<?php
session_start();
header('Content-Type: application/json');

if (!isset($_SESSION['user_id'])) {
    http_response_code(401);
    echo json_encode(['error' => 'User not authenticated']);
    exit;
}

require_once 'db/config.php';

// The scene ID must be passed as a URL parameter
$scene_id = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT);
if (!$scene_id) {
    http_response_code(400);
    echo json_encode(['error' => 'Scene ID is required.']);
    exit;
}

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405); // Method Not Allowed
    echo json_encode(['error' => 'POST method required.']);
    exit;
}

$request_body = file_get_contents('php://input');
$data = json_decode($request_body, true);
if (json_last_error() !== JSON_ERROR_NONE) {
    http_response_code(400);
    echo json_encode(['error' => 'Invalid JSON input.']);
    exit;
}

try {
    $pdo = db();
    
    // Fetch scene and project status to verify ownership and draft status
    $stmt = $pdo->prepare("
        SELECT s.project_id, p.status as project_status
        FROM scenes s
        JOIN projects p ON s.project_id = p.id
        WHERE s.id = ? AND s.user_id = ?
    ");
    $stmt->execute([$scene_id, $_SESSION['user_id']]);
    $scene_check = $stmt->fetch(PDO::FETCH_ASSOC);

    if (!$scene_check) {
        http_response_code(404);
        echo json_encode(['error' => 'Scene not found or permission denied.']);
        exit;
    }

    if ($scene_check['project_status'] !== 'draft') {
        http_response_code(403);
        echo json_encode(['error' => 'Project is not in draft status; scene cannot be edited.']);
        exit;
    }

    // Get new data from request body
    $description = trim($data['description'] ?? '');
    $duration = filter_var($data['duration'] ?? null, FILTER_VALIDATE_INT);
    $shot_type = trim($data['shot_type'] ?? '');
    
    // Basic validation
    if (empty($description) || !$duration || empty($shot_type)) {
        http_response_code(400);
        echo json_encode(['error' => 'Invalid input. All fields are required: description, duration, shot_type']);
        exit;
    }

    // Update the scene
    $stmt = $pdo->prepare("UPDATE scenes SET description = ?, duration = ?, shot_type = ? WHERE id = ?");
    $stmt->execute([$description, $duration, $shot_type, $scene_id]);
    
    // Fetch and return the updated scene
    $stmt = $pdo->prepare("SELECT * FROM scenes WHERE id = ?");
    $stmt->execute([$scene_id]);
    $updated_scene = $stmt->fetch(PDO::FETCH_ASSOC);

    echo json_encode($updated_scene);

} catch (PDOException $e) {
    http_response_code(500);
    // error_log("Database error: " . $e->getMessage());
    echo json_encode(['error' => 'Database error.']);
}