<?php
session_start();
require_once 'db/config.php';

if (!isset($_SESSION['user_id']) || !$_SESSION['is_admin']) {
    header('Location: index.php');
    exit;
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $permissions = $_POST['permissions'];
    $pdo = db();

    foreach ($permissions as $user_id => $perms) {
        $can_view = isset($perms['can_view']) ? 1 : 0;
        $can_add = isset($perms['can_add']) ? 1 : 0;
        $can_delete = isset($perms['can_delete']) ? 1 : 0;
        $can_edit = isset($perms['can_edit']) ? 1 : 0;

        $stmt = $pdo->prepare("
            UPDATE users 
            SET can_view = ?, can_add = ?, can_delete = ?, can_edit = ?
            WHERE id = ?
        ");
        $stmt->execute([$can_view, $can_add, $can_delete, $can_edit, $user_id]);
    }

    header('Location: admin.php');
    exit;
}
?>