[eluser]-sek[/eluser]
I have a question, but first some background.
I have a controller enabling users to browse a list of their friends in their social network. They can remove or approve friends in this list. A user must have valid credentials to login in order to see this page.
A different controller is responsible for the the display of the user profile to the public. This page displays a list of friends. Since this list can grow fairly long, I want to create a separate page listing all friends. The profile will display a limited number of friends and a link to the page showing all friends. This is pretty common.
Now, the question.
The code for displaying "more friends" can go either in the Friends controller or the Profile controller. The functions implemented by the friends controller at this time are all accessible only to logged in users. If I chose this solution, I will be mixing private and public functions in the same controller, although each with different access requirements (logged in user and public). The feature will reside at (friends/more/username.html) along with the private management function (at friends/browse.html).
If I chose the Profile controller (at profile/friends/username.html or profile/morefriends/username.html), two public functions will reside in a controller with only public function (at this time).
I suppose this breaks down into two questions: what is the best location the feature should appear at (I know an alias can be setup) and whether it is a good idea to mix controllers with public and private purposes. It seems that if I do the proper authentication for each function, that it would be okay to mix various access levels in the same controller. I'd like to have your opinion on the issue.
