Files
SIG_WEBGIS_Nur_Ichsanul_Alif/api/parcels.php
T
2026-06-13 12:01:09 +07:00

163 lines
5.7 KiB
PHP

<?php
// ============================================================
// api/parcels.php — CRUD for land parcel polygons
// Ownership: SHM, HGB, HGU, HP
// ============================================================
require_once __DIR__ . '/../config/db.php';
require_once __DIR__ . '/../config/helpers.php';
session_start();
if (!isset($_SESSION['user_id'])) {
jsonResponse(['error' => 'Unauthorized'], 401);
}
handlePreflight();
$method = getMethod();
if ($method !== 'GET') {
if (!isset($_SESSION['role']) || $_SESSION['role'] !== 'admin') {
jsonResponse(['error' => 'Forbidden: Admin access required'], 403);
}
}
$db = getDB();
switch ($method) {
// ----------------------------------------------------------
// GET /api/parcels.php → all parcels as GeoJSON
// GET /api/parcels.php?id=N → single parcel
// GET /api/parcels.php?type=SHM → filter by ownership
// ----------------------------------------------------------
case 'GET':
if (isset($_GET['id'])) {
$stmt = $db->prepare('SELECT * FROM parcels WHERE id = ?');
$stmt->execute([(int)$_GET['id']]);
$row = $stmt->fetch();
if (!$row) jsonResponse(['error' => 'Parcel not found'], 404);
$row['geojson'] = json_decode($row['geojson'], true);
jsonResponse($row);
}
$where = '';
$params = [];
if (!empty($_GET['type'])) {
$where = 'WHERE ownership_type = ?';
$params = [$_GET['type']];
}
$stmt = $db->prepare("SELECT * FROM parcels $where ORDER BY created_at DESC");
$stmt->execute($params);
$rows = $stmt->fetchAll();
$features = [];
foreach ($rows as $row) {
$geo = json_decode($row['geojson'], true);
$features[] = [
'type' => 'Feature',
'geometry' => $geo,
'properties' => [
'id' => $row['id'],
'owner_name' => $row['owner_name'],
'ownership_type' => $row['ownership_type'],
'area_m2' => (float)$row['area_m2'],
'description' => $row['description'],
'created_at' => $row['created_at'],
],
];
}
jsonResponse(['type' => 'FeatureCollection', 'features' => $features]);
break;
// ----------------------------------------------------------
// POST /api/parcels.php
// Body: { owner_name, ownership_type, area_m2, geojson, description }
// ----------------------------------------------------------
case 'POST':
$body = getRequestBody();
foreach (['owner_name', 'ownership_type', 'geojson'] as $f) {
if (empty($body[$f])) jsonResponse(['error' => "Field '$f' is required"], 422);
}
$allowed = ['SHM', 'HGB', 'HGU', 'HP'];
if (!in_array($body['ownership_type'], $allowed, true)) {
jsonResponse(['error' => 'Invalid ownership_type'], 422);
}
$geojson = is_array($body['geojson'])
? json_encode($body['geojson'])
: $body['geojson'];
$stmt = $db->prepare(
'INSERT INTO parcels (owner_name, ownership_type, area_m2, geojson, description)
VALUES (?, ?, ?, ?, ?)'
);
$stmt->execute([
$body['owner_name'],
$body['ownership_type'],
(float)($body['area_m2'] ?? 0),
$geojson,
$body['description'] ?? null,
]);
$id = (int)$db->lastInsertId();
$stmt2 = $db->prepare('SELECT * FROM parcels WHERE id = ?');
$stmt2->execute([$id]);
$row = $stmt2->fetch();
$row['geojson'] = json_decode($row['geojson'], true);
jsonResponse($row, 201);
break;
// ----------------------------------------------------------
// PUT /api/parcels.php?id=N
// ----------------------------------------------------------
case 'PUT':
if (empty($_GET['id'])) jsonResponse(['error' => 'id required'], 400);
$body = getRequestBody();
$id = (int)$_GET['id'];
$check = $db->prepare('SELECT id FROM parcels WHERE id = ?');
$check->execute([$id]);
if (!$check->fetch()) jsonResponse(['error' => 'Parcel not found'], 404);
$geojson = is_array($body['geojson'] ?? null)
? json_encode($body['geojson'])
: ($body['geojson'] ?? '{}');
$stmt = $db->prepare(
'UPDATE parcels SET owner_name=?, ownership_type=?, area_m2=?, geojson=?, description=? WHERE id=?'
);
$stmt->execute([
$body['owner_name'] ?? '',
$body['ownership_type'] ?? 'SHM',
(float)($body['area_m2'] ?? 0),
$geojson,
$body['description'] ?? null,
$id,
]);
$stmt2 = $db->prepare('SELECT * FROM parcels WHERE id = ?');
$stmt2->execute([$id]);
$row = $stmt2->fetch();
$row['geojson'] = json_decode($row['geojson'], true);
jsonResponse($row);
break;
// ----------------------------------------------------------
// DELETE /api/parcels.php?id=N
// ----------------------------------------------------------
case 'DELETE':
if (empty($_GET['id'])) jsonResponse(['error' => 'id required'], 400);
$id = (int)$_GET['id'];
$stmt = $db->prepare('DELETE FROM parcels WHERE id = ?');
$stmt->execute([$id]);
if ($stmt->rowCount() === 0) jsonResponse(['error' => 'Parcel not found'], 404);
jsonResponse(['message' => 'Parcel deleted', 'id' => $id]);
break;
default:
jsonResponse(['error' => 'Method not allowed'], 405);
}