zibo-dashboard/public/userarea/save_personal_multi_sottomansioni.php

<?php
include('../../include/headscript.php');

header('Content-Type: application/json; charset=utf-8');

$pdo = DBHandlerSelect::getInstance()->getConnection();

function jsonResponse(array $data): void
{
    echo json_encode($data);
    exit;
}

function normalizeNullableInt($value): ?int
{
    return (isset($value) && $value !== '') ? (int)$value : null;
}

try {
    $isHrManager = Auth::user()->hasRole('Admin')
        || Auth::user()->hasRole('Superuser')
        || Auth::user()->hasRole('employee-hr')
        || Auth::user()->hasRole('manager');

    if (!$isHrManager) {
        jsonResponse(['success' => false, 'message' => 'Non autorizzato.']);
    }

    $employeeId = (int)($_POST['employee_id'] ?? 0);
    $firstName = trim($_POST['first_name'] ?? '');
    $lastName = trim($_POST['last_name'] ?? '');
    $employeeCode = trim($_POST['employee_code'] ?? '');
    $hireDate = trim($_POST['hire_date'] ?? '');
    $address = trim($_POST['address'] ?? '');
    $phone = trim($_POST['phone'] ?? '');
    $email = trim($_POST['email'] ?? '');
    $departmentId = normalizeNullableInt($_POST['department_id'] ?? '');
    $status = trim($_POST['status'] ?? 'active');
    $authUserId = normalizeNullableInt($_POST['auth_user_id'] ?? '');
    $roleId = normalizeNullableInt($_POST['role_id'] ?? '');

    $jobSubRoleIds = $_POST['job_sub_role_ids'] ?? [];
    if (!is_array($jobSubRoleIds)) {
        $jobSubRoleIds = [$jobSubRoleIds];
    }

    $jobSubRoleIds = array_values(array_unique(array_filter(array_map('intval', $jobSubRoleIds))));

    if ($employeeId <= 0) {
        jsonResponse(['success' => false, 'message' => 'ID dipendente non valido.']);
    }

    if ($firstName === '' || $lastName === '') {
        jsonResponse(['success' => false, 'message' => 'Nome e cognome sono obbligatori.']);
    }

    if ($email !== '' && !filter_var($email, FILTER_VALIDATE_EMAIL)) {
        jsonResponse(['success' => false, 'message' => 'Email non valida.']);
    }

    if (!in_array($status, ['active', 'inactive', 'suspended'], true)) {
        $status = 'active';
    }

    $stmtEmployee = $pdo->prepare('SELECT id FROM employees WHERE id = ? LIMIT 1');
    $stmtEmployee->execute([$employeeId]);
    if (!$stmtEmployee->fetchColumn()) {
        jsonResponse(['success' => false, 'message' => 'Dipendente non trovato.']);
    }

    $primaryJobRoleId = null;
    $primaryJobSubRoleId = null;

    if ($jobSubRoleIds) {
        $placeholders = implode(',', array_fill(0, count($jobSubRoleIds), '?'));
        $stmtSubRoles = $pdo->prepare("\n            SELECT id, job_role_id\n            FROM job_sub_roles\n            WHERE id IN ($placeholders)\n              AND is_active = 1\n        ");
        $stmtSubRoles->execute($jobSubRoleIds);
        $validRows = $stmtSubRoles->fetchAll(PDO::FETCH_ASSOC);

        $validMap = [];
        foreach ($validRows as $row) {
            $validMap[(int)$row['id']] = (int)$row['job_role_id'];
        }

        $jobSubRoleIds = array_values(array_filter($jobSubRoleIds, static function ($id) use ($validMap) {
            return isset($validMap[(int)$id]);
        }));

        if ($jobSubRoleIds) {
            $primaryJobSubRoleId = (int)$jobSubRoleIds[0];
            $primaryJobRoleId = $validMap[$primaryJobSubRoleId] ?? null;
        }
    }

    $pdo->beginTransaction();

    $stmt = $pdo->prepare("\n        UPDATE employees\n        SET first_name = :first_name,\n            last_name = :last_name,\n            employee_code = :employee_code,\n            hire_date = :hire_date,\n            address = :address,\n            phone = :phone,\n            email = :email,\n            department_id = :department_id,\n            job_role_id = :job_role_id,\n            job_sub_role_id = :job_sub_role_id,\n            status = :status,\n            auth_user_id = :auth_user_id,\n            updated_at = NOW()\n        WHERE id = :employee_id\n    ");
    $stmt->execute([
        'first_name' => $firstName,
        'last_name' => $lastName,
        'employee_code' => $employeeCode !== '' ? $employeeCode : null,
        'hire_date' => $hireDate !== '' ? $hireDate : null,
        'address' => $address !== '' ? $address : null,
        'phone' => $phone !== '' ? $phone : null,
        'email' => $email !== '' ? $email : null,
        'department_id' => $departmentId,
        'job_role_id' => $primaryJobRoleId,
        'job_sub_role_id' => $primaryJobSubRoleId,
        'status' => $status,
        'auth_user_id' => $authUserId,
        'employee_id' => $employeeId,
    ]);

    $stmtDelete = $pdo->prepare('DELETE FROM employee_job_sub_roles WHERE employee_id = ?');
    $stmtDelete->execute([$employeeId]);

    if ($jobSubRoleIds) {
        $stmtInsert = $pdo->prepare("\n            INSERT INTO employee_job_sub_roles\n                (employee_id, job_sub_role_id, is_primary, created_at)\n            VALUES\n                (:employee_id, :job_sub_role_id, :is_primary, NOW())\n        ");

        foreach ($jobSubRoleIds as $index => $jobSubRoleId) {
            $stmtInsert->execute([
                'employee_id' => $employeeId,
                'job_sub_role_id' => (int)$jobSubRoleId,
                'is_primary' => $index === 0 ? 1 : 0,
            ]);
        }
    }

    if ($authUserId !== null && $roleId !== null) {
        $checkRole = $pdo->prepare('SELECT COUNT(*) FROM auth_roles WHERE id = ?');
        $checkRole->execute([$roleId]);

        if ((int)$checkRole->fetchColumn() > 0) {
            $stmtRole = $pdo->prepare('UPDATE auth_users SET role_id = :role_id, updated_at = NOW() WHERE id = :auth_user_id');
            $stmtRole->execute([
                'role_id' => $roleId,
                'auth_user_id' => $authUserId,
            ]);
        }
    }

    $pdo->commit();

    jsonResponse(['success' => true]);
} catch (Throwable $e) {
    if (isset($pdo) && $pdo->inTransaction()) {
        $pdo->rollBack();
    }

    jsonResponse([
        'success' => false,
        'message' => $e->getMessage(),
    ]);
}