From ae9e69d6e0c99bb82dcafdc69d5e6f9615ddacf3 Mon Sep 17 00:00:00 2001 From: Kris Date: Tue, 2 Jun 2026 03:14:08 +0000 Subject: [PATCH] Upload files to "api" --- api/pemberdayaan.php | 76 ++++++++++++++++++++++++++++++ api/rumah_ibadah.php | 110 +++++++++++++++++++++++++++++++++++++++++++ api/users.php | 84 +++++++++++++++++++++++++++++++++ 3 files changed, 270 insertions(+) create mode 100644 api/pemberdayaan.php create mode 100644 api/rumah_ibadah.php create mode 100644 api/users.php diff --git a/api/pemberdayaan.php b/api/pemberdayaan.php new file mode 100644 index 0000000..3242a8d --- /dev/null +++ b/api/pemberdayaan.php @@ -0,0 +1,76 @@ +prepare($sql); + $stmt->execute($params); + json_response(['success' => true, 'data' => $stmt->fetchAll()]); +} + +if ($method === 'POST') { + $data = get_json_input(); + required_fields($data, ['anggota_id','jenis_program','nama_program']); + $anggotaId = clean_int($data['anggota_id']); + + $stmtA = $pdo->prepare('SELECT ka.*, k.rumah_ibadah_id FROM keluarga_anggota ka JOIN keluarga k ON k.id = ka.keluarga_id WHERE ka.id = ? LIMIT 1'); + $stmtA->execute([$anggotaId]); + $anggota = $stmtA->fetch(); + if (!$anggota) json_response(['success' => false, 'message' => 'Anggota keluarga tidak ditemukan.'], 404); + if ($anggota['mampu_bekerja'] !== 'Ya') json_response(['success' => false, 'message' => 'Program pemberdayaan hanya untuk anggota yang masih mampu bekerja.'], 422); + if ($role === 'rumah_ibadah' && (int)$anggota['rumah_ibadah_id'] !== (int)($user['rumah_ibadah_id'] ?? 0)) { + json_response(['success' => false, 'message' => 'Pengurus hanya dapat menambah program untuk keluarga tanggungannya.'], 403); + } + + $status = allow_enum_value($data['status'] ?? 'Direkomendasikan', ['Direkomendasikan','Berjalan','Selesai','Batal','Mandiri'], 'Direkomendasikan'); + $stmt = $pdo->prepare('INSERT INTO pemberdayaan + (anggota_id, keluarga_id, jenis_program, nama_program, penyelenggara, tanggal_mulai, status, catatan, created_by) + VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)'); + $stmt->execute([ + $anggotaId, + (int)$anggota['keluarga_id'], + allow_enum_value($data['jenis_program'], ['Pelatihan Kerja','Modal Usaha','Pendampingan UMKM','Penempatan Kerja','Bantuan Alat Kerja','Lainnya'], 'Pelatihan Kerja'), + clean_string($data['nama_program']), + clean_string($data['penyelenggara'] ?? ''), + clean_string($data['tanggal_mulai'] ?? '') ?: null, + $status, + clean_string($data['catatan'] ?? ''), + $user['id'] + ]); + + $statusAnggota = $status === 'Mandiri' ? 'Mandiri' : ($status === 'Berjalan' ? 'Dalam Program' : 'Layak Diberdayakan'); + $pdo->prepare('UPDATE keluarga_anggota SET status_pemberdayaan = ? WHERE id = ?')->execute([$statusAnggota, $anggotaId]); + json_response(['success' => true, 'message' => 'Program pemberdayaan berhasil dicatat.'], 201); +} + +json_response(['success' => false, 'message' => 'Method tidak didukung.'], 405); diff --git a/api/rumah_ibadah.php b/api/rumah_ibadah.php new file mode 100644 index 0000000..25165ca --- /dev/null +++ b/api/rumah_ibadah.php @@ -0,0 +1,110 @@ +query($sql); + json_response(['success' => true, 'data' => $stmt->fetchAll()]); +} + +if ($method === 'POST') { + api_require_role(['admin','dinas']); + $data = get_json_input(); + required_fields($data, ['nama','alamat','kategori','lat','lng']); + + $stmt = $pdo->prepare('INSERT INTO rumah_ibadah + (nama, alamat, kategori, pengurus, kontak, dana_sosial, kuota, radius, lat, lng, status, created_by) + VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'); + + $stmt->execute([ + clean_string($data['nama']), + clean_string($data['alamat']), + clean_string($data['kategori']), + clean_string($data['pengurus'] ?? ''), + clean_string($data['kontak'] ?? ''), + clean_float($data['dana_sosial'] ?? 0), + clean_int($data['kuota'] ?? 0), + clean_int($data['radius'] ?? 500), + clean_float($data['lat']), + clean_float($data['lng']), + clean_string($data['status'] ?? 'Aktif'), + $user['id'] + ]); + + json_response(['success' => true, 'message' => 'Data rumah ibadah berhasil disimpan.', 'id' => $pdo->lastInsertId()], 201); +} + +if ($method === 'PUT') { + $data = get_json_input(); + required_fields($data, ['id','nama','alamat','kategori','lat','lng']); + $id = clean_int($data['id']); + + if (!can_update_ri($user, $role, $id)) { + json_response(['success' => false, 'message' => 'Akses ditolak. Pengurus hanya dapat mengubah rumah ibadah yang terhubung dengan akunnya.'], 403); + } + + if ($role === 'rumah_ibadah') { + $stmt = $pdo->prepare('UPDATE rumah_ibadah SET + pengurus = ?, kontak = ?, dana_sosial = ?, kuota = ?, radius = ? + WHERE id = ?'); + $stmt->execute([ + clean_string($data['pengurus'] ?? ''), + clean_string($data['kontak'] ?? ''), + clean_float($data['dana_sosial'] ?? 