query($sql); json_response(['success' => true, 'data' => $stmt->fetchAll()]); } if ($method === 'POST') { api_require_role(['admin','dinas']); $data = get_json_input(); required_fields($data, ['nama','alamat','kategori','lat','lng']); $stmt = $pdo->prepare('INSERT INTO rumah_ibadah (nama, alamat, kategori, pengurus, kontak, dana_sosial, kuota, radius, lat, lng, status, created_by) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'); $stmt->execute([ clean_string($data['nama']), clean_string($data['alamat']), clean_string($data['kategori']), clean_string($data['pengurus'] ?? ''), clean_string($data['kontak'] ?? ''), clean_float($data['dana_sosial'] ?? 0), clean_int($data['kuota'] ?? 0), clean_int($data['radius'] ?? 500), clean_float($data['lat']), clean_float($data['lng']), clean_string($data['status'] ?? 'Aktif'), $user['id'] ]); json_response(['success' => true, 'message' => 'Data rumah ibadah berhasil disimpan.', 'id' => $pdo->lastInsertId()], 201); } if ($method === 'PUT') { $data = get_json_input(); required_fields($data, ['id','nama','alamat','kategori','lat','lng']); $id = clean_int($data['id']); if (!can_update_ri($user, $role, $id)) { json_response(['success' => false, 'message' => 'Akses ditolak. Pengurus hanya dapat mengubah rumah ibadah yang terhubung dengan akunnya.'], 403); } if ($role === 'rumah_ibadah') { $stmt = $pdo->prepare('UPDATE rumah_ibadah SET pengurus = ?, kontak = ?, dana_sosial = ?, kuota = ?, radius = ? WHERE id = ?'); $stmt->execute([ clean_string($data['pengurus'] ?? ''), clean_string($data['kontak'] ?? ''), clean_float($data['dana_sosial'] ?? 0), clean_int($data['kuota'] ?? 0), clean_int($data['radius'] ?? 500), $id ]); } else { $stmt = $pdo->prepare('UPDATE rumah_ibadah SET nama = ?, alamat = ?, kategori = ?, pengurus = ?, kontak = ?, dana_sosial = ?, kuota = ?, radius = ?, lat = ?, lng = ?, status = ? WHERE id = ?'); $stmt->execute([ clean_string($data['nama']), clean_string($data['alamat']), clean_string($data['kategori']), clean_string($data['pengurus'] ?? ''), clean_string($data['kontak'] ?? ''), clean_float($data['dana_sosial'] ?? 0), clean_int($data['kuota'] ?? 0), clean_int($data['radius'] ?? 500), clean_float($data['lat']), clean_float($data['lng']), clean_string($data['status'] ?? 'Aktif'), $id ]); } json_response(['success' => true, 'message' => 'Data rumah ibadah berhasil diperbarui.']); } if ($method === 'DELETE') { api_require_role(['admin','dinas']); $id = clean_int($_GET['id'] ?? 0); if ($id <= 0) json_response(['success' => false, 'message' => 'ID tidak valid.'], 422); $stmt = $pdo->prepare('DELETE FROM rumah_ibadah WHERE id = ?'); $stmt->execute([$id]); json_response(['success' => true, 'message' => 'Data rumah ibadah berhasil dihapus.']); } json_response(['success' => false, 'message' => 'Method tidak didukung.'], 405);