<?php

namespace ppa\Model;
use ppa\Model\ParticipantModel;
use PDOException;

class NotesModel extends Database
{
    public function selectNotesForUser($userid, $isAdmin = false, $sortBy = 'updated_at', $sortOrder = 'DESC')
    {
        $pdo = $this->linkDB();
        $erg = array();

        // Whitelist of allowed sort columns
        $allowedSortColumns = ['id', 'title', 'owner_username', 'updated_at'];
        $allowedSortOrders = ['ASC', 'DESC'];
        
        $sortBy = in_array($sortBy, $allowedSortColumns) ? $sortBy : 'updated_at';
        $sortOrder = in_array(strtoupper($sortOrder), $allowedSortOrders) ? strtoupper($sortOrder) : 'DESC';
        
        try {
            if ($isAdmin) {
                $sql = "SELECT n.*, u.username AS owner_username 
                    FROM notes n 
                    JOIN users u ON n.user_id = u.id 
                    ORDER BY {$sortBy} {$sortOrder}";
                $stmt = $pdo->prepare($sql);
                $stmt->execute();
            } else {
                $sql = "SELECT id, title, content, created_at, updated_at 
                    FROM notes 
                    WHERE user_id = :userid
                    ORDER BY {$sortBy} {$sortOrder}";
                $stmt = $pdo->prepare($sql);
                $stmt->execute(['userid' => $userid]);
            }
            
            $erg = $stmt->fetchAll(\PDO::FETCH_ASSOC);
            return $erg;
            
        } catch (PDOException $e) {
            error_log("Database Error in selectNotesForUser: " . $e->getMessage());
            return false;
        }
    }
}