2025-05-16 20:02:49 -04:00
|
|
|
<?php
|
|
|
|
|
// Enable error reporting for debugging
|
|
|
|
|
error_reporting(E_ALL);
|
|
|
|
|
ini_set('display_errors', 0); // Don't display errors in the response
|
|
|
|
|
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
// Apply rate limiting
|
|
|
|
|
require_once dirname(__DIR__) . '/middleware/RateLimitMiddleware.php';
|
|
|
|
|
RateLimitMiddleware::apply('api');
|
2025-05-16 20:02:49 -04:00
|
|
|
|
|
|
|
|
// Start output buffering to capture any errors
|
|
|
|
|
ob_start();
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
// Load config
|
|
|
|
|
$configPath = dirname(__DIR__) . '/config/config.php';
|
|
|
|
|
require_once $configPath;
|
2026-01-30 14:39:13 -05:00
|
|
|
require_once dirname(__DIR__) . '/helpers/Database.php';
|
Add security logging, domain validation, and output helpers
- Add authentication failure logging to AuthMiddleware (session expiry,
access denied, unauthenticated access attempts)
- Add UrlHelper for secure URL generation with host validation against
configurable ALLOWED_HOSTS whitelist
- Add OutputHelper with consistent XSS-safe escaping functions (h, attr,
json, url, css, truncate, date, cssClass)
- Add validation to AuditLogModel query parameters (pagination limits,
date format validation, action/entity type validation, IP sanitization)
- Add APP_DOMAIN and ALLOWED_HOSTS configuration options
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 18:51:16 -05:00
|
|
|
require_once dirname(__DIR__) . '/helpers/UrlHelper.php';
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
|
2025-09-05 11:08:56 -04:00
|
|
|
// Load environment variables (for Discord webhook)
|
|
|
|
|
$envPath = dirname(__DIR__) . '/.env';
|
|
|
|
|
$envVars = [];
|
|
|
|
|
if (file_exists($envPath)) {
|
|
|
|
|
$lines = file($envPath, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
|
|
|
|
|
foreach ($lines as $line) {
|
|
|
|
|
if (strpos($line, '=') !== false && strpos($line, '#') !== 0) {
|
|
|
|
|
list($key, $value) = explode('=', $line, 2);
|
2026-01-01 16:40:04 -05:00
|
|
|
$key = trim($key);
|
|
|
|
|
$value = trim($value);
|
|
|
|
|
// Remove surrounding quotes if present
|
|
|
|
|
if ((substr($value, 0, 1) === '"' && substr($value, -1) === '"') ||
|
|
|
|
|
(substr($value, 0, 1) === "'" && substr($value, -1) === "'")) {
|
|
|
|
|
$value = substr($value, 1, -1);
|
|
|
|
|
}
|
|
|
|
|
$envVars[$key] = $value;
|
2025-09-05 11:08:56 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2025-05-16 20:02:49 -04:00
|
|
|
// Load models directly with absolute paths
|
|
|
|
|
$ticketModelPath = dirname(__DIR__) . '/models/TicketModel.php';
|
|
|
|
|
$commentModelPath = dirname(__DIR__) . '/models/CommentModel.php';
|
2026-01-01 15:40:32 -05:00
|
|
|
$auditLogModelPath = dirname(__DIR__) . '/models/AuditLogModel.php';
|
2026-01-01 18:57:23 -05:00
|
|
|
$workflowModelPath = dirname(__DIR__) . '/models/WorkflowModel.php';
|
2026-01-01 15:40:32 -05:00
|
|
|
|
2025-05-16 20:02:49 -04:00
|
|
|
require_once $ticketModelPath;
|
|
|
|
|
require_once $commentModelPath;
|
2026-01-01 15:40:32 -05:00
|
|
|
require_once $auditLogModelPath;
|
2026-01-01 18:57:23 -05:00
|
|
|
require_once $workflowModelPath;
|
2026-01-01 15:40:32 -05:00
|
|
|
|
|
|
|
|
// Check authentication via session
|
|
|
|
|
session_start();
|
|
|
|
|
if (!isset($_SESSION['user']) || !isset($_SESSION['user']['user_id'])) {
|
|
|
|
|
throw new Exception("Authentication required");
|
|
|
|
|
}
|
2026-01-09 12:32:34 -05:00
|
|
|
|
|
|
|
|
// CSRF Protection
|
|
|
|
|
require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php';
|
