163 lines
5.6 KiB
PHP
163 lines
5.6 KiB
PHP
<?php
|
|
// ============================================================
|
|
// api/roads.php — CRUD for road polylines
|
|
// Road types: national (red), provincial (orange), district (blue)
|
|
// ============================================================
|
|
|
|
require_once __DIR__ . '/../config/db.php';
|
|
require_once __DIR__ . '/../config/helpers.php';
|
|
|
|
session_start();
|
|
if (!isset($_SESSION['user_id'])) {
|
|
jsonResponse(['error' => 'Unauthorized'], 401);
|
|
}
|
|
|
|
handlePreflight();
|
|
|
|
$method = getMethod();
|
|
if ($method !== 'GET') {
|
|
if (!isset($_SESSION['role']) || $_SESSION['role'] !== 'admin') {
|
|
jsonResponse(['error' => 'Forbidden: Admin access required'], 403);
|
|
}
|
|
}
|
|
|
|
$db = getDB();
|
|
|
|
switch ($method) {
|
|
|
|
// ----------------------------------------------------------
|
|
// GET /api/roads.php → all roads as GeoJSON
|
|
// GET /api/roads.php?id=N → single road
|
|
// GET /api/roads.php?type=national → filter by type
|
|
// ----------------------------------------------------------
|
|
case 'GET':
|
|
if (isset($_GET['id'])) {
|
|
$stmt = $db->prepare('SELECT * FROM roads WHERE id = ?');
|
|
$stmt->execute([(int)$_GET['id']]);
|
|
$row = $stmt->fetch();
|
|
if (!$row) jsonResponse(['error' => 'Road not found'], 404);
|
|
$row['geojson'] = json_decode($row['geojson'], true);
|
|
jsonResponse($row);
|
|
}
|
|
|
|
$where = '';
|
|
$params = [];
|
|
if (!empty($_GET['type'])) {
|
|
$where = 'WHERE road_type = ?';
|
|
$params = [$_GET['type']];
|
|
}
|
|
|
|
$stmt = $db->prepare("SELECT * FROM roads $where ORDER BY created_at DESC");
|
|
$stmt->execute($params);
|
|
$rows = $stmt->fetchAll();
|
|
|
|
$features = [];
|
|
foreach ($rows as $row) {
|
|
$geo = json_decode($row['geojson'], true);
|
|
$features[] = [
|
|
'type' => 'Feature',
|
|
'geometry' => $geo,
|
|
'properties' => [
|
|
'id' => $row['id'],
|
|
'name' => $row['name'],
|
|
'road_type' => $row['road_type'],
|
|
'length_m' => (float)$row['length_m'],
|
|
'description' => $row['description'],
|
|
'created_at' => $row['created_at'],
|
|
],
|
|
];
|
|
}
|
|
jsonResponse(['type' => 'FeatureCollection', 'features' => $features]);
|
|
break;
|
|
|
|
// ----------------------------------------------------------
|
|
// POST /api/roads.php
|
|
// Body: { name, road_type, length_m, geojson, description }
|
|
// ----------------------------------------------------------
|
|
case 'POST':
|
|
$body = getRequestBody();
|
|
|
|
foreach (['name', 'road_type', 'geojson'] as $f) {
|
|
if (empty($body[$f])) jsonResponse(['error' => "Field '$f' is required"], 422);
|
|
}
|
|
|
|
$allowed = ['national', 'provincial', 'district'];
|
|
if (!in_array($body['road_type'], $allowed, true)) {
|
|
jsonResponse(['error' => 'Invalid road_type'], 422);
|
|
}
|
|
|
|
$geojson = is_array($body['geojson'])
|
|
? json_encode($body['geojson'])
|
|
: $body['geojson'];
|
|
|
|
$stmt = $db->prepare(
|
|
'INSERT INTO roads (name, road_type, length_m, geojson, description)
|
|
VALUES (?, ?, ?, ?, ?)'
|
|
);
|
|
$stmt->execute([
|
|
$body['name'],
|
|
$body['road_type'],
|
|
(float)($body['length_m'] ?? 0),
|
|
$geojson,
|
|
$body['description'] ?? null,
|
|
]);
|
|
|
|
$id = (int)$db->lastInsertId();
|
|
$stmt2 = $db->prepare('SELECT * FROM roads WHERE id = ?');
|
|
$stmt2->execute([$id]);
|
|
$row = $stmt2->fetch();
|
|
$row['geojson'] = json_decode($row['geojson'], true);
|
|
jsonResponse($row, 201);
|
|
break;
|
|
|
|
// ----------------------------------------------------------
|
|
// PUT /api/roads.php?id=N
|
|
// ----------------------------------------------------------
|
|
case 'PUT':
|
|
if (empty($_GET['id'])) jsonResponse(['error' => 'id required'], 400);
|
|
$body = getRequestBody();
|
|
$id = (int)$_GET['id'];
|
|
|
|
$check = $db->prepare('SELECT id FROM roads WHERE id = ?');
|
|
$check->execute([$id]);
|
|
if (!$check->fetch()) jsonResponse(['error' => 'Road not found'], 404);
|
|
|
|
$geojson = is_array($body['geojson'] ?? null)
|
|
? json_encode($body['geojson'])
|
|
: ($body['geojson'] ?? '{}');
|
|
|
|
$stmt = $db->prepare(
|
|
'UPDATE roads SET name=?, road_type=?, length_m=?, geojson=?, description=? WHERE id=?'
|
|
);
|
|
$stmt->execute([
|
|
$body['name'] ?? '',
|
|
$body['road_type'] ?? 'national',
|
|
(float)($body['length_m'] ?? 0),
|
|
$geojson,
|
|
$body['description'] ?? null,
|
|
$id,
|
|
]);
|
|
|
|
$stmt2 = $db->prepare('SELECT * FROM roads WHERE id = ?');
|
|
$stmt2->execute([$id]);
|
|
$row = $stmt2->fetch();
|
|
$row['geojson'] = json_decode($row['geojson'], true);
|
|
jsonResponse($row);
|
|
break;
|
|
|
|
// ----------------------------------------------------------
|
|
// DELETE /api/roads.php?id=N
|
|
// ----------------------------------------------------------
|
|
case 'DELETE':
|
|
if (empty($_GET['id'])) jsonResponse(['error' => 'id required'], 400);
|
|
$id = (int)$_GET['id'];
|
|
$stmt = $db->prepare('DELETE FROM roads WHERE id = ?');
|
|
$stmt->execute([$id]);
|
|
if ($stmt->rowCount() === 0) jsonResponse(['error' => 'Road not found'], 404);
|
|
jsonResponse(['message' => 'Road deleted', 'id' => $id]);
|
|
break;
|
|
|
|
default:
|
|
jsonResponse(['error' => 'Method not allowed'], 405);
|
|
}
|