Upload files to "api"

This commit is contained in:
2026-06-02 03:14:08 +00:00
parent d45bcee067
commit ae9e69d6e0
3 changed files with 270 additions and 0 deletions
+76
View File
@@ -0,0 +1,76 @@
<?php
require_once __DIR__ . '/_helpers.php';
api_require_login();
api_require_role(['admin','dinas','relawan','rumah_ibadah']);
$method = $_SERVER['REQUEST_METHOD'];
$user = current_user();
$role = current_role();
function allow_enum_value($value, array $allowed, string $default): string
{
$v = clean_string($value);
return in_array($v, $allowed, true) ? $v : $default;
}
if ($method === 'GET') {
$params = [];
$where = 'WHERE ka.mampu_bekerja = "Ya"';
if ($role === 'rumah_ibadah' && !empty($user['rumah_ibadah_id'])) {
$where .= ' AND k.rumah_ibadah_id = ?';
$params[] = (int)$user['rumah_ibadah_id'];
}
$sql = 'SELECT ka.*, k.nama_kk, k.alamat, k.kerentanan, k.status_bantuan, k.rumah_ibadah_id,
r.nama AS nama_rumah_ibadah,
p.id AS program_id, p.jenis_program, p.nama_program, p.penyelenggara, p.tanggal_mulai, p.status AS status_program, p.catatan AS catatan_program
FROM keluarga_anggota ka
JOIN keluarga k ON k.id = ka.keluarga_id
LEFT JOIN rumah_ibadah r ON r.id = k.rumah_ibadah_id
LEFT JOIN (
SELECT p1.* FROM pemberdayaan p1
JOIN (SELECT anggota_id, MAX(id) AS max_id FROM pemberdayaan GROUP BY anggota_id) latest ON latest.max_id = p1.id
) p ON p.anggota_id = ka.id
' . $where . '
ORDER BY FIELD(ka.status_pemberdayaan, "Layak Diberdayakan", "Belum Dinilai", "Dalam Program", "Mandiri", "Tidak Layak"), k.kerentanan ASC, ka.nama ASC';
$stmt = $pdo->prepare($sql);
$stmt->execute($params);
json_response(['success' => true, 'data' => $stmt->fetchAll()]);
}
if ($method === 'POST') {
$data = get_json_input();
required_fields($data, ['anggota_id','jenis_program','nama_program']);
$anggotaId = clean_int($data['anggota_id']);
$stmtA = $pdo->prepare('SELECT ka.*, k.rumah_ibadah_id FROM keluarga_anggota ka JOIN keluarga k ON k.id = ka.keluarga_id WHERE ka.id = ? LIMIT 1');
$stmtA->execute([$anggotaId]);
$anggota = $stmtA->fetch();
if (!$anggota) json_response(['success' => false, 'message' => 'Anggota keluarga tidak ditemukan.'], 404);
if ($anggota['mampu_bekerja'] !== 'Ya') json_response(['success' => false, 'message' => 'Program pemberdayaan hanya untuk anggota yang masih mampu bekerja.'], 422);
if ($role === 'rumah_ibadah' && (int)$anggota['rumah_ibadah_id'] !== (int)($user['rumah_ibadah_id'] ?? 0)) {
json_response(['success' => false, 'message' => 'Pengurus hanya dapat menambah program untuk keluarga tanggungannya.'], 403);
}
$status = allow_enum_value($data['status'] ?? 'Direkomendasikan', ['Direkomendasikan','Berjalan','Selesai','Batal','Mandiri'], 'Direkomendasikan');
$stmt = $pdo->prepare('INSERT INTO pemberdayaan
(anggota_id, keluarga_id, jenis_program, nama_program, penyelenggara, tanggal_mulai, status, catatan, created_by)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)');
$stmt->execute([
$anggotaId,
(int)$anggota['keluarga_id'],
allow_enum_value($data['jenis_program'], ['Pelatihan Kerja','Modal Usaha','Pendampingan UMKM','Penempatan Kerja','Bantuan Alat Kerja','Lainnya'], 'Pelatihan Kerja'),
clean_string($data['nama_program']),
clean_string($data['penyelenggara'] ?? ''),
