Documentation

AdminMiddleware
in package
implements MiddlewareInterface

Middleware that requires admin role authorization.

This middleware first checks authentication (like AuthMiddleware), then verifies the user has the admin role.

Use this for admin-only routes like database wizard, settings, etc.

Tags
category

Lwt

author

HugoFara hugo.farajallah@protonmail.com

license

Unlicense http://unlicense.org/

link
https://hugofara.github.io/lwt/docs/php/
since
3.0.0

Table of Contents

Interfaces

MiddlewareInterface
Interface for route middleware.

Properties

$userFacade  : UserFacade
User facade instance.

Methods

__construct()  : mixed
Create a new AdminMiddleware.
handle()  : bool
Handle the incoming request.
extractBearerToken()  : string|null
Extract Bearer token from Authorization header.
getCurrentUser()  : User|null
Get the current authenticated user.
handleUnauthenticated()  : void
Handle unauthenticated request.
handleUnauthorized()  : void
Handle unauthorized request (authenticated but not admin).
isApiRequest()  : bool
Check if the request is an API request.

Properties

Methods

__construct()

Create a new AdminMiddleware.

public __construct([UserFacade|null $userFacade = null ]) : mixed
Parameters
$userFacade : UserFacade|null = null

Optional user facade instance

Tags
psalm-suppress

PossiblyUnusedMethod - Public API for middleware instantiation

handle()

Handle the incoming request.

public handle() : bool

Checks for valid authentication and admin role. On failure:

  • For API requests: returns 403 JSON response
  • For web requests: redirects to home with error
Return values
bool

True if authorized, false if halted

extractBearerToken()

Extract Bearer token from Authorization header.

private extractBearerToken() : string|null
Return values
string|null

The token or null if not present

getCurrentUser()

Get the current authenticated user.

private getCurrentUser() : User|null
Return values
User|null

The current user or null if not authenticated

handleUnauthenticated()

Handle unauthenticated request.

private handleUnauthenticated() : void

handleUnauthorized()

Handle unauthorized request (authenticated but not admin).

private handleUnauthorized() : void

isApiRequest()

Check if the request is an API request.

private isApiRequest() : bool
Return values
bool

True if this is an API request


        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results