Design Question, Where To Expose Create And Delete Crud Functions

Hello all,

Currently planning my app layout. In this application, front-end guest users will be able to register for events. They will be able to Create, Read, and Update registration records, but not delete them. Similarly, they will be able to Read event records, but not update or delete them.

These functions will be controlled via an admin area that I plan on creating as a separate module for the sake of separation as this seems like a good idea from a design perspective.

Would it make more sense to limit the Models in the parent application (which the guest users will utilize) to only those database functions which they will have access to execute and only expose Create and Delete within the Model of the Admin module? That seems logical, but I wasn’t sure if that would be better or just using a single model in the main app and doing a permissions check on Create and Delete as appropriate.

The admin user will only be a single user account and all other actions within the front-end applications will be completed via non-authenticated guest users.

I may be over-complicating the design in this scenario by making the admin area a separate module, but the separation seemed like a good idea when I was initially planning the layout.

see rights extension and auth guide

:D

Thank you, yiqing. I appreciate your assistance. I’ve already reviewed the auth guide and the rights extension. The extension seems like overkill for my intended needs. I’m only going to have two classes of users - an unauthenticated guest and a single “admin” account. I am impressed by the rights extension though and I may still implement it in this project.

So, you would create all CRUD functions the individual models (instead of separate models in the main app and the admin module) then simply control access to them via an auth mechanism? I think that’s what I’ll do.

Yes, just create models one time. Using admin module is a good idea too, having admin controllers and views in it. Then, as you have a simple case, you may just use Access Control Filter to authorize access.