📖 Administering a Blog

Why We Use It

Allowing admins to manage blog content ensures content stays current and relevant. This pattern also mirrors how user profile editing was implemented, reinforcing role-based workflows across the app.

Administering a blog means providing a secure, role-protected interface for content management. In our application, this includes:

  • Admin dashboard entry point: admin/blog.php
  • Views for creating and editing posts
  • A shared form partial for reuse
  • Helper methods in PostModel for storing and updating content

Project Structure

These files support the admin-specific operations and follow the same MVC organization as user management:

project-root/
├── admin/
│   └── blog.php                        ← admin entry point (role check required)
├── controllers/
│   └── PostController.php              ← handles create/edit/delete methods
├── models/
│   └── PostModel.php                   ← stores new posts and updates existing ones
├── views/
│   ├── admin/
│       └── blog/
│           ├── create.php              ← admin-only form
│           ├── edit.php                ← admin-only edit form
│           └── partials/
│               └── form-fields.php     ← reused fields partial
└── config/
    └── init.php

How It Works

Controller Methods

PostController should include methods like:

  • create() – loads the empty form
  • store() – validates and saves a new post
  • edit($id) – loads existing post for editing
  • update($id) – saves changes to the post
  • delete($id) – marks post as deleted (soft delete recommended)

All admin methods should begin with a check like if (!isAdmin()) { redirectUnauthorized(); }.

Model Methods

PostModel should include:

  • createPost($data)
  • updatePost($id, $data)
  • deletePost($id) or softDelete($id)

Use prepared statements to sanitize all inputs.

Admin Views

Both create.php and edit.php should include the same form fields, loaded via:

<?php include 'partials/form-fields.php'; ?>

The partial should be flexible — use PHP to set default values if editing an existing post.

Access Control

Only users with the admin role should be able to access:

  • admin/blog.php
  • Any PostController method that modifies data
  • Dashboard links to blog management

Use isAdmin() in views to hide buttons or links from non-admin users.

Common Issues

  • Form not saving? Check method names in the controller and model match.
  • Form fields not repopulating? Use value fallback logic in the partial.
  • Non-admins accessing routes? Add a top-of-method check using isAdmin().

Team Guidelines

  • Use the shared form partial for both create and edit views
  • Validate and sanitize all form data before saving
  • Redirect after storing or updating to prevent duplicate submissions
  • Use soft deletes when possible to preserve post history

Summary / Takeaways

  • Admin tools mirror the MVC structure used for users
  • Access should always be restricted to admin-only routes
  • Views should reuse form fields via partials
  • Controllers should redirect after successful changes

Additional Resources

Last updated: August 10, 2025 at 3:47 PM