In our workplace app, most models are used by different code paths (e.g. a
customer and internal user creating the same resource). Using attr_accessible,
all we could do is to permit a large set of attributes except the ones
explicitly assigned by the system (a lousy example, created_