210 lines
9.5 KiB
PHP
210 lines
9.5 KiB
PHP
<?php
|
|
// api/rumah_ibadah.php
|
|
require_once __DIR__ . '/config/database.php';
|
|
require_once __DIR__ . '/helpers/response.php';
|
|
// setCORSHeaders() dan checkRBAC() sudah dipanggil otomatis oleh response.php
|
|
|
|
$db = getDB();
|
|
$method = getMethod();
|
|
requireWriteAuth($method);
|
|
$id = isset($_GET['id']) ? (int)$_GET['id'] : 0;
|
|
|
|
switch ($method) {
|
|
|
|
// ── GET: ambil semua atau satu data ──────────────────────────────
|
|
case 'GET':
|
|
if ($id > 0) {
|
|
$stmt = $db->prepare(
|
|
"SELECT ri.id, ri.nama, ri.jenis, ri.alamat, ri.no_wa,
|
|
ri.latitude, ri.longitude, ri.radius_meter,
|
|
ri.created_at, u.username
|
|
FROM rumah_ibadah ri
|
|
LEFT JOIN users u ON u.rumah_ibadah_id = ri.id
|
|
WHERE ri.id = ?"
|
|
);
|
|
$stmt->bind_param('i', $id);
|
|
$stmt->execute();
|
|
$row = $stmt->get_result()->fetch_assoc();
|
|
if ($row) {
|
|
$row['latitude'] = (float)$row['latitude'];
|
|
$row['longitude'] = (float)$row['longitude'];
|
|
$row['radius_meter'] = (int)$row['radius_meter'];
|
|
}
|
|
$row ? sendSuccess($row) : sendError('Data tidak ditemukan', 404);
|
|
} else {
|
|
$sql = "SELECT ri.id, ri.nama, ri.jenis, ri.alamat, ri.no_wa,
|
|
ri.latitude, ri.longitude, ri.radius_meter,
|
|
ri.created_at, u.username
|
|
FROM rumah_ibadah ri
|
|
LEFT JOIN users u ON u.rumah_ibadah_id = ri.id
|
|
ORDER BY ri.created_at DESC";
|
|
$result = $db->query($sql);
|
|
$rows = [];
|
|
while ($r = $result->fetch_assoc()) {
|
|
$r['latitude'] = (float)$r['latitude'];
|
|
$r['longitude'] = (float)$r['longitude'];
|
|
$r['radius_meter'] = (int)$r['radius_meter'];
|
|
$rows[] = $r;
|
|
}
|
|
sendSuccess($rows);
|
|
}
|
|
break;
|
|
|
|
// ── POST: tambah data baru ────────────────────────────────────────
|
|
case 'POST':
|
|
$body = getBody();
|
|
$required = ['nama', 'jenis', 'latitude', 'longitude', 'radius_meter'];
|
|
foreach ($required as $field) {
|
|
if (empty($body[$field]) && $body[$field] !== 0) {
|
|
sendError("Field '$field' wajib diisi");
|
|
}
|
|
}
|
|
|
|
$db->begin_transaction();
|
|
try {
|
|
$stmt = $db->prepare(
|
|
"INSERT INTO rumah_ibadah
|
|
(nama, jenis, alamat, no_wa, latitude, longitude, radius_meter)
|
|
VALUES (?, ?, ?, ?, ?, ?, ?)"
|
|
);
|
|
$stmt->bind_param(
|
|
'ssssddi',
|
|
$body['nama'],
|
|
$body['jenis'],
|
|
$body['alamat'],
|
|
$body['no_wa'],
|
|
$body['latitude'],
|
|
$body['longitude'],
|
|
$body['radius_meter']
|
|
);
|
|
executeOrFail($stmt, 'Gagal menyimpan rumah ibadah');
|
|
$newId = $db->insert_id;
|
|
|
|
// Handle user account creation
|
|
$username = isset($body['username']) ? trim($body['username']) : '';
|
|
$password = isset($body['password']) ? trim($body['password']) : '';
|
|
if ($username !== '') {
|
|
// Check if username already exists
|
|
$stmtUserCheck = $db->prepare("SELECT id FROM users WHERE username = ?");
|
|
$stmtUserCheck->bind_param('s', $username);
|
|
$stmtUserCheck->execute();
|
|
if ($stmtUserCheck->get_result()->num_rows > 0) {
|
|
throw new Exception('Username sudah digunakan');
|
|
}
|
|
|
|
if ($password === '') {
|
|
throw new Exception('Password wajib diisi jika username ditentukan');
|
|
}
|
|
|
|
$hashedPassword = password_hash($password, PASSWORD_BCRYPT);
|
|
$stmtUser = $db->prepare(
|
|
"INSERT INTO users (username, password, password_plain, role, rumah_ibadah_id) VALUES (?, ?, ?, 'petugas_lapangan', ?)"
