From 22372ca14db0c20078a8a8f64acb99adea19df22 Mon Sep 17 00:00:00 2001
From: Mike Koch <mkoch227@gmail.com>
Date: Sun, 29 Nov 2015 11:45:23 -0500
Subject: [PATCH] Add GET /ticket

---
 api/admin/ticket/index.php             |   4 +-
 api/businesslogic/ticket_retriever.php |  65 +++++++-----
 api/ticket/index.php                   | 132 +++++++++++++++++++++++++
 3 files changed, 177 insertions(+), 24 deletions(-)
 create mode 100644 api/ticket/index.php

diff --git a/api/admin/ticket/index.php b/api/admin/ticket/index.php
index 4d315efe..a95fc1fb 100644
--- a/api/admin/ticket/index.php
+++ b/api/admin/ticket/index.php
@@ -118,9 +118,9 @@ if ($request_method == 'GET') {
     }
 
     if (isset($_GET['id'])) {
-        $results = get_ticket($hesk_settings, $_GET['id']);
+        $results = get_ticket_for_staff($hesk_settings, $_GET['id']);
     } else {
-        $results = get_ticket($hesk_settings);
+        $results = get_ticket_for_staff($hesk_settings);
     }
 
     if ($results == NULL) {
diff --git a/api/businesslogic/ticket_retriever.php b/api/businesslogic/ticket_retriever.php
index 82d99f8e..59f4ee69 100644
--- a/api/businesslogic/ticket_retriever.php
+++ b/api/businesslogic/ticket_retriever.php
@@ -1,22 +1,12 @@
 <?php
 require_once(API_PATH . 'dao/ticket_dao.php');
 
-function get_ticket($hesk_settings, $id = NULL) {
+function get_ticket_for_staff($hesk_settings, $id = NULL) {
     $tickets = get_ticket_for_id($hesk_settings, $id);
 
     if ($id === NULL) {
         foreach ($tickets as $ticket) {
-            unset($ticket['lastchange']);
-            unset($ticket['firstreply']);
-            unset($ticket['closedat']);
-            unset($ticket['openedby']);
-            unset($ticket['firstreplyby']);
-            unset($ticket['closedby']);
-            unset($ticket['replies']);
-            unset($ticket['staffreplies']);
-            unset($ticket['lastreplier']);
-            unset($ticket['replierid']);
-
+            $ticket = remove_common_properties($ticket);
             $ticket['suggestedArticles'] = $ticket['articles'];
             unset($ticket['articles']);
             $ticket['legacyAuditTrail'] = $ticket['history'];
@@ -25,16 +15,7 @@ function get_ticket($hesk_settings, $id = NULL) {
             unset($ticket['parent']);
         }
     } else {
-        unset($tickets['lastchange']);
-        unset($tickets['firstreply']);
-        unset($tickets['closedat']);
-        unset($tickets['openedby']);
-        unset($tickets['firstreplyby']);
-        unset($tickets['closedby']);
-        unset($tickets['replies']);
-        unset($tickets['staffreplies']);
-        unset($tickets['lastreplier']);
-        unset($tickets['replierid']);
+        $tickets = remove_common_properties($tickets);
 
         $tickets['suggestedArticles'] = $tickets['articles'];
         unset($tickets['articles']);
@@ -46,4 +27,44 @@ function get_ticket($hesk_settings, $id = NULL) {
 
