Extract common user permitted attributes to a separate class

app/controllers/spree/admin/users_controller.rb

@@ -138,7 +138,7 @@ module Spree
       end
 
       def user_params
-        params.require(:user).permit(:email, :enterprise_limit, :password, :password_confirmation)
+        PermittedAttributes::User.new(params).call([:enterprise_limit])
       end
     end
   end

app/controllers/spree/users_controller.rb

@@ -72,7 +72,7 @@ module Spree
     end
 
     def user_params
-      params.require(:user).permit(:email, :password, :password_confirmation)
+      ::PermittedAttributes::User.new(params).call
     end
   end
 end

app/controllers/user_registrations_controller.rb

@@ -35,8 +35,7 @@ class UserRegistrationsController < Spree::UserRegistrationsController
   def spree_user_params
     return params[:spree_user] if params[:spree_user].empty?
 
-    params.require(:spree_user).
-      permit(:email, :password, :password_confirmation, :remember_me)
+    PermittedAttributes::User.new(params, :spree_user).call([:remember_me])
   end
 
   def render_error(errors = {})

app/services/permitted_attributes/user.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module PermittedAttributes
+  class User
+    def initialize(params, resource_name = :user)
+      @params = params
+      @resource_name = resource_name
+    end
+
+    def call(extra_permitted_attributes = [])
+      @params.require(@resource_name).
+        permit(permitted_attributes + extra_permitted_attributes)
+    end
+
+    private
+
+    def permitted_attributes
+      [:email, :password, :password_confirmation]
+    end
+  end
+end