2026-02-17 14:56:23 +01:00
|
|
|
<?php
|
2026-02-19 16:48:26 +01:00
|
|
|
error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR | E_COMPILE_ERROR);
|
|
|
|
|
ini_set('display_errors', 1);
|
|
|
|
|
ini_set('display_startup_errors', 1);
|
|
|
|
|
|
2026-02-17 14:56:23 +01:00
|
|
|
session_start();
|
|
|
|
|
$currDir = __DIR__;
|
2026-02-19 16:48:26 +01:00
|
|
|
$rootDir = dirname(dirname(dirname($currDir)));
|
2026-02-17 14:56:23 +01:00
|
|
|
$mysydeDir = $rootDir . '/mysyde';
|
|
|
|
|
|
2026-05-11 08:54:44 +02:00
|
|
|
require_once($rootDir . '/vendor/autoload.php');
|
2026-02-17 14:56:23 +01:00
|
|
|
require_once($rootDir . "/mysyde/frontend/frontend_functions.inc.php");
|
|
|
|
|
|
|
|
|
|
$envDir = $rootDir . '/config';
|
|
|
|
|
$envFilePath = $envDir . '/.env';
|
|
|
|
|
if (is_dir($envDir) && file_exists($envFilePath) && is_file($envFilePath) && is_readable($envFilePath)) {
|
|
|
|
|
$dotenv = new \Dotenv\Dotenv($envDir);
|
|
|
|
|
$dotenv->load();
|
|
|
|
|
}
|
2026-05-11 08:54:44 +02:00
|
|
|
$common = $mysydeDir . "/common/common_functions.inc.php";
|
2026-02-17 14:56:23 +01:00
|
|
|
require_once($common);
|
|
|
|
|
|
2026-05-11 08:54:44 +02:00
|
|
|
$connEnv = (local_environment()) ? $mysydeDir . "/dc.config.php" : $mysydeDir . "/dc-server.config.php";
|
2026-02-17 14:56:23 +01:00
|
|
|
|
|
|
|
|
require_once($connEnv);
|
|
|
|
|
|
|
|
|
|
db_connect();
|
|
|
|
|
|
2026-05-11 08:54:44 +02:00
|
|
|
function parse_ids_list(?string $csv): array
|
|
|
|
|
{
|
|
|
|
|
if ($csv === null)
|
|
|
|
|
return [];
|
|
|
|
|
$csv = trim($csv);
|
|
|
|
|
if ($csv === '')
|
|
|
|
|
return [];
|
2026-02-17 14:56:23 +01:00
|
|
|
|
2026-05-11 08:54:44 +02:00
|
|
|
$parts = explode(',', $csv);
|
|
|
|
|
$out = [];
|
|
|
|
|
foreach ($parts as $p) {
|
|
|
|
|
$p = trim($p);
|
|
|
|
|
if ($p === '')
|
|
|
|
|
continue;
|
|
|
|
|
if (ctype_digit($p))
|
|
|
|
|
$out[] = (int) $p;
|
|
|
|
|
}
|
|
|
|
|
$out = array_values(array_unique($out));
|
|
|
|
|
return $out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function build_user_pairs(array $contact_rows): array
|
|
|
|
|
{
|
|
|
|
|
$pairs = [];
|
|
|
|
|
foreach ($contact_rows as $row) {
|
|
|
|
|
$m = $row['main_mandant_id'] ?? null;
|
|
|
|
|
$d = $row['main_department_id'] ?? null;
|
|
|
|
|
if ($m === null || $d === null)
|
|
|
|
|
continue;
|
|
|
|
|
if (!is_numeric($m) || !is_numeric($d))
|
|
|
|
|
continue;
|
|
|
|
|
$pairs[((int) $m) . ':' . ((int) $d)] = true;
|
|
|
|
|
}
|
|
|
|
|
return $pairs; // associative set
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function user_can_see_ticket(int $contact_id, array $user_pairs, array $ticket): bool
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
$contact_ids = parse_ids_list($ticket['contact_ids'] ?? null);
|
|
|
|
|
$mandant_ids = parse_ids_list($ticket['mandant_ids'] ?? null);
|
|
|
|
|
$department_ids = parse_ids_list($ticket['department_ids'] ?? null);
|
|
|
|
|
|
|
|
|
|
if (!empty($contact_ids) && in_array($contact_id, $contact_ids, true)) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$mandant_unrestricted = empty($mandant_ids);
|
|
|
|
|
$department_unrestricted = empty($department_ids);
|
|
|
|
|
|
|
|
|
|
if ($mandant_unrestricted && $department_unrestricted) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!$mandant_unrestricted && $department_unrestricted) {
|
|
|
|
|
foreach ($user_pairs as $pairKey => $_) {
|
|
|
|
|
[$um, $ud] = array_map('intval', explode(':', $pairKey, 2));
|
|
|
|
|
if (in_array($um, $mandant_ids, true))
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($mandant_unrestricted && !$department_unrestricted) {
|
|
|
|
|
foreach ($user_pairs as $pairKey => $_) {
|
|
|
|
|
[$um, $ud] = array_map('intval', explode(':', $pairKey, 2));
|
|
|
|
|
if (in_array($ud, $department_ids, true))
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
foreach ($mandant_ids as $m) {
|
|
|
|
|
foreach ($department_ids as $d) {
|
|
|
|
|
