chore: prepare docker webgis deployment
This commit is contained in:
@@ -0,0 +1,105 @@
|
||||
<?php
|
||||
header('Content-Type: application/json');
|
||||
require_once '../../config.php';
|
||||
require_once '../../auth/helper.php';
|
||||
require_once '../../koneksi.php';
|
||||
|
||||
$is_authenticated = is_logged_in();
|
||||
$is_privileged = $is_authenticated && has_role('operator');
|
||||
$role = $is_authenticated ? get_role() : 'viewer';
|
||||
$is_admin = $is_authenticated && has_role('administrator');
|
||||
$can_see_sensitive = $is_privileged;
|
||||
$can_see_coords = $is_privileged;
|
||||
$public_verif_sql = $is_privileged ? "" : " AND pm.status_verifikasi = 'Terverifikasi'";
|
||||
|
||||
// Publik: hanya data Terverifikasi
|
||||
// Operator: semua data ibadahnya sendiri (semua status)
|
||||
// Admin: semua data tanpa filter
|
||||
$operator_scope_sql = '';
|
||||
|
||||
if ($is_privileged && !$is_admin) {
|
||||
$linked_ibadah_id = get_ibadah_id();
|
||||
$operator_scope_sql = $linked_ibadah_id
|
||||
? ' AND pm.ibadah_id = ' . (int)$linked_ibadah_id
|
||||
: ' AND 1 = 0';
|
||||
// operator lihat semua status miliknya (termasuk Pending/Ditolak)
|
||||
}
|
||||
|
||||
// Cek apakah tabel kebutuhan sudah ada (migrasi F14 sudah dijalankan)
|
||||
$kebutuhan_exists = $conn->query(
|
||||
"SELECT 1 FROM information_schema.TABLES
|
||||
WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = 'kebutuhan' LIMIT 1"
|
||||
)->num_rows > 0;
|
||||
|
||||
if ($kebutuhan_exists) {
|
||||
$sql = "
|
||||
SELECT
|
||||
pm.id, pm.nama_kk, pm.nik, pm.kategori, pm.alamat, pm.catatan,
|
||||
pm.jumlah_jiwa, pm.lat, pm.lng, pm.ibadah_id, pm.jarak_m,
|
||||
pm.is_blank_spot, pm.status_bantuan, pm.status_verifikasi, pm.created_at,
|
||||
ri.nama AS nama_ibadah,
|
||||
ri.jenis AS jenis_ibadah,
|
||||
COALESCE(kstat.kebutuhan_open, 0) AS kebutuhan_open,
|
||||
COALESCE(kstat.kebutuhan_proses, 0) AS kebutuhan_proses,
|
||||
COALESCE(kstat.kebutuhan_terpenuhi,0) AS kebutuhan_terpenuhi,
|
||||
kstat.kebutuhan_kategori_open
|
||||
FROM penduduk_miskin pm
|
||||
LEFT JOIN rumah_ibadah ri ON pm.ibadah_id = ri.id AND ri.deleted_at IS NULL
|
||||
LEFT JOIN (
|
||||
SELECT
|
||||
penduduk_id,
|
||||
SUM(CASE WHEN status='Belum Terpenuhi' THEN 1 ELSE 0 END) AS kebutuhan_open,
|
||||
SUM(CASE WHEN status='Dalam Proses' THEN 1 ELSE 0 END) AS kebutuhan_proses,
|
||||
SUM(CASE WHEN status='Terpenuhi' THEN 1 ELSE 0 END) AS kebutuhan_terpenuhi,
|
||||
GROUP_CONCAT(DISTINCT CASE WHEN status='Belum Terpenuhi' THEN kategori ELSE NULL END
|
||||
ORDER BY kategori SEPARATOR ',') AS kebutuhan_kategori_open
|
||||
FROM kebutuhan
|
||||
GROUP BY penduduk_id
|
||||
) kstat ON kstat.penduduk_id = pm.id
|
||||
WHERE pm.is_active = 1 AND pm.deleted_at IS NULL {$public_verif_sql} {$operator_scope_sql}
|
||||
ORDER BY pm.created_at DESC
|
||||
";
|
||||
} else {
|
||||
$sql = "
|
||||
SELECT
|
||||
pm.id, pm.nama_kk, pm.nik, pm.kategori, pm.alamat, pm.catatan,
|
