allowing authorization to be done on a per-action basis without worring
about the method. This should make the user API work.
Also do a lot of cleanup of the controllers.
that we aren't duplicating everything in the user controller.
This also makes per-user RSS feeds work, and makes links to specific posts
work properly so that the RSS feeds behave sensibly.
