Compare commits

..

2 Commits

4 changed files with 72 additions and 17 deletions
+7 -3
View File
@@ -90,14 +90,18 @@ function jwt_decode(string $jwt, string $secret): ?array {
function getAuthorizationHeader(): string { function getAuthorizationHeader(): string {
$headers = null; $headers = null;
if (isset($_SERVER['Authorization'])) { if (isset($_SERVER['HTTP_X_AUTHORIZATION'])) {
$headers = trim($_SERVER["HTTP_X_AUTHORIZATION"]);
} else if (isset($_SERVER['Authorization'])) {
$headers = trim($_SERVER["Authorization"]); $headers = trim($_SERVER["Authorization"]);
} else if (isset($_SERVER['HTTP_AUTHORIZATION'])) { } else if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
$headers = trim($_SERVER["HTTP_AUTHORIZATION"]); $headers = trim($_SERVER["HTTP_AUTHORIZATION"]);
} else if (function_exists('apache_request_headers')) { } else if (function_exists('apache_request_headers')) {
$requestHeaders = apache_request_headers(); $requestHeaders = apache_request_headers();
$requestHeaders = array_change_key_case($requestHeaders, CASE_LOWER); $requestHeaders = array_change_key_case($requestHeaders, CASE_LOWER);
if (isset($requestHeaders['authorization'])) { if (isset($requestHeaders['x-authorization'])) {
$headers = trim($requestHeaders['x-authorization']);
} else if (isset($requestHeaders['authorization'])) {
$headers = trim($requestHeaders['authorization']); $headers = trim($requestHeaders['authorization']);
} }
} }
@@ -117,7 +121,7 @@ function getCurrentUser(): ?array {
return $payload; return $payload;
} }
} }
return $_SESSION['user'] ?? null; return null;
} }
/** /**
+10 -2
View File
@@ -108,12 +108,12 @@ if ($method === 'PUT') {
$oldData = $old->fetch(); $oldData = $old->fetch();
if (!$oldData) jsonResponse(['success'=>false,'error'=>'Tidak ditemukan'], 404); if (!$oldData) jsonResponse(['success'=>false,'error'=>'Tidak ditemukan'], 404);
// Surveyor hanya bisa edit milik sendiri yang masih pending // Surveyor hanya bisa edit milik sendiri yang masih pending atau rejected
if ($user['role'] === 'surveyor') { if ($user['role'] === 'surveyor') {
if ((int)$oldData['surveyor_id'] !== $user['id']) { if ((int)$oldData['surveyor_id'] !== $user['id']) {
jsonResponse(['success'=>false,'error'=>'Anda hanya bisa edit data milik Anda'], 403); jsonResponse(['success'=>false,'error'=>'Anda hanya bisa edit data milik Anda'], 403);
} }
if ($oldData['status'] !== 'pending') { if ($oldData['status'] !== 'pending' && $oldData['status'] !== 'rejected') {
jsonResponse(['success'=>false,'error'=>'Data yang sudah diverifikasi tidak bisa diedit'], 403); jsonResponse(['success'=>false,'error'=>'Data yang sudah diverifikasi tidak bisa diedit'], 403);
} }
} }
@@ -131,6 +131,14 @@ if ($method === 'PUT') {
$vals[] = in_array($f,['lat','lng']) ? (float)$body[$f] : ($f==='radius' ? (int)$body[$f] : $body[$f]); $vals[] = in_array($f,['lat','lng']) ? (float)$body[$f] : ($f==='radius' ? (int)$body[$f] : $body[$f]);
} }
} }
if ($user['role'] === 'surveyor') {
$fields[] = "status = ?";
$vals[] = 'pending';
$fields[] = "alasan_penolakan = ?";
$vals[] = null;
}
if (empty($fields)) jsonResponse(['success'=>false,'error'=>'Tidak ada data diubah'], 422); if (empty($fields)) jsonResponse(['success'=>false,'error'=>'Tidak ada data diubah'], 422);
$vals[] = $id; $vals[] = $id;
$db->prepare("UPDATE rumah_ibadah SET ".implode(',',$fields)." WHERE id = ?")->execute($vals); $db->prepare("UPDATE rumah_ibadah SET ".implode(',',$fields)." WHERE id = ?")->execute($vals);
+10 -2
View File
@@ -142,12 +142,12 @@ if ($method === 'PUT') {
$oldData = $old->fetch(); $oldData = $old->fetch();
if (!$oldData) jsonResponse(['success'=>false,'error'=>'Tidak ditemukan'], 404); if (!$oldData) jsonResponse(['success'=>false,'error'=>'Tidak ditemukan'], 404);
// Surveyor hanya bisa edit milik sendiri yang masih pending // Surveyor hanya bisa edit milik sendiri yang masih pending atau rejected
if ($user['role'] === 'surveyor') { if ($user['role'] === 'surveyor') {
