I'm trying to get my head around some of the concepts of REST and I'm
hoping for some clarification.
Lets say I have a site with a resource called 'books'.
1. I understand that there should be only one controller for the books
resource, but how would you typically make certain actions available
only to an authenticated user? Would you add before filters on every
controller you want to restrict? If so, wouldn't that be duplication?
Or is a nice way around the duplication?
2. What if I want to add a resource called 'authors' but want to allow
myself to create authors on the same page that I create books.
Wouldn't that be impossible if they're two separate controllers?