<?php
require_once(__DIR__ . '/../hr_auth_check.php');

header('Content-Type: application/json');

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    echo json_encode(['success' => false, 'message' => 'Metodo non consentito.']);
    exit;
}

$pdo = DBHandlerSelect::getInstance()->getConnection();

$id = (int)($_POST['id'] ?? 0);
if ($id <= 0) {
    echo json_encode(['success' => false, 'message' => 'ID documento non valido.']);
    exit;
}

$stmt = $pdo->prepare("SELECT employee_id, stored_name FROM employee_documents WHERE id = :id LIMIT 1");
$stmt->execute(['id' => $id]);
$doc = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$doc) {
    echo json_encode(['success' => false, 'message' => 'Documento non trovato.']);
    exit;
}

try {
    $del = $pdo->prepare("DELETE FROM employee_documents WHERE id = :id");
    $del->execute(['id' => $id]);

    $path = __DIR__ . '/../../files/employees/' . (int)$doc['employee_id'] . '/documents/' . $doc['stored_name'];
    if (is_file($path)) {
        @unlink($path);
    }

    echo json_encode(['success' => true]);
} catch (Exception $e) {
    echo json_encode(['success' => false, 'message' => $e->getMessage()]);
}