if ((int)$oldData['surveyor_id'] !== $user['id']) { if ((int)$oldData['surveyor_id'] !== $user['id']) {
jsonResponse(['success'=>false,'error'=>'Anda hanya bisa edit data milik Anda'], 403); jsonResponse(['success'=>false,'error'=>'Anda hanya bisa edit data milik Anda'], 403);
} }
if ($oldData['status'] !== 'pending') { if ($oldData['status'] !== 'pending' && $oldData['status'] !== 'rejected') {
jsonResponse(['success'=>false,'error'=>'Data yang sudah diverifikasi tidak bisa diedit'], 403); jsonResponse(['success'=>false,'error'=>'Data yang sudah diverifikasi tidak bisa diedit'], 403);
} }
} }
@@ -184,6 +184,14 @@ if ($method === 'PUT') {
} }
} }
} }
if ($user['role'] === 'surveyor') {
$fields[] = "status = ?";
$vals[] = 'pending';
$fields[] = "alasan_penolakan = ?";
$vals[] = null;
}
if (empty($fields)) jsonResponse(['success'=>false,'error'=>'Tidak ada data diubah'], 422); if (empty($fields)) jsonResponse(['success'=>false,'error'=>'Tidak ada data diubah'], 422);
// jika koordinat berubah dan data verified, cari ulang ibadah terdekat // jika koordinat berubah dan data verified, cari ulang ibadah terdekat
+43 -8
View File
@@ -264,12 +264,24 @@
const originalFetch = window.fetch; const originalFetch = window.fetch;
window.fetch = function(url, options) { window.fetch = function(url, options) {
options = options || {}; options = options || {};
options.headers = options.headers || {};
const token = sessionStorage.getItem('user_token'); const token = sessionStorage.getItem('user_token');
if (token) { if (token) {
if (options.headers instanceof Headers) {
if (!options.headers.has('Authorization')) {
options.headers.set('Authorization', 'Bearer ' + token);
}
if (!options.headers.has('X-Authorization')) {
options.headers.set('X-Authorization', 'Bearer ' + token);
}
} else {
options.headers = options.headers || {};
if (!options.headers['Authorization'] && !options.headers['authorization']) { if (!options.headers['Authorization'] && !options.headers['authorization']) {
options.headers['Authorization'] = 'Bearer ' + token; options.headers['Authorization'] = 'Bearer ' + token;
} }
if (!options.headers['X-Authorization'] && !options.headers['x-authorization']) {
options.headers['X-Authorization'] = 'Bearer ' + token;
}
}
} }
return originalFetch(url, options); return originalFetch(url, options);
}; };
@@ -3135,6 +3147,16 @@
if (!data) return; if (!data) return;
const editable = canEdit(type, data); const editable = canEdit(type, data);
footer.style.display = editable ? 'flex' : 'none'; footer.style.display = editable ? 'flex' : 'none';
const saveBtn = document.getElementById('ep-save');
if (saveBtn) {
if (data.status === 'rejected') {
saveBtn.innerHTML = '<i class="fa-solid fa-paper-plane"></i> Ajukan Ulang';
} else {
saveBtn.innerHTML = '<i class="fa-solid fa-floppy-disk"></i> Simpan';
}
}
document.getElementById('ep-title').innerHTML = type === 'ibadah' ? `<i class="${ICONS[data.jenis]}"></i> Edit Ibadah` : '<i class="fa-solid fa-user"></i> Edit Warga'; document.getElementById('ep-title').innerHTML = type === 'ibadah' ? `<i class="${ICONS[data.jenis]}"></i> Edit Ibadah` : '<i class="fa-solid fa-user"></i> Edit Warga';
if (type === 'ibadah') { if (type === 'ibadah') {
const ib = data; const ib = data;
@@ -3200,12 +3222,19 @@
async function saveEdit() { async function saveEdit() {
const { type, id } = editState; const { type, id } = editState;
if (!type || !id) return; if (!type || !id) return;
const data = type === 'ibadah'
? (ibadahLayer[id]?.data || cachedIbadah.find(x => x.id == id))
: (wargaLayer[id]?.data || cachedWarga.find(x => x.id == id));
const isRejected = data?.status === 'rejected';
const btn = document.getElementById('ep-save'); const btn = document.getElementById('ep-save');
btn.disabled = true; btn.innerHTML = '<i class="fa-solid fa-spinner fa-spin"></i> Menyimpan...'; btn.disabled = true;
btn.innerHTML = isRejected
? '<i class="fa-solid fa-spinner fa-spin"></i> Mengajukan...'
