2025-05-16 20:02:49 -04:00
|
|
|
<?php
|
|
|
|
|
// Enable error reporting for debugging
|
|
|
|
|
error_reporting(E_ALL);
|
|
|
|
|
ini_set('display_errors', 0); // Don't display errors in the response
|
|
|
|
|
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
// Apply rate limiting
|
|
|
|
|
require_once dirname(__DIR__) . '/middleware/RateLimitMiddleware.php';
|
|
|
|
|
RateLimitMiddleware::apply('api');
|
2025-05-16 20:02:49 -04:00
|
|
|
|
|
|
|
|
// Start output buffering to capture any errors
|
|
|
|
|
ob_start();
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
// Load config
|
|
|
|
|
$configPath = dirname(__DIR__) . '/config/config.php';
|
|
|
|
|
require_once $configPath;
|
2026-01-30 14:39:13 -05:00
|
|
|
require_once dirname(__DIR__) . '/helpers/Database.php';
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
|
2025-05-16 20:02:49 -04:00
|
|
|
// Load models directly with absolute paths
|
|
|
|
|
$ticketModelPath = dirname(__DIR__) . '/models/TicketModel.php';
|
|
|
|
|
$commentModelPath = dirname(__DIR__) . '/models/CommentModel.php';
|
2026-01-01 15:40:32 -05:00
|
|
|
$auditLogModelPath = dirname(__DIR__) . '/models/AuditLogModel.php';
|
2026-01-01 18:57:23 -05:00
|
|
|
$workflowModelPath = dirname(__DIR__) . '/models/WorkflowModel.php';
|
2026-01-01 15:40:32 -05:00
|
|
|
|
2025-05-16 20:02:49 -04:00
|
|
|
require_once $ticketModelPath;
|
|
|
|
|
require_once $commentModelPath;
|
2026-01-01 15:40:32 -05:00
|
|
|
require_once $auditLogModelPath;
|
2026-01-01 18:57:23 -05:00
|
|
|
require_once $workflowModelPath;
|
2026-01-01 15:40:32 -05:00
|
|
|
|
|
|
|
|
// Check authentication via session
|
2026-03-17 23:22:24 -04:00
|
|
|
if (session_status() === PHP_SESSION_NONE) {
|
|
|
|
|
session_start();
|
|
|
|
|
}
|
2026-01-01 15:40:32 -05:00
|
|
|
if (!isset($_SESSION['user']) || !isset($_SESSION['user']['user_id'])) {
|
|
|
|
|
throw new Exception("Authentication required");
|
|
|
|
|
}
|
2026-01-09 12:32:34 -05:00
|
|
|
|
|
|
|
|
// CSRF Protection
|
|
|
|
|
require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php';
|
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST' || $_SERVER['REQUEST_METHOD'] === 'PUT') {
|
|
|
|
|
$csrfToken = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
|
|
|
|
|
if (!CsrfMiddleware::validateToken($csrfToken)) {
|
|
|
|
|
http_response_code(403);
|
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
|
echo json_encode(['success' => false, 'error' => 'Invalid CSRF token']);
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-01 15:40:32 -05:00
|
|
|
$currentUser = $_SESSION['user'];
|
|
|
|
|
$userId = $currentUser['user_id'];
|
2026-01-01 18:57:23 -05:00
|
|
|
$isAdmin = $currentUser['is_admin'] ?? false;
|
2026-01-01 15:40:32 -05:00
|
|
|
|
2025-09-05 11:08:56 -04:00
|
|
|
// Updated controller class that handles partial updates
|
2025-05-16 20:02:49 -04:00
|
|
|
class ApiTicketController {
|
|
|
|
|
private $ticketModel;
|
|
|
|
|
private $commentModel;
|
2026-01-01 15:40:32 -05:00
|
|
|
private $auditLog;
|
2026-01-01 18:57:23 -05:00
|
|
|
private $workflowModel;
|
2026-01-01 15:40:32 -05:00
|
|
|
private $userId;
|
2026-01-01 18:57:23 -05:00
|
|
|
private $isAdmin;
|
2026-01-01 15:40:32 -05:00
|
|
|
|
2026-02-11 14:50:06 -05:00
|
|
|
public function __construct($conn, $userId = null, $isAdmin = false) {
|
2025-05-16 20:02:49 -04:00
|
|
|
$this->ticketModel = new TicketModel($conn);
|
|
|
|
|
$this->commentModel = new CommentModel($conn);
|
2026-01-01 15:40:32 -05:00
|
|
|
$this->auditLog = new AuditLogModel($conn);
|
2026-01-01 18:57:23 -05:00
|
|
|
$this->workflowModel = new WorkflowModel($conn);
|
2026-01-01 15:40:32 -05:00
|
|
|
$this->userId = $userId;
|
2026-01-01 18:57:23 -05:00
|
|
|
$this->isAdmin = $isAdmin;
