Why does a view I think I made public, still prompt me for login? - Rails3 + decl_auth

This is my authorization_rules.rb:

role :guest do
    has_permission_on [:paying_users], :to => [:index]
end

This is my paying_users.rb controller:

class PayingUsersController < ApplicationController
    filter_resource_access

    def index
        @users = User.all
    end

end

This is my routes.rb, the relevant parts anyway:

resources :paying_users

When I go to myapp.com/paying_users it still redirects to me login page, even though I want it to not do that.

How do I fix this?

Using declarative_authorization to handle authorization.

All I had to do was add a before_filter before my filter_resource_access like so:

before_filter :authenticate_user!, :except => :index