feat: complete WebGIS implementation with nominal bantuan and cache busting
This commit is contained in:
+132
@@ -0,0 +1,132 @@
|
||||
<?php
|
||||
// ================================================================
|
||||
// API: User Management (CRUD)
|
||||
// Hanya bisa diakses oleh admin
|
||||
// ================================================================
|
||||
require_once __DIR__ . '/../config/database.php';
|
||||
require_once __DIR__ . '/../config/config.php';
|
||||
require_once __DIR__ . '/../includes/auth.php';
|
||||
require_once __DIR__ . '/../includes/functions.php';
|
||||
|
||||
header('Content-Type: application/json; charset=utf-8');
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
|
||||
header('Access-Control-Allow-Headers: Content-Type');
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(204); exit; }
|
||||
|
||||
// Auth check — hanya admin
|
||||
session_name(SESSION_NAME);
|
||||
session_start();
|
||||
$sessionRole = $_SESSION['user']['role'] ?? $_SESSION['user_role'] ?? null;
|
||||
$sessionUserId = $_SESSION['user']['id'] ?? $_SESSION['user_id'] ?? null;
|
||||
if (!$sessionUserId || $sessionRole !== 'admin') {
|
||||
jsonResponse(['success' => false, 'message' => 'Akses ditolak: hanya admin'], 403);
|
||||
}
|
||||
|
||||
$db = getDB();
|
||||
$method = $_SERVER['REQUEST_METHOD'];
|
||||
$id = isset($_GET['id']) ? (int)$_GET['id'] : null;
|
||||
|
||||
// ── GET ────────────────────────────────────────────────────────
|
||||
if ($method === 'GET') {
|
||||
if ($id) {
|
||||
$stmt = $db->prepare("SELECT id, nama, email, role, created_at FROM users WHERE id = ?");
|
||||
$stmt->execute([$id]);
|
||||
$row = $stmt->fetch();
|
||||
if (!$row) jsonResponse(['success' => false, 'message' => 'User tidak ditemukan'], 404);
|
||||
jsonResponse(['success' => true, 'data' => $row]);
|
||||
}
|
||||
$rows = $db->query("SELECT id, nama, email, role, created_at FROM users ORDER BY role DESC, nama")->fetchAll();
|
||||
jsonResponse(['success' => true, 'data' => $rows, 'total' => count($rows)]);
|
||||
}
|
||||
|
||||
// ── POST (Tambah user baru) ────────────────────────────────────
|
||||
if ($method === 'POST') {
|
||||
$body = json_decode(file_get_contents('php://input'), true) ?? [];
|
||||
$nama = trim($body['nama'] ?? '');
|
||||
$email = trim($body['email'] ?? '');
|
||||
$pwd = $body['password'] ?? '';
|
||||
$role = in_array($body['role'] ?? '', ['admin','operator']) ? $body['role'] : 'operator';
|
||||
|
||||
if (!$nama || !$email || !$pwd) {
|
||||
jsonResponse(['success' => false, 'message' => 'Nama, email, dan password wajib diisi'], 422);
|
||||
}
|
||||
if (strlen($pwd) < 6) {
|
||||
jsonResponse(['success' => false, 'message' => 'Password minimal 6 karakter'], 422);
|
||||
}
|
||||
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
||||
jsonResponse(['success' => false, 'message' => 'Format email tidak valid'], 422);
|
||||
}
|
||||
|
||||
// Cek duplikat email
|
||||
$check = $db->prepare("SELECT id FROM users WHERE email = ?");
|
||||
$check->execute([$email]);
|
||||
if ($check->fetch()) {
|
||||
jsonResponse(['success' => false, 'message' => 'Email sudah terdaftar'], 409);
|
||||
}
|
||||
|
||||
$hash = password_hash($pwd, PASSWORD_BCRYPT);
|
||||
