33 lines
784 B
PHP
33 lines
784 B
PHP
<?php
|
|
/**
|
|
* Admin-only API endpoint example
|
|
*
|
|
* This endpoint demonstrates how to protect an API route for admin users only
|
|
* using our simplified authentication approach.
|
|
*/
|
|
|
|
require_once('../Models/User.php');
|
|
|
|
// Set content type to JSON
|
|
header('Content-Type: application/json');
|
|
|
|
// Check if user is an admin
|
|
$auth = User::checkAdmin();
|
|
if (!$auth) {
|
|
// The checkAdmin method already sent the error response
|
|
exit;
|
|
}
|
|
|
|
// User is an admin, proceed with the admin-only logic
|
|
$response = [
|
|
'status' => 'success',
|
|
'message' => 'You have access to this admin-only endpoint',
|
|
'user' => [
|
|
'id' => $auth['uid'],
|
|
'username' => $auth['username'],
|
|
'accessLevel' => $auth['accessLevel']
|
|
]
|
|
];
|
|
|
|
// Send response
|
|
echo json_encode($response);
|