Do I need an admin module?

My site is a software-as-service program and has a few layers:

Public: Only the default site controller will be public. I will have some product & pricing information, contact, etc here.

Users(staff): Need to login and perform assigned tasks.

Admin(managers): Unlike typical admin areas this area is for the managers of the user to assign tasks and setup the program for their needs. It is not for me as the owner of the site.

Superadmin(me): Manage clients. I was actually not planning on building a web interface for superadmin / owner duties. For the most part, setting up a new client consists of doing some database stuff that is easily done outside of the web application itself. I may wish to implement this later on.

A few approaches I’ve considered:

  1. Everything in one folder, using AccessControl rules in every controller.

  2. Admin module - this is appealing because 99% of manager (admin) function is separate from staff (user) function. Admin stuff would be here, and ‘user’ stuff would be in the root application.

Question -

If I go with admin module, how can I use the same login form for admins and regular users? For simplicity I’d like to keep them the same.


Hello dniznick, you need to control the users (‘super admin’, ‘admin’ & ‘users’) from the controller where login checking is performed. Since every users has it’s one particular status so you need to control from it.

I’d suggest you to create an admin module.

That will be very confortable for security, as you can forbid the whole module to non-admin user with a check in the module class.