conditional model callbacks


so you've got

def authorize   # checks here may return false end

So why not have a method like this:

def activate(token)   return false if some_check_that_token_is_valid == false   @activate_called = true   update_attribute(:your_enabled_field, 'enabled') # whatever end

and change authorize to do:

def authorize   return true if @activate_called # skip checks - we're activating   # checks that may return false end

Then you make sure your controller method that calls model.activate doesn't (at the same time) set any other attributes from params (otherwise users could potentially sneak in other attribute changes without your checks - remember update_attribute may *look* like only one field is being written to the DB but *all* fields are).

Note - I've not actually tested any of this - but it's one way to approach the problem.

HTH, Trevor