I'm using devise and cancan in a Rails 3.2 project. I have an event model with a boolean flag public. If the event is marked as public => true then I want anybody, signed in or not to be able to access the record with
GET /events/:id
If it is marked as public => false then a series of cancan abilities will decide authorization and access to the above resource.
What is the best pattern for achieving this?
You can do that by skip the authenticate_user! in case of you have this args
skip_before_filter :authenticate_user!, :only => :show, :if => lambda {
if params[:id]
@event = Event.find(params[:id])
@event and @event.public?
else
false
end
}