<?php
defined($security_key) or exit;

//------------------------------------------
// User Role Assignments
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);

//CONTENT FROM API (POST)
$post_content = json_decode($input,true);

//SET PARAMETERS FOR QUERY
$id = $post_content['rowID'] ?? '';
$date = date('Y-m-d H:i:s');

//------------------------------------------
// BATCH UPDATE - Update all roles for a user
//------------------------------------------
if (isset($post_content['batch_update']) && isset($post_content['user_id']) && isAllowed('user',$profile,$permission,'U') === 1){
    $user_id = $post_content['user_id'];
    $selected_roles = $post_content['roles'] ?? [];

    //Get currently assigned active roles
    $stmt = $pdo->prepare('SELECT role_id, rowID FROM user_role_assignments WHERE user_id = ? AND is_active = 1');
    $stmt->execute([$user_id]);
    $current_roles = [];
    while ($row = $stmt->fetch(PDO::FETCH_ASSOC)){
        $current_roles[$row['role_id']] = $row['rowID'];
    }

    //Remove roles that are no longer selected (soft delete)
    foreach ($current_roles as $role_id => $assignment_id){
        if (!in_array($role_id, $selected_roles)){
            $stmt = $pdo->prepare('UPDATE user_role_assignments SET is_active = 0, updatedby = ?, updated = ? WHERE rowID = ?');
            $stmt->execute([$username, $date, $assignment_id]);
        }
    }

    //Add new roles that are selected but not currently assigned
    foreach ($selected_roles as $role_id){
        if (!array_key_exists($role_id, $current_roles)){
            //Check if this user-role combination existed before (inactive)
            $stmt = $pdo->prepare('SELECT rowID FROM user_role_assignments WHERE user_id = ? AND role_id = ? AND is_active = 0 LIMIT 1');
            $stmt->execute([$user_id, $role_id]);
            $existing = $stmt->fetch(PDO::FETCH_ASSOC);

            if ($existing){
                //Reactivate existing assignment
                $stmt = $pdo->prepare('UPDATE user_role_assignments SET is_active = 1, assigned_by = ?, assigned_at = ?, updatedby = ?, updated = ? WHERE rowID = ?');
                $stmt->execute([$username, $date, $username, $date, $existing['rowID']]);
            } else {
                //Create new assignment
                $stmt = $pdo->prepare('INSERT INTO user_role_assignments (user_id, role_id, is_active, assigned_by, assigned_at, created, createdby) VALUES (?, ?, 1, ?, ?, ?, ?)');
                $stmt->execute([$user_id, $role_id, $username, $date, $date, $userkey]);
            }
        }
    }
}
//------------------------------------------
// SINGLE OPERATIONS (for backward compatibility or direct API calls)
//------------------------------------------
else {
    $command = ($id == '')? 'insert' : 'update';
    if (isset($post_content['delete'])){$command = 'delete';}

    //CREATE EMPTY STRINGS
    $clause = '';
    $clause_insert ='';
    $input_insert = '';
    $execute_input = [];
    $criterias = [];

    //ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
    if ($command == 'update'){
        $post_content['updatedby'] = $username;
        $post_content['updated'] = $date;
    }
    elseif ($command == 'insert'){
        $post_content['created'] = $date;
        $post_content['createdby'] = $username;
        $post_content['assigned_by'] = $username;
        $post_content['assigned_at'] = $date;
    }

    //CREAT NEW ARRAY AND MAP TO CLAUSE
    if(isset($post_content) && $post_content!=''){
        foreach ($post_content as $key => $var){
            if ($key == 'submit' || $key == 'rowID' || $key == 'delete' || $key == 'batch_update' || str_contains($key, 'old_')){
                //do nothing
            }
            else {
                $criterias[$key] = $var;
                $clause .= ' , '.$key.' = ?';
                $clause_insert .= ' , '.$key.'';
                $input_insert .= ', ?';
                $execute_input[]= $var;
            }
        }
    }

    //CLEAN UP INPUT
    $clause = substr($clause, 2);
    $clause_insert = substr($clause_insert, 2);
    $input_insert = substr($input_insert, 1);

    //QUERY AND VERIFY ALLOWED
    if ($command == 'update' && isAllowed('user',$profile,$permission,'U') === 1){
        $sql = 'UPDATE user_role_assignments SET '.$clause.' WHERE rowID = ?';
        $execute_input[] = $id;
        $stmt = $pdo->prepare($sql);
        $stmt->execute($execute_input);
    }
    elseif ($command == 'insert' && isAllowed('user',$profile,$permission,'C') === 1){
        //Check if this user-role combination already exists (including inactive ones)
        $stmt = $pdo->prepare('SELECT rowID, is_active FROM user_role_assignments WHERE user_id = ? AND role_id = ? LIMIT 1');
        $stmt->execute([$post_content['user_id'], $post_content['role_id']]);
        $existing = $stmt->fetch(PDO::FETCH_ASSOC);

        if ($existing){
            //If exists but inactive, reactivate it
            if ($existing['is_active'] == 0){
                $stmt = $pdo->prepare('UPDATE user_role_assignments SET is_active = 1, assigned_by = ?, assigned_at = ?, updatedby = ?, updated = ? WHERE rowID = ?');
                $stmt->execute([$username, $date, $username, $date, $existing['rowID']]);
            }
            //If already active, do nothing (or could throw an error)
        } else {
            //Insert new assignment
            $sql = 'INSERT INTO user_role_assignments ('.$clause_insert.') VALUES ('.$input_insert.')';
            $stmt = $pdo->prepare($sql);
            $stmt->execute($execute_input);
        }
    }
    elseif ($command == 'delete' && isAllowed('user',$profile,$permission,'D') === 1){
        //Soft delete by setting is_active to 0
        $stmt = $pdo->prepare('UPDATE user_role_assignments SET is_active = 0, updatedby = ?, updated = ? WHERE rowID = ?');
        $stmt->execute([$username, $date, $id]);
    }
}

?>