small medium large xlarge

25 Apr 2010, 17:36
Thuy Tran (8 posts)

On page 173, it says that you can “whitelist” methods or controllers.

How does one whitelist only certain methods so that authorize isn’t called on them?

For example, what if I want everyone to be able to create a new user but only admins can edit them? Both the new and edit methods are in the same controller. How do I do this without repeating code from ApplicationController?

You must be logged in to comment