bennywhitebread's avatar

Best practices for Admin/Member zone (controllers/models/prefix/roles, etc)

Hi !

I have finished the first part of my app by creating CRUD actions on my Many-to-Many relationships (Trainings-Users-Groups) and now I'd like to make the member area.

Members will have the same layout but of course won't be able to access the CRUD action admin is and also will have different views.

I don't really need at the moment a fully-role-based package but with a simple Member/admin filed in the user table, it would be fine.

I have read some articles with different approaches and I'd like to have some advice before going to code it.

1°/ Create a simple field 'role ' in DB, a middleware to check for isAdmin and maybe to prefix routes to have something like https://myapp/admin and https://myapp/member

For this solution I plan to regroup the Admin and User controllers in separate folders (Controllers\Admin and Controllers\Users) and also make specific models for each role. I don't know if it's effective.

Also I plan to have separate views and routes since I like to have separations.

My question is to know if it's effective and maintanable. (will have a lot of file) And what about the routes and redirect after login based on the role ?

2°/ create a second app with shared DB and use subdomains

3°/ another idea ?

I'd like to have a clear view about those 2 separate spaces and be able to work indepedently

thanks all !

0 likes
4 replies
Punksolid's avatar

Hi again @ankaroo

It depends on what are you wanting to build, I don't recommend you to have two apps to manage the same database. Its better to have one codebase to manipulate the database, maybe you could use a prefix route group to separate concerns of your app.

  1. looks like what you are wanting to do is a multi-tenant app. (https://www.bmc.com/blogs/single-tenant-vs-multi-tenant/)
  1. If what you want is to separate the contexts by subdomain you could use a package https://github.com/hyn/multi-tenant/ or routing and global scopes
1 like
martinbean's avatar

@ankaroo If you’re creating “protected” sections of your website for different members, then you could just simply have a “role” property on your users and then use middleware/authorisation to restrict access to specific roles.

So for a members-only section, you could check if a user is a member or admin. For the admin panel, you would check the user has the admin role.

By default, after logging in a user is redirected to either the previous URL, or just the home page.

1 like
bennywhitebread's avatar

@MARTINBEAN - Yes it's just separate actions for member and admins.

Like the list of their own trainings with statuses for the member while admin will have the full overview.

My question is more conceptual and organizational because I'm planning to implement a simple filed role in member's profile and do like you said, using a middleware for checking auth.

Like having dedicated controllers/models for members and admin in separate folders to avoid the confusion. I don't really like mixing functions for specific role in the same controller.

Like having

app/Http/Controllers/Admin/TrainingsController.php
app/Http/Controllers/Member/TrainingsController.php
resources/views/members/...
resources/views/admin/...
resources/views/layouts

With this approach, it will increase the number of files and codes but I think it's clearer imo. What do you think ?

Please or to participate in this conversation.