prepare($sql); $stmt->execute($params); jsonSuccess($stmt->fetchAll()); } public function show(string $id): void { requireAuth([ROLE_ADMIN, ROLE_PENGURUS, ROLE_PIMPINAN]); $db = getDB(); $stmt = $db->prepare( "SELECT hb.*, b.nama_bantuan, b.kategori, p.nama_lengkap, ri.nama AS nama_ri FROM histori_bantuan hb JOIN bantuan b ON hb.id_bantuan=b.id JOIN penduduk p ON hb.nik=p.nik LEFT JOIN rumah_ibadah ri ON hb.id_rumah_ibadah=ri.id WHERE hb.id=?" ); $stmt->execute([$id]); $row = $stmt->fetch(); if (!$row) jsonError('Histori tidak ditemukan', 404); jsonSuccess($row); } /** POST /api/histori — catat penyaluran bantuan */ public function store(): void { requireAuth([ROLE_ADMIN, ROLE_PENGURUS]); $body = getBody(); $errs = required($body, ['nik', 'id_bantuan', 'tanggal']); if ($errs) jsonError(implode('; ', $errs)); $user = currentUser(); $db = getDB(); // Cek penduduk ada $chk = $db->prepare("SELECT nik FROM penduduk WHERE nik = ?"); $chk->execute([$body['nik']]); if (!$chk->fetch()) jsonError('NIK penduduk tidak ditemukan', 404); $db->prepare( "INSERT INTO histori_bantuan (nik, id_bantuan, id_rumah_ibadah, id_user, tanggal, jumlah, keterangan, status_penyaluran) VALUES (?,?,?,?,?,?,?,?)" )->execute([ $body['nik'], (int)$body['id_bantuan'], $body['id_rumah_ibadah'] ?? null, $user['id'], $body['tanggal'], (float)($body['jumlah'] ?? 1), sanitize($body['keterangan'] ?? ''), $body['status_penyaluran'] ?? 'disalurkan', ]); $newId = $db->lastInsertId(); logActivity('create_histori_bantuan', 'histori_bantuan', $newId, [], $body); jsonSuccess(['id' => $newId], 'Histori bantuan dicatat', 201); } public function update(string $id): void { requireAuth([ROLE_ADMIN, ROLE_PENGURUS]); $body = getBody(); $db = getDB(); $db->prepare( "UPDATE histori_bantuan SET status_penyaluran=?, keterangan=?, jumlah=? WHERE id=?" )->execute([ $body['status_penyaluran'] ?? 'disalurkan', sanitize($body['keterangan'] ?? ''), (float)($body['jumlah'] ?? 1), $id, ]); logActivity('update_histori_bantuan', 'histori_bantuan', $id, [], $body); jsonSuccess([], 'Histori bantuan diperbarui'); } public function destroy(string $id): void { requireAuth([ROLE_ADMIN]); $db = getDB(); $db->prepare("DELETE FROM histori_bantuan WHERE id=?")->execute([$id]); jsonSuccess([], 'Histori bantuan dihapus'); } /** GET /api/histori/:nik/cek */ public function cek(string $nik): void { requireAuth([ROLE_ADMIN, ROLE_PENGURUS]); $db = getDB(); $stmt = $db->prepare( "SELECT COUNT(*) AS total, GROUP_CONCAT(DISTINCT b.nama_bantuan ORDER BY b.nama_bantuan SEPARATOR ', ') AS jenis_bantuan, MAX(hb.tanggal) AS terakhir_dibantu FROM histori_bantuan hb JOIN bantuan b ON hb.id_bantuan=b.id WHERE hb.nik=? AND hb.status_penyaluran='disalurkan'" ); $stmt->execute([$nik]); jsonSuccess($stmt->fetch()); } }