Merge branch 'master' of https://github.com/Leantime/leantime

Author: marcelfolaron

app/Domain/Tickets/Controllers/ShowKanban.php

@@ -2,6 +2,7 @@
 
 namespace Leantime\Domain\Tickets\Controllers;
 
+use Carbon\CarbonImmutable;
 use Illuminate\Contracts\Container\BindingResolutionException;
 use Leantime\Core\Controller\Controller;
 use Leantime\Core\Controller\Frontcontroller;
@@ -84,13 +85,13 @@ public function post(array $params): Response
             $swimlaneValue = $_POST['swimlane'] ?? null;
             $groupBy = $_POST['groupBy'] ?? null;
 
-            if (! empty($swimlaneValue) && ! empty($groupBy)) {
+            if ($swimlaneValue !== null && $swimlaneValue !== '' && ! empty($groupBy)) {
                 // Map groupBy field to the parameter name expected by quickAddTicket()
                 $fieldMapping = [
                     'priority' => 'priority',
                     'storypoints' => 'storypoints',
-                    'effort' => 'storypoints',  // effort maps to storypoints field
-                    'milestoneid' => 'milestone',  // Note: service expects 'milestone' not 'milestoneid'
+                    'effort' => 'storypoints',
+                    'milestoneid' => 'milestone',
                     'editorId' => 'editorId',
                     'sprint' => 'sprint',
                     'type' => 'type',
@@ -99,6 +100,19 @@ public function post(array $params): Response
                 if (isset($fieldMapping[$groupBy])) {
                     $paramName = $fieldMapping[$groupBy];
                     $formParams[$paramName] = $swimlaneValue;
+                } elseif ($groupBy === 'dueDate') {
+                    // Map due date bucket names to actual dates
+                    $now = dtHelper()->userNow();
+                    $dueDateMapping = [
+                        'overdue' => $now->formatDateForUser(),
+                        'due-this-week' => $now->endOfWeek(CarbonImmutable::FRIDAY)->formatDateForUser(),
+                        'due-next-week' => $now->addWeek()->endOfWeek(CarbonImmutable::FRIDAY)->formatDateForUser(),
+                        'due-later' => $now->addWeeks(2)->formatDateForUser(),
+                    ];
+
+                    if (isset($dueDateMapping[$swimlaneValue])) {
+                        $formParams['dateToFinish'] = $dueDateMapping[$swimlaneValue];
+                    }
                 }
             }
 

app/Domain/Tickets/Controllers/ShowList.php

@@ -55,7 +55,15 @@ public function post(array $params): Response
     {
         // QuickAdd
         if (isset($_POST['quickadd'])) {
-            $result = $this->ticketService->quickAddTicket($params);
+            $formParams = [
+                'headline' => $_POST['headline'] ?? '',
+                'milestone' => $_POST['milestone'] ?? '',
+                'sprint' => $_POST['sprint'] ?? '',
+                'projectId' => session('currentProject'),
+                'editorId' => session('userdata.id'),
+            ];
+
+            $result = $this->ticketService->quickAddTicket($formParams);
 
             if (is_array($result)) {
                 $this->tpl->setNotification($result['message'], $result['status']);

app/Domain/Tickets/Repositories/Tickets.php

@@ -1459,25 +1459,73 @@ public function addTicket(array $values): bool|int
         return false;
     }
 
+    /**
+     * Patchable columns on the zp_tickets table.
+     * Only these fields will be included in patch UPDATE queries.
+     *
+     * @var array<string, true>
+     */
+    private const PATCHABLE_COLUMNS = [
+        'headline' => true,
+        'type' => true,
+        'description' => true,
+        'projectId' => true,
+        'status' => true,
+        'date' => true,
+        'dateToFinish' => true,
+        'sprint' => true,
+        'storypoints' => true,
+        'priority' => true,
+        'hourRemaining' => true,
+        'planHours' => true,
+        'tags' => true,
+        'editorId' => true,
+        'userId' => true,
+        'editFrom' => true,
+        'editTo' => true,
+        'acceptanceCriteria' => true,
+        'dependingTicketId' => true,
+        'milestoneid' => true,
+        'sortIndex' => true,
+        'kanbanSortIndex' => true,
+    ];
+
+    /**
+     * Patch specific fields on a ticket.
+     *
+     * Only fields present in PATCHABLE_COLUMNS are included in the update.
+     * Non-column fields (e.g. request_parts, saveTicket) are silently ignored.
+     *
+     * @param  int|string  $id  The ticket ID.
+     * @param  array  $params  The fields to update.
+     * @return bool Whether any rows were affected.
+     */
     public function patchTicket($id, array $params): bool
     {
         $this->addTicketChange(session('userdata.id'), $id, $params);
 