|
|
);
|
|
$stmtUser->bind_param('sssi', $username, $hashedPassword, $password, $newId);
|
|
executeOrFail($stmtUser, 'Gagal membuat akun petugas lapangan');
|
|
}
|
|
|
|
$db->commit();
|
|
sendSuccess(['id' => $newId], 'Rumah Ibadah dan Akun Petugas berhasil disimpan', 201);
|
|
} catch (Exception $e) {
|
|
$db->rollback();
|
|
sendError($e->getMessage());
|
|
}
|
|
break;
|
|
|
|
// ── PUT: update data ──────────────────────────────────────────────
|
|
case 'PUT':
|
|
if ($id <= 0) sendError('ID wajib disertakan');
|
|
$body = getBody();
|
|
|
|
$db->begin_transaction();
|
|
try {
|
|
$stmt = $db->prepare(
|
|
"UPDATE rumah_ibadah
|
|
SET nama=?, jenis=?, alamat=?, no_wa=?,
|
|
latitude=?, longitude=?, radius_meter=?
|
|
WHERE id=?"
|
|
);
|
|
$stmt->bind_param(
|
|
'ssssddii',
|
|
$body['nama'], $body['jenis'],
|
|
$body['alamat'], $body['no_wa'],
|
|
$body['latitude'], $body['longitude'],
|
|
$body['radius_meter'], $id
|
|
);
|
|
executeOrFail($stmt, 'Gagal memperbarui rumah ibadah');
|
|
|
|
// Handle user account creation/update (only if user is admin)
|
|
if (isset($_SESSION['role']) && $_SESSION['role'] === 'admin') {
|
|
$username = isset($body['username']) ? trim($body['username']) : '';
|
|
$password = isset($body['password']) ? trim($body['password']) : '';
|
|
|
|
if ($username !== '') {
|
|
// Check if username belongs to another user
|
|
$stmtUserCheck = $db->prepare("SELECT id, rumah_ibadah_id FROM users WHERE username = ?");
|
|
$stmtUserCheck->bind_param('s', $username);
|
|
$stmtUserCheck->execute();
|
|
$resUserCheck = $stmtUserCheck->get_result()->fetch_assoc();
|
|
if ($resUserCheck && (int)$resUserCheck['rumah_ibadah_id'] !== $id) {
|
|
throw new Exception('Username sudah digunakan oleh akun lain');
|
|
}
|
|
|
|
// Check if account already exists for this rumah_ibadah
|
|
$stmtExisting = $db->prepare("SELECT id FROM users WHERE rumah_ibadah_id = ?");
|
|
$stmtExisting->bind_param('i', $id);
|
|
$stmtExisting->execute();
|
|
$existing = $stmtExisting->get_result()->fetch_assoc();
|
|
|
|
if ($existing) {
|
|
// Update existing user
|
|
if ($password !== '') {
|
|
$hashedPassword = password_hash($password, PASSWORD_BCRYPT);
|
|
$stmtUpdate = $db->prepare("UPDATE users SET username = ?, password = ?, password_plain = ? WHERE id = ?");
|
|
$stmtUpdate->bind_param('sssi', $username, $hashedPassword, $password, $existing['id']);
|
|
} else {
|
|
$stmtUpdate = $db->prepare("UPDATE users SET username = ? WHERE id = ?");
|
|
$stmtUpdate->bind_param('si', $username, $existing['id']);
|
|
}
|
|
executeOrFail($stmtUpdate, 'Gagal memperbarui akun petugas lapangan');
|
|
} else {
|
|
// Create new user for this rumah ibadah
|
|
if ($password === '') {
|
|
throw new Exception('Password wajib diisi untuk pembuatan akun baru');
|
|
}
|
|
$hashedPassword = password_hash($password, PASSWORD_BCRYPT);
|
|
$stmtUser = $db->prepare(
|
|
"INSERT INTO users (username, password, password_plain, role, rumah_ibadah_id) VALUES (?, ?, ?, 'petugas_lapangan', ?)"
|
|
);
|
|
$stmtUser->bind_param('sssi', $username, $hashedPassword, $password, $id);
|
|
executeOrFail($stmtUser, 'Gagal membuat akun petugas lapangan');
|
|
}
|
|
} else {
|
|
// Delete the associated user account if username is cleared
|
|
$stmtDeleteUser = $db->prepare("DELETE FROM users WHERE rumah_ibadah_id = ?");
|
|
$stmtDeleteUser->bind_param('i', $id);
|
|
$stmtDeleteUser->execute();
|
|
}
|
|
}
|
|
|
|
$db->commit();
|
|
sendSuccess(null, 'Rumah Ibadah berhasil diperbarui');
|
|
} catch (Exception $e) {
|
|
$db->rollback();
|
|
sendError($e->getMessage());
|
|
}
|
|
break;
|
|
|
|
// ── DELETE: hapus data ────────────────────────────────────────────
|
|
case 'DELETE':
|
|
if ($id <= 0) sendError('ID wajib disertakan');
|
|
$stmt = $db->prepare("DELETE FROM rumah_ibadah WHERE id=?");
|
|
$stmt->bind_param('i', $id);
|
|
executeOrFail($stmt, 'Gagal menghapus rumah ibadah');
|
|
$stmt->affected_rows > 0
|
|
? sendSuccess(null, 'Rumah Ibadah berhasil dihapus')
|
|
: sendError('Data tidak ditemukan', 404);
|
|
break;
|
|
|
|
default:
|
|
sendError('Method tidak diizinkan', 405);
|
|
} |