Allow permitting numeric params

When specifying numeric parameters, strong params lets you permit them all using the same permitted params for each.

For example params like,
```ruby
book: {
        authors_attributes: {
          '0': { name: "William Shakespeare", age_of_death: "52" },
          '1': { name: "Unattributed Assistant" },
          '2': "Not a hash",
          'new_record': { name: "Some name" }
        }
      }
```

can be permitted with,
```
permit book: { authors_attributes: [ :name ] }
```

This returns the name keys for each of the numeric keyed params that have a name field,
```ruby
{ "book" => { "authors_attributes" => { "0" => { "name" => "William Shakespeare" }, "1" => { "name" => "Unattributed Assistant" } } } }
```

This is exactly what you want most of the time. Rarely you might need
to specify different keys for particular numeric attributes. This
allows another strong params syntax for those cases where you can
specify the keys allowed for each individual numerically keys attributes
hash.

After this change using the same params above, you can permit the name and age for only the `0` key and only the name for the `1` key,

```ruby
permit book: { authors_attributes: { '1': [ :name ], '0': [ :name, :age_of_death ] } }
```

This returns exactly the parameters that you specify,

```ruby
{ "book" => { "authors_attributes" => { "0" => { "name" => "William Shakespeare", "age_of_death" => "52" }, "1" => { "name" => "Unattributed Assistant" } } } }
```

Sidenote: this allows `permit` to do the equivalent to
```ruby
params.require(:book).permit(authors_attributes: { '1': [:name]})
```

without raising when `book: ... ` is not present.

The simpler syntax should be preferred, but in cases where you need more control, this is a nice option to have.

Author: HParker

actionpack/lib/action_controller/metal/strong_parameters.rb

@@ -592,6 +592,41 @@ def require(key)
     #
     #   params.require(:person).permit(contact: [ :email, :phone ])
     #   # => <ActionController::Parameters {"contact"=><ActionController::Parameters {"email"=>"[email protected]", "phone"=>"555-1234"} permitted: true>} permitted: true>
+    #
+    # If your parameters specify multiple parameters indexed by a number,
+    # you can permit each set of parameters under the numeric key to be the same using the same syntax as permitting a single item.
+    #
+    #   params = ActionController::Parameters.new({
+    #     person: {
+    #       '0': {
+    #         email: "[email protected]",
+    #         phone: "555-1234"
+    #       },
+    #       '1': {
+    #         email: "[email protected]",
+    #         phone: "555-6789"
+    #       },
+    #     }
+    #   })
+    #   params.permit(person: [:email]).to_h
+    #   # => {"person"=>{"0"=>{"email"=>"[email protected]"}, "1"=>{"email"=>"[email protected]"}}}
+    #
+    # If you want to specify what keys you want from each numeric key, you can instead specify each one individually
+    #
+    #   params = ActionController::Parameters.new({
+    #     person: {
+    #       '0': {
+    #         email: "[email protected]",
+    #         phone: "555-1234"
+    #       },
+    #       '1': {
+    #         email: "[email protected]",
+    #         phone: "555-6789"
+    #       },
+    #     }
+    #   })
+    #   params.permit(person: { '0': [:email], '1': [:phone]}).to_h
+    #   # => {"person"=>{"0"=>{"email"=>"[email protected]"}, "1"=>{"phone"=>"555-6789"}}}
     def permit(*filters)
       params = self.class.new
 
@@ -952,12 +987,18 @@ def convert_value_to_parameters(value)
         end
       end
 
-      def each_element(object, &block)
+      def specify_numeric_keys?(filter)
+        if filter.respond_to?(:keys)
+          filter.keys.any? { |key| /\A-?\d+\z/.match?(key) }
+        end
+      end
+
+      def each_element(object, filter, &block)
         case object
         when Array
           object.grep(Parameters).filter_map { |el| yield el }
         when Parameters
-          if object.nested_attributes?
+          if object.nested_attributes? && !specify_numeric_keys?(filter)
             object.each_nested_attribute(&block)
           else
             yield object
@@ -1070,7 +1111,7 @@ def hash_filter(params, filter)
             end
           elsif non_scalar?(value)
             # Declaration { user: :name } or { user: [:name, :age, { address: ... }] }.
-            params[key] = each_element(value) do |element|
+            params[key] = each_element(value, filter[key]) do |element|
               element.permit(*Array.wrap(filter[key]))
             end
           end

actionpack/test/controller/parameters/nested_parameters_permit_test.rb

@@ -194,6 +194,75 @@ def assert_filtered_out(params, key)
     assert_filtered_out permitted[:book][:authors_attributes]["-1"], :age_of_death
   end
 
+  test "nested params with numeric keys addressing individual numeric keys" do
+    params = ActionController::Parameters.new(
+      book: {
+        authors_attributes: {
+          '0': { name: "William Shakespeare", age_of_death: "52" },
+          '1': { name: "Unattributed Assistant" },
+          '2': { name: %w(injected names) }
+        }
+      })
+    permitted = params.permit book: { authors_attributes: { '1': [ :name ], '0': [ :name, :age_of_death ] } }
+
+    assert_equal(
+      { "book" => { "authors_attributes" => { "0" => { "name" => "William Shakespeare", "age_of_death" => "52" }, "1" => { "name" => "Unattributed Assistant" } } } },
+      permitted.to_h
+    )
+  end
+
+  test "nested params with numeric keys addressing individual numeric keys using require first" do
+    params = ActionController::Parameters.new(
+      book: {
+        authors_attributes: {
+          '0': { name: "William Shakespeare", age_of_death: "52" },
+          '1': { name: "Unattributed Assistant" },
+          '2': { name: %w(injected names) }
+        }
+      })
+
+    permitted = params.require(:book).permit(authors_attributes: { '1': [:name] })
+
+    assert_equal(
+      { "authors_attributes" => { "1" => { "name" => "Unattributed Assistant" } } },
+      permitted.to_h
+    )
+  end
+
+  test "nested params with numeric keys addressing individual numeric keys to arrays" do
+    params = ActionController::Parameters.new(
+      book: {
+        authors_attributes: {
+          '0': ["draft 1", "draft 2", "draft 3"],
+          '1': ["final draft"],
+          '2': { name: %w(injected names) }
+        }
+      })
+    permitted = params.permit book: { authors_attributes: { '2': [ :name ], '0': [] } }
+
+    assert_equal(
+      { "book" => { "authors_attributes" => { "2" => {}, "0" => ["draft 1", "draft 2", "draft 3"] } } },
+      permitted.to_h
+    )
+  end
+
+  test "nested params with numeric keys addressing individual numeric keys to more nested params" do
+    params = ActionController::Parameters.new(
+      book: {
+        authors_attributes: {
+          '0': ["draft 1", "draft 2", "draft 3"],
+          '1': ["final draft"],
+          '2': { name: { "projects" => [ "hamlet", "Othello" ] } }
+        }
+      })
+    permitted = params.permit book: { authors_attributes: { '2': { name: { projects: [] } }, '0': [] } }
+
+    assert_equal(
+      { "book" => { "authors_attributes" => { "2" => { "name" => { "projects" => ["hamlet", "Othello"] } }, "0" => ["draft 1", "draft 2", "draft 3"] } } },
+      permitted.to_h
+    )
+  end
+
   test "nested number as key" do
     params = ActionController::Parameters.new(
       product: {