From 54a4952dc58fca9c36ee72a492077a356bbaf21f Mon Sep 17 00:00:00 2001
From: Matt-Yorkley <9029026+Matt-Yorkley@users.noreply.github.com>
Date: Wed, 4 Nov 2020 13:03:45 +0000
Subject: [PATCH] Fix ForbiddenAttributesError on tag rules

---
 app/controllers/admin/enterprises_controller.rb |  3 ++-
 app/services/permitted_attributes/tag_rules.rb  | 12 ++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 app/services/permitted_attributes/tag_rules.rb

diff --git a/app/controllers/admin/enterprises_controller.rb b/app/controllers/admin/enterprises_controller.rb
index d634b4e3fc..dc741f1a8e 100644
--- a/app/controllers/admin/enterprises_controller.rb
+++ b/app/controllers/admin/enterprises_controller.rb
@@ -214,7 +214,8 @@ module Admin
           rule = @object.tag_rules.find_by(id: attrs.delete(:id)) ||
                  attrs[:type].constantize.new(enterprise: @object)
           create_calculator_for(rule, attrs) if rule.type == "TagRule::DiscountOrder" && rule.calculator.nil?
-          rule.update(attrs)
+
+          rule.update(attrs.permit(PermittedAttributes::TagRules.attributes))
         end
       end
     end
diff --git a/app/services/permitted_attributes/tag_rules.rb b/app/services/permitted_attributes/tag_rules.rb
new file mode 100644
index 0000000000..ce6bd879e0
--- /dev/null
+++ b/app/services/permitted_attributes/tag_rules.rb
@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module PermittedAttributes
+  class TagRules
+    def self.attributes
+      [
+        :id, :type, :preferred_customer_tags, :calculator_type,
+        { calculator_attributes: [:id, :preferred_flat_percent] }
+      ]
+    end
+  end
+end