75 lines
2.9 KiB
PHP
75 lines
2.9 KiB
PHP
<?php
|
|
// api/controllers/UserController.php
|
|
class UserController {
|
|
public function index(): void {
|
|
requireAuth([ROLE_ADMIN]);
|
|
$db = getDB();
|
|
$rows = $db->query(
|
|
"SELECT u.id, u.username, u.nama_lengkap, u.email, u.no_hp,
|
|
u.aktif, u.last_login, u.created_at, r.nama_role
|
|
FROM user u JOIN role r ON u.id_role=r.id ORDER BY r.id, u.nama_lengkap"
|
|
)->fetchAll();
|
|
jsonSuccess($rows);
|
|
}
|
|
public function show(string $id): void {
|
|
requireAuth([ROLE_ADMIN]);
|
|
$db = getDB();
|
|
$stmt = $db->prepare(
|
|
"SELECT u.id, u.username, u.nama_lengkap, u.email, u.no_hp, u.aktif, r.nama_role
|
|
FROM user u JOIN role r ON u.id_role=r.id WHERE u.id=?"
|
|
);
|
|
$stmt->execute([$id]);
|
|
$row = $stmt->fetch();
|
|
if (!$row) jsonError('User tidak ditemukan',404);
|
|
jsonSuccess($row);
|
|
}
|
|
public function store(): void {
|
|
requireAuth([ROLE_ADMIN]);
|
|
$body = getBody();
|
|
$errs = required($body, ['username','password','nama_lengkap','id_role']);
|
|
if ($errs) jsonError(implode('; ',$errs));
|
|
if (strlen($body['password']) < 6) jsonError('Password minimal 6 karakter');
|
|
$db = getDB();
|
|
$chk = $db->prepare("SELECT id FROM user WHERE username=?");
|
|
$chk->execute([$body['username']]);
|
|
if ($chk->fetch()) jsonError('Username sudah dipakai',409);
|
|
$db->prepare(
|
|
"INSERT INTO user (id_role,username,password_hash,nama_lengkap,email,no_hp)
|
|
VALUES (?,?,?,?,?,?)"
|
|
)->execute([
|
|
(int)$body['id_role'],
|
|
sanitize($body['username']),
|
|
password_hash($body['password'], PASSWORD_BCRYPT),
|
|
sanitize($body['nama_lengkap']),
|
|
sanitize($body['email'] ?? ''),
|
|
sanitize($body['no_hp'] ?? ''),
|
|
]);
|
|
jsonSuccess(['id' => $db->lastInsertId()], 'User dibuat',201);
|
|
}
|
|
public function update(string $id): void {
|
|
requireAuth([ROLE_ADMIN]);
|
|
$body = getBody();
|
|
$db = getDB();
|
|
$sets = ["nama_lengkap=?","email=?","no_hp=?","id_role=?","aktif=?"];
|
|
$vals = [
|
|
sanitize($body['nama_lengkap'] ?? ''),
|
|
sanitize($body['email'] ?? ''),
|
|
sanitize($body['no_hp'] ?? ''),
|
|
(int)($body['id_role'] ?? 4),
|
|
(int)($body['aktif'] ?? 1),
|
|
];
|
|
if (!empty($body['password'])) {
|
|
$sets[] = "password_hash=?";
|
|
$vals[] = password_hash($body['password'], PASSWORD_BCRYPT);
|
|
}
|
|
$vals[] = $id;
|
|
$db->prepare("UPDATE user SET " . implode(',',$sets) . " WHERE id=?")->execute($vals);
|
|
jsonSuccess([],'User diperbarui');
|
|
}
|
|
public function destroy(string $id): void {
|
|
requireAuth([ROLE_ADMIN]);
|
|
getDB()->prepare("UPDATE user SET aktif=0 WHERE id=?")->execute([$id]);
|
|
jsonSuccess([],'User dinonaktifkan');
|
|
}
|
|
}
|