From 48d4c8733df15895a65a721e8d04ea8d015f6ff2 Mon Sep 17 00:00:00 2001
From: Rob Harrington <oeoeaio@gmail.com>
Date: Thu, 21 Apr 2016 14:42:34 +1000
Subject: [PATCH] When we load up incomplete orders, make sure that they have a
 user associated if the user is logged in

Also associate customer ONLY if one already exists. This is required to prevent unauthorised access to customer-only shopfronts.
---
 app/controllers/enterprises_controller.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/controllers/enterprises_controller.rb b/app/controllers/enterprises_controller.rb
index fe2eda8bfd..14564d1129 100644
--- a/app/controllers/enterprises_controller.rb
+++ b/app/controllers/enterprises_controller.rb
@@ -47,6 +47,11 @@ class EnterprisesController < BaseController
 
     order.distributor = distributor
 
+    if user = try_spree_current_user
+      order.associate_user!(user) if (order.user.blank? || order.email.blank?)
+      order.send(:associate_customer) if order.customer.nil? # Only associates existing customers
+    end
+
     order_cycle_options = OrderCycle.active.with_distributor(distributor)
     order.order_cycle = order_cycle_options.first if order_cycle_options.count == 1
     order.save!