||||
pm.jumlah_jiwa, pm.lat, pm.lng, pm.ibadah_id, pm.jarak_m,
|
||||
pm.is_blank_spot, pm.status_bantuan, pm.status_verifikasi, pm.created_at,
|
||||
ri.nama AS nama_ibadah,
|
||||
ri.jenis AS jenis_ibadah,
|
||||
0 AS kebutuhan_open, 0 AS kebutuhan_proses,
|
||||
0 AS kebutuhan_terpenuhi, NULL AS kebutuhan_kategori_open
|
||||
FROM penduduk_miskin pm
|
||||
LEFT JOIN rumah_ibadah ri ON pm.ibadah_id = ri.id AND ri.deleted_at IS NULL
|
||||
WHERE pm.is_active = 1 AND pm.deleted_at IS NULL {$public_verif_sql} {$operator_scope_sql}
|
||||
ORDER BY pm.created_at DESC
|
||||
";
|
||||
}
|
||||
|
||||
$result = $conn->query($sql);
|
||||
|
||||
if (!$result) {
|
||||
error_log('penduduk/ambil query failed: ' . $conn->error);
|
||||
echo json_encode(['status' => 'error', 'message' => 'Gagal memuat data penduduk.']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$data = [];
|
||||
while ($row = $result->fetch_assoc()) {
|
||||
if (!$can_see_sensitive) {
|
||||
// Publik tidak boleh lihat data pribadi
|
||||
$row['nik'] = null;
|
||||
$row['nama_kk'] = null;
|
||||
$row['alamat'] = null;
|
||||
$row['catatan'] = null;
|
||||
}
|
||||
if (!$can_see_coords) {
|
||||
// Publik tidak boleh lihat koordinat rumah warga
|
||||
$row['lat'] = null;
|
||||
$row['lng'] = null;
|
||||
}
|
||||
$data[] = $row;
|
||||
}
|
||||
|
||||
echo json_encode(['status' => 'success', 'total' => count($data), 'data' => $data]);
|
||||
$conn->close();
|
||||
@@ -0,0 +1,28 @@
|
||||
<?php
|
||||
header('Content-Type: application/json');
|
||||
require_once '../../config.php';
|
||||
require_once '../../auth/helper.php';
|
||||
require_once '../../koneksi.php';
|
||||
|
||||
require_auth('administrator');
|
||||
|
||||
// Return inactive (is_active=0) AND soft-deleted warga for admin audit
|
||||
$stmt = $conn->prepare("
|
||||
SELECT pm.id, pm.nama_kk, pm.jumlah_jiwa, pm.kategori, pm.status_bantuan,
|
||||
pm.is_active, pm.deleted_at,
|
||||
ri.nama AS nama_ibadah,
|
||||
(SELECT COUNT(*) FROM riwayat_bantuan WHERE penduduk_id = pm.id) AS jml_riwayat
|
||||
FROM penduduk_miskin pm
|
||||
LEFT JOIN rumah_ibadah ri ON ri.id = pm.ibadah_id
|
||||
WHERE pm.is_active = 0 OR pm.deleted_at IS NOT NULL
|
||||
ORDER BY COALESCE(pm.deleted_at, pm.updated_at) DESC
|
||||
LIMIT 200
|
||||
");
|
||||
$stmt->execute();
|
||||
$res = $stmt->get_result();
|
||||
$rows = [];
|
||||
while ($r = $res->fetch_assoc()) $rows[] = $r;
|
||||
$stmt->close();
|
||||
|
||||
echo json_encode(['status' => 'success', 'data' => $rows]);
|
||||
$conn->close();
|
||||
@@ -0,0 +1,32 @@
|
||||
<?php
|
||||
header('Content-Type: application/json');
|
||||
require_once '../../config.php';
|
||||
require_once '../../auth/helper.php';
|
||||
require_once '../../koneksi.php';
|
||||
require_auth('administrator');
|
||||
require_csrf();
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Method not allowed']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$id = (int) ($_POST['id'] ?? 0);
|
||||
