Files
UAS_WebGIS_CeciliaYvonGunaw…/povertymap/api/ibadah.php
T
2026-06-10 22:12:35 +07:00

182 lines
6.8 KiB
PHP

<?php
require_once __DIR__ . '/config.php';
require_once __DIR__ . '/helpers.php';
header('Content-Type: application/json; charset=utf-8');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type');
header('Access-Control-Allow-Credentials: true');
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') exit;
$db = getDB();
$method = $_SERVER['REQUEST_METHOD'];
$id = isset($_GET['id']) ? (int)$_GET['id'] : null;
// ── GET: list semua / satu ───────────────────
if ($method === 'GET') {
$user = getCurrentUser();
if ($id) {
$stmt = $db->prepare("SELECT * FROM rumah_ibadah WHERE id = ?");
$stmt->execute([$id]);
$row = $stmt->fetch();
jsonResponse($row ?: ['error' => 'Tidak ditemukan'], $row ? 200 : 404);
}
// Admin, Surveyor, & Pemangku melihat semua, lainnya hanya verified
if ($user && ($user['role'] === 'admin' || $user['role'] === 'surveyor' || $user['role'] === 'pemangku')) {
$rows = $db->query("
SELECT ri.*,
COUNT(wm.id) AS jumlah_kk,
COALESCE(SUM(wm.jumlah_anggota),0) AS jumlah_jiwa,
u.nama_lengkap AS surveyor_nama
FROM rumah_ibadah ri
LEFT JOIN warga_miskin wm ON wm.ibadah_id = ri.id AND wm.status = 'verified'
LEFT JOIN users u ON u.id = ri.surveyor_id
GROUP BY ri.id
ORDER BY ri.created_at DESC
")->fetchAll();
} else {
// Pemangku / publik: hanya verified
$rows = $db->query("
SELECT ri.*,
COUNT(wm.id) AS jumlah_kk,
COALESCE(SUM(wm.jumlah_anggota),0) AS jumlah_jiwa
FROM rumah_ibadah ri
LEFT JOIN warga_miskin wm ON wm.ibadah_id = ri.id AND wm.status = 'verified'
WHERE ri.status = 'verified'
GROUP BY ri.id
ORDER BY ri.created_at DESC
")->fetchAll();
}
jsonResponse(['data' => $rows]);
}
// ── POST: tambah ─────────────────────────────
if ($method === 'POST') {
$user = requireRole(['admin', 'surveyor']);
$body = json_decode(file_get_contents('php://input'), true) ?? [];
$required = ['nama','jenis','pic','lat','lng'];
foreach ($required as $f) {
if (empty($body[$f])) jsonResponse(['success'=>false,'error'=>"Field '$f' wajib diisi"], 422);
}
// Surveyor → pending, Admin → verified
$status = ($user['role'] === 'admin') ? 'verified' : 'pending';
$stmt = $db->prepare("
INSERT INTO rumah_ibadah (nama, jenis, alamat, pic, no_wa, radius, lat, lng, foto_path, surveyor_id, status, kecamatan)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
");
$stmt->execute([
$body['nama'],
$body['jenis'],
$body['alamat'] ?? '',
$body['pic'],
$body['no_wa'] ?? '',
(int)($body['radius'] ?? 500),
(float)$body['lat'],
(float)$body['lng'],
$body['foto_path'] ?? null,
$user['id'],
$status,
$body['kecamatan'] ?? null,
]);
$newId = (int)$db->lastInsertId();
// re-assign warga hanya jika langsung verified
if ($status === 'verified') {
reassignAllWarga($db);
}
auditLog($db, $user['id'], 'CREATE_IBADAH', 'rumah_ibadah', $newId, null, $body);
jsonResponse(['success'=>true, 'id'=>$newId, 'status'=>$status]);
}
// ── PUT: update ──────────────────────────────
if ($method === 'PUT') {
$user = requireAuth();
if (!$id) jsonResponse(['success'=>false,'error'=>'ID diperlukan'], 400);
// Cek permission
$old = $db->prepare("SELECT * FROM rumah_ibadah WHERE id = ?");
$old->execute([$id]);
$oldData = $old->fetch();
if (!$oldData) jsonResponse(['success'=>false,'error'=>'Tidak ditemukan'], 404);
// Surveyor hanya bisa edit milik sendiri yang masih pending
if ($user['role'] === 'surveyor') {
if ((int)$oldData['surveyor_id'] !== $user['id']) {
jsonResponse(['success'=>false,'error'=>'Anda hanya bisa edit data milik Anda'], 403);
}
if ($oldData['status'] !== 'pending') {
jsonResponse(['success'=>false,'error'=>'Data yang sudah diverifikasi tidak bisa diedit'], 403);
}
}
// Pemangku tidak boleh edit
if ($user['role'] === 'pemangku') {
jsonResponse(['success'=>false,'error'=>'Anda tidak memiliki akses edit'], 403);
}
$body = json_decode(file_get_contents('php://input'), true) ?? [];
$fields = []; $vals = [];
foreach (['nama','jenis','alamat','pic','no_wa','radius','lat','lng','foto_path','kecamatan'] as $f) {
if (array_key_exists($f, $body)) {
$fields[] = "$f = ?";
$vals[] = in_array($f,['lat','lng']) ? (float)$body[$f] : ($f==='radius' ? (int)$body[$f] : $body[$f]);
}
}
if (empty($fields)) jsonResponse(['success'=>false,'error'=>'Tidak ada data diubah'], 422);
$vals[] = $id;
$db->prepare("UPDATE rumah_ibadah SET ".implode(',',$fields)." WHERE id = ?")->execute($vals);
// re-assign ulang jika data verified
if ($oldData['status'] === 'verified') {
reassignAllWarga($db);
}
auditLog($db, $user['id'], 'UPDATE_IBADAH', 'rumah_ibadah', $id, $oldData, $body);
jsonResponse(['success'=>true]);
}
// ── DELETE ───────────────────────────────────
if ($method === 'DELETE') {
$user = requireAuth();
if (!$id) jsonResponse(['success'=>false,'error'=>'ID diperlukan'], 400);
$old = $db->prepare("SELECT * FROM rumah_ibadah WHERE id = ?");
$old->execute([$id]);
$oldData = $old->fetch();
if (!$oldData) jsonResponse(['success'=>false,'error'=>'Tidak ditemukan'], 404);
// Surveyor bisa hapus milik sendiri
if ($user['role'] === 'surveyor') {
if ((int)$oldData['surveyor_id'] !== $user['id']) {
jsonResponse(['success'=>false,'error'=>'Anda hanya bisa hapus data milik Anda'], 403);
}
}
if ($user['role'] === 'pemangku') {
jsonResponse(['success'=>false,'error'=>'Anda tidak memiliki akses hapus'], 403);
}
// warga_miskin.ibadah_id akan SET NULL (FK ON DELETE SET NULL)
$db->prepare("DELETE FROM rumah_ibadah WHERE id = ?")->execute([$id]);
// Jika rumah ibadah terverifikasi dihapus, reassign warga sekitar
if ($oldData['status'] === 'verified') {
reassignAllWarga($db);
}
auditLog($db, $user['id'], 'DELETE_IBADAH', 'rumah_ibadah', $id, $oldData);
jsonResponse(['success'=>true]);
}
jsonResponse(['error'=>'Method tidak didukung'], 405);