tinker_tickets/api/clone_ticket.php

<?php
/**
 * Clone Ticket API
 * Creates a copy of an existing ticket with the same properties
 */

ini_set('display_errors', 0);
error_reporting(E_ALL);

require_once dirname(__DIR__) . '/middleware/RateLimitMiddleware.php';
RateLimitMiddleware::apply('api');

try {
    require_once dirname(__DIR__) . '/config/config.php';
    require_once dirname(__DIR__) . '/helpers/Database.php';
    require_once dirname(__DIR__) . '/models/TicketModel.php';
    require_once dirname(__DIR__) . '/models/AuditLogModel.php';

    // Check authentication
    if (session_status() === PHP_SESSION_NONE) {
        session_start();
    }
    if (!isset($_SESSION['user']) || !isset($_SESSION['user']['user_id'])) {
        http_response_code(401);
        echo json_encode(['success' => false, 'error' => 'Authentication required']);
        exit;
    }

    // CSRF Protection
    require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php';
    $csrfToken = $_SERVER['HTTP_X_CSRF_TOKEN'] ?? '';
    if (!CsrfMiddleware::validateToken($csrfToken)) {
        http_response_code(403);
        echo json_encode(['success' => false, 'error' => 'Invalid CSRF token']);
        exit;
    }

    // Only accept POST
    if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
        http_response_code(405);
        echo json_encode(['success' => false, 'error' => 'Method not allowed']);
        exit;
    }

    // Get request data
    $input = file_get_contents('php://input');
    $data = json_decode($input, true);

    if (!$data || empty($data['ticket_id'])) {
        http_response_code(400);
        echo json_encode(['success' => false, 'error' => 'Missing ticket_id']);
        exit;
    }

    $sourceTicketId = (int)$data['ticket_id'];
    if ($sourceTicketId <= 0) {
        http_response_code(400);
        echo json_encode(['success' => false, 'error' => 'Invalid ticket ID']);
        exit;
    }
    $userId = $_SESSION['user']['user_id'];
    $isAdmin = $_SESSION['user']['is_admin'] ?? false;

    // Get database connection
    $conn = Database::getConnection();

    // Get the source ticket
    $ticketModel = new TicketModel($conn);
    $sourceTicket = $ticketModel->getTicketById($sourceTicketId);

    if (!$sourceTicket) {
        http_response_code(404);
        echo json_encode(['success' => false, 'error' => 'Source ticket not found']);
        exit;
    }

    // Verify the user can access this ticket using centralized visibility logic
    if (!$ticketModel->canUserAccessTicket($sourceTicket, $_SESSION['user'])) {
        http_response_code(404);
        echo json_encode(['success' => false, 'error' => 'Source ticket not found']);
        exit;
    }

    // Prepare cloned ticket data
    $clonedTicketData = [
        'title' => '[CLONE] ' . $sourceTicket['title'],
        'description' => $sourceTicket['description'],
        'priority' => $sourceTicket['priority'],
        'category' => $sourceTicket['category'],
        'type' => $sourceTicket['type'],
        'visibility' => $sourceTicket['visibility'] ?? 'public',
        'visibility_groups' => $sourceTicket['visibility_groups'] ?? null
    ];

    // Create the cloned ticket
    $result = $ticketModel->createTicket($clonedTicketData, $userId);

    if ($result['success']) {
        // Log the clone operation
        $auditLog = new AuditLogModel($conn);
        $auditLog->log($userId, 'create', 'ticket', $result['ticket_id'], [
            'action' => 'clone',
            'source_ticket_id' => $sourceTicketId,
            'title' => $clonedTicketData['title']
        ]);

        // Optionally create a "relates_to" dependency
        require_once dirname(__DIR__) . '/models/DependencyModel.php';
        $dependencyModel = new DependencyModel($conn);
        $dependencyModel->addDependency($result['ticket_id'], $sourceTicketId, 'relates_to', $userId);

        header('Content-Type: application/json');
        echo json_encode([
            'success' => true,
            'new_ticket_id' => $result['ticket_id'],
            'message' => 'Ticket cloned successfully'
        ]);
    } else {
        http_response_code(500);
        echo json_encode([
            'success' => false,
            'error' => $result['error'] ?? 'Failed to create cloned ticket'
        ]);
    }

} catch (Exception $e) {
    error_log("Clone ticket API error: " . $e->getMessage());
    http_response_code(500);
    echo json_encode(['success' => false, 'error' => 'An internal error occurred']);
}