Mods-for-HESK-Netsyms/api/admin/ticket/index.php

<?php
define('IN_SCRIPT', 1);
define('HESK_PATH', '../../../');
define('API_PATH', '../../');
require_once(HESK_PATH . 'hesk_settings.inc.php');
require_once(HESK_PATH . 'inc/common.inc.php');
require_once(API_PATH . 'core/headers.php');
require_once(API_PATH . 'core/output.php');
require_once(API_PATH . 'businesslogic/ticket_retriever.php');
require_once(API_PATH . 'businesslogic/security_retriever.php');

hesk_load_api_database_functions();
hesk_dbConnect();

// Routing
$request_method = $_SERVER['REQUEST_METHOD'];

/**
 * @api {get} /admin/ticket Retrieve a ticket (staff-side)
 * @apiVersion 0.0.0
 * @apiName GetTicketStaff
 * @apiGroup Ticket
 * @apiPermission protected
 *
 * @apiParam {Number} [id] The ID of the ticket. Omit for all tickets.
 *
 * @apiSuccess {Number} id ID of the ticket
 * @apiSuccess {String} trackid The tracking id of the ticket
 * @apiSuccess {String} name The name of the contact
 * @apiSuccess {String} email The email address of the ticket (empty string if no email)
 * @apiSuccess {Integer} category The ID of the category the ticket is in
 * @apiSuccess {Integer} priority The ID of the priority the ticket is in
 * @apiSuccess {String} subject The subject of the ticket
 * @apiSuccess {String} message The original message of the ticket
 * @apiSuccess {String} dt The date and time the ticket was submitted, in `YYYY-MM-DD hh:mm:ss`
 * @apiSuccess {Integer} articles The knowledgebase article IDs suggested when the user created the ticket
 * @apiSuccess {String} ip The IP address of the submitter
 * @apiSuccess {String} language The language the ticket was submitted in
 * @apiSuccess {Integer} status The ID of the status the ticket is set to
 * @apiSuccess {Integer} owner The user ID of the ticket owner
 * @apiSuccess {String} time_worked The total time worked on the ticket, in `hh:mm:ss`
 * @apiSuccess {Boolean} archive `true` if the ticket is tagged<br>`false` otherwise
 * @apiSuccess {Boolean} locked `true` if the ticket is locked<br>`false` otherwise
 * @apiSuccess {Binary[]} attachments Array of attachments, in base-64 encoded binary
 * @apiSuccess {Integer[]} merged Array of merged ticket IDs
 * @apiSuccess {String} history HTML markup of the entire "Audit Trail" section
 * @apiSuccess {String} custom1-20 Custom fields 1-20's values.
 * @apiSuccess {Integer} parent The ID of the ticket linked to this ticket
 * @apiSuccess {String} latitude The latitudinal coordinate of the user's location, or one of the corresponding error codes.
 * @apiSuccess {String} longitude The longitudinal coordinate of the user's location, or one of the corresponding error codes.
 * @apiSuccess {Boolean} html `true` if the ticket was created with HTML encoding<br>`false` otherwise
 * @apiSuccess {String} user_agent The user agent of the user who submitted the ticket
 * @apiSuccess {Integer} screen_resolution_width The width of the screen resolution of the user who submitted the ticket
 * @apiSuccess {Integer} screen_resolution_height The height of the screen resolution of the user who submitted the ticket
 *
 * @apiSuccessExample {json} Success-Response:
 *     HTTP/1.1 200 OK
 *     {
 *           "id": 22,
 *           "trackid": "EVL-RRL-DUBG",
 *           "name": "Test",
 *           "email": "",
 *           "category": 1,
 *           "priority": 3,
 *           "subject": "test",
 *           "message": "test",
 *           "dt": "2014-12-28 00:57:26",
 *           "articles": null,
 *           "ip": "127.0.0.1",
 *           "language": null,
 *           "status": 3,
 *           "owner": 1,
 *           "time_worked": "00:05:07",
 *           "archive": true,
 *           "locked": true,
 *           "attachments": "",
 *           "merged": "",
 *           "history": "<li class=\"smaller\">2014-12-28 06:57:28 | ticket created by Your name (mkoch)</li><li class=\"smaller\">2014-12-31 21:00:59 | closed by Your name (mkoch)</li><li class=\"smaller\">2014-12-31 21:01:05 | status changed to Waiting reply by Your name (mkoch)</li><li class=\"smaller\">2014-12-31 21:01:58 | closed by Your name (mkoch)</li><li class=\"smaller\">2015-01-17 16:21:18 | closed by Your name (mkoch)</li><li class=\"smaller\">2015-01-17 16:21:31 | closed by Your name (mkoch)</li><li class=\"smaller\">2015-01-17 16:22:05 | closed by Your name (mkoch)</li><li class=\"smaller\">2015-01-17 16:24:06 | status changed to  by Your name (mkoch)</li><li class=\"smaller\">2015-01-17 16:25:40 | status changed to On Hold by Your name (mkoch)</li><li class=\"smaller\">2015-01-17 16:25:53 | status changed to In Progress by Your name (mkoch)</li><li class=\"smaller\">2015-01-17 21:39:11 | locked by Your name (mkoch)</li>",
 *           "custom1": "1420671600",
 *           "custom2": "",
 *           "custom3": "",
 *           "custom4": "",
 *           "custom5": "",
 *           "custom6": "",
 *           "custom7": "",
 *           "custom8": "",
 *           "custom9": "",
 *           "custom10": "",
 *           "custom11": "",
 *           "custom12": "",
 *           "custom13": "",
 *           "custom14": "",
 *           "custom15": "",
 *           "custom16": "",
 *           "custom17": "",
 *           "custom18": "",
 *           "custom19": "",
 *           "custom20": "",
 *           "parent": 139,
 *           "latitude": "E-0",
 *           "longitude": "E-0",
 *           "html": false,
 *           "user_agent": null,
 *           "screen_resolution_width": null,
 *           "screen_resolution_height": null
 *      }
 *
 * @apiError (noTokenProvided) 400 No `X-Auth-Token` was provided where it is required
 * @apiError (invalidXAuthToken) 401 The `X-Auth-Token` provided was invalid
 */
if ($request_method == 'GET') {
    $token = get_header('X-Auth-Token');

