Would having a separate app be appropriate for administrators of a symfony site?

0
votes

I am building a symfony based website, which has users and admins. Normally, I would let them use the same app, and display different pages for the admins by checking their permissions (I am using sfGuard plugin).

The Admins use the same modules as the other users, but the views are different. The admins can search for all user data and can see all the users at once. They can also edit anything.

But I am wondering if it would be better to use a backend app only for Admins? That's the way the jobeet tutorial does it. So the admins would go to this backend app instead of the other one that everyone else uses....

What would be the pros and cons of each approach?

Thanks.

2
phpmodel-view-controllersymfony1content-management-systemsymfony-1.4
In all honesty? I don't think it terribly matters.cwallenpoole

2 Answers

1
votes

If you're not using the backend admin generator, I'd keep everything to the frontend application, as I don't see major benefits for having a separate backend app in this case. You can separate the user experience for normal users and admins inside the frontend application just the same, all the way from their own login pages to "admin mode" template views etc. sfDoctrineGuard comes with groups and permissions so it's easy to set up. Plus you won't need to duplicate frontend app settings in the backend app just to make things work the same way.

0
votes

This decision is a balancing act. The best answer depends on HOW DIFFERENT the functionality and permissions are between the two types of users. If your site is very complex, it will become easier to write, maintain, and test the code in separate apps. If there are just a few little differences, you will prefer the simplicity of only one app to maintain.

For example in our system, we have our own system admins which are allowed to do and see far more than the customer "admins". The customer users have different tiers of permissions with their admin level being the highest. However, even those customers can not access any of our backend, which has numerous modules they can't see, and completely different sets of forms. We even run these apps on different virtual hostnames even though it's within the same Symfony project.

Having separate apps like this allows you to more easily make sure the security is right by keeping customers completely out of the backend and all of its modules. We have some modules that are similar in backend and frontend, but the customer side has to have a lot more custom restrictions on which records & fields they can view/edit to keep them out of other customer's data.

If we tried to mix all those customer restrictions along with our super-privileged capabilities we'd have a nightmare of complex conditionals and queries and it would be far too easy to make mistakes and allow customers access they aren't supposed to have.