api/ticket_dependencies.php

<?php
/**
 * Ticket Dependencies API
 *
 * GET: Get dependencies for a ticket
 * POST: Add a new dependency
 * DELETE: Remove a dependency
 */

// Apply rate limiting
require_once dirname(__DIR__) . '/middleware/RateLimitMiddleware.php';
RateLimitMiddleware::apply('api');

session_start();
require_once dirname(__DIR__) . '/config/config.php';
require_once dirname(__DIR__) . '/models/DependencyModel.php';
require_once dirname(__DIR__) . '/models/AuditLogModel.php';
require_once dirname(__DIR__) . '/helpers/ResponseHelper.php';

header('Content-Type: application/json');

// Check authentication
if (!isset($_SESSION['user']) || !isset($_SESSION['user']['user_id'])) {
    ResponseHelper::unauthorized();
}

$userId = $_SESSION['user']['user_id'];

// CSRF Protection for POST/DELETE
if ($_SERVER['REQUEST_METHOD'] === 'POST' || $_SERVER['REQUEST_METHOD'] === 'DELETE') {
    require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php';
    $csrfToken = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
    if (!CsrfMiddleware::validateToken($csrfToken)) {
        ResponseHelper::forbidden('Invalid CSRF token');
    }
}

// Create database connection
$conn = new mysqli(
    $GLOBALS['config']['DB_HOST'],
    $GLOBALS['config']['DB_USER'],
    $GLOBALS['config']['DB_PASS'],
    $GLOBALS['config']['DB_NAME']
);

if ($conn->connect_error) {
    ResponseHelper::serverError('Database connection failed');
}

try {
    $dependencyModel = new DependencyModel($conn);
    $auditLog = new AuditLogModel($conn);
} catch (Exception $e) {
    ResponseHelper::serverError('Failed to initialize models: ' . $e->getMessage());
}

$method = $_SERVER['REQUEST_METHOD'];

try {
switch ($method) {
    case 'GET':
        // Get dependencies for a ticket
        $ticketId = $_GET['ticket_id'] ?? null;

        if (!$ticketId) {
            ResponseHelper::error('Ticket ID required');
        }

        $dependencies = $dependencyModel->getDependencies($ticketId);
        $dependents = $dependencyModel->getDependentTickets($ticketId);

        ResponseHelper::success([
            'dependencies' => $dependencies,
            'dependents' => $dependents
        ]);
        break;

    case 'POST':
        // Add a new dependency
        $data = json_decode(file_get_contents('php://input'), true);

        $ticketId = $data['ticket_id'] ?? null;
        $dependsOnId = $data['depends_on_id'] ?? null;
        $type = $data['dependency_type'] ?? 'blocks';

        if (!$ticketId || !$dependsOnId) {
            ResponseHelper::error('Both ticket_id and depends_on_id are required');
        }

        $result = $dependencyModel->addDependency($ticketId, $dependsOnId, $type, $userId);

        if ($result['success']) {
            // Log to audit
            $auditLog->log($userId, 'create', 'dependency', (string)$result['dependency_id'], [
                'ticket_id' => $ticketId,
                'depends_on_id' => $dependsOnId,
                'type' => $type
            ]);

            ResponseHelper::created($result);
        } else {
            ResponseHelper::error($result['error']);
        }
        break;

    case 'DELETE':
        // Remove a dependency
        $data = json_decode(file_get_contents('php://input'), true);

        $dependencyId = $data['dependency_id'] ?? null;

        // Alternative: delete by ticket IDs
        if (!$dependencyId && isset($data['ticket_id']) && isset($data['depends_on_id'])) {
            $ticketId = $data['ticket_id'];
            $dependsOnId = $data['depends_on_id'];
            $type = $data['dependency_type'] ?? 'blocks';

            $result = $dependencyModel->removeDependencyByTickets($ticketId, $dependsOnId, $type);

            if ($result) {
                $auditLog->log($userId, 'delete', 'dependency', null, [
                    'ticket_id' => $ticketId,
                    'depends_on_id' => $dependsOnId,
                    'type' => $type
                ]);
                ResponseHelper::success([], 'Dependency removed');
            } else {
                ResponseHelper::error('Failed to remove dependency');
            }
        } elseif ($dependencyId) {
            $result = $dependencyModel->removeDependency($dependencyId);

            if ($result) {
                $auditLog->log($userId, 'delete', 'dependency', (string)$dependencyId);
                ResponseHelper::success([], 'Dependency removed');
            } else {
                ResponseHelper::error('Failed to remove dependency');
            }
        } else {
            ResponseHelper::error('Dependency ID or ticket IDs required');
        }
        break;

    default:
        ResponseHelper::error('Method not allowed', 405);
}
} catch (Exception $e) {
    ResponseHelper::serverError('An error occurred: ' . $e->getMessage());
}

