There is an example in Rails documentation that suggests implementing
assign_attributes method for ActiveModel interface, that by default
sends option role with nil. Since mass_assignment_authorizer never
is called without args, we can move the default value internally.
The problem: We need to be able to specify configuration in a way that
can be inherited to models that include ActiveRecord::Model. So it is
no longer sufficient to put 'top level' config on ActiveRecord::Base,
but we do want configuration specified on ActiveRecord::Base and
descendants to continue to work.
So we need something like class_attribute that can be defined on a
module but that is inherited when ActiveRecord::Model is included.
The solution: added ActiveModel::Configuration module which provides a
config_attribute macro. It's a bit specific hence I am not putting this
in Active Support or making it a 'public API' at present.
Problems with current example:
* DOESN'T WORK
** attr_protected :last_login, :as => :admin # doesn't make it accessible for admin
* Uses ActiveSupport Fixnum extension
Added an ability to specify your own behavior on mass assingment
protection, controlled by option:
ActiveModel::MassAssignmentSecurity.mass_assignment_sanitizer
