From cdf71b419fdbda1b72da11e603c7720c27d0c531 Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Bellet <jb.bellet@gmail.com>
Date: Mon, 19 Sep 2022 17:36:07 +0200
Subject: [PATCH 1/3] Search within all enterprises if user is the super admin

---
 app/controllers/spree/admin/search_controller.rb | 7 ++++++-
 spec/system/admin/order_spec.rb                  | 1 -
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/app/controllers/spree/admin/search_controller.rb b/app/controllers/spree/admin/search_controller.rb
index 1ddb023b3a..df96618fc0 100644
--- a/app/controllers/spree/admin/search_controller.rb
+++ b/app/controllers/spree/admin/search_controller.rb
@@ -19,7 +19,12 @@ module Spree
 
       def customers
         @customers = []
-        if spree_current_user.enterprises.pluck(:id).include? search_params[:distributor_id].to_i
+        enterprise_ids = if spree_current_user.admin?
+                           Enterprise.pluck(:id)
+                         else
+                           spree_current_user.enterprises.pluck(:id)
+                         end
+        if enterprise_ids.include? search_params[:distributor_id].to_i
           @customers = Customer.
             ransack(m: 'or', email_start: search_params[:q], first_name_start: search_params[:q],
                     last_name_start: search_params[:q]).
diff --git a/spec/system/admin/order_spec.rb b/spec/system/admin/order_spec.rb
index c25d5c13c1..ef43bd5b2d 100644
--- a/spec/system/admin/order_spec.rb
+++ b/spec/system/admin/order_spec.rb
@@ -755,7 +755,6 @@ describe '
       end
       
       it "finds a customer by name" do
-        pending("issue #9684")
         serching_for_customers
       end
     end

From 12d7db3dd6509c969d66228e7b422a77aa79f24f Mon Sep 17 00:00:00 2001
From: Maikel Linke <maikel@email.org.au>
Date: Tue, 27 Sep 2022 11:32:40 +1000
Subject: [PATCH 2/3] More efficient enterprise access check

---
 app/controllers/spree/admin/search_controller.rb | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/app/controllers/spree/admin/search_controller.rb b/app/controllers/spree/admin/search_controller.rb
index df96618fc0..3d4e95f0b5 100644
--- a/app/controllers/spree/admin/search_controller.rb
+++ b/app/controllers/spree/admin/search_controller.rb
@@ -19,12 +19,7 @@ module Spree
 
       def customers
         @customers = []
-        enterprise_ids = if spree_current_user.admin?
-                           Enterprise.pluck(:id)
-                         else
-                           spree_current_user.enterprises.pluck(:id)
-                         end
-        if enterprise_ids.include? search_params[:distributor_id].to_i
+        if enterprises.where(id: search_params[:distributor_id].to_i).present?
           @customers = Customer.
             ransack(m: 'or', email_start: search_params[:q], first_name_start: search_params[:q],
                     last_name_start: search_params[:q]).
@@ -50,6 +45,14 @@ module Spree
       def search_params
         params.permit(:q, :distributor_id).to_h.with_indifferent_access
       end
+
+      def enterprises
+        if spree_current_user.admin?
+          Enterprise.all
+        else
+          spree_current_user.enterprises
+        end
+      end
     end
   end
 end

From d81037d6581f4ff88ad42b0d6571865388fec4f1 Mon Sep 17 00:00:00 2001
From: Maikel Linke <maikel@email.org.au>
Date: Tue, 27 Sep 2022 11:41:28 +1000
Subject: [PATCH 3/3] Simplify branching logic in SearchesController

---
 .../spree/admin/search_controller.rb          | 35 ++++++++++---------
 1 file changed, 18 insertions(+), 17 deletions(-)

diff --git a/app/controllers/spree/admin/search_controller.rb b/app/controllers/spree/admin/search_controller.rb
index 3d4e95f0b5..7032a17e22 100644
--- a/app/controllers/spree/admin/search_controller.rb
+++ b/app/controllers/spree/admin/search_controller.rb
@@ -18,19 +18,28 @@ module Spree
       end
 
       def customers
-        @customers = []
-        if enterprises.where(id: search_params[:distributor_id].to_i).present?
-          @customers = Customer.
-            ransack(m: 'or', email_start: search_params[:q], first_name_start: search_params[:q],
-                    last_name_start: search_params[:q]).
-            result.
-            where(enterprise_id: search_params[:distributor_id].to_i)
-        end
-        render json: @customers, each_serializer: ::Api::Admin::CustomerSerializer
+        render json: load_customers, each_serializer: ::Api::Admin::CustomerSerializer
       end
 
       private
 
+      def load_customers
+        return [] unless valid_enterprise_given?
+
+        Customer.ransack(
+          m: 'or', email_start: search_params[:q],
+          first_name_start: search_params[:q], last_name_start: search_params[:q]
+        ).result.where(enterprise_id: search_params[:distributor_id].to_i)
+      end
+
+      def valid_enterprise_given?
+        return true if spree_current_user.admin?
+
+        spree_current_user.enterprises.where(
+          id: search_params[:distributor_id].to_i
+        ).present?
+      end
+
       def ransack_hash
         {
           m: 'or',
@@ -45,14 +54,6 @@ module Spree
       def search_params
         params.permit(:q, :distributor_id).to_h.with_indifferent_access
       end
-
-      def enterprises
-        if spree_current_user.admin?
-          Enterprise.all
-        else
-          spree_current_user.enterprises
-        end
-      end
     end
   end
 end