diff --git a/app/controllers/spree/admin/resource_controller.rb b/app/controllers/spree/admin/resource_controller.rb
index d1ce6e8b27..8b7c0cde12 100644
--- a/app/controllers/spree/admin/resource_controller.rb
+++ b/app/controllers/spree/admin/resource_controller.rb
@@ -28,7 +28,7 @@ module Spree
 
       def update
         invoke_callbacks(:update, :before)
-        if @object.update_attributes(params[object_name])
+        if @object.update_attributes(permitted_resource_params)
           invoke_callbacks(:update, :after)
           flash[:success] = flash_message_for(@object, :successfully_updated)
           respond_with(@object) do |format|
@@ -43,7 +43,7 @@ module Spree
 
       def create
         invoke_callbacks(:create, :before)
-        @object.attributes = params[object_name]
+        @object.attributes = permitted_resource_params
         if @object.save
           invoke_callbacks(:create, :after)
           flash[:success] = flash_message_for(@object, :successfully_created)
@@ -251,6 +251,13 @@ module Spree
         end
       end
 
+      # Permit specific list of params
+      #
+      # Example: params.require(object_name).permit(:name)
+      def permitted_resource_params
+        raise "All extending controllers need to override the method permitted_resource_params"
+      end
+
       def collection_url(options = {})
         if parent_data.present?
           spree.polymorphic_url([:admin, parent, model_class], options)