api/assign_ticket.php

<?php
require_once __DIR__ . '/bootstrap.php';
require_once dirname(__DIR__) . '/models/TicketModel.php';
require_once dirname(__DIR__) . '/models/AuditLogModel.php';
require_once dirname(__DIR__) . '/models/UserModel.php';
require_once dirname(__DIR__) . '/helpers/NotificationHelper.php';
require_once dirname(__DIR__) . '/helpers/SynapseHelper.php';

// Get request data
$data = json_decode(file_get_contents('php://input'), true);
if (!is_array($data)) {
    http_response_code(400);
    echo json_encode(['success' => false, 'error' => 'Invalid JSON body']);
    exit;
}

$ticketIdRaw = isset($data['ticket_id']) ? trim((string)$data['ticket_id']) : '';
$assignedTo = $data['assigned_to'] ?? null;

if (!ctype_digit($ticketIdRaw) || (int)$ticketIdRaw <= 0) {
    http_response_code(400);
    echo json_encode(['success' => false, 'error' => 'Ticket ID required']);
    exit;
}
$ticketId = $ticketIdRaw;

$ticketModel = new TicketModel($conn);
$auditLogModel = new AuditLogModel($conn);
$userModel = new UserModel($conn);

// Verify ticket exists and user can access it
$ticket = $ticketModel->getTicketById($ticketId);
if (!$ticket || !$ticketModel->canUserAccessTicket($ticket, $currentUser)) {
    http_response_code(404);
    echo json_encode(['success' => false, 'error' => 'Ticket not found']);
    exit;
}

// Authorization: only admins or the ticket creator/assignee can reassign
if (!$isAdmin && (int)$ticket['created_by'] !== (int)$userId && (int)$ticket['assigned_to'] !== (int)$userId) {
    http_response_code(403);
    echo json_encode(['success' => false, 'error' => 'Permission denied']);
    exit;
}

if ($assignedTo === null || $assignedTo === '') {
    // Unassign ticket
    $success = $ticketModel->unassignTicket($ticketId, $userId);
    if ($success) {
        $auditLogModel->log($userId, 'unassign', 'ticket', $ticketId);
    }
} else {
    // Validate assigned_to is a valid user ID
    $assignedTo = (int)$assignedTo;
    $targetUser = $userModel->getUserById($assignedTo);
    if (!$targetUser) {
        http_response_code(400);
        echo json_encode(['success' => false, 'error' => 'Invalid user ID']);
        exit;
    }

    // Assign ticket
    $success = $ticketModel->assignTicket($ticketId, $assignedTo, $userId);
    if ($success) {
        $auditLogModel->log($userId, 'assign', 'ticket', $ticketId, ['assigned_to' => $assignedTo]);

        if (!empty($GLOBALS['config']['MATRIX_NOTIFY_ASSIGNMENTS'])) {
            $changedByDisplay = $currentUser['display_name'] ?? $currentUser['username'] ?? null;
            $assigneeName     = $targetUser['display_name'] ?? $targetUser['username'] ?? null;
            $assigneeMatrix   = isset($targetUser['username'])
                                ? SynapseHelper::resolveUsername($targetUser['username'])
                                : null;
            NotificationHelper::sendAssignmentNotification(
                $ticketId,
                $ticket['title'] ?? "Ticket #{$ticketId}",
                $assigneeName,
                $assigneeMatrix,
                $changedByDisplay
            );
        }
    }
}

