Files
awo-hamburg-intranet/module/ticketcenter/services/ticketcenter.api.php

326 lines
9.6 KiB
PHP
Raw Normal View History

2026-02-17 14:56:23 +01:00
<?php
2026-02-19 16:48:26 +01:00
error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR | E_COMPILE_ERROR);
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
2026-02-17 14:56:23 +01:00
session_start();
$currDir = __DIR__;
2026-02-19 16:48:26 +01:00
$rootDir = dirname(dirname(dirname($currDir)));
2026-02-17 14:56:23 +01:00
$mysydeDir = $rootDir . '/mysyde';
require_once($rootDir . '/vendor/autoload.php');
2026-02-17 14:56:23 +01:00
require_once($rootDir . "/mysyde/frontend/frontend_functions.inc.php");
$envDir = $rootDir . '/config';
$envFilePath = $envDir . '/.env';
if (is_dir($envDir) && file_exists($envFilePath) && is_file($envFilePath) && is_readable($envFilePath)) {
$dotenv = new \Dotenv\Dotenv($envDir);
$dotenv->load();
}
$common = $mysydeDir . "/common/common_functions.inc.php";
2026-02-17 14:56:23 +01:00
require_once($common);
$connEnv = (local_environment()) ? $mysydeDir . "/dc.config.php" : $mysydeDir . "/dc-server.config.php";
2026-02-17 14:56:23 +01:00
require_once($connEnv);
db_connect();
function parse_ids_list(?string $csv): array
{
if ($csv === null)
return [];
$csv = trim($csv);
if ($csv === '')
return [];
2026-02-17 14:56:23 +01:00
$parts = explode(',', $csv);
$out = [];
foreach ($parts as $p) {
$p = trim($p);
if ($p === '')
continue;
if (ctype_digit($p))
$out[] = (int) $p;
}
$out = array_values(array_unique($out));
return $out;
}
function build_user_pairs(array $contact_rows): array
{
$pairs = [];
foreach ($contact_rows as $row) {
$m = $row['main_mandant_id'] ?? null;
$d = $row['main_department_id'] ?? null;
if ($m === null || $d === null)
continue;
if (!is_numeric($m) || !is_numeric($d))
continue;
$pairs[((int) $m) . ':' . ((int) $d)] = true;
}
return $pairs; // associative set
}
function user_can_see_ticket(int $contact_id, array $user_pairs, array $ticket): bool
{
$contact_ids = parse_ids_list($ticket['contact_ids'] ?? null);
$mandant_ids = parse_ids_list($ticket['mandant_ids'] ?? null);
$department_ids = parse_ids_list($ticket['department_ids'] ?? null);
if (!empty($contact_ids) && in_array($contact_id, $contact_ids, true)) {
return true;
}
$mandant_unrestricted = empty($mandant_ids);
$department_unrestricted = empty($department_ids);
if ($mandant_unrestricted && $department_unrestricted) {
return true;
}
if (!$mandant_unrestricted && $department_unrestricted) {
foreach ($user_pairs as $pairKey => $_) {
[$um, $ud] = array_map('intval', explode(':', $pairKey, 2));
if (in_array($um, $mandant_ids, true))
return true;
}
return false;
}
if ($mandant_unrestricted && !$department_unrestricted) {
foreach ($user_pairs as $pairKey => $_) {
[$um, $ud] = array_map('intval', explode(':', $pairKey, 2));
if (in_array($ud, $department_ids, true))
return true;
}
return false;
}
foreach ($mandant_ids as $m) {
foreach ($department_ids as $d) {
if (isset($user_pairs[$m . ':' . $d])) {
return true;
}
}
}
return false;
}
function filter_tickets_for_user(int $contact_id, array $contact_rows, array $tickets): array
{
$user_pairs = build_user_pairs($contact_rows);
$out = [];
foreach ($tickets as $ticket) {
if (user_can_see_ticket($contact_id, $user_pairs, $ticket)) {
$out[] = $ticket;
}
}
return $out;
}
$json = file_get_contents('php://input');
$data = json_decode($json, true);
switch ($data['action']) {
2026-02-19 16:48:26 +01:00
case 'get_tickets':
get_tickets($data);
break;
case 'getSubCategories':
get_sub_categories($data);
break;
case 'getParendCategories':
get_parent_categories($data);
break;
case 'getCategorieInfo':
get_categorie_info($data);
2026-02-19 16:48:26 +01:00
break;
default:
echo json_encode(['error' => 'Invalid action']);
break;
}
function get_categorie_info($data)
{
$category_id = $data['category_id'] ?? '';
$query = "SELECT id, description, text FROM main_tickets_category WHERE id = :category_id";
$stmt = $GLOBALS['pdo_conn']->prepare($query);
$stmt->bindParam(':category_id', $category_id);
$stmt->execute();
$category_info = $stmt->fetch(PDO::FETCH_ASSOC);
echo json_encode($category_info);
}
function get_parent_categories($data)
{
$query = "SELECT id, description, text FROM main_tickets_category WHERE parent_id IS NULL ORDER BY sorting";
