From fccc8037f079f3fdccad01ccdf7f085bc3d23feb Mon Sep 17 00:00:00 2001
From: Matt-Yorkley <9029026+Matt-Yorkley@users.noreply.github.com>
Date: Sun, 23 Feb 2020 14:26:14 +0100
Subject: [PATCH] Add strong_params to enterprise_relationships_controller.rb

Fixes specs such as:

  31)
  As an Administrator
  I want to manage relationships between enterprises
 as a site administrator creating a relationship
      Failure/Error: raise ActiveModel::ForbiddenAttributesError, params.to_s

      ActiveModel::ForbiddenAttributesError:
        {"enterprise_relationship"=>{"parent_id"=>284, "child_id"=>285, "permissions_list"=>["add_to_order_cycle", "edit_profile", "create_variant_overrides"]}, "action"=>"create", "controller"=>"admin/enterprise_relationships"}
      # ./app/controllers/application_controller.rb:16:in `print_params'
      # ./lib/open_food_network/rack_request_blocker.rb:36:in `call'
      # ------------------
      # --- Caused by: ---
      # ActiveModel::ForbiddenAttributesError:
      #   ActiveModel::ForbiddenAttributesError
      #   ./app/controllers/admin/enterprise_relationships_controller.rb:10:in `create'
---
 .../admin/enterprise_relationships_controller.rb          | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/controllers/admin/enterprise_relationships_controller.rb b/app/controllers/admin/enterprise_relationships_controller.rb
index 0ffb648f44..1996b4f73d 100644
--- a/app/controllers/admin/enterprise_relationships_controller.rb
+++ b/app/controllers/admin/enterprise_relationships_controller.rb
@@ -7,7 +7,7 @@ module Admin
     end
 
     def create
-      @enterprise_relationship = EnterpriseRelationship.new params[:enterprise_relationship]
+      @enterprise_relationship = EnterpriseRelationship.new enterprise_relationship_params
 
       if @enterprise_relationship.save
         render text: Api::Admin::EnterpriseRelationshipSerializer.new(@enterprise_relationship).to_json
@@ -21,5 +21,11 @@ module Admin
       @enterprise_relationship.destroy
       render nothing: true
     end
+
+    private
+
+    def enterprise_relationship_params
+      params.require(:enterprise_relationship).permit(:parent_id, :child_id, :permissions_list)
+    end
   end
 end