I have a small Phoenix application allowing users to login and consult their profile. I used the following simple route:
resources "/users", MyApp.UserControllerBut this allows every user to see the list of users via the :index action, as well as delete or update any user.
What is the easiest way to restrict access to admins only? Should I add a check in front of every action? Or should I create a "/admin" resource which would handle those operations? What is the recommended way?
