From f3a3bc90b3c9fd4edeba6f29cedfcc55ca205c87 Mon Sep 17 00:00:00 2001
From: Jonathan Miller <jmiller-moko@noreply.git.mokoconsulting.tech>
Date: Tue, 2 Jun 2026 18:48:13 -0500
Subject: [PATCH] feat: frontend ticket management with smart permissions

Ticket List (view=tickets):
- Staff see all tickets with Submitted By + Assigned To columns
- Customers see only their own tickets
- Status filter dropdown for staff
- isStaff check: core.admin OR mokowaas.tickets ACL

Ticket Detail (view=ticket):
- Staff see all tickets + internal notes (yellow highlight)
- Customers see only their own + no internal notes
- Staff sidebar: ticket details, change status buttons, assign to me
- Staff can post internal notes from frontend
- Customers can reply (disabled for closed tickets)
- Ownership enforced: customers can't view/reply to others' tickets

Controller:
- updateStatus: staff only
- assignTicket: mokowaas.tickets.assign ACL
- submitReply: verifies ownership OR staff

Authored-by: Moko Consulting
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .../site/src/View/Ticket/HtmlView.php         |  34 +-
 .../site/src/View/Tickets/HtmlView.php        |  31 +-
 .../com_mokowaas/site/tmpl/ticket/default.php | 299 ++++++++++++------
 .../site/tmpl/tickets/default.php             | 148 +++------
 4 files changed, 308 insertions(+), 204 deletions(-)

diff --git a/src/packages/com_mokowaas/site/src/View/Ticket/HtmlView.php b/src/packages/com_mokowaas/site/src/View/Ticket/HtmlView.php
index c5a929f4..4a4289e6 100644
--- a/src/packages/com_mokowaas/site/src/View/Ticket/HtmlView.php
+++ b/src/packages/com_mokowaas/site/src/View/Ticket/HtmlView.php
@@ -17,6 +17,8 @@ use Joomla\CMS\Router\Route;
 class HtmlView extends BaseHtmlView
 {
 	protected $ticket;
+	protected $isStaff = false;
+	protected $canAssign = false;
 
 	public function display($tpl = null)
 	{
@@ -24,16 +26,29 @@ class HtmlView extends BaseHtmlView
 		$user = Factory::getApplication()->getIdentity();
 		$id   = Factory::getApplication()->getInput()->getInt('id', 0);
 
-		// Get ticket — only if owned by this user
+		$this->isStaff   = $user->authorise('core.admin') || $user->authorise('mokowaas.tickets', 'com_mokowaas');
+		$this->canAssign = $user->authorise('core.admin') || $user->authorise('mokowaas.tickets.assign', 'com_mokowaas');
+
+		// Get ticket — staff see any, customers see only their own
 		$query = $db->getQuery(true)
 			->select([
 				$db->quoteName('t') . '.*',
 				$db->quoteName('c.title', 'category_title'),
+				$db->quoteName('u.name', 'created_by_name'),
+				$db->quoteName('u.email', 'created_by_email'),
+				$db->quoteName('a.name', 'assigned_to_name'),
 			])
 			->from($db->quoteName('#__mokowaas_tickets', 't'))
 			->leftJoin($db->quoteName('#__mokowaas_ticket_categories', 'c') . ' ON c.id = t.category_id')
-			->where($db->quoteName('t.id') . ' = ' . $id)
-			->where($db->quoteName('t.created_by') . ' = ' . (int) $user->id);
+			->leftJoin($db->quoteName('#__users', 'u') . ' ON u.id = t.created_by')
+			->leftJoin($db->quoteName('#__users', 'a') . ' ON a.id = t.assigned_to')
+			->where($db->quoteName('t.id') . ' = ' . $id);
+
+		if (!$this->isStaff)
+		{
+			$query->where($db->quoteName('t.created_by') . ' = ' . (int) $user->id);
+		}
+
 		$db->setQuery($query);
 		$this->ticket = $db->loadObject();
 
