Upload files to "api"
This commit is contained in:
@@ -0,0 +1,71 @@
|
||||
<?php
|
||||
require_once __DIR__ . '/_helpers.php';
|
||||
api_require_login();
|
||||
api_require_role(['admin','dinas','rumah_ibadah','relawan']);
|
||||
|
||||
$method = $_SERVER['REQUEST_METHOD'];
|
||||
$user = current_user();
|
||||
$role = current_role();
|
||||
|
||||
if ($method === 'GET') {
|
||||
$keluargaId = clean_int($_GET['keluarga_id'] ?? 0);
|
||||
$params = [];
|
||||
$where = [];
|
||||
|
||||
if ($keluargaId > 0) {
|
||||
$where[] = 'rb.keluarga_id = ?';
|
||||
$params[] = $keluargaId;
|
||||
}
|
||||
|
||||
if ($role === 'rumah_ibadah' && !empty($user['rumah_ibadah_id'])) {
|
||||
$where[] = 'rb.rumah_ibadah_id = ?';
|
||||
$params[] = (int)$user['rumah_ibadah_id'];
|
||||
}
|
||||
|
||||
$sql = 'SELECT rb.*, k.nama_kk, r.nama AS nama_rumah_ibadah
|
||||
FROM riwayat_bantuan rb
|
||||
JOIN keluarga k ON k.id = rb.keluarga_id
|
||||
LEFT JOIN rumah_ibadah r ON r.id = rb.rumah_ibadah_id';
|
||||
if ($where) $sql .= ' WHERE ' . implode(' AND ', $where);
|
||||
$sql .= ' ORDER BY rb.tanggal_bantuan DESC, rb.created_at DESC';
|
||||
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute($params);
|
||||
json_response(['success' => true, 'data' => $stmt->fetchAll()]);
|
||||
}
|
||||
|
||||
if ($method === 'POST') {
|
||||
$data = get_json_input();
|
||||
required_fields($data, ['keluarga_id','tanggal_bantuan','jenis_bantuan']);
|
||||
|
||||
$keluargaId = clean_int($data['keluarga_id']);
|
||||
$stmtKel = $pdo->prepare('SELECT rumah_ibadah_id, status_bantuan FROM keluarga WHERE id = ?');
|
||||
$stmtKel->execute([$keluargaId]);
|
||||
$kel = $stmtKel->fetch();
|
||||
if (!$kel) json_response(['success' => false, 'message' => 'Data keluarga tidak ditemukan.'], 404);
|
||||
if ($kel['status_bantuan'] !== 'Ditanggung') {
|
||||
json_response(['success' => false, 'message' => 'Bantuan hanya dapat dicatat untuk keluarga berstatus Ditanggung.'], 422);
|
||||
}
|
||||
|
||||
$rumahIbadahId = $kel['rumah_ibadah_id'] ? (int)$kel['rumah_ibadah_id'] : null;
|
||||
if ($role === 'rumah_ibadah' && $user['rumah_ibadah_id'] && $rumahIbadahId !== (int)$user['rumah_ibadah_id']) {
|
||||
json_response(['success' => false, 'message' => 'Pengurus rumah ibadah hanya dapat mencatat bantuan untuk keluarga tanggungannya sendiri.'], 403);
|
||||
}
|
||||
|
||||
$stmt = $pdo->prepare('INSERT INTO riwayat_bantuan
|
||||
(keluarga_id, rumah_ibadah_id, tanggal_bantuan, jenis_bantuan, nilai_bantuan, catatan, created_by)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?)');
|
||||
$stmt->execute([
|
||||
$keluargaId,
|
||||
$rumahIbadahId,
|
||||
clean_string($data['tanggal_bantuan']),
|
||||
clean_string($data['jenis_bantuan']),
|
||||
clean_float($data['nilai_bantuan'] ?? 0),
|
||||
clean_string($data['catatan'] ?? ''),
|
||||
$user['id']
|
||||
]);
|
||||
|
||||
json_response(['success' => true, 'message' => 'Riwayat bantuan berhasil dicatat.'], 201);
|
||||
}
|
||||
|
||||
json_response(['success' => false, 'message' => 'Method tidak didukung.'], 405);
|
||||
Reference in New Issue
Block a user