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST' || $_SERVER['REQUEST_METHOD'] === 'PUT') {
|
|
|
|
|
$csrfToken = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
|
|
|
|
|
if (!CsrfMiddleware::validateToken($csrfToken)) {
|
|
|
|
|
http_response_code(403);
|
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
|
echo json_encode(['success' => false, 'error' => 'Invalid CSRF token']);
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-01 15:40:32 -05:00
|
|
|
$currentUser = $_SESSION['user'];
|
|
|
|
|
$userId = $currentUser['user_id'];
|
2026-01-01 18:57:23 -05:00
|
|
|
$isAdmin = $currentUser['is_admin'] ?? false;
|
2026-01-01 15:40:32 -05:00
|
|
|
|
2025-09-05 11:08:56 -04:00
|
|
|
// Updated controller class that handles partial updates
|
2025-05-16 20:02:49 -04:00
|
|
|
class ApiTicketController {
|
|
|
|
|
private $ticketModel;
|
|
|
|
|
private $commentModel;
|
2026-01-01 15:40:32 -05:00
|
|
|
private $auditLog;
|
2026-01-01 18:57:23 -05:00
|
|
|
private $workflowModel;
|
2025-09-05 11:08:56 -04:00
|
|
|
private $envVars;
|
2026-01-01 15:40:32 -05:00
|
|
|
private $userId;
|
2026-01-01 18:57:23 -05:00
|
|
|
private $isAdmin;
|
2026-01-01 15:40:32 -05:00
|
|
|
|
2026-01-01 18:57:23 -05:00
|
|
|
public function __construct($conn, $envVars = [], $userId = null, $isAdmin = false) {
|
2025-05-16 20:02:49 -04:00
|
|
|
$this->ticketModel = new TicketModel($conn);
|
|
|
|
|
$this->commentModel = new CommentModel($conn);
|
2026-01-01 15:40:32 -05:00
|
|
|
$this->auditLog = new AuditLogModel($conn);
|
2026-01-01 18:57:23 -05:00
|
|
|
$this->workflowModel = new WorkflowModel($conn);
|
2025-09-05 11:08:56 -04:00
|
|
|
$this->envVars = $envVars;
|
2026-01-01 15:40:32 -05:00
|
|
|
$this->userId = $userId;
|
2026-01-01 18:57:23 -05:00
|
|
|
$this->isAdmin = $isAdmin;
|
2025-05-16 20:02:49 -04:00
|
|
|
}
|
2026-01-01 15:40:32 -05:00
|
|
|
|
2025-05-16 20:02:49 -04:00
|
|
|
public function update($id, $data) {
|
2025-09-05 11:08:56 -04:00
|
|
|
// First, get the current ticket data to fill in missing fields
|
|
|
|
|
$currentTicket = $this->ticketModel->getTicketById($id);
|
|
|
|
|
if (!$currentTicket) {
|
|
|
|
|
return [
|
|
|
|
|
'success' => false,
|
|
|
|
|
'error' => 'Ticket not found'
|
|
|
|
|
];
|
|
|
|
|
}
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
|
2025-09-05 11:08:56 -04:00
|
|
|
// Merge current data with updates, keeping existing values for missing fields
|
|
|
|
|
$updateData = [
|
|
|
|
|
'ticket_id' => $id,
|
|
|
|
|
'title' => $data['title'] ?? $currentTicket['title'],
|
|
|
|
|
'description' => $data['description'] ?? $currentTicket['description'],
|
|
|
|
|
'category' => $data['category'] ?? $currentTicket['category'],
|
|
|
|
|
'type' => $data['type'] ?? $currentTicket['type'],
|
|
|
|
|
'status' => $data['status'] ?? $currentTicket['status'],
|
|
|
|
|
'priority' => isset($data['priority']) ? (int)$data['priority'] : (int)$currentTicket['priority']
|
|
|
|
|
];
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
|
2025-09-05 11:08:56 -04:00
|
|
|
// Validate required fields
|
|
|
|
|
if (empty($updateData['title'])) {
|
2025-05-16 20:02:49 -04:00
|
|
|
return [
|
|
|
|
|
'success' => false,
|
|
|
|
|
'error' => 'Title cannot be empty'
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
2025-09-05 11:08:56 -04:00
|
|
|
// Validate priority range
|
|
|
|
|
if ($updateData['priority'] < 1 || $updateData['priority'] > 5) {
|
|
|
|
|
return [
|
|
|
|
|
'success' => false,
|
|
|
|
|
'error' => 'Priority must be between 1 and 5'
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-01 18:57:23 -05:00
|
|
|