if (!$id) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'ID tidak valid']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$stmt = $conn->prepare(
|
||||
"UPDATE penduduk_miskin SET deleted_at = NOW() WHERE id = ? AND deleted_at IS NULL"
|
||||
);
|
||||
$stmt->bind_param('i', $id);
|
||||
|
||||
if ($stmt->execute() && $stmt->affected_rows > 0) {
|
||||
echo json_encode(['status' => 'success', 'message' => 'Data berhasil dihapus']);
|
||||
} else {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Data tidak ditemukan atau sudah dihapus']);
|
||||
}
|
||||
|
||||
$stmt->close();
|
||||
$conn->close();
|
||||
@@ -0,0 +1,29 @@
|
||||
<?php
|
||||
header('Content-Type: application/json');
|
||||
require_once '../../config.php';
|
||||
require_once '../../auth/helper.php';
|
||||
require_once '../../koneksi.php';
|
||||
require_auth('administrator');
|
||||
require_csrf();
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Method not allowed']); exit;
|
||||
}
|
||||
|
||||
$id = (int)($_POST['id'] ?? 0);
|
||||
if (!$id) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'ID tidak valid']); exit;
|
||||
}
|
||||
|
||||
$stmt = $conn->prepare(
|
||||
"UPDATE penduduk_miskin SET is_active = 0 WHERE id = ? AND is_active = 1 AND deleted_at IS NULL"
|
||||
);
|
||||
$stmt->bind_param('i', $id);
|
||||
|
||||
if ($stmt->execute() && $stmt->affected_rows > 0) {
|
||||
echo json_encode(['status' => 'success', 'message' => 'Warga berhasil dinonaktifkan']);
|
||||
} else {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Data tidak ditemukan atau sudah tidak aktif']);
|
||||
}
|
||||
$stmt->close();
|
||||
$conn->close();
|
||||
@@ -0,0 +1,50 @@
|
||||
<?php
|
||||
header('Content-Type: application/json');
|
||||
require_once '../../config.php';
|
||||
require_once '../../auth/helper.php';
|
||||
require_once '../../koneksi.php';
|
||||
|
||||
require_auth('operator');
|
||||
|
||||
$id = (int)($_GET['id'] ?? 0);
|
||||
if ($id <= 0) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'ID tidak valid.']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Operator hanya boleh lihat riwayat warga dalam ibadah-nya
|
||||
if (!has_role('administrator')) {
|
||||
$op_ibadah = get_ibadah_id();
|
||||
$stmt = $conn->prepare(
|
||||
"SELECT ibadah_id FROM penduduk_miskin
|
||||
WHERE id=? AND is_active=1 AND deleted_at IS NULL"
|
||||
);
|
||||
$stmt->bind_param('i', $id);
|
||||
$stmt->execute();
|
||||
$r = $stmt->get_result()->fetch_assoc();
|
||||
$stmt->close();
|
||||
if (!$r || (int)$r['ibadah_id'] !== (int)$op_ibadah) {
|
||||
http_response_code(403);
|
||||
echo json_encode(['status' => 'error', 'message' => 'Akses ditolak.']);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
$stmt = $conn->prepare("
|
||||
SELECT r.id, r.status_lama, r.status_baru, r.catatan, r.created_at,
|
||||
u.nama_lengkap AS user_nama
|
||||
FROM riwayat_bantuan r
|
||||
LEFT JOIN users u ON u.id = r.operator_id
|
||||
WHERE r.penduduk_id = ?
