app/api/admin/company-settings.php

<?php

/**
 * BOHA Automation - Company Settings API
 *
 * GET    /api/admin/company-settings.php             - Get company settings
 * PUT    /api/admin/company-settings.php             - Update company settings
 * POST   /api/admin/company-settings.php?action=logo - Upload logo
 * GET    /api/admin/company-settings.php?action=logo - Get logo image
 */

declare(strict_types=1);

require_once dirname(__DIR__) . '/config.php';
require_once dirname(__DIR__) . '/includes/JWTAuth.php';
require_once dirname(__DIR__) . '/includes/AuditLog.php';
require_once __DIR__ . '/handlers/company-settings-handlers.php';

setCorsHeaders();
setSecurityHeaders();
setNoCacheHeaders();

$method = $_SERVER['REQUEST_METHOD'];
$action = $_GET['action'] ?? '';

if (!($method === 'GET' && $action === 'logo')) {
    header('Content-Type: application/json; charset=utf-8');
}

$authData = JWTAuth::requireAuth();
AuditLog::setUser($authData['user_id'], $authData['user']['username'] ?? 'unknown');

try {
    $pdo = db();

    switch ($method) {
        case 'GET':
            if ($action === 'logo') {
                requirePermission($authData, 'offers.view');
                handleGetLogo($pdo);
            } else {
                requirePermission($authData, 'offers.settings');
                handleGetOffersSettings($pdo);
            }
            break;

        case 'PUT':
            requirePermission($authData, 'offers.settings');
            handleUpdateOffersSettings($pdo);
            break;

        case 'POST':
            if ($action === 'logo') {
                requirePermission($authData, 'offers.settings');
                handleUploadLogo($pdo);
            } else {
                errorResponse('Neplatná akce', 400);
            }
            break;

        default:
            errorResponse('Metoda není povolena', 405);
    }
} catch (PDOException $e) {
    error_log('Offers Settings API error: ' . $e->getMessage());
    if (DEBUG_MODE) {
        errorResponse('Chyba databáze: ' . $e->getMessage(), 500);
    } else {
        errorResponse('Chyba databáze', 500);
    }
}