Default to using attr_accessible

Rails 3.2.3 makes using attr_accessible the default and makes using the
old sytax for audited cumbersome. This puts the onus having to add additional
options on the users that are not using attr_accessible.

README.md

@@ -174,14 +174,22 @@ company.associated_audits.last.auditable # => #<User name: "Steve Richert">
 
 ## Gotchas
 
-### ActiveRecord Accessible Attributes
+### Accessible Attributes
 
-If your model calls `attr_accessible` after `audited`, you'll need to set the `:protect => false` option. By default, Audited uses `attr_protected` to prevent malicious users from dissociating your audits, but Rails doesn't allow both `attr_protected` and `attr_accessible`.
+Audited assumes you are using `attr_accessible`, however, if you are using `attr_protected` or just going at it unprotected you will have to set the `:allow_mass_assignment => true` option.
+
+If using `attr_protected` be sure to add `audit_ids` to the list of protected attributes to prevent data loss.
+
+```ruby
+class User < ActiveRecord::Base
+  audited :allow_mass_assignment => true
+end
+```
 
 ```ruby
 class User < ActiveRecord::Base
-  audited :protect => false
-  attr_accessible :name
+  audited :allow_mass_assignment => true
+  attr_protected :logins, :audit_ids
 end
 ```
 

lib/audited/auditor.rb

@@ -47,8 +47,6 @@ def audited(options = {})
         # don't allow multiple calls
         return if self.included_modules.include?(Audited::Auditor::AuditedInstanceMethods)
 
-        options = { :protect => accessible_attributes.blank? }.merge(options)
-
         class_attribute :non_audited_columns,   :instance_writer => false
         class_attribute :auditing_enabled,      :instance_writer => false
         class_attribute :audit_associated_with, :instance_writer => false
@@ -68,12 +66,11 @@ def audited(options = {})
         end
 
         attr_accessor :audit_comment
-        unless accessible_attributes.blank? || options[:protect]
+        unless options[:allow_mass_assignment]
           attr_accessible :audit_comment
         end
 
         has_many :audits, :as => :auditable, :class_name => Audited.audit_class.name
-        attr_protected :audit_ids if options[:protect]
         Audited.audit_class.audited_class_names << self.to_s
 
         after_create  :audit_create if !options[:on] || (options[:on] && options[:on].include?(:create))

spec/audited/adapters/active_record/auditor_spec.rb

@@ -461,13 +461,13 @@ class Secret < ::ActiveRecord::Base
 
     it "should not raise error when attr_accessible is set and protected is false" do
       expect {
-        Models::ActiveRecord::UnprotectedUser.new(:name => 'No fail!')
+        Models::ActiveRecord::AccessibleAfterDeclarationUser.new(:name => 'No fail!')
       }.to_not raise_error
     end
 
     it "should not rause an error when attr_accessible is declared before audited" do
       expect {
-        Models::ActiveRecord::AccessibleUser.new(:name => 'No fail!')
+        Models::ActiveRecord::AccessibleAfterDeclarationUser.new(:name => 'No fail!')
       }.to_not raise_error
     end
   end

spec/audited/adapters/mongo_mapper/auditor_spec.rb

@@ -463,13 +463,13 @@ class Secret
 
     it "should not raise error when attr_accessible is set and protected is false" do
       expect {
-        Models::MongoMapper::UnprotectedUser.new(:name => 'No fail!')
+        Models::MongoMapper::AccessibleAfterDeclarationUser.new(:name => 'No fail!')
       }.to_not raise_error
     end
 
     it "should not rause an error when attr_accessible is declared before audited" do
       expect {
-        Models::MongoMapper::AccessibleUser.new(:name => 'No fail!')
+        Models::MongoMapper::AccessibleAfterDeclarationUser.new(:name => 'No fail!')
       }.to_not raise_error
     end
   end

spec/support/active_record/models.rb

@@ -4,7 +4,7 @@
 module Models
   module ActiveRecord
     class User < ::ActiveRecord::Base
-      audited :except => :password
+      audited :allow_mass_assignment => true, :except => :password
 
       attr_protected :logins
 
@@ -18,21 +18,21 @@ class CommentRequiredUser < ::ActiveRecord::Base
       audited :comment_required => true
     end
 
-    class UnprotectedUser < ::ActiveRecord::Base
+    class AccessibleAfterDeclarationUser < ::ActiveRecord::Base
       self.table_name = :users
-      audited :protect => false
+      audited
       attr_accessible :name, :username, :password
     end
 
-    class AccessibleUser < ::ActiveRecord::Base
+    class AccessibleBeforeDeclarationUser < ::ActiveRecord::Base
       self.table_name = :users
       attr_accessible :name, :username, :password # declare attr_accessible before calling aaa
       audited
     end
 
     class NoAttributeProtectionUser < ::ActiveRecord::Base
       self.table_name = :users
-      audited
+      audited :allow_mass_assignment => true
     end
 
     class UserWithAfterAudit < ::ActiveRecord::Base

spec/support/mongo_mapper/models.rb

@@ -15,7 +15,7 @@ class User
       key :logins, Integer, :default => 0
       timestamps!
 
-      audited :except => :password
+      audited :allow_mass_assignment => true, :except => :password
 
       attr_protected :logins
 
@@ -38,7 +38,7 @@ class CommentRequiredUser
       audited :comment_required => true
     end
 
-    class UnprotectedUser
+    class AccessibleAfterDeclarationUser
       include ::MongoMapper::Document
 
       key :name, String
@@ -49,11 +49,11 @@ class UnprotectedUser
       key :logins, Integer, :default => 0
       timestamps!
 
-      audited :protect => false
+      audited
       attr_accessible :name, :username, :password
     end
 
-    class AccessibleUser
+    class AccessibleBeforeDeclarationUser
       include ::MongoMapper::Document
 
       key :name, String
@@ -79,7 +79,7 @@ class NoAttributeProtectionUser
       key :logins, Integer, :default => 0
       timestamps!
 
-      audited
+      audited :allow_mass_assignment => true
     end
 
     class UserWithAfterAudit