$stmt = $GLOBALS['pdo_conn']->prepare($query);
$stmt->execute();
$parent_categories = $stmt->fetchAll(PDO::FETCH_ASSOC);
echo json_encode($parent_categories);
}
function get_sub_categories($data)
{
$category_id = $data['category_id'] ?? '';
$query = "SELECT id, description, text FROM main_tickets_category WHERE parent_id = :category_id ORDER BY sorting";
$stmt = $GLOBALS['pdo_conn']->prepare($query);
$stmt->bindParam(':category_id', $category_id);
$stmt->execute();
$sub_categories = $stmt->fetchAll(PDO::FETCH_ASSOC);
echo json_encode($sub_categories);
}
function get_tickets($data)
{
$cue = $data['cue'] ?? '';
$contact_id = $data['contactID'] ?? '';
$query = "SELECT
main_contact.id AS contact_id,
main_contact_department.main_mandant_id,
main_contact_department.main_department_id,
main_contact_department.main_role_id,
main_contact_department.main_bereich_id,
main_contact_department.main_einricht_id
FROM main_contact
LEFT JOIN main_contact_department AS main_contact_department ON main_contact_department.main_contact_id = main_contact.id
WHERE main_contact.id = :contact_id
";
$stmt = $GLOBALS['pdo_conn']->prepare($query);
$stmt->bindParam(':contact_id', $contact_id);
$stmt->execute();
$contact_rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
switch ($cue) {
case '1000':
$where = "WHERE main_tickets.sender_id = :contact_id
AND current_state != 4";
break;
case '2000':
$where = "WHERE main_tickets.receiver_id = :contact_id
AND current_state != 4";
break;
case '3000':
$where = "WHERE current_state != 4";
break;
case '4000':
$where = "WHERE main_tickets.current_state = 4";
break;
case '6000':
$where = "";
break;
case '7000':
$where = "WHERE main_tickets.receiver_id = 0";
break;
case '8000':
$where = "WHERE main_tickets.insurance_claim = 1";
break;
default:
$where = "";
break;
}
$query = "SELECT
2026-02-19 16:48:26 +01:00
main_tickets.id,
main_tickets.id AS 'ticket_no',
main_tickets.description,
main_tickets.creation_date,
receiver.name AS 'receiver',
sender.name AS 'sender',
main_tickets_category.description AS 'category_description',
individual_state.description AS 'individual_state_description',
GROUP_CONCAT(DISTINCT main_tickets_category_mandant.main_mandant_id) AS mandant_ids,
GROUP_CONCAT(DISTINCT main_tickets_category_department.main_department_id) AS department_ids,
GROUP_CONCAT(DISTINCT main_tickets_category_contact.main_contact_id) AS contact_ids
FROM main_tickets
LEFT JOIN main_contact AS receiver ON receiver.id = main_tickets.receiver_id
LEFT JOIN main_contact AS sender ON sender.id = main_tickets.sender_id
LEFT JOIN main_tickets_category ON main_tickets.main_ticket_category_id = main_tickets_category.id
LEFT JOIN main_tickets_status AS individual_state ON individual_state.id = main_tickets.individual_state
LEFT JOIN main_tickets_category_mandant AS main_tickets_category_mandant ON main_tickets_category_mandant.main_tickets_category_id = main_tickets.main_ticket_category_id
LEFT JOIN main_tickets_category_department AS main_tickets_category_department ON main_tickets_category_department.main_tickets_category_id = main_tickets.main_ticket_category_id
LEFT JOIN main_tickets_category_contact AS main_tickets_category_contact ON main_tickets_category_contact.main_tickets_category_id = main_tickets.main_ticket_category_id
$where
GROUP BY main_tickets.id
";
$stmt = $GLOBALS['pdo_conn']->prepare($query);
switch ($cue) {
case '1000':
$stmt->bindParam(':contact_id', $contact_id, PDO::PARAM_INT);
break;
case '2000':
$stmt->bindParam(':contact_id', $contact_id, PDO::PARAM_INT);
break;
case '3000':
break;
case '4000':
break;
case '5000':
break;
case '6000':
break;
case '7000':
break;
default:
break;
}
$stmt->execute();
$tickets = $stmt->fetchAll(PDO::FETCH_ASSOC);
$contact_id_int = (int) $contact_id;
switch ($cue) {
case '1000':
break;
case '2000':
break;
case '3000':
$tickets = filter_tickets_for_user($contact_id_int, $contact_rows, $tickets);
break;
case '4000':
$tickets = filter_tickets_for_user($contact_id_int, $contact_rows, $tickets);
break;
case '5000':
break;
case '6000':
break;
case '7000':
break;
default:
break;
}
$tickets = array_map(function ($ticket) {
$ticket['id'] = encryptId($ticket['id']);
return $ticket;
}, $tickets);
echo json_encode($tickets);
}