<?php
declare(strict_types=1);

require __DIR__ . '/_common.php';

require_login();

$me = current_admin();
if (!$me) {
    json_response(['ok' => false, 'error' => 'Unauthorized'], 401);
}

$method = $_SERVER['REQUEST_METHOD'];

if ($method === 'GET') {
    $list = array_map('strip_admin', read_store()['admins'] ?? []);
    json_response(['ok' => true, 'admins' => $list]);
}

if (!is_super($me)) {
    json_response(['ok' => false, 'error' => 'เฉพาะ super admin จัดการบัญชีแอดมินได้'], 403);
}

if ($method === 'POST') {
    $body = require_json_body();
    $username = trim((string)($body['username'] ?? ''));
    $password = (string)($body['password'] ?? '');
    $role = ($body['role'] ?? 'admin') === 'super' ? 'super' : 'admin';
    if ($role === 'super' && !is_super($me)) {
        json_response(['ok' => false, 'error' => 'สร้าง super admin ได้เฉพาะ super เท่านั้น'], 403);
    }
    if ($username === '' || strlen($username) < 2) {
        json_response(['ok' => false, 'error' => 'ชื่อผู้ใช้สั้นเกินไป'], 400);
    }
    if (strlen($password) < 8) {
        json_response(['ok' => false, 'error' => 'รหัสผ่านอย่างน้อย 8 ตัวอักษร'], 400);
    }
    $store = read_store();
    foreach ($store['admins'] ?? [] as $x) {
        if (strcasecmp($x['username'] ?? '', $username) === 0) {
            json_response(['ok' => false, 'error' => 'ชื่อผู้ใช้ซ้ำ'], 400);
        }
    }
    $store['admins'][] = [
        'id' => new_id(),
        'username' => $username,
        'passwordHash' => password_hash($password, PASSWORD_DEFAULT),
        'role' => $role,
        'createdAt' => gmdate('c'),
    ];
    if (!write_store($store)) {
        json_response(['ok' => false, 'error' => 'บันทึกไม่สำเร็จ'], 500);
    }
    json_response(['ok' => true]);
}

if ($method === 'PATCH') {
    $body = require_json_body();
    $targetId = trim((string)($body['id'] ?? ''));
    $newPassword = (string)($body['newPassword'] ?? '');
    if ($targetId === '') {
        json_response(['ok' => false, 'error' => 'ระบุ id แอดมิน'], 400);
    }
    if (strlen($newPassword) < 8) {
        json_response(['ok' => false, 'error' => 'รหัสใหม่อย่างน้อย 8 ตัวอักษร'], 400);
    }
    if ($targetId === $me['id']) {
        json_response(['ok' => false, 'error' => 'เปลี่ยนรหัสตัวเองให้ใช้เมนู "เปลี่ยนรหัสผ่านของคุณ"'], 400);
    }
    $store = read_store();
    $updated = false;
    foreach ($store['admins'] ?? [] as $i => $a) {
        if (($a['id'] ?? '') !== $targetId) {
            continue;
        }
        $store['admins'][$i]['passwordHash'] = password_hash($newPassword, PASSWORD_DEFAULT);
        $updated = true;
        break;
    }
    if (!$updated) {
        json_response(['ok' => false, 'error' => 'ไม่พบแอดมิน'], 404);
    }
    if (!write_store($store)) {
        json_response(['ok' => false, 'error' => 'บันทึกไม่สำเร็จ'], 500);
    }
    json_response(['ok' => true, 'message' => 'ตั้งรหัสใหม่แล้ว']);
}

if ($method === 'DELETE') {
    $id = trim((string)($_GET['id'] ?? ''));
    if ($id === '') {
        json_response(['ok' => false, 'error' => 'ระบุ id'], 400);
    }
    if ($id === $me['id']) {
        json_response(['ok' => false, 'error' => 'ลบบัญชีตัวเองไม่ได้'], 400);
    }
    $store = read_store();
    $admins = $store['admins'] ?? [];
    $next = [];
    $removed = false;
    foreach ($admins as $a) {
        if (($a['id'] ?? '') === $id) {
            $removed = true;
            continue;
        }
        $next[] = $a;
    }
    if (!$removed) {
        json_response(['ok' => false, 'error' => 'ไม่พบผู้ใช้'], 404);
    }
    $supers = 0;
    foreach ($next as $a) {
        if (($a['role'] ?? '') === 'super') {
            $supers++;
        }
    }
    if ($supers < 1) {
        json_response(['ok' => false, 'error' => 'ต้องมี super admin อย่างน้อย 1 คน'], 400);
    }
    $store['admins'] = $next;
    if (!write_store($store)) {
        json_response(['ok' => false, 'error' => 'บันทึกไม่สำเร็จ'], 500);
    }
    json_response(['ok' => true]);
}

json_response(['ok' => false, 'error' => 'Method not allowed'], 405);