if (isset($user_pairs[$m . ':' . $d])) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function filter_tickets_for_user(int $contact_id, array $contact_rows, array $tickets): array
|
|
|
|
|
{
|
|
|
|
|
$user_pairs = build_user_pairs($contact_rows);
|
|
|
|
|
|
|
|
|
|
$out = [];
|
|
|
|
|
foreach ($tickets as $ticket) {
|
|
|
|
|
if (user_can_see_ticket($contact_id, $user_pairs, $ticket)) {
|
|
|
|
|
$out[] = $ticket;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return $out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$json = file_get_contents('php://input');
|
|
|
|
|
$data = json_decode($json, true);
|
|
|
|
|
|
|
|
|
|
switch ($data['action']) {
|
2026-02-19 16:48:26 +01:00
|
|
|
case 'get_tickets':
|
2026-05-11 08:54:44 +02:00
|
|
|
get_tickets($data);
|
|
|
|
|
break;
|
|
|
|
|
case 'getSubCategories':
|
|
|
|
|
get_sub_categories($data);
|
|
|
|
|
break;
|
|
|
|
|
case 'getParendCategories':
|
|
|
|
|
get_parent_categories($data);
|
|
|
|
|
break;
|
|
|
|
|
case 'getCategorieInfo':
|
|
|
|
|
get_categorie_info($data);
|
2026-02-19 16:48:26 +01:00
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
echo json_encode(['error' => 'Invalid action']);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2026-05-11 08:54:44 +02:00
|
|
|
function get_categorie_info($data)
|
|
|
|
|
{
|
|
|
|
|
$category_id = $data['category_id'] ?? '';
|
|
|
|
|
|
|
|
|
|
$query = "SELECT id, description, text FROM main_tickets_category WHERE id = :category_id";
|
|
|
|
|
$stmt = $GLOBALS['pdo_conn']->prepare($query);
|
|
|
|
|
$stmt->bindParam(':category_id', $category_id);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
$category_info = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
|
|
|
|
|
|
echo json_encode($category_info);
|
|
|
|
|
}
|
|
|
|
|
function get_parent_categories($data)
|
|
|
|
|
{
|
|
|
|
|
$query = "SELECT id, description, text FROM main_tickets_category WHERE parent_id IS NULL ORDER BY sorting";
|
|
|
|
|
$stmt = $GLOBALS['pdo_conn']->prepare($query);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
$parent_categories = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
|
|
|
|
|
|
echo json_encode($parent_categories);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function get_sub_categories($data)
|
|
|
|
|
{
|
|
|
|
|
$category_id = $data['category_id'] ?? '';
|
|
|
|
|
|
|
|
|
|
$query = "SELECT id, description, text FROM main_tickets_category WHERE parent_id = :category_id ORDER BY sorting";
|
|
|
|
|
$stmt = $GLOBALS['pdo_conn']->prepare($query);
|
|
|
|
|
$stmt->bindParam(':category_id', $category_id);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
$sub_categories = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
|
|
|
|
|
|
echo json_encode($sub_categories);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function get_tickets($data)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
$cue = $data['cue'] ?? '';
|
|
|
|
|
$contact_id = $data['contactID'] ?? '';
|
|
|
|
|
|
|
|
|
|
$query = "SELECT
|
|
|
|
|
|
|
|
|
|
main_contact.id AS contact_id,
|
|
|
|
|
main_contact_department.main_mandant_id,
|
|
|
|
|
main_contact_department.main_department_id,
|
|
|
|
|
main_contact_department.main_role_id,
|
|
|
|
|
main_contact_department.main_bereich_id,
|
|
|
|
|
main_contact_department.main_einricht_id
|
|
|
|
|
|
|
|
|
|
FROM main_contact
|
|
|
|
|
|
|
|
|
|
LEFT JOIN main_contact_department AS main_contact_department ON main_contact_department.main_contact_id = main_contact.id
|
|
|
|
|
|
|
|
|
|
WHERE main_contact.id = :contact_id
|
|
|
|
|
";
|
|
|
|
|
|
|
|
|
|
$stmt = $GLOBALS['pdo_conn']->prepare($query);
|
|
|
|
|
$stmt->bindParam(':contact_id', $contact_id);
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
$contact_rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
|
|
|
|
|
|
switch ($cue) {
|
|
|
|
|
case '1000':
|
|
|
|
|
$where = "WHERE main_tickets.sender_id = :contact_id
|
|
|
|
|
AND current_state != 4";
