First commit / commit pertama
This commit is contained in:
@@ -0,0 +1,94 @@
|
||||
<?php
|
||||
require_once __DIR__ . '/../config/db.php';
|
||||
require_once __DIR__ . '/helpers.php';
|
||||
require_once __DIR__ . '/../config/activity.php';
|
||||
|
||||
$pdo = Database::getConnection();
|
||||
$method = $_SERVER['REQUEST_METHOD'];
|
||||
|
||||
// Manajemen user hanya untuk Operator (KF-02/03)
|
||||
requireApiAnyRole(['operator']);
|
||||
|
||||
const VALID_ROLES = ['publik', 'enumerator', 'operator', 'pimpinan'];
|
||||
|
||||
switch ($method) {
|
||||
case 'GET':
|
||||
$stmt = $pdo->query(
|
||||
"SELECT id, username, email, role, is_active, wilayah_tugas, nama_lengkap, last_login, created_at
|
||||
FROM users ORDER BY id ASC"
|
||||
);
|
||||
sendSuccess($stmt->fetchAll(), 'Data Users');
|
||||
break;
|
||||
|
||||
case 'POST':
|
||||
$d = getInput();
|
||||
if (empty($d['username']) || empty($d['password']) || empty($d['role'])) {
|
||||
sendError('Data tidak lengkap');
|
||||
}
|
||||
if (!in_array($d['role'], VALID_ROLES, true)) sendError('Role tidak valid');
|
||||
|
||||
$hash = password_hash($d['password'], PASSWORD_BCRYPT, ['cost' => 12]);
|
||||
try {
|
||||
$pdo->prepare(
|
||||
"INSERT INTO users (username, email, password, role, is_active, wilayah_tugas, nama_lengkap)
|
||||
VALUES (?,?,?,?,?,?,?)"
|
||||
)->execute([
|
||||
$d['username'],
|
||||
$d['email'] ?? null,
|
||||
$hash,
|
||||
$d['role'],
|
||||
isset($d['is_active']) ? (int)$d['is_active'] : 1,
|
||||
$d['wilayah_tugas'] ?? null,
|
||||
$d['nama_lengkap'] ?? '',
|
||||
]);
|
||||
$id = (int)$pdo->lastInsertId();
|
||||
logActivity($pdo, 'create', 'users', $id, "Tambah user {$d['username']} ({$d['role']})");
|
||||
sendSuccess(['id' => $id], 'User disimpan', 201);
|
||||
} catch (Exception $e) {
|
||||
sendError('Username sudah digunakan');
|
||||
}
|
||||
break;
|
||||
|
||||
case 'PUT':
|
||||
$d = getInput();
|
||||
$id = $_GET['id'] ?? null;
|
||||
if (!$id) sendError('ID wajib');
|
||||
if (!empty($d['role']) && !in_array($d['role'], VALID_ROLES, true)) sendError('Role tidak valid');
|
||||
|
||||
if (!empty($d['password'])) {
|
||||
$hash = password_hash($d['password'], PASSWORD_BCRYPT, ['cost' => 12]);
|
||||
$pdo->prepare(
|
||||
"UPDATE users SET username=?, email=?, password=?, role=?, is_active=?, wilayah_tugas=?, nama_lengkap=?
|
||||
WHERE id=?"
|
||||
)->execute([
|
||||
$d['username'], $d['email'] ?? null, $hash, $d['role'],
|
||||
isset($d['is_active']) ? (int)$d['is_active'] : 1,
|
||||
$d['wilayah_tugas'] ?? null, $d['nama_lengkap'] ?? '', $id,
|
||||
]);
|
||||
} else {
|
||||
$pdo->prepare(
|
||||
"UPDATE users SET username=?, email=?, role=?, is_active=?, wilayah_tugas=?, nama_lengkap=?
|
||||
WHERE id=?"
|
||||
)->execute([
|
||||
$d['username'], $d['email'] ?? null, $d['role'],
|
||||
isset($d['is_active']) ? (int)$d['is_active'] : 1,
|
||||
$d['wilayah_tugas'] ?? null, $d['nama_lengkap'] ?? '', $id,
|
||||
]);
|
||||
}
|
||||
logActivity($pdo, 'update', 'users', (int)$id, "Edit user {$d['username']}");
|
||||
sendSuccess(null, 'User diperbarui');
|
||||
break;
|
||||
|
||||
case 'DELETE':
|
||||
$id = $_GET['id'] ?? null;
|
||||
if (!$id) sendError('ID wajib');
|
||||
if ($id == 1) sendError('Akun utama tidak dapat dihapus');
|
||||
if ($id == ($_SESSION['user_id'] ?? null)) sendError('Tidak dapat menghapus akun sendiri');
|
||||
$pdo->prepare("DELETE FROM users WHERE id=?")->execute([$id]);
|
||||
logActivity($pdo, 'delete', 'users', (int)$id, 'Hapus user');
|
||||
sendSuccess(null, 'User dihapus');
|
||||
break;
|
||||
|
||||
default:
|
||||
sendError('Method not allowed', 405);
|
||||
}
|
||||
Reference in New Issue
Block a user