9 files changed, 104 insertions, 32 deletions

diff --git a/activerecord/lib/active_record/associations/collection_association.rb b/activerecord/lib/active_record/associations/collection_association.rb
index 6cdec8c487..85a4f47b7d 100644
--- a/activerecord/lib/active_record/associations/collection_association.rb
+++ b/activerecord/lib/active_record/associations/collection_association.rb
@@ -94,7 +94,14 @@ module ActiveRecord
       end
 
       def build(attributes = {}, options = {}, &block)
-        build_or_create(:build, attributes, options, &block)
+        if attributes.is_a?(Array)
+          attributes.collect { |attr| build(attr, options, &block) }
+        else
+          add_to_target(build_record(attributes, options)) do |record|
+            yield(record) if block_given?
+            set_owner_attributes(record)
+          end
+        end
       end
 
       def create(attributes = {}, options = {}, &block)
@@ -102,7 +109,16 @@ module ActiveRecord
           raise ActiveRecord::RecordNotSaved, "You cannot call create unless the parent is saved"
         end
 
-        build_or_create(:create, attributes, options, &block)
+        if attributes.is_a?(Array)
+          attributes.collect { |attr| create(attr, options, &block) }
+        else
+          transaction do
+            add_to_target(build_record(attributes, options)) do |record|
+              yield(record) if block_given?
+              insert_record(record)
+            end
+          end
+        end
       end
 
       def create!(attrs = {}, options = {}, &block)
@@ -337,20 +353,18 @@ module ActiveRecord
       end
 
       def add_to_target(record)
-        transaction do
-          callback(:before_add, record)
-          yield(record) if block_given?
-
-          if options[:uniq] && index = @target.index(record)
-            @target[index] = record
-          else
-            @target << record
-          end
+        callback(:before_add, record)
+        yield(record) if block_given?
 
-          callback(:after_add, record)
-          set_inverse_instance(record)
+        if options[:uniq] && index = @target.index(record)
+          @target[index] = record
+        else
+          @target << record
         end
 
+        callback(:after_add, record)
+        set_inverse_instance(record)
+
         record
       end
 
@@ -403,26 +417,13 @@ module ActiveRecord
           end + existing
         end
 
-        def build_or_create(method, attributes, options)
-          records = Array.wrap(attributes).map do |attrs|
-            record = build_record(attrs, options)
-
-            add_to_target(record) do
-              yield(record) if block_given?
-              insert_record(record) if method == :create
-            end
-          end
-
-          attributes.is_a?(Array) ? records : records.first
-        end
-
         # Do the relevant stuff to insert the given record into the association collection.
         def insert_record(record, validate = true)
           raise NotImplementedError
         end
 
         def build_record(attributes, options)
-          reflection.build_association(scoped.scope_for_create.merge(attributes), options)
+          reflection.build_association(scoped.scope_for_create.merge(attributes || {}), options)
         end
 
         def delete_or_destroy(records, method)
diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb
index 67af21c9a0..d07f9365b3 100644
--- a/activerecord/lib/active_record/base.rb
+++ b/activerecord/lib/active_record/base.rb
@@ -1688,6 +1688,8 @@ MSG
       #   user.name       # => "Josh"
       #   user.is_admin?  # => true
       def assign_attributes(new_attributes, options = {})
+        return unless new_attributes
+
         attributes = new_attributes.stringify_keys
         role = options[:as] || :default
 
diff --git a/activerecord/lib/active_record/identity_map.rb b/activerecord/lib/active_record/identity_map.rb
index cad3865f03..b15b5a8133 100644
--- a/activerecord/lib/active_record/identity_map.rb
+++ b/activerecord/lib/active_record/identity_map.rb
@@ -12,7 +12,34 @@ module ActiveRecord
   # In order to enable IdentityMap, set <tt>config.active_record.identity_map = true</tt>
   # in your <tt>config/application.rb</tt> file.
   #
-  # IdentityMap is disabled by default.
+  # IdentityMap is disabled by default and still in development (i.e. use it with care).
+  #
+  # == Associations
+  #
+  # Active Record Identity Map does not track associations yet. For example:
+  #
+  #   comment = @post.comments.first
+  #   comment.post = nil
+  #   @post.comments.include?(comment) #=> true
+  #
+  # Ideally, the example above would return false, removing the comment object from the
+  # post association when the association is nullified. This may cause side effects, as
+  # in the situation below, if Identity Map is enabled:
+  #
+  #   Post.has_many :comments, :dependent => :destroy
+  #
+  #   comment = @post.comments.first
+  #   comment.post = nil
+  #   comment.save
+  #   Post.destroy(@post.id)
+  #
+  # Without using Identity Map, the code above will destroy the @post object leaving
+  # the comment object intact. However, once we enable Identity Map, the post loaded
+  # by Post.destroy is exactly the same object as the object @post. As the object @post
+  # still has the comment object in @post.comments, once Identity Map is enabled, the
+  # comment object will be accidently removed.
+  #
+  # This inconsistency is meant to be fixed in future Rails releases.
   #
   module IdentityMap
 
diff --git a/activerecord/lib/active_record/session_store.rb b/activerecord/lib/active_record/session_store.rb
index 7e77aefb21..98e21db908 100644
--- a/activerecord/lib/active_record/session_store.rb
+++ b/activerecord/lib/active_record/session_store.rb
@@ -83,6 +83,8 @@ module ActiveRecord
       cattr_accessor :data_column_name
       self.data_column_name = 'data'
 
