…each the model.
Tests use :facebook_token as an example of a protected attribute, but
any attribute which exists in the database but shouldn't be editable by
the user-facing form works.
Currently this is protected against by attr_accessible whitelisting on
Whitelisting uses ActiveModel::MassAssignmentSecurity rather than
per-model attr_accessible, so that different sets of attributes can be
used in different contexts, and mass-assignment of non-user-submitted
attributes can be used from application code.