 
     return $tickets;
+}
+
+function remove_common_properties($ticket) {
+    unset($ticket['lastchange']);
+    unset($ticket['firstreply']);
+    unset($ticket['closedat']);
+    unset($ticket['openedby']);
+    unset($ticket['firstreplyby']);
+    unset($ticket['closedby']);
+    unset($ticket['replies']);
+    unset($ticket['staffreplies']);
+    unset($ticket['lastreplier']);
+    unset($ticket['replierid']);
+
+    return $ticket;
+}
+
+function get_ticket($hesk_settings, $id) {
+    $ticket = get_ticket_for_id($hesk_settings, $id);
+    $ticket = remove_common_properties($ticket);
+    $ticket = remove_staff_specific_properties($ticket);
+
+    return $ticket;
+}
+
+function remove_staff_specific_properties($ticket) {
+    unset($ticket['articles']);
+    unset($ticket['ip']);
+    unset($ticket['language']);
+    unset($ticket['owner']);
+    unset($ticket['time_worked']);
+    unset($ticket['history']);
+    unset($ticket['latitude']);
+    unset($ticket['longitude']);
+    unset($ticket['user_agent']);
+    unset($ticket['screen_resolution_width']);
+    unset($ticket['screen_resolution_height']);
+    unset($ticket['parent']);
+
+    return $ticket;
 }
\ No newline at end of file
diff --git a/api/ticket/index.php b/api/ticket/index.php
new file mode 100644
index 00000000..25e2575d
--- /dev/null
+++ b/api/ticket/index.php
@@ -0,0 +1,132 @@
+<?php
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../../');
+define('API_PATH', '../');
+require_once(HESK_PATH . 'hesk_settings.inc.php');
+require_once(HESK_PATH . 'inc/common.inc.php');
+require_once(API_PATH . 'core/headers.php');
+require_once(API_PATH . 'core/output.php');
+require_once(API_PATH . 'businesslogic/ticket_retriever.php');
+require_once(API_PATH . 'businesslogic/security_retriever.php');
+
+hesk_load_api_database_functions();
+hesk_dbConnect();
+
+// Routing
+$request_method = $_SERVER['REQUEST_METHOD'];
+
+/**
+ * @api {get} /ticket Retrieve a ticket (staff-side)
+ * @apiVersion 0.0.0
+ * @apiName GetTicket
+ * @apiGroup Ticket
+ * @apiPermission protected
+ *
+ * @apiParam {Number} [id] The ID of the ticket.
+ *
+ * @apiSuccess {Number} id ID of the ticket
+ * @apiSuccess {String} trackid The tracking id of the ticket
+ * @apiSuccess {String} name The name of the contact
+ * @apiSuccess {String} email The email address of the ticket (empty string if no email)
+ * @apiSuccess {Integer} category The ID of the category the ticket is in
+ * @apiSuccess {Integer} priority The ID of the priority the ticket is in
+ * @apiSuccess {String} subject The subject of the ticket
+ * @apiSuccess {String} message The original message of the ticket
+ * @apiSuccess {String} dt The date and time the ticket was submitted, in `YYYY-MM-DD hh:mm:ss`
+ * @apiSuccess {Integer} articles The knowledgebase article IDs suggested when the user created the ticket
+ * @apiSuccess {String} ip The IP address of the submitter
+ * @apiSuccess {String} language The language the ticket was submitted in
+ * @apiSuccess {Integer} status The ID of the status the ticket is set to
+ * @apiSuccess {Integer} owner The user ID of the ticket owner
+ * @apiSuccess {String} time_worked The total time worked on the ticket, in `hh:mm:ss`
+ * @apiSuccess {Boolean} archive `true` if the ticket is tagged<br>`false` otherwise
+ * @apiSuccess {Boolean} locked `true` if the ticket is locked<br>`false` otherwise
+ * @apiSuccess {Binary[]} attachments Array of attachments, in base-64 encoded binary
+ * @apiSuccess {Integer[]} merged Array of merged ticket IDs
+ * @apiSuccess {String} history HTML markup of the entire "Audit Trail" section
+ * @apiSuccess {String} custom1-20 Custom fields 1-20's values.
+ * @apiSuccess {Integer} parent The ID of the ticket linked to this ticket
+ * @apiSuccess {String} latitude The latitudinal coordinate of the user's location, or one of the corresponding error codes.
