Make /user/new handle already logged in users better
[rails.git] / app / controllers / user_preference_controller.rb
index 59573047acc3591e22621f1fb041b99abe3f95d9..377e78313ef3dde90ba92a69d174ce32afa9fc4f 100644 (file)
@@ -1,6 +1,9 @@
 # Update and read user preferences, which are arbitrayr key/val pairs
 class UserPreferenceController < ApplicationController
+  skip_before_filter :verify_authenticity_token
   before_filter :authorize
+  before_filter :require_allow_read_prefs, :only => [:read_one, :read]
+  before_filter :require_allow_write_prefs, :except => [:read_one, :read]
 
   def read_one
     pref = UserPreference.find(@user.id, params[:preference_key])