<?php
header('Content-Type: application/json');
require_once 'auth/session.php';
requireLogin();

$user_id = $_SESSION['user_id'];
$data = json_decode(file_get_contents('php://input'), true) ?? $_POST;

if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    $channel_id = $_GET['channel_id'] ?? 0;
    
    // Get server_id for this channel
    $stmt = db()->prepare("SELECT server_id FROM channels WHERE id = ?");
    $stmt->execute([$channel_id]);
    $channel = $stmt->fetch();
    $server_id = $channel['server_id'] ?? 0;

    // Ensure @everyone role exists for this server
    $stmt = db()->prepare("SELECT id FROM roles WHERE server_id = ? AND (LOWER(name) = '@everyone' OR LOWER(name) = 'everyone') LIMIT 1");
    $stmt->execute([$server_id]);
    $everyone = $stmt->fetch();
    if (!$everyone && $server_id) {
        $stmt = db()->prepare("INSERT INTO roles (server_id, name, color, permissions, position) VALUES (?, '@everyone', '#99aab5', 0, 0)");
        $stmt->execute([$server_id]);
        $everyone_role_id = db()->lastInsertId();
    } else {
        $everyone_role_id = $everyone['id'] ?? 0;
    }

    // Fetch permissions for this channel (roles and users)
    $stmt = db()->prepare("
        SELECT cp.*, r.name as role_name, r.color as role_color, 
               u.display_name as member_name, u.avatar_url as member_avatar
        FROM channel_permissions cp 
        LEFT JOIN roles r ON cp.role_id = r.id 
        LEFT JOIN users u ON cp.user_id = u.id
        WHERE cp.channel_id = ?
    ");
    $stmt->execute([$channel_id]);
    $permissions = [];
    while($row = $stmt->fetch()) {
        if ($row['user_id']) {
            $row['display_name'] = $row['member_name'] ?? 'Unknown Member';
            $row['type'] = 'member';
        } else {
            $row['display_name'] = $row['role_name'] ?? 'Unknown Role';
            $row['type'] = 'role';
        }
        $permissions[] = $row;
    }

    // Check if @everyone is in permissions, if not add it manually to show up by default
    $has_everyone = false;
    foreach($permissions as $p) {
        if ($p['role_id'] == $everyone_role_id) {
            $has_everyone = true;
            break;
        }
    }

    if (!$has_everyone && $everyone_role_id > 0) {
        $stmt = db()->prepare("SELECT name, color FROM roles WHERE id = ?");
        $stmt->execute([$everyone_role_id]);
        $r = $stmt->fetch();
        if ($r) {
            array_unshift($permissions, [
                'channel_id' => (int)$channel_id,
                'role_id' => (int)$everyone_role_id,
                'user_id' => null,
                'allow_permissions' => 0,
                'deny_permissions' => 0,
                'role_name' => $r['name'],
                'role_color' => $r['color'],
                'display_name' => $r['name'],
                'type' => 'role'
            ]);
        }
    }

    echo json_encode(['success' => true, 'permissions' => $permissions]);
    exit;
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $channel_id = $data['channel_id'] ?? 0;
    $role_id = $data['role_id'] ?? null;
    $target_user_id = $data['user_id'] ?? null;
    $allow = $data['allow'] ?? 0;
    $deny = $data['deny'] ?? 0;

    if (!$role_id && !$target_user_id) {
        echo json_encode(['success' => false, 'error' => 'Missing role_id or user_id']);
        exit;
    }

    // Check permissions: Owner or MANAGE_CHANNELS or ADMINISTRATOR
    require_once 'includes/permissions.php';
    $stmt = db()->prepare("SELECT server_id FROM channels WHERE id = ?");
    $stmt->execute([$channel_id]);
    $ch = $stmt->fetch();
    $server_id = $ch['server_id'] ?? 0;

    $stmt = db()->prepare("SELECT owner_id FROM servers WHERE id = ?");
    $stmt->execute([$server_id]);
    $server = $stmt->fetch();

    $is_owner = ($server && $server['owner_id'] == $user_id);
    $can_manage = Permissions::hasPermission($user_id, $server_id, Permissions::MANAGE_CHANNELS) || 
                  Permissions::hasPermission($user_id, $server_id, Permissions::ADMINISTRATOR);

    if ($is_owner || $can_manage) {
        $stmt = db()->prepare("
            INSERT INTO channel_permissions (channel_id, role_id, user_id, allow_permissions, deny_permissions) 
            VALUES (?, ?, ?, ?, ?) 
            ON DUPLICATE KEY UPDATE allow_permissions = VALUES(allow_permissions), deny_permissions = VALUES(deny_permissions)
        ");
        $stmt->execute([$channel_id, $role_id, $target_user_id, $allow, $deny]);
        echo json_encode(['success' => true]);
    } else {
        echo json_encode(['success' => false, 'error' => 'Unauthorized']);
    }
    exit;
}

if ($_SERVER['REQUEST_METHOD'] === 'DELETE') {
    $channel_id = $data['channel_id'] ?? 0;
    $role_id = $data['role_id'] ?? null;
    $target_user_id = $data['user_id'] ?? null;

    // Check permissions
    require_once 'includes/permissions.php';
    $stmt = db()->prepare("SELECT server_id FROM channels WHERE id = ?");
    $stmt->execute([$channel_id]);
    $ch = $stmt->fetch();
    $server_id = $ch['server_id'] ?? 0;

    $stmt = db()->prepare("SELECT owner_id FROM servers WHERE id = ?");
    $stmt->execute([$server_id]);
    $server = $stmt->fetch();

    $is_owner = ($server && $server['owner_id'] == $user_id);
    $can_manage = Permissions::hasPermission($user_id, $server_id, Permissions::MANAGE_CHANNELS) || 
                  Permissions::hasPermission($user_id, $server_id, Permissions::ADMINISTRATOR);

    if ($is_owner || $can_manage) {
        if ($role_id !== null) {
            $stmt = db()->prepare("DELETE FROM channel_permissions WHERE channel_id = ? AND role_id = ? AND user_id IS NULL");
            $stmt->execute([$channel_id, $role_id]);
        } else if ($target_user_id !== null) {
            $stmt = db()->prepare("DELETE FROM channel_permissions WHERE channel_id = ? AND user_id = ? AND role_id IS NULL");
            $stmt->execute([$channel_id, $target_user_id]);
        }
        echo json_encode(['success' => true]);
    } else {
        echo json_encode(['success' => false, 'error' => 'Unauthorized']);
    }
    exit;
}