Compare commits

..

2 Commits

4 changed files with 72 additions and 17 deletions
+7 -3
View File
@@ -90,14 +90,18 @@ function jwt_decode(string $jwt, string $secret): ?array {
function getAuthorizationHeader(): string {
$headers = null;
if (isset($_SERVER['Authorization'])) {
if (isset($_SERVER['HTTP_X_AUTHORIZATION'])) {
$headers = trim($_SERVER["HTTP_X_AUTHORIZATION"]);
} else if (isset($_SERVER['Authorization'])) {
$headers = trim($_SERVER["Authorization"]);
} else if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
$headers = trim($_SERVER["HTTP_AUTHORIZATION"]);
} else if (function_exists('apache_request_headers')) {
$requestHeaders = apache_request_headers();
$requestHeaders = array_change_key_case($requestHeaders, CASE_LOWER);
if (isset($requestHeaders['authorization'])) {
if (isset($requestHeaders['x-authorization'])) {
$headers = trim($requestHeaders['x-authorization']);
} else if (isset($requestHeaders['authorization'])) {
$headers = trim($requestHeaders['authorization']);
}
}
@@ -117,7 +121,7 @@ function getCurrentUser(): ?array {
return $payload;
}
}
return $_SESSION['user'] ?? null;
return null;
}
/**
+10 -2
View File
@@ -108,12 +108,12 @@ if ($method === 'PUT') {
$oldData = $old->fetch();
if (!$oldData) jsonResponse(['success'=>false,'error'=>'Tidak ditemukan'], 404);
// Surveyor hanya bisa edit milik sendiri yang masih pending
// Surveyor hanya bisa edit milik sendiri yang masih pending atau rejected
if ($user['role'] === 'surveyor') {
if ((int)$oldData['surveyor_id'] !== $user['id']) {
jsonResponse(['success'=>false,'error'=>'Anda hanya bisa edit data milik Anda'], 403);
}
if ($oldData['status'] !== 'pending') {
if ($oldData['status'] !== 'pending' && $oldData['status'] !== 'rejected') {
jsonResponse(['success'=>false,'error'=>'Data yang sudah diverifikasi tidak bisa diedit'], 403);
}
}
@@ -131,6 +131,14 @@ if ($method === 'PUT') {
$vals[] = in_array($f,['lat','lng']) ? (float)$body[$f] : ($f==='radius' ? (int)$body[$f] : $body[$f]);
}
}
if ($user['role'] === 'surveyor') {
$fields[] = "status = ?";
$vals[] = 'pending';
$fields[] = "alasan_penolakan = ?";
$vals[] = null;
}
if (empty($fields)) jsonResponse(['success'=>false,'error'=>'Tidak ada data diubah'], 422);
$vals[] = $id;
$db->prepare("UPDATE rumah_ibadah SET ".implode(',',$fields)." WHERE id = ?")->execute($vals);
+10 -2
View File
@@ -142,12 +142,12 @@ if ($method === 'PUT') {
$oldData = $old->fetch();
if (!$oldData) jsonResponse(['success'=>false,'error'=>'Tidak ditemukan'], 404);
// Surveyor hanya bisa edit milik sendiri yang masih pending
// Surveyor hanya bisa edit milik sendiri yang masih pending atau rejected
if ($user['role'] === 'surveyor') {
if ((int)$oldData['surveyor_id'] !== $user['id']) {
jsonResponse(['success'=>false,'error'=>'Anda hanya bisa edit data milik Anda'], 403);
}
if ($oldData['status'] !== 'pending') {
if ($oldData['status'] !== 'pending' && $oldData['status'] !== 'rejected') {
jsonResponse(['success'=>false,'error'=>'Data yang sudah diverifikasi tidak bisa diedit'], 403);
}
}
@@ -184,6 +184,14 @@ if ($method === 'PUT') {
}
}
}
if ($user['role'] === 'surveyor') {
$fields[] = "status = ?";
$vals[] = 'pending';
$fields[] = "alasan_penolakan = ?";
$vals[] = null;
}
if (empty($fields)) jsonResponse(['success'=>false,'error'=>'Tidak ada data diubah'], 422);
// jika koordinat berubah dan data verified, cari ulang ibadah terdekat
+45 -10
View File
@@ -264,11 +264,23 @@
const originalFetch = window.fetch;
window.fetch = function(url, options) {
options = options || {};
options.headers = options.headers || {};
const token = sessionStorage.getItem('user_token');
if (token) {
if (!options.headers['Authorization'] && !options.headers['authorization']) {
options.headers['Authorization'] = 'Bearer ' + token;
if (options.headers instanceof Headers) {
