From a high-level, how do I allow non-logged in users to do certain things in my app - Rails 3

As a non-logged in user, you can see one specific action of a model.

E.g. see: http://compversions.com/stages/40/compare?ck=o3NJC18Kj0LPe-vOpBfw&sk=rZFmkaDkN2U7cCx_69OT

However, if you try to add any comments or vote up or down any of the image, it doesn't allow you to do so.

How would I approach this ?

I know the simple answer is just to add an bef开发者_运维问答ore_filter :except => :create on my Comments controller, but is that the only way ? That seems like using a sledgehammer to kill an ant. That would allow any non-logged in user to leave any comment (and access other comments) throughout my app, no ?

How do I restrict it to this one model (stage) and action (compare)?

Thanks.

P.S. I am using devise & decl_auth for authentication and authorization respectively.

If you have a designer upload and image, then when that image is saved, you can generate a token and associate that to the image. Then when you send the email, add the token to the URL in the email as a query parameter. When the client clicks the link, you can capture the token parameter and only allow comments if that token is a match.