query( "SELECT u.id, u.username, u.nama_lengkap, u.email, u.no_hp, u.aktif, u.last_login, u.created_at, r.nama_role FROM user u JOIN role r ON u.id_role=r.id ORDER BY r.id, u.nama_lengkap" )->fetchAll(); jsonSuccess($rows); } public function show(string $id): void { requireAuth([ROLE_ADMIN]); $db = getDB(); $stmt = $db->prepare( "SELECT u.id, u.username, u.nama_lengkap, u.email, u.no_hp, u.aktif, r.nama_role FROM user u JOIN role r ON u.id_role=r.id WHERE u.id=?" ); $stmt->execute([$id]); $row = $stmt->fetch(); if (!$row) jsonError('User tidak ditemukan',404); jsonSuccess($row); } public function store(): void { requireAuth([ROLE_ADMIN]); $body = getBody(); $errs = required($body, ['username','password','nama_lengkap','id_role']); if ($errs) jsonError(implode('; ',$errs)); if (strlen($body['password']) < 6) jsonError('Password minimal 6 karakter'); $db = getDB(); $chk = $db->prepare("SELECT id FROM user WHERE username=?"); $chk->execute([$body['username']]); if ($chk->fetch()) jsonError('Username sudah dipakai',409); $db->prepare( "INSERT INTO user (id_role,username,password_hash,nama_lengkap,email,no_hp) VALUES (?,?,?,?,?,?)" )->execute([ (int)$body['id_role'], sanitize($body['username']), password_hash($body['password'], PASSWORD_BCRYPT), sanitize($body['nama_lengkap']), sanitize($body['email'] ?? ''), sanitize($body['no_hp'] ?? ''), ]); jsonSuccess(['id' => $db->lastInsertId()], 'User dibuat',201); } public function update(string $id): void { requireAuth([ROLE_ADMIN]); $body = getBody(); $db = getDB(); $sets = ["nama_lengkap=?","email=?","no_hp=?","id_role=?","aktif=?"]; $vals = [ sanitize($body['nama_lengkap'] ?? ''), sanitize($body['email'] ?? ''), sanitize($body['no_hp'] ?? ''), (int)($body['id_role'] ?? 4), (int)($body['aktif'] ?? 1), ]; if (!empty($body['password'])) { $sets[] = "password_hash=?"; $vals[] = password_hash($body['password'], PASSWORD_BCRYPT); } $vals[] = $id; $db->prepare("UPDATE user SET " . implode(',',$sets) . " WHERE id=?")->execute($vals); jsonSuccess([],'User diperbarui'); } public function destroy(string $id): void { requireAuth([ROLE_ADMIN]); getDB()->prepare("UPDATE user SET aktif=0 WHERE id=?")->execute([$id]); jsonSuccess([],'User dinonaktifkan'); } }