user->isAdmin(); } public function postActionCreate(Request $request, Response $response): stdClass { throw new Forbidden(); } public function putActionUpdate(Request $request, Response $response): stdClass { throw new Forbidden(); } }