Update part-two.rst

The doc says "Now if you try to view, edit or delete a bookmark that does not belong to you, you should be redirected back to the page you came from.", but it's not, it redirects to users/login. Keeping loginAction and adding unauthorizedRedirect as a referer fallback works better according to the previous description in this tutorial.