Newer
Older
<?php
/*********************************************************************
ajax.php
Ajax utils interface.
Peter Rotich <peter@osticket.com>
http://www.osticket.com
Released under the GNU General Public License WITHOUT ANY WARRANTY.
See LICENSE.TXT for details.
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
# Override staffLoginPage() defined in staff.inc.php to return an
# HTTP/Forbidden status rather than the actual login page.
# XXX: This should be moved to the AjaxController class
function staffLoginPage($msg='Unauthorized') {
Http::response(403,'Must login: '.Format::htmlchars($msg));
exit;
}
require('staff.inc.php');
//Clean house...don't let the world see your crap.
ini_set('display_errors','0'); //Disable error display
ini_set('display_startup_errors','0');
//TODO: disable direct access via the browser? i,e All request must have REFER?
if(!defined('INCLUDE_DIR')) Http::response(500, 'Server configuration error');
require_once INCLUDE_DIR.'/class.dispatcher.php';
require_once INCLUDE_DIR.'/class.ajax.php';
$dispatcher = patterns('',
url('^/kb/', patterns('ajax.kbase.php:KbaseAjaxAPI',
# Send ticket-id as a query arg => canned-response/33?ticket=83
url_get('^canned-response/(?P<id>\d+).(?P<format>json|txt)', 'cannedResp'),
url('^faq/(?P<id>\d+)/access', 'manageFaqAccess'),
url_get('^faq/(?P<id>\d+)$', 'faq')
url('^/content/', patterns('ajax.content.php:ContentAjaxAPI',
url_get('^log/(?P<id>\d+)', 'log'),
url_get('^context$', 'context'),
url_get('^ticket_variables', 'ticket_variables'),
url_get('^signature/(?P<type>\w+)(?:/(?P<id>\d+))?$', 'getSignature'),
url_get('^(?P<id>\d+)/(?:(?P<lang>\w+)/)?manage$', 'manageContent'),
url_get('^(?P<id>[\w-]+)/(?:(?P<lang>\w+)/)?manage$', 'manageNamedContent'),
url_post('^(?P<id>\d+)(?:/(?P<lang>\w+))?$', 'updateContent')
url('^/config/', patterns('ajax.config.php:ConfigAjaxAPI',
url_get('^links', 'templateLinks'),
url_get('^date-format', 'dateFormat')
url('^/form/', patterns('ajax.forms.php:DynamicFormsAjaxAPI',
url_get('^help-topic/(?P<id>\d+)$', 'getFormsForHelpTopic'),
url_get('^field-config/(?P<id>\d+)$', 'getFieldConfiguration'),
url_post('^field-config/(?P<id>\d+)$', 'saveFieldConfiguration'),
url_delete('^answer/(?P<entry>\d+)/(?P<field>\d+)$', 'deleteAnswer'),
url_post('^upload/(\d+)?$', 'upload'),
url_post('^upload/(\w+)?$', 'attach'),
url_get('^(?P<id>\d+)/fields/view$', 'getAllFields')
url('^/filter/', patterns('ajax.filter.php:FilterAjaxAPI',
url_get('^action/(?P<type>\w+)/config$', 'getFilterActionForm')
)),
url('^/list/', patterns('ajax.forms.php:DynamicFormsAjaxAPI',
url_get('^(?P<list>\w+)/items$', 'getListItems'),
url_get('^(?P<list>\w+)/items/search$', 'searchListItems'),
url_get('^(?P<list>\w+)/item/(?P<id>\d+)/update$', 'getListItem'),
url_post('^(?P<list>\w+)/item/(?P<id>\d+)/update$', 'saveListItem'),
url('^(?P<list>\w+)/item/add$', 'addListItem'),
url('^(?P<list>\w+)/import$', 'importListItems'),
url('^(?P<list>\w+)/manage$', 'massManageListItems'),
url_post('^(?P<list>\w+)/delete$', 'deleteItems'),
url_post('^(?P<list>\w+)/disable$', 'disableItems'),
url_post('^(?P<list>\w+)/enable$', 'undisableItems')
url('^/report/overview/', patterns('ajax.reports.php:OverviewReportAjaxAPI',
# Send
url_get('^graph$', 'getPlotData'),
url_get('^table/groups$', 'enumTabularGroups'),
url_get('^table/export$', 'downloadTabularData'),
url_get('^table$', 'getTabularData')
url('^/users', patterns('ajax.users.php:UsersAjaxAPI',
url_get('^$', 'search'),
