37 lines
817 B
PHP
37 lines
817 B
PHP
<?php
|
|
require_once __DIR__ . '/../auth.php';
|
|
$user = requireAuth();
|
|
|
|
$ticketId = $_GET['ticket_id'] ?? null;
|
|
if (!$ticketId) {
|
|
echo json_encode(['error' => 'Missing ticket_id']);
|
|
exit;
|
|
}
|
|
|
|
// Check access
|
|
$stmt = db()->prepare("SELECT * FROM tickets WHERE id = ?");
|
|
$stmt->execute([$ticketId]);
|
|
$ticket = $stmt->fetch();
|
|
|
|
if (!$ticket) {
|
|
echo json_encode(['error' => 'Ticket not found']);
|
|
exit;
|
|
}
|
|
|
|
if ($user['role'] === 'user' && $ticket['user_id'] != $user['id']) {
|
|
echo json_encode(['error' => 'Access denied']);
|
|
exit;
|
|
}
|
|
|
|
$stmt = db()->prepare("
|
|
SELECT m.*, u.username, u.role
|
|
FROM messages m
|
|
JOIN users u ON m.user_id = u.id
|
|
WHERE m.ticket_id = ?
|
|
ORDER BY m.created_at ASC
|
|
");
|
|
$stmt->execute([$ticketId]);
|
|
$messages = $stmt->fetchAll();
|
|
|
|
echo json_encode($messages);
|