controllers/TicketController.php

<?php
// Use absolute paths for model includes
require_once dirname(__DIR__) . '/models/TicketModel.php';
require_once dirname(__DIR__) . '/models/CommentModel.php';
require_once dirname(__DIR__) . '/models/AuditLogModel.php';
require_once dirname(__DIR__) . '/models/UserModel.php';
require_once dirname(__DIR__) . '/models/WorkflowModel.php';
require_once dirname(__DIR__) . '/models/TemplateModel.php';
require_once dirname(__DIR__) . '/helpers/UrlHelper.php';
require_once dirname(__DIR__) . '/helpers/NotificationHelper.php';

class TicketController {
    private $ticketModel;
    private $commentModel;
    private $auditLogModel;
    private $userModel;
    private $workflowModel;
    private $templateModel;
    private $conn;

    public function __construct($conn) {
        $this->conn = $conn;
        $this->ticketModel = new TicketModel($conn);
        $this->commentModel = new CommentModel($conn);
        $this->auditLogModel = new AuditLogModel($conn);
        $this->userModel = new UserModel($conn);
        $this->workflowModel = new WorkflowModel($conn);
        $this->templateModel = new TemplateModel($conn);
    }
    
    public function view($id) {
        // Get current user
        $currentUser = $GLOBALS['currentUser'] ?? null;
        $userId = $currentUser['user_id'] ?? null;

        // Get ticket data
        $ticket = $this->ticketModel->getTicketById($id);

        if (!$ticket) {
            header("HTTP/1.0 404 Not Found");
            echo "Ticket not found";
            return;
        }

        // Check visibility access — return 404 rather than 403 to avoid leaking ticket existence
        if (!$this->ticketModel->canUserAccessTicket($ticket, $currentUser)) {
            header("HTTP/1.0 404 Not Found");
            echo "Ticket not found";
            return;
        }

        // Load first page of comments; show "load more" if ticket has many
        $commentPageSize  = 50;
        $totalComments    = $this->commentModel->getCommentCount((int)$id);
        $comments         = $this->commentModel->getCommentsByTicketId($id, true, $commentPageSize, 0);

        // Get timeline for this ticket
        $timeline = $this->auditLogModel->getTicketTimeline($id);

        // Get all users for assignment dropdown
        $allUsers = $this->userModel->getAllUsers();

        // Get allowed status transitions for this ticket
        $allowedTransitions = $this->workflowModel->getAllowedTransitions($ticket['status']);

        // Make $conn available to view for visibility groups
        $conn = $this->conn;

        // Load the view
        include dirname(__DIR__) . '/views/TicketView.php';
    }

    public function create() {
        // Get current user
        $currentUser = $GLOBALS['currentUser'] ?? null;
        $userId = $currentUser['user_id'] ?? null;

        // Check if form was submitted
        if ($_SERVER['REQUEST_METHOD'] === 'POST') {
            // Validate CSRF token
            require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php';
            $csrfToken = $_POST['csrf_token'] ?? '';
            if (!CsrfMiddleware::validateToken($csrfToken)) {
                $error = "Invalid or expired security token. Please try again.";
                $templates = $this->templateModel->getAllTemplates();
                $allUsers = $this->userModel->getAllUsers();
                $conn = $this->conn;
                include dirname(__DIR__) . '/views/CreateTicketView.php';
                return;
            }

            // Handle visibility groups (comes as array from checkboxes)
            $visibilityGroups = null;
            if (isset($_POST['visibility_groups']) && is_array($_POST['visibility_groups'])) {
                $visibilityGroups = implode(',', array_map('trim', $_POST['visibility_groups']));
            }

            $ticketData = [
                'title' => $_POST['title'] ?? '',
                'description' => $_POST['description'] ?? '',
                'priority' => $_POST['priority'] ?? '4',
                'category' => $_POST['category'] ?? 'General',
                'type' => $_POST['type'] ?? 'Issue',
                'visibility' => $_POST['visibility'] ?? 'public',
                'visibility_groups' => $visibilityGroups,
                'assigned_to' => !empty($_POST['assigned_to']) ? $_POST['assigned_to'] : null
            ];

            // Validate input
            if (empty($ticketData['title'])) {
                $error = "Title is required";
                $templates = $this->templateModel->getAllTemplates();
                $allUsers = $this->userModel->getAllUsers();
                $conn = $this->conn; // Make $conn available to view
                include dirname(__DIR__) . '/views/CreateTicketView.php';
                return;
            }

