<?php
require_once __DIR__ . '/../db/config.php';
session_start();
header('Content-Type: application/json');

$response = ['success' => false, 'message' => 'Permission denied.'];

if ($_SERVER['REQUEST_METHOD'] !== 'POST' || !isset($_SESSION['user_id']) || $_SESSION['role'] !== 'admin') {
    echo json_encode($response);
    exit;
}

$id = $_POST['id'] ?? null;

if (empty($id)) {
    $response['message'] = 'Invalid product ID.';
    echo json_encode($response);
    exit;
}

try {
    $pdo = db();
    $stmt = $pdo->prepare("DELETE FROM products WHERE id = ?");
    $stmt->execute([$id]);
    if ($stmt->rowCount() > 0) {
        $response['success'] = true;
        $response['message'] = 'Product deleted successfully!';
    } else {
        $response['message'] = 'Product not found or already deleted.';
    }
} catch (PDOException $e) {
    error_log("Product deletion failed: " . $e->getMessage());
    $response['message'] = 'Failed to delete product.';
}

echo json_encode($response);
exit;