Upload files to "api"
This commit is contained in:
@@ -0,0 +1,76 @@
|
||||
<?php
|
||||
require_once __DIR__ . '/_helpers.php';
|
||||
api_require_login();
|
||||
api_require_role(['admin','dinas','relawan','rumah_ibadah']);
|
||||
|
||||
$method = $_SERVER['REQUEST_METHOD'];
|
||||
$user = current_user();
|
||||
$role = current_role();
|
||||
|
||||
function allow_enum_value($value, array $allowed, string $default): string
|
||||
{
|
||||
$v = clean_string($value);
|
||||
return in_array($v, $allowed, true) ? $v : $default;
|
||||
}
|
||||
|
||||
if ($method === 'GET') {
|
||||
$params = [];
|
||||
$where = 'WHERE ka.mampu_bekerja = "Ya"';
|
||||
if ($role === 'rumah_ibadah' && !empty($user['rumah_ibadah_id'])) {
|
||||
$where .= ' AND k.rumah_ibadah_id = ?';
|
||||
$params[] = (int)$user['rumah_ibadah_id'];
|
||||
}
|
||||
|
||||
$sql = 'SELECT ka.*, k.nama_kk, k.alamat, k.kerentanan, k.status_bantuan, k.rumah_ibadah_id,
|
||||
r.nama AS nama_rumah_ibadah,
|
||||
p.id AS program_id, p.jenis_program, p.nama_program, p.penyelenggara, p.tanggal_mulai, p.status AS status_program, p.catatan AS catatan_program
|
||||
FROM keluarga_anggota ka
|
||||
JOIN keluarga k ON k.id = ka.keluarga_id
|
||||
LEFT JOIN rumah_ibadah r ON r.id = k.rumah_ibadah_id
|
||||
LEFT JOIN (
|
||||
SELECT p1.* FROM pemberdayaan p1
|
||||
JOIN (SELECT anggota_id, MAX(id) AS max_id FROM pemberdayaan GROUP BY anggota_id) latest ON latest.max_id = p1.id
|
||||
) p ON p.anggota_id = ka.id
|
||||
' . $where . '
|
||||
ORDER BY FIELD(ka.status_pemberdayaan, "Layak Diberdayakan", "Belum Dinilai", "Dalam Program", "Mandiri", "Tidak Layak"), k.kerentanan ASC, ka.nama ASC';
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute($params);
|
||||
json_response(['success' => true, 'data' => $stmt->fetchAll()]);
|
||||
}
|
||||
|
||||
if ($method === 'POST') {
|
||||
$data = get_json_input();
|
||||
required_fields($data, ['anggota_id','jenis_program','nama_program']);
|
||||
$anggotaId = clean_int($data['anggota_id']);
|
||||
|
||||
$stmtA = $pdo->prepare('SELECT ka.*, k.rumah_ibadah_id FROM keluarga_anggota ka JOIN keluarga k ON k.id = ka.keluarga_id WHERE ka.id = ? LIMIT 1');
|
||||
$stmtA->execute([$anggotaId]);
|
||||
$anggota = $stmtA->fetch();
|
||||
if (!$anggota) json_response(['success' => false, 'message' => 'Anggota keluarga tidak ditemukan.'], 404);
|
||||
if ($anggota['mampu_bekerja'] !== 'Ya') json_response(['success' => false, 'message' => 'Program pemberdayaan hanya untuk anggota yang masih mampu bekerja.'], 422);
|
||||
if ($role === 'rumah_ibadah' && (int)$anggota['rumah_ibadah_id'] !== (int)($user['rumah_ibadah_id'] ?? 0)) {
|
||||
json_response(['success' => false, 'message' => 'Pengurus hanya dapat menambah program untuk keluarga tanggungannya.'], 403);
|
||||
}
|
||||
|
||||
$status = allow_enum_value($data['status'] ?? 'Direkomendasikan', ['Direkomendasikan','Berjalan','Selesai','Batal','Mandiri'], 'Direkomendasikan');
|
||||
$stmt = $pdo->prepare('INSERT INTO pemberdayaan
|
||||
(anggota_id, keluarga_id, jenis_program, nama_program, penyelenggara, tanggal_mulai, status, catatan, created_by)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)');
|
||||
$stmt->execute([
|
||||
$anggotaId,
|
||||
(int)$anggota['keluarga_id'],
|
||||
allow_enum_value($data['jenis_program'], ['Pelatihan Kerja','Modal Usaha','Pendampingan UMKM','Penempatan Kerja','Bantuan Alat Kerja','Lainnya'], 'Pelatihan Kerja'),