|
|
|
|
|
break;
|
|
|
|
|
case '2000':
|
|
|
|
|
$where = "WHERE main_tickets.receiver_id = :contact_id
|
|
|
|
|
AND current_state != 4";
|
|
|
|
|
break;
|
|
|
|
|
case '3000':
|
|
|
|
|
$where = "WHERE current_state != 4";
|
|
|
|
|
break;
|
|
|
|
|
case '4000':
|
|
|
|
|
$where = "WHERE main_tickets.current_state = 4";
|
|
|
|
|
break;
|
|
|
|
|
case '6000':
|
|
|
|
|
$where = "";
|
|
|
|
|
break;
|
|
|
|
|
case '7000':
|
|
|
|
|
$where = "WHERE main_tickets.receiver_id = 0";
|
|
|
|
|
break;
|
|
|
|
|
case '8000':
|
|
|
|
|
$where = "WHERE main_tickets.insurance_claim = 1";
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
$where = "";
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$query = "SELECT
|
2026-02-19 16:48:26 +01:00
|
|
|
|
2026-05-11 08:54:44 +02:00
|
|
|
main_tickets.id,
|
|
|
|
|
main_tickets.id AS 'ticket_no',
|
|
|
|
|
main_tickets.description,
|
|
|
|
|
main_tickets.creation_date,
|
|
|
|
|
receiver.name AS 'receiver',
|
|
|
|
|
sender.name AS 'sender',
|
|
|
|
|
main_tickets_category.description AS 'category_description',
|
|
|
|
|
individual_state.description AS 'individual_state_description',
|
|
|
|
|
|
|
|
|
|
GROUP_CONCAT(DISTINCT main_tickets_category_mandant.main_mandant_id) AS mandant_ids,
|
|
|
|
|
GROUP_CONCAT(DISTINCT main_tickets_category_department.main_department_id) AS department_ids,
|
|
|
|
|
GROUP_CONCAT(DISTINCT main_tickets_category_contact.main_contact_id) AS contact_ids
|
|
|
|
|
|
|
|
|
|
FROM main_tickets
|
|
|
|
|
LEFT JOIN main_contact AS receiver ON receiver.id = main_tickets.receiver_id
|
|
|
|
|
LEFT JOIN main_contact AS sender ON sender.id = main_tickets.sender_id
|
|
|
|
|
LEFT JOIN main_tickets_category ON main_tickets.main_ticket_category_id = main_tickets_category.id
|
|
|
|
|
LEFT JOIN main_tickets_status AS individual_state ON individual_state.id = main_tickets.individual_state
|
|
|
|
|
|
|
|
|
|
LEFT JOIN main_tickets_category_mandant AS main_tickets_category_mandant ON main_tickets_category_mandant.main_tickets_category_id = main_tickets.main_ticket_category_id
|
|
|
|
|
LEFT JOIN main_tickets_category_department AS main_tickets_category_department ON main_tickets_category_department.main_tickets_category_id = main_tickets.main_ticket_category_id
|
|
|
|
|
LEFT JOIN main_tickets_category_contact AS main_tickets_category_contact ON main_tickets_category_contact.main_tickets_category_id = main_tickets.main_ticket_category_id
|
|
|
|
|
|
|
|
|
|
$where
|
|
|
|
|
|
|
|
|
|
GROUP BY main_tickets.id
|
|
|
|
|
";
|
|
|
|
|
|
|
|
|
|
$stmt = $GLOBALS['pdo_conn']->prepare($query);
|
|
|
|
|
switch ($cue) {
|
|
|
|
|
case '1000':
|
|
|
|
|
$stmt->bindParam(':contact_id', $contact_id, PDO::PARAM_INT);
|
|
|
|
|
break;
|
|
|
|
|
case '2000':
|
|
|
|
|
$stmt->bindParam(':contact_id', $contact_id, PDO::PARAM_INT);
|
|
|
|
|
break;
|
|
|
|
|
case '3000':
|
|
|
|
|
break;
|
|
|
|
|
case '4000':
|
|
|
|
|
break;
|
|
|
|
|
case '5000':
|
|
|
|
|
break;
|
|
|
|
|
case '6000':
|
|
|
|
|
break;
|
|
|
|
|
case '7000':
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$stmt->execute();
|
|
|
|
|
$tickets = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
|
|
|
|
|
|
$contact_id_int = (int) $contact_id;
|
|
|
|
|
|
|
|
|
|
switch ($cue) {
|
|
|
|
|
case '1000':
|
|
|
|
|
break;
|
|
|
|
|
case '2000':
|
|
|
|
|
break;
|
|
|
|
|
case '3000':
|
|
|
|
|
$tickets = filter_tickets_for_user($contact_id_int, $contact_rows, $tickets);
|
|
|
|
|
break;
|
|
|
|
|
case '4000':
|
|
|
|
|
$tickets = filter_tickets_for_user($contact_id_int, $contact_rows, $tickets);
|
|
|
|
|
break;
|
|
|
|
|
case '5000':
|
|
|
|
|
break;
|
|
|
|
|
case '6000':
|
|
|
|
|
break;
|
|
|
|
|
case '7000':
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$tickets = array_map(function ($ticket) {
|
|
|
|
|
$ticket['id'] = encryptId($ticket['id']);
|
|
|
|
|
return $ticket;
|
|
|
|
|
}, $tickets);
|
|
|
|
|
|
|
|
|
|
echo json_encode($tickets);
|
|
|
|
|
}
|