Files
2026-06-13 11:24:58 +07:00

95 lines
3.6 KiB
PHP

<?php
require_once __DIR__ . '/../config/db.php';
require_once __DIR__ . '/helpers.php';
require_once __DIR__ . '/../config/activity.php';
$pdo = Database::getConnection();
$method = $_SERVER['REQUEST_METHOD'];
// Manajemen user hanya untuk Operator (KF-02/03)
requireApiAnyRole(['operator']);
const VALID_ROLES = ['publik', 'enumerator', 'operator', 'pimpinan'];
switch ($method) {
case 'GET':
$stmt = $pdo->query(
"SELECT id, username, email, role, is_active, wilayah_tugas, nama_lengkap, last_login, created_at
FROM users ORDER BY id ASC"
);
sendSuccess($stmt->fetchAll(), 'Data Users');
break;
case 'POST':
$d = getInput();
if (empty($d['username']) || empty($d['password']) || empty($d['role'])) {
sendError('Data tidak lengkap');
}
if (!in_array($d['role'], VALID_ROLES, true)) sendError('Role tidak valid');
$hash = password_hash($d['password'], PASSWORD_BCRYPT, ['cost' => 12]);
try {
$pdo->prepare(
"INSERT INTO users (username, email, password, role, is_active, wilayah_tugas, nama_lengkap)
VALUES (?,?,?,?,?,?,?)"
)->execute([
$d['username'],
$d['email'] ?? null,
$hash,
$d['role'],
isset($d['is_active']) ? (int)$d['is_active'] : 1,
$d['wilayah_tugas'] ?? null,
$d['nama_lengkap'] ?? '',
]);
$id = (int)$pdo->lastInsertId();
logActivity($pdo, 'create', 'users', $id, "Tambah user {$d['username']} ({$d['role']})");
sendSuccess(['id' => $id], 'User disimpan', 201);
} catch (Exception $e) {
sendError('Username sudah digunakan');
}
break;
case 'PUT':
$d = getInput();
$id = $_GET['id'] ?? null;
if (!$id) sendError('ID wajib');
if (!empty($d['role']) && !in_array($d['role'], VALID_ROLES, true)) sendError('Role tidak valid');
if (!empty($d['password'])) {
$hash = password_hash($d['password'], PASSWORD_BCRYPT, ['cost' => 12]);
$pdo->prepare(
"UPDATE users SET username=?, email=?, password=?, role=?, is_active=?, wilayah_tugas=?, nama_lengkap=?
WHERE id=?"
)->execute([
$d['username'], $d['email'] ?? null, $hash, $d['role'],
isset($d['is_active']) ? (int)$d['is_active'] : 1,
$d['wilayah_tugas'] ?? null, $d['nama_lengkap'] ?? '', $id,
]);
} else {
$pdo->prepare(
"UPDATE users SET username=?, email=?, role=?, is_active=?, wilayah_tugas=?, nama_lengkap=?
WHERE id=?"
)->execute([
$d['username'], $d['email'] ?? null, $d['role'],
isset($d['is_active']) ? (int)$d['is_active'] : 1,
$d['wilayah_tugas'] ?? null, $d['nama_lengkap'] ?? '', $id,
]);
}
logActivity($pdo, 'update', 'users', (int)$id, "Edit user {$d['username']}");
sendSuccess(null, 'User diperbarui');
break;
case 'DELETE':
$id = $_GET['id'] ?? null;
if (!$id) sendError('ID wajib');
if ($id == 1) sendError('Akun utama tidak dapat dihapus');
if ($id == ($_SESSION['user_id'] ?? null)) sendError('Tidak dapat menghapus akun sendiri');
$pdo->prepare("DELETE FROM users WHERE id=?")->execute([$id]);
logActivity($pdo, 'delete', 'users', (int)$id, 'Hapus user');
sendSuccess(null, 'User dihapus');
break;
default:
sendError('Method not allowed', 405);
}