tinker_tickets

LotusGuild/tinker_tickets

Fork 0

Commit Graph

Author	SHA1	Message	Date
jared	fca4896e0d	fix: watcher avatars, dependency TDS styling, asset versions, nav dropdown light theme - watch_ticket.php GET now returns watcher list (up to 6 users) for avatar group - TicketView: watcher avatar group rendered next to WATCH button, refreshes on toggle - Rewrite renderDependencies/renderDependents to use TDS lt-kv-grid/lt-badge/lt-btn classes - renderDependencies: show lt-alert--warning blocker banner when blocked_by has open tickets - Fix ALL hardcoded ?v=20260327 asset version strings in CreateTicketView + all admin views - base.css: fix .lt-nav-dropdown-menu hardcoded background → var(--bg-overlay) - base.css: add light-theme overrides for nav dropdown menu (background, links, hover) - ticket.css: add .lt-avatar-group and .lt-avatar--overflow styles for watcher display Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-04 12:02:30 -04:00
jared	cfb88d9c88	fix: CSRF token staleness causing intermittent 403 on POST actions Root cause: bootstrap.php rotates the CSRF token on every successful POST, but most API endpoints called echo json_encode() directly instead of apiRespond() — so the rotated token was never returned to the client. The next POST from the same page sent the now-invalid old token → 403. Refreshing the page loaded a fresh token, making it work once. Fixes: - assign_ticket.php, watch_ticket.php: switch to apiRespond() - saved_filters.php, user_preferences.php: replace all echo json_encode calls with apiRespond() (19 and 12 call sites respectively) - base.js: both apiFetch() and _apiFetchAuth() now update window.CSRF_TOKEN whenever a response includes a csrf_token field, keeping the client permanently in sync with server-side rotations Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-30 19:01:18 -04:00
jared	ade1a70214	feat: ticket watchers, fulltext search, single-query pagination, watcher notifications Ticket watchers: - api/watch_ticket.php: GET (watch state) + POST (watch/unwatch toggle) - index.php: route for /api/watch_ticket.php - TicketView: WATCH/UNWATCH button with live state fetch and toggle - NotificationHelper::notifyWatchers(): fetches watchers from DB, resolves Matrix IDs via Synapse, fires notification to watchers + global list - add_comment.php, update_ticket.php: call notifyWatchers on comment and status-change events respectively Fulltext search: - TicketModel::hasFulltextIndex(): detects FULLTEXT index via information_schema - getAllTickets(): uses MATCH...AGAINST when fulltext index exists, LIKE fallback when not yet applied — zero-downtime rollout Single-query pagination: - getAllTickets() replaces separate COUNT + SELECT with COUNT(*) OVER() window function — one round trip to DB per page load instead of two Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-29 22:00:32 -04:00

Author

SHA1

Message

Date

jared

fca4896e0d

fix: watcher avatars, dependency TDS styling, asset versions, nav dropdown light theme

- watch_ticket.php GET now returns watcher list (up to 6 users) for avatar group
- TicketView: watcher avatar group rendered next to WATCH button, refreshes on toggle
- Rewrite renderDependencies/renderDependents to use TDS lt-kv-grid/lt-badge/lt-btn classes
- renderDependencies: show lt-alert--warning blocker banner when blocked_by has open tickets
- Fix ALL hardcoded ?v=20260327 asset version strings in CreateTicketView + all admin views
- base.css: fix .lt-nav-dropdown-menu hardcoded background → var(--bg-overlay)
- base.css: add light-theme overrides for nav dropdown menu (background, links, hover)
- ticket.css: add .lt-avatar-group and .lt-avatar--overflow styles for watcher display

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-04 12:02:30 -04:00

jared

cfb88d9c88

fix: CSRF token staleness causing intermittent 403 on POST actions

Root cause: bootstrap.php rotates the CSRF token on every successful POST,
but most API endpoints called echo json_encode() directly instead of
apiRespond() — so the rotated token was never returned to the client.
The next POST from the same page sent the now-invalid old token → 403.
Refreshing the page loaded a fresh token, making it work once.

Fixes:
- assign_ticket.php, watch_ticket.php: switch to apiRespond()
- saved_filters.php, user_preferences.php: replace all echo json_encode
  calls with apiRespond() (19 and 12 call sites respectively)
- base.js: both apiFetch() and _apiFetchAuth() now update window.CSRF_TOKEN
  whenever a response includes a csrf_token field, keeping the client
  permanently in sync with server-side rotations

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-30 19:01:18 -04:00

jared

ade1a70214

feat: ticket watchers, fulltext search, single-query pagination, watcher notifications

Ticket watchers:
- api/watch_ticket.php: GET (watch state) + POST (watch/unwatch toggle)
- index.php: route for /api/watch_ticket.php
- TicketView: WATCH/UNWATCH button with live state fetch and toggle
- NotificationHelper::notifyWatchers(): fetches watchers from DB, resolves
  Matrix IDs via Synapse, fires notification to watchers + global list
- add_comment.php, update_ticket.php: call notifyWatchers on comment and
  status-change events respectively

Fulltext search:
- TicketModel::hasFulltextIndex(): detects FULLTEXT index via information_schema
- getAllTickets(): uses MATCH...AGAINST when fulltext index exists, LIKE fallback
  when not yet applied — zero-downtime rollout

Single-query pagination:
- getAllTickets() replaces separate COUNT + SELECT with COUNT(*) OVER() window
  function — one round trip to DB per page load instead of two

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-29 22:00:32 -04:00

3 Commits