<?php
header('Content-Type: application/json');
require_once __DIR__ . '/../db/config.php';
session_start();

if (!isset($_SESSION['user_id']) || $_SESSION['role'] !== 'admin') {
    http_response_code(403); // Forbidden
    echo json_encode(['error' => 'You do not have permission to view this content.']);
    exit;
}

$sale_id = $_GET['id'] ?? 0;

if (empty($sale_id)) {
    http_response_code(400); // Bad Request
    echo json_encode(['error' => 'Invalid Sale ID.']);
    exit;
}

try {
    $pdo = db();

    // Fetch main sale info
    $stmt = $pdo->prepare(
        "SELECT s.id, s.receipt_number, s.total_amount, s.tax_amount, s.created_at, u.username as cashier_name
         FROM sales s
         LEFT JOIN users u ON s.user_id = u.id
         WHERE s.id = ?"
    );
    $stmt->execute([$sale_id]);
    $sale = $stmt->fetch();

    if (!$sale) {
        http_response_code(404); // Not Found
        echo json_encode(['error' => 'Sale not found.']);
        exit;
    }

    // Fetch sale items
    $items_stmt = $pdo->prepare(
        "SELECT si.quantity, si.price_at_sale, p.name as product_name
         FROM sale_items si
         JOIN products p ON si.product_id = p.id
         WHERE si.sale_id = ?"
    );
    $items_stmt->execute([$sale_id]);
    $items = $items_stmt->fetchAll();

    $sale['items'] = $items;

    echo json_encode($sale);

} catch (PDOException $e) {
    http_response_code(500);
    echo json_encode(['error' => 'Database error: ' . $e->getMessage()]);
}
?>