Thread

Howdy,

We’re a hosting and I.T. services provider with our own front-end control panel that’s built a-top CodeIgniter 2.x framework (http://totalserve.net.au/control-panel/).

Our front-end codebase is around 120k lines of code, so not too large or too small. Back end administration and the actual administration of server/services is all completely separated from the control panel. Basically, our control panel is just for user interaction and talking to our back end APIs.

Anywho, we’re now in the meaty stages of completely revamping our website and one of the things we’re looking to do is plug both our site and control panel into a CMS. Basically, what I am after is if a customer is logged into our “site”, he/she is also logged into the control panel/forums/etc so we can share functionality and benefit from code reuse.

Given EE is built a-top CodeIgniter, my questions are:
Just how flexible is the user/group management, can we extend it’s functionality?

Our current authentication system has the concept of groups of groups. For example, we’ll have group:CompanyABC and in that group is “Admins”, “Staff” and while “Admins” have full permissions - they only have full permissions within their group, so they only see/can modify other users within the parent CompanyABC group.

Does EE have this concept out of the box? If not, is the framework similar to CodeIgniter in that we can extend these basic libraries?

If we can extend this functionality, can we extend these code components via Add-ons? In an ideal world, I’ll love for us to write our “Control Panel” as an add-on without having to touch the EE code at all!

RE: http://expressionengine.com/sales_faq/article/how_long_do_i_receive_support_for_expressionengine

I’m not too worried about technical support (we have developers in house, that should be able to figure things out). But can anyone tell me what the policy is on security updates/etc?

Thanks for reading.

Hi Michael,

Thank you for your interest in ExpressionEngine and welcome to the Forums!

Just how flexible is the user/group management, can we extend it’s functionality?
...
Does EE have this concept out of the box? If not, is the framework similar to CodeIgniter in that we can extend these basic libraries?

Not currently. ExpressionEngine’s Member management has a 1:1 member/group model. Member groups can be granted authority over there groups, but it isn’t scoped the way you describe.

However, ExpressionEngine is built on the same Codeigniter foundation you are familiar with. You can extend the base CI libraries, EE Libraries, or your add-on can even include a complete separate instance of CI.

If we can extend this functionality, can we extend these code components via Add-ons? In an ideal world, I’ll love for us to write our “Control Panel” as an add-on without having to touch the EE code at all!

Absolutely. If you extend EE’s native Member Module to include the ACL like permissions you describe, I can tell you there is a market for that functionality.

I’m not too worried about technical support (we have developers in house, that should be able to figure things out). But can anyone tell me what the policy is on security updates/etc?

We take Security very seriously. In ExpressionEngine’s entire product life we have only issued 2 absolutely necessary critical security updates. We have a solid track record in this regard. Once you purchase EE, you have access to that major version, say EE 2.x, through the life of the product. Say you purchase today and get version 2.5.2. You will have access to updates up to but excluding EE 3.0

Let me know if you have any other questions!

Cheers,

Thanks Dan,

You can extend the base CI libraries, EE Libraries, or your add-on can even include a complete separate instance of CI.

I bit the bullet yesterday (I’m in Australia) and purchased a license. Only had my head in the code for a few hours, but already feel excited to work with it.

Haven’t made any firm decisions yet, but it looks regardless if we decide to extend the core libraries or build the functionality within an add-on, either way it’ll be a lot easier to maintain.

Absolutely. If you extend EE’s native Member Module to include the ACL like permissions you describe, I can tell you there is a market for that functionality.

Looking around Themeforest, and a few of the plugin sites scattered around. I see the market is a lot more professional and priced appropriately (which is good, I hate seeing plugins being flogged for $20, when I know their worth more - which just forces everyone else to undervalues their work).

Will definitely take a look to see if we can re-coupe some of our development costs by possibly selling some add-ons.

Once you purchase EE, you have access to that major version, say EE 2.x, through the life of the product. Say you purchase today and get version 2.5.2. You will have access to updates up to but excluding EE 3.0.

Ok, great. So just to be clear, when EE 3.0 is released. The EE team will still backport security updates to the 2.x codebase (fantastic!).

To rephrase my question then, is there an official policy on security/maintenance life-cycles? To be fair, if EE 3.x launched today, I’ll be happy with an extended support of at-least 2 years counted from the date of the 3.x release. But I am really hoping for something around 3-5 year mark.

Guess what? We’ve ported the app! Two of us here were just having a play with the install and we’ve managed to port the entire app in a tad under 4-hours. *Way* easier then I was expecting.

Some observations and further questions:

Template_group/template

Coming from CodeIgniter, the default template_group/template file URI routing is quite ... limited. Understandable it’s aimed at more entry level web-developers, but it’s very under capable. Our URI structure was set-up along the lines of /control/dashboard/var1, /control/tickets/var1, etc.

We ended up just ditching the default ee/index controller/function which appears to be somewhat safe as it’s also the default failover controller.

That’s allowed us to essentially just copy over our CI_Controller classes that we’ve packaged up into an App and wrote and a few constructor classes to tie into EE’s template systems. Easy as ABC. Great work guys!

Just how supported is this route? That is, how supported will we be with simply commenting out the following lines to give us greater control on routing?

//$routing['directory'] = '';
//$routing['controller'] = 'ee';
//$routing['function'] = 'index';

Hey Michael!

Wow, sounds like you’ve been busy and productive!

To be fair, if EE 3.x launched today, I’ll be happy with an extended support of at-least 2 years counted from the date of the 3.x release. But I am really hoping for something around 3-5 year mark.

Indeed. The official policy hasn’t been set yet, but we still support the 1.x version 30mos after the release of 2.x

The pattern developing seems to be as long as we can reasonable keep it secure on current versions of PHP without refactoring a legacy product. Make sense?

I shared your kind words with the Developers! Thanks so much!

Is there anything else I can assist you with?

Cheers,