<?php
require_once(__DIR__ . '/auth_check.php');
header('Content-Type: application/json');
require_once(__DIR__ . '/../../class/db-functions.php');

try {
    if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
        echo json_encode(['success' => false, 'message' => 'ID non valido.']);
        exit;
    }

    $id = (int)$_GET['id'];

    $db = DBHandlerSelect::getInstance();
    $pdo = $db->getConnection();

    $stmt = $pdo->prepare("SELECT * FROM scad_deadline_attachments WHERE id = ?");
    $stmt->execute([$id]);
    $att = $stmt->fetch(PDO::FETCH_ASSOC);

    if (!$att) {
        echo json_encode(['success' => false, 'message' => 'Allegato non trovato.']);
        exit;
    }

    // Delete file
    $filePath = __DIR__ . '/../attachments/' . $att['stored_name'];
    if (file_exists($filePath)) {
        unlink($filePath);
    }

    // Delete DB record
    $pdo->prepare("DELETE FROM scad_deadline_attachments WHERE id = ?")->execute([$id]);

    // History
    $pdo->prepare("INSERT INTO scad_deadline_histories (deadline_id, user_id, action, notes) VALUES (?, ?, 'attachment_removed', ?)")
        ->execute([$att['deadline_id'], $currentUserId, $att['original_name']]);

    echo json_encode(['success' => true, 'message' => 'Allegato eliminato.']);

} catch (Exception $e) {
    echo json_encode(['success' => false, 'message' => 'Errore: ' . $e->getMessage()]);
}