How do you control the access to the admin pages in CI? .htaccess or database gateway keeper?

[eluser]searain[/eluser]
My guess is that there are two ways to control the access to the admin.

a) put all admin controllers and views in admin subfolders of controllers and views. and use .htaccess to password protect the admin folders of controllers and views.

Or use

b) database gateway keepers to control the end users access to the database.

I like a). This approach totally separate the admin from end user pages. There are maybe some duplicated works that I have do double code for end user and admin CRUD. But my thinking is that these duplicated works are very limited, just copy and paste and then modify. But it is clean and simple. Separate use pages and admin pages, good for "divide and conquer". Plus, view pages such as idex,view,edit/add form for admin and end user are different anyway.

Or should I use b) database gatekeeper for both control end user access and admin access in CI? I have seen several CI systems or codes use database gatekeeper for admin too. Not see too many use separate admin folders yet.

[eluser]Colin Williams[/eluser]
I use a, er, database keeper?

I don't see the point of having an admin folder to separate out administrative processes. It's taking a user-end mental model and structuring the software around that. Doesn't make much sense to me. My User model has an access() method that I use to authorize the user (based on their role and individual permissions). Using it looks something like:

Code:

function add_post()
{
   if ( ! $this->user_model->access('create blog post'))
   {
      redirect('user/login');
   }
   // Do code for blog posting here.
}

[eluser]searain[/eluser]
Colin, I think I get your points. I think for a forum, wiki, blog these kind systems, use database access control for both end users and administrator will be better. A lot of CRUD both for end user and administrator.

The systems I developed before usually are shopping cart, real estate sites, online magazines/articles/events/business directory etc. There are limited end user CRUD pages, a lot of admin CRUD pages. In this case, separate the admin pages will make sense?

[eluser]Colin Williams[/eluser]
I always structure my app from the perspective of the resources it manages (products, real estate listings, etc.). So, no, an "admin" folder never makes sense to me. I don't want to jump between controllers for front and backend actions. I prefer my, let's say, Property controller has all administrative actions and all non-administrative actions.

[eluser]dejitaru[/eluser]
@blackhorse66
I think both are good points of view. I work exactly like @blackhorse66. I separate the admin page and the visitors page, something like:
www.domain.com/products/list <------ here the front shopping cart working
www.domain.com/admin/products/add <-- here i add the products

Sometimes I find my self working double because on the frontEnd files I use part of the code of the admin CRUD, mostly the LIST items part. But I find it most useful when editing my files, the code is most clear to me.

On the other hand, @Colin approach makes me sense but I find it more time consuming on the development of the site(for me), because you must add the edit/add/delete buttons to the site design. Also I work with designers,so in the meantime they are working on the design, I work on my admin panel which I already have precoded. After they finish, I have my admin part completed and I add the code to the design.

[eluser]adamp1[/eluser]
I separate the controllers out, reasons for this are two fold.
1. Having all the display stuff and admin stuff in a single controller will make it way too long, not nice to read. A Controller should really only have a single function (or handle a few sub-pages which are very related).
2. There are security issues since you are mixing non-secure code with secure. There's more of a chance to forget to put a security check in.

I can however see a use for it on a blog, like wordpress, being able to add a new post from the front page rather than having to go to the special admin area would be easier.

I don't think the .htaccess option would work since the user doesn't actually go to the folder. The index.php file loads the controller from the dir. I would go for a 'gateway keeper' as you call it.

[eluser]Zack Kitzmiller[/eluser]
I always separate things out, one model, for say products, with all the auth'd and unauth'd methods, then two controllers. admin, and public. like dejitaru. I don't like to mix public facing secure code with insecure code. Something I was taught in all of my courses in College.

It does make for a little bit of code overlap, but usually administration doesn't look or feel anything like public facing pages, more utilitarian. So then I'd have to load multiple view templates in the same controller, which is hella ugly.

[eluser]dejitaru[/eluser]
Regarding how do you control the access to the admin pages in CI? .htaccess or database gateway keeper?.
I would say I prefer doing it by using a database. There are some CI libraries that can help you achieve this in an easy way like the ones listed in: http://codeigniter.com/wiki/Category:Lib...ntication/.

[eluser]searain[/eluser]
as for separate the admin folders out. in my non CI coding, I also separate the pages like this admin/articles, admin/galleries, admin/newsletters etc. I separate the admin pages by the major sector of the web site. I think this could still apply to CI coding, right?

Just the CI sample sites I run into, I saw them used to not separate pages(MVC) so often, wondering if there is a reason for that. Or more like the preference of the programmer.