From 74fee336e6d8c8b36dab597b76572a235068c0db Mon Sep 17 00:00:00 2001
From: Gaetan Craig-Riou <gaetan.riou@gmail.com>
Date: Fri, 5 May 2023 16:21:21 +1000
Subject: [PATCH] Admin::VoucherController check enterprise permission

---
 app/controllers/admin/vouchers_controller.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/controllers/admin/vouchers_controller.rb b/app/controllers/admin/vouchers_controller.rb
index 66908db7ff62..efd9ac9b7d88 100644
--- a/app/controllers/admin/vouchers_controller.rb
+++ b/app/controllers/admin/vouchers_controller.rb
@@ -26,7 +26,10 @@ def create
     private
 
     def load_enterprise
-      @enterprise = Enterprise.find_by(permalink: params[:enterprise_id])
+      @enterprise = OpenFoodNetwork::Permissions
+        .new(spree_current_user)
+        .editable_enterprises
+        .find_by(permalink: params[:enterprise_id])
     end
 
     def permitted_resource_params