|
||||
clean_string($data['nama_program']),
|
||||
clean_string($data['penyelenggara'] ?? ''),
|
||||
clean_string($data['tanggal_mulai'] ?? '') ?: null,
|
||||
$status,
|
||||
clean_string($data['catatan'] ?? ''),
|
||||
$user['id']
|
||||
]);
|
||||
|
||||
$statusAnggota = $status === 'Mandiri' ? 'Mandiri' : ($status === 'Berjalan' ? 'Dalam Program' : 'Layak Diberdayakan');
|
||||
$pdo->prepare('UPDATE keluarga_anggota SET status_pemberdayaan = ? WHERE id = ?')->execute([$statusAnggota, $anggotaId]);
|
||||
json_response(['success' => true, 'message' => 'Program pemberdayaan berhasil dicatat.'], 201);
|
||||
}
|
||||
|
||||
json_response(['success' => false, 'message' => 'Method tidak didukung.'], 405);
|
||||
@@ -0,0 +1,110 @@
|
||||
<?php
|
||||
require_once __DIR__ . '/_helpers.php';
|
||||
api_require_login();
|
||||
|
||||
$method = $_SERVER['REQUEST_METHOD'];
|
||||
$user = current_user();
|
||||
$role = current_role();
|
||||
|
||||
function can_update_ri(array $user, string $role, int $id): bool
|
||||
{
|
||||
if (in_array($role, ['admin','dinas'], true)) return true;
|
||||
return $role === 'rumah_ibadah' && !empty($user['rumah_ibadah_id']) && (int)$user['rumah_ibadah_id'] === $id;
|
||||
}
|
||||
|
||||
if ($method === 'GET') {
|
||||
$sql = 'SELECT r.*, COALESCE(t.jumlah_tanggungan, 0) AS jumlah_tanggungan
|
||||
FROM rumah_ibadah r
|
||||
LEFT JOIN (
|
||||
SELECT rumah_ibadah_id, COUNT(*) AS jumlah_tanggungan
|
||||
FROM keluarga
|
||||
WHERE status_bantuan = "Ditanggung" AND rumah_ibadah_id IS NOT NULL
|
||||
GROUP BY rumah_ibadah_id
|
||||
) t ON t.rumah_ibadah_id = r.id
|
||||
ORDER BY r.nama ASC';
|
||||
$stmt = $pdo->query($sql);
|
||||
json_response(['success' => true, 'data' => $stmt->fetchAll()]);
|
||||
}
|
||||
|
||||
if ($method === 'POST') {
|
||||
api_require_role(['admin','dinas']);
|
||||
$data = get_json_input();
|
||||
required_fields($data, ['nama','alamat','kategori','lat','lng']);
|
||||
|
||||
$stmt = $pdo->prepare('INSERT INTO rumah_ibadah
|
||||
(nama, alamat, kategori, pengurus, kontak, dana_sosial, kuota, radius, lat, lng, status, created_by)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
|
||||
|
||||
$stmt->execute([
|
||||
clean_string($data['nama']),
|
||||
clean_string($data['alamat']),
|
||||
clean_string($data['kategori']),
|
||||
clean_string($data['pengurus'] ?? ''),
|
||||
clean_string($data['kontak'] ?? ''),
|
||||
clean_float($data['dana_sosial'] ?? 0),
|
||||
clean_int($data['kuota'] ?? 0),
|
||||
clean_int($data['radius'] ?? 500),
|
||||
clean_float($data['lat']),
|
||||
clean_float($data['lng']),
|
||||
clean_string($data['status'] ?? 'Aktif'),
|
||||
$user['id']
|
||||
]);
|
||||
|
||||
json_response(['success' => true, 'message' => 'Data rumah ibadah berhasil disimpan.', 'id' => $pdo->lastInsertId()], 201);
|
||||
}
|
||||
|
||||
if ($method === 'PUT') {
|
||||
$data = get_json_input();
|
||||
required_fields($data, ['id','nama','alamat','kategori','lat','lng']);
|
||||
$id = clean_int($data['id']);
|
||||
|
||||
if (!can_update_ri($user, $role, $id)) {
|
||||
json_response(['success' => false, 'message' => 'Akses ditolak. Pengurus hanya dapat mengubah rumah ibadah yang terhubung dengan akunnya.'], 403);
|
||||
}
|
||||
|
||||
if ($role === 'rumah_ibadah') {
|
||||
$stmt = $pdo->prepare('UPDATE rumah_ibadah SET
|
||||
pengurus = ?, kontak = ?, dana_sosial = ?, kuota = ?, radius = ?
