Files
2026-06-10 19:48:00 +07:00

75 lines
2.9 KiB
PHP

<?php
// api/controllers/UserController.php
class UserController {
public function index(): void {
requireAuth([ROLE_ADMIN]);
$db = getDB();
$rows = $db->query(
"SELECT u.id, u.username, u.nama_lengkap, u.email, u.no_hp,
u.aktif, u.last_login, u.created_at, r.nama_role
FROM user u JOIN role r ON u.id_role=r.id ORDER BY r.id, u.nama_lengkap"
)->fetchAll();
jsonSuccess($rows);
}
public function show(string $id): void {
requireAuth([ROLE_ADMIN]);
$db = getDB();
$stmt = $db->prepare(
"SELECT u.id, u.username, u.nama_lengkap, u.email, u.no_hp, u.aktif, r.nama_role
FROM user u JOIN role r ON u.id_role=r.id WHERE u.id=?"
);
$stmt->execute([$id]);
$row = $stmt->fetch();
if (!$row) jsonError('User tidak ditemukan',404);
jsonSuccess($row);
}
public function store(): void {
requireAuth([ROLE_ADMIN]);
$body = getBody();
$errs = required($body, ['username','password','nama_lengkap','id_role']);
if ($errs) jsonError(implode('; ',$errs));
if (strlen($body['password']) < 6) jsonError('Password minimal 6 karakter');
$db = getDB();
$chk = $db->prepare("SELECT id FROM user WHERE username=?");
$chk->execute([$body['username']]);
if ($chk->fetch()) jsonError('Username sudah dipakai',409);
$db->prepare(
"INSERT INTO user (id_role,username,password_hash,nama_lengkap,email,no_hp)
VALUES (?,?,?,?,?,?)"
)->execute([
(int)$body['id_role'],
sanitize($body['username']),
password_hash($body['password'], PASSWORD_BCRYPT),
sanitize($body['nama_lengkap']),
sanitize($body['email'] ?? ''),
sanitize($body['no_hp'] ?? ''),
]);
jsonSuccess(['id' => $db->lastInsertId()], 'User dibuat',201);
}
public function update(string $id): void {
requireAuth([ROLE_ADMIN]);
$body = getBody();
$db = getDB();
$sets = ["nama_lengkap=?","email=?","no_hp=?","id_role=?","aktif=?"];
$vals = [
sanitize($body['nama_lengkap'] ?? ''),
sanitize($body['email'] ?? ''),
sanitize($body['no_hp'] ?? ''),
(int)($body['id_role'] ?? 4),
(int)($body['aktif'] ?? 1),
];
if (!empty($body['password'])) {
$sets[] = "password_hash=?";
$vals[] = password_hash($body['password'], PASSWORD_BCRYPT);
}
$vals[] = $id;
$db->prepare("UPDATE user SET " . implode(',',$sets) . " WHERE id=?")->execute($vals);
jsonSuccess([],'User diperbarui');
}
public function destroy(string $id): void {
requireAuth([ROLE_ADMIN]);
getDB()->prepare("UPDATE user SET aktif=0 WHERE id=?")->execute([$id]);
jsonSuccess([],'User dinonaktifkan');
}
}