Hi all,
I'm in the process of working through my first rails app and had a general security question. For simplicity's sake, let's say I've got an Article object with all of the scaffolding-generated files (article.rb, articles_controller.rb and all of the list/edit/new/etc views).
For obvious security reasons, I need to make sure all of these views are only accessible to admins, since they all have links to add/edit/ delete the articles.
I've also created two additional views which basically mirror the list and show views...the only difference being there are no add/edit/ delete links...everything is just read-only. These will be the public- facing views.
My question is basically, how do I structure my application so that any view and/or controller action that modifies the database is password protected, while any "read-only" view that I've created is accessible to the general public?
Thanks in advance for your help!
-Brian