clean_string($data['tanggal_mulai'] ?? '') ?: null,
$status,
clean_string($data['catatan'] ?? ''),
$user['id']
]);
$statusAnggota = $status === 'Mandiri' ? 'Mandiri' : ($status === 'Berjalan' ? 'Dalam Program' : 'Layak Diberdayakan');
$pdo->prepare('UPDATE keluarga_anggota SET status_pemberdayaan = ? WHERE id = ?')->execute([$statusAnggota, $anggotaId]);
json_response(['success' => true, 'message' => 'Program pemberdayaan berhasil dicatat.'], 201);
}
json_response(['success' => false, 'message' => 'Method tidak didukung.'], 405);
+110
View File
@@ -0,0 +1,110 @@
<?php
require_once __DIR__ . '/_helpers.php';
api_require_login();
$method = $_SERVER['REQUEST_METHOD'];
$user = current_user();
$role = current_role();
function can_update_ri(array $user, string $role, int $id): bool
{
if (in_array($role, ['admin','dinas'], true)) return true;
return $role === 'rumah_ibadah' && !empty($user['rumah_ibadah_id']) && (int)$user['rumah_ibadah_id'] === $id;
}
if ($method === 'GET') {
$sql = 'SELECT r.*, COALESCE(t.jumlah_tanggungan, 0) AS jumlah_tanggungan
FROM rumah_ibadah r
LEFT JOIN (
SELECT rumah_ibadah_id, COUNT(*) AS jumlah_tanggungan
FROM keluarga
WHERE status_bantuan = "Ditanggung" AND rumah_ibadah_id IS NOT NULL
GROUP BY rumah_ibadah_id
) t ON t.rumah_ibadah_id = r.id
ORDER BY r.nama ASC';
$stmt = $pdo->query($sql);
json_response(['success' => true, 'data' => $stmt->fetchAll()]);
}
if ($method === 'POST') {
api_require_role(['admin','dinas']);
$data = get_json_input();
required_fields($data, ['nama','alamat','kategori','lat','lng']);
$stmt = $pdo->prepare('INSERT INTO rumah_ibadah
(nama, alamat, kategori, pengurus, kontak, dana_sosial, kuota, radius, lat, lng, status, created_by)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
$stmt->execute([
clean_string($data['nama']),
clean_string($data['alamat']),
clean_string($data['kategori']),
clean_string($data['pengurus'] ?? ''),
clean_string($data['kontak'] ?? ''),
clean_float($data['dana_sosial'] ?? 0),
clean_int($data['kuota'] ?? 0),
clean_int($data['radius'] ?? 500),
clean_float($data['lat']),
clean_float($data['lng']),
clean_string($data['status'] ?? 'Aktif'),
$user['id']
]);
json_response(['success' => true, 'message' => 'Data rumah ibadah berhasil disimpan.', 'id' => $pdo->lastInsertId()], 201);
}
if ($method === 'PUT') {
$data = get_json_input();
required_fields($data, ['id','nama','alamat','kategori','lat','lng']);
$id = clean_int($data['id']);
if (!can_update_ri($user, $role, $id)) {
json_response(['success' => false, 'message' => 'Akses ditolak. Pengurus hanya dapat mengubah rumah ibadah yang terhubung dengan akunnya.'], 403);
}
if ($role === 'rumah_ibadah') {
$stmt = $pdo->prepare('UPDATE rumah_ibadah SET
pengurus = ?, kontak = ?, dana_sosial = ?, kuota = ?, radius = ?
WHERE id = ?');
$stmt->execute([
clean_string($data['pengurus'] ?? ''),
clean_string($data['kontak'] ?? ''),
clean_float($data['dana_sosial'] ?? 0),
clean_int($data['kuota'] ?? 0),
clean_int($data['radius'] ?? 500),
$id
]);
} else {
$stmt = $pdo->prepare('UPDATE rumah_ibadah SET
nama = ?, alamat = ?, kategori = ?, pengurus = ?, kontak = ?, dana_sosial = ?, kuota = ?, radius = ?, lat = ?, lng = ?, status = ?
