load(); } $common = $mysydeDir . "/common/common_functions.inc.php"; require_once($common); $connEnv = (local_environment()) ? $mysydeDir . "/dc.config.php" : $mysydeDir . "/dc-server.config.php"; require_once($connEnv); db_connect(); function parse_ids_list(?string $csv): array { if ($csv === null) return []; $csv = trim($csv); if ($csv === '') return []; $parts = explode(',', $csv); $out = []; foreach ($parts as $p) { $p = trim($p); if ($p === '') continue; if (ctype_digit($p)) $out[] = (int) $p; } $out = array_values(array_unique($out)); return $out; } function build_user_pairs(array $contact_rows): array { $pairs = []; foreach ($contact_rows as $row) { $m = $row['main_mandant_id'] ?? null; $d = $row['main_department_id'] ?? null; if ($m === null || $d === null) continue; if (!is_numeric($m) || !is_numeric($d)) continue; $pairs[((int) $m) . ':' . ((int) $d)] = true; } return $pairs; // associative set } function user_can_see_ticket(int $contact_id, array $user_pairs, array $ticket): bool { $contact_ids = parse_ids_list($ticket['contact_ids'] ?? null); $mandant_ids = parse_ids_list($ticket['mandant_ids'] ?? null); $department_ids = parse_ids_list($ticket['department_ids'] ?? null); if (!empty($contact_ids) && in_array($contact_id, $contact_ids, true)) { return true; } $mandant_unrestricted = empty($mandant_ids); $department_unrestricted = empty($department_ids); if ($mandant_unrestricted && $department_unrestricted) { return true; } if (!$mandant_unrestricted && $department_unrestricted) { foreach ($user_pairs as $pairKey => $_) { [$um, $ud] = array_map('intval', explode(':', $pairKey, 2)); if (in_array($um, $mandant_ids, true)) return true; } return false; } if ($mandant_unrestricted && !$department_unrestricted) { foreach ($user_pairs as $pairKey => $_) { [$um, $ud] = array_map('intval', explode(':', $pairKey, 2)); if (in_array($ud, $department_ids, true)) return true; } return false; } foreach ($mandant_ids as $m) { foreach ($department_ids as $d) { if (isset($user_pairs[$m . ':' . $d])) { return true; } } } return false; } function filter_tickets_for_user(int $contact_id, array $contact_rows, array $tickets): array { $user_pairs = build_user_pairs($contact_rows); $out = []; foreach ($tickets as $ticket) { if (user_can_see_ticket($contact_id, $user_pairs, $ticket)) { $out[] = $ticket; } } return $out; } $json = file_get_contents('php://input'); $data = json_decode($json, true); switch ($data['action']) { case 'get_tickets': get_tickets($data); break; case 'getSubCategories': get_sub_categories($data); break; case 'getParendCategories': get_parent_categories($data); break; case 'getCategorieInfo': get_categorie_info($data); break; default: echo json_encode(['error' => 'Invalid action']); break; } function get_categorie_info($data) { $category_id = $data['category_id'] ?? ''; $query = "SELECT id, description, text FROM main_tickets_category WHERE id = :category_id"; $stmt = $GLOBALS['pdo_conn']->prepare($query); $stmt->bindParam(':category_id', $category_id); $stmt->execute(); $category_info = $stmt->fetch(PDO::FETCH_ASSOC); echo json_encode($category_info); } function get_parent_categories($data) { $query = "SELECT id, description, text FROM main_tickets_category WHERE parent_id IS NULL ORDER BY sorting"; $stmt = $GLOBALS['pdo_conn']->prepare($query); $stmt->execute(); $parent_categories = $stmt->fetchAll(PDO::FETCH_ASSOC); echo json_encode($parent_categories); } function get_sub_categories($data) { $category_id = $data['category_id'] ?? ''; $query = "SELECT id, description, text FROM main_tickets_category WHERE parent_id = :category_id ORDER BY sorting"; $stmt = $GLOBALS['pdo_conn']->prepare($query); $stmt->bindParam(':category_id', $category_id); $stmt->execute(); $sub_categories = $stmt->fetchAll(PDO::FETCH_ASSOC); echo json_encode($sub_categories); } function get_tickets($data) { $cue = $data['cue'] ?? ''; $contact_id = $data['contactID'] ?? ''; $query = "SELECT main_contact.id AS contact_id, main_contact_department.main_mandant_id, main_contact_department.main_department_id, main_contact_department.main_role_id, main_contact_department.main_bereich_id, main_contact_department.main_einricht_id FROM main_contact LEFT JOIN main_contact_department AS main_contact_department ON main_contact_department.main_contact_id = main_contact.id WHERE main_contact.id = :contact_id "; $stmt = $GLOBALS['pdo_conn']->prepare($query); $stmt->bindParam(':contact_id', $contact_id); $stmt->execute(); $contact_rows = $stmt->fetchAll(PDO::FETCH_ASSOC); switch ($cue) { case '1000': $where = "WHERE main_tickets.sender_id = :contact_id AND current_state != 4"; break; case '2000': $where = "WHERE main_tickets.receiver_id = :contact_id AND current_state != 4"; break; case '3000': $where = "WHERE current_state != 4"; break; case '4000': $where = "WHERE main_tickets.current_state = 4"; break; case '6000': $where = ""; break; case '7000': $where = "WHERE main_tickets.receiver_id = 0"; break; case '8000': $where = "WHERE main_tickets.insurance_claim = 1"; break; default: $where = ""; break; } $query = "SELECT main_tickets.id, main_tickets.id AS 'ticket_no', main_tickets.description, main_tickets.creation_date, receiver.name AS 'receiver', sender.name AS 'sender', main_tickets_category.description AS 'category_description', individual_state.description AS 'individual_state_description', GROUP_CONCAT(DISTINCT main_tickets_category_mandant.main_mandant_id) AS mandant_ids, GROUP_CONCAT(DISTINCT main_tickets_category_department.main_department_id) AS department_ids, GROUP_CONCAT(DISTINCT main_tickets_category_contact.main_contact_id) AS contact_ids FROM main_tickets LEFT JOIN main_contact AS receiver ON receiver.id = main_tickets.receiver_id LEFT JOIN main_contact AS sender ON sender.id = main_tickets.sender_id LEFT JOIN main_tickets_category ON main_tickets.main_ticket_category_id = main_tickets_category.id LEFT JOIN main_tickets_status AS individual_state ON individual_state.id = main_tickets.individual_state LEFT JOIN main_tickets_category_mandant AS main_tickets_category_mandant ON main_tickets_category_mandant.main_tickets_category_id = main_tickets.main_ticket_category_id LEFT JOIN main_tickets_category_department AS main_tickets_category_department ON main_tickets_category_department.main_tickets_category_id = main_tickets.main_ticket_category_id LEFT JOIN main_tickets_category_contact AS main_tickets_category_contact ON main_tickets_category_contact.main_tickets_category_id = main_tickets.main_ticket_category_id $where GROUP BY main_tickets.id "; $stmt = $GLOBALS['pdo_conn']->prepare($query); switch ($cue) { case '1000': $stmt->bindParam(':contact_id', $contact_id, PDO::PARAM_INT); break; case '2000': $stmt->bindParam(':contact_id', $contact_id, PDO::PARAM_INT); break; case '3000': break; case '4000': break; case '5000': break; case '6000': break; case '7000': break; default: break; } $stmt->execute(); $tickets = $stmt->fetchAll(PDO::FETCH_ASSOC); $contact_id_int = (int) $contact_id; switch ($cue) { case '1000': break; case '2000': break; case '3000': $tickets = filter_tickets_for_user($contact_id_int, $contact_rows, $tickets); break; case '4000': $tickets = filter_tickets_for_user($contact_id_int, $contact_rows, $tickets); break; case '5000': break; case '6000': break; case '7000': break; default: break; } $tickets = array_map(function ($ticket) { $ticket['id'] = encryptId($ticket['id']); return $ticket; }, $tickets); echo json_encode($tickets); }