What is the best way to bypass devise authorization for a specific record marked public

后端 未结 2 2141
南笙
南笙 2021-02-13 22:53

I\'m using devise and cancan in a Rails 3.2 project. I have an event model with a boolean flag public. If the event is marked as public

2条回答
  •  粉色の甜心
    2021-02-13 23:31

    No, do not skip authentication. You want to skip authorization. A better solution would be to explicitly authorize events with public => true.

    In your cancan ability class:

    can :read, Event do |e|
      some_other_authorization_boolean || e.public?
    end
    

    This ability would be given to all users; even ones that are not logged in.

提交回复
热议问题