website/application administration patterns [in Rails]

Hello!

One topic that seemed very simple in the beginning but ended up by
being kind of complex (as more complex and bigger project came towards
me) is the admin aspect of a web application/site.

I couldn't find many articles/resources on "admin best practices" and
**website/application administration patterns**. I know that the
solution is very dependant from the problem being solved (project) but
I would really like to know more about this subject that ended up by
not being so trivial.

For my last Rails project, I created a static role based system where
I defined in the controllers using before filters which kind of user
(based on a user_level attribute) could access each action. So, admins
could access "POST" actions and everyone else could access "GET"
actions.

Take Django for example - you build the application and get a
production-ready admin interface for free. This feature is extremelly
attractive, since I find that the most boring and time-consuming
aspect of the application is indeed the CRUD admin interface for the
content-creators or website administrators or whatever they may be
called.

Also, I find that separating "front-end" controllers from "admin"
controller (putting the admin controller into an admin namespace) to
be a good organisational technique to focus each of them on its
responsabilities (GETting content versus POSTing content) but many
folks @ #rubyonrails told me that this isn't really the way to go.

So, how would you implement an administration interface/control panel
on a large application built in Rails? And if this application uses
RESTful model, how should you handle it?

So, please, if you could enlighten-me on this subject, I would be grateful.

Thanks,

Marcelo.

Hello Marcelo,

I was wondering about the same thing myself. Initially I was going to
build two separate applications that accessed the same database. That
way I could completely restrict the admin application to work only at
at one location (it would only be installed at one location). However,
that means that I would have to keep all my models in sync and it
seemed a more complex way of dealing with the situation. Also, I'm not
sure if it provided all that much security.

So, I did the following

I used the admin namespace feature to separate the back-end
administration from the front-end. Here's a sample of my routes:

map.namespace :admin do |admin|
  admin.resources :products, has_many => [:variations, :collections]
  admin.resources :collections
end

map.resources :products, has_many => [:variations, :collections]
map.resources :collections

So this leads to 'admin' folders in the 'controllers' folder and in
the 'views' folder. My 'models' folder was flat. I have
access all actions. The normal controllers don't require
authorization, and I've removed any actions from them that I didn't
need: (i.e. one or all of: edit, update, new, create, and delete).

All of the admin controllers use the views in the 'views/admin'
subfolder and the normal controllers use the views in 'views'.

Like you said, it probably is very dependent on your specific
application, but this seemed to work well for me.

You mentioned that this method was not recommended by Rails folks on
IRC, do you remember why?