From 6ba3a3c373662af5e6649b92da9ef50ca72264df Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Sun, 23 Feb 2020 12:49:27 +0000
Subject: [PATCH] Handle strong params in admin/enterprises_controller

---
 .../admin/enterprises_controller.rb           | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/app/controllers/admin/enterprises_controller.rb b/app/controllers/admin/enterprises_controller.rb
index cf95180818..c51c586d73 100644
--- a/app/controllers/admin/enterprises_controller.rb
+++ b/app/controllers/admin/enterprises_controller.rb
@@ -41,7 +41,7 @@ module Admin
       tag_rules_attributes = params[object_name].delete :tag_rules_attributes
       update_tag_rules(tag_rules_attributes) if tag_rules_attributes.present?
       update_enterprise_notifications
-      if @object.update_attributes(params[object_name])
+      if @object.update_attributes(enterprise_params)
         invoke_callbacks(:update, :after)
         flash[:success] = flash_message_for(@object, :successfully_updated)
         respond_with(@object) do |format|
@@ -244,7 +244,7 @@ module Admin
     def override_sells
       unless spree_current_user.admin?
         has_hub = spree_current_user.owned_enterprises.is_hub.any?
-        new_enterprise_is_producer = Enterprise.new(params[:enterprise]).is_primary_producer
+        new_enterprise_is_producer = Enterprise.new(enterprise_params).is_primary_producer
         params[:enterprise][:sells] = has_hub && !new_enterprise_is_producer ? 'any' : 'none'
       end
     end
@@ -303,5 +303,20 @@ module Admin
     def ams_prefix_whitelist
       [:index, :basic]
     end
+
+    def enterprise_params
+      return params[:enterprise] if params[:enterprise].empty?
+
+      params.require(:enterprise).permit(
+        :name, :is_primary_producer, :visible, :permalink,
+        :contact_name, :email_address, :phone, :sells, :owner_id,
+        :website, :facebook, :instagram, :linkedin, :twitter,
+        :abn, :acn, :charges_sales_tax, :display_invoice_logo,
+        :invoice_text, :description, :long_description, :promo_image,
+        :preferred_product_selection_from_inventory_only, :preferred_shopfront_message,
+        :preferred_shopfront_closed_message, :preferred_shopfront_taxon_order,
+        :preferred_shopfront_order_cycle_order, :require_login,
+        :allow_guest_orders, :allow_order_changes, :enable_subscriptions)
+    end
   end
 end