Remove dead TicketController::update() method
No route in index.php ever invokes this method — all ticket updates go through api/update_ticket.php. The method also lacked authorization checks, making its removal strictly safer. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -148,79 +148,6 @@ class TicketController {
|
|||||||
include dirname(__DIR__) . '/views/CreateTicketView.php';
|
include dirname(__DIR__) . '/views/CreateTicketView.php';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public function update($id) {
|
|
||||||
// Get current user
|
|
||||||
$currentUser = $GLOBALS['currentUser'] ?? null;
|
|
||||||
$userId = $currentUser['user_id'] ?? null;
|
|
||||||
|
|
||||||
// Check if this is an AJAX request
|
|
||||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
||||||
// For AJAX requests, get JSON data
|
|
||||||
$input = file_get_contents('php://input');
|
|
||||||
$data = json_decode($input, true);
|
|
||||||
|
|
||||||
// Add ticket_id to the data
|
|
||||||
$data['ticket_id'] = $id;
|
|
||||||
|
|
||||||
// Validate input data
|
|
||||||
if (empty($data['title'])) {
|
|
||||||
header('Content-Type: application/json');
|
|
||||||
echo json_encode([
|
|
||||||
'success' => false,
|
|
||||||
'error' => 'Title cannot be empty'
|
|
||||||
]);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Fetch current ticket values before updating (for delta logging)
|
|
||||||
$oldTicket = $this->ticketModel->getTicketById((int)$id);
|
|
||||||
|
|
||||||
// Update ticket with user tracking
|
|
||||||
// Pass expected_updated_at for optimistic locking if provided
|
|
||||||
$expectedUpdatedAt = $data['expected_updated_at'] ?? null;
|
|
||||||
$result = $this->ticketModel->updateTicket($data, $userId, $expectedUpdatedAt);
|
|
||||||
|
|
||||||
// Log ticket update to audit log — only the changed fields (delta)
|
|
||||||
if ($result['success'] && isset($GLOBALS['auditLog']) && $userId && $oldTicket) {
|
|
||||||
$trackFields = ['title', 'priority', 'status', 'description', 'category', 'type'];
|
|
||||||
$delta = [];
|
|
||||||
foreach ($trackFields as $field) {
|
|
||||||
$oldVal = (string)($oldTicket[$field] ?? '');
|
|
||||||
$newVal = (string)($data[$field] ?? '');
|
|
||||||
if ($oldVal !== $newVal) {
|
|
||||||
$delta[$field] = ['from' => $oldVal, 'to' => $newVal];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (!empty($delta)) {
|
|
||||||
$GLOBALS['auditLog']->logTicketUpdate($userId, $id, $delta);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Return JSON response
|
|
||||||
header('Content-Type: application/json');
|
|
||||||
if ($result['success']) {
|
|
||||||
echo json_encode([
|
|
||||||
'success' => true,
|
|
||||||
'status' => $data['status']
|
|
||||||
]);
|
|
||||||
} else {
|
|
||||||
$response = [
|
|
||||||
'success' => false,
|
|
||||||
'error' => $result['error'] ?? 'Failed to update ticket'
|
|
||||||
];
|
|
||||||
if (!empty($result['conflict'])) {
|
|
||||||
$response['conflict'] = true;
|
|
||||||
$response['current_updated_at'] = $result['current_updated_at'] ?? null;
|
|
||||||
}
|
|
||||||
echo json_encode($response);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
// For direct access, redirect to view
|
|
||||||
header("Location: " . $GLOBALS['config']['BASE_URL'] . "/ticket/$id");
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
Reference in New Issue
Block a user