<?php
require_once __DIR__ . '/../helpers.php';
runAuth();

/**
 * Save Business Order Types
 * POST: { BusinessID, OrderTypes: "1,2" }
 * 1=Dine-In, 2=Takeaway, 3=Delivery
 */

try {
    $data = readJsonBody();
    if (empty($data)) {
        apiAbort(['OK' => false, 'ERROR' => 'No request body provided']);
    }

    $businessId = (int) ($data['BusinessID'] ?? 0);
    if ($businessId <= 0) {
        apiAbort(['OK' => false, 'ERROR' => 'BusinessID is required']);
    }

    $orderTypes = trim($data['OrderTypes'] ?? '1');

    // Validate: only allow digits 1-3 separated by commas
    if (!preg_match('/^[1-3](,[1-3])*$/', $orderTypes)) {
        apiAbort(['OK' => false, 'ERROR' => 'OrderTypes must be a comma-separated list of 1, 2, or 3']);
    }

    queryTimed("UPDATE Businesses SET OrderTypes = ? WHERE ID = ?", [$orderTypes, $businessId]);

    jsonResponse(['OK' => true, 'OrderTypes' => $orderTypes]);

} catch (Exception $e) {
    jsonResponse(['OK' => false, 'ERROR' => $e->getMessage()]);
}