<?php
// api/add_office.php
header('Content-Type: application/json');
require_once '../db/config.php';
session_start();

// Authentication and Authorization check
if (!isset($_SESSION['user_id']) || $_SESSION['user_role'] !== 'super_admin') {
    echo json_encode(['success' => false, 'message' => 'Unauthorized']);
    exit;
}

// Basic validation
if (empty($_POST['nama_kantor']) || empty($_POST['tipe_kantor'])) {
    echo json_encode(['success' => false, 'message' => 'Nama kantor and tipe are required.']);
    exit;
}

$nama_kantor = $_POST['nama_kantor'];
$alamat = $_POST['alamat'] ?? null;
$tipe_kantor = $_POST['tipe_kantor'];

try {
    $sql = "INSERT INTO kantor (nama_kantor, alamat, tipe_kantor) VALUES (?, ?, ?)";
    $stmt = db()->prepare($sql);
    $stmt->execute([$nama_kantor, $alamat, $tipe_kantor]);

    echo json_encode(['success' => true, 'message' => 'Office added successfully.']);

} catch (PDOException $e) {
    echo json_encode(['success' => false, 'message' => 'Database error: ' . $e->getMessage()]);
}
?>