Admin Panel

What is Admin Panel?

Admin Panel is a special, protected area of your website that only administrators can access. Think of it like the “backstage” of your e-commerce site, where admins can manage products, orders, categories, and other important website content.

---

Why Do We Need It?

In a real e-commerce application, you don’t want regular users to be able to add or delete products, or view all orders. That’s why we create an admin panel:

• Protect sensitive data: Only admins can access it.
• Manage content: Admins can add, update, or remove products and categories.
• Monitor orders: Admins can view and manage customer orders.
• Control the site: Admins have special permissions regular users don’t have.

Note

This guide walks you step-by-step through building an admin panel for your Slim MVC application. By the end, you’ll have a secure, protected area where administrators can manage your entire e-commerce system.

---

Step-by-Step Implementation

1. Create Admin Authentication Middleware

What is Middleware? Middleware acts like a “security guard” for your admin routes. Before any admin page loads, the middleware checks: “Is this user logged in? Are they an admin?” If not, it redirects them away.

What Your Middleware Should Do:

• Check if the user is logged in (authenticated).
• Check if the user has admin privileges (is an admin).
• If both conditions are met → allow access to the admin page.
• If either check fails → redirect to the login page.

Think of it like this: Middleware runs BEFORE your controller’s request handler (callback method), acting as a gatekeeper. A middleware is a reusable component, so you don’t have to write the same security checks in every admin controller.

---

2. Create a Set of Controllers

A set of controller classes is required to be created to handle the “business logic” for your admin pages. Each controller class should manage a specific part of your admin panel.

Common Admin Controllers:

• AdminController or DashboardController: Shows an overview/stats (total products, orders, users, etc.).
• ProductsController: Handles listing, creating, editing, and deleting products.
• CategoriesController: Manages product categories.
• OrdersController: Views and manages customer orders.
• UsersController: Manages user accounts and permissions.

Each controller should have methods like:

• index() → Display a list of items.
• show() → Show details of a single item.
• create() → Display a form to create a new item.
• store() → Save a new item to the database.
• edit() → Display a form to edit an item.
• update() → Save changes to an item.
• delete() → Remove an item.

All the logic for handling admin requests goes in these controllers.

---

3. Set Up an Admin Routes Group

What is a Route Group? A route group lets you organize related routes and apply the one ore middleware to all of them at once. It’s like grouping all your admin routes under one “umbrella” and saying “all these routes are protected.”

Why Group Admin Routes?

• All admin routes share the same prefix (/admin).
• All admin routes need the same security check (AdminAuthMiddleware).
• It keeps your code organized and DRY (Don’t Repeat Yourself).

Routing Group Example

$app->group('/admin', function ($group) {
    // Dashboard route
    $group->get('/dashboard', [AdminController::class, 'dashboard']);

    // User management routes
    $group->get('/users', [AdminController::class, 'users']);

    // Product management routes
    $group->get('/products', [ProductsController::class, 'index']);
    $group->post('/products/create', [ProductsController::class, 'createProduct']);

    // Category management routes
    $group->get('/categories', [CategoriesController::class, 'index']);
    $group->post('/categories/create', [CategoriesController::class, 'create']);

    // TODO: Add here the remaining routes for orders, product editing, category editing, etc.
})->add(AdminAuthMiddleware::class);  // Apply middleware to ALL routes in this group

How This Works:

1. All routes inside the group automatically start with /admin
2. The middleware at the end (.add(AdminAuthMiddleware::class)) applies to every route in the group
3. When someone tries to visit /admin/products, the middleware runs first to check if they’re an admin

Routes Created:

• /admin/dashboard → Admin dashboard
• /admin/users → User management
• /admin/products → Product listing
• /admin/products/create → Create new product (POST request)
• /admin/categories → Category listing
• /admin/categories/create → Create new category (POST request)

---

4. Create Admin Views

What Are Views? Views are the HTML/UI that users see. They display the data from your controllers and provide forms for admins to interact with (add products, edit categories, etc.).

Views You’ll Need:

• Dashboard View → Shows statistics and overview of your e-commerce site.
• Products Views → List products, show details, create/edit product forms.
• Categories Views → Manage categories with forms to add/edit.
• Orders Views → Display and manage customer orders.
• Users Views → Manage user accounts and admin privileges.

Tips for Admin Views:

• Keep them consistent with clean, professional styling (e.g., using Bootstrap, Bluma, Tailwind CSS, etc.).
• Make forms clear and easy to use.
• Add confirmation dialogs for delete actions.
• Show success/error messages to users.
• Include navigation menu to switch between different admin sections.

---

Expected File Structure

After implementing the admin panel following the steps above, your project should be organized like this:

Tip

This structure follows the MVC pattern (Model-View-Controller). This keeps your code organized and makes it easier to maintain and scale your application.

app/
├── Controllers/
│   ├── AdminController.php
│   ├── DashboardController.php
│   ├── UsersController.php
│   ├── ProductsController.php
│   └── OrdersController.php
├── Models/
│   ├── AdminModel.php
│   ├── DashboardModel.php
│   ├── UsersModel.php
│   ├── ProductsModel.php
│   └── OrdersModel.php
├── Views/
│   └── admin/
│       ├── dashboardView.php
│       ├── usersView.php
│       ├── orders/
│       │   ├── orderIndexView.php
│       │   └── orderShowView.php
│       ├── products/
│       │   ├── productIndexView.php
│       │   ├── productShowView.php
│       │   ├── productCreateView.php
│       │   └── productEditView.php
│       └── categories/
│       │    ├── categoryIndexView.php
│       │    ├── categoryShowView.php
│       │    ├── categoryCreateView.php
│       │    └── categoryEditView.php
├── Views/
│       ├── cart/
│       │   ├── cartItemsView.php
│       │   ├── cartSummaryView.php
│       │   ├── checkoutFormView.php
│       │   └── checkoutConfirmationView.php
└── Routes/
    └── web-routes.php