app/api/admin/offers-templates.php

<?php

/**
 * BOHA Automation - Offers Templates API
 *
 * GET    ?action=items                  - List item templates
 * GET    ?action=scopes                 - List scope templates
 * GET    ?action=scope_detail&id=X      - Get scope template with sections
 * POST   ?action=item                   - Create/update item template
 * POST   ?action=scope                  - Create/update scope template
 * DELETE ?action=item&id=X              - Delete item template
 * DELETE ?action=scope&id=X             - Delete scope template
 */

declare(strict_types=1);

require_once dirname(__DIR__) . '/config.php';
require_once dirname(__DIR__) . '/includes/JWTAuth.php';
require_once dirname(__DIR__) . '/includes/AuditLog.php';
require_once __DIR__ . '/handlers/offers-templates-handlers.php';

setCorsHeaders();
setSecurityHeaders();
setNoCacheHeaders();
header('Content-Type: application/json; charset=utf-8');

$authData = JWTAuth::requireAuth();
AuditLog::setUser($authData['user_id'], $authData['user']['username'] ?? 'unknown');

$method = $_SERVER['REQUEST_METHOD'];
$action = $_GET['action'] ?? '';
$id = isset($_GET['id']) ? (int) $_GET['id'] : null;

try {
    $pdo = db();

    switch ($method) {
        case 'GET':
            requirePermission($authData, 'offers.view');
            switch ($action) {
                case 'items':
                    handleGetItemTemplates($pdo);
                    break;
                case 'scopes':
                    handleGetScopeTemplates($pdo);
                    break;
                case 'scope_detail':
                    if (!$id) {
                        errorResponse('ID šablony je povinné');
                    }
                    handleGetScopeDetail($pdo, $id);
                    break;
                default:
                    errorResponse('Neplatná akce');
            }
            break;

        case 'POST':
            requirePermission($authData, 'offers.settings');
            switch ($action) {
                case 'item':
                    handleSaveItemTemplate($pdo);
                    break;
                case 'scope':
                    handleSaveScopeTemplate($pdo);
                    break;
                default:
                    errorResponse('Neplatná akce');
            }
            break;

        case 'DELETE':
            requirePermission($authData, 'offers.settings');
            if (!$id) {
                errorResponse('ID šablony je povinné');
            }
            switch ($action) {
                case 'item':
                    handleDeleteItemTemplate($pdo, $id);
                    break;
                case 'scope':
                    handleDeleteScopeTemplate($pdo, $id);
                    break;
                default:
                    errorResponse('Neplatná akce');
            }
            break;

        default:
            errorResponse('Metoda není povolena', 405);
    }
} catch (PDOException $e) {
    error_log('Offers Templates API error: ' . $e->getMessage());
    if (DEBUG_MODE) {
        errorResponse('Chyba databáze: ' . $e->getMessage(), 500);
    } else {
        errorResponse('Chyba databáze', 500);
    }
}

// --- Item Templates ---