false, 'error' => 'Not authenticated']); exit; } // CSRF Protection require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php'; if ($_SERVER['REQUEST_METHOD'] === 'POST') { $csrfToken = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? ''; if (!CsrfMiddleware::validateToken($csrfToken)) { http_response_code(403); echo json_encode(['success' => false, 'error' => 'Invalid CSRF token']); exit; } } $userId = $_SESSION['user']['user_id']; // Get request data $data = json_decode(file_get_contents('php://input'), true); $ticketId = $data['ticket_id'] ?? null; $assignedTo = $data['assigned_to'] ?? null; if (!$ticketId) { echo json_encode(['success' => false, 'error' => 'Ticket ID required']); exit; } // Use centralized database connection $conn = Database::getConnection(); $ticketModel = new TicketModel($conn); $auditLogModel = new AuditLogModel($conn); $userModel = new UserModel($conn); if ($assignedTo === null || $assignedTo === '') { // Unassign ticket $success = $ticketModel->unassignTicket($ticketId, $userId); if ($success) { $auditLogModel->log($userId, 'unassign', 'ticket', $ticketId); } } else { // Validate assigned_to is a valid user ID $assignedTo = (int)$assignedTo; $targetUser = $userModel->getUserById($assignedTo); if (!$targetUser) { echo json_encode(['success' => false, 'error' => 'Invalid user ID']); exit; } // Assign ticket $success = $ticketModel->assignTicket($ticketId, $assignedTo, $userId); if ($success) { $auditLogModel->log($userId, 'assign', 'ticket', $ticketId, ['assigned_to' => $assignedTo]); } } echo json_encode(['success' => $success]);