$conn->close();
Implement comprehensive improvement plan (Phases 1-6) Security (Phase 1-2): - Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc. - Add RateLimitMiddleware for API rate limiting - Add security event logging to AuditLogModel - Add ResponseHelper for standardized API responses - Update config.php with security constants Database (Phase 3): - Add migration 014 for additional indexes - Add migration 015 for ticket dependencies - Add migration 016 for ticket attachments - Add migration 017 for recurring tickets - Add migration 018 for custom fields Features (Phase 4-5): - Add ticket dependencies with DependencyModel and API - Add duplicate detection with check_duplicates API - Add file attachments with AttachmentModel and upload/download APIs - Add @mentions with autocomplete and highlighting - Add quick actions on dashboard rows Collaboration (Phase 5): - Add mention extraction in CommentModel - Add mention autocomplete dropdown in ticket.js - Add mention highlighting CSS styles Admin & Export (Phase 6): - Add StatsModel for dashboard widgets - Add dashboard stats cards (open, critical, unassigned, etc.) - Add CSV/JSON export via export_tickets API - Add rich text editor toolbar in markdown.js - Add RecurringTicketModel with cron job - Add CustomFieldModel for per-category fields - Add admin views: RecurringTickets, CustomFields, Workflow, Templates, AuditLog, UserActivity - Add admin APIs: manage_workflows, manage_templates, manage_recurring, custom_fields, get_users - Add admin routes in index.php Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-20 09:55:01 -05:00			`<?php`
			`/**`
			`* Ticket Dependencies API`
			`*`
			`* GET: Get dependencies for a ticket`
			`* POST: Add a new dependency`
			`* DELETE: Remove a dependency`
			`*/`

			`// Apply rate limiting`
			`require_once dirname(__DIR__) . '/middleware/RateLimitMiddleware.php';`
			`RateLimitMiddleware::apply('api');`

			`session_start();`
			`require_once dirname(__DIR__) . '/config/config.php';`
			`require_once dirname(__DIR__) . '/models/DependencyModel.php';`
			`require_once dirname(__DIR__) . '/models/AuditLogModel.php';`
			`require_once dirname(__DIR__) . '/helpers/ResponseHelper.php';`

			`header('Content-Type: application/json');`

			`// Check authentication`
			`if (!isset($_SESSION['user']) \|\| !isset($_SESSION['user']['user_id'])) {`
			`ResponseHelper::unauthorized();`
			`}`

			`$userId = $_SESSION['user']['user_id'];`

			`// CSRF Protection for POST/DELETE`
			`if ($_SERVER['REQUEST_METHOD'] === 'POST' \|\| $_SERVER['REQUEST_METHOD'] === 'DELETE') {`
			`require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php';`
			`$csrfToken = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';`
			`if (!CsrfMiddleware::validateToken($csrfToken)) {`
			`ResponseHelper::forbidden('Invalid CSRF token');`
			`}`
			`}`

			`// Create database connection`
			`$conn = new mysqli(`
			`$GLOBALS['config']['DB_HOST'],`
			`$GLOBALS['config']['DB_USER'],`
			`$GLOBALS['config']['DB_PASS'],`
			`$GLOBALS['config']['DB_NAME']`
			`);`

			`if ($conn->connect_error) {`
			`ResponseHelper::serverError('Database connection failed');`
			`}`

