What would be the best way to allow users to use a personal link that allows everyone who clicks on it to view a specific page / document / item with privacy restrictions in place?
In my case:
The user creates events that are limited to certain groups of relations in the database (namely: friends, friends of friends, etc.) I have : before_filter in the event controller, which checks the validity of the current user to make sure that this user has permission to view the event. If they do not, they are loaded on the root page with an error message.
However, I want a special scenario where a user could create an event with the same privacy and IN ADDITION parameters, be able to share a special link with his friends via email, facebook, etc. users do NOT need an account (but will need to do it in order to register for the event). This is important because application_controller also has: before_filter, which ensures that the user is logged in.
I think there is something here that I could do with routing ... Now I just have a simple setup / events / 72. If each event has two different links: the regular one and the version of the "special code" that allows them to bypass these two: before_filter?
What do people think?
security ruby ruby-on-rails privacy
Jackca
source share