Best Practices for an Admin Section

Hi, everyone.

This is really more of an MVC question than specifically a Yii question, but I’m using Yii, now, and you all seem like pretty smart people for having chosen it, too ;) , so I thought I’d ask the group.

I’m working on a site for a shopping center that, like many others, includes features for authenticated users to make changes to the site content. For example, they might want to add a new store (store name, address, phone number, etc) or to update an existing one. Users who are not logged in will be able to browse the list of stores.

That’s pretty common stuff, and I’ve made sites like this before, though not with Yii. Mainly, I’m wondering if anyone would advise using a module - call it “admin” - in which to keep all of the admin stuff while leaving the public side of the site outside of the module. In other words, I would have the standard directory structure for Yii and would include a modules directory. Assuming the model for my stores is called Store, the “models” directory would have Store model, there would be a “store” directory under views, and there would also be a “StoreController” in the controllers dir. This would be for the public side. Users who visited the site would be seeing the view located in the typical places.

Inside “modules”, however, there would be an “admin” directory that would have a similar directory structure, and the filenames would look almost identical. The difference would be that the controllers and views would all be designed exclusively for administering the site’s data. A user who has logged into the admin side of the site would be seeing views for Store, but they would be coming from modules/admin/views, not the regular views directory for the application. Likewise, the StoreController for the admin would be in modules/admin/controllers and written to handle requests to make changes to data.

Has anyone done this before? Does it make sense to separate things like this? I’m not sure how the model would be treated, since it could easily be shared between them. My understanding is that modules expect to have their own models. I don’t see a point in duplicating them, however, and I don’t know what the workaround might be. It seems like a good idea to keep the admin views and controllers away from the public views and controllers, however, as they are almost like two separate sites.

Thanks in advance!


Hi Holly,

Here is my simple rule:

If (module can ONLY be seen by admins)

- include in the backend module


- include in the frontend module (or create a different module outside the backend)

I just do the checking of access rights to ensure that public users will not be able to do things only admins are allowed to do. Admins can see both backend and non-backend modules, whereas other users can only see and access non-backend modules. So if your Store module can be seen by admins and public users, it will be put outside the backend module.

I’m not sure if this is the standard practice either, but this is how I do it. Just sharing :)

I’m also open to suggestions if in any case I am putting my projects at risk or something in this way (though I have not received any complains about being hacked or something malicious happened). I’m just about to read something about whitehacking, so I’m not that good in finding loopholes yet. But I trust Yii to be secured enough and its developers to be smart enough. :)