<?php
session_start();
require_once 'db/config.php';

if (!isset($_SESSION['user_id'])) {
    header('Location: login.php');
    exit;
}

if ($_SERVER['REQUEST_METHOD'] !== 'POST' || !isset($_POST['request_id']) || !isset($_POST['action'])) {
    header('Location: request_dashboard.php?error=invalid_request');
    exit;
}

$request_id = $_POST['request_id'];
$action = $_POST['action'];

try {
    $pdo = db();
    
    // Get the request details
    $stmt = $pdo->prepare('SELECT * FROM ChangeRequests WHERE id = ?');
    $stmt->execute([$request_id]);
    $request = $stmt->fetch();

    if (!$request) {
        header('Location: request_dashboard.php?error=not_found');
        exit;
    }

    // Authorization check
    $is_authorized = false;
    if (isset($_SESSION['role'])) {
        $user_role = $_SESSION['role'];
        $user_department = $_SESSION['department'] ?? null;
        $request_status = $request['status'];
        $pending_level = $request['approval_level_pending'];
        $request_department = $request['department_name'];

        if ($request_status === 'Pending Approval' && $user_role === $pending_level) {
            if ($user_role === 'Admin' || $user_department === $request_department) {
                $is_authorized = true;
            }
        }
    }

    if (!$is_authorized) {
        header('Location: request_dashboard.php?error=unauthorized');
        exit;
    }

    $next_approval_level = '';
    $new_status = '';
    $rejection_reason = null;

    if ($action === 'approve') {
        $current_level = $request['approval_level_pending'];
        $approval_flow = ['Dept Manager/GM', 'System Div Admin', 'Planning Dept', 'System GM'];
        $current_index = array_search($current_level, $approval_flow);

        if ($current_index !== false && $current_index < count($approval_flow) - 1) {
            $next_approval_level = $approval_flow[$current_index + 1];
            $new_status = 'Pending Approval';
        } else {
            $next_approval_level = 'None';
            $new_status = 'Approved';
        }
        $sql = 'UPDATE ChangeRequests SET status = ?, approval_level_pending = ? WHERE id = ?';
        $params = [$new_status, $next_approval_level, $request_id];

    } elseif ($action === 'reject') {
        $next_approval_level = $request['approval_level_pending'];
        $new_status = 'Rejected';
        $rejection_reason = $_POST['rejection_reason'] ?? '';

        $sql = 'UPDATE ChangeRequests SET status = ?, approval_level_pending = ?, rejection_reason = ? WHERE id = ?';
        $params = [$new_status, $next_approval_level, $rejection_reason, $request_id];
    }


    if (isset($sql)) {
        $stmt = $pdo->prepare($sql);
        $stmt->execute($params);
    }

    header('Location: request_dashboard.php?success=updated');
    exit;

} catch (PDOException $e) {
    header('Location: request_dashboard.php?error=db_error');
    exit;
}