    try {
        get_user_for_token($token, $hesk_settings);
    } catch (AccessException $e) {
        return http_response_code($e->getCode());
    }

    if (isset($_GET['id'])) {
        $results = get_ticket_for_staff($hesk_settings, $_GET['id']);
    } else {
        $results = get_ticket_for_staff($hesk_settings);
    }

    if ($results == NULL) {
        return http_response_code(404);
    }
    return output($results);
}

return http_response_code(405);
Ticket API and return 404 if no results 2015-11-02 12:55:32 -05:00			`<?php`
			`define('IN_SCRIPT', 1);`
Relocate some APIs, start on category API 2015-11-02 22:13:37 -05:00			`define('HESK_PATH', '../../../');`
			`define('API_PATH', '../../');`
Ticket API and return 404 if no results 2015-11-02 12:55:32 -05:00			`require_once(HESK_PATH . 'hesk_settings.inc.php');`
			`require_once(HESK_PATH . 'inc/common.inc.php');`
Add security to additional endpoints 2015-11-23 12:38:53 -05:00			`require_once(API_PATH . 'core/headers.php');`
Ticket API and return 404 if no results 2015-11-02 12:55:32 -05:00			`require_once(API_PATH . 'core/output.php');`
#444 Remove unnecessary properties, rename some fields 2015-11-29 00:51:30 -05:00			`require_once(API_PATH . 'businesslogic/ticket_retriever.php');`
Add security to additional endpoints 2015-11-23 12:38:53 -05:00			`require_once(API_PATH . 'businesslogic/security_retriever.php');`
Ticket API and return 404 if no results 2015-11-02 12:55:32 -05:00
			`hesk_load_api_database_functions();`
			`hesk_dbConnect();`

