jared
a3fbad19c9
- dashboard.js: use String(cb.value) instead of parseInt() in
getSelectedTicketIds() so zero-padded IDs like 000123456 are
preserved when sent to bulk_operation.php
- DashboardView.php: remove (int) cast on data-ticket-id attribute
for quick-status button; was stripping leading zeros
- TicketView.php: remove (int) cast on export URL ticket_id param
- update_ticket.php: preserve ticket_id as string via trim((string)...)
- add_comment.php: preserve ticket_id as string; validate with
ctype_digit instead of (int) cast so comments are stored with the
canonical zero-padded ID matching the tickets table
- export_tickets.php: validate singleId as string to avoid stripping
leading zeros in the export endpoint
- notifications.php: preserve ticket_id strings in URLs and ticket
ownership checks; index myTicketIds by both int and string forms
for robust lookup regardless of how audit_log stored the ID
- TicketController.php: fix inline dependency insert — column was
wrong (depends_on_ticket_id → depends_on_id) and bind types were
wrong ("iii" → "ssi"); feature was silently broken
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
166 lines
6.9 KiB
PHP
166 lines
6.9 KiB
PHP
<?php
|
|
// Use absolute paths for model includes
|
|
require_once dirname(__DIR__) . '/models/TicketModel.php';
|
|
require_once dirname(__DIR__) . '/models/CommentModel.php';
|
|
require_once dirname(__DIR__) . '/models/AuditLogModel.php';
|
|
require_once dirname(__DIR__) . '/models/UserModel.php';
|
|
require_once dirname(__DIR__) . '/models/WorkflowModel.php';
|
|
require_once dirname(__DIR__) . '/models/TemplateModel.php';
|
|
require_once dirname(__DIR__) . '/helpers/UrlHelper.php';
|
|
require_once dirname(__DIR__) . '/helpers/NotificationHelper.php';
|
|
|
|
class TicketController {
|
|
private $ticketModel;
|
|
private $commentModel;
|
|
private $auditLogModel;
|
|
private $userModel;
|
|
private $workflowModel;
|
|
private $templateModel;
|
|
private $conn;
|
|
|
|
public function __construct($conn) {
|
|
$this->conn = $conn;
|
|
$this->ticketModel = new TicketModel($conn);
|
|
$this->commentModel = new CommentModel($conn);
|
|
$this->auditLogModel = new AuditLogModel($conn);
|
|
$this->userModel = new UserModel($conn);
|
|
$this->workflowModel = new WorkflowModel($conn);
|
|
$this->templateModel = new TemplateModel($conn);
|
|
}
|
|
|
|
public function view($id) {
|
|
// Get current user
|
|
$currentUser = $GLOBALS['currentUser'] ?? null;
|
|
$userId = $currentUser['user_id'] ?? null;
|
|
|
|
// Get ticket data
|
|
$ticket = $this->ticketModel->getTicketById($id);
|
|
|
|
if (!$ticket) {
|
|
header("HTTP/1.0 404 Not Found");
|
|
echo "Ticket not found";
|
|
return;
|
|
}
|
|
|
|
// Check visibility access — return 404 rather than 403 to avoid leaking ticket existence
|
|
if (!$this->ticketModel->canUserAccessTicket($ticket, $currentUser)) {
|
|
header("HTTP/1.0 404 Not Found");
|
|
echo "Ticket not found";
|
|
return;
|
|
}
|
|
|
|
// Load first page of comments; show "load more" if ticket has many
|
|
$commentPageSize = 50;
|
|
$totalComments = $this->commentModel->getCommentCount((int)$id);
|
|
$comments = $this->commentModel->getCommentsByTicketId($id, true, $commentPageSize, 0);
|
|
|
|
// Get timeline for this ticket
|
|
$timeline = $this->auditLogModel->getTicketTimeline($id);
|
|
|
|
// Get all users for assignment dropdown
|
|
$allUsers = $this->userModel->getAllUsers();
|
|
|
|
// Get allowed status transitions for this ticket
|
|
$allowedTransitions = $this->workflowModel->getAllowedTransitions($ticket['status']);
|
|
|
|
// Make $conn available to view for visibility groups
|
|
$conn = $this->conn;
|
|
|
|
// Load the view
|
|
include dirname(__DIR__) . '/views/TicketView.php';
|
|
}
|
|
|
|
public function create() {
|
|
// Get current user
|
|
$currentUser = $GLOBALS['currentUser'] ?? null;
|
|
$userId = $currentUser['user_id'] ?? null;
|
|
|
|
// Check if form was submitted
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
// Validate CSRF token
|
|
require_once dirname(__DIR__) . '/middleware/CsrfMiddleware.php';
|
|
$csrfToken = $_POST['csrf_token'] ?? '';
|
|
if (!CsrfMiddleware::validateToken($csrfToken)) {
|
|
$error = "Invalid or expired security token. Please try again.";
|
|
$templates = $this->templateModel->getAllTemplates();
|
|
$allUsers = $this->userModel->getAllUsers();
|
|
$conn = $this->conn;
|
|
include dirname(__DIR__) . '/views/CreateTicketView.php';
|
|
return;
|
|
}
|
|
|
|
// Handle visibility groups (comes as array from checkboxes)
|
|
$visibilityGroups = null;
|
|
if (isset($_POST['visibility_groups']) && is_array($_POST['visibility_groups'])) {
|
|
$visibilityGroups = implode(',', array_map('trim', $_POST['visibility_groups']));
|
|
}
|
|
|
|
$ticketData = [
|
|
'title' => $_POST['title'] ?? '',
|
|
'description' => $_POST['description'] ?? '',
|
|
'priority' => $_POST['priority'] ?? '4',
|
|
'category' => $_POST['category'] ?? 'General',
|
|
'type' => $_POST['type'] ?? 'Issue',
|
|
'visibility' => $_POST['visibility'] ?? 'public',
|
|
'visibility_groups' => $visibilityGroups,
|
|
'assigned_to' => !empty($_POST['assigned_to']) ? $_POST['assigned_to'] : null
|
|
];
|
|
|
|
// Validate input
|
|
if (empty($ticketData['title'])) {
|
|
$error = "Title is required";
|
|
$templates = $this->templateModel->getAllTemplates();
|
|
$allUsers = $this->userModel->getAllUsers();
|
|
$conn = $this->conn; // Make $conn available to view
|
|
include dirname(__DIR__) . '/views/CreateTicketView.php';
|
|
return;
|
|
}
|
|
|
|
// Create ticket with user tracking
|
|
$result = $this->ticketModel->createTicket($ticketData, $userId);
|
|
|
|
if ($result['success']) {
|
|
// Log ticket creation to audit log
|
|
if (isset($GLOBALS['auditLog']) && $userId) {
|
|
$GLOBALS['auditLog']->logTicketCreate($userId, $result['ticket_id'], $ticketData);
|
|
}
|
|
|
|
// Auto-link as duplicate if requested from create form
|
|
$linkDupOfRaw = trim($_POST['link_duplicate_of'] ?? '');
|
|
if ($linkDupOfRaw !== '' && ctype_digit($linkDupOfRaw)) {
|
|
$depSql = "INSERT IGNORE INTO ticket_dependencies (ticket_id, depends_on_id, dependency_type, created_by)
|
|
VALUES (?, ?, 'duplicates', ?)";
|
|
$depStmt = $this->conn->prepare($depSql);
|
|
$depStmt->bind_param("ssi", $result['ticket_id'], $linkDupOfRaw, $userId);
|
|
$depStmt->execute();
|
|
$depStmt->close();
|
|
}
|
|
|
|
// Send Matrix notification for new ticket
|
|
NotificationHelper::sendTicketNotification($result['ticket_id'], $ticketData, 'manual');
|
|
|
|
// Redirect to the new ticket
|
|
header("Location: " . $GLOBALS['config']['BASE_URL'] . "/ticket/" . $result['ticket_id']);
|
|
exit;
|
|
} else {
|
|
$error = $result['error'];
|
|
$templates = $this->templateModel->getAllTemplates();
|
|
$allUsers = $this->userModel->getAllUsers();
|
|
$conn = $this->conn; // Make $conn available to view
|
|
include dirname(__DIR__) . '/views/CreateTicketView.php';
|
|
return;
|
|
}
|
|
} else {
|
|
// Get all templates for the template selector
|
|
$templates = $this->templateModel->getAllTemplates();
|
|
// Get all users for assignment dropdown
|
|
$allUsers = $this->userModel->getAllUsers();
|
|
$conn = $this->conn; // Make $conn available to view
|
|
|
|
// Display the create ticket form
|
|
include dirname(__DIR__) . '/views/CreateTicketView.php';
|
|
}
|
|
}
|
|
|
|
}
|
|
?>
|