<?php
require_once(__DIR__ . '/../hr_auth_check.php');

header('Content-Type: application/json');

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    echo json_encode(['success' => false, 'message' => 'Metodo non consentito.']);
    exit;
}

$pdo = DBHandlerSelect::getInstance()->getConnection();

$id           = (int)($_POST['id'] ?? 0);
$employeeId   = (int)($_POST['employee_id'] ?? 0);
$itemName     = trim($_POST['item_name'] ?? '');
$deliveryDate = trim($_POST['delivery_date'] ?? '');
$deliveredBy  = trim($_POST['delivered_by'] ?? '');
$notes        = trim($_POST['notes'] ?? '');

if ($employeeId <= 0) {
    echo json_encode(['success' => false, 'message' => 'ID dipendente non valido.']);
    exit;
}
if ($itemName === '') {
    echo json_encode(['success' => false, 'message' => 'Il nome del DPI è obbligatorio.']);
    exit;
}

$deliveryDate = $deliveryDate === '' ? null : $deliveryDate;
$deliveredBy  = $deliveredBy  !== '' ? $deliveredBy  : null;
$notes        = $notes        !== '' ? $notes        : null;

try {
    if ($id > 0) {
        $stmt = $pdo->prepare("
            UPDATE employee_ppe
            SET item_name     = :item_name,
                delivery_date = :delivery_date,
                delivered_by  = :delivered_by,
                notes         = :notes,
                updated_at    = NOW()
            WHERE id = :id AND employee_id = :eid
        ");
        $stmt->execute([
            'item_name'     => $itemName,
            'delivery_date' => $deliveryDate,
            'delivered_by'  => $deliveredBy,
            'notes'         => $notes,
            'id'            => $id,
            'eid'           => $employeeId,
        ]);
        echo json_encode(['success' => true, 'id' => $id]);
        exit;
    }

    $check = $pdo->prepare("SELECT COUNT(*) FROM employees WHERE id = :id");
    $check->execute(['id' => $employeeId]);
    if ((int)$check->fetchColumn() === 0) {
        echo json_encode(['success' => false, 'message' => 'Dipendente non trovato.']);
        exit;
    }

    $stmt = $pdo->prepare("
        INSERT INTO employee_ppe
            (employee_id, item_name, delivery_date, delivered_by, notes, created_by, created_at, updated_at)
        VALUES
            (:employee_id, :item_name, :delivery_date, :delivered_by, :notes, :created_by, NOW(), NOW())
    ");
    $stmt->execute([
        'employee_id'   => $employeeId,
        'item_name'     => $itemName,
        'delivery_date' => $deliveryDate,
        'delivered_by'  => $deliveredBy,
        'notes'         => $notes,
        'created_by'    => $currentUserId,
    ]);

    echo json_encode(['success' => true, 'id' => (int)$pdo->lastInsertId()]);
} catch (Exception $e) {
    echo json_encode(['success' => false, 'message' => $e->getMessage()]);
}