Multiple Avo admin panels in one app

[adrianthedev]

Hey everyone. I had this question asked a few times now. How can you have multiple Avo admin panels in one app?

Let's consider multiple roles for users (analytics and admin) and a few resources Product and User.
The use-case here is that a member from analytics should not be allowed to see any users but the admin should.

Pundit policies to the rescue! Inside your UserPolicy methods you would return something like user.is_admin? in all policy methods.

class UserPolicy < ApplicationPolicy
  def index?
    user.is_admin?
  end
  
  def show?
    user.is_admin?
  end
  
  ...etc
end

Now, only the user that has the role of admin will be see the User resource and none other.

All throughout Avo (in actions, filters, dashboards, etc.) you have authorization or visible options where you can add the same constraint.

I'm curious to see if anyone used this before or has found different ways of achieving this behavior.

✌️ Adrian

[adrianthedev]

That being said, I do wish a feature existed with Avo where you can just specify a route segment or subdomain to be attributed to a directory and Avo will feed off that directory. This way you could have multiple configurations for multiple user types.

Avo.configure do |config|
  config.modules = [
    { namespace: "admins", path: "/admins" },
    { namespace: "analytics", path: "/analytics" },
  ]
end

# Have different configuration files under `app/admins` and `app/analytics`
# `app/admins/resources|actions|filters|etc`
# `app/analytics/resources|actions|filters|etc`

The con to this is that it will be more difficult to re-use configuration files. It might be easier just to assign them to different roles somehow.
I'm open to suggestions.

[khelal]

Also interested in this to have a "public" interface and a "private" one.

[adrianthedev]

Awesome!
Could you please give us more details about your particular use-case?
How many types of users use your app? Who would use it more? What kind of actions would they take? How would this feature help out?

[khelal]

Sure. Let's give an example.

We track construction projects.

I want people to be able to register to a "community" portal where they can suggest, edit, and submit new projects. This could be 100s or 1000s of people. They should only see their own data.

On the other side, I also want our own support people to be able to see sensitive data to support our existing customers.

Ideally, i'd have those be at different urls.

/community for all the people who want to submit project data.
/admin for our internal support people