<?php
require_once __DIR__ . '/../helpers.php';
runAuth();

try {
    $data = readJsonBody();
    $tabID = (int) ($data['TabID'] ?? 0);
    $orderID = (int) ($data['OrderID'] ?? 0);
    $userID = (int) ($data['UserID'] ?? 0);

    if ($tabID === 0) apiAbort(['OK' => false, 'ERROR' => 'missing_TabID']);
    if ($orderID === 0) apiAbort(['OK' => false, 'ERROR' => 'missing_OrderID']);
    if ($userID === 0) apiAbort(['OK' => false, 'ERROR' => 'missing_UserID']);

    $qTab = queryOne("
        SELECT ID, OwnerUserID, StatusID, AuthAmountCents, RunningTotalCents
        FROM Tabs WHERE ID = ? LIMIT 1
    ", [$tabID]);

    if (!$qTab) apiAbort(['OK' => false, 'ERROR' => 'tab_not_found']);
    if ((int) $qTab['StatusID'] !== 1) apiAbort(['OK' => false, 'ERROR' => 'tab_not_open']);
    if ((int) $qTab['OwnerUserID'] !== $userID) apiAbort(['OK' => false, 'ERROR' => 'not_owner']);

    $qTabOrder = queryOne("
        SELECT ID, SubtotalCents, TaxCents, ApprovalStatus
        FROM TabOrders WHERE TabID = ? AND OrderID = ? LIMIT 1
    ", [$tabID, $orderID]);

    if (!$qTabOrder) apiAbort(['OK' => false, 'ERROR' => 'order_not_on_tab']);
    if ($qTabOrder['ApprovalStatus'] !== 'pending') apiAbort(['OK' => false, 'ERROR' => 'not_pending', 'MESSAGE' => "Order is {$qTabOrder['ApprovalStatus']}, not pending."]);

    // Check authorization limit
    $orderTotal = (int) $qTabOrder['SubtotalCents'] + (int) $qTabOrder['TaxCents'];
    $newRunning = (int) $qTab['RunningTotalCents'] + $orderTotal;
    if ($newRunning > (int) $qTab['AuthAmountCents']) {
        apiAbort([
            'OK' => false, 'ERROR' => 'exceeds_authorization',
            'MESSAGE' => 'Approving this order would exceed your tab authorization. Increase your authorization first.',
            'RUNNING_TOTAL_CENTS' => (int) $qTab['RunningTotalCents'],
            'ORDER_CENTS' => $orderTotal,
            'AUTH_AMOUNT_CENTS' => (int) $qTab['AuthAmountCents'],
        ]);
    }

    queryTimed("UPDATE TabOrders SET ApprovalStatus = 'approved', ApprovedByUserID = ?, ApprovedOn = NOW() WHERE TabID = ? AND OrderID = ?",
        [$userID, $tabID, $orderID]);

    queryTimed("UPDATE Tabs SET RunningTotalCents = ?, LastActivityOn = NOW() WHERE ID = ?", [$newRunning, $tabID]);

    // Auto-submit order to kitchen
    $qOrder = queryOne("SELECT StatusID FROM Orders WHERE ID = ? LIMIT 1", [$orderID]);
    if ($qOrder && (int) $qOrder['StatusID'] === 0) {
        queryTimed("UPDATE Orders SET StatusID = 1, SubmittedOn = NOW(), LastEditedOn = NOW() WHERE ID = ?", [$orderID]);
    }

    jsonResponse([
        'OK' => true,
        'RUNNING_TOTAL_CENTS' => $newRunning,
        'AUTH_REMAINING_CENTS' => (int) $qTab['AuthAmountCents'] - $newRunning,
    ]);

} catch (Exception $e) {
    jsonResponse(['OK' => false, 'ERROR' => 'server_error', 'MESSAGE' => $e->getMessage()]);
}