Why can I NOT access an action for a controller that I leave out of filter_access_to statement in Rails 3?

I am using declarative_authorization and I have the following in a controller:

filte开发者_开发技巧r_access_to :index, :new, :edit, :step, :create, :update, :destroy

There are two actions left out. :show, :compare. However, when I go to the URL for either of those actions, it sends me to the login screen.

Why is this ?

Shouldn't the actions that were left out, allow me to see it when I am not logged in, given that there are no other filters on that controller (except for maybe anything inherited from the ApplicationsController) ?

That shouldn't have to do with declarative_authorization ... thats Devise's (or whatever your authentication mechanism is) domain. Instead, modify the before_filter that checks if the user is authenticated to include an exception for the action(s) you want skipped.

eg. change before_filter :authenticate_user! to before_filter :authenticate_user!, :except=>[:public_action, :other_public_action].

Also, if your before_filter is set inside your application controller, you can just override it inside of the controller you want to have the exception(s) and make the mods there.