Some basic questions about REST

I'm trying to get my head around some of the concepts of REST and I'm
hoping for some clarification.

Lets say I have a site with a resource called 'books'.
1. I understand that there should be only one controller for the books
resource, but how would you typically make certain actions available
only to an authenticated user? Would you add before filters on every
controller you want to restrict? If so, wouldn't that be duplication?
Or is a nice way around the duplication?

2. What if I want to add a resource called 'authors' but want to allow
myself to create authors on the same page that I create books.
Wouldn't that be impossible if they're two separate controllers?

I'm trying to get my head around some of the concepts of REST and I'm
hoping for some clarification.

Lets say I have a site with a resource called 'books'.
1. I understand that there should be only one controller for the books
resource, but how would you typically make certain actions available
only to an authenticated user? Would you add before filters on every
controller you want to restrict? If so, wouldn't that be duplication?
Or is a nice way around the duplication?

Add the before_filter method at the ApplicationController and do all
the authentication their. See
if the request is worthy to access a controller and an action or not.
That way you would be staying DRY.

2. What if I want to add a resource called 'authors' but want to allow
myself to create authors on the same page that I create books.
Wouldn't that be impossible if they're two separate controllers?

That's probably simpler also. I think

link_to :controller => :author, :action => :create

would do the job.

Anybody to rectify?

To create an author and a book on the same page I would use just the one form and use stuff like:

<%= text_field “author”, “first_name” %>

for the author and

<%= text_field “book”, “title” %>

for the book

which will then be passed in with params[:author] and params[:book] respectively.

In your controller you can then:

@author = Author.create!(params[:author])
@book = @author.books.create!
(params[:book])

You can build a page to alter both authors and books just remember that
this should be in addition to the architecture but not part of the core.
According to the ROA as specified in RESTful Web Services all resources
must be addressable.