Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* Workflow/Status Transitions Management API
|
|
|
|
|
* CRUD operations for status_transitions table
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
ini_set('display_errors', 0);
|
|
|
|
|
error_reporting(E_ALL);
|
|
|
|
|
|
|
|
|
|
require_once dirname(__DIR__) . '/middleware/RateLimitMiddleware.php';
|
2026-01-29 10:53:26 -05:00
|
|
|
require_once dirname(__DIR__) . '/models/WorkflowModel.php';
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
RateLimitMiddleware::apply('api');
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
require_once dirname(__DIR__) . '/config/config.php';
|
|
|
|
|
|
|
|
|
|
// Check authentication
|
|
|
|
|
session_start();
|
|
|
|
|
if (!isset($_SESSION['user']) || !isset($_SESSION['user']['user_id'])) {
|
|
|
|
|
http_response_code(401);
|
|
|
|
|
echo json_encode(['success' => false, 'error' => 'Authentication required']);
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Check admin privileges
|
|
|
|
|
if (!$_SESSION['user']['is_admin']) {
|
|
|
|
|
http_response_code(403);
|
|
|
|
|
echo json_encode(['success' => false, 'error' => 'Admin privileges required']);
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// CSRF Protection for write operations
|
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'GET') {
|
|
|
|
|
require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php';
|
|
|
|
|
$csrfToken = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
|
|
|
|
|
if (!CsrfMiddleware::validateToken($csrfToken)) {
|
|
|
|
|
http_response_code(403);
|
|
|
|
|
echo json_encode(['success' => false, 'error' => 'Invalid CSRF token']);
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$conn = new mysqli(
|
|
|
|
|
$GLOBALS['config']['DB_HOST'],
|
|
|
|
|
$GLOBALS['config']['DB_USER'],
|
|
|
|
|
$GLOBALS['config']['DB_PASS'],
|
|
|
|
|
$GLOBALS['config']['DB_NAME']
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if ($conn->connect_error) {
|
|
|
|
|
throw new Exception("Database connection failed");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
|
|
|
|
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
|
|
|
$id = isset($_GET['id']) ? (int)$_GET['id'] : null;
|
|
|
|
|
|
|
|
|
|
switch ($method) {
|
|
|
|
|
case 'GET':
|
|
|
|
|
if ($id) {
|
|
|
|
|
// Get single transition
|
|
|
|
|
$stmt = $conn->prepare("SELECT * FROM status_transitions WHERE transition_id = ?");
|
|
|
|
|
$stmt->bind_param('i', $id);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
$result = $stmt->get_result();
|
|
|
|
|
$transition = $result->fetch_assoc();
|
|
|
|
|
$stmt->close();
|
|
|
|
|
echo json_encode(['success' => true, 'transition' => $transition]);
|
|
|
|
|
} else {
|
|
|
|
|
// Get all transitions
|
|
|
|
|
$result = $conn->query("SELECT * FROM status_transitions ORDER BY from_status, to_status");
|
|
|
|
|
$transitions = [];
|
|
|
|
|
while ($row = $result->fetch_assoc()) {
|
|
|
|
|
$transitions[] = $row;
|
|
|
|
|
}
|
|
|
|
|
echo json_encode(['success' => true, 'transitions' => $transitions]);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'POST':
|
|
|
|
|
$data = json_decode(file_get_contents('php://input'), true);
|
|
|
|
|
|
|
|
|
|
$stmt = $conn->prepare("INSERT INTO status_transitions (from_status, to_status, requires_comment, requires_admin, is_active)
|
|
|
|
|
VALUES (?, ?, ?, ?, ?)");
|
|
|
|
|
$stmt->bind_param('ssiii',
|
|
|
|
|
$data['from_status'],
|
|
|
|
|
$data['to_status'],
|
|
|
|
|
$data['requires_comment'] ?? 0,
|
|
|
|
|
$data['requires_admin'] ?? 0,
|
|
|
|
|
$data['is_active'] ?? 1
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if ($stmt->execute()) {
|
2026-01-29 10:53:26 -05:00
|
|
|
WorkflowModel::clearCache(); // Clear workflow cache
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
echo json_encode(['success' => true, 'transition_id' => $conn->insert_id]);
|
|
|
|
|
} else {
|
|
|
|
|
echo json_encode(['success' => false, 'error' => $stmt->error]);
|
|
|
|
|
}
|
|
|
|
|
$stmt->close();
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'PUT':
|
|
|
|
|
if (!$id) {
|
|
|
|
|
echo json_encode(['success' => false, 'error' => 'ID required']);
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$data = json_decode(file_get_contents('php://input'), true);
|
|
|
|
|
|
|
|
|
|
$stmt = $conn->prepare("UPDATE status_transitions SET
|
|
|
|
|
from_status = ?, to_status = ?, requires_comment = ?, requires_admin = ?, is_active = ?
|
|
|
|
|
WHERE transition_id = ?");
|
|
|
|
|
$stmt->bind_param('ssiiii',
|
|
|
|
|
$data['from_status'],
|
|
|
|
|
$data['to_status'],
|
|
|
|
|
$data['requires_comment'] ?? 0,
|
|
|
|
|
$data['requires_admin'] ?? 0,
|
|
|
|
|
$data['is_active'] ?? 1,
|
|
|
|
|
$id
|
|
|
|
|
);
|
|
|
|
|
|
2026-01-29 10:53:26 -05:00
|
|
|
$success = $stmt->execute();
|
|
|
|
|
if ($success) {
|
|
|
|
|
WorkflowModel::clearCache(); // Clear workflow cache
|
|
|
|
|
}
|
|
|
|
|
echo json_encode(['success' => $success]);
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
$stmt->close();
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'DELETE':
|
|
|
|
|
if (!$id) {
|
|
|
|
|
echo json_encode(['success' => false, 'error' => 'ID required']);
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$stmt = $conn->prepare("DELETE FROM status_transitions WHERE transition_id = ?");
|
|
|
|
|
$stmt->bind_param('i', $id);
|
2026-01-29 10:53:26 -05:00
|
|
|
$success = $stmt->execute();
|
|
|
|
|
if ($success) {
|
|
|
|
|
WorkflowModel::clearCache(); // Clear workflow cache
|
|
|
|
|
}
|
|
|
|
|
echo json_encode(['success' => $success]);
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
$stmt->close();
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
http_response_code(405);
|
|
|
|
|
echo json_encode(['success' => false, 'error' => 'Method not allowed']);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$conn->close();
|
|
|
|
|
|
|
|
|
|
} catch (Exception $e) {
|
|
|
|
|
http_response_code(500);
|
|
|
|
|
echo json_encode(['success' => false, 'error' => $e->getMessage()]);
|
|
|
|
|
}
|