// Validate status transition using workflow model
|
|
|
|
|
if ($currentTicket['status'] !== $updateData['status']) {
|
|
|
|
|
$allowed = $this->workflowModel->isTransitionAllowed(
|
|
|
|
|
$currentTicket['status'],
|
|
|
|
|
$updateData['status'],
|
|
|
|
|
$this->isAdmin
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (!$allowed) {
|
|
|
|
|
return [
|
|
|
|
|
'success' => false,
|
|
|
|
|
'error' => 'Status transition not allowed: ' . $currentTicket['status'] . ' → ' . $updateData['status']
|
|
|
|
|
];
|
|
|
|
|
}
|
2025-09-05 11:08:56 -04:00
|
|
|
}
|
2026-01-01 15:40:32 -05:00
|
|
|
|
2026-01-30 14:39:13 -05:00
|
|
|
// Update ticket with user tracking and optional optimistic locking
|
|
|
|
|
$expectedUpdatedAt = $data['expected_updated_at'] ?? null;
|
|
|
|
|
$result = $this->ticketModel->updateTicket($updateData, $this->userId, $expectedUpdatedAt);
|
|
|
|
|
|
|
|
|
|
// Handle conflict case
|
|
|
|
|
if (!$result['success']) {
|
|
|
|
|
$response = [
|
|
|
|
|
'success' => false,
|
|
|
|
|
'error' => $result['error'] ?? 'Failed to update ticket in database'
|
|
|
|
|
];
|
|
|
|
|
if (!empty($result['conflict'])) {
|
|
|
|
|
$response['conflict'] = true;
|
|
|
|
|
$response['current_updated_at'] = $result['current_updated_at'] ?? null;
|
|
|
|
|
}
|
|
|
|
|
return $response;
|
|
|
|
|
}
|
2026-01-01 15:40:32 -05:00
|
|
|
|
2026-01-23 10:01:50 -05:00
|
|
|
// Handle visibility update if provided
|
2026-01-30 14:39:13 -05:00
|
|
|
if (isset($data['visibility'])) {
|
2026-01-23 10:01:50 -05:00
|
|
|
$visibilityGroups = $data['visibility_groups'] ?? null;
|
|
|
|
|
// Convert array to comma-separated string if needed
|
|
|
|
|
if (is_array($visibilityGroups)) {
|
|
|
|
|
$visibilityGroups = implode(',', array_map('trim', $visibilityGroups));
|
|
|
|
|
}
|
2026-01-28 20:27:15 -05:00
|
|
|
|
|
|
|
|
// Validate internal visibility requires groups
|
|
|
|
|
if ($data['visibility'] === 'internal' && (empty($visibilityGroups) || trim($visibilityGroups) === '')) {
|
|
|
|
|
return [
|
|
|
|
|
'success' => false,
|
|
|
|
|
'error' => 'Internal visibility requires at least one group to be specified'
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-23 10:01:50 -05:00
|
|
|
$this->ticketModel->updateVisibility($id, $data['visibility'], $visibilityGroups, $this->userId);
|
|
|
|
|
}
|
|
|
|
|
|
2026-01-30 14:39:13 -05:00
|
|
|
// Log ticket update to audit log
|
|
|
|
|
if ($this->userId) {
|
|
|
|
|
$this->auditLog->logTicketUpdate($this->userId, $id, $data);
|
|
|
|
|
}
|
2026-01-01 15:40:32 -05:00
|
|
|
|
2026-01-30 14:39:13 -05:00
|
|
|
// Discord webhook disabled for updates - only send for new tickets
|
|
|
|
|
// $this->sendDiscordWebhook($id, $currentTicket, $updateData, $data);
|
2026-01-01 15:40:32 -05:00
|
|
|
|
2026-01-30 14:39:13 -05:00
|
|
|
return [
|
|
|
|
|
'success' => true,
|
|
|
|
|
'status' => $updateData['status'],
|
|
|
|
|
'priority' => $updateData['priority'],
|
|
|
|
|
'message' => 'Ticket updated successfully'
|
|
|
|
|
];
|
2025-05-16 20:02:49 -04:00
|
|
|
}
|
2025-09-05 11:08:56 -04:00
|
|
|
|
|
|
|
|
private function sendDiscordWebhook($ticketId, $oldData, $newData, $changedFields) {
|
|
|
|
|
if (!isset($this->envVars['DISCORD_WEBHOOK_URL']) || empty($this->envVars['DISCORD_WEBHOOK_URL'])) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
|
2025-09-05 11:08:56 -04:00
|
|
|
$webhookUrl = $this->envVars['DISCORD_WEBHOOK_URL'];
|
|
|
|
|
|
|
|
|
|
// Determine what fields actually changed
|
|
|
|
|
$changes = [];
|
|
|
|
|
foreach ($changedFields as $field => $newValue) {
|
|
|
|
|
if ($field === 'ticket_id') continue; // Skip ticket_id
