'user', 'requestData' => [ 'ticketNumber' => [ 'validation' => DataValidator::validTicketNumber(), 'error' => ERRORS::INVALID_TICKET ] ] ]; } public function handler() { $this->ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber')); if ($this->shouldDenyPermission()) { Response::respondError(ERRORS::NO_PERMISSION); } else { Response::respondSuccess($this->ticket->toArray()); } } private function shouldDenyPermission() { $user = Controller::getLoggedUser(); return (!Controller::isStaffLogged() && $this->ticket->author->id !== $user->id) || (Controller::isStaffLogged() && $this->ticket->owner && $this->ticket->owner->id !== $user->id); } }