Add strong parameters to orders_controller.rb

2026-04-06 07:29:16 +00:00 · 2019-12-23 12:24:04 +01:00
parent bd6b409708
commit f77194875c
1 changed files with 5 additions and 1 deletions
--- a/app/controllers/spree/admin/orders_controller.rb
+++ b/app/controllers/spree/admin/orders_controller.rb
@@ -44,7 +44,7 @@ module Spree
      end

      def update
-        unless @order.update_attributes(params[:order]) && @order.line_items.present?
+        unless @order.update_attributes(order_params) && @order.line_items.present?
          if @order.line_items.empty?
            @order.errors.add(:line_items, Spree.t('errors.messages.blank'))
          end
@@ -108,6 +108,10 @@ module Spree

      private

+      def order_params
+        params.require(:order).permit(:distributor_id, :order_cycle_id)
+      end
+
      def load_order
        @order = Order.find_by_number!(params[:id], include: :adjustments) if params[:id]
        authorize! action, @order