Fix strong_params in API taxons_controller

2026-02-27 01:43:22 +00:00 · 2020-11-06 01:54:04 +00:00
parent 417c4d9aea
commit c374bf5e49
1 changed files with 6 additions and 2 deletions
--- a/app/controllers/api/taxons_controller.rb
+++ b/app/controllers/api/taxons_controller.rb
@@ -22,7 +22,7 @@ module Api

    def create
      authorize! :create, Spree::Taxon
-      @taxon = Spree::Taxon.new(params[:taxon])
+      @taxon = Spree::Taxon.new(taxon_params[:taxon])
      @taxon.taxonomy_id = params[:taxonomy_id]
      taxonomy = Spree::Taxonomy.find_by(id: params[:taxonomy_id])

@@ -42,7 +42,7 @@ module Api

    def update
      authorize! :update, Spree::Taxon
-      if taxon.update(params[:taxon])
+      if taxon.update(taxon_params)
        render json: taxon, serializer: Api::TaxonSerializer, status: :ok
      else
        invalid_resource!(taxon)
@@ -66,5 +66,9 @@ module Api
    def taxon
      @taxon ||= taxonomy.taxons.find(params[:id])
    end
+
+    def taxon_params
+      params.permit(taxon: [:name, :parent_id])
+    end
  end
 end