def content_types_provided [["application/json", :to_json]] end def resource_exists? order end def is_authorized?(authorization_header) basic_auth(authorization_header, "My Application") do |username, password| @user = User.auth!(username, password)
[email protected]? end end def forbidden? order.allow?(@user) end def to_json order.to_json end private def order @order ||= Order.find(id) end def id request.path_info[:id] end end 401 Unauthorized 403 Forbidden