+ * @apiSuccess {String} longitude The longitudinal coordinate of the user's location, or one of the corresponding error codes.
+ * @apiSuccess {Boolean} html `true` if the ticket was created with HTML encoding<br>`false` otherwise
+ * @apiSuccess {String} user_agent The user agent of the user who submitted the ticket
+ * @apiSuccess {Integer} screen_resolution_width The width of the screen resolution of the user who submitted the ticket
+ * @apiSuccess {Integer} screen_resolution_height The height of the screen resolution of the user who submitted the ticket
+ *
+ * @apiSuccessExample {json} Success-Response:
+ *     HTTP/1.1 200 OK
+ *     {
+ *           "id": 22,
+ *           "trackid": "EVL-RRL-DUBG",
+ *           "name": "Test",
+ *           "email": "",
+ *           "category": 1,
+ *           "priority": 3,
+ *           "subject": "test",
+ *           "message": "test",
+ *           "dt": "2014-12-28 00:57:26",
+ *           "articles": null,
+ *           "ip": "127.0.0.1",
+ *           "language": null,
+ *           "status": 3,
+ *           "owner": 1,
+ *           "time_worked": "00:05:07",
+ *           "archive": true,
+ *           "locked": true,
+ *           "attachments": "",
+ *           "merged": "",
+ *           "history": "<li class=\"smaller\">2014-12-28 06:57:28 | ticket created by Your name (mkoch)</li><li class=\"smaller\">2014-12-31 21:00:59 | closed by Your name (mkoch)</li><li class=\"smaller\">2014-12-31 21:01:05 | status changed to Waiting reply by Your name (mkoch)</li><li class=\"smaller\">2014-12-31 21:01:58 | closed by Your name (mkoch)</li><li class=\"smaller\">2015-01-17 16:21:18 | closed by Your name (mkoch)</li><li class=\"smaller\">2015-01-17 16:21:31 | closed by Your name (mkoch)</li><li class=\"smaller\">2015-01-17 16:22:05 | closed by Your name (mkoch)</li><li class=\"smaller\">2015-01-17 16:24:06 | status changed to  by Your name (mkoch)</li><li class=\"smaller\">2015-01-17 16:25:40 | status changed to On Hold by Your name (mkoch)</li><li class=\"smaller\">2015-01-17 16:25:53 | status changed to In Progress by Your name (mkoch)</li><li class=\"smaller\">2015-01-17 21:39:11 | locked by Your name (mkoch)</li>",
+ *           "custom1": "1420671600",
+ *           "custom2": "",
+ *           "custom3": "",
+ *           "custom4": "",
+ *           "custom5": "",
+ *           "custom6": "",
+ *           "custom7": "",
+ *           "custom8": "",
+ *           "custom9": "",
+ *           "custom10": "",
+ *           "custom11": "",
+ *           "custom12": "",
+ *           "custom13": "",
+ *           "custom14": "",
+ *           "custom15": "",
+ *           "custom16": "",
+ *           "custom17": "",
+ *           "custom18": "",
+ *           "custom19": "",
+ *           "custom20": "",
+ *           "parent": 139,
+ *           "latitude": "E-0",
+ *           "longitude": "E-0",
+ *           "html": false,
+ *           "user_agent": null,
+ *           "screen_resolution_width": null,
+ *           "screen_resolution_height": null
+ *      }
+ *
+ * @apiError (noTokenProvided) 400 No `X-Auth-Token` was provided where it is required
+ * @apiError (invalidXAuthToken) 401 The `X-Auth-Token` provided was invalid
+ */
+if ($request_method == 'GET') {
+    $token = get_header('X-Auth-Token');
+
+    try {
+        get_user_for_token($token, $hesk_settings);
+    } catch (AccessException $e) {
+        return http_response_code($e->getCode());
+    }
+
+    if (isset($_GET['id'])) {
+        $results = get_ticket($hesk_settings, $_GET['id']);
+    } else {
+        return http_response_code(400);
+    }
+
+    if ($results == NULL) {
+        return http_response_code(404);
+    }
+    return output($results);
+}
+
+return http_response_code(405);
\ No newline at end of file