Merge pull request #34891 from gmcgibbon/ac_params_exists

Allow strong params in ActiveRecord::Base#exists?

4 files changed, 31 insertions, 0 deletions

diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md
index e468cc3169..f1a5e58da6 100644
--- a/activerecord/CHANGELOG.md
+++ b/activerecord/CHANGELOG.md
@@ -1,3 +1,8 @@
+
+*   Allow `ActionController::Params` as argument of `ActiveRecord::Base#exists?`.
+
+    *Gannon McGibbon*
+
 *   Add support for endless ranges introduces in Ruby 2.6.
 
     *Greg Navis*
diff --git a/activerecord/lib/active_record/relation/finder_methods.rb b/activerecord/lib/active_record/relation/finder_methods.rb
index dc03b196f4..fd84f9c46b 100644
--- a/activerecord/lib/active_record/relation/finder_methods.rb
+++ b/activerecord/lib/active_record/relation/finder_methods.rb
@@ -312,6 +312,8 @@ module ActiveRecord
 
       return false if !conditions || limit_value == 0
 
+      conditions = sanitize_forbidden_attributes(conditions)
+
       if eager_loading?
         relation = apply_join_dependency(eager_loading: false)
         return relation.exists?(conditions)
diff --git a/activerecord/test/cases/finder_test.rb b/activerecord/test/cases/finder_test.rb
index 961ae03a4c..1c53362bac 100644
--- a/activerecord/test/cases/finder_test.rb
+++ b/activerecord/test/cases/finder_test.rb
@@ -21,6 +21,7 @@ require "models/dog"
 require "models/car"
 require "models/tyre"
 require "models/subscriber"
+require "support/stubs/strong_parameters"
 
 class FinderTest < ActiveRecord::TestCase
   fixtures :companies, :topics, :entrants, :developers, :developers_projects, :posts, :comments, :accounts, :authors, :author_addresses, :customers, :categories, :categorizations, :cars
@@ -224,6 +225,14 @@ class FinderTest < ActiveRecord::TestCase
     assert_equal true, Subscriber.exists?("   ")
   end
 
+  def test_exists_with_strong_parameters
+    assert_equal false, Subscriber.exists?(Parameters.new(nick: "foo"))
+
+    Subscriber.create!(nick: "foo")
+
+    assert_equal true, Subscriber.exists?(Parameters.new(nick: "foo"))
+  end
+
   def test_exists_passing_active_record_object_is_not_permitted
     assert_raises(ArgumentError) do
       Topic.exists?(Topic.new)
diff --git a/activerecord/test/support/stubs/strong_parameters.rb b/activerecord/test/support/stubs/strong_parameters.rb
new file mode 100644
index 0000000000..acba3a4504
--- /dev/null
+++ b/activerecord/test/support/stubs/strong_parameters.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+class Parameters
+  def initialize(parameters = {})
+    @parameters = parameters.with_indifferent_access
+  end
+
+  def permitted?
+    true
+  end
+
+  def to_h
+    @parameters.to_h
+  end
+end