|
|
|
|
|
|
|
|
|
|
$oldValue = $oldData[$field] ?? 'N/A';
|
|
|
|
|
if ($oldValue != $newValue) {
|
|
|
|
|
$changes[] = [
|
|
|
|
|
'name' => ucfirst($field),
|
|
|
|
|
'value' => "$oldValue → $newValue",
|
|
|
|
|
'inline' => true
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (empty($changes)) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
Add security logging, domain validation, and output helpers
- Add authentication failure logging to AuthMiddleware (session expiry,
access denied, unauthenticated access attempts)
- Add UrlHelper for secure URL generation with host validation against
configurable ALLOWED_HOSTS whitelist
- Add OutputHelper with consistent XSS-safe escaping functions (h, attr,
json, url, css, truncate, date, cssClass)
- Add validation to AuditLogModel query parameters (pagination limits,
date format validation, action/entity type validation, IP sanitization)
- Add APP_DOMAIN and ALLOWED_HOSTS configuration options
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-30 18:51:16 -05:00
|
|
|
// Create ticket URL using validated host
|
|
|
|
|
$ticketUrl = UrlHelper::ticketUrl($ticketId);
|
2025-09-05 11:08:56 -04:00
|
|
|
|
|
|
|
|
// Determine embed color based on priority
|
|
|
|
|
$colors = [
|
|
|
|
|
1 => 0xff4d4d, // Red
|
|
|
|
|
2 => 0xffa726, // Orange
|
|
|
|
|
3 => 0x42a5f5, // Blue
|
|
|
|
|
4 => 0x66bb6a, // Green
|
|
|
|
|
5 => 0x9e9e9e // Gray
|
|
|
|
|
];
|
|
|
|
|
$color = $colors[$newData['priority']] ?? 0x3498db;
|
|
|
|
|
|
|
|
|
|
$embed = [
|
|
|
|
|
'title' => '🔄 Ticket Updated',
|
|
|
|
|
'description' => "**#{$ticketId}** - " . $newData['title'],
|
|
|
|
|
'color' => $color,
|
|
|
|
|
'fields' => array_merge($changes, [
|
|
|
|
|
[
|
|
|
|
|
'name' => '🔗 View Ticket',
|
|
|
|
|
'value' => "[Click here to view]($ticketUrl)",
|
|
|
|
|
'inline' => false
|
|
|
|
|
]
|
|
|
|
|
]),
|
|
|
|
|
'footer' => [
|
|
|
|
|
'text' => 'Tinker Tickets'
|
|
|
|
|
],
|
|
|
|
|
'timestamp' => date('c')
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
$payload = [
|
|
|
|
|
'embeds' => [$embed]
|
|
|
|
|
];
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
|
2025-09-05 11:08:56 -04:00
|
|
|
// Send webhook
|
|
|
|
|
$ch = curl_init($webhookUrl);
|
|
|
|
|
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
|
|
|
|
|
curl_setopt($ch, CURLOPT_POST, 1);
|
|
|
|
|
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));
|
|
|
|
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
|
|
|
|
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
|
|
|
|
|
|
|
|
|
|
$webhookResult = curl_exec($ch);
|
|
|
|
|
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
|
|
|
|
$curlError = curl_error($ch);
|
|
|
|
|
curl_close($ch);
|
2026-01-30 14:39:13 -05:00
|
|
|
|
|
|
|
|
// Log webhook errors instead of silencing them
|
|
|
|
|
if ($curlError) {
|
|
|
|
|
error_log("Discord webhook cURL error for ticket #{$ticketId}: {$curlError}");
|
|
|
|
|
} elseif ($httpCode !== 204 && $httpCode !== 200) {
|
|
|
|
|
error_log("Discord webhook failed for ticket #{$ticketId}. HTTP Code: {$httpCode}, Response: " . substr($webhookResult, 0, 200));
|
|
|
|
|
}
|
2025-09-05 11:08:56 -04:00
|
|
|
}
|
2025-05-16 20:02:49 -04:00
|
|
|
}
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
|
2026-01-30 14:39:13 -05:00
|
|
|
// Use centralized database connection
|
|
|
|
|
$conn = Database::getConnection();
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
|
2025-09-05 11:08:56 -04:00
|
|
|
// Check request method
|
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
|
|
|
