acts_as_audited security update
Thanks to Michael Schuerig for pointing out that malicious users could unassociate your audit records due to the use of
has_many in acts_as_audited.
has_many :audits creates an attribute accessor called
audit_ids on the model objects that you declare acts_as_audited, which could allow users to pass an array of ids that would overwrite the actual audit records.