This forum has moved to a new location and is in read-only mode. Please visit talk.octobercms.com to access the new location.

fenerli
fenerli

The system I am developing will be severely hampered for usability with two sets of logins, as it is a community web site where many users have backend privileges.

Would I be better off:

  • using only frontend users (Rainlab\User\Models\User) and roles and granting backend access as necessary
  • using only backend users (Backend\Models\User ) and denying backend access as necessary
  • sync frontend and backend users and login would generate two login tokens for users

Any feedback from people who have done this or anyone else would be much appreciated.

Last updated

KurtJensen
KurtJensen

I think "many users have backend privileges" is a little vague to answer. Are we talking 10, 50, 100 users?

fenerli
fenerli

KurtJensen said:

I think "many users have backend privileges" is a little vague to answer. Are we talking 10, 50, 100 users?

10-20%. 50 out of a few hundred active users.

pikusfikus
pikusfikus

To my opinion, the appropriate solution will be using only frontend users, implement your own "backend" for them and implement there only features they will need. Of course, it is a little bit more work to do, but it is clear and safe solution. Nobody will change something they shouldn't have access to.

daftspunky
daftspunky

Allowing the public to access your back-end is a serious security concern. While technically the permission structure is secure, it is assumed that users accessing the back-end have some level of trust in your operation. As an analogy, having separate user tables is the equivalent of a network firewall, giving users open access to your back-end is like disabling your firewall.

Consider building the administration features in the front end.

1-5 of 5

You cannot edit posts or make replies: the forum has moved to talk.octobercms.com.