- before_filter :authorize
-
- def read_one
- pref = UserPreference.find(@user.id, params[:preference_key])
-
- if pref
- render :text => pref.v.to_s
- else
- render :text => 'OH NOES! PREF NOT FOUND!', :status => 404
- end
- end
-
- def update_one
- begin
- pref = UserPreference.find(@user.id, params[:preference_key])
- pref.v = request.raw_post.chomp
- pref.save
- rescue ActiveRecord::RecordNotFound
- pref = UserPreference.new
- pref.user = @user
- pref.k = params[:preference_key]
- pref.v = request.raw_post.chomp
- pref.save
- end
-
- render :nothing => true
- end
-
- def delete_one
- UserPreference.delete(@user.id, params[:preference_key])
-
- render :nothing => true
- end
-
- # print out all the preferences as a big xml block
+ skip_before_action :verify_authenticity_token
+ before_action :authorize
+ before_action :require_allow_read_prefs, :only => [:read_one, :read]
+ before_action :require_allow_write_prefs, :except => [:read_one, :read]
+ around_action :api_call_handle_error
+
+ ##
+ # return all the preferences as an XML document