diff --git a/app/controllers/spree/admin/base_controller.rb b/app/controllers/spree/admin/base_controller.rb
new file mode 100644
index 0000000000..19702cc9e2
--- /dev/null
+++ b/app/controllers/spree/admin/base_controller.rb
@@ -0,0 +1,92 @@
+module Spree
+  module Admin
+    class BaseController < Spree::BaseController
+      ssl_required
+
+      helper 'spree/admin/navigation'
+      helper 'spree/admin/tables'
+      layout '/spree/layouts/admin'
+
+      before_filter :check_alerts
+      before_filter :authorize_admin
+
+      protected
+        def action
+          params[:action].to_sym
+        end
+
+        def authorize_admin
+          if respond_to?(:model_class, true) && model_class
+            record = model_class
+          else
+            record = Object
+          end
+          authorize! :admin, record
+          authorize! action, record
+        end
+
+        # Need to generate an API key for a user due to some backend actions
+        # requiring authentication to the Spree API
+        def generate_admin_api_key
+          if user = try_spree_current_user
+            if user.spree_api_key.blank?
+              user.generate_spree_api_key!
+            end
+          end
+        end
+
+        def check_alerts
+          return unless should_check_alerts?
+
+          unless session.has_key? :alerts
+            begin
+              session[:alerts] = Spree::Alert.current(request.host)
+              filter_dismissed_alerts
+              Spree::Config.set :last_check_for_spree_alerts => DateTime.now.to_s
+            rescue
+              session[:alerts] = nil
+            end
+          end
+        end
+
+        def should_check_alerts?
+          return false if !Rails.env.production? || !Spree::Config[:check_for_spree_alerts]
+
+          last_check = Spree::Config[:last_check_for_spree_alerts]
+          return true if last_check.blank?
+
+          DateTime.parse(last_check) < 12.hours.ago
+        end
+
+        def flash_message_for(object, event_sym)
+          resource_desc  = object.class.model_name.human
+          resource_desc += " \"#{object.name}\"" if object.respond_to?(:name) && object.name.present?
+          Spree.t(event_sym, :resource => resource_desc)
+        end
+
+        def render_js_for_destroy
+          render :partial => '/spree/admin/shared/destroy'
+        end
+
+        # Index request for JSON needs to pass a CSRF token in order to prevent JSON Hijacking
+        def check_json_authenticity
+          return unless request.format.js? or request.format.json?
+          return unless protect_against_forgery?
+          auth_token = params[request_forgery_protection_token]
+          unless (auth_token and form_authenticity_token == URI.unescape(auth_token))
+            raise(ActionController::InvalidAuthenticityToken)
+          end
+        end
+
+        def filter_dismissed_alerts
+          return unless session[:alerts]
+          dismissed = (Spree::Config[:dismissed_spree_alerts] || '').split(',')
+          session[:alerts].reject! { |a| dismissed.include? a["id"].to_s }
+        end
+
+        def config_locale
+          Spree::Backend::Config[:locale]
+        end
+    end
+  end
+end