modular_strong_params 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 546b2c752e9f8c6461488c0a7b4046a1ce26c1bd
+  data.tar.gz: 7ca4d52d67cc2e8ac3ac21e8af4c08deb40a6d09
+SHA512:
+  metadata.gz: 5cb36cef03b5ef5d72d7425606823b11b3c2472dcd977338f4f80c322bd6c128fc0c5f828e144d8fe122e9d640edaaf7ae26eeedee2ced94c4e8d48ca2a277ec
+  data.tar.gz: 33fb8906f751a4c9b54ffd60a832df86102a136bd6e0ea21fdab64e77d658a6547be35e2d8977b737f1529dd9c730753c5e822da392d7d1dd0358bbd72b4506b

data/.gitignore

@@ -0,0 +1,10 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+.idea

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.ruby-version

@@ -0,0 +1 @@
+ruby-2.2.2

data/.travis.yml

@@ -0,0 +1,3 @@
+language: ruby
+rvm:
+  - 2.2.2

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in modular_strong_params.gemspec
+gemspec

data/README.md

@@ -0,0 +1,56 @@
+# ModularStrongParams
+
+This is `StrongParameters` from Ruby on Rails, just... without ActionController. It was literally copied from [the source](https://github.com/rails/rails/blob/master/actionpack/lib/action_controller/metal/strong_parameters.rb) and reorganized so it can be used as module.
+
+Error classes are now namespaced with `StrongParameters::Error`. Other explicit references to ActionController have been removed. Please get in touch if anything lingers.
+
+## Installation
+
+In your gemfile:
+
+```
+gem 'modular_strong_params', '~> 1.0.0'
+```
+
+## Usage
+
+`lib/action_controller.rb` more or less demonstrates its use.
+
+```ruby
+
+require 'strong_parameters'
+
+class MyAppClass
+  include StrongParameters
+
+  def params
+    @_params ||= Parameters.new(method_that_returns_base_params_hash)
+  end
+
+  def params=(value)
+    @_params = value.is_a?(Hash) ? Parameters.new(value) : value
+  end
+end
+```
+
+Those methods and the `method_that_returns_base_params_hash` will need to be adapted to your environment. For instance, with a Sinatra app at work, we do this:
+
+```
+  def params
+    @params ||= StrongParameters::Parameters.new(super)
+  end
+```
+
+This gets Sinatra's magical params first, then turns them into a StrongParams. Though you take a bit of a performance hit here, we think that the rewards outweigh the costs. 
+
+## Credit Where Credit's Due
+
+Full credit for this code goes to those who contributed to this code in Rails.
+
+### Maintenance
+
+Since this code has been copied from Rails, it will need to be maintained separately. We cannot claim to keep up on that constantly. If you come across changes to the source that are not reflected here, please submit a PR with passing tests.
+
+## License
+
+Released under the [MIT License](http://www.opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,25 @@
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+
+test_files = Dir.glob('test/**/*_test.rb')
+
+desc 'Default Task'
+task default: :test
+
+# Run the unit tests
+Rake::TestTask.new do |t|
+  t.libs << 'test'
+  t.test_files = test_files
+
+  t.warning = true
+  t.verbose = true
+  t.ruby_opts = ['--dev'] if defined?(JRUBY_VERSION)
+end
+
+namespace :test do
+  task :isolated do
+    test_files.all? do |file|
+      sh(Gem.ruby, '-w', '-Ilib:test', file)
+    end || fail('Failures')
+  end
+end

