Hello all,
Currently planning my app layout. In this application, front-end guest users will be able to register for events. They will be able to Create, Read, and Update registration records, but not delete them. Similarly, they will be able to Read event records, but not update or delete them.
These functions will be controlled via an admin area that I plan on creating as a separate module for the sake of separation as this seems like a good idea from a design perspective.
Would it make more sense to limit the Models in the parent application (which the guest users will utilize) to only those database functions which they will have access to execute and only expose Create and Delete within the Model of the Admin module? That seems logical, but I wasn’t sure if that would be better or just using a single model in the main app and doing a permissions check on Create and Delete as appropriate.
The admin user will only be a single user account and all other actions within the front-end applications will be completed via non-authenticated guest users.
I may be over-complicating the design in this scenario by making the admin area a separate module, but the separation seemed like a good idea when I was initially planning the layout.