+      attr_accessible :session_id, :data, :marshaled_data
+
       before_save :marshal_data!
       before_save :raise_on_session_data_overflow!
 
diff --git a/activerecord/test/cases/associations/has_many_associations_test.rb b/activerecord/test/cases/associations/has_many_associations_test.rb
index 247decc67b..dc2481456b 100644
--- a/activerecord/test/cases/associations/has_many_associations_test.rb
+++ b/activerecord/test/cases/associations/has_many_associations_test.rb
@@ -66,6 +66,35 @@ class HasManyAssociationsTest < ActiveRecord::TestCase
     assert_equal 'exotic', bulb.name
   end
 
+  def test_create_from_association_with_nil_values_should_work
+    car = Car.create(:name => 'honda')
+
+    bulb = car.bulbs.new(nil)
+    assert_equal 'defaulty', bulb.name
+
+    bulb = car.bulbs.build(nil)
+    assert_equal 'defaulty', bulb.name
+
+    bulb = car.bulbs.create(nil)
+    assert_equal 'defaulty', bulb.name
+  end
+
+  def test_create_from_association_set_owner_attributes_by_passing_protection
+    Bulb.attr_protected :car_id
+    car = Car.create(:name => 'honda')
+
+    bulb = car.bulbs.new
+    assert_equal car.id, bulb.car_id
+
+    bulb = car.bulbs.build
+    assert_equal car.id, bulb.car_id
+
+    bulb = car.bulbs.create
+    assert_equal car.id, bulb.car_id
+  ensure
+    Bulb.attr_protected :id
+  end
+
   # When creating objects on the association, we must not do it within a scope (even though it
   # would be convenient), because this would cause that scope to be applied to any callbacks etc.
   def test_build_and_create_should_not_happen_within_scope
diff --git a/activerecord/test/cases/mass_assignment_security_test.rb b/activerecord/test/cases/mass_assignment_security_test.rb
index c81015b7c2..062a642e50 100644
--- a/activerecord/test/cases/mass_assignment_security_test.rb
+++ b/activerecord/test/cases/mass_assignment_security_test.rb
@@ -87,6 +87,10 @@ class MassAssignmentSecurityTest < ActiveRecord::TestCase
     end
   end
 
+  def test_mass_assigning_does_not_choke_on_nil
+    Firm.new.assign_attributes(nil)
+  end
+
   def test_assign_attributes_uses_default_role_when_no_role_is_provided
     p = LoosePerson.new
     p.assign_attributes(attributes_hash)
diff --git a/activerecord/test/cases/persistence_test.rb b/activerecord/test/cases/persistence_test.rb
index b066575af8..57d1441128 100644
--- a/activerecord/test/cases/persistence_test.rb
+++ b/activerecord/test/cases/persistence_test.rb
@@ -336,6 +336,10 @@ class PersistencesTest < ActiveRecord::TestCase
     assert !Topic.find(1).approved?
   end
 
+  def test_update_attribute_does_not_choke_on_nil
+    assert Topic.find(1).update_attributes(nil)
+  end
+
   def test_update_attribute_for_readonly_attribute
     minivan = Minivan.find('m1')
     assert_raises(ActiveRecord::ActiveRecordError) { minivan.update_attribute(:color, 'black') }
diff --git a/activerecord/test/cases/session_store/session_test.rb b/activerecord/test/cases/session_store/session_test.rb
index cee5ddd003..669c0b7b4d 100644
--- a/activerecord/test/cases/session_store/session_test.rb
+++ b/activerecord/test/cases/session_store/session_test.rb
@@ -21,6 +21,12 @@ module ActiveRecord
         assert_equal 'sessions', Session.table_name
       end
 
+      def test_accessible_attributes
+        assert Session.accessible_attributes.include?(:session_id)
+        assert Session.accessible_attributes.include?(:data)
+        assert Session.accessible_attributes.include?(:marshaled_data)
+      end
+
       def test_create_table!
         assert !Session.table_exists?
         Session.create_table!
diff --git a/activerecord/test/cases/xml_serialization_test.rb b/activerecord/test/cases/xml_serialization_test.rb
index a6074b23e7..756c8a32eb 100644
--- a/activerecord/test/cases/xml_serialization_test.rb
+++ b/activerecord/test/cases/xml_serialization_test.rb
@@ -143,10 +143,7 @@ class NilXmlSerializationTest < ActiveRecord::TestCase
   end
 
   def test_should_serialize_yaml
-    assert %r{<preferences(.*)></preferences>}.match(@xml)
-    attributes = $1
-    assert_match %r{type="yaml"}, attributes
-    assert_match %r{nil="true"}, attributes
+    assert_match %r{<preferences nil=\"true\"></preferences>}, @xml
   end
 end