0), + clean_int($data['kuota'] ?? 0), + clean_int($data['radius'] ?? 500), + $id + ]); + } else { + $stmt = $pdo->prepare('UPDATE rumah_ibadah SET + nama = ?, alamat = ?, kategori = ?, pengurus = ?, kontak = ?, dana_sosial = ?, kuota = ?, radius = ?, lat = ?, lng = ?, status = ? + WHERE id = ?'); + $stmt->execute([ + clean_string($data['nama']), + clean_string($data['alamat']), + clean_string($data['kategori']), + clean_string($data['pengurus'] ?? ''), + clean_string($data['kontak'] ?? ''), + clean_float($data['dana_sosial'] ?? 0), + clean_int($data['kuota'] ?? 0), + clean_int($data['radius'] ?? 500), + clean_float($data['lat']), + clean_float($data['lng']), + clean_string($data['status'] ?? 'Aktif'), + $id + ]); + } + + json_response(['success' => true, 'message' => 'Data rumah ibadah berhasil diperbarui.']); +} + +if ($method === 'DELETE') { + api_require_role(['admin','dinas']); + $id = clean_int($_GET['id'] ?? 0); + if ($id <= 0) json_response(['success' => false, 'message' => 'ID tidak valid.'], 422); + + $stmt = $pdo->prepare('DELETE FROM rumah_ibadah WHERE id = ?'); + $stmt->execute([$id]); + json_response(['success' => true, 'message' => 'Data rumah ibadah berhasil dihapus.']); +} + +json_response(['success' => false, 'message' => 'Method tidak didukung.'], 405); diff --git a/api/users.php b/api/users.php new file mode 100644 index 0000000..e7e7953 --- /dev/null +++ b/api/users.php @@ -0,0 +1,84 @@ +query('SELECT id, nama, email, role, rumah_ibadah_id, status_akun, kontak, alamat, nama_instansi, kategori_instansi, catatan_pengajuan, lat, lng, verified_at, created_at + FROM users + ORDER BY FIELD(status_akun, "Menunggu Verifikasi", "Aktif", "Ditolak"), created_at DESC'); + json_response(['success' => true, 'data' => $stmt->fetchAll()]); +} + +if ($method === 'PUT') { + $data = get_json_input(); + required_fields($data, ['id','action']); + $id = clean_int($data['id']); + $action = clean_string($data['action']); + + if ($id <= 0) { + json_response(['success' => false, 'message' => 'ID akun tidak valid.'], 422); + } + if ($id === (int)$admin['id'] && $action !== 'approve') { + json_response(['success' => false, 'message' => 'Akun yang sedang digunakan tidak dapat ditolak atau dihapus dari sini.'], 422); + } + + $stmt = $pdo->prepare('SELECT * FROM users WHERE id = ? LIMIT 1'); + $stmt->execute([$id]); + $user = $stmt->fetch(); + if (!$user) { + json_response(['success' => false, 'message' => 'Akun tidak ditemukan.'], 404); + } + + if ($action === 'reject') { + $stmt = $pdo->prepare('UPDATE users SET status_akun = "Ditolak", verified_by = ?, verified_at = NOW() WHERE id = ?'); + $stmt->execute([$admin['id'], $id]); + json_response(['success' => true, 'message' => 'Pengajuan akun ditolak.']); + } + + if ($action === 'approve') { + $rumahIbadahId = $user['rumah_ibadah_id'] ? (int)$user['rumah_ibadah_id'] : null; + + if ($user['role'] === 'rumah_ibadah' && !$rumahIbadahId) { + if (empty($user['nama_instansi']) || empty($user['alamat']) || empty($user['kategori_instansi']) || $user['lat'] === null || $user['lng'] === null) { + json_response(['success' => false, 'message' => 'Data rumah ibadah pada pengajuan belum lengkap.'], 422); + } + + $stmt = $pdo->prepare('INSERT INTO rumah_ibadah + (nama, alamat, kategori, pengurus, kontak, dana_sosial, kuota, radius, lat, lng, status, created_by) + VALUES (?, ?, ?, ?, ?, 0, 0, 500, ?, ?, "Aktif", ?)'); + $stmt->execute([ + $user['nama_instansi'], + $user['alamat'], + in_array($user['kategori_instansi'], ['Masjid','Gereja','Vihara','Klenteng','Pura','Lainnya'], true) ? $user['kategori_instansi'] : 'Lainnya', + $user['nama'], + $user['kontak'] ?? '', + $user['lat'], + $user['lng'], + $admin['id'] + ]); + $rumahIbadahId = (int)$pdo->lastInsertId(); + } + + $stmt = $pdo->prepare('UPDATE users SET status_akun = "Aktif", rumah_ibadah_id = ?, verified_by = ?, verified_at = NOW() WHERE id = ?'); + $stmt->execute([$rumahIbadahId, $admin['id'], $id]); + json_response(['success' => true, 'message' => 'Akun berhasil disetujui.']); + } + + json_response(['success' => false, 'message' => 'Aksi tidak dikenal.'], 422); +} + +if ($method === 'DELETE') { + $id = clean_int($_GET['id'] ?? 0); + if ($id <= 0) json_response(['success' => false, 'message' => 'ID akun tidak valid.'], 422); + if ($id === (int)$admin['id']) json_response(['success' => false, 'message' => 'Akun yang sedang digunakan tidak dapat dihapus.'], 422); + + $stmt = $pdo->prepare('DELETE FROM users WHERE id = ?'); + $stmt->execute([$id]); + json_response(['success' => true, 'message' => 'Akun berhasil dihapus.']); +} + +json_response(['success' => false, 'message' => 'Method tidak didukung.'], 405);