prepare($sql); $stmt->execute($params); jsonSuccess($stmt->fetchAll()); } public function show(string $id): void { $db = getDB(); $stmt = $db->prepare( "SELECT l.*, ri.nama AS nama_ri, p.nama_lengkap AS nama_terdampak FROM laporan l LEFT JOIN rumah_ibadah ri ON l.id_rumah_ibadah=ri.id LEFT JOIN penduduk p ON l.nik_terdampak=p.nik WHERE l.id=?" ); $stmt->execute([$id]); $row = $stmt->fetch(); if (!$row) jsonError('Laporan tidak ditemukan', 404); jsonSuccess($row); } /** POST /api/laporan — siapa saja bisa lapor */ public function store(): void { $body = getBody(); $errs = required($body, ['deskripsi']); if ($errs) jsonError(implode('; ', $errs)); $db = getDB(); $db->prepare( "INSERT INTO laporan (nama_pelapor, no_hp_pelapor, nik_terdampak, id_rumah_ibadah, deskripsi, lat, lng, alamat_laporan, urgensi) VALUES (?,?,?,?,?,?,?,?,?)" )->execute([ sanitize($body['nama_pelapor'] ?? ''), sanitize($body['no_hp_pelapor'] ?? ''), $body['nik_terdampak'] ?? null, $body['id_rumah_ibadah'] ?? null, sanitize($body['deskripsi']), $body['lat'] ?? null, $body['lng'] ?? null, sanitize($body['alamat_laporan'] ?? ''), $body['urgensi'] ?? 'sedang', ]); $newId = $db->lastInsertId(); jsonSuccess(['id' => $newId], 'Laporan berhasil dikirim. Terima kasih!', 201); } /** PUT /api/laporan/:id — verifikasi / update status */ public function update(string $id): void { requireAuth([ROLE_ADMIN, ROLE_PENGURUS]); $user = currentUser(); $body = getBody(); $db = getDB(); $db->prepare( "UPDATE laporan SET status=?, catatan_verifikasi=?, id_verifikator=?, tgl_verifikasi=NOW() WHERE id=?" )->execute([ $body['status'] ?? 'diverifikasi', sanitize($body['catatan_verifikasi'] ?? ''), $user['id'], $id, ]); logActivity('update_laporan', 'laporan', $id, [], $body); jsonSuccess([], 'Status laporan diperbarui'); } public function destroy(string $id): void { requireAuth([ROLE_ADMIN]); getDB()->prepare("DELETE FROM laporan WHERE id=?")->execute([$id]); jsonSuccess([], 'Laporan dihapus'); } }