We're migrating capabilities to a centralized location, which happens to be Rails based. All of the resources are protected with CanCan and Devise, but I needed a single controller method to not be protected.
Disabling the CanCan portion was easy:
skip_authorize_resource :only => :uri
Disabling Devise took a bit more work:
skip_before_filter :authenticate_user!, :only => :uri
Now, requests to the
:uri method won't need to be authenticated.