Files
D1041231071_UAS-Tugas_WebGI…/webgis_app/endpoints/api_laporan.php
T
2026-06-12 22:46:13 +07:00

118 lines
4.4 KiB
PHP

<?php
/**
* api_laporan.php
* Endpoint: CRUD untuk Laporan Warga.
*/
require_once __DIR__ . '/../core_config/database.php';
require_once __DIR__ . '/../core_config/middleware_auth.php';
require_once __DIR__ . '/../core_config/session_mgr.php';
header('Content-Type: application/json; charset=utf-8');
function sendSuccess($data = null, $message = 'Success', $code = 200) {
http_response_code($code);
echo json_encode(['status' => 'success', 'message' => $message, 'data' => $data]);
exit();
}
function sendError($message = 'Error', $code = 400) {
http_response_code($code);
echo json_encode(['status' => 'error', 'message' => $message]);
exit();
}
startAppSession();
$pdo = Database::getConnection();
$method = $_SERVER['REQUEST_METHOD'];
switch ($method) {
case 'GET':
requireApiLogin();
try {
$userId = $_SESSION['user_id'] ?? null;
$role = $_SESSION['role'] ?? 'user';
if ($role === 'admin') {
$stmt = $pdo->query(
"SELECT lw.id, lw.user_id, u.username, lw.kategori, lw.deskripsi,
lw.status, lw.created_at, ST_AsGeoJSON(lw.geometry) AS geojson
FROM laporan_warga lw
JOIN users u ON u.id = lw.user_id
ORDER BY lw.created_at DESC"
);
} else {
$stmt = $pdo->prepare(
"SELECT id, user_id, kategori, deskripsi, status, created_at,
ST_AsGeoJSON(geometry) AS geojson
FROM laporan_warga WHERE user_id = :uid ORDER BY created_at DESC"
);
$stmt->execute([':uid' => $userId]);
}
$rows = $stmt->fetchAll();
foreach ($rows as &$r) {
$r['geojson'] = json_decode($r['geojson']);
}
sendSuccess($rows, 'Data Laporan berhasil diambil');
} catch (PDOException $e) {
sendError('Gagal mengambil laporan: ' . $e->getMessage(), 500);
}
break;
case 'POST':
requireApiLogin();
$input = json_decode(file_get_contents('php://input'), true);
if (!isset($input['kategori']) || !isset($input['deskripsi']) || !isset($input['geometry'])) {
sendError('Kategori, deskripsi, dan geometri wajib diisi');
}
$userId = $_SESSION['user_id'];
try {
$stmt = $pdo->prepare(
"INSERT INTO laporan_warga (user_id, kategori, deskripsi, geometry)
VALUES (:user_id, :kategori, :deskripsi, ST_GeomFromGeoJSON(:geometry))"
);
$stmt->execute([
':user_id' => $userId,
':kategori' => $input['kategori'],
':deskripsi'=> $input['deskripsi'],
':geometry' => json_encode($input['geometry']),
]);
sendSuccess(['id' => $pdo->lastInsertId()], 'Laporan berhasil dikirim', 201);
} catch (PDOException $e) {
sendError('Gagal menyimpan laporan: ' . $e->getMessage(), 500);
}
break;
case 'PUT':
requireApiRole('admin');
$input = json_decode(file_get_contents('php://input'), true);
$id = $_GET['id'] ?? null;
if (!$id || !isset($input['status'])) sendError('ID dan status wajib disertakan');
$allowed = ['menunggu', 'diproses', 'selesai', 'ditolak'];
if (!in_array($input['status'], $allowed)) sendError('Status tidak valid');
try {
$stmt = $pdo->prepare("UPDATE laporan_warga SET status = :status WHERE id = :id");
$stmt->execute([':status' => $input['status'], ':id' => $id]);
sendSuccess(null, 'Status laporan berhasil diperbarui');
} catch (PDOException $e) {
sendError('Gagal memperbarui laporan: ' . $e->getMessage(), 500);
}
break;
case 'DELETE':
requireApiRole('admin');
$id = $_GET['id'] ?? null;
if (!$id) sendError('ID laporan wajib disertakan');
try {
$stmt = $pdo->prepare("DELETE FROM laporan_warga WHERE id = :id");
$stmt->execute([':id' => $id]);
sendSuccess(null, 'Laporan berhasil dihapus');
} catch (PDOException $e) {
sendError('Gagal menghapus laporan: ' . $e->getMessage(), 500);
}
break;
default:
sendError('Method not allowed', 405);
}