Compare commits
2 Commits
d25df07984
...
559aa928bc
| Author | SHA1 | Date | |
|---|---|---|---|
| 559aa928bc | |||
| f379de42e0 |
@@ -90,14 +90,18 @@ function jwt_decode(string $jwt, string $secret): ?array {
|
|||||||
|
|
||||||
function getAuthorizationHeader(): string {
|
function getAuthorizationHeader(): string {
|
||||||
$headers = null;
|
$headers = null;
|
||||||
if (isset($_SERVER['Authorization'])) {
|
if (isset($_SERVER['HTTP_X_AUTHORIZATION'])) {
|
||||||
|
$headers = trim($_SERVER["HTTP_X_AUTHORIZATION"]);
|
||||||
|
} else if (isset($_SERVER['Authorization'])) {
|
||||||
$headers = trim($_SERVER["Authorization"]);
|
$headers = trim($_SERVER["Authorization"]);
|
||||||
} else if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
|
} else if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
|
||||||
$headers = trim($_SERVER["HTTP_AUTHORIZATION"]);
|
$headers = trim($_SERVER["HTTP_AUTHORIZATION"]);
|
||||||
} else if (function_exists('apache_request_headers')) {
|
} else if (function_exists('apache_request_headers')) {
|
||||||
$requestHeaders = apache_request_headers();
|
$requestHeaders = apache_request_headers();
|
||||||
$requestHeaders = array_change_key_case($requestHeaders, CASE_LOWER);
|
$requestHeaders = array_change_key_case($requestHeaders, CASE_LOWER);
|
||||||
if (isset($requestHeaders['authorization'])) {
|
if (isset($requestHeaders['x-authorization'])) {
|
||||||
|
$headers = trim($requestHeaders['x-authorization']);
|
||||||
|
} else if (isset($requestHeaders['authorization'])) {
|
||||||
$headers = trim($requestHeaders['authorization']);
|
$headers = trim($requestHeaders['authorization']);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -117,7 +121,7 @@ function getCurrentUser(): ?array {
|
|||||||
return $payload;
|
return $payload;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return $_SESSION['user'] ?? null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -108,12 +108,12 @@ if ($method === 'PUT') {
|
|||||||
$oldData = $old->fetch();
|
$oldData = $old->fetch();
|
||||||
if (!$oldData) jsonResponse(['success'=>false,'error'=>'Tidak ditemukan'], 404);
|
if (!$oldData) jsonResponse(['success'=>false,'error'=>'Tidak ditemukan'], 404);
|
||||||
|
|
||||||
// Surveyor hanya bisa edit milik sendiri yang masih pending
|
// Surveyor hanya bisa edit milik sendiri yang masih pending atau rejected
|
||||||
if ($user['role'] === 'surveyor') {
|
if ($user['role'] === 'surveyor') {
|
||||||
if ((int)$oldData['surveyor_id'] !== $user['id']) {
|
if ((int)$oldData['surveyor_id'] !== $user['id']) {
|
||||||
jsonResponse(['success'=>false,'error'=>'Anda hanya bisa edit data milik Anda'], 403);
|
jsonResponse(['success'=>false,'error'=>'Anda hanya bisa edit data milik Anda'], 403);
|
||||||
}
|
}
|
||||||
if ($oldData['status'] !== 'pending') {
|
if ($oldData['status'] !== 'pending' && $oldData['status'] !== 'rejected') {
|
||||||
jsonResponse(['success'=>false,'error'=>'Data yang sudah diverifikasi tidak bisa diedit'], 403);
|
jsonResponse(['success'=>false,'error'=>'Data yang sudah diverifikasi tidak bisa diedit'], 403);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -131,6 +131,14 @@ if ($method === 'PUT') {
