edit files
This commit is contained in:
@@ -0,0 +1,91 @@
|
||||
<?php
|
||||
// api/controllers/LaporanController.php
|
||||
class LaporanController {
|
||||
|
||||
public function index(): void {
|
||||
$user = currentUser();
|
||||
// Masyarakat bisa lihat laporan mereka sendiri; pengurus+ lihat semua
|
||||
$db = getDB();
|
||||
$sql = "SELECT l.*, ri.nama AS nama_ri, p.nama_lengkap AS nama_terdampak
|
||||
FROM laporan l
|
||||
LEFT JOIN rumah_ibadah ri ON l.id_rumah_ibadah=ri.id
|
||||
LEFT JOIN penduduk p ON l.nik_terdampak=p.nik
|
||||
WHERE 1=1";
|
||||
$params = [];
|
||||
if (!empty($_GET['status'])) { $sql .= " AND l.status=?"; $params[] = $_GET['status']; }
|
||||
if (!empty($_GET['urgensi'])) { $sql .= " AND l.urgensi=?"; $params[] = $_GET['urgensi']; }
|
||||
$sql .= " ORDER BY FIELD(l.urgensi,'darurat','tinggi','sedang','rendah'), l.created_at DESC LIMIT 100";
|
||||
$stmt = $db->prepare($sql);
|
||||
$stmt->execute($params);
|
||||
jsonSuccess($stmt->fetchAll());
|
||||
}
|
||||
|
||||
public function show(string $id): void {
|
||||
$db = getDB();
|
||||
$stmt = $db->prepare(
|
||||
"SELECT l.*, ri.nama AS nama_ri, p.nama_lengkap AS nama_terdampak
|
||||
FROM laporan l
|
||||
LEFT JOIN rumah_ibadah ri ON l.id_rumah_ibadah=ri.id
|
||||
LEFT JOIN penduduk p ON l.nik_terdampak=p.nik
|
||||
WHERE l.id=?"
|
||||
);
|
||||
$stmt->execute([$id]);
|
||||
$row = $stmt->fetch();
|
||||
if (!$row) jsonError('Laporan tidak ditemukan', 404);
|
||||
jsonSuccess($row);
|
||||
}
|
||||
|
||||
/** POST /api/laporan — siapa saja bisa lapor */
|
||||
public function store(): void {
|
||||
$body = getBody();
|
||||
$errs = required($body, ['deskripsi']);
|
||||
if ($errs) jsonError(implode('; ', $errs));
|
||||
|
||||
$db = getDB();
|
||||
$db->prepare(
|
||||
"INSERT INTO laporan
|
||||
(nama_pelapor, no_hp_pelapor, nik_terdampak, id_rumah_ibadah,
|
||||
deskripsi, lat, lng, alamat_laporan, urgensi)
|
||||
VALUES (?,?,?,?,?,?,?,?,?)"
|
||||
)->execute([
|
||||
sanitize($body['nama_pelapor'] ?? ''),
|
||||
sanitize($body['no_hp_pelapor'] ?? ''),
|
||||
$body['nik_terdampak'] ?? null,
|
||||
$body['id_rumah_ibadah'] ?? null,
|
||||
sanitize($body['deskripsi']),
|
||||
$body['lat'] ?? null,
|
||||
$body['lng'] ?? null,
|
||||
sanitize($body['alamat_laporan'] ?? ''),
|
||||
$body['urgensi'] ?? 'sedang',
|
||||
]);
|
||||
$newId = $db->lastInsertId();
|
||||
jsonSuccess(['id' => $newId], 'Laporan berhasil dikirim. Terima kasih!', 201);
|
||||
}
|
||||
|
||||
/** PUT /api/laporan/:id — verifikasi / update status */
|
||||
public function update(string $id): void {
|
||||
requireAuth([ROLE_ADMIN, ROLE_PENGURUS]);
|
||||
$user = currentUser();
|
||||
$body = getBody();
|
||||
$db = getDB();
|
||||
|
||||
$db->prepare(
|
||||
"UPDATE laporan SET status=?, catatan_verifikasi=?,
|
||||
id_verifikator=?, tgl_verifikasi=NOW()
|
||||
WHERE id=?"
|
||||
)->execute([
|
||||
$body['status'] ?? 'diverifikasi',
|
||||
sanitize($body['catatan_verifikasi'] ?? ''),
|
||||
$user['id'],
|
||||
$id,
|
||||
]);
|
||||
logActivity('update_laporan', 'laporan', $id, [], $body);
|
||||
jsonSuccess([], 'Status laporan diperbarui');
|
||||
}
|
||||
|
||||
public function destroy(string $id): void {
|
||||
requireAuth([ROLE_ADMIN]);
|
||||
getDB()->prepare("DELETE FROM laporan WHERE id=?")->execute([$id]);
|
||||
jsonSuccess([], 'Laporan dihapus');
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user