-        // Sanitize params to use only valid column names
         $updates = [];
         foreach ($params as $key => $value) {
             $sanitizedKey = DbCore::sanitizeToColumnString($key);
+
+            if (! isset(self::PATCHABLE_COLUMNS[$sanitizedKey])) {
+                continue;
+            }
+
             $updates[$sanitizedKey] = $value;
 
-            // send status update event
             if ($key == 'status') {
                 static::dispatch_event('ticketStatusUpdate', ['ticketId' => $id, 'status' => $value, 'action' => 'ticketStatusUpdate']);
             }
         }
 
+        if (empty($updates)) {
+            return false;
+        }
+
         $updates['modified'] = dtHelper()->userNow()->formatDateTimeForDb();
 
-        return $this->connection->table('zp_tickets')
+        return (bool) $this->connection->table('zp_tickets')
             ->where('id', $id)
             ->update($updates);
     }

app/Domain/Tickets/Services/Tickets.php

@@ -598,6 +598,7 @@ public function getAllGrouped($searchCriteria): array
             $ticketGroups['all'] = [
                 'label' => 'all',
                 'id' => 'all',
+                'value' => '',
                 'class' => '',
                 'items' => $tickets,
             ];
@@ -729,6 +730,7 @@ public function getAllGrouped($searchCriteria): array
                         'label' => $label,
                         'more-info' => $moreInfo,
                         'id' => $sortId ?? strtolower($groupedFieldValue),
+                        'value' => $groupedFieldValue,
                         'class' => $class,
                         'color' => $groupColor,
                         'items' => [$ticket],
@@ -876,6 +878,7 @@ private function groupTicketsByDueDate(array $tickets): array
             $ticketGroups[$bucketKey] = [
                 'label' => $bucketDef['label'],
                 'id' => $bucketDef['id'],
+                'value' => $bucketKey,
                 'class' => $bucketDef['class'],
                 'more-info' => '',
                 'items' => [],
@@ -2159,13 +2162,19 @@ public function updateTicket($values): array|bool
      */
     public function patch($id, $params): bool
     {
-
-        // $params is an array of field names. Exclude id
-        if (is_array($params)) {
-            unset($params['id']);
-            unset($params['act']);
+        if (! is_array($params)) {
+            return false;
         }
 
+        // Strip non-ticket fields that may leak in from the framework or form submissions
+        unset(
+            $params['id'],
+            $params['act'],
+            $params['request_parts'],
+            $params['saveTicket'],
+            $params['saveAndCloseTicket'],
+        );
+
         $ticket = $this->getTicket($id);
 
         if (! $ticket) {
@@ -2176,10 +2185,14 @@ public function patch($id, $params): bool
 
         $return = $this->ticketRepository->patchTicket($id, $params);
 
+        if (! $return) {
+            return false;
+        }
+
         self::dispatchEvent('ticket_updated');
 
         // Todo: create events and move notification logic to notification module
-        if (isset($params['status']) && $return) {
+        if (isset($params['status'])) {
             $ticket = $this->getTicket($id);
             $subject = sprintf($this->language->__('email_notifications.todo_update_subject'), $id, strip_tags($ticket->headline));
             $actual_link = BASE_URL.'/dashboard/home#/tickets/showTicket/'.$id;
@@ -2199,14 +2212,9 @@ public function patch($id, $params): bool
             $notification->message = $message;
 
             $this->projectService->notifyProjectUsers($notification);
-
-            self::dispatchEvent('ticket_updated');
-
-            // Update ticket
-            return $this->patch($ticket->id, ['projectId' => $ticket->projectId, 'sprint' => '', 'dependingTicketId' => '', 'milestoneid' => '']);
         }
 