|
|||||||
$vals[] = in_array($f,['lat','lng']) ? (float)$body[$f] : ($f==='radius' ? (int)$body[$f] : $body[$f]);
|
$vals[] = in_array($f,['lat','lng']) ? (float)$body[$f] : ($f==='radius' ? (int)$body[$f] : $body[$f]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($user['role'] === 'surveyor') {
|
||||||
|
$fields[] = "status = ?";
|
||||||
|
$vals[] = 'pending';
|
||||||
|
$fields[] = "alasan_penolakan = ?";
|
||||||
|
$vals[] = null;
|
||||||
|
}
|
||||||
|
|
||||||
if (empty($fields)) jsonResponse(['success'=>false,'error'=>'Tidak ada data diubah'], 422);
|
if (empty($fields)) jsonResponse(['success'=>false,'error'=>'Tidak ada data diubah'], 422);
|
||||||
$vals[] = $id;
|
$vals[] = $id;
|
||||||
$db->prepare("UPDATE rumah_ibadah SET ".implode(',',$fields)." WHERE id = ?")->execute($vals);
|
$db->prepare("UPDATE rumah_ibadah SET ".implode(',',$fields)." WHERE id = ?")->execute($vals);
|
||||||
|
|||||||
@@ -142,12 +142,12 @@ if ($method === 'PUT') {
|
|||||||
$oldData = $old->fetch();
|
$oldData = $old->fetch();
|
||||||
if (!$oldData) jsonResponse(['success'=>false,'error'=>'Tidak ditemukan'], 404);
|
if (!$oldData) jsonResponse(['success'=>false,'error'=>'Tidak ditemukan'], 404);
|
||||||
|
|
||||||
// Surveyor hanya bisa edit milik sendiri yang masih pending
|
// Surveyor hanya bisa edit milik sendiri yang masih pending atau rejected
|
||||||
if ($user['role'] === 'surveyor') {
|
if ($user['role'] === 'surveyor') {
|
||||||
if ((int)$oldData['surveyor_id'] !== $user['id']) {
|
if ((int)$oldData['surveyor_id'] !== $user['id']) {
|
||||||
jsonResponse(['success'=>false,'error'=>'Anda hanya bisa edit data milik Anda'], 403);
|
jsonResponse(['success'=>false,'error'=>'Anda hanya bisa edit data milik Anda'], 403);
|
||||||
}
|
}
|
||||||
if ($oldData['status'] !== 'pending') {
|
if ($oldData['status'] !== 'pending' && $oldData['status'] !== 'rejected') {
|
||||||
jsonResponse(['success'=>false,'error'=>'Data yang sudah diverifikasi tidak bisa diedit'], 403);
|
jsonResponse(['success'=>false,'error'=>'Data yang sudah diverifikasi tidak bisa diedit'], 403);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -184,6 +184,14 @@ if ($method === 'PUT') {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ($user['role'] === 'surveyor') {
|
||||||
|
$fields[] = "status = ?";
|
||||||
|
$vals[] = 'pending';
|
||||||
|
$fields[] = "alasan_penolakan = ?";
|
||||||
|
$vals[] = null;
|
||||||
|
}
|
||||||
|
|
||||||
if (empty($fields)) jsonResponse(['success'=>false,'error'=>'Tidak ada data diubah'], 422);
|
if (empty($fields)) jsonResponse(['success'=>false,'error'=>'Tidak ada data diubah'], 422);
|
||||||
|
|
||||||
// jika koordinat berubah dan data verified, cari ulang ibadah terdekat
|
// jika koordinat berubah dan data verified, cari ulang ibadah terdekat
|
||||||
|
|||||||
+45
-10
@@ -264,11 +264,23 @@
|
|||||||
const originalFetch = window.fetch;
|
const originalFetch = window.fetch;
|
||||||
window.fetch = function(url, options) {
|
window.fetch = function(url, options) {
|
||||||
options = options || {};
|
options = options || {};