WHERE id = ?');
$stmt->execute([
clean_string($data['nama']),
clean_string($data['alamat']),
clean_string($data['kategori']),
clean_string($data['pengurus'] ?? ''),
clean_string($data['kontak'] ?? ''),
clean_float($data['dana_sosial'] ?? 0),
clean_int($data['kuota'] ?? 0),
clean_int($data['radius'] ?? 500),
clean_float($data['lat']),
clean_float($data['lng']),
clean_string($data['status'] ?? 'Aktif'),
$id
]);
}
json_response(['success' => true, 'message' => 'Data rumah ibadah berhasil diperbarui.']);
}
if ($method === 'DELETE') {
api_require_role(['admin','dinas']);
$id = clean_int($_GET['id'] ?? 0);
if ($id <= 0) json_response(['success' => false, 'message' => 'ID tidak valid.'], 422);
$stmt = $pdo->prepare('DELETE FROM rumah_ibadah WHERE id = ?');
$stmt->execute([$id]);
json_response(['success' => true, 'message' => 'Data rumah ibadah berhasil dihapus.']);
}
json_response(['success' => false, 'message' => 'Method tidak didukung.'], 405);
+84
View File
@@ -0,0 +1,84 @@
<?php
require_once __DIR__ . '/_helpers.php';
api_require_login();
api_require_role(['admin']);
$method = $_SERVER['REQUEST_METHOD'];
$admin = current_user();
if ($method === 'GET') {
$stmt = $pdo->query('SELECT id, nama, email, role, rumah_ibadah_id, status_akun, kontak, alamat, nama_instansi, kategori_instansi, catatan_pengajuan, lat, lng, verified_at, created_at
FROM users
ORDER BY FIELD(status_akun, "Menunggu Verifikasi", "Aktif", "Ditolak"), created_at DESC');
json_response(['success' => true, 'data' => $stmt->fetchAll()]);
}
if ($method === 'PUT') {
$data = get_json_input();
required_fields($data, ['id','action']);
$id = clean_int($data['id']);
$action = clean_string($data['action']);
if ($id <= 0) {
json_response(['success' => false, 'message' => 'ID akun tidak valid.'], 422);
}
if ($id === (int)$admin['id'] && $action !== 'approve') {
json_response(['success' => false, 'message' => 'Akun yang sedang digunakan tidak dapat ditolak atau dihapus dari sini.'], 422);
}
$stmt = $pdo->prepare('SELECT * FROM users WHERE id = ? LIMIT 1');
$stmt->execute([$id]);
$user = $stmt->fetch();
if (!$user) {
json_response(['success' => false, 'message' => 'Akun tidak ditemukan.'], 404);
}
if ($action === 'reject') {
$stmt = $pdo->prepare('UPDATE users SET status_akun = "Ditolak", verified_by = ?, verified_at = NOW() WHERE id = ?');
$stmt->execute([$admin['id'], $id]);
json_response(['success' => true, 'message' => 'Pengajuan akun ditolak.']);
}
if ($action === 'approve') {
$rumahIbadahId = $user['rumah_ibadah_id'] ? (int)$user['rumah_ibadah_id'] : null;
if ($user['role'] === 'rumah_ibadah' && !$rumahIbadahId) {
if (empty($user['nama_instansi']) || empty($user['alamat']) || empty($user['kategori_instansi']) || $user['lat'] === null || $user['lng'] === null) {
json_response(['success' => false, 'message' => 'Data rumah ibadah pada pengajuan belum lengkap.'], 422);
}
$stmt = $pdo->prepare('INSERT INTO rumah_ibadah
(nama, alamat, kategori, pengurus, kontak, dana_sosial, kuota, radius, lat, lng, status, created_by)
VALUES (?, ?, ?, ?, ?, 0, 0, 500, ?, ?, "Aktif", ?)');
$stmt->execute([
$user['nama_instansi'],
$user['alamat'],
in_array($user['kategori_instansi'], ['Masjid','Gereja','Vihara','Klenteng','Pura','Lainnya'], true) ? $user['kategori_instansi'] : 'Lainnya',
$user['nama'],
$user['kontak'] ?? '',
$user['lat'],
$user['lng'],
$admin['id']
]);
$rumahIbadahId = (int)$pdo->lastInsertId();
}
$stmt = $pdo->prepare('UPDATE users SET status_akun = "Aktif", rumah_ibadah_id = ?, verified_by = ?, verified_at = NOW() WHERE id = ?');
$stmt->execute([$rumahIbadahId, $admin['id'], $id]);
json_response(['success' => true, 'message' => 'Akun berhasil disetujui.']);
}
json_response(['success' => false, 'message' => 'Aksi tidak dikenal.'], 422);
}
if ($method === 'DELETE') {
$id = clean_int($_GET['id'] ?? 0);
if ($id <= 0) json_response(['success' => false, 'message' => 'ID akun tidak valid.'], 422);
if ($id === (int)$admin['id']) json_response(['success' => false, 'message' => 'Akun yang sedang digunakan tidak dapat dihapus.'], 422);
$stmt = $pdo->prepare('DELETE FROM users WHERE id = ?');
$stmt->execute([$id]);
json_response(['success' => true, 'message' => 'Akun berhasil dihapus.']);
}
json_response(['success' => false, 'message' => 'Method tidak didukung.'], 405);