if (!$success) {
    http_response_code(500);
    apiRespond(['success' => false, 'error' => 'Failed to update ticket assignment']);
} else {
    require_once dirname(__DIR__) . '/models/StatsModel.php';
    (new StatsModel($conn))->invalidateCache();
    apiRespond(['success' => true]);
}
Add Ticket Assignment feature (Feature 2) 2026-01-01 18:36:34 -05:00			`<?php`
Audit fixes: security, dead code removal, API consolidation, JS dedup 2026-02-11 14:50:06 -05:00			`require_once __DIR__ . '/bootstrap.php';`
Fix: Resolve ticket assignment JSON error 2026-01-01 19:07:56 -05:00			`require_once dirname(__DIR__) . '/models/TicketModel.php';`
			`require_once dirname(__DIR__) . '/models/AuditLogModel.php';`
Implement comprehensive improvement plan (Phases 1-6) 2026-01-20 09:55:01 -05:00			`require_once dirname(__DIR__) . '/models/UserModel.php';`
feat: comment pagination, Matrix integration, Synapse mention resolution 2026-03-29 21:34:16 -04:00			`require_once dirname(__DIR__) . '/helpers/NotificationHelper.php';`
			`require_once dirname(__DIR__) . '/helpers/SynapseHelper.php';`
Add Ticket Assignment feature (Feature 2) 2026-01-01 18:36:34 -05:00
			`// Get request data`
			`$data = json_decode(file_get_contents('php://input'), true);`
Fix bracket buttons rendering below text + UI/security improvements 2026-03-19 22:20:43 -04:00			`if (!is_array($data)) {`
			`http_response_code(400);`
			`echo json_encode(['success' => false, 'error' => 'Invalid JSON body']);`
			`exit;`
			`}`

Fix ticket ID handling in assign and delete_attachment APIs 2026-04-11 13:31:10 -04:00			`$ticketIdRaw = isset($data['ticket_id']) ? trim((string)$data['ticket_id']) : '';`
Add Ticket Assignment feature (Feature 2) 2026-01-01 18:36:34 -05:00			`$assignedTo = $data['assigned_to'] ?? null;`

Fix ticket ID handling in assign and delete_attachment APIs 2026-04-11 13:31:10 -04:00			`if (!ctype_digit($ticketIdRaw) \|\| (int)$ticketIdRaw <= 0) {`
Fix bracket buttons rendering below text + UI/security improvements 2026-03-19 22:20:43 -04:00			`http_response_code(400);`
Add Ticket Assignment feature (Feature 2) 2026-01-01 18:36:34 -05:00			`echo json_encode(['success' => false, 'error' => 'Ticket ID required']);`
			`exit;`
			`}`
Fix ticket ID handling in assign and delete_attachment APIs 2026-04-11 13:31:10 -04:00			`$ticketId = $ticketIdRaw;`
Add Ticket Assignment feature (Feature 2) 2026-01-01 18:36:34 -05:00
			`$ticketModel = new TicketModel($conn);`
			`$auditLogModel = new AuditLogModel($conn);`
Implement comprehensive improvement plan (Phases 1-6) 2026-01-20 09:55:01 -05:00			`$userModel = new UserModel($conn);`
Add Ticket Assignment feature (Feature 2) 2026-01-01 18:36:34 -05:00
Fix visibility enforcement and register missing API routes 2026-03-20 21:39:02 -04:00			`// Verify ticket exists and user can access it`
Fix bracket buttons rendering below text + UI/security improvements 2026-03-19 22:20:43 -04:00			`$ticket = $ticketModel->getTicketById($ticketId);`
Fix visibility enforcement and register missing API routes 2026-03-20 21:39:02 -04:00			`if (!$ticket \|\| !$ticketModel->canUserAccessTicket($ticket, $currentUser)) {`
Fix bracket buttons rendering below text + UI/security improvements 2026-03-19 22:20:43 -04:00			`http_response_code(404);`
			`echo json_encode(['success' => false, 'error' => 'Ticket not found']);`
			`exit;`
			`}`

			`// Authorization: only admins or the ticket creator/assignee can reassign`
Fix loose comparisons, missing response codes, and session handling 2026-03-29 17:39:46 -04:00			`if (!$isAdmin && (int)$ticket['created_by'] !== (int)$userId && (int)$ticket['assigned_to'] !== (int)$userId) {`
Fix bracket buttons rendering below text + UI/security improvements 2026-03-19 22:20:43 -04:00			`http_response_code(403);`
			`echo json_encode(['success' => false, 'error' => 'Permission denied']);`
			`exit;`
			`}`

