so you've got
# checks here may return false
So why not have a method like this:
return false if some_check_that_token_is_valid == false
@activate_called = true
update_attribute(:your_enabled_field, 'enabled') # whatever
and change authorize to do:
return true if @activate_called # skip checks - we're activating
# checks that may return false
Then you make sure your controller method that calls model.activate
doesn't (at the same time) set any other attributes from params
(otherwise users could potentially sneak in other attribute changes
without your checks - remember update_attribute may *look* like only
one field is being written to the DB but *all* fields are).
Note - I've not actually tested any of this - but it's one way to
approach the problem.