data/accessors_test.rb

@@ -0,0 +1,125 @@
+require 'abstract_unit'
+require 'strong_parameters'
+require 'active_support/core_ext/hash/transform_values'
+
+class ParametersAccessorsTest < ActiveSupport::TestCase
+  setup do
+    @params = ActionController::Parameters.new(
+      person: {
+        age: '32',
+        name: {
+          first: 'David',
+          last: 'Heinemeier Hansson'
+        },
+        addresses: [{city: 'Chicago', state: 'Illinois'}]
+      }
+    )
+  end
+
+  test '[] retains permitted status' do
+    @params.permit!
+    assert @params[:person].permitted?
+    assert @params[:person][:name].permitted?
+  end
+
+  test '[] retains unpermitted status' do
+    assert_not @params[:person].permitted?
+    assert_not @params[:person][:name].permitted?
+  end
+
+  test 'each carries permitted status' do
+    @params.permit!
+    @params.each { |key, value| assert(value.permitted?) if key == 'person' }
+  end
+
+  test 'each carries unpermitted status' do
+    @params.each { |key, value| assert_not(value.permitted?) if key == 'person' }
+  end
+
+  test 'each_pair carries permitted status' do
+    @params.permit!
+    @params.each_pair { |key, value| assert(value.permitted?) if key == 'person' }
+  end
+
+  test 'each_pair carries unpermitted status' do
+    @params.each_pair { |key, value| assert_not(value.permitted?) if key == 'person' }
+  end
+
+  test 'except retains permitted status' do
+    @params.permit!
+    assert @params.except(:person).permitted?
+    assert @params[:person].except(:name).permitted?
+  end
+
+  test 'except retains unpermitted status' do
+    assert_not @params.except(:person).permitted?
+    assert_not @params[:person].except(:name).permitted?
+  end
+
+  test 'fetch retains permitted status' do
+    @params.permit!
+    assert @params.fetch(:person).permitted?
+    assert @params[:person].fetch(:name).permitted?
+  end
+
+  test 'fetch retains unpermitted status' do
+    assert_not @params.fetch(:person).permitted?
+    assert_not @params[:person].fetch(:name).permitted?
+  end
+
+  test 'reject retains permitted status' do
+    assert_not @params.reject { |k| k == 'person' }.permitted?
+  end
+
+  test 'reject retains unpermitted status' do
+    @params.permit!
+    assert @params.reject { |k| k == 'person' }.permitted?
+  end
+
+  test 'select retains permitted status' do
+    @params.permit!
+    assert @params.select { |k| k == 'person' }.permitted?
+  end
+
+  test 'select retains unpermitted status' do
+    assert_not @params.select { |k| k == 'person' }.permitted?
+  end
+
+  test 'slice retains permitted status' do
+    @params.permit!
+    assert @params.slice(:person).permitted?
+  end
+
+  test 'slice retains unpermitted status' do
+    assert_not @params.slice(:person).permitted?
+  end
+
+  test 'transform_keys retains permitted status' do
+    @params.permit!
+    assert @params.transform_keys { |k| k }.permitted?
+  end
+
+  test 'transform_keys retains unpermitted status' do
+    assert_not @params.transform_keys { |k| k }.permitted?
+  end
+
+  test 'transform_values retains permitted status' do
+    @params.permit!
+    assert @params.transform_values { |v| v }.permitted?
+  end
+
+  test 'transform_values retains unpermitted status' do
+    assert_not @params.transform_values { |v| v }.permitted?
+  end
+
+  test 'values_at retains permitted status' do
+    @params.permit!
+    assert @params.values_at(:person).first.permitted?
+    assert @params[:person].values_at(:name).first.permitted?
+  end
+
+  test 'values_at retains unpermitted status' do
+    assert_not @params.values_at(:person).first.permitted?
+    assert_not @params[:person].values_at(:name).first.permitted?
+  end
+end

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'strong_parameters'
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require 'irb'
+IRB.start

data/bin/setup

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/action_controller.rb

@@ -0,0 +1,21 @@
+module ActionController
+  include StrongParameters
+
+  module StrongParameters
+    extend ActiveSupport::Concern
+    include ActiveSupport::Rescuable
+
+    # Returns a new ActionController::Parameters object that
+    # has been instantiated with the <tt>request.parameters</tt>.
+    def params
+      @_params ||= Parameters.new(request.parameters)
+    end
+
+    # Assigns the given +value+ to the +params+ hash. If +value+
+    # is a Hash, this will create an ActionController::Parameters
+    # object that has been instantiated with the given +value+ hash.
+    def params=(value)
+      @_params = value.is_a?(Hash) ? Parameters.new(value) : value
+    end
+  end
+end