|
||||||
options.headers = options.headers || {};
|
|
||||||
const token = sessionStorage.getItem('user_token');
|
const token = sessionStorage.getItem('user_token');
|
||||||
if (token) {
|
if (token) {
|
||||||
if (!options.headers['Authorization'] && !options.headers['authorization']) {
|
if (options.headers instanceof Headers) {
|
||||||
options.headers['Authorization'] = 'Bearer ' + token;
|
if (!options.headers.has('Authorization')) {
|
||||||
|
options.headers.set('Authorization', 'Bearer ' + token);
|
||||||
|
}
|
||||||
|
if (!options.headers.has('X-Authorization')) {
|
||||||
|
options.headers.set('X-Authorization', 'Bearer ' + token);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
options.headers = options.headers || {};
|
||||||
|
if (!options.headers['Authorization'] && !options.headers['authorization']) {
|
||||||
|
options.headers['Authorization'] = 'Bearer ' + token;
|
||||||
|
}
|
||||||
|
if (!options.headers['X-Authorization'] && !options.headers['x-authorization']) {
|
||||||
|
options.headers['X-Authorization'] = 'Bearer ' + token;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return originalFetch(url, options);
|
return originalFetch(url, options);
|
||||||
@@ -3135,6 +3147,16 @@
|
|||||||
if (!data) return;
|
if (!data) return;
|
||||||
const editable = canEdit(type, data);
|
const editable = canEdit(type, data);
|
||||||
footer.style.display = editable ? 'flex' : 'none';
|
footer.style.display = editable ? 'flex' : 'none';
|
||||||
|
|
||||||
|
const saveBtn = document.getElementById('ep-save');
|
||||||
|
if (saveBtn) {
|
||||||
|
if (data.status === 'rejected') {
|
||||||
|
saveBtn.innerHTML = '<i class="fa-solid fa-paper-plane"></i> Ajukan Ulang';
|
||||||
|
} else {
|
||||||
|
saveBtn.innerHTML = '<i class="fa-solid fa-floppy-disk"></i> Simpan';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
document.getElementById('ep-title').innerHTML = type === 'ibadah' ? `<i class="${ICONS[data.jenis]}"></i> Edit Ibadah` : '<i class="fa-solid fa-user"></i> Edit Warga';
|
document.getElementById('ep-title').innerHTML = type === 'ibadah' ? `<i class="${ICONS[data.jenis]}"></i> Edit Ibadah` : '<i class="fa-solid fa-user"></i> Edit Warga';
|
||||||
if (type === 'ibadah') {
|
if (type === 'ibadah') {
|
||||||
const ib = data;
|
const ib = data;
|
||||||
@@ -3200,12 +3222,19 @@
|
|||||||
async function saveEdit() {
|
async function saveEdit() {
|
||||||
const { type, id } = editState;
|
const { type, id } = editState;
|
||||||
if (!type || !id) return;
|
if (!type || !id) return;
|
||||||
|
const data = type === 'ibadah'
|
||||||
|
? (ibadahLayer[id]?.data || cachedIbadah.find(x => x.id == id))
|
||||||
|
: (wargaLayer[id]?.data || cachedWarga.find(x => x.id == id));
|
||||||
|
const isRejected = data?.status === 'rejected';
|
||||||
const btn = document.getElementById('ep-save');
|
const btn = document.getElementById('ep-save');
|
||||||
btn.disabled = true; btn.innerHTML = '<i class="fa-solid fa-spinner fa-spin"></i> Menyimpan...';
|
btn.disabled = true;
|
||||||
|
btn.innerHTML = isRejected
|
||||||
|
? '<i class="fa-solid fa-spinner fa-spin"></i> Mengajukan...'
