From afa40ea82fe954192117d3f3ec0fd0e1c00281ce Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Bellet <jb.bellet@gmail.com>
Date: Tue, 12 Jul 2022 18:49:15 +0200
Subject: [PATCH] Authorize `product` and not `@product`

---
 app/controllers/api/v0/product_images_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/v0/product_images_controller.rb b/app/controllers/api/v0/product_images_controller.rb
index 1df2664224..97e4b2d42c 100644
--- a/app/controllers/api/v0/product_images_controller.rb
+++ b/app/controllers/api/v0/product_images_controller.rb
@@ -7,7 +7,7 @@ module Api
 
       def update_product_image
         product = Spree::Product.find(params[:product_id])
-        authorize! :update, @product
+        authorize! :update, product
 
         image = product.images.first || Spree::Image.new(
           viewable_id: product.master.id,