What is the best way to bypass devise authorization for a specific record marked public

ruby-on-rails devise cancan
bradgonesurfing picture bradgonesurfing · Mar 5, 2012 · Viewed 11.7k times · Source

I'm using devise and cancan in a Rails 3.2 project. I have an event model with a boolean flag public. If the event is marked as public => true then I want anybody, signed in or not to be able to access the record with

GET /events/:id

If it is marked as public => false then a series of cancan abilities will decide authorization and access to the above resource.

What is the best pattern for achieving this?

Answer

shingara picture shingara · Mar 5, 2012

You can do that by skip the authenticate_user! in case of you have this args

  skip_before_filter :authenticate_user!, :only => :show, :if => lambda { 
    if params[:id]
      @event = Event.find(params[:id])
      @event and @event.public?
    else
      false
    end
  }

Related questions

How to do integration testing with RSpec and Devise/CanCan?

If I have a Devise model User, of which only those users with role :admin are allowed to view a certain url, how can I write an RSpec integration test to check that the status returns 200 for that url? def …

Read More
Cannot test with rspec controller POST create action( devise and cancan)

I am having difficulty getting a rspec test for a controller to pass. I would like to test that the POST create action works. I am using rails (3.0.3), cancan (1.4.1), devise (1.1.5), rspec (2.3.0) The model is dead simple class Account < ActiveRecord::…

Read More
How can I redirect a user's home (root) path based on their role using Devise?

I'm working on a project management app, and in the app, I have project_managers and clients. I'm using Devise and CanCan for authentication/authorization. At what point after login should I be redirecting the user to their own specific …

Read More