$stmt = $db->prepare("INSERT INTO users (nama, email, password, role) VALUES (?, ?, ?, ?)");
|
||||
$stmt->execute([$nama, $email, $hash, $role]);
|
||||
$newId = $db->lastInsertId();
|
||||
$new = $db->query("SELECT id, nama, email, role, created_at FROM users WHERE id = $newId")->fetch();
|
||||
jsonResponse(['success' => true, 'message' => 'Pengguna berhasil ditambahkan', 'data' => $new], 201);
|
||||
}
|
||||
|
||||
// ── PUT (Edit user) ────────────────────────────────────────────
|
||||
if ($method === 'PUT') {
|
||||
if (!$id) jsonResponse(['success' => false, 'message' => 'ID wajib disertakan'], 400);
|
||||
$body = json_decode(file_get_contents('php://input'), true) ?? [];
|
||||
|
||||
$existing = $db->prepare("SELECT * FROM users WHERE id = ?");
|
||||
$existing->execute([$id]);
|
||||
$user = $existing->fetch();
|
||||
if (!$user) jsonResponse(['success' => false, 'message' => 'User tidak ditemukan'], 404);
|
||||
|
||||
$nama = trim($body['nama'] ?? $user['nama']);
|
||||
$email = trim($body['email'] ?? $user['email']);
|
||||
$role = in_array($body['role'] ?? '', ['admin','operator']) ? $body['role'] : $user['role'];
|
||||
$pwd = $body['password'] ?? '';
|
||||
|
||||
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
||||
jsonResponse(['success' => false, 'message' => 'Format email tidak valid'], 422);
|
||||
}
|
||||
|
||||
// Cek duplikat email (kecuali user ini sendiri)
|
||||
$checkEmail = $db->prepare("SELECT id FROM users WHERE email = ? AND id != ?");
|
||||
$checkEmail->execute([$email, $id]);
|
||||
if ($checkEmail->fetch()) {
|
||||
jsonResponse(['success' => false, 'message' => 'Email sudah digunakan oleh user lain'], 409);
|
||||
}
|
||||
|
||||
if ($pwd) {
|
||||
if (strlen($pwd) < 6) jsonResponse(['success' => false, 'message' => 'Password minimal 6 karakter'], 422);
|
||||
$hash = password_hash($pwd, PASSWORD_BCRYPT);
|
||||
$stmt = $db->prepare("UPDATE users SET nama=?, email=?, role=?, password=? WHERE id=?");
|
||||
$stmt->execute([$nama, $email, $role, $hash, $id]);
|
||||
} else {
|
||||
$stmt = $db->prepare("UPDATE users SET nama=?, email=?, role=? WHERE id=?");
|
||||
$stmt->execute([$nama, $email, $role, $id]);
|
||||
}
|
||||
|
||||
$updated = $db->query("SELECT id, nama, email, role, created_at FROM users WHERE id = $id")->fetch();
|
||||
jsonResponse(['success' => true, 'message' => 'Data pengguna berhasil diperbarui', 'data' => $updated]);
|
||||
}
|
||||
|
||||
// ── DELETE ─────────────────────────────────────────────────────
|
||||
if ($method === 'DELETE') {
|
||||
if (!$id) jsonResponse(['success' => false, 'message' => 'ID wajib disertakan'], 400);
|
||||
|
||||
// Tidak boleh hapus diri sendiri
|
||||
if ($id == $sessionUserId) {
|
||||
jsonResponse(['success' => false, 'message' => 'Tidak bisa menghapus akun sendiri'], 403);
|
||||
}
|
||||
|
||||
$stmt = $db->prepare("DELETE FROM users WHERE id = ?");
|
||||
$stmt->execute([$id]);
|
||||
if ($stmt->rowCount() === 0) jsonResponse(['success' => false, 'message' => 'User tidak ditemukan'], 404);
|
||||
jsonResponse(['success' => true, 'message' => 'Pengguna berhasil dihapus']);
|
||||
}
|
||||
|
||||
jsonResponse(['success' => false, 'message' => 'Method tidak didukung'], 405);
|
||||
Reference in New Issue
Block a user