From fa0380cb4a7f08909e961a8e355c70ba3a676253 Mon Sep 17 00:00:00 2001
From: Xavier Noria <fxn@hashref.com>
Date: Mon, 23 Dec 2013 22:55:03 +0100
Subject: [PATCH] AC::Parameters#permit! permits hashes in array values

---
 actionpack/CHANGELOG.md                            |  4 ++++
 .../action_controller/metal/strong_parameters.rb   |  6 ++++--
 .../parameters/parameters_permit_test.rb           | 14 +++++++++++---
 3 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index 30b643c791..3e3df19a84 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,3 +1,7 @@
+*   `ActionController::Parameters#permit!` permits hashes in array values.
+
+    *Xavier Noria*
+
 *   Converts hashes in arrays of unfiltered params to unpermitted params.
 
     Fixes #13382
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index 41be1b121e..48a916f2b1 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -157,8 +157,10 @@ def permitted?
     #   Person.new(params) # => #<Person id: nil, name: "Francesco">
     def permit!
       each_pair do |key, value|
-        convert_hashes_to_parameters(key, value)
-        self[key].permit! if self[key].respond_to? :permit!
+        value = convert_hashes_to_parameters(key, value)
+        Array.wrap(value).each do |_|
+          _.permit! if _.respond_to? :permit!
+        end
       end
 
       @permitted = true
diff --git a/actionpack/test/controller/parameters/parameters_permit_test.rb b/actionpack/test/controller/parameters/parameters_permit_test.rb
index 9c1828e9aa..33a91d72d9 100644
--- a/actionpack/test/controller/parameters/parameters_permit_test.rb
+++ b/actionpack/test/controller/parameters/parameters_permit_test.rb
@@ -8,9 +8,16 @@ def assert_filtered_out(params, key)
   end
 
   setup do
-    @params = ActionController::Parameters.new({ person: {
-      age: "32", name: { first: "David", last: "Heinemeier Hansson" }
-    }})
+    @params = ActionController::Parameters.new(
+      person: {
+        age: '32',
+        name: {
+          first: 'David',
+          last: 'Heinemeier Hansson'
+        },
+        addresses: [{city: 'Chicago', state: 'Illinois'}]
+      }
+    )
 
     @struct_fields = []
     %w(0 1 12).each do |number|
@@ -233,6 +240,7 @@ def assert_filtered_out(params, key)
     assert @params.permitted?
     assert @params[:person].permitted?
     assert @params[:person][:name].permitted?
+    assert @params[:person][:addresses][0].permitted?
   end
 
   test "permitted takes a default value when Parameters.permit_all_parameters is set" do
-- 
GitLab