			`// Routing`
			`$request_method = $_SERVER['REQUEST_METHOD'];`
More API improvements 2015-11-28 22:25:51 -05:00
			`/**`
			`* @api {get} /admin/ticket Retrieve a ticket (staff-side)`
			`* @apiVersion 0.0.0`
			`* @apiName GetTicketStaff`
			`* @apiGroup Ticket`
			`* @apiPermission protected`
			`*`
			`* @apiParam {Number} [id] The ID of the ticket. Omit for all tickets.`
			`*`
			`* @apiSuccess {Number} id ID of the ticket`
			`* @apiSuccess {String} trackid The tracking id of the ticket`
			`* @apiSuccess {String} name The name of the contact`
			`* @apiSuccess {String} email The email address of the ticket (empty string if no email)`
			`* @apiSuccess {Integer} category The ID of the category the ticket is in`
			`* @apiSuccess {Integer} priority The ID of the priority the ticket is in`
			`* @apiSuccess {String} subject The subject of the ticket`
			`* @apiSuccess {String} message The original message of the ticket`
			* @apiSuccess {String} dt The date and time the ticket was submitted, in `YYYY-MM-DD hh:mm:ss`
			`* @apiSuccess {Integer} articles The knowledgebase article IDs suggested when the user created the ticket`
			`* @apiSuccess {String} ip The IP address of the submitter`
			`* @apiSuccess {String} language The language the ticket was submitted in`
			`* @apiSuccess {Integer} status The ID of the status the ticket is set to`
			`* @apiSuccess {Integer} owner The user ID of the ticket owner`
			* @apiSuccess {String} time_worked The total time worked on the ticket, in `hh:mm:ss`
			* @apiSuccess {Boolean} archive `true` if the ticket is tagged<br>`false` otherwise
			* @apiSuccess {Boolean} locked `true` if the ticket is locked<br>`false` otherwise
			`* @apiSuccess {Binary[]} attachments Array of attachments, in base-64 encoded binary`
			`* @apiSuccess {Integer[]} merged Array of merged ticket IDs`
			`* @apiSuccess {String} history HTML markup of the entire "Audit Trail" section`
			`* @apiSuccess {String} custom1-20 Custom fields 1-20's values.`
			`* @apiSuccess {Integer} parent The ID of the ticket linked to this ticket`
			`* @apiSuccess {String} latitude The latitudinal coordinate of the user's location, or one of the corresponding error codes.`
			`* @apiSuccess {String} longitude The longitudinal coordinate of the user's location, or one of the corresponding error codes.`
			* @apiSuccess {Boolean} html `true` if the ticket was created with HTML encoding<br>`false` otherwise
			`* @apiSuccess {String} user_agent The user agent of the user who submitted the ticket`
			`* @apiSuccess {Integer} screen_resolution_width The width of the screen resolution of the user who submitted the ticket`
			`* @apiSuccess {Integer} screen_resolution_height The height of the screen resolution of the user who submitted the ticket`
			`*`
			`* @apiSuccessExample {json} Success-Response:`
			`* HTTP/1.1 200 OK`
			`* {`
			`* "id": 22,`
			`* "trackid": "EVL-RRL-DUBG",`
			`* "name": "Test",`
			`* "email": "",`
			`* "category": 1,`
			`* "priority": 3,`
			`* "subject": "test",`
			`* "message": "test",`
			`* "dt": "2014-12-28 00:57:26",`
			`* "articles": null,`
#444 Remove unnecessary properties, rename some fields 2015-11-29 00:51:30 -05:00			`* "ip": "127.0.0.1",`
More API improvements 2015-11-28 22:25:51 -05:00			`* "language": null,`
