<?php
require_once __DIR__ . '/../helpers.php';
runAuth();

require_once __DIR__ . '/_grantUtils.php';

global $userId;

$data = readJsonBody();
$grantID = (int) ($data['GrantID'] ?? 0);

if ($grantID <= 0) {
    apiAbort(['OK' => false, 'ERROR' => 'missing_grantid', 'MESSAGE' => 'GrantID is required.']);
}

if ($userId <= 0) {
    apiAbort(['OK' => false, 'ERROR' => 'not_authenticated']);
}

$qGrant = queryOne(
    "SELECT g.*, b.UserID AS GuestOwnerUserID
     FROM ServicePointGrants g
     JOIN Businesses b ON b.ID = g.GuestBusinessID
     WHERE g.ID = ?
     LIMIT 1",
    [$grantID]
);

if (!$qGrant) {
    apiAbort(['OK' => false, 'ERROR' => 'not_found', 'MESSAGE' => 'Grant not found.']);
}

if ((int) $qGrant['GuestOwnerUserID'] !== $userId) {
    apiAbort(['OK' => false, 'ERROR' => 'not_guest_owner', 'MESSAGE' => 'Only the guest business owner can decline this invite.']);
}

if ((int) $qGrant['StatusID'] !== 0) {
    apiAbort(['OK' => false, 'ERROR' => 'bad_state', 'MESSAGE' => 'Only pending grants can be declined.']);
}

queryTimed("UPDATE ServicePointGrants SET StatusID = 2 WHERE ID = ?", [$grantID]);

recordGrantHistory(
    $grantID,
    'declined',
    $userId,
    (int) $qGrant['GuestBusinessID'],
    ['StatusID' => 0],
    ['StatusID' => 2]
);

jsonResponse([
    'OK' => true,
    'GrantID' => $grantID,
    'MESSAGE' => 'Grant declined.',
]);