Your constraint is slightly wrong. Unless you are settings "request.session[:token]" somewhere else in your code, chances are it's going to be nil. What you most likely want to check for is "request.params[:token]" which will match the token in the URL.
You also have it backwards. The constraint would currently only ALLOW assets and admin. You need to negate that statement. Fix those 2 issues and you should be in business. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/tekiOBqzguYJ. To post to this group, send email to rubyonrails-talk@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.