|
||||
WHERE id = ?');
|
||||
$stmt->execute([
|
||||
clean_string($data['pengurus'] ?? ''),
|
||||
clean_string($data['kontak'] ?? ''),
|
||||
clean_float($data['dana_sosial'] ?? 0),
|
||||
clean_int($data['kuota'] ?? 0),
|
||||
clean_int($data['radius'] ?? 500),
|
||||
$id
|
||||
]);
|
||||
} else {
|
||||
$stmt = $pdo->prepare('UPDATE rumah_ibadah SET
|
||||
nama = ?, alamat = ?, kategori = ?, pengurus = ?, kontak = ?, dana_sosial = ?, kuota = ?, radius = ?, lat = ?, lng = ?, status = ?
|
||||
WHERE id = ?');
|
||||
$stmt->execute([
|
||||
clean_string($data['nama']),
|
||||
clean_string($data['alamat']),
|
||||
clean_string($data['kategori']),
|
||||
clean_string($data['pengurus'] ?? ''),
|
||||
clean_string($data['kontak'] ?? ''),
|
||||
clean_float($data['dana_sosial'] ?? 0),
|
||||
clean_int($data['kuota'] ?? 0),
|
||||
clean_int($data['radius'] ?? 500),
|
||||
clean_float($data['lat']),
|
||||
clean_float($data['lng']),
|
||||
clean_string($data['status'] ?? 'Aktif'),
|
||||
$id
|
||||
]);
|
||||
}
|
||||
|
||||
json_response(['success' => true, 'message' => 'Data rumah ibadah berhasil diperbarui.']);
|
||||
}
|
||||
|
||||
if ($method === 'DELETE') {
|
||||
api_require_role(['admin','dinas']);
|
||||
$id = clean_int($_GET['id'] ?? 0);
|
||||
if ($id <= 0) json_response(['success' => false, 'message' => 'ID tidak valid.'], 422);
|
||||
|
||||
$stmt = $pdo->prepare('DELETE FROM rumah_ibadah WHERE id = ?');
|
||||
$stmt->execute([$id]);
|
||||
json_response(['success' => true, 'message' => 'Data rumah ibadah berhasil dihapus.']);
|
||||
}
|
||||
|
||||
json_response(['success' => false, 'message' => 'Method tidak didukung.'], 405);
|
||||
@@ -0,0 +1,84 @@
|
||||
<?php
|
||||
require_once __DIR__ . '/_helpers.php';
|
||||
api_require_login();
|
||||
api_require_role(['admin']);
|
||||
|
||||
$method = $_SERVER['REQUEST_METHOD'];
|
||||
$admin = current_user();
|
||||
|
||||
if ($method === 'GET') {
|
||||
$stmt = $pdo->query('SELECT id, nama, email, role, rumah_ibadah_id, status_akun, kontak, alamat, nama_instansi, kategori_instansi, catatan_pengajuan, lat, lng, verified_at, created_at
|
||||
FROM users
|
||||
ORDER BY FIELD(status_akun, "Menunggu Verifikasi", "Aktif", "Ditolak"), created_at DESC');
|
||||
json_response(['success' => true, 'data' => $stmt->fetchAll()]);
|
||||
}
|
||||
|
||||
if ($method === 'PUT') {
|
||||
$data = get_json_input();
|
||||
required_fields($data, ['id','action']);
|
||||
$id = clean_int($data['id']);
|
||||
$action = clean_string($data['action']);
|
||||
|
||||
if ($id <= 0) {
|
||||
json_response(['success' => false, 'message' => 'ID akun tidak valid.'], 422);
|
||||
}
|
||||
if ($id === (int)$admin['id'] && $action !== 'approve') {
|
||||
json_response(['success' => false, 'message' => 'Akun yang sedang digunakan tidak dapat ditolak atau dihapus dari sini.'], 422);
