My rails 3 app only needs a single user login per account (e.g., no roles). I'm using Devise and am very happy with it.

But my users needs to be able to share a few of the screens (status reports mostly) with other managers who do not need or want login accounts...

I was thinking of creating and storing a guid for each such 'external' report (unique for each account+report) so a link such as

http://myapp.mydomain.com/pagename?token=GUID_GOES_HERE

would access that page (but ONLY that page)

Questions:

a) is there a way to allow the logged-in account user to access a page but ALSO allow a guid to bypass the devise authentication

b) is there a better way for account Users (say, a regional manager) to share certain report screens with non-logged-in users (say, store managers)?

If those pages do not require login then they aren't they truly public pages? Sounds to me like you should create a new controller that does not require login but requires the token. the route could be something like,

get 'public_reports/:token' => 'public_reports#view'

And the controller action would find that report based off the token and render the appropriate view..

class PublicReport < ApplicationController
    skip_before_filter :authenticate_user!, :only => [:view]

  def view
    @report = Report.find_by_token(params[:token])
    if @report
      #render view...
    else
      #render report_missing view
    end
  end

end