Ticket IDs, audit log, markdown comments, tabbed detail page

- Tickets get a random display ID (V + 9 digits, e.g. V325813929) - Ticket detail page has Overview / Comments / Audit Log tabs - Audit log records every action (create, status, assignee, severity, reroute, title/overview edit, comment add/delete) with who and when - Comments redesigned: avatar (initials + color), markdown rendering via react-markdown + remark-gfm, Write/Preview toggle - Dashboard shows displayId and assignee avatar - URLs now use displayId (/tickets/V325813929) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-30 20:53:37 -04:00
parent 429a530fc8
commit f65c259a71
11 changed files with 2157 additions and 309 deletions
--- a/server/prisma/schema.prisma
+++ b/server/prisma/schema.prisma
@@ -31,9 +31,10 @@ model User {
  createdAt    DateTime @default(now())
  updatedAt    DateTime @updatedAt

-  assignedTickets Ticket[]  @relation("AssignedTickets")
-  createdTickets  Ticket[]  @relation("CreatedTickets")
+  assignedTickets Ticket[]   @relation("AssignedTickets")
+  createdTickets  Ticket[]   @relation("CreatedTickets")
  comments        Comment[]
+  auditLogs       AuditLog[]
 }

 model Category {
@@ -65,27 +66,29 @@ model Item {
 }

 model Ticket {
-  id         String       @id @default(cuid())
-  title      String
-  overview   String
-  severity   Int
-  status     TicketStatus @default(OPEN)
-  categoryId String
-  typeId     String
-  itemId     String
-  assigneeId String?
+  id          String       @id @default(cuid())
+  displayId   String       @unique
+  title       String
+  overview    String
+  severity    Int
+  status      TicketStatus @default(OPEN)
+  categoryId  String
+  typeId      String
+  itemId      String
+  assigneeId  String?
  createdById String

  resolvedAt DateTime?
  createdAt  DateTime  @default(now())
  updatedAt  DateTime  @updatedAt

-  category  Category @relation(fields: [categoryId], references: [id])
-  type      Type     @relation(fields: [typeId], references: [id])
-  item      Item     @relation(fields: [itemId], references: [id])
-  assignee  User?    @relation("AssignedTickets", fields: [assigneeId], references: [id])
-  createdBy User     @relation("CreatedTickets", fields: [createdById], references: [id])
+  category  Category  @relation(fields: [categoryId], references: [id])
+  type      Type      @relation(fields: [typeId], references: [id])
+  item      Item      @relation(fields: [itemId], references: [id])
+  assignee  User?     @relation("AssignedTickets", fields: [assigneeId], references: [id])
+  createdBy User      @relation("CreatedTickets", fields: [createdById], references: [id])
  comments  Comment[]
+  auditLogs AuditLog[]
 }

 model Comment {
@@ -98,3 +101,15 @@ model Comment {
  ticket Ticket @relation(fields: [ticketId], references: [id], onDelete: Cascade)
  author User   @relation(fields: [authorId], references: [id])
 }
+
+model AuditLog {
+  id        String   @id @default(cuid())
+  ticketId  String
+  userId    String
+  action    String
+  detail    String?
+  createdAt DateTime @default(now())
+
+  ticket Ticket @relation(fields: [ticketId], references: [id], onDelete: Cascade)
+  user   User   @relation(fields: [userId], references: [id])
+}
--- a/server/src/routes/comments.ts
+++ b/server/src/routes/comments.ts
@@ -3,7 +3,6 @@ import { z } from 'zod'
 import prisma from '../lib/prisma'
 import { AuthRequest } from '../middleware/auth'

-// mergeParams: true so req.params.ticketId is accessible from the parent router
 const router = Router({ mergeParams: true })

 const commentSchema = z.object({
@@ -12,22 +11,22 @@ const commentSchema = z.object({

 router.post('/', async (req: AuthRequest, res) => {
  const { body } = commentSchema.parse(req.body)
+  const ticketId = (req.params as Record<string, string>).ticketId

-  const ticket = await prisma.ticket.findUnique({
-    where: { id: (req.params as any).ticketId },
+  const ticket = await prisma.ticket.findFirst({
+    where: { OR: [{ id: ticketId }, { displayId: ticketId }] },
  })
  if (!ticket) return res.status(404).json({ error: 'Ticket not found' })

