<?php
error_reporting(0);
ini_set('display_errors', '0');
require_once __DIR__ . '/../config/auth.php';
$user = require_auth();

$db     = db();
$action = $_POST['action'] ?? $_GET['action'] ?? 'list';
$id     = (int)($_POST['id'] ?? $_GET['id'] ?? 0);

try {

switch ($action) {

    // ── Assessments ──────────────────────────────────────────────────────────

    case 'list':
        $search = '%' . trim($_GET['search'] ?? '') . '%';
        $stmt = $db->prepare('SELECT * FROM assessments WHERE assessments_name LIKE ? ORDER BY assessments_name ASC');
        $stmt->execute([$search]);
        json_success(['assessments' => $stmt->fetchAll()]);
        break;

    case 'get':
        if (!$id) json_error('ID required');
        $stmt = $db->prepare('SELECT * FROM assessments WHERE record_id=?');
        $stmt->execute([$id]);
        $ass = $stmt->fetch();
        if (!$ass) json_error('Not found', 404);

        // Sections + questions
        $sec_stmt = $db->prepare('SELECT * FROM assessment_sections WHERE assessment_id=? ORDER BY record_id ASC');
        $sec_stmt->execute([$id]);
        $sections = $sec_stmt->fetchAll();

        foreach ($sections as &$sec) {
            $q_stmt = $db->prepare('SELECT * FROM assessment_questions WHERE assessment_section_id=? ORDER BY record_id ASC');
            $q_stmt->execute([$sec['record_id']]);
            $sec['questions'] = $q_stmt->fetchAll();
        }
        $ass['sections'] = $sections;
        json_success(['assessment' => $ass]);
        break;

    case 'create':
        require_admin($user);
        $name     = trim($_POST['assessments_name'] ?? '');
        $expiry   = trim($_POST['expiry'] ?? '36');
        $info     = trim($_POST['assessment_info'] ?? '');
        $nqf      = (int)($_POST['nqf_level'] ?? 0);
        $credits  = (int)($_POST['credits'] ?? 0);
        $passmark = trim($_POST['passmark'] ?? '0.8');
        if (empty($name)) json_error('Assessment name required');
        $db->prepare('INSERT INTO assessments (assessments_name,expiry,assessment_info,nqf_level,credits,passmark) VALUES (?,?,?,?,?,?)')->execute([$name,$expiry,$info,$nqf,$credits,$passmark]);
        json_success(['id' => $db->lastInsertId()], 'Assessment created');
        break;

    case 'update':
        require_admin($user);
        if (!$id) json_error('ID required');
        $db->prepare('UPDATE assessments SET assessments_name=?,expiry=?,assessment_info=?,nqf_level=?,credits=?,passmark=? WHERE record_id=?')
           ->execute([
               $_POST['assessments_name'] ?? '',
               $_POST['expiry'] ?? '36',
               $_POST['assessment_info'] ?? '',
               (int)($_POST['nqf_level'] ?? 0),
               (int)($_POST['credits'] ?? 0),
               $_POST['passmark'] ?? '0.8',
               $id
           ]);
        json_success([], 'Assessment updated');
        break;

    case 'delete':
        require_admin($user);
        if (!$id) json_error('ID required');
        $db->prepare('DELETE FROM assessments WHERE record_id=?')->execute([$id]);
        $db->prepare('DELETE FROM assessment_sections WHERE assessment_id=?')->execute([$id]);
        json_success([], 'Assessment deleted');
        break;

    // ── Sections ─────────────────────────────────────────────────────────────

    case 'add_section':
        $ass_id      = (int)($_POST['assessment_id'] ?? 0);
        $section_name = trim($_POST['section_name'] ?? '');
        if (!$ass_id || empty($section_name)) json_error('assessment_id and section_name required');
        $db->prepare('INSERT INTO assessment_sections (assessment_id,section_name) VALUES (?,?)')->execute([$ass_id,$section_name]);
        json_success(['id' => $db->lastInsertId()], 'Section added');
        break;

    case 'update_section':
        $sec_id      = (int)($_POST['section_id'] ?? 0);
        $section_name = trim($_POST['section_name'] ?? '');
        if (!$sec_id || empty($section_name)) json_error('section_id and section_name required');
        $db->prepare('UPDATE assessment_sections SET section_name=? WHERE record_id=?')->execute([$section_name,$sec_id]);
        json_success([], 'Section updated');
        break;

    case 'delete_section':
        $sec_id = (int)($_POST['section_id'] ?? 0);
        if (!$sec_id) json_error('section_id required');
        $db->prepare('DELETE FROM assessment_sections WHERE record_id=?')->execute([$sec_id]);
        $db->prepare('DELETE FROM assessment_questions WHERE assessment_section_id=?')->execute([$sec_id]);
        json_success([], 'Section deleted');
        break;

    // ── Questions ─────────────────────────────────────────────────────────────

    case 'add_question':
        $sec_id   = (int)($_POST['assessment_section_id'] ?? 0);
        $question = trim($_POST['question'] ?? '');
        if (!$sec_id || empty($question)) json_error('assessment_section_id and question required');
        $db->prepare('INSERT INTO assessment_questions (assessment_section_id,question) VALUES (?,?)')->execute([$sec_id,$question]);
        json_success(['id' => $db->lastInsertId()], 'Question added');
        break;

    case 'update_question':
        $q_id     = (int)($_POST['question_id'] ?? 0);
        $question = trim($_POST['question'] ?? '');
        if (!$q_id || empty($question)) json_error('question_id and question required');
        $db->prepare('UPDATE assessment_questions SET question=? WHERE record_id=?')->execute([$question,$q_id]);
        json_success([], 'Question updated');
        break;

    case 'delete_question':
        $q_id = (int)($_POST['question_id'] ?? 0);
        if (!$q_id) json_error('question_id required');
        $db->prepare('DELETE FROM assessment_questions WHERE record_id=?')->execute([$q_id]);
        json_success([], 'Question deleted');
        break;

    default:
        json_error('Unknown action');
}
} catch (Throwable $e) {
    json_error('DB error: ' . $e->getMessage() . ' in ' . basename($e->getFile()) . ':' . $e->getLine(), 500);
}