I have a resource where there can be private or public items.
If an item is public then no login is required to view, but if it's
private then only the owner should be able to see it.
I've thought that I will just have two controllers. One for when
people are logged in and checks for privacy and stuff, and another
that just does public access. Is this ok or is there a problem
because there will effectively be two URL's to the one resource?
I use the restful_authentication plugin. The items are model instances and so are not constrained by permissions on controllers. Hence the question.
The owner of items may have a collection of public and a collection of private items. Another person, or an anonymous user should be able to access these public items. whether logged in or not.
I think I’m going to go for two controllers with different layouts. That way I can have public actions on the public layout and logged in actions in the private layout, and the logic is kept reasonably seperate.