|
2025-05-16 20:02:49 -04:00
|
|
|
}
|
2026-01-01 15:40:32 -05:00
|
|
|
|
2025-05-16 20:02:49 -04:00
|
|
|
public function update($id, $data) {
|
2025-09-05 11:08:56 -04:00
|
|
|
// First, get the current ticket data to fill in missing fields
|
|
|
|
|
$currentTicket = $this->ticketModel->getTicketById($id);
|
|
|
|
|
if (!$currentTicket) {
|
|
|
|
|
return [
|
|
|
|
|
'success' => false,
|
|
|
|
|
'error' => 'Ticket not found'
|
|
|
|
|
];
|
|
|
|
|
}
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
|
2026-03-19 22:20:43 -04:00
|
|
|
// Authorization: admins can edit any ticket; others only their own or assigned
|
|
|
|
|
if (!$this->isAdmin
|
|
|
|
|
&& $currentTicket['created_by'] != $this->userId
|
|
|
|
|
&& $currentTicket['assigned_to'] != $this->userId
|
|
|
|
|
) {
|
|
|
|
|
return [
|
|
|
|
|
'success' => false,
|
|
|
|
|
'error' => 'Permission denied'
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
2025-09-05 11:08:56 -04:00
|
|
|
// Merge current data with updates, keeping existing values for missing fields
|
|
|
|
|
$updateData = [
|
|
|
|
|
'ticket_id' => $id,
|
|
|
|
|
'title' => $data['title'] ?? $currentTicket['title'],
|
|
|
|
|
'description' => $data['description'] ?? $currentTicket['description'],
|
|
|
|
|
'category' => $data['category'] ?? $currentTicket['category'],
|
|
|
|
|
'type' => $data['type'] ?? $currentTicket['type'],
|
|
|
|
|
'status' => $data['status'] ?? $currentTicket['status'],
|
|
|
|
|
'priority' => isset($data['priority']) ? (int)$data['priority'] : (int)$currentTicket['priority']
|
|
|
|
|
];
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
|
2025-09-05 11:08:56 -04:00
|
|
|
// Validate required fields
|
|
|
|
|
if (empty($updateData['title'])) {
|
2025-05-16 20:02:49 -04:00
|
|
|
return [
|
|
|
|
|
'success' => false,
|
|
|
|
|
'error' => 'Title cannot be empty'
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
2025-09-05 11:08:56 -04:00
|
|
|
// Validate priority range
|
|
|
|
|
if ($updateData['priority'] < 1 || $updateData['priority'] > 5) {
|
|
|
|
|
return [
|
|
|
|
|
'success' => false,
|
|
|
|
|
'error' => 'Priority must be between 1 and 5'
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-01 18:57:23 -05:00
|
|
|
// Validate status transition using workflow model
|
|
|
|
|
if ($currentTicket['status'] !== $updateData['status']) {
|
|
|
|
|
$allowed = $this->workflowModel->isTransitionAllowed(
|
|
|
|
|
$currentTicket['status'],
|
|
|
|
|
$updateData['status'],
|
|
|
|
|
$this->isAdmin
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (!$allowed) {
|
|
|
|
|
return [
|
|
|
|
|
'success' => false,
|
|
|
|
|
'error' => 'Status transition not allowed: ' . $currentTicket['status'] . ' → ' . $updateData['status']
|
|
|
|
|
];
|
|
|
|
|
}
|
2025-09-05 11:08:56 -04:00
|
|
|
}
|
2026-01-01 15:40:32 -05:00
|
|
|
|
2026-01-30 14:39:13 -05:00
|
|
|
// Update ticket with user tracking and optional optimistic locking
|
|
|
|
|
$expectedUpdatedAt = $data['expected_updated_at'] ?? null;
|
|
|
|
|
$result = $this->ticketModel->updateTicket($updateData, $this->userId, $expectedUpdatedAt);
|
|
|
|
|
|
|
|
|
|
// Handle conflict case
|
|
|
|
|
if (!$result['success']) {
|
|
|
|
|
$response = [
|
|
|
|
|
'success' => false,
|
|
|
|
|
'error' => $result['error'] ?? 'Failed to update ticket in database'
|
|
|
|
|
];
|
|
|
|
|
if (!empty($result['conflict'])) {
|
|
|
|
|
$response['conflict'] = true;
|
|
|
|
|
$response['current_updated_at'] = $result['current_updated_at'] ?? null;
|
|
|
|
|
}
|
|
|
|
|
return $response;
|
|
|
|
|
}
|
2026-01-01 15:40:32 -05:00
|
|
|
|
2026-01-23 10:01:50 -05:00
|
|
|
// Handle visibility update if provided
|
2026-01-30 14:39:13 -05:00
|
|
|
if (isset($data['visibility'])) {
|
2026-01-23 10:01:50 -05:00
