class Favorites < Application before :logged_in? before :fetch_allowed_user, :only => [ :show ] only_provides :xml def show only_provides :html @photos = @user.favorite_photos render end def create raise NotAllowed unless request.xhr? @photo = Photo.find params[:id] pf = PhotoFavorite.new :photo_id => @photo.id, :user_id => current_user.id if pf.save render '', :status => 200 else render '', :status => 403 end end def delete raise NotAllowed unless request.xhr? pf = PhotoFavorite.find params[:id], :include => :user if pf.user == current_user and pf.destroy render '', :status => 200 else render '', :status => 403 end end end