url_get('^/local$', 'search', array('local')),
url_get('^/remote$', 'search', array('remote')),
url_get('^/(?P<id>\d+)$', 'getUser'),
url_post('^/(?P<id>\d+)$', 'updateUser'),
url_get('^/(?P<id>\d+)/edit$', 'editUser'),
url('^/lookup$', 'getUser'),
url_post('^/lookup/form$', 'addUser'),
url_get('^/add$', 'addUser'),
url('^/import$', 'importUsers'),
url_get('^/select$', 'selectUser'),
url_get('^/select/(?P<id>\d+)$', 'selectUser'),
url_get('^/select/auth:(?P<bk>\w+):(?P<id>.+)$', 'addRemoteUser'),
url_get('^/(?P<id>\d+)/register$', 'register'),
url_post('^/(?P<id>\d+)/register$', 'register'),
url_get('^/(?P<id>\d+)/delete$', 'delete'),
url_post('^/(?P<id>\d+)/delete$', 'delete'),
url_get('^/(?P<id>\d+)/manage(?:/(?P<target>\w+))?$', 'manage'),
url_post('^/(?P<id>\d+)/manage(?:/(?P<target>\w+))?$', 'manage'),
url_get('^/(?P<id>\d+)/org(?:/(?P<orgid>\d+))?$', 'updateOrg'),
url_post('^/(?P<id>\d+)/org$', 'updateOrg'),
url_get('^/staff$', 'searchStaff'),
url_post('^/(?P<id>\d+)/note$', 'createNote'),
url_get('^/(?P<id>\d+)/forms/manage$', 'manageForms'),
url_post('^/(?P<id>\d+)/forms/manage$', 'updateForms')
url('^/orgs', patterns('ajax.orgs.php:OrgsAjaxAPI',
url_get('^$', 'search'),
url_get('^/search$', 'search'),
url_get('^/(?P<id>\d+)$', 'getOrg'),
url_post('^/(?P<id>\d+)$', 'updateOrg'),
url_post('^/(?P<id>\d+)/profile$', 'updateOrg', array(true)),
url_get('^/(?P<id>\d+)/edit$', 'editOrg'),
url_get('^/lookup/form$', 'lookup'),
url_get('^/add$', 'addOrg'),
url_post('^/add$', 'addOrg'),
url_get('^/select$', 'selectOrg'),
url_get('^/select/(?P<id>\d+)$', 'selectOrg'),
url_get('^/(?P<id>\d+)/add-user(?:/(?P<userid>\d+))?$', 'addUser'),
url_get('^/(?P<id>\d+)/add-user(?:/auth:(?P<userid>.+))?$', 'addUser', array(true)),
url_post('^/(?P<id>\d+)/add-user$', 'addUser'),
url('^/(?P<id>\d+)/import-users$', 'importUsers'),
url_get('^/(?P<id>\d+)/delete$', 'delete'),
url_delete('^/(?P<id>\d+)/delete$', 'delete'),
url_post('^/(?P<id>\d+)/note$', 'createNote'),
url_get('^/(?P<id>\d+)/forms/manage$', 'manageForms'),
url_post('^/(?P<id>\d+)/forms/manage$', 'updateForms')
url('^/tickets/', patterns('ajax.tickets.php:TicketsAjaxAPI',
url_get('^(?P<tid>\d+)/change-user$', 'changeUserForm'),
url_post('^(?P<tid>\d+)/change-user$', 'changeUser'),
url_get('^(?P<tid>\d+)/user$', 'viewUser'),
url_post('^(?P<tid>\d+)/user$', 'updateUser'),
url_get('^(?P<tid>\d+)/preview', 'previewTicket'),
url_post('^(?P<tid>\d+)/lock/(?P<id>\d+)/renew', 'renewLock'),
url_post('^(?P<tid>\d+)/lock/(?P<id>\d+)/release', 'releaseLock'),
url_get('^(?P<tid>\d+)/forms/manage$', 'manageForms'),
url_post('^(?P<tid>\d+)/forms/manage$', 'updateForms'),
url_get('^(?P<tid>\d+)/canned-resp/(?P<cid>\w+).(?P<format>json|txt)', 'cannedResponse'),
url_get('^(?P<tid>\d+)/status/(?P<status>\w+)(?:/(?P<sid>\d+))?$', 'changeTicketStatus'),
url('^(?P<tid>\d+)/thread/(?P<thread_id>\d+)/(?P<action>\w+)$', 'triggerThreadAction'),
url_get('^status/(?P<status>\w+)(?:/(?P<sid>\d+))?$', 'changeSelectedTicketsStatus'),
url_post('^status/(?P<state>\w+)$', 'setSelectedTicketsStatus'),
url_get('^(?P<tid>\d+)/tasks$', 'tasks'),
url('^(?P<tid>\d+)/add-task$', 'addTask'),
url_get('^(?P<tid>\d+)/tasks/(?P<id>\d+)/view$', 'task'),
url_post('^(?P<tid>\d+)/tasks/(?P<id>\d+)$', 'task'),
url('^search', patterns('ajax.search.php:SearchAjaxAPI',
url_get('^$', 'getAdvancedSearchDialog'),
url_post('^$', 'doSearch'),
url_get('^quick$', 'doQuickSearch'),
url_get('^/(?P<id>\d+)$', 'loadSearch'),
url_post('^/(?P<id>\d+)$', 'saveSearch'),
