Files
2026-06-10 19:48:00 +07:00

62 lines
2.3 KiB
PHP

<?php
// api/controllers/BantuanController.php
class BantuanController {
public function index(): void {
requireAuth([ROLE_ADMIN, ROLE_PENGURUS, ROLE_PIMPINAN]);
$db = getDB();
$rows = $db->query("SELECT * FROM bantuan ORDER BY kategori, nama_bantuan")->fetchAll();
jsonSuccess($rows);
}
public function show(string $id): void {
requireAuth([ROLE_ADMIN, ROLE_PENGURUS, ROLE_PIMPINAN]);
$db = getDB();
$stmt = $db->prepare("SELECT * FROM bantuan WHERE id = ?");
$stmt->execute([$id]);
$row = $stmt->fetch();
if (!$row) jsonError('Jenis bantuan tidak ditemukan', 404);
jsonSuccess($row);
}
public function store(): void {
requireAuth([ROLE_ADMIN, ROLE_PENGURUS]);
$body = getBody();
$errs = required($body, ['nama_bantuan', 'kategori']);
if ($errs) jsonError(implode('; ', $errs));
$db = getDB();
$db->prepare(
"INSERT INTO bantuan (nama_bantuan, kategori, sumber, deskripsi, satuan)
VALUES (?,?,?,?,?)"
)->execute([
sanitize($body['nama_bantuan']),
$body['kategori'],
sanitize($body['sumber'] ?? ''),
sanitize($body['deskripsi'] ?? ''),
sanitize($body['satuan'] ?? ''),
]);
jsonSuccess(['id' => getDB()->lastInsertId()], 'Jenis bantuan ditambahkan', 201);
}
public function update(string $id): void {
requireAuth([ROLE_ADMIN, ROLE_PENGURUS]);
$body = getBody();
$db = getDB();
$db->prepare(
"UPDATE bantuan SET nama_bantuan=?, kategori=?, sumber=?, deskripsi=?, satuan=?, aktif=?
WHERE id=?"
)->execute([
sanitize($body['nama_bantuan'] ?? ''),
$body['kategori'] ?? 'lainnya',
sanitize($body['sumber'] ?? ''),
sanitize($body['deskripsi'] ?? ''),
sanitize($body['satuan'] ?? ''),
(int)($body['aktif'] ?? 1),
$id,
]);
jsonSuccess([], 'Jenis bantuan diperbarui');
}
public function destroy(string $id): void {
requireAuth([ROLE_ADMIN]);
$db = getDB();
$db->prepare("DELETE FROM bantuan WHERE id = ?")->execute([$id]);
jsonSuccess([], 'Jenis bantuan dihapus');
}
}