I would suggest only displaying the posts that have a "published" field (make this a boolean called :published. on the admin side, have it run so that only the admin can see that field and if they check the check box, the post is then "published" and viewable by everyone.
in terminal
rails g migration add_published_to_posts
in your migration file
class AddPublishedToPosts < ActiveRecord::Migration
def change
add_column :posts, :published, :boolean
end
end
in terminal
rake db:migrate
then in your posts index method (in the posts controller)
@posts = Post.where(:published => true)
I'm not going to write out the form for you, but you get the idea...
I would also investigate Devise as gem for setting up authorization for the admin.