<?php
/**
 * Delete/Cancel Payment Request (Admin/Accountant)
 * POST /api/v1/payments/delete
 */

declare(strict_types=1);

use App\Core\Database;
use App\Middleware\AuthMiddleware;

try {
    $decoded = AuthMiddleware::check();
    $db = Database::getInstance();
    $tenantId = $decoded['tenant_id'];

    $data = json_decode(file_get_contents('php://input'), true);
    $paymentId = $data['payment_id'] ?? null;

    if (!$paymentId) {
        json_error('معرف طلب الدفع مطلوب.', 422);
    }

    // Only allow deleting PENDING requests
    $stmt = $db->prepare("SELECT id FROM payment_requests WHERE id = ? AND tenant_id = ? AND status = 'pending'");
    $stmt->execute([$paymentId, $tenantId]);
    $payment = $stmt->fetch();

    if (!$payment) {
        json_error('لا يمكن حذف هذا الطلب (قد يكون مقبولاً بالفعل أو غير موجود).', 404);
    }

    $stmt = $db->prepare("DELETE FROM payment_requests WHERE id = ? AND tenant_id = ?");
    $stmt->execute([$paymentId, $tenantId]);

    // Log deletion
    $logStmt = $db->prepare("INSERT INTO audit_logs (tenant_id, user_id, action, entity_type, entity_id) VALUES (?, ?, 'payment.deleted', 'payment', ?)");
    $logStmt->execute([$tenantId, $decoded['user_id'], $paymentId]);

    json_success([], 'تم إلغاء طلب الدفع بنجاح.');

} catch (\Throwable $e) {
    error_log("Payment Delete Error: " . $e->getMessage());
    json_error('حدث خطأ أثناء حذف طلب الدفع.', 500);
}