Files
UAS_SIG/api/rumah_ibadah.php
2026-06-02 03:14:08 +00:00

111 lines
4.1 KiB
PHP

<?php
require_once __DIR__ . '/_helpers.php';
api_require_login();
$method = $_SERVER['REQUEST_METHOD'];
$user = current_user();
$role = current_role();
function can_update_ri(array $user, string $role, int $id): bool
{
if (in_array($role, ['admin','dinas'], true)) return true;
return $role === 'rumah_ibadah' && !empty($user['rumah_ibadah_id']) && (int)$user['rumah_ibadah_id'] === $id;
}
if ($method === 'GET') {
$sql = 'SELECT r.*, COALESCE(t.jumlah_tanggungan, 0) AS jumlah_tanggungan
FROM rumah_ibadah r
LEFT JOIN (
SELECT rumah_ibadah_id, COUNT(*) AS jumlah_tanggungan
FROM keluarga
WHERE status_bantuan = "Ditanggung" AND rumah_ibadah_id IS NOT NULL
GROUP BY rumah_ibadah_id
) t ON t.rumah_ibadah_id = r.id
ORDER BY r.nama ASC';
$stmt = $pdo->query($sql);
json_response(['success' => true, 'data' => $stmt->fetchAll()]);
}
if ($method === 'POST') {
api_require_role(['admin','dinas']);
$data = get_json_input();
required_fields($data, ['nama','alamat','kategori','lat','lng']);
$stmt = $pdo->prepare('INSERT INTO rumah_ibadah
(nama, alamat, kategori, pengurus, kontak, dana_sosial, kuota, radius, lat, lng, status, created_by)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
$stmt->execute([
clean_string($data['nama']),
clean_string($data['alamat']),
clean_string($data['kategori']),
clean_string($data['pengurus'] ?? ''),
clean_string($data['kontak'] ?? ''),
clean_float($data['dana_sosial'] ?? 0),
clean_int($data['kuota'] ?? 0),
clean_int($data['radius'] ?? 500),
clean_float($data['lat']),
clean_float($data['lng']),
clean_string($data['status'] ?? 'Aktif'),
$user['id']
]);
json_response(['success' => true, 'message' => 'Data rumah ibadah berhasil disimpan.', 'id' => $pdo->lastInsertId()], 201);
}
if ($method === 'PUT') {
$data = get_json_input();
required_fields($data, ['id','nama','alamat','kategori','lat','lng']);
$id = clean_int($data['id']);
if (!can_update_ri($user, $role, $id)) {
json_response(['success' => false, 'message' => 'Akses ditolak. Pengurus hanya dapat mengubah rumah ibadah yang terhubung dengan akunnya.'], 403);
}
if ($role === 'rumah_ibadah') {
$stmt = $pdo->prepare('UPDATE rumah_ibadah SET
pengurus = ?, kontak = ?, dana_sosial = ?, kuota = ?, radius = ?
WHERE id = ?');
$stmt->execute([
clean_string($data['pengurus'] ?? ''),
clean_string($data['kontak'] ?? ''),
clean_float($data['dana_sosial'] ?? 0),
clean_int($data['kuota'] ?? 0),
clean_int($data['radius'] ?? 500),
$id
]);
} else {
$stmt = $pdo->prepare('UPDATE rumah_ibadah SET
nama = ?, alamat = ?, kategori = ?, pengurus = ?, kontak = ?, dana_sosial = ?, kuota = ?, radius = ?, lat = ?, lng = ?, status = ?
WHERE id = ?');
$stmt->execute([
clean_string($data['nama']),
clean_string($data['alamat']),
clean_string($data['kategori']),
clean_string($data['pengurus'] ?? ''),
clean_string($data['kontak'] ?? ''),
clean_float($data['dana_sosial'] ?? 0),
clean_int($data['kuota'] ?? 0),
clean_int($data['radius'] ?? 500),
clean_float($data['lat']),
clean_float($data['lng']),
clean_string($data['status'] ?? 'Aktif'),
$id
]);
}
json_response(['success' => true, 'message' => 'Data rumah ibadah berhasil diperbarui.']);
}
if ($method === 'DELETE') {
api_require_role(['admin','dinas']);
$id = clean_int($_GET['id'] ?? 0);
if ($id <= 0) json_response(['success' => false, 'message' => 'ID tidak valid.'], 422);
$stmt = $pdo->prepare('DELETE FROM rumah_ibadah WHERE id = ?');
$stmt->execute([$id]);
json_response(['success' => true, 'message' => 'Data rumah ibadah berhasil dihapus.']);
}
json_response(['success' => false, 'message' => 'Method tidak didukung.'], 405);