Add a basic endpoint to get a ticket for staff

api/ApplicationContext.php

@@ -87,7 +87,8 @@ class ApplicationContext {
         // Tickets
         $this->get[UserToTicketChecker::class] = new UserToTicketChecker($this->get[UserGateway::class]);
         $this->get[TicketGateway::class] = new TicketGateway();
-        $this->get[TicketRetriever::class] = new TicketRetriever($this->get[TicketGateway::class]);
+        $this->get[TicketRetriever::class] = new TicketRetriever($this->get[TicketGateway::class],
+            $this->get[UserToTicketChecker::class]);
         $this->get[TicketValidators::class] = new TicketValidators($this->get[TicketGateway::class]);
         $this->get[TrackingIdGenerator::class] = new TrackingIdGenerator($this->get[TicketGateway::class]);
         $this->get[Autoassigner::class] = new Autoassigner($this->get[CategoryGateway::class], $this->get[UserGateway::class]);

api/BusinessLogic/Tickets/Ticket.php

@@ -131,8 +131,8 @@ class Ticket {
 
             $reply->staffId = $replyRow['staffid'] > 0 ? $replyRow['staffid'] : null;
             $reply->rating = $replyRow['rating'];
-            $reply->isRead = $replyRow['read'];
-            $reply->usesHtml = $replyRow['html'];
+            $reply->isRead = $replyRow['read'] === '1';
+            $reply->usesHtml = $replyRow['html'] === '1';
 
             $replies[$reply->id] = $reply;
         }

api/BusinessLogic/Tickets/TicketRetriever.php

@@ -3,8 +3,10 @@
 namespace BusinessLogic\Tickets;
 
 
+use BusinessLogic\Exceptions\AccessViolationException;
 use BusinessLogic\Exceptions\ApiFriendlyException;
 use BusinessLogic\Exceptions\ValidationException;
+use BusinessLogic\Security\UserToTicketChecker;
 use BusinessLogic\ValidationModel;
 use DataAccess\Tickets\TicketGateway;
 
@@ -14,12 +16,27 @@ class TicketRetriever {
      */
     private $ticketGateway;
 
-    function __construct($ticketGateway) {
+    /* @var $userToTicketChecker UserToTicketChecker */
+    private $userToTicketChecker;
+
+    function __construct($ticketGateway, $userToTicketChecker) {
         $this->ticketGateway = $ticketGateway;
+        $this->userToTicketChecker = $userToTicketChecker;
     }
 
+    //TODO Properly test
     function getTicketById($id, $heskSettings, $userContext) {
-        return $this->ticketGateway->getTicketById($id, $heskSettings);
+        $ticket = $this->ticketGateway->getTicketById($id, $heskSettings);
+
+        if ($ticket !== null) {
+            throw new ApiFriendlyException("Ticket {$id} not found!", "Ticket Not Found", 404);
+        }
+
+        if (!$this->userToTicketChecker->isTicketAccessibleToUser($userContext, $ticket, $heskSettings)) {
+            throw new AccessViolationException("User does not have access to ticket {$id}!");
+        }
+
+        return $ticket;
     }
 
     function getTicketByTrackingIdAndEmail($trackingId, $emailAddress, $heskSettings) {

api/Controllers/Tickets/StaffTicketController.php

@@ -7,9 +7,19 @@ use BusinessLogic\Helpers;
 use BusinessLogic\Tickets\EditTicketModel;
 use BusinessLogic\Tickets\TicketDeleter;
 use BusinessLogic\Tickets\TicketEditor;
+use BusinessLogic\Tickets\TicketRetriever;
 use Controllers\JsonRetriever;
 
 class StaffTicketController {
+    function get($id) {
+        global $applicationContext, $userContext, $hesk_settings;
+
+        /* @var $ticketRetriever TicketRetriever */
+        $ticketRetriever = $applicationContext->get[TicketRetriever::class];
+
+        output($ticketRetriever->getTicketById($id, $hesk_settings, $userContext));
+    }
+
     function delete($id) {
         global $applicationContext, $userContext, $hesk_settings;