Fixed ticket creation stuff

api/BusinessLogic/Security/UserContext.php

@@ -55,6 +55,21 @@ class UserContext extends \BaseClass {
     /* @var $active bool */
     public $active;
 
+    static function buildAnonymousUser() {
+        $userContext = new UserContext();
+        $userContext->id = -1;
+        $userContext->username = "API - ANONYMOUS USER"; // Usernames can't have spaces, so no one will take this username
+        $userContext->admin = false;
+        $userContext->name = "ANONYMOUS USER";
+        $userContext->email = "anonymous-user@example.com";
+        $userContext->categories = array();
+        $userContext->permissions = array();
+        $userContext->autoAssign = false;
+        $userContext->active = true;
+
+        return $userContext;
+    }
+
     /**
      * Builds a user context based on the current session. **The session must be active!**
      * @param $dataRow array the $_SESSION superglobal or the hesk_users result set

api/BusinessLogic/Tickets/TicketCreator.php

@@ -155,10 +155,12 @@ class TicketCreator extends \BaseClass {
         $ticket->lastReplier = 0;
 
         $this->auditTrailGateway->insertAuditTrailRecord($ticket->id, AuditTrailEntityType::TICKET,
-            'audit_created', DateTimeHelpers::heskDate($heskSettings), array(), $heskSettings);
+            'audit_created', DateTimeHelpers::heskDate($heskSettings), array(
+                0 => $ticket->name
+            ), $heskSettings);
 
         $addressees = new Addressees();
-        $addressees->to = $this->getAddressees($ticket->email);
+        $addressees->to = $ticket->email;
 
         if ($ticketRequest->sendEmailToCustomer && $emailVerified) {
             $this->emailSenderHelper->sendEmailForTicket(EmailTemplateRetriever::NEW_TICKET, $ticketRequest->language, $addressees, $ticket, $heskSettings, $modsForHeskSettings);

api/DataAccess/Tickets/TicketGateway.php

@@ -129,7 +129,7 @@ class TicketGateway extends CommonDao {
     function getTicketByTrackingId($trackingId, $heskSettings) {
         $this->init();
 
-        $rs = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($heskSettings['db_pfix']) . "tickets` WHERE `trackid` = " . intval($trackingId));
+        $rs = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($heskSettings['db_pfix']) . "tickets` WHERE `trackid` = '" . hesk_dbEscape($trackingId) . "'");
         if (hesk_dbNumRows($rs) === 0) {
             return null;
         }
@@ -138,7 +138,40 @@ class TicketGateway extends CommonDao {
         $linkedTicketsRs = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($heskSettings['db_pfix']) . "tickets` WHERE `parent` = " . intval($trackingId));
         $repliesRs = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($heskSettings['db_pfix']) . "replies` WHERE `replyto` = " . intval($row['id']) . " ORDER BY `id` ASC");
 
-        $ticket = Ticket::fromDatabaseRow($row, $linkedTicketsRs, $repliesRs, $heskSettings);
+        $audiTrailRs = hesk_dbQuery("SELECT `audit`.`id`, `audit`.`language_key`, `audit`.`date`,
+              `values`.`replacement_index`, `values`.`replacement_value`
+            FROM `" . hesk_dbEscape($heskSettings['db_pfix']) . "audit_trail` AS `audit` 
+            LEFT JOIN `" . hesk_dbEscape($heskSettings['db_pfix']) . "audit_trail_to_replacement_values` AS `values`
+                ON `audit`.`id` = `values`.`audit_trail_id`
+            WHERE `entity_type` = 'TICKET' AND `entity_id` = " . intval($row['id']));
+        $auditRecords = array();
+
+        /* @var $currentAuditRecord AuditTrail */
+        $currentAuditRecord = null;
+        while ($auditRow = hesk_dbFetchAssoc($audiTrailRs)) {
+            if ($currentAuditRecord == null || $currentAuditRecord->id != $auditRow['id']) {
+                if ($currentAuditRecord != null) {
+                    $auditRecords[] = $currentAuditRecord;
+                }
+                $currentAuditRecord = new AuditTrail();
+                $currentAuditRecord->id = $auditRow['id'];
+                $currentAuditRecord->entityId = $row['id'];
+                $currentAuditRecord->entityType = AuditTrailEntityType::TICKET;
+                $currentAuditRecord->languageKey = $auditRow['language_key'];
+                $currentAuditRecord->date = $auditRow['date'];
+                $currentAuditRecord->replacementValues = array();
+            }
+
+            if ($auditRow['replacement_index'] != null) {
+                $currentAuditRecord->replacementValues[intval($auditRow['replacement_index'])] = $auditRow['replacement_value'];
+            }
+        }
+
+        if ($currentAuditRecord != null) {
+            $auditRecords[] = $currentAuditRecord;
+        }
+
+        $ticket = Ticket::fromDatabaseRow($row, $linkedTicketsRs, $repliesRs, $auditRecords, $heskSettings);
 
         $this->close();
 

api/index.php

@@ -43,7 +43,10 @@ function internalOrAuthHandler() {
 }
 
 function publicHandler() {
-    //-- No-op
+    global $userContext;
+
+    //-- Create an "anonymous" UserContext
+    $userContext = \BusinessLogic\Security\UserContext::buildAnonymousUser();
 }
 
 function assertApiIsEnabled() {
@@ -188,7 +191,7 @@ Link::all(array(
     '/v1/categories/{i}' => action(\Controllers\Categories\CategoryController::clazz(), array(RequestMethod::GET, RequestMethod::PUT, RequestMethod::DELETE), SecurityHandler::INTERNAL_OR_AUTH_TOKEN),
     '/v1-internal/categories/{i}/sort/{s}' => action(\Controllers\Categories\CategoryController::clazz() . '::sort', array(RequestMethod::POST), SecurityHandler::INTERNAL),
     // Tickets
-    '/v1/tickets' => action(\Controllers\Tickets\CustomerTicketController::clazz(), RequestMethod::all()),
+    '/v1/tickets' => action(\Controllers\Tickets\CustomerTicketController::clazz(), RequestMethod::all(), SecurityHandler::OPEN),
     // Tickets - Staff
     '/v1/staff/tickets/{i}' => action(\Controllers\Tickets\StaffTicketController::clazz(), RequestMethod::all()),
     // Attachments