What is the best way to bypass devise authorization for a specific record marked public

Question

I\'m using devise and cancan in a Rails 3.2 project. I have an event model with a boolean flag public. If the event is marked as public

Answer 1

No, do not skip authentication. You want to skip authorization. A better solution would be to explicitly authorize events with public => true.

In your cancan ability class:

can :read, Event do |e|
  some_other_authorization_boolean || e.public?
end

This ability would be given to all users; even ones that are not logged in.

Answer 2

You can do that by skip the authenticate_user! in case of you have this args

  skip_before_filter :authenticate_user!, :only => :show, :if => lambda { 
    if params[:id]
      @event = Event.find(params[:id])
      @event and @event.public?
    else
      false
    end
  }