exists('SESSION.user')){ // $f3->set('SESSION.error', 'You don\'t have permission for this ticket.'); $f3->reroute('/login'); } } // list all tickts public function index($f3){ $this->check_access($f3); $db = $f3->get('DB'); // retrieve tickets $tickets = $db->exec('SELECT * FROM tickets ORDER BY created_at DESC'); // pass data to template $f3->set('tickets', $tickets); // render $f3->set('content', '../ui/views/ticket/index.html'); echo \Template::instance()->render('../ui/templates/layout.html'); $f3->clear('SESSION.error'); } // view a single ticket public function view($f3){ $this->check_access($f3); $ticket_id = $f3->get('PARAMS.id'); $db = $f3->get('DB'); $result = $db->exec( 'SELECT t.*, u.username as created_by_name FROM tickets t LEFT JOIN users u ON t.created_by = u.id WHERE t.id =? LIMIT 1', [$ticket_id] ); if(!$result){ // no record $f3->set('SESSION.error', 'Ticket not found.'); $f3->reroute('/tickets'); } $ticket = $result[0]; $f3->set('ticket', $ticket); // render $f3->set('content', '../ui/views/ticket/view.html'); echo \Template::instance()->render('../ui/templates/layout.html'); } // show create form public function createForm($f3){ $this->check_access($f3); $f3->set('content', '../ui/views/ticket/create.html'); echo \Template::instance()->render('../ui/templates/layout.html'); } // handle POST public function create($f3){ $this->check_access($f3); $title = $f3->get('POST.title'); $description = $f3->get('POST.description'); $priority = $f3->get('POST.priority'); // eg - low, medium, high $status = $f3->get('POST.status'); // eg - new, in_progress $created_by = $f3->get('SESSION.user.id'); // current logged in user $db = $f3->get('DB'); $db->exec( 'INSERT INTO tickets (title, description, priority, status, created_by, created_at, updated_at) VALUES (?,?,?,?,?,NOW(), NOW())', [$title, $description, $priority, $status, $created_by] ); $f3->reroute('/tickets'); } protected function get_ticket_check_edit_permission($f3){ $db = $f3->get('DB'); $ticket_id = $f3->get('PARAMS.id'); $result = $db->exec('SELECT * FROM tickets WHERE id = ? LIMIT 1', [$ticket_id]); if(!$result){ $f3->set('SESSION.error', 'Ticket not found.'); $f3->reroute('/tickets'); } $ticket = $result[0]; // TODO: refine $current_user = $f3->get('SESSION.user'); $is_admin = (isset($current_user['role']) && $current_user['role'] == 'admin'); $is_assigned = ($ticket['assigned_to'] == $current_user['id']); if(!$is_admin && !$is_assigned){ // should this be || // if not assigned and not admin, disallow edit $f3->set('SESSION.error', 'You do not have permission to edit this ticket.'); $f3->reroute('/tickets'); } return $ticket; } // show edit form public function editForm($f3){ $this->check_access($f3); $ticket_id = $f3->get('PARAMS.id'); $db = $f3->get('DB'); $ticket = $this->get_ticket_check_edit_permission($f3); $f3->set('ticket', $ticket); $f3->set('ticket', $ticket); $f3->set('content', '../ui/views/ticket/edit.html'); echo \Template::instance()->render('../ui/templates/layout.html'); } // process edit POST TODO: if assigned or admin public function update($f3){ $this->check_access($f3); $ticket = $this->get_ticket_check_edit_permission($f3); $ticket_id = $ticket['id']; $db = $f3->get('DB'); // get updated fields from post $title = $f3->get('POST.title'); $description = $f3->get('POST.description'); $priority = $f3->get('POST.priority'); // eg - low, medium, high $status = $f3->get('POST.status'); // eg - new, in_progress $updated_by = $f3->get('SESSION.user.id'); // current logged in user // TODO: if you want to update assignment, should be added here. $db->exec( 'UPDATE tickets SET title=?, description=?, priority=?, status=?, updated_by=?, updated_at=? WHERE id=?', [$title, $description, $priority, $status, $updated_by, 'NOW()', $ticket_id] ); $f3->reroute('/ticket/' . $ticket_id); } }