<?php
if (!defined('ABSPATH')) exit;

function kc_api_permission_check() {
    if (!is_user_logged_in()) {
        return new WP_Error(
            'kc_api_auth_required',
            'Authentifizierung erforderlich.',
            ['status' => 401]
        );
    }

    if (!current_user_can('manage_options')) {
        return new WP_Error(
            'kc_api_forbidden',
            'Keine Berechtigung für diese API.',
            ['status' => 403]
        );
    }

    return true;
}

function kc_api_get_wahlen(WP_REST_Request $request) {
    global $wpdb;
    $prefix = $wpdb->prefix;

    $rows = $wpdb->get_results("SELECT id, name, anzahl_einheiten, freigegeben FROM {$prefix}kc_wahlen WHERE deleted=0 ORDER BY id DESC");

    $data = [];
    foreach ((array) $rows as $row) {
        $data[] = [
            'id' => intval($row->id),
            'name' => (string) $row->name,
            'anzahl_einheiten' => max(1, intval($row->anzahl_einheiten)),
            'freigegeben' => intval($row->freigegeben) === 1,
        ];
    }

    return rest_ensure_response([
        'success' => true,
        'count' => count($data),
        'items' => $data,
    ]);
}

function kc_api_get_wahl_zuteilungen(WP_REST_Request $request) {
    global $wpdb;
    $prefix = $wpdb->prefix;

    $wahl_id = intval($request->get_param('id'));
    if ($wahl_id <= 0) {
        return new WP_Error('kc_api_invalid_id', 'Ungültige Wahl-ID.', ['status' => 400]);
    }

    $wahl = $wpdb->get_row($wpdb->prepare(
        "SELECT id, name, anzahl_einheiten FROM {$prefix}kc_wahlen WHERE id=%d AND deleted=0",
        $wahl_id
    ));

    if (!$wahl) {
        return new WP_Error('kc_api_wahl_not_found', 'Wahl nicht gefunden.', ['status' => 404]);
    }

    $rows = $wpdb->get_results($wpdb->prepare(
        "SELECT z.id, z.teilnehmer_id, z.vorname, z.nachname, z.phase, z.workshop_id, z.wunsch_rang, ws.name AS workshop_name
         FROM {$prefix}kc_zuteilung z
         LEFT JOIN {$prefix}kc_workshops ws ON ws.id = z.workshop_id
         WHERE z.wahl_id = %d
         ORDER BY z.phase ASC, z.nachname ASC, z.vorname ASC",
        $wahl_id
    ));

    $items = [];
    foreach ((array) $rows as $row) {
        $items[] = [
            'id' => intval($row->id),
            'teilnehmer_id' => intval($row->teilnehmer_id),
            'vorname' => (string) $row->vorname,
            'nachname' => (string) $row->nachname,
            'phase' => intval($row->phase),
            'workshop_id' => $row->workshop_id !== null ? intval($row->workshop_id) : null,
            'workshop_name' => $row->workshop_name !== null ? (string) $row->workshop_name : null,
            'wunsch_rang' => $row->wunsch_rang !== null ? intval($row->wunsch_rang) : null,
        ];
    }

    return rest_ensure_response([
        'success' => true,
        'wahl' => [
            'id' => intval($wahl->id),
            'name' => (string) $wahl->name,
            'anzahl_einheiten' => max(1, intval($wahl->anzahl_einheiten)),
        ],
        'count' => count($items),
        'items' => $items,
    ]);
}

add_action('rest_api_init', function() {
    register_rest_route('kc-internal/v1', '/wahlen', [
        'methods' => WP_REST_Server::READABLE,
        'callback' => 'kc_api_get_wahlen',
        'permission_callback' => 'kc_api_permission_check',
    ]);

    register_rest_route('kc-internal/v1', '/wahlen/(?P<id>\d+)/zuteilungen', [
        'methods' => WP_REST_Server::READABLE,
        'callback' => 'kc_api_get_wahl_zuteilungen',
        'permission_callback' => 'kc_api_permission_check',
        'args' => [
            'id' => [
                'validate_callback' => function($param) {
                    return is_numeric($param) && intval($param) > 0;
                }
            ]
        ],
    ]);
});

add_filter('rest_endpoints', function($endpoints) {
    if (current_user_can('manage_options')) {
        return $endpoints;
    }

    foreach ($endpoints as $route => $handlers) {
        if (strpos($route, '/kc-internal/v1/') === 0) {
            unset($endpoints[$route]);
        }
    }

    return $endpoints;
});