fix: Resolve multiple UI and API bugs - Remove is_active filter from get_users.php (column doesn't exist) - Fix ticket ID validation regex in upload_attachment.php (9-digit format) - Fix createSettingsModal reference to use openSettingsModal from settings.js - Add error handling for dependencies tab to prevent infinite loading - Add try-catch wrapper to ticket_dependencies.php API - Make export dropdown visible only when tickets are selected - Export only selected tickets instead of all filtered tickets Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-20 15:16:14 -05:00			`try {`
			`$dependencyModel = new DependencyModel($conn);`
			`$auditLog = new AuditLogModel($conn);`
			`} catch (Exception $e) {`
			`ResponseHelper::serverError('Failed to initialize models: ' . $e->getMessage());`
			`}`
Implement comprehensive improvement plan (Phases 1-6) Security (Phase 1-2): - Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc. - Add RateLimitMiddleware for API rate limiting - Add security event logging to AuditLogModel - Add ResponseHelper for standardized API responses - Update config.php with security constants Database (Phase 3): - Add migration 014 for additional indexes - Add migration 015 for ticket dependencies - Add migration 016 for ticket attachments - Add migration 017 for recurring tickets - Add migration 018 for custom fields Features (Phase 4-5): - Add ticket dependencies with DependencyModel and API - Add duplicate detection with check_duplicates API - Add file attachments with AttachmentModel and upload/download APIs - Add @mentions with autocomplete and highlighting - Add quick actions on dashboard rows Collaboration (Phase 5): - Add mention extraction in CommentModel - Add mention autocomplete dropdown in ticket.js - Add mention highlighting CSS styles Admin & Export (Phase 6): - Add StatsModel for dashboard widgets - Add dashboard stats cards (open, critical, unassigned, etc.) - Add CSV/JSON export via export_tickets API - Add rich text editor toolbar in markdown.js - Add RecurringTicketModel with cron job - Add CustomFieldModel for per-category fields - Add admin views: RecurringTickets, CustomFields, Workflow, Templates, AuditLog, UserActivity - Add admin APIs: manage_workflows, manage_templates, manage_recurring, custom_fields, get_users - Add admin routes in index.php Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-20 09:55:01 -05:00
			`$method = $_SERVER['REQUEST_METHOD'];`

fix: Resolve multiple UI and API bugs - Remove is_active filter from get_users.php (column doesn't exist) - Fix ticket ID validation regex in upload_attachment.php (9-digit format) - Fix createSettingsModal reference to use openSettingsModal from settings.js - Add error handling for dependencies tab to prevent infinite loading - Add try-catch wrapper to ticket_dependencies.php API - Make export dropdown visible only when tickets are selected - Export only selected tickets instead of all filtered tickets Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-20 15:16:14 -05:00			`try {`
Implement comprehensive improvement plan (Phases 1-6) Security (Phase 1-2): - Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc. - Add RateLimitMiddleware for API rate limiting - Add security event logging to AuditLogModel - Add ResponseHelper for standardized API responses - Update config.php with security constants Database (Phase 3): - Add migration 014 for additional indexes - Add migration 015 for ticket dependencies - Add migration 016 for ticket attachments - Add migration 017 for recurring tickets - Add migration 018 for custom fields Features (Phase 4-5): - Add ticket dependencies with DependencyModel and API - Add duplicate detection with check_duplicates API - Add file attachments with AttachmentModel and upload/download APIs - Add @mentions with autocomplete and highlighting - Add quick actions on dashboard rows Collaboration (Phase 5): - Add mention extraction in CommentModel - Add mention autocomplete dropdown in ticket.js - Add mention highlighting CSS styles Admin & Export (Phase 6): - Add StatsModel for dashboard widgets - Add dashboard stats cards (open, critical, unassigned, etc.) - Add CSV/JSON export via export_tickets API - Add rich text editor toolbar in markdown.js - Add RecurringTicketModel with cron job - Add CustomFieldModel for per-category fields - Add admin views: RecurringTickets, CustomFields, Workflow, Templates, AuditLog, UserActivity - Add admin APIs: manage_workflows, manage_templates, manage_recurring, custom_fields, get_users - Add admin routes in index.php Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-20 09:55:01 -05:00			`switch ($method) {`
			`case 'GET':`
			`// Get dependencies for a ticket`
			`$ticketId = $_GET['ticket_id'] ?? null;`

			`if (!$ticketId) {`
			`ResponseHelper::error('Ticket ID required');`
			`}`

			`$dependencies = $dependencyModel->getDependencies($ticketId);`
			`$dependents = $dependencyModel->getDependentTickets($ticketId);`

			`ResponseHelper::success([`
			`'dependencies' => $dependencies,`
			`'dependents' => $dependents`
			`]);`
			`break;`

			`case 'POST':`
			`// Add a new dependency`
			`$data = json_decode(file_get_contents('php://input'), true);`

			`$ticketId = $data['ticket_id'] ?? null;`
			`$dependsOnId = $data['depends_on_id'] ?? null;`
			`$type = $data['dependency_type'] ?? 'blocks';`

