When executing permit with just a key that points to a hash, DO NOT allow all the hash

params.require(:person).permit(:projects_attributes) was returning
=> {"projects_attributes"=>{"0"=>{"name"=>"Project 1"}}}

When should return
=> {}

You should be doing ...
params.require(:person).permit(projects_attributes: :name)
to get just the projects attributes you want to allow

1 files changed, 5 insertions, 1 deletions

diff --git a/actionpack/test/controller/parameters/nested_parameters_test.rb b/actionpack/test/controller/parameters/nested_parameters_test.rb
index 41f5b6e127..d287e79cba 100644
--- a/actionpack/test/controller/parameters/nested_parameters_test.rb
+++ b/actionpack/test/controller/parameters/nested_parameters_test.rb
@@ -15,18 +15,22 @@ class NestedParametersTest < ActiveSupport::TestCase
         details: {
           pages: 200,
           genre: "Tragedy"
+        },
+        id: {
+          isbn: 'x'
         }
       },
       magazine: "Mjallo!"
     })
 
-    permitted = params.permit book: [ :title, { authors: [ :name ] }, { details: :pages } ]
+    permitted = params.permit book: [ :title, { authors: [ :name ] }, { details: :pages }, :id ]
 
     assert permitted.permitted?
     assert_equal "Romeo and Juliet", permitted[:book][:title]
     assert_equal "William Shakespeare", permitted[:book][:authors][0][:name]
     assert_equal "Christopher Marlowe", permitted[:book][:authors][1][:name]
     assert_equal 200, permitted[:book][:details][:pages]
+    assert_nil permitted[:book][:id]
     assert_nil permitted[:book][:details][:genre]
     assert_nil permitted[:book][:authors][0][:born]
     assert_nil permitted[:magazine]