<?php
require_once 'auth.php';
require_login(); // User must be logged in

require_once 'db/config.php';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $submission_id = $_POST['submission_id'] ?? null;
    $department = $_POST['department'] ?? null;
    $status = $_POST['status'] ?? null;

    $allowed_departments = [
        'identity',
        'passport',
        'criminal_record',
        'maritime',
        'maritime_criminal'
    ];

    if ($submission_id && $department && $status && in_array($department, $allowed_departments)) {
        $status_column = $department . '_status';

        $pdo = db();
        $stmt = $pdo->prepare("UPDATE submissions SET {$status_column} = ? WHERE id = ?");
        $stmt->execute([$status, $submission_id]);
    }
}

// Redirect back to the appropriate dashboard
$role = $_SESSION['role'] ?? '';
$redirect_url = 'login.php'; // Default redirect

if ($role === 'secretariat') {
    $redirect_url = 'dashboard.php';
} elseif ($role === 'identity_verification') {
    $redirect_url = 'identity_dashboard.php';
}
// Add more else-if for other department roles here in the future

header("Location: " . $redirect_url);
exit;