false, 'error' => 'Invalid JSON body']); exit; } $ticketId = isset($data['ticket_id']) ? (int)$data['ticket_id'] : null; $assignedTo = $data['assigned_to'] ?? null; if (!$ticketId) { http_response_code(400); echo json_encode(['success' => false, 'error' => 'Ticket ID required']); exit; } $ticketModel = new TicketModel($conn); $auditLogModel = new AuditLogModel($conn); $userModel = new UserModel($conn); // Verify ticket exists $ticket = $ticketModel->getTicketById($ticketId); if (!$ticket) { http_response_code(404); echo json_encode(['success' => false, 'error' => 'Ticket not found']); exit; } // Authorization: only admins or the ticket creator/assignee can reassign if (!$isAdmin && $ticket['created_by'] !== $userId && $ticket['assigned_to'] !== $userId) { http_response_code(403); echo json_encode(['success' => false, 'error' => 'Permission denied']); exit; } if ($assignedTo === null || $assignedTo === '') { // Unassign ticket $success = $ticketModel->unassignTicket($ticketId, $userId); if ($success) { $auditLogModel->log($userId, 'unassign', 'ticket', $ticketId); } } else { // Validate assigned_to is a valid user ID $assignedTo = (int)$assignedTo; $targetUser = $userModel->getUserById($assignedTo); if (!$targetUser) { echo json_encode(['success' => false, 'error' => 'Invalid user ID']); exit; } // Assign ticket $success = $ticketModel->assignTicket($ticketId, $assignedTo, $userId); if ($success) { $auditLogModel->log($userId, 'assign', 'ticket', $ticketId, ['assigned_to' => $assignedTo]); } } if (!$success) { http_response_code(500); echo json_encode(['success' => false, 'error' => 'Failed to update ticket assignment']); } else { echo json_encode(['success' => true]); }