/** * Allows access only to logged users that have a level equal to or less than provided role. If permission is not granted, it will send a JSON error object. * <p><b>Note that while it's doing all login/auth/redirection work automatically, you still have to create the corresponding user table in your database in addition to provide the login module into orion's module directory.</b></p> * @see OrionAuth * MainConfig * LoginModule * @param string $slug the role identifier (ie: 'administrator', 'member', etc.). See your configuration file for a liste of roles and their permission level. */ public function allow($slug) { try { if (!Core\Auth::login(true)) { $this->sendError(self::E_LOGIN_DISALLOW); } if (!Core\Auth::allow($slug)) { // this exception prevents any redirection defect or hack $this->sendError(self::E_LOGIN_DISALLOW); } } catch (Core\Exception $e) { throw $e; } }