data/lib/modular_strong_params/version.rb

@@ -0,0 +1,3 @@
+module ModularStrongParams
+  VERSION = '1.0.0'
+end

data/lib/strong_parameters.rb

@@ -0,0 +1,558 @@
+require 'modular_strong_params/version'
+require 'strong_parameters/error'
+require 'active_support/core_ext/array/wrap'
+require 'active_support/core_ext/string/filters'
+require 'active_support/rescuable'
+require 'active_support/core_ext/hash/indifferent_access'
+require 'action_dispatch/http/upload'
+require 'rack/test'
+require 'stringio'
+require 'set'
+
+module StrongParameters
+  include StrongParameters::Error
+
+  # == Strong \Parameters
+  #
+  # It provides an interface for protecting attributes from end-user
+  # assignment. This makes Action Controller parameters forbidden
+  # to be used in Active Model mass assignment until they have been
+  # whitelisted.
+  #
+  # In addition, parameters can be marked as required and flow through a
+  # predefined raise/rescue flow to end up as a 400 Bad Request with no
+  # effort.
+  #
+  #   class PeopleController < ActionController::Base
+  #     # Using "Person.create(params[:person])" would raise an
+  #     # ActiveModel::ForbiddenAttributes exception because it'd
+  #     # be using mass assignment without an explicit permit step.
+  #     # This is the recommended form:
+  #     def create
+  #       Person.create(person_params)
+  #     end
+  #
+  #     # This will pass with flying colors as long as there's a person key in the
+  #     # parameters, otherwise it'll raise an ActionController::MissingParameter
+  #     # exception, which will get caught by ActionController::Base and turned
+  #     # into a 400 Bad Request reply.
+  #     def update
+  #       redirect_to current_account.people.find(params[:id]).tap { |person|
+  #         person.update!(person_params)
+  #       }
+  #     end
+  #
+  #     private
+  #       # Using a private method to encapsulate the permissible parameters is
+  #       # just a good pattern since you'll be able to reuse the same permit
+  #       # list between create and update. Also, you can specialize this method
+  #       # with per-user checking of permissible attributes.
+  #       def person_params
+  #         params.require(:person).permit(:name, :age)
+  #       end
+  #   end
+  #
+  # In order to use <tt>accepts_nested_attributes_for</tt> with Strong \Parameters, you
+  # will need to specify which nested attributes should be whitelisted.
+  #
+  #   class Person
+  #     has_many :pets
+  #     accepts_nested_attributes_for :pets
+  #   end
+  #
+  #   class PeopleController < ActionController::Base
+  #     def create
+  #       Person.create(person_params)
+  #     end
+  #
+  #     ...
+  #
+  #     private
+  #
+  #       def person_params
+  #         # It's mandatory to specify the nested attributes that should be whitelisted.
+  #         # If you use `permit` with just the key that points to the nested attributes hash,
+  #         # it will return an empty hash.
+  #         params.require(:person).permit(:name, :age, pets_attributes: [ :name, :category ])
+  #       end
+  #   end
+  #
+  # See ActionController::Parameters.require and ActionController::Parameters.permit
+  # for more information.V
+  class Parameters < ActiveSupport::HashWithIndifferentAccess
+    cattr_accessor :permit_all_parameters, instance_accessor: false
+    cattr_accessor :action_on_unpermitted_parameters, instance_accessor: false
+
+    # By default, never raise an UnpermittedParameters exception if these
+    # params are present. The default includes both 'controller' and 'action'
+    # because they are added by Rails and should be of no concern. One way
+    # to change these is to specify `always_permitted_parameters` in your
+    # config. For instance:
+    #
+    #    config.always_permitted_parameters = %w( controller action format )
+    cattr_accessor :always_permitted_parameters
+    self.always_permitted_parameters = %w( controller action )
+
+    def self.const_missing(const_name)
+      return super unless const_name == :NEVER_UNPERMITTED_PARAMS
+      ActiveSupport::Deprecation.warn(<<-MSG.squish)
+            `ActionController::Parameters::NEVER_UNPERMITTED_PARAMS` has been deprecated.
+            Use `ActionController::Parameters.always_permitted_parameters` instead.
+      MSG
+
+      always_permitted_parameters
+    end
+
+    # Returns a new instance of <tt>ActionController::Parameters</tt>.
+    # Also, sets the +permitted+ attribute to the default value of
+    # <tt>ActionController::Parameters.permit_all_parameters</tt>.
+    #
+    #   class Person < ActiveRecord::Base
+    #   end
+    #
+    #   params = ActionController::Parameters.new(name: 'Francesco')
+    #   params.permitted?  # => false
+    #   Person.new(params) # => ActiveModel::ForbiddenAttributesError
+    #
+    #   ActionController::Parameters.permit_all_parameters = true
+    #
+    #   params = ActionController::Parameters.new(name: 'Francesco')
