92 lines
3.4 KiB
PHP
92 lines
3.4 KiB
PHP
<?php
|
|
// api/controllers/LaporanController.php
|
|
class LaporanController {
|
|
|
|
public function index(): void {
|
|
$user = currentUser();
|
|
// Masyarakat bisa lihat laporan mereka sendiri; pengurus+ lihat semua
|
|
$db = getDB();
|
|
$sql = "SELECT l.*, ri.nama AS nama_ri, p.nama_lengkap AS nama_terdampak
|
|
FROM laporan l
|
|
LEFT JOIN rumah_ibadah ri ON l.id_rumah_ibadah=ri.id
|
|
LEFT JOIN penduduk p ON l.nik_terdampak=p.nik
|
|
WHERE 1=1";
|
|
$params = [];
|
|
if (!empty($_GET['status'])) { $sql .= " AND l.status=?"; $params[] = $_GET['status']; }
|
|
if (!empty($_GET['urgensi'])) { $sql .= " AND l.urgensi=?"; $params[] = $_GET['urgensi']; }
|
|
$sql .= " ORDER BY FIELD(l.urgensi,'darurat','tinggi','sedang','rendah'), l.created_at DESC LIMIT 100";
|
|
$stmt = $db->prepare($sql);
|
|
$stmt->execute($params);
|
|
jsonSuccess($stmt->fetchAll());
|
|
}
|
|
|
|
public function show(string $id): void {
|
|
$db = getDB();
|
|
$stmt = $db->prepare(
|
|
"SELECT l.*, ri.nama AS nama_ri, p.nama_lengkap AS nama_terdampak
|
|
FROM laporan l
|
|
LEFT JOIN rumah_ibadah ri ON l.id_rumah_ibadah=ri.id
|
|
LEFT JOIN penduduk p ON l.nik_terdampak=p.nik
|
|
WHERE l.id=?"
|
|
);
|
|
$stmt->execute([$id]);
|
|
$row = $stmt->fetch();
|
|
if (!$row) jsonError('Laporan tidak ditemukan', 404);
|
|
jsonSuccess($row);
|
|
}
|
|
|
|
/** POST /api/laporan — siapa saja bisa lapor */
|
|
public function store(): void {
|
|
$body = getBody();
|
|
$errs = required($body, ['deskripsi']);
|
|
if ($errs) jsonError(implode('; ', $errs));
|
|
|
|
$db = getDB();
|
|
$db->prepare(
|
|
"INSERT INTO laporan
|
|
(nama_pelapor, no_hp_pelapor, nik_terdampak, id_rumah_ibadah,
|
|
deskripsi, lat, lng, alamat_laporan, urgensi)
|
|
VALUES (?,?,?,?,?,?,?,?,?)"
|
|
)->execute([
|
|
sanitize($body['nama_pelapor'] ?? ''),
|
|
sanitize($body['no_hp_pelapor'] ?? ''),
|
|
$body['nik_terdampak'] ?? null,
|
|
$body['id_rumah_ibadah'] ?? null,
|
|
sanitize($body['deskripsi']),
|
|
$body['lat'] ?? null,
|
|
$body['lng'] ?? null,
|
|
sanitize($body['alamat_laporan'] ?? ''),
|
|
$body['urgensi'] ?? 'sedang',
|
|
]);
|
|
$newId = $db->lastInsertId();
|
|
jsonSuccess(['id' => $newId], 'Laporan berhasil dikirim. Terima kasih!', 201);
|
|
}
|
|
|
|
/** PUT /api/laporan/:id — verifikasi / update status */
|
|
public function update(string $id): void {
|
|
requireAuth([ROLE_ADMIN, ROLE_PENGURUS]);
|
|
$user = currentUser();
|
|
$body = getBody();
|
|
$db = getDB();
|
|
|
|
$db->prepare(
|
|
"UPDATE laporan SET status=?, catatan_verifikasi=?,
|
|
id_verifikator=?, tgl_verifikasi=NOW()
|
|
WHERE id=?"
|
|
)->execute([
|
|
$body['status'] ?? 'diverifikasi',
|
|
sanitize($body['catatan_verifikasi'] ?? ''),
|
|
$user['id'],
|
|
$id,
|
|
]);
|
|
logActivity('update_laporan', 'laporan', $id, [], $body);
|
|
jsonSuccess([], 'Status laporan diperbarui');
|
|
}
|
|
|
|
public function destroy(string $id): void {
|
|
requireAuth([ROLE_ADMIN]);
|
|
getDB()->prepare("DELETE FROM laporan WHERE id=?")->execute([$id]);
|
|
jsonSuccess([], 'Laporan dihapus');
|
|
}
|
|
}
|