Rails controller design question

Let’s say you have an InvitatationsController, which is responsible
for managing invitations. it’s not completely REST, because the way
invitations work are not quite CRUD.

Anyway, these invitations are secured because want people who are
already authenticated to send invitations to other users. However, the
page that setups an account when a person is invited is NOT secure,
and it also requires a different layout.

Is appropriate to merge all of these behaviours in the same
InvitationsController, or is better to have a
SecuredInvitationsController and a regular InvitationsController?

In Java, I’d split them… just because it was a hassle to configure
it to use the same controller using annotations. Does the same logic
apply in Rails, or should we keep it all together?