i've an rails application where the CUD (create, update, delete) actions only can used by the admin to create update or delete an item. The show (read) action can used by everyone.
Now i want that only the admin create other entries. this is my item model
class Item < ActiveRecord::Base
has_many :entries
And this is my entry model
class Entry < ActiveRecord::Base
belongs_to :item
In my admin_controller for the items i have the need actions.
class Admin::ItemsController < ApplicationController
Now i have two questions
My question is, have i to define an own admin entry controller? I think yes, there is an own admin-item-controller needed.
How is the best way to define that the item_admin is allow to create, update or delete the entries. everyone else can the entries only see. can every help me please?
I think there are two options:
CRUD operations - but for admins only. In addition have a public items and an public entries controller that have only the show method implemented.pundit or cancancan to ensure that only admins can use the create, update and destroy action.