From 688b3c98d7ca313fcfe5775872d3db3465307b78 Mon Sep 17 00:00:00 2001
From: Matt-Yorkley <9029026+Matt-Yorkley@users.noreply.github.com>
Date: Sun, 24 Jan 2021 20:10:36 +0000
Subject: [PATCH] Use strong params in variants search

---
 app/controllers/spree/admin/variants_controller.rb | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/controllers/spree/admin/variants_controller.rb b/app/controllers/spree/admin/variants_controller.rb
index d7a501728b..2177080a8f 100644
--- a/app/controllers/spree/admin/variants_controller.rb
+++ b/app/controllers/spree/admin/variants_controller.rb
@@ -54,7 +54,7 @@ module Spree
       end
 
       def search
-        scoper = OpenFoodNetwork::ScopeVariantsForSearch.new(params)
+        scoper = OpenFoodNetwork::ScopeVariantsForSearch.new(variant_search_params)
         @variants = scoper.search
         render json: @variants, each_serializer: ::Api::Admin::VariantSerializer
       end
@@ -109,6 +109,12 @@ module Spree
       def permitted_resource_params
         variant_params
       end
+
+      def variant_search_params
+        params.permit(
+          :q, :distributor_id, :order_cycle_id, :schedule_id, :eligible_for_subscriptions
+        ).to_h.with_indifferent_access
+      end
     end
   end
 end