What is the best way to bypass devise authorization for a specific record marked public

后端 未结 2 2143
南笙
南笙 2021-02-13 22:53

I\'m using devise and cancan in a Rails 3.2 project. I have an event model with a boolean flag public. If the event is marked as public

相关标签:
2条回答
  • 2021-02-13 23:31

    No, do not skip authentication. You want to skip authorization. A better solution would be to explicitly authorize events with public => true.

    In your cancan ability class:

    can :read, Event do |e|
      some_other_authorization_boolean || e.public?
    end
    

    This ability would be given to all users; even ones that are not logged in.

    0 讨论(0)
  • 2021-02-13 23:36

    You can do that by skip the authenticate_user! in case of you have this args

      skip_before_filter :authenticate_user!, :only => :show, :if => lambda { 
        if params[:id]
          @event = Event.find(params[:id])
          @event and @event.public?
        else
          false
        end
      }
    
    0 讨论(0)
提交回复
热议问题