+    #   params.permitted?  # => true
+    #   Person.new(params) # => #<Person id: nil, name: "Francesco">
+    def initialize(attributes = nil)
+      super(attributes)
+      @permitted = self.class.permit_all_parameters
+    end
+
+    # Returns a safe +Hash+ representation of this parameter with all
+    # unpermitted keys removed.
+    #
+    #   params = ActionController::Parameters.new({
+    #     name: 'Senjougahara Hitagi',
+    #     oddity: 'Heavy stone crab'
+    #   })
+    #   params.to_h # => {}
+    #
+    #   safe_params = params.permit(:name)
+    #   safe_params.to_h # => {"name"=>"Senjougahara Hitagi"}
+    def to_h
+      if permitted?
+        to_hash
+      else
+        slice(*self.class.always_permitted_parameters).permit!.to_h
+      end
+    end
+
+    # Returns an unsafe, unfiltered +Hash+ representation of this parameter.
+    def to_unsafe_h
+      to_hash
+    end
+    alias_method :to_unsafe_hash, :to_unsafe_h
+
+    # Convert all hashes in values into parameters, then yield each pair like
+    # the same way as <tt>Hash#each_pair</tt>
+    def each_pair(&block)
+      super do |key, value|
+        convert_hashes_to_parameters(key, value)
+      end
+
+      super
+    end
+
+    alias_method :each, :each_pair
+
+    # Attribute that keeps track of converted arrays, if any, to avoid double
+    # looping in the common use case permit + mass-assignment. Defined in a
+    # method to instantiate it only if needed.
+    #
+    # Testing membership still loops, but it's going to be faster than our own
+    # loop that converts values. Also, we are not going to build a new array
+    # object per fetch.
+    def converted_arrays
+      @converted_arrays ||= Set.new
+    end
+
+    # Returns +true+ if the parameter is permitted, +false+ otherwise.
+    #
+    #   params = ActionController::Parameters.new
+    #   params.permitted? # => false
+    #   params.permit!
+    #   params.permitted? # => true
+    def permitted?
+      @permitted
+    end
+
+    # Sets the +permitted+ attribute to +true+. This can be used to pass
+    # mass assignment. Returns +self+.
+    #
+    #   class Person < ActiveRecord::Base
+    #   end
+    #
+    #   params = ActionController::Parameters.new(name: 'Francesco')
+    #   params.permitted?  # => false
+    #   Person.new(params) # => ActiveModel::ForbiddenAttributesError
+    #   params.permit!
+    #   params.permitted?  # => true
+    #   Person.new(params) # => #<Person id: nil, name: "Francesco">
+    def permit!
+      each_pair do |_key, value|
+        Array.wrap(value).each do |v|
+          v.permit! if v.respond_to? :permit!
+        end
+      end
+
+      @permitted = true
+      self
+    end
+
+    # Ensures that a parameter is present. If it's present, returns
+    # the parameter at the given +key+, otherwise raises an
+    # <tt>ActionController::ParameterMissing</tt> error.
+    #
+    #   ActionController::Parameters.new(person: { name: 'Francesco' }).require(:person)
+    #   # => {"name"=>"Francesco"}
+    #
+    #   ActionController::Parameters.new(person: nil).require(:person)
+    #   # => ActionController::ParameterMissing: param is missing or the value is empty: person
+    #
+    #   ActionController::Parameters.new(person: {}).require(:person)
+    #   # => ActionController::ParameterMissing: param is missing or the value is empty: person
+    def require(key)
+      value = self[key]
+      if value.present? || value == false
+        value
+      else
+        fail ParameterMissing.new(key)
+      end
+    end
+
+    # Alias of #require.
+    alias_method :required, :require
+
+    # Returns a new <tt>ActionController::Parameters</tt> instance that
+    # includes only the given +filters+ and sets the +permitted+ attribute
+    # for the object to +true+. This is useful for limiting which attributes
+    # should be allowed for mass updating.
+    #
+    #   params = ActionController::Parameters.new(user: { name: 'Francesco', age: 22, role: 'admin' })
+    #   permitted = params.require(:user).permit(:name, :age)
+    #   permitted.permitted?      # => true
+    #   permitted.has_key?(:name) # => true
+    #   permitted.has_key?(:age)  # => true
+    #   permitted.has_key?(:role) # => false
+    #
+    # Only permitted scalars pass the filter. For example, given
+    #
+    #   params.permit(:name)
+    #
+    # +:name+ passes if it is a key of +params+ whose associated value is of type
+    # +String+, +Symbol+, +NilClass+, +Numeric+, +TrueClass+, +FalseClass+,
+    # +Date+, +Time+, +DateTime+, +StringIO+, +IO+,
+    # +ActionDispatch::Http::UploadedFile+ or +Rack::Test::UploadedFile+.
+    # Otherwise, the key +:name+ is filtered out.
+    #
+    # You may declare that the parameter should be an array of permitted scalars
+    # by mapping it to an empty array:
+    #
+    #   params = ActionController::Parameters.new(tags: ['rails', 'parameters'])
+    #   params.permit(tags: [])
+    #
