diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index 52d2bd90d4f9..d4a77a013c9f 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -664,8 +664,9 @@ def require(key) # object # => #"pumpkin"} permitted: true> # def expect(*filters) + params = apply_filters(filters) keys = filters.map {|f| f.respond_to?(:keys) ? f.keys : f }.flatten(1) - values = permit(*filters).require(keys) + values = params.permit!.require(keys) values.size == 1 ? values.first : values end @@ -807,16 +808,7 @@ def expect(*filters) # params.permit(person: { '0': [:email], '1': [:phone]}).to_h # # => {"person"=>{"0"=>{"email"=>"none@test.com"}, "1"=>{"phone"=>"555-6789"}}} def permit(*filters) - params = self.class.new - - filters.flatten.each do |filter| - case filter - when Symbol, String - permitted_scalar_filter(params, filter) - when Hash - hash_filter(params, filter) - end - end + params = apply_filters(filters) unpermitted_parameters!(params) if self.class.action_on_unpermitted_parameters @@ -1262,10 +1254,25 @@ def each_element(object, filter, &block) end end - def unpermitted_parameters!(params) + def apply_filters(filters) + params = self.class.new + + filters.flatten.each do |filter| + case filter + when Symbol, String + permitted_scalar_filter(params, filter) + when Hash + hash_filter(params, filter) + end + end + + params + end + + def unpermitted_parameters!(params, action = self.class.action_on_unpermitted_parameters) unpermitted_keys = unpermitted_keys(params) if unpermitted_keys.any? - case self.class.action_on_unpermitted_parameters + case action when :log name = "unpermitted_parameters.action_controller" ActiveSupport::Notifications.instrument(name, keys: unpermitted_keys, context: @logging_context)