|
|
|
$visibilityGroups = $data['visibility_groups'] ?? null;
|
|
|
|
|
// Convert array to comma-separated string if needed
|
|
|
|
|
if (is_array($visibilityGroups)) {
|
|
|
|
|
$visibilityGroups = implode(',', array_map('trim', $visibilityGroups));
|
|
|
|
|
}
|
2026-01-28 20:27:15 -05:00
|
|
|
|
|
|
|
|
// Validate internal visibility requires groups
|
|
|
|
|
if ($data['visibility'] === 'internal' && (empty($visibilityGroups) || trim($visibilityGroups) === '')) {
|
|
|
|
|
return [
|
|
|
|
|
'success' => false,
|
|
|
|
|
'error' => 'Internal visibility requires at least one group to be specified'
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-23 10:01:50 -05:00
|
|
|
$this->ticketModel->updateVisibility($id, $data['visibility'], $visibilityGroups, $this->userId);
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-30 14:39:13 -05:00
|
|
|
// Log ticket update to audit log
|
|
|
|
|
if ($this->userId) {
|
|
|
|
|
$this->auditLog->logTicketUpdate($this->userId, $id, $data);
|
|
|
|
|
}
|
2026-01-01 15:40:32 -05:00
|
|
|
|
2026-01-30 14:39:13 -05:00
|
|
|
return [
|
|
|
|
|
'success' => true,
|
|
|
|
|
'status' => $updateData['status'],
|
|
|
|
|
'priority' => $updateData['priority'],
|
|
|
|
|
'message' => 'Ticket updated successfully'
|
|
|
|
|
];
|
2025-05-16 20:02:49 -04:00
|
|
|
}
|
|
|
|
|
}
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
|
2026-01-30 14:39:13 -05:00
|
|
|
// Use centralized database connection
|
|
|
|
|
$conn = Database::getConnection();
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
|
2025-09-05 11:08:56 -04:00
|
|
|
// Check request method
|
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
|
|
|
throw new Exception("Method not allowed. Expected POST, got " . $_SERVER['REQUEST_METHOD']);
|
|
|
|
|
}
|
|
|
|
|
|
2025-05-16 20:02:49 -04:00
|
|
|
// Get POST data
|
|
|
|
|
$input = file_get_contents('php://input');
|
|
|
|
|
$data = json_decode($input, true);
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
|
2025-05-16 20:02:49 -04:00
|
|
|
if (!$data) {
|
|
|
|
|
throw new Exception("Invalid JSON data received: " . $input);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!isset($data['ticket_id'])) {
|
|
|
|
|
throw new Exception("Missing ticket_id parameter");
|
|
|
|
|
}
|
|
|
|
|
|
2025-09-05 11:08:56 -04:00
|
|
|
$ticketId = (int)$data['ticket_id'];
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
|
2025-05-16 20:02:49 -04:00
|
|
|
// Initialize controller
|
2026-02-11 14:50:06 -05:00
|
|
|
$controller = new ApiTicketController($conn, $userId, $isAdmin);
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
|
2025-05-16 20:02:49 -04:00
|
|
|
// Update ticket
|
|
|
|
|
$result = $controller->update($ticketId, $data);
|
|
|
|
|
|
|
|
|
|
// Discard any output that might have been generated
|
|
|
|
|
ob_end_clean();
|
|
|
|
|
|
|
|
|
|
// Return response
|
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
|
echo json_encode($result);
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
|
2025-05-16 20:02:49 -04:00
|
|
|
} catch (Exception $e) {
|
|
|
|
|
// Discard any output that might have been generated
|
|
|
|
|
ob_end_clean();
|
2026-01-30 18:56:29 -05:00
|
|
|
|
|
|
|
|
// Log error details but don't expose to client
|
|
|
|
|
error_log("Update ticket API error: " . $e->getMessage());
|
|
|
|
|
|
2025-05-16 20:02:49 -04:00
|
|
|
// Return error response
|
|
|
|
|
header('Content-Type: application/json');
|
2025-09-05 11:08:56 -04:00
|
|
|
http_response_code(500);
|
2025-05-16 20:02:49 -04:00
|
|
|
echo json_encode([
|
|
|
|
|
'success' => false,
|
2026-01-30 18:56:29 -05:00
|
|
|
'error' => 'An internal error occurred'
|
2025-05-16 20:02:49 -04:00
|
|
|
]);
|
|
|
|
|
}
|
2025-09-05 11:08:56 -04:00
|
|
|
?>
|