-  const comment = await prisma.comment.create({
-    data: {
-      body,
-      ticketId: (req.params as any).ticketId,
-      authorId: req.user!.id,
-    },
-    include: {
-      author: { select: { id: true, username: true, displayName: true } },
-    },
-  })
+  const [comment] = await prisma.$transaction([
+    prisma.comment.create({
+      data: { body, ticketId: ticket.id, authorId: req.user!.id },
+      include: { author: { select: { id: true, username: true, displayName: true } } },
+    }),
+    prisma.auditLog.create({
+      data: { ticketId: ticket.id, userId: req.user!.id, action: 'COMMENT_ADDED' },
+    }),
+  ])

  res.status(201).json(comment)
 })
@@ -42,7 +41,13 @@ router.delete('/:commentId', async (req: AuthRequest, res) => {
    return res.status(403).json({ error: 'Not allowed' })
  }

-  await prisma.comment.delete({ where: { id: req.params.commentId } })
+  await prisma.$transaction([
+    prisma.comment.delete({ where: { id: req.params.commentId } }),
+    prisma.auditLog.create({
+      data: { ticketId: comment.ticketId, userId: req.user!.id, action: 'COMMENT_DELETED' },
+    }),
+  ])
+
  res.status(204).send()
 })

--- a/server/src/routes/tickets.ts
+++ b/server/src/routes/tickets.ts
@@ -18,6 +18,29 @@ const ticketInclude = {
  },
 } as const

+const STATUS_LABELS: Record<string, string> = {
+  OPEN: 'Open',
+  IN_PROGRESS: 'In Progress',
+  RESOLVED: 'Resolved',
+  CLOSED: 'Closed',
+}
+
+async function generateDisplayId(): Promise<string> {
+  while (true) {
+    const num = Math.floor(Math.random() * 900_000_000) + 100_000_000
+    const displayId = `V${num}`
+    const exists = await prisma.ticket.findUnique({ where: { displayId } })
+    if (!exists) return displayId
+  }
+}
+
+// Look up ticket by internal id or displayId
+function findByIdOrDisplay(idOrDisplay: string) {
+  return prisma.ticket.findFirst({
+    where: { OR: [{ id: idOrDisplay }, { displayId: idOrDisplay }] },
+  })
+}
+
 const createSchema = z.object({
  title: z.string().min(1).max(255),
  overview: z.string().min(1),
@@ -46,7 +69,7 @@ router.use('/:ticketId/comments', commentRouter)
 router.get('/', async (req: AuthRequest, res) => {
  const { status, severity, assigneeId, categoryId, search } = req.query

-  const where: Record<string, any> = {}
+  const where: Record<string, unknown> = {}
  if (status) where.status = status
  if (severity) where.severity = Number(severity)
  if (assigneeId) where.assigneeId = assigneeId
@@ -55,6 +78,7 @@ router.get('/', async (req: AuthRequest, res) => {
    where.OR = [
      { title: { contains: search as string, mode: 'insensitive' } },
      { overview: { contains: search as string, mode: 'insensitive' } },
+      { displayId: { contains: search as string, mode: 'insensitive' } },
    ]
  }

@@ -76,21 +100,41 @@ router.get('/', async (req: AuthRequest, res) => {

 // GET /api/tickets/:id
 router.get('/:id', async (req, res) => {
-  const ticket = await prisma.ticket.findUnique({
-    where: { id: req.params.id },
+  const ticket = await prisma.ticket.findFirst({
+    where: { OR: [{ id: req.params.id }, { displayId: req.params.id }] },
    include: ticketInclude,
  })
  if (!ticket) return res.status(404).json({ error: 'Ticket not found' })
  res.json(ticket)
 })

+// GET /api/tickets/:id/audit
+router.get('/:id/audit', async (req, res) => {
+  const ticket = await findByIdOrDisplay(req.params.id)
+  if (!ticket) return res.status(404).json({ error: 'Ticket not found' })
+
+  const logs = await prisma.auditLog.findMany({
+    where: { ticketId: ticket.id },
+    include: { user: { select: { id: true, username: true, displayName: true } } },
+    orderBy: { createdAt: 'desc' },
+  })
+
+  res.json(logs)
+})
+
 // POST /api/tickets
 router.post('/', async (req: AuthRequest, res) => {
  const data = createSchema.parse(req.body)
+  const displayId = await generateDisplayId()

-  const ticket = await prisma.ticket.create({
-    data: { ...data, createdById: req.user!.id },
-    include: ticketInclude,
+  const ticket = await prisma.$transaction(async (tx) => {
+    const created = await tx.ticket.create({
+      data: { displayId, ...data, createdById: req.user!.id },
+    })
+    await tx.auditLog.create({
+      data: { ticketId: created.id, userId: req.user!.id, action: 'CREATED' },
+    })
+    return tx.ticket.findUnique({ where: { id: created.id }, include: ticketInclude })
  })

  res.status(201).json(ticket)
@@ -100,22 +144,103 @@ router.post('/', async (req: AuthRequest, res) => {
 router.patch('/:id', async (req: AuthRequest, res) => {
  const data = updateSchema.parse(req.body)