            // Create ticket with user tracking
            $result = $this->ticketModel->createTicket($ticketData, $userId);

            if ($result['success']) {
                // Log ticket creation to audit log
                if (isset($GLOBALS['auditLog']) && $userId) {
                    $GLOBALS['auditLog']->logTicketCreate($userId, $result['ticket_id'], $ticketData);
                }

                // Send Matrix notification for new ticket
                NotificationHelper::sendTicketNotification($result['ticket_id'], $ticketData, 'manual');

                // Redirect to the new ticket
                header("Location: " . $GLOBALS['config']['BASE_URL'] . "/ticket/" . $result['ticket_id']);
                exit;
            } else {
                $error = $result['error'];
                $templates = $this->templateModel->getAllTemplates();
                $allUsers = $this->userModel->getAllUsers();
                $conn = $this->conn; // Make $conn available to view
                include dirname(__DIR__) . '/views/CreateTicketView.php';
                return;
            }
        } else {
            // Get all templates for the template selector
            $templates = $this->templateModel->getAllTemplates();
            // Get all users for assignment dropdown
            $allUsers = $this->userModel->getAllUsers();
            $conn = $this->conn; // Make $conn available to view

            // Display the create ticket form
            include dirname(__DIR__) . '/views/CreateTicketView.php';
        }
    }

}
?>
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`<?php`
			`// Use absolute paths for model includes`
			`require_once dirname(__DIR__) . '/models/TicketModel.php';`
			`require_once dirname(__DIR__) . '/models/CommentModel.php';`
Add Activity Timeline feature and database migrations 2026-01-01 18:25:19 -05:00			`require_once dirname(__DIR__) . '/models/AuditLogModel.php';`
Add Ticket Assignment feature (Feature 2) 2026-01-01 18:36:34 -05:00			`require_once dirname(__DIR__) . '/models/UserModel.php';`
Feature 3: Implement Status Transitions with Workflow Validation 2026-01-01 18:57:23 -05:00			`require_once dirname(__DIR__) . '/models/WorkflowModel.php';`
Feature 4: Implement Ticket Templates 2026-01-01 19:00:42 -05:00			`require_once dirname(__DIR__) . '/models/TemplateModel.php';`
Add security logging, domain validation, and output helpers 2026-01-30 18:51:16 -05:00			`require_once dirname(__DIR__) . '/helpers/UrlHelper.php';`
Replace Discord webhook notifications with Matrix (hookshot) 2026-02-21 19:17:46 -05:00			`require_once dirname(__DIR__) . '/helpers/NotificationHelper.php';`
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00
			`class TicketController {`
			`private $ticketModel;`
			`private $commentModel;`
Add Activity Timeline feature and database migrations 2026-01-01 18:25:19 -05:00			`private $auditLogModel;`
Add Ticket Assignment feature (Feature 2) 2026-01-01 18:36:34 -05:00			`private $userModel;`
Feature 3: Implement Status Transitions with Workflow Validation 2026-01-01 18:57:23 -05:00			`private $workflowModel;`
Feature 4: Implement Ticket Templates 2026-01-01 19:00:42 -05:00			`private $templateModel;`
feat: Add 9 new features for enhanced UX and security 2026-01-23 10:01:50 -05:00			`private $conn;`
Feature 3: Implement Status Transitions with Workflow Validation 2026-01-01 18:57:23 -05:00
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`public function __construct($conn) {`
feat: Add 9 new features for enhanced UX and security 2026-01-23 10:01:50 -05:00			`$this->conn = $conn;`
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`$this->ticketModel = new TicketModel($conn);`
			`$this->commentModel = new CommentModel($conn);`
Add Activity Timeline feature and database migrations 2026-01-01 18:25:19 -05:00			`$this->auditLogModel = new AuditLogModel($conn);`
Add Ticket Assignment feature (Feature 2) 2026-01-01 18:36:34 -05:00			`$this->userModel = new UserModel($conn);`
Feature 3: Implement Status Transitions with Workflow Validation 2026-01-01 18:57:23 -05:00			`$this->workflowModel = new WorkflowModel($conn);`
Feature 4: Implement Ticket Templates 2026-01-01 19:00:42 -05:00			`$this->templateModel = new TemplateModel($conn);`
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`}`

