You have a webshop and the customers can view the products but they shouldn’t be able to edit or create a product.
So the only action you want to have in the ProductsController is index.
In order to give the admin full control over the products it’s better to provide him a different controller.

Add a namespace to the routes so the url will also be different for the admin. Instead of /products it will be /admin/products.

Rails.application.routes.draw do
  namespace :admin do
    resources :products

Now rails expects a Admin::ProductsController to be in /app/controllers/admin

class Admin::ProductsController < ApplicationController
  def index
    @products = Product.all
# Rest of your code...

And as you can guess, the view for the admin will be in /app/views/admin/products

- @products.each do |product|

Check out the Rails docs for more info about scopes.