			`if (!$ticketId \|\| !$dependsOnId) {`
			`ResponseHelper::error('Both ticket_id and depends_on_id are required');`
			`}`

			`$result = $dependencyModel->addDependency($ticketId, $dependsOnId, $type, $userId);`

			`if ($result['success']) {`
			`// Log to audit`
			`$auditLog->log($userId, 'create', 'dependency', (string)$result['dependency_id'], [`
			`'ticket_id' => $ticketId,`
			`'depends_on_id' => $dependsOnId,`
			`'type' => $type`
			`]);`

			`ResponseHelper::created($result);`
			`} else {`
			`ResponseHelper::error($result['error']);`
			`}`
			`break;`

			`case 'DELETE':`
			`// Remove a dependency`
			`$data = json_decode(file_get_contents('php://input'), true);`

			`$dependencyId = $data['dependency_id'] ?? null;`

			`// Alternative: delete by ticket IDs`
			`if (!$dependencyId && isset($data['ticket_id']) && isset($data['depends_on_id'])) {`
			`$ticketId = $data['ticket_id'];`
			`$dependsOnId = $data['depends_on_id'];`
			`$type = $data['dependency_type'] ?? 'blocks';`

			`$result = $dependencyModel->removeDependencyByTickets($ticketId, $dependsOnId, $type);`

			`if ($result) {`
			`$auditLog->log($userId, 'delete', 'dependency', null, [`
			`'ticket_id' => $ticketId,`
			`'depends_on_id' => $dependsOnId,`
			`'type' => $type`
			`]);`
			`ResponseHelper::success([], 'Dependency removed');`
			`} else {`
			`ResponseHelper::error('Failed to remove dependency');`
			`}`
			`} elseif ($dependencyId) {`
			`$result = $dependencyModel->removeDependency($dependencyId);`

			`if ($result) {`
			`$auditLog->log($userId, 'delete', 'dependency', (string)$dependencyId);`
			`ResponseHelper::success([], 'Dependency removed');`
			`} else {`
			`ResponseHelper::error('Failed to remove dependency');`
			`}`
			`} else {`
			`ResponseHelper::error('Dependency ID or ticket IDs required');`
			`}`
			`break;`

			`default:`
			`ResponseHelper::error('Method not allowed', 405);`
			`}`
fix: Resolve multiple UI and API bugs - Remove is_active filter from get_users.php (column doesn't exist) - Fix ticket ID validation regex in upload_attachment.php (9-digit format) - Fix createSettingsModal reference to use openSettingsModal from settings.js - Add error handling for dependencies tab to prevent infinite loading - Add try-catch wrapper to ticket_dependencies.php API - Make export dropdown visible only when tickets are selected - Export only selected tickets instead of all filtered tickets Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-20 15:16:14 -05:00			`} catch (Exception $e) {`
			`ResponseHelper::serverError('An error occurred: ' . $e->getMessage());`
			`}`
Implement comprehensive improvement plan (Phases 1-6) Security (Phase 1-2): - Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc. - Add RateLimitMiddleware for API rate limiting - Add security event logging to AuditLogModel - Add ResponseHelper for standardized API responses - Update config.php with security constants Database (Phase 3): - Add migration 014 for additional indexes - Add migration 015 for ticket dependencies - Add migration 016 for ticket attachments - Add migration 017 for recurring tickets - Add migration 018 for custom fields Features (Phase 4-5): - Add ticket dependencies with DependencyModel and API - Add duplicate detection with check_duplicates API - Add file attachments with AttachmentModel and upload/download APIs - Add @mentions with autocomplete and highlighting - Add quick actions on dashboard rows Collaboration (Phase 5): - Add mention extraction in CommentModel - Add mention autocomplete dropdown in ticket.js - Add mention highlighting CSS styles Admin & Export (Phase 6): - Add StatsModel for dashboard widgets - Add dashboard stats cards (open, critical, unassigned, etc.) - Add CSV/JSON export via export_tickets API - Add rich text editor toolbar in markdown.js - Add RecurringTicketModel with cron job - Add CustomFieldModel for per-category fields - Add admin views: RecurringTickets, CustomFields, Workflow, Templates, AuditLog, UserActivity - Add admin APIs: manage_workflows, manage_templates, manage_recurring, custom_fields, get_users - Add admin routes in index.php Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> 2026-01-20 09:55:01 -05:00
			`$conn->close();`