From 913ea5b8836dbdd2551775ac040fee8fb61b1445 Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Sun, 23 Feb 2020 15:29:08 +0000
Subject: [PATCH] Handle strong parameters in bulk_line_items controller

---
 app/controllers/admin/bulk_line_items_controller.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/controllers/admin/bulk_line_items_controller.rb b/app/controllers/admin/bulk_line_items_controller.rb
index 86a2f539e2..dba7bd9bef 100644
--- a/app/controllers/admin/bulk_line_items_controller.rb
+++ b/app/controllers/admin/bulk_line_items_controller.rb
@@ -29,7 +29,7 @@ module Admin
       # See https://github.com/rails/rails/blob/3-2-stable/activerecord/lib/active_record/locking/pessimistic.rb#L69
       # and https://www.postgresql.org/docs/current/static/sql-select.html#SQL-FOR-UPDATE-SHARE
       order.with_lock do
-        if @line_item.update_attributes(params[:line_item])
+        if @line_item.update_attributes(line_item_params)
           order.update_distribution_charge!
           render nothing: true, status: :no_content # No Content, does not trigger ng resource auto-update
         else
@@ -73,5 +73,9 @@ module Admin
     def order
       @line_item.order
     end
+
+    def line_item_params
+      params.require(:line_item).permit(:price, :quantity, :final_weight_volume)
+    end
   end
 end