When designing a web site, most of the work goes into making a well-designed and usable frontend interface. What doesn't get nearly as much love is the backend administrative interface. Like security, it typically comes as an after thought if at all. However, with this website, I needed a reasonably functional administration section that would allow me to manipulate data in the models and a somewhat presentable interface that wasn't so arcane that it was unusable. While I did write some custom code to manage certain aspects of the site, developing an entire administration section from scratch was about as palatable as a dish of warmed up horse droppings. Say hello to my new best friend, ActiveScaffold.

For quite some time, I used a plugin called auto-admin. This plugin was chosen because at the time there were few other alternatives for Rails. The plugin provided a basic scaffolding interface that was reasonable and did the job, but certainly messier than I really wanted. It's unclear at this point as to whether or not it is still in active development and the latest trunk certainly doesn't play well with Rails 2.0.2. So earlier tonight, i "svn removed" auto-admin and did some cleanup to remove it's footprints from a variety of models.

Google was kind enough to return a result that pointed me in the direction of a new plugin known as ActiveScaffold. You can read more about this plugin on the website, but some of the most common use cases were for prototyping and administrative interfaces, w00t! Perfect, so I checked out the trunk and put some elbow grease into integrating it into this website. Although it took a fair bit of time to get everything configured, it's up and running.

Although I contemplated making this an entirely separate Rails application only accessible internally, I decided against that approach. Obviously I had a security concern of having that functionality accessible publicly, so how did I satisfy my paranoia? Well, I used a combination of Apache and application code to ensure that all access to that section of the site is restricted to users that have authorized client certificates issued by my root certificate authority. I felt that this approach provided a reasonable level of protection and I wrote functional tests to ensure this behavior

Want a look at the final product? Here ya go! 

There were several gotchas with ActiveScaffold that made my brain hurt, but enough tinkering and reading the docs helped provide the necessary pain relief. Actually, most of my troubles were due to a large number of associations and in some cases, improperly configured associations. What I find most attractive about this plugin, aside from working and having an active development team, is that it is fairly modular and does not leave any major footprints within my other code. In other words, I could pretty easily rip this plugin out with little cleanup to perform. All in all, I'm happy for this evening. We'll see how I feel about it tomorrow.