Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* AttachmentModel - Handles ticket file attachments
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
class AttachmentModel {
|
|
|
|
|
private $conn;
|
|
|
|
|
|
2026-03-17 23:22:24 -04:00
|
|
|
public function __construct($conn) {
|
|
|
|
|
$this->conn = $conn;
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get all attachments for a ticket
|
|
|
|
|
*/
|
|
|
|
|
public function getAttachments($ticketId) {
|
|
|
|
|
$sql = "SELECT a.*, u.username, u.display_name
|
|
|
|
|
FROM ticket_attachments a
|
|
|
|
|
LEFT JOIN users u ON a.uploaded_by = u.user_id
|
|
|
|
|
WHERE a.ticket_id = ?
|
|
|
|
|
ORDER BY a.uploaded_at DESC";
|
|
|
|
|
|
|
|
|
|
$stmt = $this->conn->prepare($sql);
|
|
|
|
|
$stmt->bind_param("s", $ticketId);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
$result = $stmt->get_result();
|
|
|
|
|
|
|
|
|
|
$attachments = [];
|
|
|
|
|
while ($row = $result->fetch_assoc()) {
|
|
|
|
|
$attachments[] = $row;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$stmt->close();
|
|
|
|
|
return $attachments;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get a single attachment by ID
|
|
|
|
|
*/
|
|
|
|
|
public function getAttachment($attachmentId) {
|
|
|
|
|
$sql = "SELECT a.*, u.username, u.display_name
|
|
|
|
|
FROM ticket_attachments a
|
|
|
|
|
LEFT JOIN users u ON a.uploaded_by = u.user_id
|
|
|
|
|
WHERE a.attachment_id = ?";
|
|
|
|
|
|
|
|
|
|
$stmt = $this->conn->prepare($sql);
|
|
|
|
|
$stmt->bind_param("i", $attachmentId);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
$result = $stmt->get_result();
|
|
|
|
|
$attachment = $result->fetch_assoc();
|
|
|
|
|
$stmt->close();
|
|
|
|
|
|
|
|
|
|
return $attachment;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Add a new attachment record
|
|
|
|
|
*/
|
|
|
|
|
public function addAttachment($ticketId, $filename, $originalFilename, $fileSize, $mimeType, $uploadedBy) {
|
|
|
|
|
$sql = "INSERT INTO ticket_attachments (ticket_id, filename, original_filename, file_size, mime_type, uploaded_by)
|
|
|
|
|
VALUES (?, ?, ?, ?, ?, ?)";
|
|
|
|
|
|
|
|
|
|
$stmt = $this->conn->prepare($sql);
|
|
|
|
|
$stmt->bind_param("sssisi", $ticketId, $filename, $originalFilename, $fileSize, $mimeType, $uploadedBy);
|
|
|
|
|
$result = $stmt->execute();
|
|
|
|
|
|
|
|
|
|
if ($result) {
|
|
|
|
|
$attachmentId = $this->conn->insert_id;
|
|
|
|
|
$stmt->close();
|
|
|
|
|
return $attachmentId;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$stmt->close();
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Delete an attachment record
|
|
|
|
|
*/
|
|
|
|
|
public function deleteAttachment($attachmentId) {
|
|
|
|
|
$sql = "DELETE FROM ticket_attachments WHERE attachment_id = ?";
|
|
|
|
|
|
|
|
|
|
$stmt = $this->conn->prepare($sql);
|
|
|
|
|
$stmt->bind_param("i", $attachmentId);
|
|
|
|
|
$result = $stmt->execute();
|
|
|
|
|
$stmt->close();
|
|
|
|
|
|
|
|
|
|
return $result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get total attachment size for a ticket
|
|
|
|
|
*/
|
|
|
|
|
public function getTotalSizeForTicket($ticketId) {
|
|
|
|
|
$sql = "SELECT COALESCE(SUM(file_size), 0) as total_size
|
|
|
|
|
FROM ticket_attachments
|
|
|
|
|
WHERE ticket_id = ?";
|
|
|
|
|
|
|
|
|
|
$stmt = $this->conn->prepare($sql);
|
|
|
|
|
$stmt->bind_param("s", $ticketId);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
$result = $stmt->get_result();
|
|
|
|
|
