I’ve been finishing up an application that has a number of custom controller actions. All except one action – the approved action – require user authorization before retrieving any information from the database.
Specifically, I wanted to authentication the administrator for all actions except the approved action for both JSON and XML responses (but not HTML responses).
Here’s how to do it in Rails 3: