If the resource has always the same return schema and just needs different behaviours, in this case filters to be applied, I would recommend a query parameter: /inventory?list=all vs /inventory?list=active. (The second one might be the default behaviour for /inventory without a parameter).

For list=all or list=inactive you'd check admin permissions and reject the request with a 403 if not authorised.

If the responses in the two contexts actually have different return schemas, i.e. if only the admin one included the status and the links to item editor and preview, then indeed these should be separate endpoints (backed by different controllers). Whether you put them on different subpaths or on different subdomains does not really matter.