tag:opensoul.org,2008:/2006/9/7/acts_as_audited-security-update/comments Mephisto Drax 2008-08-01T16:26:56Z FrankL tag:opensoul.org,2006-09-07:620:7004 2008-08-01T16:26:56Z 2008-08-01T16:26:56Z <p>Zac,</p> <p>It isn’t just a test stopper. I have a model to audit that bombs in the run because it has several attr_accessible attributes.</p> Zac tag:opensoul.org,2006-09-07:620:6617 2008-06-25T22:20:49Z 2008-06-25T22:20:49Z <p>it <strong>appears</strong> that the introduction of the attr_protected :audit_ids, wreaks havoc on my test suite. When the acts_as_audited plugin is used in conjunction with the restful_authentication plugin (and you are auditing the User model), all of the tests bomb with the following error:</p> <p>RuntimeError: Declare either attr_protected or attr_accessible for User, but not both.</p> <p>If I comment out the attr_protected :audit_ids line in the acts_as_audited.rb file, then the errors go away. I am trying to figure out a way to fix this without leaving the security hole mentioned above, but I wanted to throw this out there to see if anyone else had run into this, and could offer a possible solution.</p>