<?php
require_once(__DIR__ . '/../hr_auth_check.php');

header('Content-Type: application/json');

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    echo json_encode(['success' => false, 'message' => 'Metodo non consentito.']);
    exit;
}

$pdo = DBHandlerSelect::getInstance()->getConnection();

$id = (int)($_POST['id'] ?? 0);
if ($id <= 0) {
    echo json_encode(['success' => false, 'message' => 'ID allegato non valido.']);
    exit;
}

$row = $pdo->prepare("
    SELECT a.stored_name, a.original_name, a.training_id, t.employee_id
    FROM employee_training_attachments a
    JOIN employee_trainings t ON t.id = a.training_id
    WHERE a.id = :id
    LIMIT 1
");
$row->execute(['id' => $id]);
$att = $row->fetch(PDO::FETCH_ASSOC);
if (!$att) {
    echo json_encode(['success' => false, 'message' => 'Allegato non trovato.']);
    exit;
}

try {
    $pdo->beginTransaction();
    $pdo->prepare("DELETE FROM employee_training_attachments WHERE id = :id")->execute(['id' => $id]);
    $pdo->prepare("
        INSERT INTO employee_training_log
            (employee_id, training_id, action, field, old_value, new_value, changed_by, changed_at)
        VALUES
            (:eid, :tid, 'attachment_deleted', 'attachment', :name, NULL, :cb, NOW())
    ")->execute([
        'eid'  => $att['employee_id'],
        'tid'  => $att['training_id'],
        'name' => $att['original_name'],
        'cb'   => $currentUserId,
    ]);
    $pdo->commit();

    $path = __DIR__ . '/../../files/employees/' . (int)$att['employee_id'] . '/trainings/' . $att['stored_name'];
    if (is_file($path)) {
        @unlink($path);
    }

    echo json_encode(['success' => true]);
} catch (Exception $e) {
    if ($pdo->inTransaction()) $pdo->rollBack();
    echo json_encode(['success' => false, 'message' => $e->getMessage()]);
}