public function api_search()
{
require_permission('product.view');

$query = $_GET['q'] ?? '';
$branch_id = $_SESSION['branch_id'] ?? null;

if (empty($query)) {
header('Content-Type: application/json');
echo json_encode(['results' => []]);
return;
}

// Build search query
$searchTerm = '%' . $query . '%';
$sql = "
SELECT
b.id,
b.asset_code,
b.serial_number,
b.barcode,
b.status,
p.name_en as model_name,
p.name_ar as model_name_ar,
br.name_en as branch_name,
br.name_ar as branch_name_ar
FROM bicycles b
JOIN bicycle_models bm ON b.model_id = bm.id
JOIN products p ON bm.product_id = p.id
JOIN branches br ON b.branch_id = br.id
WHERE (
b.serial_number LIKE ?
OR b.barcode LIKE ?
OR b.asset_code LIKE ?
)
";

$params = [$searchTerm, $searchTerm, $searchTerm];

// Filter by branch if not admin
if ($branch_id) {
$sql .= " AND b.branch_id = ?";
$params[] = $branch_id;
}

$sql .= " ORDER BY b.id DESC LIMIT 10";

$results = DB::fetchAll($sql, $params);

header('Content-Type: application/json');
echo json_encode(['results' => $results]);
}