<?php
require_once __DIR__ . '/../config/db.php';
require_once __DIR__ . '/../config/auth.php';
$user = requireAuth();
$db   = getDB();

// All users can read settings (for VAT calc etc), only admin/HR can write
$group = post('group', '');
$sql = "SELECT setting_key, setting_value, setting_group, label, input_type FROM settings";
$params = [];
if ($group) { $sql .= " WHERE setting_group = ?"; $params[] = $group; }
$sql .= " ORDER BY setting_group, id";
$stmt = $db->prepare($sql);
$stmt->execute($params);
$rows = $stmt->fetchAll();

// Return as key=>value map AND as array
$map = [];
foreach ($rows as $r) $map[$r['setting_key']] = $r['setting_value'];
apiSuccess(['settings' => $rows, 'map' => $map]);