|
||||
ORDER BY r.created_at DESC
|
||||
LIMIT 20
|
||||
");
|
||||
$stmt->bind_param('i', $id);
|
||||
$stmt->execute();
|
||||
$res = $stmt->get_result();
|
||||
$rows = [];
|
||||
while ($r = $res->fetch_assoc()) $rows[] = $r;
|
||||
$stmt->close();
|
||||
|
||||
echo json_encode(['status' => 'success', 'data' => $rows]);
|
||||
$conn->close();
|
||||
@@ -0,0 +1,143 @@
|
||||
<?php
|
||||
header('Content-Type: application/json');
|
||||
require_once '../../config.php';
|
||||
require_once '../../auth/helper.php';
|
||||
require_once '../../includes/validation.php';
|
||||
require_once '../../koneksi.php';
|
||||
require_auth('operator');
|
||||
require_csrf();
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Method not allowed']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$nama_kk = trim($_POST['nama_kk'] ?? '');
|
||||
$nik = trim($_POST['nik'] ?? '');
|
||||
$jumlah_jiwa = max(1, (int)($_POST['jumlah_jiwa'] ?? 1));
|
||||
$kategori = trim($_POST['kategori'] ?? 'Miskin');
|
||||
$alamat = trim($_POST['alamat'] ?? '');
|
||||
$catatan = trim($_POST['catatan'] ?? '');
|
||||
$coord = validate_lat_lng($_POST['lat'] ?? null, $_POST['lng'] ?? null);
|
||||
if (!$coord['ok']) {
|
||||
echo json_encode(['status' => 'error', 'message' => $coord['message']]);
|
||||
exit;
|
||||
}
|
||||
$lat = $coord['lat'];
|
||||
$lng = $coord['lng'];
|
||||
|
||||
if (!$nama_kk) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Nama Kepala Keluarga tidak boleh kosong']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$valid_kategori = ['Sangat Miskin', 'Miskin', 'Hampir Miskin'];
|
||||
if (!in_array($kategori, $valid_kategori)) $kategori = 'Miskin';
|
||||
|
||||
// Validasi & dedup NIK
|
||||
$nik_val = $nik !== '' ? $nik : null;
|
||||
if ($nik_val !== null) {
|
||||
if (!preg_match('/^\d{16}$/', $nik_val)) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'NIK harus 16 digit angka']);
|
||||
exit;
|
||||
}
|
||||
$stmt_nik = $conn->prepare(
|
||||
"SELECT id, nama_kk FROM penduduk_miskin
|
||||
WHERE nik = ? LIMIT 1"
|
||||
);
|
||||
$stmt_nik->bind_param('s', $nik_val);
|
||||
$stmt_nik->execute();
|
||||
$existing = $stmt_nik->get_result()->fetch_assoc();
|
||||
$stmt_nik->close();
|
||||
if ($existing) {
|
||||
echo json_encode([
|
||||
'status' => 'error',
|
||||
'message' => "NIK {$nik_val} pernah terdaftar atas nama {$existing['nama_kk']}. Cek arsip sebelum menambah ulang.",
|
||||
]);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
// PRD-correct proximity calculation
|
||||
$p = calc_proximity($conn, $lat, $lng);
|
||||
|
||||
if (!has_role('administrator')) {
|
||||
$op_ibadah_id = get_ibadah_id();
|
||||
if (!$op_ibadah_id) {
|
||||
http_response_code(403);
|
||||
echo json_encode([
|
||||
'status' => 'error',
|
||||
'message' => 'Operator belum dikaitkan dengan rumah ibadah'
|
||||
]);
|
||||
exit;
|
||||
}
|
||||
if (empty($p['ibadah_id']) || (int)$p['ibadah_id'] !== $op_ibadah_id) {
|
||||
http_response_code(403);
|
||||
echo json_encode([
|
||||
'status' => 'error',
|
||||
'message' => 'Lokasi warga berada di luar wilayah rumah ibadah operator'
|
||||
]);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