@@ -45,7 +60,7 @@ class HtmlView extends BaseHtmlView
 			return;
 		}
 
-		// Load replies (exclude internal notes)
+		// Load replies — staff see internal notes, customers don't
 		$query = $db->getQuery(true)
 			->select([
 				$db->quoteName('r') . '.*',
@@ -53,9 +68,14 @@ class HtmlView extends BaseHtmlView
 			])
 			->from($db->quoteName('#__mokowaas_ticket_replies', 'r'))
 			->leftJoin($db->quoteName('#__users', 'u') . ' ON u.id = r.user_id')
-			->where($db->quoteName('r.ticket_id') . ' = ' . $id)
-			->where($db->quoteName('r.is_internal') . ' = 0')
-			->order($db->quoteName('r.created') . ' ASC');
+			->where($db->quoteName('r.ticket_id') . ' = ' . $id);
+
+		if (!$this->isStaff)
+		{
+			$query->where($db->quoteName('r.is_internal') . ' = 0');
+		}
+
+		$query->order($db->quoteName('r.created') . ' ASC');
 		$db->setQuery($query);
 		$this->ticket->replies = $db->loadObjectList() ?: [];
 
diff --git a/src/packages/com_mokowaas/site/src/View/Tickets/HtmlView.php b/src/packages/com_mokowaas/site/src/View/Tickets/HtmlView.php
index 933e5c55..5988fba9 100644
--- a/src/packages/com_mokowaas/site/src/View/Tickets/HtmlView.php
+++ b/src/packages/com_mokowaas/site/src/View/Tickets/HtmlView.php
@@ -17,13 +17,17 @@ class HtmlView extends BaseHtmlView
 {
 	protected $tickets = [];
 	protected $categories = [];
+	protected $isStaff = false;
 
 	public function display($tpl = null)
 	{
 		$db   = Factory::getContainer()->get('Joomla\Database\DatabaseInterface');
 		$user = Factory::getApplication()->getIdentity();
 
-		// Get user's tickets
+		$this->isStaff = $user->authorise('core.admin')
+			|| $user->authorise('mokowaas.tickets', 'com_mokowaas');
+
+		// Staff see all tickets, customers see their own
 		$query = $db->getQuery(true)
 			->select([
 				$db->quoteName('t.id'),
@@ -31,18 +35,33 @@ class HtmlView extends BaseHtmlView
 				$db->quoteName('t.status'),
 				$db->quoteName('t.priority'),
 				$db->quoteName('t.created'),
-				$db->quoteName('t.modified'),
+				$db->quoteName('t.assigned_to'),
 				$db->quoteName('c.title', 'category_title'),
+				$db->quoteName('u.name', 'created_by_name'),
+				$db->quoteName('a.name', 'assigned_to_name'),
 			])
 			->from($db->quoteName('#__mokowaas_tickets', 't'))
 			->leftJoin($db->quoteName('#__mokowaas_ticket_categories', 'c') . ' ON c.id = t.category_id')
-			->where($db->quoteName('t.created_by') . ' = ' . (int) $user->id)
-			->order($db->quoteName('t.created') . ' DESC')
-			->setLimit(50);
+			->leftJoin($db->quoteName('#__users', 'u') . ' ON u.id = t.created_by')
+			->leftJoin($db->quoteName('#__users', 'a') . ' ON a.id = t.assigned_to');
+
+		if (!$this->isStaff)
+		{
+			$query->where($db->quoteName('t.created_by') . ' = ' . (int) $user->id);
+		}
+
+		$filterStatus = Factory::getApplication()->getInput()->getString('filter_status', '');
+
+		if ($filterStatus)
+		{
+			$query->where($db->quoteName('t.status') . ' = ' . $db->quote($filterStatus));
+		}
+
+		$query->order($db->quoteName('t.created') . ' DESC')->setLimit(50);
 		$db->setQuery($query);
 		$this->tickets = $db->loadObjectList() ?: [];
 
