yogiboook_new/public/userarea/api/api_school_settings.php

<?php

declare(strict_types=1);

require_once __DIR__ . '/_bootstrap.php'; // $pdo, $iduserlogin

try {
    $school_id = isset($_GET['school_id']) ? (int)$_GET['school_id'] : 0;

    if ($school_id <= 0) {
        http_response_code(422);
        echo json_encode(['success' => false, 'message' => 'Missing school_id']);
        exit;
    }

    // --- Security: user must be active in this school ---
    $chk = $pdo->prepare("
        SELECT 1
        FROM user_schools us
        JOIN schools s ON s.id = us.school_id
        WHERE us.user_id = ?
          AND us.school_id = ?
          AND us.status = 'active'
          AND s.status = 'active'
        LIMIT 1
    ");
    $chk->execute([$iduserlogin, $school_id]);

    if (!$chk->fetchColumn()) {
        http_response_code(403);
        echo json_encode(['success' => false, 'message' => 'Forbidden: user not allowed for this school']);
        exit;
    }

    // --- Defaults (same as your include) ---
    $defaults = [
        'portal_purchases_enabled'    => 1,
        'allowed_product_types'       => 'subscription,carnet,drop_in',
        'payment_methods'             => 'manual',
        'currency_code'               => 'EUR',
        'enable_notifications'        => 1,
        'allow_freeze_global'         => 1,
        'freeze_max_days_global'      => 30,
        'auto_propagate_on_purchase'  => 1,
        'allow_full_access_rebooking' => 1,
        // Add here any other defaults you want to guarantee
    ];

    // --- Load settings row ---
    $stmt = $pdo->prepare("
        SELECT *
        FROM school_settings
        WHERE school_id = ?
        LIMIT 1
    ");
    $stmt->execute([$school_id]);
    $settings = $stmt->fetch(PDO::FETCH_ASSOC);

    if (!$settings) {
        // Create row with defaults (only school_id is required by your schema)
        $ins = $pdo->prepare("INSERT INTO school_settings (school_id) VALUES (?)");
        $ins->execute([$school_id]);

        // Reload
        $stmt = $pdo->prepare("SELECT * FROM school_settings WHERE school_id = ? LIMIT 1");
        $stmt->execute([$school_id]);
        $settings = $stmt->fetch(PDO::FETCH_ASSOC) ?: [];
    }

    // Merge defaults (fallback for NULL / missing fields)
    $schoolSettings = array_merge($defaults, $settings);

    // Ensure arrays
    $paymentMethods = array_values(array_filter(array_map('trim', explode(',', (string)($schoolSettings['payment_methods'] ?? '')))));
    $productTypes   = array_values(array_filter(array_map('trim', explode(',', (string)($schoolSettings['allowed_product_types'] ?? '')))));

    $schoolSettings['payment_methods_array'] = $paymentMethods;
    $schoolSettings['allowed_product_types_array'] = $productTypes;

    // Optional: cast some known int flags to int (helps Flutter)
    foreach (
        [
            'portal_purchases_enabled',
            'enable_notifications',
            'allow_freeze_global',
            'freeze_max_days_global',
            'auto_propagate_on_purchase',
            'allow_full_access_rebooking'
        ] as $k
    ) {
        if (isset($schoolSettings[$k])) {
            $schoolSettings[$k] = is_numeric($schoolSettings[$k]) ? (int)$schoolSettings[$k] : $schoolSettings[$k];
        }
    }

    echo json_encode([
        'success' => true,
        'school_id' => $school_id,
        'settings' => $schoolSettings
    ], JSON_UNESCAPED_UNICODE);
} catch (Throwable $e) {
    http_response_code(500);
    echo json_encode([
        'success' => false,
        'message' => 'Server error.',
        'error' => $e->getMessage()
    ]);
}