<?php

namespace ppa\Model;
use ppa\Model\ParticipantModel;
use PDOException;

class NotesModel extends Database
{
    public function selectNotesForUser($userid, $isAdmin = false, $sortBy = 'updated_at', $sortOrder = 'DESC')
    {
        $pdo = $this->linkDB();
        $erg = array();

        // Whitelist of allowed sort columns
        $allowedSortColumns = ['id', 'title', 'owner_username', 'updated_at'];
        $allowedSortOrders = ['ASC', 'DESC'];
        
        $sortBy = in_array($sortBy, $allowedSortColumns) ? $sortBy : 'updated_at';
        $sortOrder = in_array(strtoupper($sortOrder), $allowedSortOrders) ? strtoupper($sortOrder) : 'DESC';
        
        try {
            if ($isAdmin) {
                $sql = "SELECT n.*, u.username AS owner_username 
                    FROM notes n 
                    JOIN users u ON n.user_id = u.id 
                    ORDER BY {$sortBy} {$sortOrder}";
                $stmt = $pdo->prepare($sql);
                $stmt->execute();
            } else {
                $sql = "SELECT id, title, content, created_at, updated_at 
                    FROM notes 
                    WHERE user_id = :userid
                    ORDER BY {$sortBy} {$sortOrder}";
                $stmt = $pdo->prepare($sql);
                $stmt->execute(['userid' => $userid]);
            }
            
            $erg = $stmt->fetchAll(\PDO::FETCH_ASSOC);
            return $erg;
            
        } catch (PDOException $e) {
            error_log("Database Error in selectNotesForUser: " . $e->getMessage());
            return false;
        }
    }

    function getNoteById($noteId) {
        $pdo = $this->linkDB();
        if (!$pdo) return null;
        try {
            if ($_SESSION['role'] === 'admin') { // Admin can fetch any note
                $stmt = $pdo->prepare("SELECT n.*, u.username as owner_username FROM notes n JOIN users u ON n.user_id = u.id WHERE n.id = ?");
                $stmt->execute([$noteId]);
            } else { // Regular user can only fetch their own notes
                $stmt = $pdo->prepare("SELECT * FROM notes WHERE id = ? AND user_id = ?");
                $stmt->execute([$noteId, $_SESSION['user_id']]);
            }
            return $stmt->fetch();
        } catch (PDOException $e) {
            error_log("Get Note Error: " . $e->getMessage());
            return null;
        }
    }

    function createNote($title, $content, $userId) {
        $pdo = $this->linkDB();
        if (!$pdo) return ['success' => false, 'message' => 'Database error.'];
        if (empty(trim($title))) return ['success' => false, 'message' => 'Title is required.'];
        try {
            $stmt = $pdo->prepare("INSERT INTO notes (user_id, title, content) VALUES (?, ?, ?)");
            $stmt->execute([$userId, trim($title), $content]); // user_id is current session user
            return ['success' => true, 'message' => 'Note created successfully.'];
        } catch (PDOException $e) {
            error_log("Create Note Error: " . $e->getMessage());
            return ['success' => false, 'message' => 'Failed to create note.'];
        }
    }

    function editNote($noteId, $title, $content, $userId) {
        $pdo = $this->linkDB();
        if (!$pdo) return ['success' => false, 'message' => 'Database error.'];
        if (empty(trim($title))) return ['success' => false, 'message' => 'Title is required.'];
        try {
            if ($this->isAdmin()) { // Admin can update any note, user_id for record not changed
                $stmt = $pdo->prepare("UPDATE notes SET title = ?, content = ? WHERE id = ?");
                $params = [trim($title), $content, $noteId];
            } else { // User can only update their own note
                $stmt = $pdo->prepare("UPDATE notes SET title = ?, content = ? WHERE id = ? AND user_id = ?");
                $params = [trim($title), $content, $noteId, $userId];
            }
            $stmt->execute($params);
    
            if ($stmt->rowCount() > 0) {
                return ['success' => true, 'message' => 'Note updated successfully.'];
            }
            // Check if note exists if rowCount is 0
            $checkStmt = $this->isAdmin() ? $pdo->prepare("SELECT id FROM notes WHERE id=?") : $pdo->prepare("SELECT id FROM notes WHERE id=? AND user_id=?");
            $checkParams = $this->isAdmin() ? [$noteId] : [$noteId, $userId];
            $checkStmt->execute($checkParams);
            if ($checkStmt->fetch()) {
                return ['success' => true, 'message' => 'No changes made to the note.']; 
            }
            return ['success' => false, 'message' => 'Note not found or permission denied.'];
        } catch (PDOException $e) {
            error_log("Update Note Error: " . $e->getMessage());
            return ['success' => false, 'message' => 'Failed to update note.'];
        }
    }
    
    function deleteNote($noteId, $userId) {
        $pdo = $this->linkDB();
        if (!$pdo) return ['success' => false, 'message' => 'Database error.'];
        try {
            if ($this->isAdmin()) { // Admin can delete any note
                $stmt = $pdo->prepare("DELETE FROM notes WHERE id = ?");
                $params = [$noteId];
            } else { // User can only delete their own note
                $stmt = $pdo->prepare("DELETE FROM notes WHERE id = ? AND user_id = ?");
                $params = [$noteId, $userId];
            }
            $stmt->execute($params);
    
            if ($stmt->rowCount() > 0) {
                return ['success' => true, 'message' => 'Note deleted successfully.'];
            }
            return ['success' => false, 'message' => 'Note not found or permission denied.'];
        } catch (PDOException $e) {
            error_log("Delete Note Error: " . $e->getMessage());
            return ['success' => false, 'message' => 'Failed to delete note.'];
        }
    }

    function isLoggedIn() {
        return isset($_SESSION['user_id']);
    }
    
    function isAdmin() {
        return $this->isLoggedIn() && isset($_SESSION['role']) && $_SESSION['role'] === 'admin';
    }
}