3 files changed, 41 insertions, 15 deletions

diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb
index 6b8d9384d4..9b3bf99fc3 100644
--- a/actionpack/lib/action_controller/base.rb
+++ b/actionpack/lib/action_controller/base.rb
@@ -43,7 +43,7 @@ module ActionController
   #
   #   def server_ip
   #     location = request.env["SERVER_ADDR"]
-  #     render :text => "This server hosted at #{location}"
+  #     render text: "This server hosted at #{location}"
   #   end
   #
   # == Parameters
@@ -113,9 +113,9 @@ module ActionController
   #   def search
   #     @results = Search.find(params[:query])
   #     case @results.count
-  #       when 0 then render :action => "no_results"
-  #       when 1 then render :action => "show"
-  #       when 2..10 then render :action => "show_many"
+  #       when 0 then render action: "no_results"
+  #       when 1 then render action: "show"
+  #       when 2..10 then render action: "show_many"
   #     end
   #   end
   #
@@ -131,7 +131,7 @@ module ActionController
   #     @entry = Entry.new(params[:entry])
   #     if @entry.save
   #       # The entry was saved correctly, redirect to show
-  #       redirect_to :action => 'show', :id => @entry.id
+  #       redirect_to action: 'show', id: @entry.id
   #     else
   #       # things didn't go so well, do something else
   #     end
@@ -148,15 +148,15 @@ module ActionController
   # An action may contain only a single render or a single redirect. Attempting to try to do either again will result in a DoubleRenderError:
   #
   #   def do_something
-  #     redirect_to :action => "elsewhere"
-  #     render :action => "overthere" # raises DoubleRenderError
+  #     redirect_to action: "elsewhere"
+  #     render action: "overthere" # raises DoubleRenderError
   #   end
   #
   # If you need to redirect on the condition of something, then be sure to add "and return" to halt execution.
   #
   #   def do_something
-  #     redirect_to(:action => "elsewhere") and return if monkeys.nil?
-  #     render :action => "overthere" # won't be called if monkeys is nil
+  #     redirect_to(action: "elsewhere") and return if monkeys.nil?
+  #     render action: "overthere" # won't be called if monkeys is nil
   #   end
   #
   class Base < Metal
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index 398454d39f..6f46954266 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -171,13 +171,38 @@ module ActionController
     #   permitted[:person][:age]                # => nil
     #   permitted[:person][:pets][0][:name]     # => "Purplish"
     #   permitted[:person][:pets][0][:category] # => nil
+    #
+    # Note that if you use +permit+ in a key that points to a hash,
+    # it won't allow all the hash. You also need to specify which
+    # attributes inside the hash should be whitelisted.
+    #
+    #   params = ActionController::Parameters.new({
+    #     person: {
+    #       contact: {
+    #         email: 'none@test.com'
+    #         phone: '555-1234'
+    #       }
+    #     }
+    #   })
+    #
+    #   params.require(:person).permit(:contact)
+    #   # => {}
+    #
+    #   params.require(:person).permit(contact: :phone)
+    #   # => {"contact"=>{"phone"=>"555-1234"}}
+    #
+    #   params.require(:person).permit(contact: [ :email, :phone ])
+    #   # => {"contact"=>{"email"=>"none@test.com", "phone"=>"555-1234"}}
     def permit(*filters)
       params = self.class.new
 
       filters.each do |filter|
         case filter
         when Symbol, String then
-          params[filter] = self[filter] if has_key?(filter)
+          if has_key?(filter)
+            _value = self[filter]
+            params[filter] = _value unless Hash === _value
+          end
           keys.grep(/\A#{Regexp.escape(filter)}\(\di\)\z/) { |key| params[key] = self[key] }
         when Hash then
           self.slice(*filter.keys).each do |key, values|
diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb
index ace5a2c822..d911d47a1d 100644
--- a/actionpack/lib/action_controller/test_case.rb
+++ b/actionpack/lib/action_controller/test_case.rb
@@ -123,11 +123,12 @@ module ActionController
 
         if expected_partial = options[:partial]
           if expected_locals = options[:locals]
-            if defined?(@locals)
-              actual_locals = @locals[expected_partial.to_s.sub(/^_/,'')]
-              expected_locals.each_pair do |k,v|
-                assert_equal(v, actual_locals[k])
-              end
+            if defined?(@_rendered_views)
+              view = expected_partial.to_s.sub(/^_/,'')
+              msg = 'expecting %s to be rendered with %s but was with %s' % [expected_partial,
+                                                                             expected_locals,
+                                                                             @_rendered_views.locals_for(view)]
+              assert(@_rendered_views.view_rendered?(view, options[:locals]), msg)
             else
               warn "the :locals option to #assert_template is only supported in a ActionView::TestCase"
             end