One way is to create admin’s part within project’s folder using
namespaces so that admin controllers are stored in app/controllers/
admin/ and restrict access to these controllers for mere mortals using
authentication. It means that both users and admins work with the same
database, they share the same models, only the controllers are
The other way is to create another project totally dedicated to
administration of the first, main project. So that models,
controllers, logs, libraries (all that stuff) for admin’s project and
the main project are stored in different folders (locally on the
server). Admins have an access to the same models user have. Admins
have an access to the database of the main project (which could be
done in rails). Yet users don’t have an access to admin’s database
(and even more so for controllers), since these are different
databases, unlike the first way to implement this.
I slightly tend to implement it the second way. For security purposes.
Namely, mere users and admins don’t share databases. Of course, admins
need to authorize themselves to gain control to administration anyway,
but, obviously, it’s secure, when the databases are separated from
However, I believe, as always, both methods have their advantages and
disadvantages. Yet I cannot foresee disadvantages of the second way,
since this is the first time ever I’m trying to implement
Which is the best way in your opinion? And what are the pros and cons
of both ways?