admin module is the best method. Although all routes are mixed up with front ones.
admin module is the best method. Although all routes are mixed up with front ones.
Thanks… Jonah for provide admin directory structure…
How do you create URLs with frontend urlManager rules in backend controllers?
It’s a while since anyone has come up with other methods of separating Admin from Public functions so here’s my two pennies worth …
I’ve just started using a method based on using the URLManager and I find it gives a complete logical separation but with a physical integration, ie: ALL your files remain in one application space.
We start with a structure like this:-
frontend
index.php
assets/
themes/
protected/
config/
frontend.php
backend.php
components/
controllers/
models/
views/
backend/
index.php
assets/
themes/
And then we use the URL manager to block access to admin functions in the frontend.
'urlManager'=>array(
'urlFormat'=>'path',
'showScriptName' => false,
'rules'=>array(
''=>'post/view',
'<model:.*?>/<action:.*?>'=>'site/error',
'...'
)
),
And then I also quite like to obscure the admin functions in the backend using something like this …
(ps: I know that security through obscurity is not a solution on its own, but it doesn’t hurt as an extra layer) .
'mySecretAdmin/<model:.*?>'=>'<model>/admin',
'<model:.*?>/admin'=>'site/error'
As a subnote, if my frontend is relatively simple, I use specific rules in the URL manager and exclude anything else, for example; in a blog environment the only actions allowable in the frontend have to do with displaying posts and categories, plus maybe one or two other functions …
'search'=>'post/search',
'posts/<tag:.*?>'=>'post/index',
'enquiries'=>'site/enquiry',
...
// Lastly, anything else can go to the post controller view action and let it try and sort it out ....
'post/<action:\w+><id:\d+>' =>'post/view',
I like this way, as to me, it separates the physical organisation from the logical, which is handled by the URL manager, and this seems the right place to do that…
Of course, another advantage, is that we also share other aspects of the main config files, like database access, system parameters and other component/extension configurations.
'db'=>require(dirname(__FILE__).'/db.php'),
Plus these can also share upload or system wide asset directories by placing them in the application root …
frontend
index.php
assets/
themes/
protected/
config/
frontend.php
backend.php
db-config.php
other-component-configs.php,
params.php
components/
controllers/
models/
views/
backend/
index.php
assets/
themes/
uploads/
media/
documents/
...
system-assets/
etc...