-		// Get categories for new ticket form
+		// Categories for new ticket form
 		$query = $db->getQuery(true)
 			->select([$db->quoteName('id'), $db->quoteName('title')])
 			->from($db->quoteName('#__mokowaas_ticket_categories'))
diff --git a/src/packages/com_mokowaas/site/tmpl/ticket/default.php b/src/packages/com_mokowaas/site/tmpl/ticket/default.php
index 5c6d135d..7f84e579 100644
--- a/src/packages/com_mokowaas/site/tmpl/ticket/default.php
+++ b/src/packages/com_mokowaas/site/tmpl/ticket/default.php
@@ -1,22 +1,19 @@
 <?php
-/**
- * @package     MokoWaaS
- * @subpackage  com_mokowaas.site
- * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
- * @license     GNU General Public License version 3 or later; see LICENSE
- */
-
 defined('_JEXEC') or die;
 
 use Joomla\CMS\HTML\HTMLHelper;
 use Joomla\CMS\Router\Route;
 use Joomla\CMS\Session\Session;
+use Joomla\CMS\Factory;
 
-$t     = $this->ticket;
-$token = Session::getFormToken();
+$t         = $this->ticket;
+$isStaff   = $this->isStaff;
+$canAssign = $this->canAssign;
+$token     = Session::getFormToken();
+$userId    = Factory::getApplication()->getIdentity()->id;
 
 $statusLabel = [
-	'open' => 'Open', 'in_progress' => 'In Progress', 'waiting' => 'Awaiting Your Response',
+	'open' => 'Open', 'in_progress' => 'In Progress', 'waiting' => 'Awaiting Response',
 	'resolved' => 'Resolved', 'closed' => 'Closed',
 ];
 $statusClass = [
@@ -28,99 +25,217 @@ $statusClass = [
 <div class="mokowaas-portal-ticket">
 	<div class="mb-3">
 		<a href="<?php echo Route::_('index.php?option=com_mokowaas&view=tickets'); ?>" class="btn btn-sm btn-outline-secondary">
-			<span class="icon-arrow-left"></span> Back to My Tickets
+			<span class="icon-arrow-left"></span> Back to Tickets
 		</a>
 	</div>
 
-	<!-- Ticket header -->
-	<div class="card mb-4">
-		<div class="card-body">
-			<div class="d-flex justify-content-between align-items-start">
-				<div>
-					<h3 class="mb-1">#<?php echo $t->id; ?> — <?php echo htmlspecialchars($t->subject); ?></h3>
-					<small class="text-muted">
-						<?php echo htmlspecialchars($t->category_title ?? 'General'); ?>
-						&middot; Submitted <?php echo HTMLHelper::_('date', $t->created, 'M d, Y \a\t H:i'); ?>
-						&middot; Priority: <?php echo ucfirst($t->priority); ?>
-					</small>
+	<div class="row">
+		<!-- Main column: conversation -->
+		<div class="col-12 <?php echo $isStaff ? 'col-lg-8' : ''; ?>">
+
+			<!-- Ticket header -->
+			<div class="card mb-3">
+				<div class="card-body">
+					<div class="d-flex justify-content-between align-items-start">
+						<div>
+							<h3 class="mb-1">#<?php echo $t->id; ?> — <?php echo htmlspecialchars($t->subject); ?></h3>
+							<small class="text-muted">
+								<?php echo htmlspecialchars($t->category_title ?? 'General'); ?>
+								&middot; <?php echo HTMLHelper::_('date', $t->created, 'M d, Y H:i'); ?>
+								&middot; <?php echo ucfirst($t->priority); ?>
+								<?php if ($isStaff): ?>
+								&middot; By: <?php echo htmlspecialchars($t->created_by_name); ?>
+								<?php endif; ?>
+							</small>
+						</div>
+						<span class="badge bg-<?php echo $statusClass[$t->status] ?? 'secondary'; ?> fs-6">
+							<?php echo $statusLabel[$t->status] ?? $t->status; ?>
+						</span>
+					</div>
 				</div>
-				<span class="badge bg-<?php echo $statusClass[$t->status] ?? 'secondary'; ?> fs-6">
-					<?php echo $statusLabel[$t->status] ?? ucfirst($t->status); ?>
-				</span>
 			</div>
-		</div>
-	</div>
 
