Please refer to the ActiveModel MassAssignmentSecurity api for this.
I’m on Rails3.2.3/Ruby1.9.3 and trying to use that technique in the controller as described. It is supposed to dynamically restrict the attributes that can be mass assigned. However, sanitize_for_mass_assignment is ignoring the scope and using the default attr_accessible instead.
Is anyone else seeing this problem? Or has anyone successfully implemented it the way the docs describe? Seems like it’s not working as advertised.