-        return false;
+        return (bool) $return;
     }
 
     /**

app/Domain/Tickets/Templates/partials/quickadd-form.inc.php

@@ -15,7 +15,7 @@
 $hasError = $isActive && ! empty($reopenState['error']);
 ?>
 
-<div class="quickaddContainer <?= $isEmpty ? 'quickaddContainer--empty' : '' ?>" data-status="<?= $statusId ?>" data-swimlane="<?= $swimlaneKey ?? '' ?>">
+<div class="quickaddContainer tw-mb-s <?= $isEmpty ? 'quickaddContainer--empty' : '' ?>" data-status="<?= $statusId ?>" data-swimlane="<?= $swimlaneKey ?? '' ?>">
     <a href="javascript:void(0);"
        class="quickAddLink <?= $isEmpty ? 'empty-state' : 'inline-add' ?>"
        onclick="leantime.kanbanController.toggleQuickAdd(this)"
@@ -40,11 +40,6 @@ class="quickAddForm <?= $isActive ? 'active' : '' ?>"
         <input type="hidden" name="sprint" value="<?= session('currentSprint') ?? '' ?>" />
         <input type="hidden" name="stay_open" value="0" data-stay-open-input />
 
-        <i class="fa fa-circle-question quickAddHelp"
-           data-tippy-content="<strong>Keyboard Shortcuts:</strong><br>• Enter - Save and add another<br>• Shift+Enter - Save and close<br>• Esc - Cancel"
-           tabindex="0"
-           aria-label="Keyboard shortcuts help"></i>
-
         <div class="form-group">
             <label for="headline-<?= $statusId ?>-<?= $swimlaneKey ?? 'default' ?>" class="sr-only">Task name</label>
             <input type="text"
@@ -71,10 +66,10 @@ class="form-control quickAddInput <?= $hasError ? 'error' : '' ?>"
                     onclick="leantime.kanbanController.toggleQuickAdd(this.closest('.quickaddContainer').querySelector('.quickAddLink'))">
                 Cancel
             </button>
-            <i class="fa fa-circle-question quickAddHelp"
+            <i class="fa fa-circle-question"
+               data-tippy-content="<strong>Keyboard Shortcuts:</strong><br>Enter: Save and close<br>Shift+Enter: Save and add another<br>Esc: Cancel"
                tabindex="0"
-               title="Enter: Save and close&#10;Shift+Enter: Save and add another&#10;Esc: Cancel"
-               aria-label="Enter: Save and close, Shift+Enter: Save and add another, Esc: Cancel"></i>
+               aria-label="Keyboard shortcuts help"></i>
         </div>
     </form>
 </div>

app/Domain/Tickets/Templates/showKanban.tpl.php

@@ -199,7 +199,7 @@
 
                                     <?php
                                         $statusId = $key;
-                                $swimlaneKey = $group['id'] ?? null;
+                                $swimlaneKey = $group['value'] ?? $group['id'] ?? null;
                                 $isEmpty = isset($emptyColumns[$key]);
                                 $currentGroupBy = $searchCriteria['groupBy'] ?? null;
                                 include __DIR__.'/partials/quickadd-form.inc.php';

app/Domain/Tickets/Templates/showList.tpl.php

@@ -62,6 +62,8 @@
                     <form action="" method="post">
                         <input type="text" name="headline" autofocus placeholder="<?php echo $tpl->__('input.placeholders.create_task'); ?>" style="width: 100%;"/>
                         <input type="hidden" name="sprint" value="<?= $currentSprint?>" />
+                        <input type="hidden" name="milestone" value="<?= htmlspecialchars((string) ($searchCriteria['milestone'] ?? ''), ENT_QUOTES, 'UTF-8') ?>" />
+                        <input type="hidden" name="groupBy" value="<?= htmlspecialchars((string) ($searchCriteria['groupBy'] ?? ''), ENT_QUOTES, 'UTF-8') ?>" />
                         <input type="hidden" name="quickadd" value="1"/>
                         <input type="submit" class="btn btn-primary tw-mb-m" value="<?php echo $tpl->__('buttons.save'); ?>" name="saveTicket" style="vertical-align: top; "/>
                     </form>

app/Domain/Widgets/Templates/components/moveableWidget.blade.php

@@ -9,7 +9,7 @@
                 </div>
 
                 @if($name != '' && $noTitle == false)
-                    <h5 class="subtitle tw-pb-m tw-float-left tw-mr-sm">{{ __($name) }}</h5>
+                    <h5 class="subtitle tw-pb-m tw-float-left tw-mr-sm" style="margin-top:-5px;">{{ __($name) }}</h5>
                 @endif
                 <div class="inlineDropDownContainer tw-float-right">
                     <a href="javascript:void(0);" class="dropdown-toggle ticketDropDown editHeadline" data-toggle="dropdown">