<?php
/**
 * Dashboard Stats Endpoint (Role-Based & Tenant-Aware)
 */

use App\Core\Database;
use App\Middleware\AuthMiddleware;

// 1. Auth Check
$decoded = AuthMiddleware::check();
$db = Database::getInstance();

$tenantId = $decoded['tenant_id'];
$companyId = $decoded['company_id'] ?? null;
$role = $decoded['role'];

try {
    // 2. Build Query based on Role
    $where = "WHERE tenant_id = :tenant_id";
    $params = [':tenant_id' => $tenantId];

    // If accountant or employee restricted to a company
    if (($role === 'accountant' || $role === 'viewer') && $companyId) {
        $where .= " AND company_id = :company_id";
        $params[':company_id'] = $companyId;
    }

    // Total Invoices
    $stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where");
    $stmt->execute($params);
    $total = $stmt->fetchColumn();

    // Pending Invoices
    $stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where AND status = 'pending'");
    $stmt->execute($params);
    $pending = $stmt->fetchColumn();

    // Approved Invoices
    $stmt = $db->prepare("SELECT COUNT(*) FROM invoices $where AND status = 'approved'");
    $stmt->execute($params);
    $approved = $stmt->fetchColumn();

} catch (\Exception $e) {
    $total = 0;
    $pending = 0;
    $approved = 0;
}

json_success([
    'total' => $total,
    'pending' => $pending,
    'approved' => $approved
]);