diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php
index 67292b6c..5b52fda2 100644
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@@ -42,10 +42,17 @@ class AppController extends Controller {
 
 	public $uses = array('Developer');
 
+	public $whitelist = array(
+		'developers',
+		'pages',
+		'incidents' => array(
+			'create',
+		),
+	);
+
 	public function beforeFilter() {
 		$params = $this->params->params;
 		$controller = $params["controller"];
-		$action = $params["action"];
     $this->set('current_controller', $controller);
 
 		if ($this->Session->read('Developer.id')) {
@@ -57,13 +64,25 @@ public function beforeFilter() {
 			$this->set('developer_signed_in', true);
 		} else {
 			$this->set('developer_signed_in', false);
+			$this->_checkAccess();
+		}
+	}
 
-			if ($controller !== "pages" && $controller !== "developers" &&
-					!($action === "create" && $controller === "incidents")) {
-				$this->Session->setFlash("You need to be signed in to do this", "default",
-						array("class" => "alert alert-error"));
-				return $this->redirect("/");
-			}
+	protected function _checkAccess() {
+		$params = $this->params->params;
+		$controller = $params["controller"];
+		$action = $params["action"];
+
+		if (in_array($controller, $this->whitelist)) {
+			return;
 		}
+		if (isset($this->whitelist[$controller]) &&
+				in_array($action, $this->whitelist[$controller])) {
+			return;
+		}
+
+		$this->Session->setFlash("You need to be signed in to do this", "default",
+				array("class" => "alert alert-error"));
+		return $this->redirect($this->referer());
 	}
 }