only Products beloning to Store are allowed to be populated to an order

[ghost]

I'm not good on forking/pushing, so might be please somebody feel free to implement it into the master.

currently we are able to populate EVERY variant_id to an order. customers might play around with it (if you run 5 stores with same products and different prices, that will help you stop losing money). unless the product doesn't belong to the store, just redirect to startpage.

Spree::OrdersController.class_eval do
  before_filter :product_belongs_to_store, only: [:populate]
  private    
  def product_belongs_to_store
    redirect_to "/", message: "Couldn't find Product" unless Spree::Variant.find(params[:variant_id]).product.store == current_store
   end  
end