// Admin langsung Terverifikasi; operator masuk Pending untuk direview
|
||||
$status_verif = has_role('administrator') ? 'Terverifikasi' : 'Pending';
|
||||
$verified_by = has_role('administrator') ? get_user_id() : null;
|
||||
$verified_at = has_role('administrator') ? date('Y-m-d H:i:s') : null;
|
||||
|
||||
$stmt = $conn->prepare(
|
||||
"INSERT INTO penduduk_miskin
|
||||
(nama_kk, nik, jumlah_jiwa, kategori, alamat, catatan, lat, lng,
|
||||
ibadah_id, jarak_m, is_blank_spot, status_verifikasi, verified_by, verified_at)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
|
||||
);
|
||||
$stmt->bind_param(
|
||||
'ssisssddidisis',
|
||||
$nama_kk, $nik_val, $jumlah_jiwa, $kategori, $alamat, $catatan,
|
||||
$lat, $lng, $p['ibadah_id'], $p['jarak_m'], $p['is_blank_spot'],
|
||||
$status_verif, $verified_by, $verified_at
|
||||
);
|
||||
|
||||
if ($stmt->execute()) {
|
||||
$new_id = $conn->insert_id;
|
||||
|
||||
$nama_ibadah = null;
|
||||
$jenis_ibadah = null;
|
||||
if ($p['ibadah_id']) {
|
||||
$s2 = $conn->prepare("SELECT nama, jenis FROM rumah_ibadah WHERE id = ? AND deleted_at IS NULL");
|
||||
$s2->bind_param('i', $p['ibadah_id']);
|
||||
$s2->execute();
|
||||
$ri = $s2->get_result()->fetch_assoc();
|
||||
$s2->close();
|
||||
if ($ri) { $nama_ibadah = $ri['nama']; $jenis_ibadah = $ri['jenis']; }
|
||||
}
|
||||
|
||||
echo json_encode([
|
||||
'status' => 'success',
|
||||
'message' => 'Data berhasil disimpan',
|
||||
'data' => [
|
||||
'id' => $new_id,
|
||||
'nama_kk' => $nama_kk,
|
||||
'nik' => $nik_val,
|
||||
'kategori' => $kategori,
|
||||
'alamat' => $alamat,
|
||||
'catatan' => $catatan,
|
||||
'jumlah_jiwa' => $jumlah_jiwa,
|
||||
'lat' => $lat,
|
||||
'lng' => $lng,
|
||||
'ibadah_id' => $p['ibadah_id'],
|
||||
'jarak_m' => $p['jarak_m'],
|
||||
'is_blank_spot' => $p['is_blank_spot'],
|
||||
'status_verifikasi' => $status_verif,
|
||||
'nama_ibadah' => $nama_ibadah,
|
||||
'jenis_ibadah' => $jenis_ibadah,
|
||||
]
|
||||
]);
|
||||
} else {
|
||||
error_log('penduduk/simpan insert failed: ' . $stmt->error);
|
||||
echo json_encode(['status' => 'error', 'message' => 'Gagal menyimpan data penduduk.']);
|
||||
}
|
||||
|
||||
$stmt->close();
|
||||
$conn->close();
|
||||
@@ -0,0 +1,93 @@
|
||||
<?php
|
||||
header('Content-Type: application/json');
|
||||
require_once '../../config.php';
|
||||
require_once '../../auth/helper.php';
|
||||
require_once '../../koneksi.php';
|
||||
|
||||
require_auth('operator');
|
||||
require_csrf();
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Method not allowed']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$id = (int)($_POST['id'] ?? 0);
|
||||
$nama_kk = trim($_POST['nama_kk'] ?? '');
|
||||
$nik = trim($_POST['nik'] ?? '');
|
||||
$jumlah_jiwa = max(1, (int)($_POST['jumlah_jiwa'] ?? 1));
|
||||
$kategori = trim($_POST['kategori'] ?? 'Miskin');
|
||||
$alamat = trim($_POST['alamat'] ?? '');
|
||||
$catatan = trim($_POST['catatan'] ?? '');
|
||||
|
||||
if ($id <= 0 || !$nama_kk) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'ID dan nama kepala keluarga wajib diisi.']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$valid_kategori = ['Sangat Miskin', 'Miskin', 'Hampir Miskin'];
