<?php
// api/get_users.php
header('Content-Type: application/json');
require_once '../db/config.php';
session_start();

// Authentication and Authorization check
if (!isset($_SESSION['user_id']) || $_SESSION['user_role'] !== 'super_admin') {
    echo json_encode(['success' => false, 'message' => 'Unauthorized']);
    exit;
}

try {
    $sql = "SELECT u.id, u.nama_lengkap, u.email, u.role, u.created_at, k.nama_kantor 
            FROM users u 
            LEFT JOIN kantor k ON u.id_kantor = k.id 
            ORDER BY u.nama_lengkap ASC";
    $stmt = db()->query($sql);
    $users = $stmt->fetchAll(PDO::FETCH_ASSOC);

    echo json_encode(['success' => true, 'users' => $users]);

} catch (PDOException $e) {
    echo json_encode(['success' => false, 'message' => 'Database error: ' . $e->getMessage()]);
}
?>