jamesdabbs
commented
9 years ago Slight problem with this patch, in that it would require users to log in before GET'ing the show pages for those various resources. The spirit of the fix, however, is added in f6b95e8.
Logged in users could see edit pages, but submitting would fail because POST goes to a different request. These are now explicitly authorized to be called by logged in users. Even if one later changes the authorizations for editing, it is better to state these ecplicitly.
Fixes #37