+    # You can also use +permit+ on nested parameters, like:
+    #
+    #   params = ActionController::Parameters.new({
+    #     person: {
+    #       name: 'Francesco',
+    #       age:  22,
+    #       pets: [{
+    #         name: 'Purplish',
+    #         category: 'dogs'
+    #       }]
+    #     }
+    #   })
+    #
+    #   permitted = params.permit(person: [ :name, { pets: :name } ])
+    #   permitted.permitted?                    # => true
+    #   permitted[:person][:name]               # => "Francesco"
+    #   permitted[:person][:age]                # => nil
+    #   permitted[:person][:pets][0][:name]     # => "Purplish"
+    #   permitted[:person][:pets][0][:category] # => nil
+    #
+    # Note that if you use +permit+ in a key that points to a hash,
+    # it won't allow all the hash. You also need to specify which
+    # attributes inside the hash should be whitelisted.
+    #
+    #   params = ActionController::Parameters.new({
+    #     person: {
+    #       contact: {
+    #         email: 'none@test.com',
+    #         phone: '555-1234'
+    #       }
+    #     }
+    #   })
+    #
+    #   params.require(:person).permit(:contact)
+    #   # => {}
+    #
+    #   params.require(:person).permit(contact: :phone)
+    #   # => {"contact"=>{"phone"=>"555-1234"}}
+    #
+    #   params.require(:person).permit(contact: [ :email, :phone ])
+    #   # => {"contact"=>{"email"=>"none@test.com", "phone"=>"555-1234"}}
+    def permit(*filters)
+      params = self.class.new
+
+      filters.flatten.each do |filter|
+        case filter
+          when Symbol, String
+            permitted_scalar_filter(params, filter)
+          when Hash then
+            hash_filter(params, filter)
+        end
+      end
+
+      unpermitted_parameters!(params) if self.class.action_on_unpermitted_parameters
+
+      params.permit!
+    end
+
+    # Returns a parameter for the given +key+. If not found,
+    # returns +nil+.
+    #
+    #   params = ActionController::Parameters.new(person: { name: 'Francesco' })
+    #   params[:person] # => {"name"=>"Francesco"}
+    #   params[:none]   # => nil
+    def [](key)
+      convert_hashes_to_parameters(key, super)
+    end
+
+    # Returns a parameter for the given +key+. If the +key+
+    # can't be found, there are several options: With no other arguments,
+    # it will raise an <tt>ActionController::ParameterMissing</tt> error;
+    # if more arguments are given, then that will be returned; if a block
+    # is given, then that will be run and its result returned.
+    #
+    #   params = ActionController::Parameters.new(person: { name: 'Francesco' })
+    #   params.fetch(:person)               # => {"name"=>"Francesco"}
+    #   params.fetch(:none)                 # => ActionController::ParameterMissing: param is missing or the value is empty: none
+    #   params.fetch(:none, 'Francesco')    # => "Francesco"
+    #   params.fetch(:none) { 'Francesco' } # => "Francesco"
+    def fetch(key, *args)
+      convert_hashes_to_parameters(key, super, false)
+    rescue KeyError
+      raise StrongParameters::Error::ParameterMissing.new(key)
+    end
+
+    # Returns a new <tt>ActionController::Parameters</tt> instance that
+    # includes only the given +keys+. If the given +keys+
+    # don't exist, returns an empty hash.
+    #
+    #   params = ActionController::Parameters.new(a: 1, b: 2, c: 3)
+    #   params.slice(:a, :b) # => {"a"=>1, "b"=>2}
+    #   params.slice(:d)     # => {}
+    def slice(*keys)
+      new_instance_with_inherited_permitted_status(super)
+    end
+
+    # Removes and returns the key/value pairs matching the given keys.
+    #
+    #   params = ActionController::Parameters.new(a: 1, b: 2, c: 3)
+    #   params.extract!(:a, :b) # => {"a"=>1, "b"=>2}
+    #   params                  # => {"c"=>3}
+    def extract!(*keys)
+      new_instance_with_inherited_permitted_status(super)
+    end
+
+    # Returns a new <tt>ActionController::Parameters</tt> with the results of
+    # running +block+ once for every value. The keys are unchanged.
+    #
+    #   params = ActionController::Parameters.new(a: 1, b: 2, c: 3)
+    #   params.transform_values { |x| x * 2 }
+    #   # => {"a"=>2, "b"=>4, "c"=>6}
+    def transform_values
+      if block_given?
+        new_instance_with_inherited_permitted_status(super)
+      else
+        super
+      end
+    end
+
+    # This method is here only to make sure that the returned object has the
+    # correct +permitted+ status. It should not matter since the parent of
+    # this object is +HashWithIndifferentAccess+
+    def transform_keys # :nodoc:
+      if block_given?
+        new_instance_with_inherited_permitted_status(super)
+      else
+        super
+      end
+    end
+
+    # Deletes and returns a key-value pair from +Parameters+ whose key is equal
+    # to key. If the key is not found, returns the default value. If the
+    # optional code block is given and the key is not found, pass in the key
