104 lines
4.3 KiB
PHP
104 lines
4.3 KiB
PHP
<?php
|
|
// ============================================================
|
|
// api/users.php — Manajemen Pengguna (Admin only)
|
|
// GET — list semua pengguna
|
|
// PUT ?id= — update jabatan, role, can_edit, aktif
|
|
// POST — tambah pengguna baru
|
|
// ============================================================
|
|
require_once __DIR__ . '/config.php';
|
|
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
$db = getDB();
|
|
|
|
// ── GET: list semua pengguna ────────────────────────────────
|
|
if ($method === 'GET') {
|
|
requireAuth();
|
|
$rows = $db->query(
|
|
"SELECT id, username, role, jabatan, can_edit, is_admin, is_wali, aktif, created_at
|
|
FROM users ORDER BY id"
|
|
)->fetchAll();
|
|
// Hapus password dari hasil
|
|
jsonOk($rows);
|
|
}
|
|
|
|
// ── PUT: update data pengguna ───────────────────────────────
|
|
if ($method === 'PUT') {
|
|
$user = requireAuth();
|
|
if (!$user['is_admin']) jsonError('Hanya admin yang dapat mengubah data pengguna.', 403);
|
|
$id = getParam('id');
|
|
if (!$id) jsonError('ID wajib disertakan.');
|
|
$d = body();
|
|
|
|
$fields = [];
|
|
$params = [];
|
|
|
|
if (isset($d['jabatan'])) { $fields[] = 'jabatan=?'; $params[] = $d['jabatan']; }
|
|
if (isset($d['role'])) { $fields[] = 'role=?'; $params[] = $d['role'];
|
|
$params_extra = [];
|
|
$isAdmin = $d['role'] === 'admin' ? 1 : 0;
|
|
$isWali = $d['role'] === 'walikota' ? 1 : 0;
|
|
$fields[] = 'is_admin=?'; $params[] = $isAdmin;
|
|
$fields[] = 'is_wali=?'; $params[] = $isWali; }
|
|
if (isset($d['can_edit'])) { $fields[] = 'can_edit=?'; $params[] = $d['can_edit'] ? 1 : 0; }
|
|
if (isset($d['aktif'])) { $fields[] = 'aktif=?'; $params[] = $d['aktif'] ? 1 : 0; }
|
|
if (isset($d['password']) && strlen($d['password']) >= 6) {
|
|
$fields[] = 'password=?';
|
|
$params[] = password_hash($d['password'], PASSWORD_BCRYPT);
|
|
}
|
|
|
|
if (empty($fields)) jsonError('Tidak ada data yang diubah.');
|
|
|
|
$params[] = $id;
|
|
$db->prepare("UPDATE users SET " . implode(', ', $fields) . " WHERE id=?")->execute($params);
|
|
jsonOk(null, 'Data pengguna berhasil diperbarui');
|
|
}
|
|
|
|
// ── POST: tambah pengguna baru ──────────────────────────────
|
|
if ($method === 'POST') {
|
|
$user = requireAuth();
|
|
if (!$user['is_admin']) jsonError('Hanya admin yang dapat menambah pengguna.', 403);
|
|
$d = body();
|
|
if (empty($d['username'])) jsonError('Username wajib diisi.');
|
|
if (empty($d['password']) || strlen($d['password']) < 6) jsonError('Password minimal 6 karakter.');
|
|
|
|
// Cek username sudah ada
|
|
$chk = $db->prepare("SELECT id FROM users WHERE username=?");
|
|
$chk->execute([$d['username']]);
|
|
if ($chk->fetch()) jsonError('Username sudah digunakan.');
|
|
|
|
$role = $d['role'] ?? 'viewer';
|
|
$isAdmin = $role === 'admin' ? 1 : 0;
|
|
$isWali = $role === 'walikota' ? 1 : 0;
|
|
$canEdit = in_array($role, ['admin', 'petugas']) ? 1 : 0;
|
|
if (isset($d['can_edit'])) $canEdit = $d['can_edit'] ? 1 : 0;
|
|
|
|
$stmt = $db->prepare(
|
|
"INSERT INTO users (username, password, role, jabatan, can_edit, is_admin, is_wali, aktif)
|
|
VALUES (?,?,?,?,?,?,?,1)"
|
|
);
|
|
$stmt->execute([
|
|
$d['username'],
|
|
password_hash($d['password'], PASSWORD_BCRYPT),
|
|
$role,
|
|
$d['jabatan'] ?? '',
|
|
$canEdit,
|
|
$isAdmin,
|
|
$isWali,
|
|
]);
|
|
jsonOk(['id' => $db->lastInsertId()], 'Pengguna berhasil ditambahkan');
|
|
}
|
|
|
|
// ── DELETE: nonaktifkan pengguna ────────────────────────────
|
|
if ($method === 'DELETE') {
|
|
$user = requireAuth();
|
|
if (!$user['is_admin']) jsonError('Hanya admin yang dapat menghapus pengguna.', 403);
|
|
$id = getParam('id');
|
|
if (!$id) jsonError('ID wajib disertakan.');
|
|
// Jangan hapus diri sendiri
|
|
if ($id == $user['id']) jsonError('Tidak dapat menghapus akun sendiri.');
|
|
$db->prepare("DELETE FROM users WHERE id=?")->execute([$id]);
|
|
jsonOk(null, 'Pengguna berhasil dihapus');
|
|
}
|
|
|
|
jsonError('Method tidak valid', 405);
|