feat: add api to fetch hr tickets

front/ticket.api.php

@@ -0,0 +1,84 @@
+<?php
+require_once '../functionsophalglpi.php';
+include('../inc/includes.php');
+
+header('Content-Type: application/json; charset=utf-8');
+header('Access-Control-Allow-Methods: GET');
+header('Access-Control-Allow-Headers: X-API-Key, Content-Type');
+
+const ALLOWED_ITIL_CATEGORIES = [12, 15, 16, 36, 38, 72];
+
+// === SECURITY (simple token auth) ===
+$headers = getallheaders();
+$apiKey = $headers['X-API-Key'] ?? '';
+$validKey = getenv('HR_API_KEY'); // store securely in system env or .env
+
+if ($apiKey !== $validKey) {
+    http_response_code(401);
+    echo json_encode(['error' => 'Unauthorized'], JSON_PRETTY_PRINT);
+    exit;
+}
+
+// === Validate & normalize dates ===
+function check_param($from_date = null, $itilcategories_id = null) {
+
+    // Validate dates
+    if ($from_date && !preg_match('/^\d{4}-\d{2}-\d{2}$/', $from_date)) {
+        http_response_code(400);
+        echo json_encode(['error' => 'Invalid start_date format (YYYY-MM-DD)'], JSON_PRETTY_PRINT);
+        exit;
+    }
+
+    // Validate category if provided
+    if ($itilcategories_id !== null) {
+
+        // It must be numeric
+        if (!ctype_digit((string)$itilcategories_id)) {
+            http_response_code(400);
+            echo json_encode(['error' => 'Invalid category id (must be numeric)'], JSON_PRETTY_PRINT);
+            exit;
+        }
+
+        // It must be one of the allowed values
+        if (!in_array((int)$itilcategories_id, ALLOWED_ITIL_CATEGORIES, true)) {
+            http_response_code(400);
+            echo json_encode([
+                'error' => 'Invalid category id',
+            ], JSON_PRETTY_PRINT);
+            exit;
+        }
+    }
+
+    return [$from_date, $itilcategories_id];
+}
+
+// ====== ONLY ONE ROUTE: /tickets ======
+if ($_SERVER['REQUEST_METHOD'] === 'GET') {
+
+    $path = basename(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH));
+
+    if ($path !== 'tickets') {
+        http_response_code(404);
+        echo json_encode(['error' => 'Route not found'], JSON_PRETTY_PRINT);
+        exit;
+    }
+
+    // Read GET URL params
+    $from_date = $_GET['from_date'] ?? null;
+    $itilcategories_id   = $_GET['itilcategories_id'] ?? null;
+
+    [$from_date, $itilcategories_id] = check_param(
+        $from_date,
+        $itilcategories_id
+    );
+
+    // Fetch GLPI data
+    $tickets = get_hr_tickets($from_date, $itilcategories_id);
+
+    echo json_encode($tickets, JSON_UNESCAPED_UNICODE | JSON_PRETTY_PRINT);
+    exit;
+}
+
+// Default
+http_response_code(404);
+echo json_encode(['error' => 'Invalid request'], JSON_PRETTY_PRINT);

functionsophalglpi.php

@@ -1141,3 +1141,51 @@
 			return $result->modify('+48 hours');
 		}
 	}
+
+	function get_hr_tickets($from_date = null, $itilcategories_id = null) {
+		global $DB;
+
+		if (!$from_date || !$itilcategories_id) {
+			return null;
+		}
+
+		$sql = "
+			SELECT 
+				t.id,
+				t.name,
+				t.date_creation,
+				u.registration_number,
+				t.itilcategories_id,
+				v.status as 'validation_status',
+				u2.registration_number as 'validate_by_user',
+				v.validation_date,
+				t.content
+			FROM glpi_tickets t 
+			LEFT JOIN glpi_users u ON u.id = t.users_id_recipient
+			LEFT JOIN glpi_ticketvalidations v ON v.tickets_id = t.id
+			LEFT JOIN glpi_users u2 ON u2.id = v.users_id_validate
+			WHERE
+				DATE(t.date_creation) >= ?
+				AND t.itilcategories_id = ?
+				ORDER BY t.date_creation
+		";
+
+		$stmt = $DB->prepare($sql);
+
+		// Bind parameters
+		$stmt->bind_param('si', $from_date, $itilcategories_id);
+
+		$stmt->execute();
+		$result = $stmt->get_result();
+
+		$res = [];
+		while ($row = $result->fetch_assoc()) {
+			// Unescape the content column
+			if (isset($row['content'])) {
+				$row['content'] = html_entity_decode($row['content'], ENT_QUOTES | ENT_HTML5, 'UTF-8');
+			}
+			$res[] = $row;
+		}
+
+		return $res ?: null;
+	}