+    # and return the result of block.
+    def delete(key, &block)
+      convert_hashes_to_parameters(key, super, false)
+    end
+
+    # Equivalent to Hash#keep_if, but returns nil if no changes were made.
+    def select!(&block)
+      convert_value_to_parameters(super)
+    end
+
+    # Returns an exact copy of the <tt>ActionController::Parameters</tt>
+    # instance. +permitted+ state is kept on the duped object.
+    #
+    #   params = ActionController::Parameters.new(a: 1)
+    #   params.permit!
+    #   params.permitted?        # => true
+    #   copy_params = params.dup # => {"a"=>1}
+    #   copy_params.permitted?   # => true
+    def dup
+      super.tap do |duplicate|
+        duplicate.permitted = @permitted
+      end
+    end
+
+    protected
+
+    attr_writer :permitted
+
+    private
+
+    def new_instance_with_inherited_permitted_status(hash)
+      self.class.new(hash).tap do |new_instance|
+        new_instance.permitted = @permitted
+      end
+    end
+
+    def convert_hashes_to_parameters(key, value, assign_if_converted = true)
+      converted = convert_value_to_parameters(value)
+      self[key] = converted if assign_if_converted && !converted.equal?(value)
+      converted
+    end
+
+    def convert_value_to_parameters(value)
+      if value.is_a?(Array) && !converted_arrays.member?(value)
+        converted = value.map { |_| convert_value_to_parameters(_) }
+        converted_arrays << converted
+        converted
+      elsif value.is_a?(Parameters) || !value.is_a?(Hash)
+        value
+      else
+        self.class.new(value)
+      end
+    end
+
+    def each_element(object)
+      if object.is_a?(Array)
+        object.map { |el| yield el }.compact
+      elsif fields_for_style?(object)
+        hash = object.class.new
+        object.each { |k, v| hash[k] = yield v }
+        hash
+      else
+        yield object
+      end
+    end
+
+    def fields_for_style?(object)
+      object.is_a?(Hash) && object.all? { |k, v| k =~ /\A-?\d+\z/ && v.is_a?(Hash) }
+    end
+
+    def unpermitted_parameters!(params)
+      unpermitted_keys = unpermitted_keys(params)
+      if unpermitted_keys.any?
+        case self.class.action_on_unpermitted_parameters
+          when :log
+            name = 'unpermitted_parameters.action_controller'
+            ActiveSupport::Notifications.instrument(name, keys: unpermitted_keys)
+          when :raise
+            fail StrongParameters::Error::UnpermittedParameters.new(unpermitted_keys)
+        end
+      end
+    end
+
+    def unpermitted_keys(params)
+      self.keys - params.keys - self.always_permitted_parameters
+    end
+
+    #
+    # --- Filtering ----------------------------------------------------------
+    #
+
+    # This is a white list of permitted scalar types that includes the ones
+    # supported in XML and JSON requests.
+    #
+    # This list is in particular used to filter ordinary requests, String goes
+    # as first element to quickly short-circuit the common case.
+    #
+    # If you modify this collection please update the API of +permit+ above.
+    PERMITTED_SCALAR_TYPES = [
+      String,
+      Symbol,
+      NilClass,
+      Numeric,
+      TrueClass,
+      FalseClass,
+      Date,
+      Time,
+      # DateTimes are Dates, we document the type but avoid the redundant check.
+      StringIO,
+      IO,
+      ActionDispatch::Http::UploadedFile,
+      ::Rack::Test::UploadedFile
+    ]
+
+    def permitted_scalar?(value)
+      PERMITTED_SCALAR_TYPES.any? { |type| value.is_a?(type) }
+    end
+
+    def permitted_scalar_filter(params, key)
+      if key?(key) && permitted_scalar?(self[key])
+        params[key] = self[key]
+      end
+
+      keys.grep(/\A#{Regexp.escape(key)}\(\d+[if]?\)\z/) do |k|
+        if permitted_scalar?(self[k])
+          params[k] = self[k]
+        end
+      end
+    end
+
+    def array_of_permitted_scalars?(value)
+      if value.is_a?(Array)
+        value.all? { |element| permitted_scalar?(element) }
+      end
+    end
+
+    def array_of_permitted_scalars_filter(params, key)
+      if key?(key) && array_of_permitted_scalars?(self[key])
+        params[key] = self[key]
+      end
+    end
+
+    EMPTY_ARRAY = []
+    def hash_filter(params, filter)
+      filter = filter.with_indifferent_access
+
+      # Slicing filters out non-declared keys.
+      slice(*filter.keys).each do |key, value|
+        next unless value
+
+        if filter[key] == EMPTY_ARRAY
+          # Declaration { comment_ids: [] }.
+          array_of_permitted_scalars_filter(params, key)
+        else
+          # Declaration { user: :name } or { user: [:name, :age, { address: ... }] }.
+          params[key] = each_element(value) do |element|
+            if element.is_a?(Hash)
+              element = self.class.new(element) unless element.respond_to?(:permit)
+              element.permit(*Array.wrap(filter[key]))
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/strong_parameters/error.rb