|
||||
if (!in_array($kategori, $valid_kategori)) $kategori = 'Miskin';
|
||||
|
||||
// Ambil data existing untuk scope check
|
||||
$stmt = $conn->prepare(
|
||||
"SELECT ibadah_id FROM penduduk_miskin WHERE id=? AND is_active=1 AND deleted_at IS NULL"
|
||||
);
|
||||
$stmt->bind_param('i', $id);
|
||||
$stmt->execute();
|
||||
$warga = $stmt->get_result()->fetch_assoc();
|
||||
$stmt->close();
|
||||
|
||||
if (!$warga) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Data warga tidak ditemukan.']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Operator hanya boleh edit warga dalam ibadah-nya
|
||||
if (!has_role('administrator')) {
|
||||
$op_ibadah = get_ibadah_id();
|
||||
if ($warga['ibadah_id'] === null || (int)$warga['ibadah_id'] !== (int)$op_ibadah) {
|
||||
http_response_code(403);
|
||||
echo json_encode(['status' => 'error', 'message' => 'Anda tidak memiliki akses untuk warga ini.']);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
// Validasi & dedup NIK (exclude diri sendiri)
|
||||
$nik_val = $nik !== '' ? $nik : null;
|
||||
if ($nik_val !== null) {
|
||||
if (!preg_match('/^\d{16}$/', $nik_val)) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'NIK harus 16 digit angka.']);
|
||||
exit;
|
||||
}
|
||||
$stmt_nik = $conn->prepare(
|
||||
"SELECT id, nama_kk FROM penduduk_miskin WHERE nik=? AND id != ? LIMIT 1"
|
||||
);
|
||||
$stmt_nik->bind_param('si', $nik_val, $id);
|
||||
$stmt_nik->execute();
|
||||
$existing = $stmt_nik->get_result()->fetch_assoc();
|
||||
$stmt_nik->close();
|
||||
if ($existing) {
|
||||
echo json_encode([
|
||||
'status' => 'error',
|
||||
'message' => "NIK {$nik_val} sudah terdaftar atas nama {$existing['nama_kk']}.",
|
||||
]);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
$catatan_val = $catatan !== '' ? $catatan : null;
|
||||
|
||||
$stmt = $conn->prepare(
|
||||
"UPDATE penduduk_miskin
|
||||
SET nama_kk=?, nik=?, jumlah_jiwa=?, kategori=?, alamat=?, catatan=?, updated_at=NOW()
|
||||
WHERE id=? AND is_active=1 AND deleted_at IS NULL"
|
||||
);
|
||||
$stmt->bind_param('ssisssi', $nama_kk, $nik_val, $jumlah_jiwa, $kategori, $alamat, $catatan_val, $id);
|
||||
|
||||
if ($stmt->execute() && $stmt->affected_rows >= 0) {
|
||||
echo json_encode(['status' => 'success', 'message' => 'Data berhasil diperbarui.']);
|
||||
} else {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Gagal memperbarui data: ' . $stmt->error]);
|
||||
}
|
||||
$stmt->close();
|
||||
$conn->close();
|
||||
@@ -0,0 +1,89 @@
|
||||
<?php
|
||||
header('Content-Type: application/json');
|
||||
require_once '../../config.php';
|
||||
require_once '../../auth/helper.php';
|
||||
require_once '../../includes/validation.php';
|
||||
require_once '../../koneksi.php';
|
||||
require_auth('operator');
|
||||
require_csrf();
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Method not allowed']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$id = (int) ($_POST['id'] ?? 0);
|
||||
$coord = validate_lat_lng($_POST['lat'] ?? null, $_POST['lng'] ?? null);
|
||||
if (!$coord['ok']) {
|
||||
echo json_encode(['status' => 'error', 'message' => $coord['message']]);
|
||||