if (!options.headers.has('Authorization')) {
options.headers.set('Authorization', 'Bearer ' + token);
}
if (!options.headers.has('X-Authorization')) {
options.headers.set('X-Authorization', 'Bearer ' + token);
}
} else {
options.headers = options.headers || {};
if (!options.headers['Authorization'] && !options.headers['authorization']) {
options.headers['Authorization'] = 'Bearer ' + token;
}
if (!options.headers['X-Authorization'] && !options.headers['x-authorization']) {
options.headers['X-Authorization'] = 'Bearer ' + token;
}
}
}
return originalFetch(url, options);
@@ -3135,6 +3147,16 @@
if (!data) return;
const editable = canEdit(type, data);
footer.style.display = editable ? 'flex' : 'none';
const saveBtn = document.getElementById('ep-save');
if (saveBtn) {
if (data.status === 'rejected') {
saveBtn.innerHTML = '<i class="fa-solid fa-paper-plane"></i> Ajukan Ulang';
} else {
saveBtn.innerHTML = '<i class="fa-solid fa-floppy-disk"></i> Simpan';
}
}
document.getElementById('ep-title').innerHTML = type === 'ibadah' ? `<i class="${ICONS[data.jenis]}"></i> Edit Ibadah` : '<i class="fa-solid fa-user"></i> Edit Warga';
if (type === 'ibadah') {
const ib = data;
@@ -3200,12 +3222,19 @@
async function saveEdit() {
const { type, id } = editState;
if (!type || !id) return;
const data = type === 'ibadah'
? (ibadahLayer[id]?.data || cachedIbadah.find(x => x.id == id))
: (wargaLayer[id]?.data || cachedWarga.find(x => x.id == id));
const isRejected = data?.status === 'rejected';
const btn = document.getElementById('ep-save');
btn.disabled = true; btn.innerHTML = '<i class="fa-solid fa-spinner fa-spin"></i> Menyimpan...';
btn.disabled = true;
btn.innerHTML = isRejected
? '<i class="fa-solid fa-spinner fa-spin"></i> Mengajukan...'
: '<i class="fa-solid fa-spinner fa-spin"></i> Menyimpan...';
try {
let res;
if (type === 'ibadah') {
const ib = ibadahLayer[id]?.data || cachedIbadah.find(x => x.id == id);
const ib = data;
res = await fetch(API.ibadah + '?id=' + id, {
method: 'PUT', headers: { 'Content-Type': 'application/json' }, credentials: 'include',
body: JSON.stringify({
@@ -3221,7 +3250,7 @@
})
}).then(r => r.json());
} else {
const w = wargaLayer[id]?.data || cachedWarga.find(x => x.id == id);
const w = data;
res = await fetch(API.warga + '?id=' + id, {
method: 'PUT', headers: { 'Content-Type': 'application/json' }, credentials: 'include',
body: JSON.stringify({
@@ -3239,14 +3268,20 @@
}
if (res && !res.success) {
showToast('Gagal menyimpan: ' + (res.error || 'Terjadi kesalahan'), 'error');
btn.disabled = false; btn.innerHTML = '<i class="fa-solid fa-floppy-disk"></i> Simpan';
btn.disabled = false;
btn.innerHTML = isRejected
? '<i class="fa-solid fa-paper-plane"></i> Ajukan Ulang'
: '<i class="fa-solid fa-floppy-disk"></i> Simpan';
return;
}
showToast('Perubahan disimpan!', 'success');
showToast(isRejected ? 'Data berhasil diajukan ulang!' : 'Perubahan disimpan!', 'success');
closeEditPanel(); await loadAll();
if (currentPage === 'daftar' || currentPage === 'dashboard') renderPage(currentPage);
} catch (e) { showToast('Error: ' + e.message, 'error'); }
btn.disabled = false; btn.innerHTML = '<i class="fa-solid fa-floppy-disk"></i> Simpan';
btn.disabled = false;
btn.innerHTML = isRejected
? '<i class="fa-solid fa-paper-plane"></i> Ajukan Ulang'
: '<i class="fa-solid fa-floppy-disk"></i> Simpan';
}
async function deleteFromEdit() {
const { type, id } = editState;
@@ -3637,7 +3672,7 @@
// -- HELPERS
function canEdit(type, data) {
if (currentUser.role === 'admin') return true;
if (currentUser.role === 'surveyor' && data.surveyor_id == currentUser.id && data.status === 'pending') return true;
if (currentUser.role === 'surveyor' && data.surveyor_id == currentUser.id && (data.status === 'pending' || data.status === 'rejected')) return true;
return false;
}
function statusLabel(s) {