$row = $result->fetch_assoc();
|
|
|
|
|
$stmt->close();
|
|
|
|
|
|
|
|
|
|
return (int)$row['total_size'];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get attachment count for a ticket
|
|
|
|
|
*/
|
|
|
|
|
public function getAttachmentCount($ticketId) {
|
|
|
|
|
$sql = "SELECT COUNT(*) as count FROM ticket_attachments WHERE ticket_id = ?";
|
|
|
|
|
|
|
|
|
|
$stmt = $this->conn->prepare($sql);
|
|
|
|
|
$stmt->bind_param("s", $ticketId);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
$result = $stmt->get_result();
|
|
|
|
|
$row = $result->fetch_assoc();
|
|
|
|
|
$stmt->close();
|
|
|
|
|
|
|
|
|
|
return (int)$row['count'];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check if user can delete attachment (owner or admin)
|
|
|
|
|
*/
|
|
|
|
|
public function canUserDelete($attachmentId, $userId, $isAdmin = false) {
|
|
|
|
|
if ($isAdmin) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$attachment = $this->getAttachment($attachmentId);
|
|
|
|
|
return $attachment && $attachment['uploaded_by'] == $userId;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Format file size for display
|
|
|
|
|
*/
|
|
|
|
|
public static function formatFileSize($bytes) {
|
|
|
|
|
if ($bytes >= 1073741824) {
|
|
|
|
|
return number_format($bytes / 1073741824, 2) . ' GB';
|
|
|
|
|
} elseif ($bytes >= 1048576) {
|
|
|
|
|
return number_format($bytes / 1048576, 2) . ' MB';
|
|
|
|
|
} elseif ($bytes >= 1024) {
|
|
|
|
|
return number_format($bytes / 1024, 2) . ' KB';
|
|
|
|
|
} else {
|
|
|
|
|
return $bytes . ' bytes';
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Get file icon based on mime type
|
|
|
|
|
*/
|
|
|
|
|
public static function getFileIcon($mimeType) {
|
|
|
|
|
if (strpos($mimeType, 'image/') === 0) {
|
|
|
|
|
return '🖼️';
|
|
|
|
|
} elseif (strpos($mimeType, 'video/') === 0) {
|
|
|
|
|
return '🎬';
|
|
|
|
|
} elseif (strpos($mimeType, 'audio/') === 0) {
|
|
|
|
|
return '🎵';
|
|
|
|
|
} elseif ($mimeType === 'application/pdf') {
|
|
|
|
|
return '📄';
|
|
|
|
|
} elseif (strpos($mimeType, 'text/') === 0) {
|
|
|
|
|
return '📝';
|
|
|
|
|
} elseif (in_array($mimeType, ['application/zip', 'application/x-rar-compressed', 'application/x-7z-compressed', 'application/gzip'])) {
|
|
|
|
|
return '📦';
|
|
|
|
|
} elseif (in_array($mimeType, ['application/msword', 'application/vnd.openxmlformats-officedocument.wordprocessingml.document'])) {
|
|
|
|
|
return '📘';
|
|
|
|
|
} elseif (in_array($mimeType, ['application/vnd.ms-excel', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'])) {
|
|
|
|
|
return '📊';
|
|
|
|
|
} else {
|
|
|
|
|
return '📎';
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Validate file type against allowed types
|
|
|
|
|
*/
|
|
|
|
|
public static function isAllowedType($mimeType) {
|
|
|
|
|
$allowedTypes = $GLOBALS['config']['ALLOWED_FILE_TYPES'] ?? [
|
|
|
|
|
'image/jpeg', 'image/png', 'image/gif', 'image/webp',
|
|
|
|
|
'application/pdf',
|
|
|
|
|
'text/plain', 'text/csv',
|
|
|
|
|
'application/msword',
|
|
|
|
|
'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
|
|
|
|
|
'application/vnd.ms-excel',
|
|
|
|
|
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
|
|
|
|
|
'application/zip', 'application/x-rar-compressed', 'application/x-7z-compressed',
|
|
|
|
|
'application/json', 'application/xml'
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
return in_array($mimeType, $allowedTypes);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|