exit;
|
||||
}
|
||||
$lat = $coord['lat'];
|
||||
$lng = $coord['lng'];
|
||||
|
||||
if (!$id) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'ID tidak valid']);
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!has_role('administrator')) {
|
||||
$linked_ibadah_id = get_ibadah_id();
|
||||
if (!$linked_ibadah_id) {
|
||||
http_response_code(403);
|
||||
echo json_encode(['status' => 'error', 'message' => 'Akses ditolak untuk data warga ini']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$scope = $conn->prepare(
|
||||
"SELECT id FROM penduduk_miskin
|
||||
WHERE id = ? AND ibadah_id = ? AND is_active = 1 AND deleted_at IS NULL"
|
||||
);
|
||||
$scope->bind_param('ii', $id, $linked_ibadah_id);
|
||||
$scope->execute();
|
||||
$allowed = $scope->get_result()->fetch_assoc();
|
||||
$scope->close();
|
||||
|
||||
if (!$allowed) {
|
||||
http_response_code(403);
|
||||
echo json_encode(['status' => 'error', 'message' => 'Akses ditolak untuk data warga ini']);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
// PRD-correct proximity calculation
|
||||
$p = calc_proximity($conn, $lat, $lng);
|
||||
|
||||
if (!has_role('administrator')) {
|
||||
if (empty($p['ibadah_id']) || (int)$p['ibadah_id'] !== $linked_ibadah_id) {
|
||||
http_response_code(403);
|
||||
echo json_encode([
|
||||
'status' => 'error',
|
||||
'message' => 'Posisi baru berada di luar wilayah rumah ibadah operator'
|
||||
]);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
$stmt = $conn->prepare(
|
||||
"UPDATE penduduk_miskin
|
||||
SET lat = ?, lng = ?, ibadah_id = ?, jarak_m = ?, is_blank_spot = ?
|
||||
WHERE id = ? AND deleted_at IS NULL"
|
||||
);
|
||||
$stmt->bind_param('ddidii', $lat, $lng, $p['ibadah_id'], $p['jarak_m'], $p['is_blank_spot'], $id);
|
||||
|
||||
if ($stmt->execute() && $stmt->affected_rows > 0) {
|
||||
echo json_encode([
|
||||
'status' => 'success',
|
||||
'message' => 'Posisi berhasil diperbarui',
|
||||
'data' => [
|
||||
'ibadah_id' => $p['ibadah_id'],
|
||||
'jarak_m' => $p['jarak_m'],
|
||||
'is_blank_spot' => $p['is_blank_spot'],
|
||||
]
|
||||
]);
|
||||
} else {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Gagal update atau data tidak ditemukan']);
|
||||
}
|
||||
|
||||
$stmt->close();
|
||||
$conn->close();
|
||||
@@ -0,0 +1,68 @@
|
||||
<?php
|
||||
header('Content-Type: application/json');
|
||||
require_once '../../config.php';
|
||||
require_once '../../auth/helper.php';
|
||||
require_once '../../koneksi.php';
|
||||
|
||||
require_auth('operator');
|
||||
require_csrf();
|
||||
|
||||
$id = (int)($_POST['id'] ?? 0);
|
||||
$status = trim($_POST['status'] ?? '');
|
||||
$catatan = trim($_POST['catatan'] ?? '');
|
||||
|
||||
$allowed = ['Belum Ditangani', 'Dalam Proses', 'Sudah Ditangani'];
|
||||
if ($id <= 0 || !in_array($status, $allowed, true)) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Parameter tidak valid.']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$stmt = $conn->prepare(
|
||||
"SELECT id, ibadah_id, status_bantuan, status_verifikasi FROM penduduk_miskin
|
||||
WHERE id=? AND is_active=1 AND deleted_at IS NULL"
|
||||
);
|
||||
$stmt->bind_param('i', $id);
|
||||
