Documentation

AdminMiddleware implements MiddlewareInterface

Middleware that requires admin role authorization.

This middleware first checks authentication (like AuthMiddleware), then verifies the user has the admin role.

Use this for admin-only routes like database wizard, settings, etc.

Tags
category

Lwt

author

HugoFara hugo.farajallah@protonmail.com

license

Unlicense http://unlicense.org/

link
https://hugofara.github.io/lwt/docs/php/
since
3.0.0

Table of Contents

Interfaces

MiddlewareInterface
Interface for route middleware.

Properties

$userFacade  : UserFacade
User facade instance.

Methods

__construct()  : mixed
Create a new AdminMiddleware.
handle()  : bool
Handle the incoming request.
extractBearerToken()  : string|null
Extract Bearer token from Authorization header.
getCurrentUser()  : User|null
Get the current authenticated user.
handleUnauthenticated()  : void
Handle unauthenticated request.
handleUnauthorized()  : void
Handle unauthorized request (authenticated but not admin).
isApiRequest()  : bool
Check if the request is an API request.

Properties

Methods

__construct()

Create a new AdminMiddleware.

public __construct([UserFacade|null $userFacade = null ]) : mixed
Parameters
$userFacade : UserFacade|null = null

Optional user facade instance

Tags
psalm-suppress

PossiblyUnusedMethod - Public API for middleware instantiation

handle()

Handle the incoming request.

public handle() : bool

Checks for valid authentication and admin role. On failure:

  • For API requests: returns 403 JSON response
  • For web requests: redirects to home with error
Return values
bool

True if authorized, false if halted

extractBearerToken()

Extract Bearer token from Authorization header.

private extractBearerToken() : string|null
Return values
string|null

The token or null if not present

getCurrentUser()

Get the current authenticated user.

private getCurrentUser() : User|null
Return values
User|null

The current user or null if not authenticated

handleUnauthenticated()

Handle unauthenticated request.

private handleUnauthenticated() : void

handleUnauthorized()

Handle unauthorized request (authenticated but not admin).

private handleUnauthorized() : void

isApiRequest()

Check if the request is an API request.

private isApiRequest() : bool
Return values
bool

True if this is an API request


        
On this page

Search results