<?php
require_once '../db/config.php';
session_start();

// Basic security checks
if (!isset($_SESSION['user_id'])) {
    http_response_code(403);
    echo json_encode(['success' => false, 'message' => 'Akses ditolak.']);
    exit;
}

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    echo json_encode(['success' => false, 'message' => 'Metode tidak diizinkan.']);
    exit;
}

$data = json_decode(file_get_contents('php://input'), true);
$assetId = $data['id'] ?? null;

if (!$assetId) {
    http_response_code(400);
    echo json_encode(['success' => false, 'message' => 'ID Aset tidak valid.']);
    exit;
}

try {
    $pdo = db();
    $stmt = $pdo->prepare("DELETE FROM aset WHERE id = ?");
    $stmt->execute([$assetId]);

    if ($stmt->rowCount() > 0) {
        echo json_encode(['success' => true, 'message' => 'Aset berhasil dihapus.']);
    } else {
        http_response_code(404);
        echo json_encode(['success' => false, 'message' => 'Aset tidak ditemukan.']);
    }
} catch (PDOException $e) {
    http_response_code(500);
    // In production, log this error instead of echoing it.
    echo json_encode(['success' => false, 'message' => 'Gagal menghapus aset: ' . $e->getMessage()]);
}