diff --git a/app/controllers/devise_overrides/registrations_controller.rb b/app/controllers/devise_overrides/registrations_controller.rb
index 22eb0272b..54ad9e9d9 100644
--- a/app/controllers/devise_overrides/registrations_controller.rb
+++ b/app/controllers/devise_overrides/registrations_controller.rb
@@ -32,11 +32,7 @@ def after_inactive_sign_up_path_for(resource)
   private
 
   def user_params
-    params.require(:user).permit(policy(User).permitted_attributes + [:current_password, {
-      region_ids: [],
-      subscribed_organization_ids: [],
-      profile_attributes: policy(Profile).permitted_attributes
-    }])
+    permitted_attributes(User)
   end
 
   # check if we need password to update user data
diff --git a/app/controllers/locations_controller.rb b/app/controllers/locations_controller.rb
index 868ceb468..36cca64bd 100644
--- a/app/controllers/locations_controller.rb
+++ b/app/controllers/locations_controller.rb
@@ -66,9 +66,7 @@ def destroy
   private
 
   def location_params
-    attributes = policy(Location).permitted_attributes
-    attributes = attributes + [:contact_info, :notes] if @location && policy(@location).edit_additional_details?
-    params.require(:location).permit(attributes)
+    permitted_attributes(@location || Location.new)
   end
 
   def assign_location
diff --git a/app/controllers/rsvps_controller.rb b/app/controllers/rsvps_controller.rb
index 444043a17..fd2d4a2d7 100644
--- a/app/controllers/rsvps_controller.rb
+++ b/app/controllers/rsvps_controller.rb
@@ -121,9 +121,7 @@ def apply_other_changes_from_params
 
   def rsvp_params
     role_id = params[:rsvp][:role_id].to_i
-    params.require(:rsvp).permit(policy(Rsvp).permitted_attributes + [
-      event_session_ids: [], dietary_restriction_diets: []
-    ]).tap do |params|
+    permitted_attributes(Rsvp).tap do |params|
       if role_id == Role::STUDENT.id
         user_choices = Array(params[:event_session_ids]).select(&:present?).map(&:to_i)
         required_sessions = @event.event_sessions.where(required_for_students: true).pluck(:id)
diff --git a/app/policies/event_policy.rb b/app/policies/event_policy.rb
index d80c9f1fd..6ff60a5dc 100644
--- a/app/policies/event_policy.rb
+++ b/app/policies/event_policy.rb
@@ -67,7 +67,11 @@ def permitted_attributes
       :email_on_approval,
       :has_childcare,
       :restrict_operating_systems,
-      :survey_greeting
+      :survey_greeting,
+      {
+        event_sessions_attributes: EventSessionPolicy.new(user, EventSession).permitted_attributes + [:id],
+        allowed_operating_system_ids: []
+      }
     ]
   end
 end
\ No newline at end of file
diff --git a/app/policies/location_policy.rb b/app/policies/location_policy.rb
index 83dbadd36..e6ba377d6 100644
--- a/app/policies/location_policy.rb
+++ b/app/policies/location_policy.rb
@@ -21,7 +21,7 @@ def edit_additional_details?
   end
 
   def permitted_attributes
-    [
+    attributes = [
       :name,
       :address_1,
       :address_2,
@@ -30,5 +30,12 @@ def permitted_attributes
       :zip,
       :region_id
     ]
+    if edit_additional_details?
+      attributes += [
+        :contact_info,
+        :notes
+      ]
+    end
+    attributes
   end
 end
\ No newline at end of file
diff --git a/app/policies/rsvp_policy.rb b/app/policies/rsvp_policy.rb
index de170a177..ba7ab8fc2 100644
--- a/app/policies/rsvp_policy.rb
+++ b/app/policies/rsvp_policy.rb
@@ -16,7 +16,11 @@ def permitted_attributes
       :class_level,
       :dietary_info,
       :needs_childcare,
-      :plus_one_host
+      :plus_one_host,
+      {
+        event_session_ids: [],
+        dietary_restriction_diets: []
+      }
     ]
   end
 end
\ No newline at end of file
diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb
index b0f015ee7..75069a435 100644
--- a/app/policies/user_policy.rb
+++ b/app/policies/user_policy.rb
@@ -9,7 +9,13 @@ def permitted_attributes
       :remember_me,
       :time_zone,
       :gender,
-      :allow_event_email
+      :allow_event_email,
+      :current_password,
+      {
+        region_ids: [],
+        subscribed_organization_ids: [],
+        profile_attributes: ProfilePolicy.new(user, Profile).permitted_attributes
+      }
     ]
   end
 end
\ No newline at end of file
diff --git a/app/services/event_editor.rb b/app/services/event_editor.rb
index cec58cbb5..101c891e2 100644
--- a/app/services/event_editor.rb
+++ b/app/services/event_editor.rb
@@ -68,8 +68,6 @@ def initialize(event:, notice: nil, render: nil, status: nil)
 
   def event_params(event = nil)
     permitted = EventPolicy.new(current_user, Event).permitted_attributes.dup
-    permitted << {event_sessions_attributes: EventSessionPolicy.new(current_user, EventSession).permitted_attributes + [:id]}
-    permitted << {allowed_operating_system_ids: []}
 
     derived_params = {}
     if params[:save_draft]