first commit
This commit is contained in:
+103
@@ -0,0 +1,103 @@
|
||||
<?php
|
||||
// ============================================================
|
||||
// api/users.php — Manajemen Pengguna (Admin only)
|
||||
// GET — list semua pengguna
|
||||
// PUT ?id= — update jabatan, role, can_edit, aktif
|
||||
// POST — tambah pengguna baru
|
||||
// ============================================================
|
||||
require_once __DIR__ . '/config.php';
|
||||
|
||||
$method = $_SERVER['REQUEST_METHOD'];
|
||||
$db = getDB();
|
||||
|
||||
// ── GET: list semua pengguna ────────────────────────────────
|
||||
if ($method === 'GET') {
|
||||
requireAuth();
|
||||
$rows = $db->query(
|
||||
"SELECT id, username, role, jabatan, can_edit, is_admin, is_wali, aktif, created_at
|
||||
FROM users ORDER BY id"
|
||||
)->fetchAll();
|
||||
// Hapus password dari hasil
|
||||
jsonOk($rows);
|
||||
}
|
||||
|
||||
// ── PUT: update data pengguna ───────────────────────────────
|
||||
if ($method === 'PUT') {
|
||||
$user = requireAuth();
|
||||
if (!$user['is_admin']) jsonError('Hanya admin yang dapat mengubah data pengguna.', 403);
|
||||
$id = getParam('id');
|
||||
if (!$id) jsonError('ID wajib disertakan.');
|
||||
$d = body();
|
||||
|
||||
$fields = [];
|
||||
$params = [];
|
||||
|
||||
if (isset($d['jabatan'])) { $fields[] = 'jabatan=?'; $params[] = $d['jabatan']; }
|
||||
if (isset($d['role'])) { $fields[] = 'role=?'; $params[] = $d['role'];
|
||||
$params_extra = [];
|
||||
$isAdmin = $d['role'] === 'admin' ? 1 : 0;
|
||||
$isWali = $d['role'] === 'walikota' ? 1 : 0;
|
||||
$fields[] = 'is_admin=?'; $params[] = $isAdmin;
|
||||
$fields[] = 'is_wali=?'; $params[] = $isWali; }
|
||||
if (isset($d['can_edit'])) { $fields[] = 'can_edit=?'; $params[] = $d['can_edit'] ? 1 : 0; }
|
||||
if (isset($d['aktif'])) { $fields[] = 'aktif=?'; $params[] = $d['aktif'] ? 1 : 0; }
|
||||
if (isset($d['password']) && strlen($d['password']) >= 6) {
|
||||
$fields[] = 'password=?';
|
||||
$params[] = password_hash($d['password'], PASSWORD_BCRYPT);
|
||||
}
|
||||
|
||||
if (empty($fields)) jsonError('Tidak ada data yang diubah.');
|
||||
|
||||
$params[] = $id;
|
||||
$db->prepare("UPDATE users SET " . implode(', ', $fields) . " WHERE id=?")->execute($params);
|
||||
jsonOk(null, 'Data pengguna berhasil diperbarui');
|
||||
}
|
||||
|
||||
// ── POST: tambah pengguna baru ──────────────────────────────
|
||||
if ($method === 'POST') {
|
||||
$user = requireAuth();
|
||||
if (!$user['is_admin']) jsonError('Hanya admin yang dapat menambah pengguna.', 403);
|
||||
$d = body();
|
||||
if (empty($d['username'])) jsonError('Username wajib diisi.');
|
||||
if (empty($d['password']) || strlen($d['password']) < 6) jsonError('Password minimal 6 karakter.');
|
||||
|
||||
// Cek username sudah ada
|
||||
$chk = $db->prepare("SELECT id FROM users WHERE username=?");
|
||||
$chk->execute([$d['username']]);
|
||||
if ($chk->fetch()) jsonError('Username sudah digunakan.');
|
||||
|
||||
$role = $d['role'] ?? 'viewer';
|
||||
$isAdmin = $role === 'admin' ? 1 : 0;
|
||||
$isWali = $role === 'walikota' ? 1 : 0;
|
||||
$canEdit = in_array($role, ['admin', 'petugas']) ? 1 : 0;
|
||||
if (isset($d['can_edit'])) $canEdit = $d['can_edit'] ? 1 : 0;
|
||||
|
||||
$stmt = $db->prepare(
|
||||
"INSERT INTO users (username, password, role, jabatan, can_edit, is_admin, is_wali, aktif)
|
||||
VALUES (?,?,?,?,?,?,?,1)"
|
||||
);
|
||||
$stmt->execute([
|
||||
$d['username'],
|
||||
password_hash($d['password'], PASSWORD_BCRYPT),
|
||||
$role,
|
||||
$d['jabatan'] ?? '',
|
||||
$canEdit,
|
||||
$isAdmin,
|
||||
$isWali,
|
||||
]);
|
||||
jsonOk(['id' => $db->lastInsertId()], 'Pengguna berhasil ditambahkan');
|
||||
}
|
||||
|
||||
// ── DELETE: nonaktifkan pengguna ────────────────────────────
|
||||
if ($method === 'DELETE') {
|
||||
$user = requireAuth();
|
||||
if (!$user['is_admin']) jsonError('Hanya admin yang dapat menghapus pengguna.', 403);
|
||||
$id = getParam('id');
|
||||
if (!$id) jsonError('ID wajib disertakan.');
|
||||
// Jangan hapus diri sendiri
|
||||
if ($id == $user['id']) jsonError('Tidak dapat menghapus akun sendiri.');
|
||||
$db->prepare("DELETE FROM users WHERE id=?")->execute([$id]);
|
||||
jsonOk(null, 'Pengguna berhasil dihapus');
|
||||
}
|
||||
|
||||
jsonError('Method tidak valid', 405);
|
||||
Reference in New Issue
Block a user