'Unauthorized'], 401); } handlePreflight(); $method = getMethod(); if ($method !== 'GET') { if (!isset($_SESSION['role']) || $_SESSION['role'] !== 'admin') { jsonResponse(['error' => 'Forbidden: Admin access required'], 403); } } $db = getDB(); switch ($method) { // ---------------------------------------------------------- // GET /api/roads.php → all roads as GeoJSON // GET /api/roads.php?id=N → single road // GET /api/roads.php?type=national → filter by type // ---------------------------------------------------------- case 'GET': if (isset($_GET['id'])) { $stmt = $db->prepare('SELECT * FROM roads WHERE id = ?'); $stmt->execute([(int)$_GET['id']]); $row = $stmt->fetch(); if (!$row) jsonResponse(['error' => 'Road not found'], 404); $row['geojson'] = json_decode($row['geojson'], true); jsonResponse($row); } $where = ''; $params = []; if (!empty($_GET['type'])) { $where = 'WHERE road_type = ?'; $params = [$_GET['type']]; } $stmt = $db->prepare("SELECT * FROM roads $where ORDER BY created_at DESC"); $stmt->execute($params); $rows = $stmt->fetchAll(); $features = []; foreach ($rows as $row) { $geo = json_decode($row['geojson'], true); $features[] = [ 'type' => 'Feature', 'geometry' => $geo, 'properties' => [ 'id' => $row['id'], 'name' => $row['name'], 'road_type' => $row['road_type'], 'length_m' => (float)$row['length_m'], 'description' => $row['description'], 'created_at' => $row['created_at'], ], ]; } jsonResponse(['type' => 'FeatureCollection', 'features' => $features]); break; // ---------------------------------------------------------- // POST /api/roads.php // Body: { name, road_type, length_m, geojson, description } // ---------------------------------------------------------- case 'POST': $body = getRequestBody(); foreach (['name', 'road_type', 'geojson'] as $f) { if (empty($body[$f])) jsonResponse(['error' => "Field '$f' is required"], 422); } $allowed = ['national', 'provincial', 'district']; if (!in_array($body['road_type'], $allowed, true)) { jsonResponse(['error' => 'Invalid road_type'], 422); } $geojson = is_array($body['geojson']) ? json_encode($body['geojson']) : $body['geojson']; $stmt = $db->prepare( 'INSERT INTO roads (name, road_type, length_m, geojson, description) VALUES (?, ?, ?, ?, ?)' ); $stmt->execute([ $body['name'], $body['road_type'], (float)($body['length_m'] ?? 0), $geojson, $body['description'] ?? null, ]); $id = (int)$db->lastInsertId(); $stmt2 = $db->prepare('SELECT * FROM roads WHERE id = ?'); $stmt2->execute([$id]); $row = $stmt2->fetch(); $row['geojson'] = json_decode($row['geojson'], true); jsonResponse($row, 201); break; // ---------------------------------------------------------- // PUT /api/roads.php?id=N // ---------------------------------------------------------- case 'PUT': if (empty($_GET['id'])) jsonResponse(['error' => 'id required'], 400); $body = getRequestBody(); $id = (int)$_GET['id']; $check = $db->prepare('SELECT id FROM roads WHERE id = ?'); $check->execute([$id]); if (!$check->fetch()) jsonResponse(['error' => 'Road not found'], 404); $geojson = is_array($body['geojson'] ?? null) ? json_encode($body['geojson']) : ($body['geojson'] ?? '{}'); $stmt = $db->prepare( 'UPDATE roads SET name=?, road_type=?, length_m=?, geojson=?, description=? WHERE id=?' ); $stmt->execute([ $body['name'] ?? '', $body['road_type'] ?? 'national', (float)($body['length_m'] ?? 0), $geojson, $body['description'] ?? null, $id, ]); $stmt2 = $db->prepare('SELECT * FROM roads WHERE id = ?'); $stmt2->execute([$id]); $row = $stmt2->fetch(); $row['geojson'] = json_decode($row['geojson'], true); jsonResponse($row); break; // ---------------------------------------------------------- // DELETE /api/roads.php?id=N // ---------------------------------------------------------- case 'DELETE': if (empty($_GET['id'])) jsonResponse(['error' => 'id required'], 400); $id = (int)$_GET['id']; $stmt = $db->prepare('DELETE FROM roads WHERE id = ?'); $stmt->execute([$id]); if ($stmt->rowCount() === 0) jsonResponse(['error' => 'Road not found'], 404); jsonResponse(['message' => 'Road deleted', 'id' => $id]); break; default: jsonResponse(['error' => 'Method not allowed'], 405); }