|
||||||
|
: '<i class="fa-solid fa-spinner fa-spin"></i> Menyimpan...';
|
||||||
try {
|
try {
|
||||||
let res;
|
let res;
|
||||||
if (type === 'ibadah') {
|
if (type === 'ibadah') {
|
||||||
const ib = ibadahLayer[id]?.data || cachedIbadah.find(x => x.id == id);
|
const ib = data;
|
||||||
res = await fetch(API.ibadah + '?id=' + id, {
|
res = await fetch(API.ibadah + '?id=' + id, {
|
||||||
method: 'PUT', headers: { 'Content-Type': 'application/json' }, credentials: 'include',
|
method: 'PUT', headers: { 'Content-Type': 'application/json' }, credentials: 'include',
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
@@ -3221,7 +3250,7 @@
|
|||||||
})
|
})
|
||||||
}).then(r => r.json());
|
}).then(r => r.json());
|
||||||
} else {
|
} else {
|
||||||
const w = wargaLayer[id]?.data || cachedWarga.find(x => x.id == id);
|
const w = data;
|
||||||
res = await fetch(API.warga + '?id=' + id, {
|
res = await fetch(API.warga + '?id=' + id, {
|
||||||
method: 'PUT', headers: { 'Content-Type': 'application/json' }, credentials: 'include',
|
method: 'PUT', headers: { 'Content-Type': 'application/json' }, credentials: 'include',
|
||||||
body: JSON.stringify({
|
body: JSON.stringify({
|
||||||
@@ -3239,14 +3268,20 @@
|
|||||||
}
|
}
|
||||||
if (res && !res.success) {
|
if (res && !res.success) {
|
||||||
showToast('Gagal menyimpan: ' + (res.error || 'Terjadi kesalahan'), 'error');
|
showToast('Gagal menyimpan: ' + (res.error || 'Terjadi kesalahan'), 'error');
|
||||||
btn.disabled = false; btn.innerHTML = '<i class="fa-solid fa-floppy-disk"></i> Simpan';
|
btn.disabled = false;
|
||||||
|
btn.innerHTML = isRejected
|
||||||
|
? '<i class="fa-solid fa-paper-plane"></i> Ajukan Ulang'
|
||||||
|
: '<i class="fa-solid fa-floppy-disk"></i> Simpan';
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
showToast('Perubahan disimpan!', 'success');
|
showToast(isRejected ? 'Data berhasil diajukan ulang!' : 'Perubahan disimpan!', 'success');
|
||||||
closeEditPanel(); await loadAll();
|
closeEditPanel(); await loadAll();
|
||||||
if (currentPage === 'daftar' || currentPage === 'dashboard') renderPage(currentPage);
|
if (currentPage === 'daftar' || currentPage === 'dashboard') renderPage(currentPage);
|
||||||
} catch (e) { showToast('Error: ' + e.message, 'error'); }
|
} catch (e) { showToast('Error: ' + e.message, 'error'); }
|
||||||
btn.disabled = false; btn.innerHTML = '<i class="fa-solid fa-floppy-disk"></i> Simpan';
|
btn.disabled = false;
|
||||||
|
btn.innerHTML = isRejected
|
||||||
|
? '<i class="fa-solid fa-paper-plane"></i> Ajukan Ulang'
|
||||||
|
: '<i class="fa-solid fa-floppy-disk"></i> Simpan';
|
||||||
}
|
}
|
||||||
async function deleteFromEdit() {
|
async function deleteFromEdit() {
|
||||||
const { type, id } = editState;
|
const { type, id } = editState;
|
||||||
@@ -3637,7 +3672,7 @@
|
|||||||
// -- HELPERS
|
// -- HELPERS
|
||||||
function canEdit(type, data) {
|
function canEdit(type, data) {
|
||||||
if (currentUser.role === 'admin') return true;
|
if (currentUser.role === 'admin') return true;
|
||||||
if (currentUser.role === 'surveyor' && data.surveyor_id == currentUser.id && data.status === 'pending') return true;
|
if (currentUser.role === 'surveyor' && data.surveyor_id == currentUser.id && (data.status === 'pending' || data.status === 'rejected')) return true;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
function statusLabel(s) {
|
function statusLabel(s) {
|
||||||
|
|||||||
Reference in New Issue
Block a user