'success', 'message' => $message, 'data' => $data]); exit(); } function sendError($message = 'Error', $code = 400) { http_response_code($code); echo json_encode(['status' => 'error', 'message' => $message]); exit(); } startAppSession(); $pdo = Database::getConnection(); $method = $_SERVER['REQUEST_METHOD']; switch ($method) { case 'GET': requireApiLogin(); try { $userId = $_SESSION['user_id'] ?? null; $role = $_SESSION['role'] ?? 'user'; if ($role === 'admin') { $stmt = $pdo->query( "SELECT lw.id, lw.user_id, u.username, lw.kategori, lw.deskripsi, lw.status, lw.created_at, ST_AsGeoJSON(lw.geometry) AS geojson FROM laporan_warga lw JOIN users u ON u.id = lw.user_id ORDER BY lw.created_at DESC" ); } else { $stmt = $pdo->prepare( "SELECT id, user_id, kategori, deskripsi, status, created_at, ST_AsGeoJSON(geometry) AS geojson FROM laporan_warga WHERE user_id = :uid ORDER BY created_at DESC" ); $stmt->execute([':uid' => $userId]); } $rows = $stmt->fetchAll(); foreach ($rows as &$r) { $r['geojson'] = json_decode($r['geojson']); } sendSuccess($rows, 'Data Laporan berhasil diambil'); } catch (PDOException $e) { sendError('Gagal mengambil laporan: ' . $e->getMessage(), 500); } break; case 'POST': requireApiLogin(); $input = json_decode(file_get_contents('php://input'), true); if (!isset($input['kategori']) || !isset($input['deskripsi']) || !isset($input['geometry'])) { sendError('Kategori, deskripsi, dan geometri wajib diisi'); } $userId = $_SESSION['user_id']; try { $stmt = $pdo->prepare( "INSERT INTO laporan_warga (user_id, kategori, deskripsi, geometry) VALUES (:user_id, :kategori, :deskripsi, ST_GeomFromGeoJSON(:geometry))" ); $stmt->execute([ ':user_id' => $userId, ':kategori' => $input['kategori'], ':deskripsi'=> $input['deskripsi'], ':geometry' => json_encode($input['geometry']), ]); sendSuccess(['id' => $pdo->lastInsertId()], 'Laporan berhasil dikirim', 201); } catch (PDOException $e) { sendError('Gagal menyimpan laporan: ' . $e->getMessage(), 500); } break; case 'PUT': requireApiRole('admin'); $input = json_decode(file_get_contents('php://input'), true); $id = $_GET['id'] ?? null; if (!$id || !isset($input['status'])) sendError('ID dan status wajib disertakan'); $allowed = ['menunggu', 'diproses', 'selesai', 'ditolak']; if (!in_array($input['status'], $allowed)) sendError('Status tidak valid'); try { $stmt = $pdo->prepare("UPDATE laporan_warga SET status = :status WHERE id = :id"); $stmt->execute([':status' => $input['status'], ':id' => $id]); sendSuccess(null, 'Status laporan berhasil diperbarui'); } catch (PDOException $e) { sendError('Gagal memperbarui laporan: ' . $e->getMessage(), 500); } break; case 'DELETE': requireApiRole('admin'); $id = $_GET['id'] ?? null; if (!$id) sendError('ID laporan wajib disertakan'); try { $stmt = $pdo->prepare("DELETE FROM laporan_warga WHERE id = :id"); $stmt->execute([':id' => $id]); sendSuccess(null, 'Laporan berhasil dihapus'); } catch (PDOException $e) { sendError('Gagal menghapus laporan: ' . $e->getMessage(), 500); } break; default: sendError('Method not allowed', 405); }