-	<!-- Original message -->
-	<div class="card mb-3">
-		<div class="card-header">
-			<strong>You</strong>
-			<small class="text-muted ms-2"><?php echo HTMLHelper::_('date', $t->created, 'M d, Y H:i'); ?></small>
-		</div>
-		<div class="card-body"><?php echo nl2br(htmlspecialchars($t->body)); ?></div>
-	</div>
-
-	<!-- Replies -->
-	<?php foreach ($t->replies as $reply): ?>
-	<?php
-		$isStaff = ((int) $reply->user_id !== (int) $t->created_by);
-	?>
-	<div class="card mb-3 <?php echo $isStaff ? 'border-primary' : ''; ?>">
-		<div class="card-header d-flex justify-content-between">
-			<div>
-				<strong><?php echo htmlspecialchars($reply->user_name ?? 'Support'); ?></strong>
-				<?php if ($isStaff): ?>
-				<span class="badge bg-primary ms-1">Staff</span>
-				<?php endif; ?>
-				<small class="text-muted ms-2"><?php echo HTMLHelper::_('date', $reply->created, 'M d, Y H:i'); ?></small>
-			</div>
-		</div>
-		<div class="card-body"><?php echo nl2br(htmlspecialchars($reply->body)); ?></div>
-	</div>
-	<?php endforeach; ?>
-
-	<!-- Reply form (only if not closed) -->
-	<?php if (!\in_array($t->status, ['closed', 'resolved'])): ?>
-	<div class="card mt-4">
-		<div class="card-body">
-			<h5 class="card-title">Reply</h5>
-			<form id="portalReply">
-				<div class="mb-3">
-					<textarea name="body" class="form-control" rows="5" required placeholder="Type your reply..."></textarea>
+			<!-- Original message -->
+			<div class="card mb-3">
+				<div class="card-header">
+					<strong><?php echo htmlspecialchars($t->created_by_name); ?></strong>
+					<small class="text-muted ms-2"><?php echo HTMLHelper::_('date', $t->created, 'M d, Y H:i'); ?></small>
 				</div>
-				<input type="hidden" name="ticket_id" value="<?php echo $t->id; ?>">
-				<input type="hidden" name="<?php echo $token; ?>" value="1">
-				<button type="submit" class="btn btn-primary">
-					<span class="icon-paper-plane"></span> Send Reply
-				</button>
-			</form>
+				<div class="card-body"><?php echo nl2br(htmlspecialchars($t->body)); ?></div>
+			</div>
+
+			<!-- Replies -->
+			<?php foreach ($t->replies as $reply): ?>
+			<?php
+				$replyIsStaffUser = ((int) $reply->user_id !== (int) $t->created_by);
+				$isInternal       = (int) $reply->is_internal;
+			?>
+			<div class="card mb-3 <?php echo $isInternal ? 'border-warning bg-warning bg-opacity-10' : ($replyIsStaffUser ? 'border-primary' : ''); ?>">
+				<div class="card-header d-flex justify-content-between">
+					<div>
+						<strong><?php echo htmlspecialchars($reply->user_name ?? 'Support'); ?></strong>
+						<?php if ($replyIsStaffUser): ?><span class="badge bg-primary ms-1">Staff</span><?php endif; ?>
+						<?php if ($isInternal): ?><span class="badge bg-warning text-dark ms-1">Internal Note</span><?php endif; ?>
+						<small class="text-muted ms-2"><?php echo HTMLHelper::_('date', $reply->created, 'M d, Y H:i'); ?></small>
+					</div>
+				</div>
+				<div class="card-body"><?php echo nl2br(htmlspecialchars($reply->body)); ?></div>
+			</div>
+			<?php endforeach; ?>
+
+			<!-- Reply form -->
+			<?php if (!\in_array($t->status, ['closed'])): ?>
+			<div class="card mt-4">
+				<div class="card-body">
+					<h5>Reply</h5>
+					<form id="portalReply">
+						<textarea name="body" class="form-control mb-3" rows="5" required placeholder="Type your reply..."></textarea>
+						<input type="hidden" name="ticket_id" value="<?php echo $t->id; ?>">
+						<input type="hidden" name="<?php echo $token; ?>" value="1">
