added isadmin middleware. TODO: get all admin urls in middleware class

app/Middlewares/IsAdminMiddleware.php

@@ -9,6 +9,7 @@ class IsAdminMiddleware
 {
     public function handle(Request $request)
     {
+        // Перенаправляет на главную страницу, если не админ пытается выполнить админское действие
         $isAdmin = Auth::isAdmin();
         $urlsForAdmin = [
             '/createNewUser',
@@ -18,7 +19,7 @@ class IsAdminMiddleware
             '/deleteState',
             '/deleteDivision'
         ];
-        $url = $_SERVER['REQUEST_URI'];
+        $url = $request->url;
 
         if (in_array($url, $urlsForAdmin)) {
             if (!$isAdmin) {

config/app.php

@@ -7,6 +7,6 @@ return [
    //Классы для middleware
    'routeMiddleware' => [
        'auth' => \Middlewares\AuthMiddleware::class,
-       'admin' => \Middlewares\IsAdminMiddleware::class,
+       'isadmin' => \Middlewares\IsAdminMiddleware::class,
    ]
 ];

core/Src/Auth/Auth.php

@@ -44,8 +44,8 @@ class Auth
 
     public static function isAdmin(): bool {
         $id = Session::get('id') ?? 0;
-        $user = self::$user->findIdentity($id);
-        return $user->role === 'admin';
+        $currentUser = self::$user->findIdentity($id);
+        return $currentUser->role === 'admin';
     }
 
     //Проверка является ли текущий пользователь аутентифицированным

core/Src/Request.php

@@ -10,11 +10,13 @@ class Request
     public string $method;
     public array $headers;
     public array $post;
+    public string $url;
 
     public function __construct()
     {
         $this->body = $_REQUEST;
         $this->method = $_SERVER['REQUEST_METHOD'];
+        $this->url = $_SERVER['REQUEST_URI'];
         $this->headers = getallheaders() ?? [];
         $this->post = $_POST;
     }

routes/web.php

@@ -17,9 +17,21 @@ Route::add(["GET", "POST"], '/getDivisionStaff', [Controller\Site::class, 'getDi
 Route::add(["GET", "POST"], '/getStateStaff', [Controller\Site::class, 'getStateStaff']);
 
 // Admin actions
-Route::add(['GET', 'POST'], '/createNewUser', [Controller\Site::class, 'createNewUser']);
-Route::add(['GET', 'POST'], '/createNewState', [Site::class, 'createnewState']);
-Route::add(['GET', 'POST'], '/createNewDivision', [Site::class, 'createNewDivision']);
-Route::add(['GET', 'POST'], '/deleteUser', [Site::class, 'deleteUser']);
-Route::add(['GET', 'POST'], '/deleteState', [Site::class, 'deleteState']);
-Route::add(['GET', 'POST'], '/deleteDivision', [Site::class, 'deleteDivision']);
+Route::add(['GET', 'POST'], '/createNewUser', [Controller\Site::class, 'createNewUser'])
+    ->middleware('isadmin')
+    ->setPrefix('admin');
+Route::add(['GET', 'POST'], '/createNewState', [Site::class, 'createnewState'])
+    ->middleware('isadmin')
+    ->setPrefix('admin');
+Route::add(['GET', 'POST'], '/createNewDivision', [Site::class, 'createNewDivision'])
+    ->middleware('isadmin')
+    ->setPrefix('admin');
+Route::add(['GET', 'POST'], '/deleteUser', [Site::class, 'deleteUser'])
+    ->middleware('isadmin')
+    ->setPrefix('admin');
+Route::add(['GET', 'POST'], '/deleteState', [Site::class, 'deleteState'])
+    ->middleware('isadmin')
+    ->setPrefix('admin');
+Route::add(['GET', 'POST'], '/deleteDivision', [Site::class, 'deleteDivision'])
+    ->middleware('isadmin')
+    ->setPrefix('admin');