: '<i class="fa-solid fa-spinner fa-spin"></i> Menyimpan...';
try { try {
let res; let res;
if (type === 'ibadah') { if (type === 'ibadah') {
const ib = ibadahLayer[id]?.data || cachedIbadah.find(x => x.id == id); const ib = data;
res = await fetch(API.ibadah + '?id=' + id, { res = await fetch(API.ibadah + '?id=' + id, {
method: 'PUT', headers: { 'Content-Type': 'application/json' }, credentials: 'include', method: 'PUT', headers: { 'Content-Type': 'application/json' }, credentials: 'include',
body: JSON.stringify({ body: JSON.stringify({
@@ -3221,7 +3250,7 @@
}) })
}).then(r => r.json()); }).then(r => r.json());
} else { } else {
const w = wargaLayer[id]?.data || cachedWarga.find(x => x.id == id); const w = data;
res = await fetch(API.warga + '?id=' + id, { res = await fetch(API.warga + '?id=' + id, {
method: 'PUT', headers: { 'Content-Type': 'application/json' }, credentials: 'include', method: 'PUT', headers: { 'Content-Type': 'application/json' }, credentials: 'include',
body: JSON.stringify({ body: JSON.stringify({
@@ -3239,14 +3268,20 @@
} }
if (res && !res.success) { if (res && !res.success) {
showToast('Gagal menyimpan: ' + (res.error || 'Terjadi kesalahan'), 'error'); showToast('Gagal menyimpan: ' + (res.error || 'Terjadi kesalahan'), 'error');
btn.disabled = false; btn.innerHTML = '<i class="fa-solid fa-floppy-disk"></i> Simpan'; btn.disabled = false;
btn.innerHTML = isRejected
? '<i class="fa-solid fa-paper-plane"></i> Ajukan Ulang'
: '<i class="fa-solid fa-floppy-disk"></i> Simpan';
return; return;
} }
showToast('Perubahan disimpan!', 'success'); showToast(isRejected ? 'Data berhasil diajukan ulang!' : 'Perubahan disimpan!', 'success');
closeEditPanel(); await loadAll(); closeEditPanel(); await loadAll();
if (currentPage === 'daftar' || currentPage === 'dashboard') renderPage(currentPage); if (currentPage === 'daftar' || currentPage === 'dashboard') renderPage(currentPage);
} catch (e) { showToast('Error: ' + e.message, 'error'); } } catch (e) { showToast('Error: ' + e.message, 'error'); }
btn.disabled = false; btn.innerHTML = '<i class="fa-solid fa-floppy-disk"></i> Simpan'; btn.disabled = false;
btn.innerHTML = isRejected
? '<i class="fa-solid fa-paper-plane"></i> Ajukan Ulang'
: '<i class="fa-solid fa-floppy-disk"></i> Simpan';
} }
async function deleteFromEdit() { async function deleteFromEdit() {
const { type, id } = editState; const { type, id } = editState;
@@ -3637,7 +3672,7 @@
// -- HELPERS // -- HELPERS
function canEdit(type, data) { function canEdit(type, data) {
if (currentUser.role === 'admin') return true; if (currentUser.role === 'admin') return true;
if (currentUser.role === 'surveyor' && data.surveyor_id == currentUser.id && data.status === 'pending') return true; if (currentUser.role === 'surveyor' && data.surveyor_id == currentUser.id && (data.status === 'pending' || data.status === 'rejected')) return true;
return false; return false;
} }
function statusLabel(s) { function statusLabel(s) {