<?php
session_start();
if (!isset($_SESSION['user_id'])) {
    http_response_code(403);
    echo json_encode(['success' => false, 'message' => 'No autorizado']);
    exit;
}

$user_role = $_SESSION['user_role'] ?? '';
if ($user_role !== 'Administrador' && $user_role !== 'admin') {
    http_response_code(403);
    echo json_encode(['success' => false, 'message' => 'No autorizado']);
    exit;
}

require_once 'db/config.php';

$data = json_decode(file_get_contents('php://input'), true);

if (!$data) {
    http_response_code(400);
    echo json_encode(['success' => false, 'message' => 'No se recibieron datos']);
    exit;
}

$action = $data['action'] ?? '';
$pdo = db();

try {
    if ($action === 'create') {
        $stmt = $pdo->prepare("INSERT INTO operaciones_provincia (cliente) VALUES ('')");
        $stmt->execute();
        echo json_encode(['success' => true, 'id' => $pdo->lastInsertId()]);
    } elseif ($action === 'update') {
        $id = $data['id'];
        $column = $data['column'];
        $value = $data['value'];

        $allowed_columns = [
            'cliente', 'celular', 'producto', 'monto_total', 
            'monto_debe', 'nro_operacion', 'banco', 'fecha_completado', 'asesor'
        ];

        if (!in_array($column, $allowed_columns)) {
            throw new Exception("Columna no permitida");
        }

        // Convert date format if column is fecha_completado
        if ($column === 'fecha_completado' && !empty($value)) {
            // Try to parse d/m/Y H:i:s
            $d = DateTime::createFromFormat('d/m/Y H:i:s', $value);
            if ($d && $d->format('d/m/Y H:i:s') === $value) {
                $value = $d->format('Y-m-d H:i:s');
            } else {
                // Try d/m/Y
                $d = DateTime::createFromFormat('d/m/Y', $value);
                if ($d && $d->format('d/m/Y') === $value) {
                    $value = $d->format('Y-m-d 00:00:00');
                }
            }
        }

        $stmt = $pdo->prepare("UPDATE operaciones_provincia SET $column = :value WHERE id = :id");
        $stmt->execute(['value' => $value, 'id' => $id]);
        echo json_encode(['success' => true]);
    } elseif ($action === 'delete') {
        $id = $data['id'];
        $stmt = $pdo->prepare("DELETE FROM operaciones_provincia WHERE id = :id");
        $stmt->execute(['id' => $id]);
        echo json_encode(['success' => true]);
    } else {
        throw new Exception("Acción no válida");
    }
} catch (Exception $e) {
    http_response_code(500);
    echo json_encode(['success' => false, 'message' => $e->getMessage()]);
}
?>