|
||||
}
|
||||
|
||||
$stmt = $pdo->prepare('SELECT * FROM users WHERE id = ? LIMIT 1');
|
||||
$stmt->execute([$id]);
|
||||
$user = $stmt->fetch();
|
||||
if (!$user) {
|
||||
json_response(['success' => false, 'message' => 'Akun tidak ditemukan.'], 404);
|
||||
}
|
||||
|
||||
if ($action === 'reject') {
|
||||
$stmt = $pdo->prepare('UPDATE users SET status_akun = "Ditolak", verified_by = ?, verified_at = NOW() WHERE id = ?');
|
||||
$stmt->execute([$admin['id'], $id]);
|
||||
json_response(['success' => true, 'message' => 'Pengajuan akun ditolak.']);
|
||||
}
|
||||
|
||||
if ($action === 'approve') {
|
||||
$rumahIbadahId = $user['rumah_ibadah_id'] ? (int)$user['rumah_ibadah_id'] : null;
|
||||
|
||||
if ($user['role'] === 'rumah_ibadah' && !$rumahIbadahId) {
|
||||
if (empty($user['nama_instansi']) || empty($user['alamat']) || empty($user['kategori_instansi']) || $user['lat'] === null || $user['lng'] === null) {
|
||||
json_response(['success' => false, 'message' => 'Data rumah ibadah pada pengajuan belum lengkap.'], 422);
|
||||
}
|
||||
|
||||
$stmt = $pdo->prepare('INSERT INTO rumah_ibadah
|
||||
(nama, alamat, kategori, pengurus, kontak, dana_sosial, kuota, radius, lat, lng, status, created_by)
|
||||
VALUES (?, ?, ?, ?, ?, 0, 0, 500, ?, ?, "Aktif", ?)');
|
||||
$stmt->execute([
|
||||
$user['nama_instansi'],
|
||||
$user['alamat'],
|
||||
in_array($user['kategori_instansi'], ['Masjid','Gereja','Vihara','Klenteng','Pura','Lainnya'], true) ? $user['kategori_instansi'] : 'Lainnya',
|
||||
$user['nama'],
|
||||
$user['kontak'] ?? '',
|
||||
$user['lat'],
|
||||
$user['lng'],
|
||||
$admin['id']
|
||||
]);
|
||||
$rumahIbadahId = (int)$pdo->lastInsertId();
|
||||
}
|
||||
|
||||
$stmt = $pdo->prepare('UPDATE users SET status_akun = "Aktif", rumah_ibadah_id = ?, verified_by = ?, verified_at = NOW() WHERE id = ?');
|
||||
$stmt->execute([$rumahIbadahId, $admin['id'], $id]);
|
||||
json_response(['success' => true, 'message' => 'Akun berhasil disetujui.']);
|
||||
}
|
||||
|
||||
json_response(['success' => false, 'message' => 'Aksi tidak dikenal.'], 422);
|
||||
}
|
||||
|
||||
if ($method === 'DELETE') {
|
||||
$id = clean_int($_GET['id'] ?? 0);
|
||||
if ($id <= 0) json_response(['success' => false, 'message' => 'ID akun tidak valid.'], 422);
|
||||
if ($id === (int)$admin['id']) json_response(['success' => false, 'message' => 'Akun yang sedang digunakan tidak dapat dihapus.'], 422);
|
||||
|
||||
$stmt = $pdo->prepare('DELETE FROM users WHERE id = ?');
|
||||
$stmt->execute([$id]);
|
||||
json_response(['success' => true, 'message' => 'Akun berhasil dihapus.']);
|
||||
}
|
||||
|
||||
json_response(['success' => false, 'message' => 'Method tidak didukung.'], 405);
|
||||
Reference in New Issue
Block a user