authenticate_user! and allow belongs_to associated devise model to update params?

I want to allow an affiliate devise model to update a users devise models commission param.

I have a User model:

  belongs_to :affiliate, optional: true

And an Affiliate model:

  has_many :users

I then have a table for users with forms in which an affiliate or admin can update. Although, I would like to keep the authenticate_user! but I can't seem to figure it out correctly

I have tried in the UsersController:


def make_sure_affiliate_user
  authenticate_user! || current_affiliates.user

before_action :authenticate_user!, :only => [:edit, :new, :add_user ]
before_action :make_sure_affiliate_user, :only => [:update]

Tried plural or not.

I want an affiliate to be able to change the :commission param on a users tables if the user is associated with.

How can I create that correct association within the method?

For example and instance, I can found orders of an affiliate users with this:

Order.all.where(seller: current_affiliate.users )

But even that didn't work.

Also, how can I specify the affiliate only being able to update the one param for security purposes?