What is the best way to bypass devise authorization for a specific record marked public

bradgonesurfing picture bradgonesurfing · Mar 5, 2012 · Viewed 11.7k times · Source

I'm using devise and cancan in a Rails 3.2 project. I have an event model with a boolean flag public. If the event is marked as public => true then I want anybody, signed in or not to be able to access the record with

GET /events/:id

If it is marked as public => false then a series of cancan abilities will decide authorization and access to the above resource.

What is the best pattern for achieving this?

Answer

shingara picture shingara · Mar 5, 2012

You can do that by skip the authenticate_user! in case of you have this args

  skip_before_filter :authenticate_user!, :only => :show, :if => lambda { 
    if params[:id]
      @event = Event.find(params[:id])
      @event and @event.public?
    else
      false
    end
  }