			`* "status": 3,`
#444 Remove unnecessary properties, rename some fields 2015-11-29 00:51:30 -05:00			`* "owner": 1,`
More API improvements 2015-11-28 22:25:51 -05:00			`* "time_worked": "00:05:07",`
			`* "archive": true,`
			`* "locked": true,`
			`* "attachments": "",`
			`* "merged": "",`
			* "history": "<li class=\"smaller\">2014-12-28 06:57:28 \| ticket created by Your name (mkoch)</li><li class=\"smaller\">2014-12-31 21:00:59 \| closed by Your name (mkoch)</li><li class=\"smaller\">2014-12-31 21:01:05 \| status changed to Waiting reply by Your name (mkoch)</li><li class=\"smaller\">2014-12-31 21:01:58 \| closed by Your name (mkoch)</li><li class=\"smaller\">2015-01-17 16:21:18 \| closed by Your name (mkoch)</li><li class=\"smaller\">2015-01-17 16:21:31 \| closed by Your name (mkoch)</li><li class=\"smaller\">2015-01-17 16:22:05 \| closed by Your name (mkoch)</li><li class=\"smaller\">2015-01-17 16:24:06 \| status changed to by Your name (mkoch)</li><li class=\"smaller\">2015-01-17 16:25:40 \| status changed to On Hold by Your name (mkoch)</li><li class=\"smaller\">2015-01-17 16:25:53 \| status changed to In Progress by Your name (mkoch)</li><li class=\"smaller\">2015-01-17 21:39:11 \| locked by Your name (mkoch)</li>",
			`* "custom1": "1420671600",`
			`* "custom2": "",`
			`* "custom3": "",`
			`* "custom4": "",`
			`* "custom5": "",`
			`* "custom6": "",`
			`* "custom7": "",`
			`* "custom8": "",`
			`* "custom9": "",`
			`* "custom10": "",`
			`* "custom11": "",`
			`* "custom12": "",`
			`* "custom13": "",`
			`* "custom14": "",`
			`* "custom15": "",`
			`* "custom16": "",`
			`* "custom17": "",`
			`* "custom18": "",`
			`* "custom19": "",`
			`* "custom20": "",`
#444 Remove unnecessary properties, rename some fields 2015-11-29 00:51:30 -05:00			`* "parent": 139,`
More API improvements 2015-11-28 22:25:51 -05:00			`* "latitude": "E-0",`
			`* "longitude": "E-0",`
			`* "html": false,`
			`* "user_agent": null,`
			`* "screen_resolution_width": null,`
			`* "screen_resolution_height": null`
			`* }`
			`*`
			* @apiError (noTokenProvided) 400 No `X-Auth-Token` was provided where it is required
			* @apiError (invalidXAuthToken) 401 The `X-Auth-Token` provided was invalid
			`*/`
Ticket API and return 404 if no results 2015-11-02 12:55:32 -05:00			`if ($request_method == 'GET') {`
Add security to additional endpoints 2015-11-23 12:38:53 -05:00			`$token = get_header('X-Auth-Token');`

			`try {`
			`get_user_for_token($token, $hesk_settings);`
			`} catch (AccessException $e) {`
			`return http_response_code($e->getCode());`
			`}`

Ticket API and return 404 if no results 2015-11-02 12:55:32 -05:00			`if (isset($_GET['id'])) {`
Add GET /ticket 2015-11-29 11:45:23 -05:00			`$results = get_ticket_for_staff($hesk_settings, $_GET['id']);`
Ticket API and return 404 if no results 2015-11-02 12:55:32 -05:00			`} else {`
Add GET /ticket 2015-11-29 11:45:23 -05:00			`$results = get_ticket_for_staff($hesk_settings);`
Ticket API and return 404 if no results 2015-11-02 12:55:32 -05:00			`}`

			`if ($results == NULL) {`
			`return http_response_code(404);`
			`}`
Remove unnecessary else block 2015-11-02 13:00:34 -05:00			`return output($results);`
			`}`

			`return http_response_code(405);`