			`public function view($id) {`
SSO Update :) 2026-01-01 15:40:32 -05:00			`// Get current user`
			`$currentUser = $GLOBALS['currentUser'] ?? null;`
			`$userId = $currentUser['user_id'] ?? null;`

Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`// Get ticket data`
			`$ticket = $this->ticketModel->getTicketById($id);`
SSO Update :) 2026-01-01 15:40:32 -05:00
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`if (!$ticket) {`
			`header("HTTP/1.0 404 Not Found");`
			`echo "Ticket not found";`
			`return;`
			`}`
SSO Update :) 2026-01-01 15:40:32 -05:00
Return 404 (not 403) for inaccessible tickets in TicketController 2026-03-20 21:47:28 -04:00			`// Check visibility access — return 404 rather than 403 to avoid leaking ticket existence`
feat: Add 9 new features for enhanced UX and security 2026-01-23 10:01:50 -05:00			`if (!$this->ticketModel->canUserAccessTicket($ticket, $currentUser)) {`
Return 404 (not 403) for inaccessible tickets in TicketController 2026-03-20 21:47:28 -04:00			`header("HTTP/1.0 404 Not Found");`
			`echo "Ticket not found";`
feat: Add 9 new features for enhanced UX and security 2026-01-23 10:01:50 -05:00			`return;`
			`}`

feat: comment pagination, Matrix integration, Synapse mention resolution 2026-03-29 21:34:16 -04:00			`// Load first page of comments; show "load more" if ticket has many`
			`$commentPageSize = 50;`
			`$totalComments = $this->commentModel->getCommentCount((int)$id);`
			`$comments = $this->commentModel->getCommentsByTicketId($id, true, $commentPageSize, 0);`
SSO Update :) 2026-01-01 15:40:32 -05:00
Add Activity Timeline feature and database migrations 2026-01-01 18:25:19 -05:00			`// Get timeline for this ticket`
			`$timeline = $this->auditLogModel->getTicketTimeline($id);`

Add Ticket Assignment feature (Feature 2) 2026-01-01 18:36:34 -05:00			`// Get all users for assignment dropdown`
			`$allUsers = $this->userModel->getAllUsers();`

Feature 3: Implement Status Transitions with Workflow Validation 2026-01-01 18:57:23 -05:00			`// Get allowed status transitions for this ticket`
			`$allowedTransitions = $this->workflowModel->getAllowedTransitions($ticket['status']);`

fix: Cache busting and visibility group editing UI 2026-01-23 10:23:19 -05:00			`// Make $conn available to view for visibility groups`
			`$conn = $this->conn;`

Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`// Load the view`
			`include dirname(__DIR__) . '/views/TicketView.php';`
			`}`
fix: Cache busting and visibility group editing UI 2026-01-23 10:23:19 -05:00
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`public function create() {`
SSO Update :) 2026-01-01 15:40:32 -05:00			`// Get current user`
			`$currentUser = $GLOBALS['currentUser'] ?? null;`
			`$userId = $currentUser['user_id'] ?? null;`

Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`// Check if form was submitted`
			`if ($_SERVER['REQUEST_METHOD'] === 'POST') {`
fix: CSRF on ticket create form, DOM-safe duplicate list, audit-log param validation 2026-03-28 21:26:52 -04:00			`// Validate CSRF token`
			`require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php';`
			`$csrfToken = $_POST['csrf_token'] ?? '';`
			`if (!CsrfMiddleware::validateToken($csrfToken)) {`
			`$error = "Invalid or expired security token. Please try again.";`
			`$templates = $this->templateModel->getAllTemplates();`
			`$allUsers = $this->userModel->getAllUsers();`
			`$conn = $this->conn;`
			`include dirname(__DIR__) . '/views/CreateTicketView.php';`
			`return;`
			`}`

feat: Add 9 new features for enhanced UX and security 2026-01-23 10:01:50 -05:00			`// Handle visibility groups (comes as array from checkboxes)`
			`$visibilityGroups = null;`
			`if (isset($_POST['visibility_groups']) && is_array($_POST['visibility_groups'])) {`
			`$visibilityGroups = implode(',', array_map('trim', $_POST['visibility_groups']));`
			`}`

Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`$ticketData = [`
			`'title' => $_POST['title'] ?? '',`
			`'description' => $_POST['description'] ?? '',`
			`'priority' => $_POST['priority'] ?? '4',`
			`'category' => $_POST['category'] ?? 'General',`
feat: Add 9 new features for enhanced UX and security 2026-01-23 10:01:50 -05:00			`'type' => $_POST['type'] ?? 'Issue',`
			`'visibility' => $_POST['visibility'] ?? 'public',`
Add assignment dropdown on ticket creation and fix Discord webhook URLs 2026-02-05 10:24:00 -05:00			`'visibility_groups' => $visibilityGroups,`
			`'assigned_to' => !empty($_POST['assigned_to']) ? $_POST['assigned_to'] : null`
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`];`
SSO Update :) 2026-01-01 15:40:32 -05:00
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`// Validate input`
			`if (empty($ticketData['title'])) {`
			`$error = "Title is required";`
Feature 4: Implement Ticket Templates 2026-01-01 19:00:42 -05:00			`$templates = $this->templateModel->getAllTemplates();`
Add assignment dropdown on ticket creation and fix Discord webhook URLs 2026-02-05 10:24:00 -05:00			`$allUsers = $this->userModel->getAllUsers();`
feat: Add 9 new features for enhanced UX and security 2026-01-23 10:01:50 -05:00			`$conn = $this->conn; // Make $conn available to view`
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`include dirname(__DIR__) . '/views/CreateTicketView.php';`
			`return;`
			`}`
SSO Update :) 2026-01-01 15:40:32 -05:00
			`// Create ticket with user tracking`
			`$result = $this->ticketModel->createTicket($ticketData, $userId);`

Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`if ($result['success']) {`
SSO Update :) 2026-01-01 15:40:32 -05:00			`// Log ticket creation to audit log`
			`if (isset($GLOBALS['auditLog']) && $userId) {`
			`$GLOBALS['auditLog']->logTicketCreate($userId, $result['ticket_id'], $ticketData);`
			`}`

Replace Discord webhook notifications with Matrix (hookshot) 2026-02-21 19:17:46 -05:00			`// Send Matrix notification for new ticket`
			`NotificationHelper::sendTicketNotification($result['ticket_id'], $ticketData, 'manual');`
SSO Update :) 2026-01-01 15:40:32 -05:00
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`// Redirect to the new ticket`
Fixed MAJOR bugs, currently at a semi-stable state 2025-09-05 11:08:56 -04:00			`header("Location: " . $GLOBALS['config']['BASE_URL'] . "/ticket/" . $result['ticket_id']);`
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`exit;`
			`} else {`
			`$error = $result['error'];`
Feature 4: Implement Ticket Templates 2026-01-01 19:00:42 -05:00			`$templates = $this->templateModel->getAllTemplates();`
Add assignment dropdown on ticket creation and fix Discord webhook URLs 2026-02-05 10:24:00 -05:00			`$allUsers = $this->userModel->getAllUsers();`
feat: Add 9 new features for enhanced UX and security 2026-01-23 10:01:50 -05:00			`$conn = $this->conn; // Make $conn available to view`
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`include dirname(__DIR__) . '/views/CreateTicketView.php';`
			`return;`
			`}`
			`} else {`
Feature 4: Implement Ticket Templates 2026-01-01 19:00:42 -05:00			`// Get all templates for the template selector`
			`$templates = $this->templateModel->getAllTemplates();`
Add assignment dropdown on ticket creation and fix Discord webhook URLs 2026-02-05 10:24:00 -05:00			`// Get all users for assignment dropdown`
			`$allUsers = $this->userModel->getAllUsers();`
feat: Add 9 new features for enhanced UX and security 2026-01-23 10:01:50 -05:00			`$conn = $this->conn; // Make $conn available to view`
Feature 4: Implement Ticket Templates 2026-01-01 19:00:42 -05:00
Re-did everything, Now is modulaar and better bro. 2025-05-16 20:02:49 -04:00			`// Display the create ticket form`
			`include dirname(__DIR__) . '/views/CreateTicketView.php';`
			`}`
			`}`
SSO Update :) 2026-01-01 15:40:32 -05:00
Fixed MAJOR bugs, currently at a semi-stable state 2025-09-05 11:08:56 -04:00			`}`
			`?>`