diff --git a/app/controllers/admin/order_cycles_controller.rb b/app/controllers/admin/order_cycles_controller.rb
index b27a343ae3..6c9891baec 100644
--- a/app/controllers/admin/order_cycles_controller.rb
+++ b/app/controllers/admin/order_cycles_controller.rb
@@ -8,6 +8,7 @@ module Admin
     before_filter :load_data_for_index, :only => :index
     before_filter :require_coordinator, only: :new
     before_filter :remove_protected_attrs, only: [:update]
+    before_filter :remove_unauthorized_bulk_attrs, only: [:bulk_update]
     around_filter :protect_invalid_destroy, only: :destroy
 
 
@@ -125,9 +126,18 @@ module Admin
     def remove_protected_attrs
       params[:order_cycle].delete :coordinator_id
 
-      unless spree_current_user.admin? || Enterprise.managed_by(spree_current_user).include?(@order_cycle.coordinator)
+      unless Enterprise.managed_by(spree_current_user).include?(@order_cycle.coordinator)
         params[:order_cycle].delete_if{ |k,v| [:name, :orders_open_at, :orders_close_at].include? k.to_sym }
       end
     end
+
+    def remove_unauthorized_bulk_attrs
+      params[:order_cycle_set][:collection_attributes].each do |i, hash|
+        order_cycle = OrderCycle.find(hash[:id])
+        unless Enterprise.managed_by(spree_current_user).include?(order_cycle.andand.coordinator)
+          params[:order_cycle_set][:collection_attributes].delete i
+        end
+      end
+    end
   end
 end
diff --git a/spec/controllers/admin/order_cycles_controller_spec.rb b/spec/controllers/admin/order_cycles_controller_spec.rb
index b58884086c..9e996f0da7 100644
--- a/spec/controllers/admin/order_cycles_controller_spec.rb
+++ b/spec/controllers/admin/order_cycles_controller_spec.rb
@@ -57,6 +57,44 @@ module Admin
       end
     end
 
+    describe "bulk_update" do
+      let(:oc) { create(:simple_order_cycle) }
+      let!(:coordinator) { oc.coordinator }
+
+      context "when I manage the coordinator of an order cycle" do
+        before { create(:enterprise_role, user: distributor_owner, enterprise: coordinator) }
+
+        it "updates order cycle properties" do
+          spree_put :bulk_update, order_cycle_set: { collection_attributes: { '0' => {
+            id: oc.id,
+            orders_open_at: Date.today - 21.days,
+            orders_close_at: Date.today + 21.days,
+          } } }
+
+          oc.reload
+          expect(oc.orders_open_at.to_date).to eq Date.today - 21.days
+          expect(oc.orders_close_at.to_date).to eq Date.today + 21.days
+        end
+      end
+
+      context "when I do not manage the coordinator of an order cycle" do
+        # I need to manage a hub in order to access the bulk_update action
+        let!(:another_distributor) { create(:distributor_enterprise, users: [distributor_owner]) }
+
+        it "doesn't update order cycle properties" do
+          spree_put :bulk_update, order_cycle_set: { collection_attributes: { '0' => {
+            id: oc.id,
+            orders_open_at: Date.today - 21.days,
+            orders_close_at: Date.today + 21.days,
+          } } }
+
+          oc.reload
+          expect(oc.orders_open_at.to_date).to_not eq Date.today - 21.days
+          expect(oc.orders_close_at.to_date).to_not eq Date.today + 21.days
+        end
+      end
+    end
+
     describe "destroy" do
       let!(:distributor) { create(:distributor_enterprise, owner: distributor_owner) }