From 31df28b348471209d75ceb1e3fa2d54fec340349 Mon Sep 17 00:00:00 2001
From: Matt-Yorkley <9029026+Matt-Yorkley@users.noreply.github.com>
Date: Sun, 10 Jan 2021 21:28:47 +0000
Subject: [PATCH] Fix params mangling in Api::ProductController

---
 app/controllers/api/products_controller.rb | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/app/controllers/api/products_controller.rb b/app/controllers/api/products_controller.rb
index 0dd2d26d60..d8fab1067a 100644
--- a/app/controllers/api/products_controller.rb
+++ b/app/controllers/api/products_controller.rb
@@ -7,6 +7,8 @@ module Api
     respond_to :json
     DEFAULT_PER_PAGE = 15
 
+    before_action :set_default_available_on, only: :create
+
     skip_authorization_check only: [:show, :bulk_products, :overridable]
 
     def show
@@ -16,8 +18,8 @@ module Api
 
     def create
       authorize! :create, Spree::Product
-      params[:product][:available_on] ||= Time.zone.now
       @product = Spree::Product.new(product_params)
+
       begin
         if @product.save
           render json: @product, serializer: Api::Admin::ProductSerializer, status: :created
@@ -146,7 +148,12 @@ module Api
     end
 
     def product_params
-      params.require(:product).permit PermittedAttributes::Product.attributes
+      @product_params ||=
+        params.permit(product: PermittedAttributes::Product.attributes)[:product].to_h
+    end
+
+    def set_default_available_on
+      product_params[:available_on] ||= Time.zone.now
     end
   end
 end