tinker_tickets/controllers/TicketController.php

<?php
// Use absolute paths for model includes
require_once dirname(__DIR__) . '/models/TicketModel.php';
require_once dirname(__DIR__) . '/models/CommentModel.php';
require_once dirname(__DIR__) . '/models/AuditLogModel.php';
require_once dirname(__DIR__) . '/models/UserModel.php';
require_once dirname(__DIR__) . '/models/WorkflowModel.php';
require_once dirname(__DIR__) . '/models/TemplateModel.php';
require_once dirname(__DIR__) . '/helpers/UrlHelper.php';
require_once dirname(__DIR__) . '/helpers/NotificationHelper.php';

class TicketController {
    private $ticketModel;
    private $commentModel;
    private $auditLogModel;
    private $userModel;
    private $workflowModel;
    private $templateModel;
    private $conn;

    public function __construct($conn) {
        $this->conn = $conn;
        $this->ticketModel = new TicketModel($conn);
        $this->commentModel = new CommentModel($conn);
        $this->auditLogModel = new AuditLogModel($conn);
        $this->userModel = new UserModel($conn);
        $this->workflowModel = new WorkflowModel($conn);
        $this->templateModel = new TemplateModel($conn);
    }
    
    public function view($id) {
        // Get current user
        $currentUser = $GLOBALS['currentUser'] ?? null;
        $userId = $currentUser['user_id'] ?? null;

        // Get ticket data
        $ticket = $this->ticketModel->getTicketById($id);

        if (!$ticket) {
            header("HTTP/1.0 404 Not Found");
            echo "Ticket not found";
            return;
        }

        // Check visibility access — return 404 rather than 403 to avoid leaking ticket existence
        if (!$this->ticketModel->canUserAccessTicket($ticket, $currentUser)) {
            header("HTTP/1.0 404 Not Found");
            echo "Ticket not found";
            return;
        }

        // Load first page of comments; show "load more" if ticket has many
        $commentPageSize  = 50;
        $totalComments    = $this->commentModel->getCommentCount((int)$id);
        $comments         = $this->commentModel->getCommentsByTicketId($id, true, $commentPageSize, 0);

        // Get timeline for this ticket
        $timeline = $this->auditLogModel->getTicketTimeline($id);

        // Get all users for assignment dropdown
        $allUsers = $this->userModel->getAllUsers();

        // Get allowed status transitions for this ticket
        $allowedTransitions = $this->workflowModel->getAllowedTransitions($ticket['status']);

        // Make $conn available to view for visibility groups
        $conn = $this->conn;

        // Load the view
        include dirname(__DIR__) . '/views/TicketView.php';
    }

    public function create() {
        // Get current user
        $currentUser = $GLOBALS['currentUser'] ?? null;
        $userId = $currentUser['user_id'] ?? null;

        // Check if form was submitted
        if ($_SERVER['REQUEST_METHOD'] === 'POST') {
            // Validate CSRF token
            require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php';
            $csrfToken = $_POST['csrf_token'] ?? '';
            if (!CsrfMiddleware::validateToken($csrfToken)) {
                $error = "Invalid or expired security token. Please try again.";
                $templates = $this->templateModel->getAllTemplates();
                $allUsers = $this->userModel->getAllUsers();
                $conn = $this->conn;
                include dirname(__DIR__) . '/views/CreateTicketView.php';
                return;
            }

            // Handle visibility groups (comes as array from checkboxes)
            $visibilityGroups = null;
            if (isset($_POST['visibility_groups']) && is_array($_POST['visibility_groups'])) {
                $visibilityGroups = implode(',', array_map('trim', $_POST['visibility_groups']));
            }

            $ticketData = [
                'title' => $_POST['title'] ?? '',
                'description' => $_POST['description'] ?? '',
                'priority' => $_POST['priority'] ?? '4',
                'category' => $_POST['category'] ?? 'General',
                'type' => $_POST['type'] ?? 'Issue',
                'visibility' => $_POST['visibility'] ?? 'public',
                'visibility_groups' => $visibilityGroups,
                'assigned_to' => !empty($_POST['assigned_to']) ? $_POST['assigned_to'] : null
            ];

            // Validate input
            if (empty($ticketData['title'])) {
                $error = "Title is required";
                $templates = $this->templateModel->getAllTemplates();
                $allUsers = $this->userModel->getAllUsers();
                $conn = $this->conn; // Make $conn available to view
                include dirname(__DIR__) . '/views/CreateTicketView.php';
                return;
            }

            // Create ticket with user tracking
            $result = $this->ticketModel->createTicket($ticketData, $userId);

            if ($result['success']) {
                // Log ticket creation to audit log
                if (isset($GLOBALS['auditLog']) && $userId) {
                    $GLOBALS['auditLog']->logTicketCreate($userId, $result['ticket_id'], $ticketData);
                }

                // Send Matrix notification for new ticket
                NotificationHelper::sendTicketNotification($result['ticket_id'], $ticketData, 'manual');

                // Redirect to the new ticket
                header("Location: " . $GLOBALS['config']['BASE_URL'] . "/ticket/" . $result['ticket_id']);
                exit;
            } else {
                $error = $result['error'];
                $templates = $this->templateModel->getAllTemplates();
                $allUsers = $this->userModel->getAllUsers();
                $conn = $this->conn; // Make $conn available to view
                include dirname(__DIR__) . '/views/CreateTicketView.php';
                return;
            }
        } else {
            // Get all templates for the template selector
            $templates = $this->templateModel->getAllTemplates();
            // Get all users for assignment dropdown
            $allUsers = $this->userModel->getAllUsers();
            $conn = $this->conn; // Make $conn available to view

            // Display the create ticket form
            include dirname(__DIR__) . '/views/CreateTicketView.php';
        }
    }

}
?>