Joan Gu wrote:
I use a controller and its views for both administrative and public use,
and I prefer to do page caching instead of fragment caching. I know I
will need to have different URLs for the depend on user roles, eg
/articles/3/comments for public user and admin/articles/3/comments for
administrative user. I looked into several things, but couldn't make it
I can't see how using different simply using different can work safely. What's to stop an ordinary user from navigating to admin/articles/3/comments unless you have some sort of Basic authentication done by the webserver.