Remove dead TicketController::update() method
No route in index.php ever invokes this method — all ticket updates go through api/update_ticket.php. The method also lacked authorization checks, making its removal strictly safer. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -148,79 +148,6 @@ class TicketController {
|
||||
include dirname(__DIR__) . '/views/CreateTicketView.php';
|
||||
}
|
||||
}
|
||||
|
||||
public function update($id) {
|
||||
// Get current user
|
||||
$currentUser = $GLOBALS['currentUser'] ?? null;
|
||||
$userId = $currentUser['user_id'] ?? null;
|
||||
|
||||
// Check if this is an AJAX request
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
// For AJAX requests, get JSON data
|
||||
$input = file_get_contents('php://input');
|
||||
$data = json_decode($input, true);
|
||||
|
||||
// Add ticket_id to the data
|
||||
$data['ticket_id'] = $id;
|
||||
|
||||
// Validate input data
|
||||
if (empty($data['title'])) {
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode([
|
||||
'success' => false,
|
||||
'error' => 'Title cannot be empty'
|
||||
]);
|
||||
return;
|
||||
}
|
||||
|
||||
// Fetch current ticket values before updating (for delta logging)
|
||||
$oldTicket = $this->ticketModel->getTicketById((int)$id);
|
||||
|
||||
// Update ticket with user tracking
|
||||
// Pass expected_updated_at for optimistic locking if provided
|
||||
$expectedUpdatedAt = $data['expected_updated_at'] ?? null;
|
||||
$result = $this->ticketModel->updateTicket($data, $userId, $expectedUpdatedAt);
|
||||
|
||||
// Log ticket update to audit log — only the changed fields (delta)
|
||||
if ($result['success'] && isset($GLOBALS['auditLog']) && $userId && $oldTicket) {
|
||||
$trackFields = ['title', 'priority', 'status', 'description', 'category', 'type'];
|
||||
$delta = [];
|
||||
foreach ($trackFields as $field) {
|
||||
$oldVal = (string)($oldTicket[$field] ?? '');
|
||||
$newVal = (string)($data[$field] ?? '');
|
||||
if ($oldVal !== $newVal) {
|
||||
$delta[$field] = ['from' => $oldVal, 'to' => $newVal];
|
||||
}
|
||||
}
|
||||
if (!empty($delta)) {
|
||||
$GLOBALS['auditLog']->logTicketUpdate($userId, $id, $delta);
|
||||
}
|
||||
}
|
||||
|
||||
// Return JSON response
|
||||
header('Content-Type: application/json');
|
||||
if ($result['success']) {
|
||||
echo json_encode([
|
||||
'success' => true,
|
||||
'status' => $data['status']
|
||||
]);
|
||||
} else {
|
||||
$response = [
|
||||
'success' => false,
|
||||
'error' => $result['error'] ?? 'Failed to update ticket'
|
||||
];
|
||||
if (!empty($result['conflict'])) {
|
||||
$response['conflict'] = true;
|
||||
$response['current_updated_at'] = $result['current_updated_at'] ?? null;
|
||||
}
|
||||
echo json_encode($response);
|
||||
}
|
||||
} else {
|
||||
// For direct access, redirect to view
|
||||
header("Location: " . $GLOBALS['config']['BASE_URL'] . "/ticket/$id");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
?>
|
||||
Reference in New Issue
Block a user