make_sure_allowed()

public function make_sure_allowed(): ?string

Description

Ensures the current request is from an authenticated admin user (user level 1). Blocks direct URL access to this method for security.

In development mode, automatically logs in as the first active user if no valid token exists (convenience for development).

In production mode, redirects to the login page if no valid token is found.

For MX (Trongate MX) requests, returns HTTP 200 with the token or HTTP 401 on failure, then terminates.

Parameters

This method accepts no parameters.

Return Value

Type	Description
string\|null	The authentication token string if access is granted, or null if redirected/terminated.

Example Usage

PHP

<?php
// Protect any admin controller method
public function manage() {
    $this->trongate_security->make_sure_allowed();
    // ... render admin page
}

// Get the token for further processing
$token = $this->trongate_administrators->make_sure_allowed();
$user_obj = $this->model->get_user_by_token($token);

// Call from another module's controller
class Products extends Trongate {
    public function admin_panel() {
        $this->trongate_administrators->make_sure_allowed();
        // ... admin-only code
    }
}

// Note: In production, an invalid/expired token redirects to login
// In dev mode, auto-login occurs for convenience
// MX requests receive a 200/401 status code response