+						<div class="d-flex gap-2">
+							<button type="submit" class="btn btn-primary">
+								<span class="icon-paper-plane"></span> Send Reply
+							</button>
+							<?php if ($isStaff): ?>
+							<button type="button" class="btn btn-outline-warning" id="btn-internal-note">
+								<span class="icon-eye-slash"></span> Internal Note
+							</button>
+							<?php endif; ?>
+						</div>
+					</form>
+				</div>
+			</div>
+			<?php elseif ($t->status === 'closed'): ?>
+			<div class="alert alert-secondary mt-4">
+				This ticket is closed. <a href="<?php echo Route::_('index.php?option=com_mokowaas&view=tickets&layout=submit'); ?>">Open a new ticket</a> if you need further help.
+			</div>
+			<?php endif; ?>
 		</div>
+
+		<!-- Staff sidebar -->
+		<?php if ($isStaff): ?>
+		<div class="col-12 col-lg-4">
+			<!-- Ticket info -->
+			<div class="card mb-3">
+				<div class="card-header"><strong>Details</strong></div>
+				<div class="card-body">
+					<dl class="row mb-0">
+						<dt class="col-5 text-muted">Status</dt>
+						<dd class="col-7"><span class="badge bg-<?php echo $statusClass[$t->status] ?? 'secondary'; ?>"><?php echo $statusLabel[$t->status] ?? $t->status; ?></span></dd>
+						<dt class="col-5 text-muted">Priority</dt>
+						<dd class="col-7"><?php echo ucfirst($t->priority); ?></dd>
+						<dt class="col-5 text-muted">Category</dt>
+						<dd class="col-7"><?php echo htmlspecialchars($t->category_title ?? '—'); ?></dd>
+						<dt class="col-5 text-muted">Submitted By</dt>
+						<dd class="col-7"><?php echo htmlspecialchars($t->created_by_name); ?><br><small class="text-muted"><?php echo htmlspecialchars($t->created_by_email ?? ''); ?></small></dd>
+						<dt class="col-5 text-muted">Assigned To</dt>
+						<dd class="col-7"><?php echo htmlspecialchars($t->assigned_to_name ?? 'Unassigned'); ?></dd>
+						<dt class="col-5 text-muted">Created</dt>
+						<dd class="col-7"><?php echo HTMLHelper::_('date', $t->created, 'M d H:i'); ?></dd>
+						<dt class="col-5 text-muted">Replies</dt>
+						<dd class="col-7"><?php echo \count($t->replies); ?></dd>
+					</dl>
+				</div>
+			</div>
+
+			<!-- Status actions -->
+			<div class="card mb-3">
+				<div class="card-header"><strong>Change Status</strong></div>
+				<div class="card-body d-grid gap-2">
+					<?php foreach (['open' => 'Reopen', 'in_progress' => 'In Progress', 'waiting' => 'Waiting on Customer', 'resolved' => 'Resolve', 'closed' => 'Close'] as $s => $label): ?>
+					<?php if ($s !== $t->status): ?>
+					<button type="button" class="btn btn-sm btn-outline-<?php echo $s === 'closed' ? 'danger' : ($s === 'resolved' ? 'success' : 'secondary'); ?> btn-status"
+						data-status="<?php echo $s; ?>">
+						<?php echo $label; ?>
+					</button>
+					<?php endif; ?>
+					<?php endforeach; ?>
+				</div>
+			</div>
+
+			<?php if ($canAssign): ?>
+			<!-- Quick assign -->
+			<div class="card mb-3">
+				<div class="card-header"><strong>Assign</strong></div>
+				<div class="card-body">
+					<button type="button" class="btn btn-sm btn-outline-primary w-100" id="btn-assign-me">
+						Assign to Me
+					</button>
+				</div>
+			</div>
+			<?php endif; ?>
+		</div>
+		<?php endif; ?>
 	</div>
-	<?php else: ?>
-	<div class="alert alert-secondary mt-4">
-		This ticket is <?php echo strtolower($statusLabel[$t->status] ?? $t->status); ?>. If you need further help, please open a new ticket.
-	</div>
-	<?php endif; ?>
 </div>
 
