Home/ Questions/Q 8202293
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T07:07:55+00:00

This is a question more for opinions rather than for a solution to a

  • 0

This is a question more for opinions rather than for a solution to a specific problem.

I am working with CakePHP for the first time and am working on the admin part of the site now.

Where do you, as an MVC or CakePHP developer like to put your admin functions?

Initially I was putting them in an AdminController, but have since changed to putting the functions in a controller that is meant for the type of data being manipulated. For example, I put the user listings/editing in the UserController.

To me this makes more sense since there is likely to be functionality in the UserController that may be useful.

If you leave a response, could you please leave a few words saying why? Perhaps it is a moot point.

take care,
lee

— Edit

if ($this->Auth->user('user_type') == 1){//double-check the user is Admin
            $this->Auth->allow('display');
            $this->Auth->allow('watch');
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I don’t think it’s a moot point. Put the admin functions in their respective controllers (ie, not all together in one ‘admin’ controller), and use ‘admin’ prefix routing, built into Cake, to keep them secure. This is the CakePHP sanctioned way to do it, and CakePHP allows you to create admin functions in this way via the Bake console.

    You can protect all controller functions prefixed by admin_ with a few simple lines of code in your AppController, and all admin functions can be accessed via tidy, consistent URLs like this: http://www.example.com/admin/my_controller/my_function

    This should get you started: http://book.cakephp.org/2.0/en/development/routing.html#prefix-routing

    Let me know if you need more help and I’ll update my answer with more info.

    EDIT: More info…

    Here’s some steps to set up admin routing:

    1/ in app/Config/core.php, around line 113, make sure this line exists and is uncommented:

        Configure::write('Routing.prefixes', array('admin'));

    2/ In app/Controller/AppController.php (ie, the controller superclass), test for admin routing in your beforeFilter method. Do NOT do this in the beforeFilter of each controller – that is not in tune with DRY principles. Here’s my before filter method as an example:

    function beforeFilter() {
    if (isset($this->request->params['admin'])) {
            // the user has accessed an admin function, so handle it accordingly.
        $this->layout = 'admin';
        $this->Auth->loginRedirect = array('controller'=>'users','action'=>'index');
        $this->Auth->allow('login');
    } else {
            // the user has accessed a NON-admin function, so handle it accordingly.
        $this->Auth->allow();

    }
}

    3/ Prefix all your admin functions with admin_ and they should automatically be available via prefix routing.

    eg.

    function admin_dostuff () { echo 'hi from the admin function'; } // This will be available via http://www.example.com/admin/my_controller/dostuff

function dostuff () { echo 'hi from the NON-admin function'; } // This will be available via http://www.example.com/my_controller/dostuff

    Once you’ve got that set up, all you need to do is prefix admin functions with admin_, and Cake will handle it all for you. Make sense?

    EDIT 2:

    Here’s some quickly-written example code that should help your situation.

    function beforeFilter() {
    if (isset($this->request->params['admin'])) {
        // the user has accessed an admin_ function, so check if they are an admin.
        if ($this->Auth->user('user_type') == 1){
            // an Admin user has accessed an admin function. We can always allow that.
            $this->Auth->allow();
        } else {
            // A non-admin user has accessed an admin function, so we shouldn't allow it.
            // Here you can redirect them, or give an error message, or something
        }
    } else {
        // the user has accessed a NON-admin function, so handle it however you want.
        $this->Auth->allow(); // this example gives public access to all non-admin functions.
    }
}
    • 0