I have a user model that I am protecting using a ‘before_update
:authorize’ filter. The authorize function basically ensures that the
user is authenticated and that they have sufficient permissions (checks
user’s role) to perform the modification. There is one field, however,
that I would like to exclude from this callback. When a user signs up
for a new account they need to follow a link that is emailed to them in
order to fully activate their account. When they follow the link it
will change the state of the new account to enabled. The problem is
that they are obviously not yet logged in so the ‘before_update
:authorize’ fails when attempting to change the ‘enabled’ field on the
I’ve hit a bit of a wall in trying to figure out a way to exclude a
specific field from triggering that callback when it is modified.
Anyone have an elegant solution to this problem?