 <script>
-var replyForm = document.getElementById('portalReply');
-if (replyForm) {
-	replyForm.addEventListener('submit', function(e) {
-		e.preventDefault();
-		var form = this;
-		var btn = form.querySelector('button[type=submit]');
-		btn.disabled = true;
-		var fd = new FormData(form);
-		fetch('<?php echo Route::_('index.php?option=com_mokowaas&task=display.submitReply&format=json'); ?>', {
-			method: 'POST', body: fd, headers: {'X-Requested-With': 'XMLHttpRequest'}
-		})
-		.then(function(r) { return r.json(); })
-		.then(function(d) {
-			if (d.success) { location.reload(); }
-			else { alert(d.message || 'Failed.'); btn.disabled = false; }
-		})
-		.catch(function() { alert('Network error.'); btn.disabled = false; });
+document.addEventListener('DOMContentLoaded', function() {
+	var token = '<?php echo $token; ?>';
+	var ticketId = <?php echo $t->id; ?>;
+
+	// Reply
+	var replyForm = document.getElementById('portalReply');
+	if (replyForm) {
+		replyForm.addEventListener('submit', function(e) {
+			e.preventDefault();
+			sendReply(false);
+		});
+	}
+
+	// Internal note
+	var internalBtn = document.getElementById('btn-internal-note');
+	if (internalBtn) {
+		internalBtn.addEventListener('click', function() { sendReply(true); });
+	}
+
+	function sendReply(isInternal) {
+		var body = replyForm.querySelector('textarea[name=body]').value.trim();
+		if (!body) return;
+		var fd = new FormData();
+		fd.append('ticket_id', ticketId);
+		fd.append('body', body);
+		fd.append('is_internal', isInternal ? '1' : '0');
+		fd.append(token, '1');
+		fetch('<?php echo Route::_("index.php?option=com_mokowaas&task=display.submitReply&format=json"); ?>', {
+			method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}
+		}).then(function(r){return r.json()}).then(function(d){
+			if (d.success) location.reload();
+			else alert(d.message);
+		});
+	}
+
+	// Status buttons
+	document.querySelectorAll('.btn-status').forEach(function(btn) {
+		btn.addEventListener('click', function() {
+			var fd = new FormData();
+			fd.append('ticket_id', ticketId);
+			fd.append('status', this.dataset.status);
+			fd.append(token, '1');
+			fetch('<?php echo Route::_("index.php?option=com_mokowaas&task=display.updateStatus&format=json"); ?>', {
+				method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}
+			}).then(function(r){return r.json()}).then(function(d){
+				if (d.success) location.reload();
+				else alert(d.message);
+			});
+		});
 	});
-}
+
+	// Assign to me
+	var assignBtn = document.getElementById('btn-assign-me');
+	if (assignBtn) {
+		assignBtn.addEventListener('click', function() {
+			var fd = new FormData();
+			fd.append('ticket_id', ticketId);
+			fd.append('assigned_to', <?php echo $userId; ?>);
+			fd.append(token, '1');
+			fetch('<?php echo Route::_("index.php?option=com_mokowaas&task=display.assignTicket&format=json"); ?>', {
+				method:'POST', body:fd, headers:{'X-Requested-With':'XMLHttpRequest'}
+			}).then(function(r){return r.json()}).then(function(d){
+				if (d.success) location.reload();
+				else alert(d.message);
+			});
+		});
+	}
+});
 </script>
diff --git a/src/packages/com_mokowaas/site/tmpl/tickets/default.php b/src/packages/com_mokowaas/site/tmpl/tickets/default.php
index f9face45..8ed9e1a3 100644
--- a/src/packages/com_mokowaas/site/tmpl/tickets/default.php
+++ b/src/packages/com_mokowaas/site/tmpl/tickets/default.php
@@ -1,11 +1,4 @@
 <?php
-/**
- * @package     MokoWaaS
- * @subpackage  com_mokowaas.site
- * @copyright   Copyright (C) 2026 Moko Consulting. All rights reserved.
- * @license     GNU General Public License version 3 or later; see LICENSE
- */
-
 defined('_JEXEC') or die;
 