throw new Exception("Method not allowed. Expected POST, got " . $_SERVER['REQUEST_METHOD']);
|
|
|
|
|
}
|
|
|
|
|
|
2025-05-16 20:02:49 -04:00
|
|
|
// Get POST data
|
|
|
|
|
$input = file_get_contents('php://input');
|
|
|
|
|
$data = json_decode($input, true);
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
|
2025-05-16 20:02:49 -04:00
|
|
|
if (!$data) {
|
|
|
|
|
throw new Exception("Invalid JSON data received: " . $input);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!isset($data['ticket_id'])) {
|
|
|
|
|
throw new Exception("Missing ticket_id parameter");
|
|
|
|
|
}
|
|
|
|
|
|
2025-09-05 11:08:56 -04:00
|
|
|
$ticketId = (int)$data['ticket_id'];
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
|
2025-05-16 20:02:49 -04:00
|
|
|
// Initialize controller
|
2026-01-01 18:57:23 -05:00
|
|
|
$controller = new ApiTicketController($conn, $envVars, $userId, $isAdmin);
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
|
2025-05-16 20:02:49 -04:00
|
|
|
// Update ticket
|
|
|
|
|
$result = $controller->update($ticketId, $data);
|
|
|
|
|
|
|
|
|
|
// Discard any output that might have been generated
|
|
|
|
|
ob_end_clean();
|
|
|
|
|
|
|
|
|
|
// Return response
|
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
|
echo json_encode($result);
|
Implement comprehensive improvement plan (Phases 1-6)
Security (Phase 1-2):
- Add SecurityHeadersMiddleware with CSP, X-Frame-Options, etc.
- Add RateLimitMiddleware for API rate limiting
- Add security event logging to AuditLogModel
- Add ResponseHelper for standardized API responses
- Update config.php with security constants
Database (Phase 3):
- Add migration 014 for additional indexes
- Add migration 015 for ticket dependencies
- Add migration 016 for ticket attachments
- Add migration 017 for recurring tickets
- Add migration 018 for custom fields
Features (Phase 4-5):
- Add ticket dependencies with DependencyModel and API
- Add duplicate detection with check_duplicates API
- Add file attachments with AttachmentModel and upload/download APIs
- Add @mentions with autocomplete and highlighting
- Add quick actions on dashboard rows
Collaboration (Phase 5):
- Add mention extraction in CommentModel
- Add mention autocomplete dropdown in ticket.js
- Add mention highlighting CSS styles
Admin & Export (Phase 6):
- Add StatsModel for dashboard widgets
- Add dashboard stats cards (open, critical, unassigned, etc.)
- Add CSV/JSON export via export_tickets API
- Add rich text editor toolbar in markdown.js
- Add RecurringTicketModel with cron job
- Add CustomFieldModel for per-category fields
- Add admin views: RecurringTickets, CustomFields, Workflow,
Templates, AuditLog, UserActivity
- Add admin APIs: manage_workflows, manage_templates,
manage_recurring, custom_fields, get_users
- Add admin routes in index.php
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-20 09:55:01 -05:00
|
|
|
|
2025-05-16 20:02:49 -04:00
|
|
|
} catch (Exception $e) {
|
|
|
|
|
// Discard any output that might have been generated
|
|
|
|
|
ob_end_clean();
|
2026-01-30 18:56:29 -05:00
|
|
|
|
|
|
|
|
// Log error details but don't expose to client
|
|
|
|
|
error_log("Update ticket API error: " . $e->getMessage());
|
|
|
|
|
|
2025-05-16 20:02:49 -04:00
|
|
|
// Return error response
|
|
|
|
|
header('Content-Type: application/json');
|
2025-09-05 11:08:56 -04:00
|
|
|
http_response_code(500);
|
2025-05-16 20:02:49 -04:00
|
|
|
echo json_encode([
|
|
|
|
|
'success' => false,
|
2026-01-30 18:56:29 -05:00
|
|
|
'error' => 'An internal error occurred'
|
2025-05-16 20:02:49 -04:00
|
|
|
]);
|
|
|
|
|
}
|
2025-09-05 11:08:56 -04:00
|
|
|
?>
|