There are plenty of other radiant extensions published here to enforce a particular scoping of resources in the admin interface. The ones I’ve seen work well enough but in a superficial way based on template changes and controller methods. I wasn’t really happy with that: it’s not extensible or configurable and it feels a bit flimsy.
I need something that I can use to underpin other extensions – forum, group-based permissions and secure downloads are coming here shortly – and that will also serve to scope resources in the admin interface in a clean and tweakable way. Some of the sites that (are going to) use this have quite stringent security requirements, so I also need something very sturdy and resilient.
The solution I’ve ended up with has two parts: a fork of multi_site that adds scoping at the ActiveRecord level, so that resources out of scope are completely hidden from radiant, and this very thin interface extension to apply that mechanism to the main radiant resource classes. The scoping mechanism in multi_site is designed to be cleanly applicable to any model class, and to do the right thing with associations and uniqueness validations. Thanks to the joy of ruby this is all handled in a readable way by chaining methods and adding scope to find calls and calculations.
Most of the work is done just by calling
is_site_scoped on User, Layout and Snippet. The rest of the code here – there isn’t much – is just useful bits and pieces. It tweaks the scoping rules so that users (whether admin or not) can be shared among – and can therefore act within – all the sites defined, and it adds a general-purpose which-site-are-we-talking about mechanism to the resource controller.
There’s plenty more to do here – scoped assets and settings, next, and some interface polish – but the basics are all in place, everything is specced properly and the tests pass. I’d be very glad of any comments, suggestions or fixes.