1 files changed, 52 insertions, 15 deletions

diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index ad3c765d9e..f9b80dd805 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -109,7 +109,7 @@ module ActionController
     cattr_accessor :permit_all_parameters, instance_accessor: false
     cattr_accessor :action_on_unpermitted_parameters, instance_accessor: false
 
-    delegate :keys, :key?, :has_key?, :values, :has_value?, :value?, :empty?, :include?, :inspect,
+    delegate :keys, :key?, :has_key?, :values, :has_value?, :value?, :empty?, :include?,
       :as_json, to: :@parameters
 
     # By default, never raise an UnpermittedParameters exception if these
@@ -144,17 +144,21 @@ module ActionController
     end
 
     # Returns true if another +Parameters+ object contains the same content and
-    # permitted flag, or other Hash-like object contains the same content. This
-    # override is in place so you can perform a comparison with `Hash`.
-    def ==(other_hash)
-      if other_hash.respond_to?(:permitted?)
-        super
+    # permitted flag.
+    def ==(other)
+      if other.respond_to?(:permitted?)
+        self.permitted? == other.permitted? && self.parameters == other.parameters
+      elsif other.is_a?(Hash)
+        ActiveSupport::Deprecation.warn <<-WARNING.squish
+          Comparing equality between `ActionController::Parameters` and a
+          `Hash` is deprecated and will be removed in Rails 5.1. Please only do
+          comparisons between instances of `ActionController::Parameters`. If
+          you need to compare to a hash, first convert it using
+          `ActionController::Parameters#new`.
+        WARNING
+        @parameters == other.with_indifferent_access
       else
-        if other_hash.is_a?(Hash)
-          @parameters == other_hash.with_indifferent_access
-        else
-          @parameters == other_hash
-        end
+        @parameters == other
       end
     end
 
@@ -180,6 +184,13 @@ module ActionController
     # Returns an unsafe, unfiltered
     # <tt>ActiveSupport::HashWithIndifferentAccess</tt> representation of this
     # parameter.
+    #
+    #   params = ActionController::Parameters.new({
+    #     name: 'Senjougahara Hitagi',
+    #     oddity: 'Heavy stone crab'
+    #   })
+    #   params.to_unsafe_h
+    #   # => {"name"=>"Senjougahara Hitagi", "oddity" => "Heavy stone crab"}
     def to_unsafe_h
       convert_parameters_to_hashes(@parameters, :to_unsafe_h)
     end
@@ -426,6 +437,21 @@ module ActionController
       )
     end
 
+    if Hash.method_defined?(:dig)
+      # Extracts the nested parameter from the given +keys+ by calling +dig+
+      # at each step. Returns +nil+ if any intermediate step is +nil+.
+      #
+      # params = ActionController::Parameters.new(foo: { bar: { baz: 1 } })
+      # params.dig(:foo, :bar, :baz) # => 1
+      # params.dig(:foo, :zot, :xyz) # => nil
+      #
+      # params2 = ActionController::Parameters.new(foo: [10, 11, 12])
+      # params2.dig(:foo, 1) # => 11
+      def dig(*keys)
+        convert_value_to_parameters(@parameters.dig(*keys))
+      end
+    end
+
     # Returns a new <tt>ActionController::Parameters</tt> instance that
     # includes only the given +keys+. If the given +keys+
     # don't exist, returns an empty hash.
@@ -574,6 +600,10 @@ module ActionController
       dup
     end
 
+    def inspect
+      "<#{self.class} #{@parameters} permitted: #{@permitted}>"
+    end
+
     def method_missing(method_sym, *args, &block)
       if @parameters.respond_to?(method_sym)
         message = <<-DEPRECATE.squish
@@ -593,12 +623,14 @@ module ActionController
     end
 
     protected
+      attr_reader :parameters
+
       def permitted=(new_permitted)
         @permitted = new_permitted
       end
 
       def fields_for_style?
-        @parameters.all? { |k, v| k =~ /\A-?\d+\z/ && v.is_a?(Hash) }
+        @parameters.all? { |k, v| k =~ /\A-?\d+\z/ && (v.is_a?(Hash) || v.is_a?(Parameters)) }
       end
 
     private
@@ -724,6 +756,10 @@ module ActionController
         end
       end
 
+      def non_scalar?(value)
+        value.is_a?(Array) || value.is_a?(Parameters)
+      end
+
       EMPTY_ARRAY = []
       def hash_filter(params, filter)
         filter = filter.with_indifferent_access
@@ -738,7 +774,7 @@ module ActionController
             array_of_permitted_scalars?(self[key]) do |val|
               params[key] = val
             end
-          else
+          elsif non_scalar?(value)
             # Declaration { user: :name } or { user: [:name, :age, { address: ... }] }.
             params[key] = each_element(value) do |element|
               element.permit(*Array.wrap(filter[key]))
@@ -789,7 +825,8 @@ module ActionController
   #   end
   #
   # In order to use <tt>accepts_nested_attributes_for</tt> with Strong \Parameters, you
-  # will need to specify which nested attributes should be whitelisted.
+  # will need to specify which nested attributes should be whitelisted. You might want
+  # to allow +:id+ and +:_destroy+, see ActiveRecord::NestedAttributes for more information.
   #
   #   class Person
   #     has_many :pets
@@ -809,7 +846,7 @@ module ActionController
   #         # It's mandatory to specify the nested attributes that should be whitelisted.
   #         # If you use `permit` with just the key that points to the nested attributes hash,
   #         # it will return an empty hash.
-  #         params.require(:person).permit(:name, :age, pets_attributes: [ :name, :category ])
+  #         params.require(:person).permit(:name, :age, pets_attributes: [ :id, :name, :category ])
   #       end
   #   end
   #