acts_as_audited security update
Thanks to Michael Schuerig for pointing out that malicious users could unassociate your audit records due to the use of
has\_many in acts\_as\_audited.
has\_many :audits creates an attribute accessor called
audit\_ids on the model objects that you declare acts\_as\_audited, which could allow users to pass an array of ids that would overwrite the actual audit records.