I’ll echo Justin in keeping it part of the individual controllers.

You should setup some kind of authorization system that the individual controllers can use to so who is logged in (username) and what access they have (admin/member/etc). Here’s a SO thread on CodeIgniter Auth Classes.

The view would then conditionally show the appropriate links, and the controller would enforce the policy by checking the auth before passing any data to the model or rendering an edit view. On unauthorized access an error could be rendered, or simply render with the non-editing view.

This approach seems to make the most sense (at least to me) because all the functionality is stored in the individual controller. Keeping admin functions in a single admin controller means you’ll have to manage two controllers (the admin, and the actual controller) every time you add somethign new (or remove something).

If you’re concerned about putting auth checking in every controller, you could create a generic controller class with all the auth setup, then have your controllers extend it. In the end the individual controller auth check could be as simple as:

function edit()
{
    if(!$this->auth()){
        //display auth error, or forward to view page
    }
}

Of course some kind of ACL implementation would make this better, but I don’t believe CodeIgniter has an ‘official’ ACL.