-  const existing = await prisma.ticket.findUnique({ where: { id: req.params.id } })
+  const existing = await prisma.ticket.findFirst({
+    where: { OR: [{ id: req.params.id }, { displayId: req.params.id }] },
+    include: {
+      category: true,
+      type: true,
+      item: true,
+      assignee: { select: { displayName: true } },
+    },
+  })
  if (!existing) return res.status(404).json({ error: 'Ticket not found' })

-  const update: Record<string, any> = { ...data }
+  // Build audit entries
+  const auditEntries: { action: string; detail?: string }[] = []

+  if (data.status && data.status !== existing.status) {
+    auditEntries.push({
+      action: 'STATUS_CHANGED',
+      detail: `${STATUS_LABELS[existing.status]} → ${STATUS_LABELS[data.status]}`,
+    })
+  }
+
+  if ('assigneeId' in data && data.assigneeId !== existing.assigneeId) {
+    const newAssignee = data.assigneeId
+      ? await prisma.user.findUnique({
+          where: { id: data.assigneeId },
+          select: { displayName: true },
+        })
+      : null
+    auditEntries.push({
+      action: 'ASSIGNEE_CHANGED',
+      detail: `${existing.assignee?.displayName ?? 'Unassigned'} → ${newAssignee?.displayName ?? 'Unassigned'}`,
+    })
+  }
+
+  if (data.severity && data.severity !== existing.severity) {
+    auditEntries.push({
+      action: 'SEVERITY_CHANGED',
+      detail: `SEV ${existing.severity} → SEV ${data.severity}`,
+    })
+  }
+
+  // CTI rerouting — only log if any CTI field actually changed
+  const ctiChanged =
+    (data.categoryId && data.categoryId !== existing.categoryId) ||
+    (data.typeId && data.typeId !== existing.typeId) ||
+    (data.itemId && data.itemId !== existing.itemId)
+
+  if (ctiChanged) {
+    const [newCat, newType, newItem] = await Promise.all([
+      data.categoryId && data.categoryId !== existing.categoryId
+        ? prisma.category.findUnique({ where: { id: data.categoryId } })
+        : Promise.resolve(existing.category),
+      data.typeId && data.typeId !== existing.typeId
+        ? prisma.type.findUnique({ where: { id: data.typeId } })
+        : Promise.resolve(existing.type),
+      data.itemId && data.itemId !== existing.itemId
+        ? prisma.item.findUnique({ where: { id: data.itemId } })
+        : Promise.resolve(existing.item),
+    ])
+    auditEntries.push({
+      action: 'REROUTED',
+      detail: `${existing.category.name} › ${existing.type.name} › ${existing.item.name} → ${newCat?.name} › ${newType?.name} › ${newItem?.name}`,
+    })
+  }
+
+  if (data.title && data.title !== existing.title) {
+    auditEntries.push({ action: 'TITLE_CHANGED', detail: data.title })
+  }
+
+  if (data.overview && data.overview !== existing.overview) {
+    auditEntries.push({ action: 'OVERVIEW_CHANGED' })
+  }
+
+  // Handle resolvedAt tracking
+  const update: Record<string, unknown> = { ...data }
  if (data.status === 'RESOLVED' && existing.status !== 'RESOLVED') {
    update.resolvedAt = new Date()
  } else if (data.status && data.status !== 'RESOLVED' && existing.status === 'RESOLVED') {
-    // Re-opening a resolved ticket resets the 2-week auto-close timer
    update.resolvedAt = null
  }

-  const ticket = await prisma.ticket.update({
-    where: { id: req.params.id },
-    data: update,
-    include: ticketInclude,
+  const ticket = await prisma.$transaction(async (tx) => {
+    const updated = await tx.ticket.update({
+      where: { id: existing.id },
+      data: update,
+    })
+    if (auditEntries.length > 0) {
+      await tx.auditLog.createMany({
+        data: auditEntries.map((e) => ({
+          ticketId: existing.id,
+          userId: req.user!.id,
+          action: e.action,
+          detail: e.detail ?? null,
+        })),
+      })
+    }
+    return tx.ticket.findUnique({ where: { id: updated.id }, include: ticketInclude })
  })

  res.json(ticket)
@@ -123,7 +248,9 @@ router.patch('/:id', async (req: AuthRequest, res) => {

 // DELETE /api/tickets/:id — admin only
 router.delete('/:id', requireAdmin, async (req, res) => {
-  await prisma.ticket.delete({ where: { id: req.params.id } })
+  const ticket = await findByIdOrDisplay(req.params.id)
+  if (!ticket) return res.status(404).json({ error: 'Ticket not found' })
+  await prisma.ticket.delete({ where: { id: ticket.id } })
  res.status(204).send()
 })