From 277daf6f0029dfcc5d8be3793e5f8488622b79e5 Mon Sep 17 00:00:00 2001
From: Jared Vititoe <jjvititoe1@gmail.com>
Date: Sun, 29 Mar 2026 18:32:55 -0400
Subject: [PATCH] Remove dead TicketController::update() method
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

No route in index.php ever invokes this method — all ticket updates
go through api/update_ticket.php. The method also lacked authorization
checks, making its removal strictly safer.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 controllers/TicketController.php | 73 --------------------------------
 1 file changed, 73 deletions(-)

diff --git a/controllers/TicketController.php b/controllers/TicketController.php
index aef723f..d98336f 100644
--- a/controllers/TicketController.php
+++ b/controllers/TicketController.php
@@ -148,79 +148,6 @@ class TicketController {
             include dirname(__DIR__) . '/views/CreateTicketView.php';
         }
     }
-    
-    public function update($id) {
-        // Get current user
-        $currentUser = $GLOBALS['currentUser'] ?? null;
-        $userId = $currentUser['user_id'] ?? null;
 
-        // Check if this is an AJAX request
-        if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-            // For AJAX requests, get JSON data
-            $input = file_get_contents('php://input');
-            $data = json_decode($input, true);
-
-            // Add ticket_id to the data
-            $data['ticket_id'] = $id;
-
-            // Validate input data
-            if (empty($data['title'])) {
-                header('Content-Type: application/json');
-                echo json_encode([
-                    'success' => false,
-                    'error' => 'Title cannot be empty'
-                ]);
-                return;
-            }
-
-            // Fetch current ticket values before updating (for delta logging)
-            $oldTicket = $this->ticketModel->getTicketById((int)$id);
-
-            // Update ticket with user tracking
-            // Pass expected_updated_at for optimistic locking if provided
-            $expectedUpdatedAt = $data['expected_updated_at'] ?? null;
-            $result = $this->ticketModel->updateTicket($data, $userId, $expectedUpdatedAt);
-
-            // Log ticket update to audit log — only the changed fields (delta)
-            if ($result['success'] && isset($GLOBALS['auditLog']) && $userId && $oldTicket) {
-                $trackFields = ['title', 'priority', 'status', 'description', 'category', 'type'];
-                $delta = [];
-                foreach ($trackFields as $field) {
-                    $oldVal = (string)($oldTicket[$field] ?? '');
-                    $newVal = (string)($data[$field] ?? '');
-                    if ($oldVal !== $newVal) {
-                        $delta[$field] = ['from' => $oldVal, 'to' => $newVal];
-                    }
-                }
-                if (!empty($delta)) {
-                    $GLOBALS['auditLog']->logTicketUpdate($userId, $id, $delta);
-                }
-            }
-
-            // Return JSON response
-            header('Content-Type: application/json');
-            if ($result['success']) {
-                echo json_encode([
-                    'success' => true,
-                    'status' => $data['status']
-                ]);
-            } else {
-                $response = [
-                    'success' => false,
-                    'error' => $result['error'] ?? 'Failed to update ticket'
-                ];
-                if (!empty($result['conflict'])) {
-                    $response['conflict'] = true;
-                    $response['current_updated_at'] = $result['current_updated_at'] ?? null;
-                }
-                echo json_encode($response);
-            }
-        } else {
-            // For direct access, redirect to view
-            header("Location: " . $GLOBALS['config']['BASE_URL'] . "/ticket/$id");
-            exit;
-        }
-    }
-    
 }
 ?>
\ No newline at end of file