$stmt->execute();
|
||||
$row = $stmt->get_result()->fetch_assoc();
|
||||
$stmt->close();
|
||||
|
||||
if (!$row) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Data tidak ditemukan.']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Operator hanya boleh update warga dalam ibadah-nya sendiri
|
||||
if (!has_role('administrator')) {
|
||||
$op_ibadah = get_ibadah_id();
|
||||
if ($row['ibadah_id'] === null || (int)$row['ibadah_id'] !== (int)$op_ibadah) {
|
||||
http_response_code(403);
|
||||
echo json_encode(['status' => 'error', 'message' => 'Anda tidak memiliki akses untuk warga ini.']);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
if ($row['status_verifikasi'] !== 'Terverifikasi') {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Data warga belum terverifikasi']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$old_status = $row['status_bantuan'];
|
||||
$user_id = (int)$_SESSION['user_id'];
|
||||
|
||||
$stmt = $conn->prepare(
|
||||
"UPDATE penduduk_miskin SET status_bantuan=?, updated_at=NOW() WHERE id=?"
|
||||
);
|
||||
$stmt->bind_param('si', $status, $id);
|
||||
$stmt->execute();
|
||||
$stmt->close();
|
||||
|
||||
$stmt = $conn->prepare(
|
||||
"INSERT INTO riwayat_bantuan (penduduk_id, operator_id, status_lama, status_baru, catatan)
|
||||
VALUES (?,?,?,?,?)"
|
||||
);
|
||||
$stmt->bind_param('iisss', $id, $user_id, $old_status, $status, $catatan);
|
||||
$stmt->execute();
|
||||
$stmt->close();
|
||||
|
||||
echo json_encode(['status' => 'success', 'status_baru' => $status]);
|
||||
$conn->close();
|
||||
@@ -0,0 +1,43 @@
|
||||
<?php
|
||||
header('Content-Type: application/json');
|
||||
require_once '../../config.php';
|
||||
require_once '../../auth/helper.php';
|
||||
require_once '../../koneksi.php';
|
||||
require_auth('administrator');
|
||||
require_csrf();
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Method not allowed']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$id = (int)trim($_POST['id'] ?? 0);
|
||||
$aksi = trim($_POST['aksi'] ?? ''); // 'approve' | 'reject'
|
||||
$catatan = trim($_POST['catatan'] ?? '');
|
||||
|
||||
if ($id <= 0 || !in_array($aksi, ['approve', 'reject'], true)) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Parameter tidak valid.']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$status_baru = $aksi === 'approve' ? 'Terverifikasi' : 'Ditolak';
|
||||
$admin_id = get_user_id();
|
||||
$catatan_val = $catatan !== '' ? mb_substr($catatan, 0, 500) : null;
|
||||
|
||||
$stmt = $conn->prepare("
|
||||
UPDATE penduduk_miskin
|
||||
SET status_verifikasi = ?,
|
||||
verified_by = ?,
|
||||
verified_at = NOW(),
|
||||
catatan_verifikasi = ?
|
||||
WHERE id = ? AND deleted_at IS NULL
|
||||
");
|
||||
$stmt->bind_param('sisi', $status_baru, $admin_id, $catatan_val, $id);
|
||||
|
||||
if ($stmt->execute() && $stmt->affected_rows > 0) {
|
||||
echo json_encode(['status' => 'success', 'status_verifikasi' => $status_baru, 'id' => $id]);
|
||||
} else {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Data tidak ditemukan atau tidak ada perubahan.']);
|
||||
}
|
||||
$stmt->close();
|
||||
$conn->close();
|
||||
Reference in New Issue
Block a user