@@ -0,0 +1,35 @@
+module StrongParameters
+  module Error
+    # Raised when a required parameter is missing.
+    #
+    #   params = ActionController::Parameters.new(a: {})
+    #   params.fetch(:b)
+    #   # => ActionController::ParameterMissing: param is missing or the value is empty: b
+    #   params.require(:a)
+    #   # => ActionController::ParameterMissing: param is missing or the value is empty: a
+    class ParameterMissing < KeyError
+      attr_reader :param # :nodoc:
+
+      def initialize(param) # :nodoc:
+        @param = param
+        super("param is missing or the value is empty: #{param}")
+      end
+    end
+
+    # Raised when a supplied parameter is not expected and
+    # ActionController::Parameters.action_on_unpermitted_parameters
+    # is set to <tt>:raise</tt>.
+    #
+    #   params = ActionController::Parameters.new(a: "123", b: "456")
+    #   params.permit(:c)
+    #   # => ActionController::UnpermittedParameters: found unpermitted parameters: a, b
+    class UnpermittedParameters < IndexError
+      attr_reader :params # :nodoc:
+
+      def initialize(params) # :nodoc:
+        @params = params
+        super("found unpermitted parameter#{'s' if params.size > 1 }: #{params.join(', ')}")
+      end
+    end
+  end
+end