 use Joomla\CMS\HTML\HTMLHelper;
@@ -14,6 +7,7 @@ use Joomla\CMS\Session\Session;
 
 $tickets    = $this->tickets;
 $categories = $this->categories;
+$isStaff    = $this->isStaff;
 $token      = Session::getFormToken();
 
 $statusLabel = [
@@ -28,106 +22,62 @@ $statusClass = [
 
 <div class="mokowaas-portal">
 	<div class="d-flex justify-content-between align-items-center mb-4">
-		<h2>My Support Tickets</h2>
-		<button type="button" class="btn btn-primary" data-bs-toggle="collapse" data-bs-target="#newTicketForm">
-			<span class="icon-plus"></span> New Ticket
-		</button>
-	</div>
-
-	<!-- New Ticket Form (collapsible) -->
-	<div class="collapse mb-4" id="newTicketForm">
-		<div class="card">
-			<div class="card-body">
-				<h5 class="card-title mb-3">Submit a Support Request</h5>
-				<form id="portalNewTicket">
-					<div class="mb-3">
-						<label class="form-label" for="ticket-subject">Subject</label>
-						<input type="text" id="ticket-subject" name="subject" class="form-control" required placeholder="Brief description of your issue">
-					</div>
-					<div class="row mb-3">
-						<div class="col-md-6">
-							<label class="form-label" for="ticket-category">Category</label>
-							<select id="ticket-category" name="category_id" class="form-select">
-								<option value="">Select a category</option>
-								<?php foreach ($categories as $cat): ?>
-								<option value="<?php echo $cat->id; ?>"><?php echo htmlspecialchars($cat->title); ?></option>
-								<?php endforeach; ?>
-							</select>
-						</div>
-						<div class="col-md-6">
-							<label class="form-label" for="ticket-priority">Priority</label>
-							<select id="ticket-priority" name="priority" class="form-select">
-								<option value="normal">Normal</option>
-								<option value="low">Low</option>
-								<option value="high">High</option>
-								<option value="urgent">Urgent</option>
-							</select>
-						</div>
-					</div>
-					<div class="mb-3">
-						<label class="form-label" for="ticket-body">Description</label>
-						<textarea id="ticket-body" name="body" class="form-control" rows="6" required placeholder="Please describe your issue in detail..."></textarea>
-					</div>
-					<input type="hidden" name="<?php echo $token; ?>" value="1">
-					<button type="submit" class="btn btn-primary">
-						<span class="icon-paper-plane"></span> Submit Ticket
-					</button>
-				</form>
-			</div>
+		<h2><?php echo $isStaff ? 'All Support Tickets' : 'My Support Tickets'; ?></h2>
+		<div class="d-flex gap-2">
+			<a href="<?php echo Route::_('index.php?option=com_mokowaas&view=tickets&layout=submit'); ?>" class="btn btn-primary">
+				<span class="icon-plus"></span> New Ticket
+			</a>
+			<?php if ($isStaff): ?>
+			<form method="get" class="d-inline">
+				<input type="hidden" name="option" value="com_mokowaas">
+				<input type="hidden" name="view" value="tickets">
+				<select name="filter_status" class="form-select form-select-sm" style="width:auto" onchange="this.form.submit()">
+					<option value="">All Statuses</option>
+					<?php foreach ($statusLabel as $k => $v): ?>
+					<option value="<?php echo $k; ?>" <?php echo Factory::getApplication()->getInput()->getString('filter_status') === $k ? 'selected' : ''; ?>><?php echo $v; ?></option>
+					<?php endforeach; ?>
+				</select>
+			</form>
+			<?php endif; ?>
 		</div>
 	</div>
 
