How do you handle admin pages?


#1

Hi everyone,

I’m nearly done with my first EmberJS app and, coming from server side, it really has been a pleasure to work with. However, I now need to take care of my admin pages.

How do you deal with that? Do you embed the admin routes into the same application that is served to the public, just adding an /admin route? Or do you keep that completely separate?

I currently uses Ember-Simple-Auth for authentication, my server being an OAuth 2 compliant server. If I properly handle the authorization on my server side, it should not be a problem, but I’m still a bit concerned, as the EmberJS routes can still say a bit about how the admin pages are architectured, and nothing prevent user to go to the admin pages (although most models won’t usually resolved as back-end will refuse).

Thanks!


#2

Why not just implement some roles for your users and validate the user’s role on the activate hook of the route? If they’re not an admin, redirect them somewhere else this way the route is never entered. I have a base class, for simplicity lets call it App.AuthRoute, where all the routes I want to guard extend from.


#3

Yes, I thought about this solution. It sounds like a nice one :).


#4

@bakura for my blog site I did ad an admin route that is accessible when logged in you can see the repo here if you are interested: https://github.com/pixelhandler/blog. I do redirect if the user isn’t logged in, I handle login in the application route, for now I’m using cookie auth from my api.