I'm trying to get my head around some of the concepts of REST and I'm
hoping for some clarification.
Lets say I have a site with a resource called 'books'.
1. I understand that there should be only one controller for the books
resource, but how would you typically make certain actions available
only to an authenticated user? Would you add before filters on every
controller you want to restrict? If so, wouldn't that be duplication?
Or is a nice way around the duplication?
2. What if I want to add a resource called 'authors' but want to allow
myself to create authors on the same page that I create books.
Wouldn't that be impossible if they're two separate controllers?
I'm trying to get my head around some of the concepts of REST and I'm
hoping for some clarification.
Lets say I have a site with a resource called 'books'.
1. I understand that there should be only one controller for the books
resource, but how would you typically make certain actions available
only to an authenticated user? Would you add before filters on every
controller you want to restrict? If so, wouldn't that be duplication?
Or is a nice way around the duplication?
Add the before_filter method at the ApplicationController and do all
the authentication their. See
if the request is worthy to access a controller and an action or not.
That way you would be staying DRY.
2. What if I want to add a resource called 'authors' but want to allow
myself to create authors on the same page that I create books.
Wouldn't that be impossible if they're two separate controllers?
You can build a page to alter both authors and books just remember that
this should be in addition to the architecture but not part of the core.
According to the ROA as specified in RESTful Web Services all resources
must be addressable.