SESSION['user']) || !isset($_SESSION['user']['user_id'])) {
echo json_encode(['success' => false, 'error' => 'Not authenticated']);
exit;
}
feat: Add CSRF protection to critical API endpoints - Add CSRF validation to update_ticket.php - Add CSRF validation to add_comment.php - Add CSRF validation to bulk_operation.php - All POST/PUT requests now require valid CSRF token Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-09 12:32:34 -05:00
// CSRF Protection
require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$csrfToken = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
if (!CsrfMiddleware::validateToken($csrfToken)) {
http_response_code(403);
echo json_encode(['success' => false, 'error' => 'Invalid CSRF token']);
exit;
}
}
Feature 5: Implement Bulk Actions (Admin Only) Add comprehensive bulk operations system for admins: - Created BulkOperationsModel.php with operation tracking and processing - Added bulk_operation.php API endpoint for bulk operations - Created get_users.php API endpoint for user dropdown in bulk assign - Updated DashboardView.php with checkboxes and bulk actions toolbar - Added JavaScript functions for: - Select all/clear selection - Bulk close tickets - Bulk assign tickets - Bulk change priority - Added comprehensive CSS for bulk actions toolbar and modals - All bulk operations are admin-only (enforced server-side) - Operations tracked in bulk_operations table with audit logging - Supports bulk_close, bulk_assign, and bulk_priority operations Admins can now select multiple tickets and perform batch operations, significantly improving workflow efficiency. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-01 19:06:33 -05:00
// Check admin status - bulk operations are admin-only
$isAdmin = $_SESSION['user']['is_admin'] ?? false;
if (!$isAdmin) {
echo json_encode(['success' => false, 'error' => 'Admin access required']);
exit;
}
// Get request data
$data = json_decode(file_get_contents('php://input'), true);
$operationType = $data['operation_type'] ?? null;
$ticketIds = $data['ticket_ids'] ?? [];
$parameters = $data['parameters'] ?? null;
// Validate input
if (!$operationType || empty($ticketIds)) {
echo json_encode(['success' => false, 'error' => 'Operation type and ticket IDs required']);
exit;
}
// Validate ticket IDs are integers
foreach ($ticketIds as $ticketId) {
if (!is_numeric($ticketId)) {
echo json_encode(['success' => false, 'error' => 'Invalid ticket ID format']);
exit;
}
}
// Create database connection
$conn = new mysqli(
$GLOBALS['config']['DB_HOST'],
$GLOBALS['config']['DB_USER'],
$GLOBALS['config']['DB_PASS'],
$GLOBALS['config']['DB_NAME']
);
if ($conn->connect_error) {
echo json_encode(['success' => false, 'error' => 'Database connection failed']);
exit;
}
$bulkOpsModel = new BulkOperationsModel($conn);
// Create bulk operation record
$operationId = $bulkOpsModel->createBulkOperation($operationType, $ticketIds, $_SESSION['user']['user_id'], $parameters);
if (!$operationId) {
$conn->close();
echo json_encode(['success' => false, 'error' => 'Failed to create bulk operation']);
exit;
}
// Process the bulk operation
$result = $bulkOpsModel->processBulkOperation($operationId);
$conn->close();
if (isset($result['error'])) {
echo json_encode([
'success' => false,
'error' => $result['error']
]);
} else {
echo json_encode([
'success' => true,
'operation_id' => $operationId,
'processed' => $result['processed'],
'failed' => $result['failed'],
'message' => "Bulk operation completed: {$result['processed']} succeeded, {$result['failed']} failed"
]);
}
Reference in New Issue Copy Permalink