<?php
require_once 'includes/config.php';
require_once 'includes/auth.php';
require_once 'includes/db.php';

header('Content-Type: application/json');

try {
    $auth = new Auth();
    if (!$auth->isLoggedIn()) {
        throw new Exception('Unauthorized');
    }

    $input = json_decode(file_get_contents('php://input'), true);
    
    if (!isset($input['id']) || !isset($input['status'])) {
        throw new Exception('Missing required parameters');
    }

    $id = (int)$input['id'];
    $status = $input['status'];

    // Validate status
    if (!in_array($status, ['pending', 'approved', 'declined'])) {
        throw new Exception('Invalid status');
    }

    $db = Database::getInstance();

    // Update directive status
    $stmt = $db->prepare("
        UPDATE panel_directives 
        SET status = ?, updated_at = NOW() 
        WHERE id = ?
    ");
    $stmt->bind_param('si', $status, $id);
    
    if (!$stmt->execute()) {
        throw new Exception('Failed to update directive status');
    }

    if ($stmt->affected_rows === 0) {
        throw new Exception('Directive not found');
    }

    echo json_encode([
        'success' => true,
        'message' => 'Directive status updated successfully'
    ]);

} catch (Exception $e) {
    http_response_code(500);
    echo json_encode([
        'success' => false,
        'error' => $e->getMessage()
    ]);
}
?>