Add Ticket Assignment feature (Feature 2) 2026-01-01 18:36:34 -05:00			`if ($assignedTo === null \|\| $assignedTo === '') {`
			`// Unassign ticket`
Fix: Resolve ticket assignment JSON error 2026-01-01 19:07:56 -05:00			`$success = $ticketModel->unassignTicket($ticketId, $userId);`
Add Ticket Assignment feature (Feature 2) 2026-01-01 18:36:34 -05:00			`if ($success) {`
Fix: Resolve ticket assignment JSON error 2026-01-01 19:07:56 -05:00			`$auditLogModel->log($userId, 'unassign', 'ticket', $ticketId);`
Add Ticket Assignment feature (Feature 2) 2026-01-01 18:36:34 -05:00			`}`
			`} else {`
Implement comprehensive improvement plan (Phases 1-6) 2026-01-20 09:55:01 -05:00			`// Validate assigned_to is a valid user ID`
			`$assignedTo = (int)$assignedTo;`
			`$targetUser = $userModel->getUserById($assignedTo);`
			`if (!$targetUser) {`
Fix loose comparisons, missing response codes, and session handling 2026-03-29 17:39:46 -04:00			`http_response_code(400);`
Implement comprehensive improvement plan (Phases 1-6) 2026-01-20 09:55:01 -05:00			`echo json_encode(['success' => false, 'error' => 'Invalid user ID']);`
			`exit;`
			`}`

Add Ticket Assignment feature (Feature 2) 2026-01-01 18:36:34 -05:00			`// Assign ticket`
Fix: Resolve ticket assignment JSON error 2026-01-01 19:07:56 -05:00			`$success = $ticketModel->assignTicket($ticketId, $assignedTo, $userId);`
Add Ticket Assignment feature (Feature 2) 2026-01-01 18:36:34 -05:00			`if ($success) {`
Fix: Resolve ticket assignment JSON error 2026-01-01 19:07:56 -05:00			`$auditLogModel->log($userId, 'assign', 'ticket', $ticketId, ['assigned_to' => $assignedTo]);`
feat: comment pagination, Matrix integration, Synapse mention resolution 2026-03-29 21:34:16 -04:00
			`if (!empty($GLOBALS['config']['MATRIX_NOTIFY_ASSIGNMENTS'])) {`
			`$changedByDisplay = $currentUser['display_name'] ?? $currentUser['username'] ?? null;`
			`$assigneeName = $targetUser['display_name'] ?? $targetUser['username'] ?? null;`
			`$assigneeMatrix = isset($targetUser['username'])`
			`? SynapseHelper::resolveUsername($targetUser['username'])`
			`: null;`
			`NotificationHelper::sendAssignmentNotification(`
			`$ticketId,`
			`$ticket['title'] ?? "Ticket #{$ticketId}",`
			`$assigneeName,`
			`$assigneeMatrix,`
			`$changedByDisplay`
			`);`
			`}`
Add Ticket Assignment feature (Feature 2) 2026-01-01 18:36:34 -05:00			`}`
			`}`

Fix bracket buttons rendering below text + UI/security improvements 2026-03-19 22:20:43 -04:00			`if (!$success) {`
			`http_response_code(500);`
fix: CSRF token staleness causing intermittent 403 on POST actions 2026-03-30 19:01:18 -04:00			`apiRespond(['success' => false, 'error' => 'Failed to update ticket assignment']);`
Fix bracket buttons rendering below text + UI/security improvements 2026-03-19 22:20:43 -04:00			`} else {`
Invalidate stats cache after any ticket-modifying API call 2026-04-05 12:39:24 -04:00			`require_once dirname(__DIR__) . '/models/StatsModel.php';`
			`(new StatsModel($conn))->invalidateCache();`
fix: CSRF token staleness causing intermittent 403 on POST actions 2026-03-30 19:01:18 -04:00			`apiRespond(['success' => true]);`
Fix bracket buttons rendering below text + UI/security improvements 2026-03-19 22:20:43 -04:00			`}`