VOOZH about

URL: https://deepwiki.com/MahoCommerce/maho/7.1-admin-architecture

⇱ Admin Architecture | MahoCommerce/maho | DeepWiki

Loading...
Loading...
Last indexed: 15 May 2026 (ea8ab8)
Menu

Admin Architecture

This document covers the architecture of Maho's administrative backend (adminhtml area), including routing, ACL system, authentication, menu structure, and UI patterns. For information about specific admin components like WYSIWYG editor or grids/forms, see 7.2 WYSIWYG Editor (TipTap) and 7.3 Grid and Form Components For admin JavaScript patterns, see 7.4 Admin JavaScript Utilities

Purpose and Scope

The admin architecture provides a secure, extensible interface for managing all aspects of a Maho installation. It includes:

Admin Area Architecture

Maho separates the administrative backend into a distinct application area called adminhtml, which has its own routing, controllers, layouts, and design themes.

Admin vs Frontend Area Structure



Sources: app/code/core/Mage/Adminhtml/Controller/Action.php60 app/code/core/Mage/Adminhtml/etc/config.xml54-56 app/code/core/Mage/Core/Controller/Front/Action.php31


The adminhtml area is activated when requests match the admin frontName (configured in config.xml via the admin/base_path node). app/code/core/Mage/Adminhtml/etc/config.xml55


Admin Routing and Controllers


Admin Route Configuration


Admin routes are defined in module config.xml files. The core admin route is typically handled by the Mage_Adminhtml module. app/code/core/Mage/Adminhtml/etc/config.xml54-56


Admin Controller Base Classes


Admin controllers extend from Mage_Adminhtml_Controller_Action, which provides ACL checking and session validation. app/code/core/Mage/Adminhtml/Controller/Action.php13-14



























FunctionPurpose
_isAllowed()Checks current user permission on resource. app/code/core/Mage/Adminhtml/Controller/Action.php74-77
preDispatch()Sets area, design, and validates form/secret keys. app/code/core/Mage/Adminhtml/Controller/Action.php148-197
_setActiveMenu()Defines active menu item in the navigation block. app/code/core/Mage/Adminhtml/Controller/Action.php104-108
_addContent()Appends a block to the main content area. app/code/core/Mage/Adminhtml/Controller/Action.php124-128


Sources: app/code/core/Mage/Adminhtml/Controller/Action.php13-140


ACL System


ACL Architecture


The Access Control List (ACL) system manages permissions for admin users and roles. Resources are defined in adminhtml.xml files. app/code/core/Mage/Adminhtml/etc/adminhtml.xml121-156




Sources: app/code/core/Mage/Adminhtml/Controller/Action.php74-77 app/code/core/Mage/Adminhtml/etc/adminhtml.xml121-156 app/code/core/Mage/Admin/etc/config.xml24-45


Controller ACL Protection


Each admin controller implements _isAllowed() to specify required permissions. If not implemented, it defaults to the admin resource. app/code/core/Mage/Adminhtml/Controller/Action.php34 app/code/core/Mage/Adminhtml/Controller/Action.php74-77


Database Schema


Admin users, roles, and rules are stored in the following tables:



Maho includes an upgrade script to fix legacy created timestamp issues in the admin_user table, ensuring account creation dates are preserved during updates. app/code/core/Mage/Admin/sql/admin_setup/upgrade-1.6.1.5-1.6.1.6.php37-46


Orphaned Resources


When modules are removed or resources renamed, orphaned entries can remain in the database. Maho provides utilities to detect and remove these:



Sources: app/code/core/Mage/Admin/Model/Resource/Rules.php99-107 app/code/core/Mage/Api/Model/Resource/Rules.php78-86 app/code/core/Mage/Adminhtml/Block/Api/OrphanedResource/Grid.php13-34


Admin Authentication and Security


Two-Factor Authentication (2FA)


Maho supports modern authentication methods via Mage_Admin_Helper_Auth.



Admin Session Security


The admin session implements several security features:



Sources: app/code/core/Mage/Adminhtml/Controller/Action.php170-181 app/code/core/Mage/Admin/Helper/Auth.php14-60


Admin Menu Structure


Admin menus are hierarchical and defined in adminhtml.xml files. Each node specifies a title, sort order, and an action path. app/code/core/Mage/Adminhtml/etc/adminhtml.xml14-120


Menu Definition Example




Sources: app/code/core/Mage/Adminhtml/etc/adminhtml.xml20-119


Admin Layout and UI Components


The admin layout system uses XML updates to build the interface. app/code/core/Mage/Adminhtml/etc/config.xml81-99


Core Blocks and Templates



























ComponentRoleSource
Mage_Adminhtml_Block_Page_HeaderRenders the admin top bar and global searchapp/design/adminhtml/default/default/template/page/header.phtml12
Mage_Adminhtml_Block_Widget_GridBase class for administrative data gridsapp/code/core/Mage/Adminhtml/Block/Api/OrphanedResource/Grid.php13
Mage_Adminhtml_Block_System_Tools_HealthcheckUI for system health diagnosticsapp/code/core/Mage/Adminhtml/Block/System/Tools/Healthcheck.php14


Global Search


The admin header includes a global search feature that queries across Products, Customers, and Sales orders. app/design/adminhtml/default/default/template/page/header.phtml19-67



System Health Check


Maho provides a comprehensive System Health Check accessible via System > Tools > Health Check. app/code/core/Mage/Adminhtml/etc/adminhtml.xml34-38


The health check system validates the environment and provides insights into the installation state.



Sources: app/design/adminhtml/default/default/template/page/header.phtml14-79 app/code/core/Mage/Adminhtml/etc/config.xml58-71 app/code/core/Mage/Adminhtml/Block/System/Tools/Healthcheck.php14-20