data/modular_strong_params.gemspec

@@ -0,0 +1,33 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'modular_strong_params/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'modular_strong_params'
+  spec.version       = ModularStrongParams::VERSION
+  spec.authors       = ['Chris Grigg', 'Rebecca Eakins']
+  spec.email         = ['chris@subvertallmedia.com', 'rebecca.a.eakins@gmail.com']
+
+  spec.summary       = 'Strong params... in a module!'
+  spec.description   = %q{Rails 4.2\'s Strong Parameters in modular form, usable in Sinatra.
+                       The listed authors are only responsible for code extraction, full credit and respect
+                       goes to those talented individuals who actually wrote the code!}
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+  spec.license       = 'MIT'
+
+  spec.add_dependency 'rack'
+  spec.add_dependency 'activesupport', '~> 4.2'
+  spec.add_dependency 'actionpack', '~> 4.2'
+  spec.add_dependency 'activemodel', '~> 4.2'
+  spec.add_dependency 'railties', '~> 4.2'
+
+  spec.add_development_dependency 'bundler', '~> 1.9'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'test-unit'
+  spec.add_development_dependency 'pry'
+end

metadata

@@ -0,0 +1,190 @@
+--- !ruby/object:Gem::Specification
+name: modular_strong_params
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Chris Grigg
+- Rebecca Eakins
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2015-07-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+- !ruby/object:Gem::Dependency
+  name: railties
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.9'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: test-unit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: |-
+  Rails 4.2\'s Strong Parameters in modular form, usable in Sinatra.
+                         The listed authors are only responsible for code extraction, full credit and respect
+                         goes to those talented individuals who actually wrote the code!
+email:
+- chris@subvertallmedia.com
+- rebecca.a.eakins@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".ruby-version"
+- ".travis.yml"
+- Gemfile
+- README.md
+- Rakefile
+- accessors_test.rb
+- bin/console
+- bin/setup
+- lib/action_controller.rb
+- lib/modular_strong_params/version.rb
+- lib/strong_parameters.rb
+- lib/strong_parameters/error.rb
+- modular_strong_params.gemspec
+homepage: 
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.6
+signing_key: 
+specification_version: 4
+summary: Strong params... in a module!
+test_files: []