I'm finding I'm increasingly creating sites in a similar form and I'd like to clarify if I'm doing it in the most efficient manner for security management and generally a railsey approach.
I make a welcome controller and associated actions e.g.
./script/generate controller welcome actionname1 actionname2 actionname3 actionname4 actionname5
I then populate the views for all the actions in the welcome controller with suitable content.
That's it for the front end.
Then for my backend <cough>, I use acts_as_authenticated and generate an account model and a user or two.
I then create various other controllers generally with scaffolding and secure them with a before filter (filter all the actions unless the user is logged in).
That's basically it,
In my welcome controller views I generally access variables created by the backend functions (for example blog entries or whatever).
Is my approach an "ok" one. After deploying my 2nd rails site I want to make sure I've got the right idea before going on.
I use migrations, but I'm not testing yet, that's my next goal.