url_delete('^/(?P<id>\d+)$', 'deleteSearch'),
url_post('^/create$', 'createSearch'),
url_get('^/field/(?P<id>[\w_!:]+)$', 'addField')
url('^/tasks/', patterns('ajax.tasks.php:TasksAjaxAPI',
url_get('^(?P<tid>\d+)/preview$', 'preview'),
url_get('^(?P<tid>\d+)/edit', 'edit'),
url_post('^(?P<tid>\d+)/edit$', 'edit'),
url_get('^(?P<tid>\d+)/transfer', 'transfer'),
url_post('^(?P<tid>\d+)/transfer$', 'transfer'),
url_get('^(?P<tid>\d+)/assign', 'assign'),
url_post('^(?P<tid>\d+)/assign$', 'assign'),
url_get('^(?P<tid>\d+)/delete', 'delete'),
url_post('^(?P<tid>\d+)/delete$', 'delete'),
url_get('^(?P<tid>\d+)/view$', 'task'),
url_get('^mass/(?P<action>[\w.]+)', 'massProcess'),
url_post('^mass/(?P<action>[\w.]+)', 'massProcess')
url('^/thread/', patterns('ajax.thread.php:ThreadAjaxAPI',
url_get('^(?P<tid>\d+)/collaborators/preview$', 'previewCollaborators'),
url_get('^(?P<tid>\d+)/collaborators$', 'showCollaborators'),
url_post('^(?P<tid>\d+)/collaborators$', 'updateCollaborators'),
url_get('^(?P<tid>\d+)/add-collaborator/(?P<uid>\d+)$', 'addCollaborator'),
url_get('^(?P<tid>\d+)/add-collaborator/auth:(?P<bk>\w+):(?P<id>.+)$', 'addRemoteCollaborator'),
url('^(?P<tid>\d+)/add-collaborator$', 'addCollaborator'),
url_get('^(?P<tid>\d+)/collaborators/(?P<cid>\d+)/view$', 'viewCollaborator'),
url_post('^(?P<tid>\d+)/collaborators/(?P<cid>\d+)$', 'updateCollaborator')
url('^/draft/', patterns('ajax.draft.php:DraftAjaxAPI',
url_post('^(?P<id>\d+)$', 'updateDraft'),
url_delete('^(?P<id>\d+)$', 'deleteDraft'),
url_post('^(?P<id>\d+)/attach$', 'uploadInlineImage'),
url_post('^(?P<namespace>[\w.]+)/attach$', 'uploadInlineImageEarly'),
url_get('^(?P<namespace>[\w.]+)$', 'getDraft'),
url_post('^(?P<namespace>[\w.]+)$', 'createDraft'),
url_get('^images/browse$', 'getFileList')
)),
url('^/note/', patterns('ajax.note.php:NoteAjaxAPI',
url_get('^(?P<id>\d+)$', 'getNote'),
url_post('^(?P<id>\d+)$', 'updateNote'),
url_delete('^(?P<id>\d+)$', 'deleteNote'),
url_post('^attach/(?P<ext_id>\w\d+)$', 'createNote')
)),
url('^/sequence/', patterns('ajax.sequence.php:SequenceAjaxAPI',
url_get('^(?P<id>\d+)$', 'current'),
url_get('^manage$', 'manage'),
url_post('^manage$', 'manage')
)),
url_post('^/upgrader', array('ajax.upgrader.php:UpgraderAjaxAPI', 'upgrade')),
url('^/help/', patterns('ajax.tips.php:HelpTipAjaxAPI',
url_get('^tips/(?P<namespace>[\w_.]+)$', 'getTipsJson'),
url_get('^(?P<lang>[\w_]+)?/tips/(?P<namespace>[\w_.]+)$', 'getTipsJsonForLang')
url('^/i18n/', patterns('ajax.i18n.php:i18nAjaxAPI',
url_get('^langs/all$', 'getConfiguredLanguages'),
url_get('^langs$', 'getSecondaryLanguages'),
url_get('^translate/(?P<tag>\w+)$', 'getTranslations'),
url_post('^translate/(?P<tag>\w+)$', 'updateTranslations'),
url_get('^(?P<lang>[\w_]+)/(?P<tag>\w+)$', 'getLanguageFile')
url('^/admin', patterns('ajax.admin.php:AdminAjaxAPI',
url('^/quick-add', patterns('ajax.admin.php:AdminAjaxAPI',
url('^/role$', 'addRole'),
url('^/staff$', 'addStaff')
)),
url_get('^/role/(?P<id>\d+)/perms', 'getRolePerms')
url('^/staff', patterns('ajax.staff.php:StaffAjaxAPI',
url('^/(?P<id>\d+)/set-password$', 'setPassword'),
url('^/(?P<id>\d+)/change-password$', 'changePassword'),
url_get('^/(?P<id>\d+)/perms', 'getAgentPerms'),
url('^/reset-permissions', 'resetPermissions'),
url('^/change-department', 'changeDepartment')
$rv = $dispatcher->resolve($ost->get_path_info());
// Indicate JSON response content-type
if (is_string($rv) && $rv[0] == '{')
Http::response(200, $rv, 'application/json');
print $rv;