-	<!-- Ticket List -->
 	<?php if (empty($tickets)): ?>
 	<div class="alert alert-info">
 		<span class="icon-info-circle"></span>
-		You haven't submitted any support tickets yet. Click "New Ticket" above to get started.
+		<?php echo $isStaff ? 'No tickets found.' : 'You haven\'t submitted any support tickets yet.'; ?>
 	</div>
 	<?php else: ?>
-	<div class="list-group">
-		<?php foreach ($tickets as $t): ?>
-		<a href="<?php echo Route::_('index.php?option=com_mokowaas&view=ticket&id=' . $t->id); ?>" class="list-group-item list-group-item-action">
-			<div class="d-flex justify-content-between align-items-start">
-				<div>
-					<h6 class="mb-1">#<?php echo $t->id; ?> — <?php echo htmlspecialchars($t->subject); ?></h6>
-					<small class="text-muted">
-						<?php echo htmlspecialchars($t->category_title ?? 'General'); ?>
-						&middot; <?php echo HTMLHelper::_('date', $t->created, 'M d, Y'); ?>
-					</small>
-				</div>
-				<div class="text-end">
-					<span class="badge bg-<?php echo $statusClass[$t->status] ?? 'secondary'; ?>">
-						<?php echo $statusLabel[$t->status] ?? ucfirst($t->status); ?>
-					</span>
-					<br>
-					<small class="badge bg-light text-dark"><?php echo ucfirst($t->priority); ?></small>
-				</div>
-			</div>
-		</a>
-		<?php endforeach; ?>
+	<div class="table-responsive">
+		<table class="table table-striped table-hover">
+			<thead>
+				<tr>
+					<th>#</th>
+					<th>Subject</th>
+					<th>Status</th>
+					<th>Priority</th>
+					<th>Category</th>
+					<?php if ($isStaff): ?><th>Submitted By</th><th>Assigned To</th><?php endif; ?>
+					<th>Date</th>
+				</tr>
+			</thead>
+			<tbody>
+			<?php foreach ($tickets as $t): ?>
+				<tr>
+					<td><a href="<?php echo Route::_('index.php?option=com_mokowaas&view=ticket&id=' . $t->id); ?>"><?php echo $t->id; ?></a></td>
+					<td><a href="<?php echo Route::_('index.php?option=com_mokowaas&view=ticket&id=' . $t->id); ?>"><?php echo htmlspecialchars(mb_substr($t->subject, 0, 60)); ?></a></td>
+					<td><span class="badge bg-<?php echo $statusClass[$t->status] ?? 'secondary'; ?>"><?php echo $statusLabel[$t->status] ?? $t->status; ?></span></td>
+					<td><?php echo ucfirst($t->priority); ?></td>
+					<td><?php echo htmlspecialchars($t->category_title ?? '—'); ?></td>
+					<?php if ($isStaff): ?>
+					<td><?php echo htmlspecialchars($t->created_by_name ?? ''); ?></td>
+					<td><?php echo htmlspecialchars($t->assigned_to_name ?? '<em>Unassigned</em>'); ?></td>
+					<?php endif; ?>
+					<td class="text-nowrap"><?php echo HTMLHelper::_('date', $t->created, 'M d, Y'); ?></td>
+				</tr>
+			<?php endforeach; ?>
+			</tbody>
+		</table>
 	</div>
 	<?php endif; ?>
 </div>
-
-<script>
-document.getElementById('portalNewTicket').addEventListener('submit', function(e) {
-	e.preventDefault();
-	var form = this;
-	var btn = form.querySelector('button[type=submit]');
-	btn.disabled = true;
-	var fd = new FormData(form);
-	fetch('<?php echo Route::_('index.php?option=com_mokowaas&task=display.submitTicket&format=json'); ?>', {
-		method: 'POST', body: fd, headers: {'X-Requested-With': 'XMLHttpRequest'}
-	})
-	.then(function(r) { return r.json(); })
-	.then(function(d) {
-		if (d.success && d.id) {
-			window.location.href = '<?php echo Route::_('index.php?option=com_mokowaas&view=ticket&id='); ?>' + d.id;
-		} else {
-			alert(d.message || 'Failed to submit ticket.');
-			btn.disabled = false;
-		}
-	})
-	.catch(function() { alert('Network error.'); btn.disabled = false; });
-});
-</script>