Files
D1041231071_UAS-Tugas_WebGI…/webgis_app/endpoints/api_ulasan.php
T
2026-06-12 22:46:13 +07:00

101 lines
3.9 KiB
PHP

<?php
/**
* api_ulasan.php
* Endpoint: CRUD untuk Ulasan Fasilitas (SPBU / Rumah Ibadah).
*/
require_once __DIR__ . '/../core_config/database.php';
require_once __DIR__ . '/../core_config/middleware_auth.php';
require_once __DIR__ . '/../core_config/session_mgr.php';
header('Content-Type: application/json; charset=utf-8');
function sendSuccess($data = null, $message = 'Success', $code = 200) {
http_response_code($code);
echo json_encode(['status' => 'success', 'message' => $message, 'data' => $data]);
exit();
}
function sendError($message = 'Error', $code = 400) {
http_response_code($code);
echo json_encode(['status' => 'error', 'message' => $message]);
exit();
}
startAppSession();
$pdo = Database::getConnection();
$method = $_SERVER['REQUEST_METHOD'];
switch ($method) {
case 'GET':
$tipe = $_GET['tipe'] ?? null;
$fid = $_GET['fasilitas_id'] ?? null;
try {
if ($tipe && $fid) {
$stmt = $pdo->prepare(
"SELECT uf.id, uf.user_id, u.username, uf.fasilitas_tipe,
uf.fasilitas_id, uf.rating, uf.komentar, uf.created_at
FROM ulasan_fasilitas uf
JOIN users u ON u.id = uf.user_id
WHERE uf.fasilitas_tipe = :tipe AND uf.fasilitas_id = :fid
ORDER BY uf.created_at DESC"
);
$stmt->execute([':tipe' => $tipe, ':fid' => $fid]);
} else {
$stmt = $pdo->query(
"SELECT uf.id, uf.user_id, u.username, uf.fasilitas_tipe,
uf.fasilitas_id, uf.rating, uf.komentar, uf.created_at
FROM ulasan_fasilitas uf
JOIN users u ON u.id = uf.user_id
ORDER BY uf.created_at DESC"
);
}
sendSuccess($stmt->fetchAll(), 'Data Ulasan berhasil diambil');
} catch (PDOException $e) {
sendError('Gagal mengambil ulasan: ' . $e->getMessage(), 500);
}
break;
case 'POST':
requireApiLogin();
$input = json_decode(file_get_contents('php://input'), true);
if (!isset($input['fasilitas_tipe'], $input['fasilitas_id'], $input['rating'])) {
sendError('fasilitas_tipe, fasilitas_id, dan rating wajib diisi');
}
$allowed = ['spbu', 'rumah_ibadah'];
if (!in_array($input['fasilitas_tipe'], $allowed)) sendError('fasilitas_tipe tidak valid');
if ($input['rating'] < 1 || $input['rating'] > 5) sendError('Rating harus antara 1-5');
try {
$stmt = $pdo->prepare(
"INSERT INTO ulasan_fasilitas (user_id, fasilitas_tipe, fasilitas_id, rating, komentar)
VALUES (:user_id, :fasilitas_tipe, :fasilitas_id, :rating, :komentar)"
);
$stmt->execute([
':user_id' => $_SESSION['user_id'],
':fasilitas_tipe'=> $input['fasilitas_tipe'],
':fasilitas_id' => $input['fasilitas_id'],
':rating' => $input['rating'],
':komentar' => $input['komentar'] ?? null,
]);
sendSuccess(['id' => $pdo->lastInsertId()], 'Ulasan berhasil disimpan', 201);
} catch (PDOException $e) {
sendError('Gagal menyimpan ulasan: ' . $e->getMessage(), 500);
}
break;
case 'DELETE':
requireApiRole('admin');
$id = $_GET['id'] ?? null;
if (!$id) sendError('ID ulasan wajib disertakan');
try {
$stmt = $pdo->prepare("DELETE FROM ulasan_fasilitas WHERE id = :id");
$stmt->execute([':id' => $id]);
sendSuccess(null, 'Ulasan berhasil dihapus');
} catch (PDOException $e) {
sendError('Gagal menghapus ulasan: ' . $e->getMessage(), 500);
}
break;
default:
sendError('Method not allowed', 405);
}