Jared Vititoe
164c2d231a
Security fixes: - add_comment.php: verify canUserAccessTicket() before allowing comment creation - assign_ticket.php: use canUserAccessTicket() to prevent info leakage via 403 vs 404 - check_duplicates.php: apply getVisibilityFilter() so confidential ticket titles are not exposed in duplicate search results - ticket_dependencies.php: verify ticket access on GET before returning dependency data Route registration: - Register 7 previously missing API endpoints in index.php: custom_fields, saved_filters, audit_log, user_preferences, download_attachment, clone_ticket, health Frontend: - ticket.js: fill empty catch block and empty else block in addComment() with proper error toasts Documentation: - README.md: document all API endpoints and update project structure listing Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
102 lines
2.8 KiB
PHP
102 lines
2.8 KiB
PHP
<?php
|
|
/**
|
|
* Check for duplicate tickets API
|
|
*
|
|
* Searches for tickets with similar titles using LIKE and SOUNDEX
|
|
*/
|
|
|
|
require_once __DIR__ . '/bootstrap.php';
|
|
require_once dirname(__DIR__) . '/helpers/ResponseHelper.php';
|
|
require_once dirname(__DIR__) . '/models/TicketModel.php';
|
|
|
|
// Only accept GET requests
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'GET') {
|
|
ResponseHelper::error('Method not allowed', 405);
|
|
}
|
|
|
|
// Get title parameter
|
|
$title = isset($_GET['title']) ? trim($_GET['title']) : '';
|
|
|
|
if (strlen($title) < 5) {
|
|
ResponseHelper::success(['duplicates' => []]);
|
|
}
|
|
|
|
// Search for similar titles
|
|
// Use both LIKE for substring matching and SOUNDEX for phonetic matching
|
|
$duplicates = [];
|
|
|
|
// Prepare search term for LIKE
|
|
$searchTerm = '%' . $title . '%';
|
|
|
|
// Get SOUNDEX of title
|
|
$soundexTitle = soundex($title);
|
|
|
|
// Build visibility filter so users only see titles they have access to
|
|
$ticketModel = new TicketModel($conn);
|
|
$visFilter = $ticketModel->getVisibilityFilter($currentUser);
|
|
|
|
// First, search for exact substring matches (case-insensitive)
|
|
$sql = "SELECT ticket_id, title, status, priority, created_at
|
|
FROM tickets
|
|
WHERE (
|
|
title LIKE ?
|
|
OR SOUNDEX(title) = ?
|
|
)
|
|
AND status != 'Closed'
|
|
AND ({$visFilter['sql']})
|
|
ORDER BY created_at DESC
|
|
LIMIT 10";
|
|
|
|
$types = "ss" . $visFilter['types'];
|
|
$params = array_merge([$searchTerm, $soundexTitle], $visFilter['params']);
|
|
$stmt = $conn->prepare($sql);
|
|
if (!empty($params)) {
|
|
$stmt->bind_param($types, ...$params);
|
|
}
|
|
$stmt->execute();
|
|
$result = $stmt->get_result();
|
|
|
|
while ($row = $result->fetch_assoc()) {
|
|
// Calculate similarity score
|
|
$similarity = 0;
|
|
|
|
// Check for exact substring match
|
|
if (stripos($row['title'], $title) !== false) {
|
|
$similarity = 90;
|
|
}
|
|
// Check SOUNDEX match
|
|
elseif (soundex($row['title']) === $soundexTitle) {
|
|
$similarity = 70;
|
|
}
|
|
// Check word overlap
|
|
else {
|
|
$titleWords = array_map('strtolower', preg_split('/\s+/', $title));
|
|
$rowWords = array_map('strtolower', preg_split('/\s+/', $row['title']));
|
|
$matchingWords = array_intersect($titleWords, $rowWords);
|
|
$similarity = (count($matchingWords) / max(count($titleWords), 1)) * 60;
|
|
}
|
|
|
|
if ($similarity >= 30) {
|
|
$duplicates[] = [
|
|
'ticket_id' => $row['ticket_id'],
|
|
'title' => $row['title'],
|
|
'status' => $row['status'],
|
|
'priority' => $row['priority'],
|
|
'created_at' => $row['created_at'],
|
|
'similarity' => round($similarity)
|
|
];
|
|
}
|
|
}
|
|
|
|
$stmt->close();
|
|
|
|
// Sort by similarity descending
|
|
usort($duplicates, function($a, $b) {
|
|
return $b['similarity'] - $a['similarity'];
|
|
});
|
|
|
|
// Limit to top 5
|
|
$duplicates = array_slice($duplicates, 0, 5);
|
|
|
|
ResponseHelper::success(['duplicates' => $duplicates]);
|