From e77d9aba7b452441ce8e785c65dbf5e03f08d5ab Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Wed, 13 May 2020 12:12:32 +0100
Subject: [PATCH 01/13] Add missing strong params to less important controllers
 not tested in specs

---
 app/controllers/spree/admin/countries_controller.rb          | 5 +++++
 .../spree/admin/return_authorizations_controller.rb          | 5 +++++
 .../spree/admin/shipping_categories_controller.rb            | 4 ++++
 3 files changed, 14 insertions(+)

diff --git a/app/controllers/spree/admin/countries_controller.rb b/app/controllers/spree/admin/countries_controller.rb
index 4314e54b37..f6a90bf567 100644
--- a/app/controllers/spree/admin/countries_controller.rb
+++ b/app/controllers/spree/admin/countries_controller.rb
@@ -1,6 +1,11 @@
 module Spree
   module Admin
     class CountriesController < ResourceController
+      def permitted_resource_params
+        params.require(:country).
+          permit(:name, :iso_name, :states_required)
+      end
+
       def collection
         super.order(:name)
       end
diff --git a/app/controllers/spree/admin/return_authorizations_controller.rb b/app/controllers/spree/admin/return_authorizations_controller.rb
index 9696835315..0411cd5b1b 100644
--- a/app/controllers/spree/admin/return_authorizations_controller.rb
+++ b/app/controllers/spree/admin/return_authorizations_controller.rb
@@ -19,6 +19,11 @@ module Spree
           @return_authorization.add_variant(variant_id.to_i, qty.to_i)
         end
       end
+
+      def permitted_resource_params
+        params.require(:return_authorization).
+          permit(:amount, :reason, :stock_location_id)
+      end
     end
   end
 end
diff --git a/app/controllers/spree/admin/shipping_categories_controller.rb b/app/controllers/spree/admin/shipping_categories_controller.rb
index e9d1677027..7fa77bcc9c 100644
--- a/app/controllers/spree/admin/shipping_categories_controller.rb
+++ b/app/controllers/spree/admin/shipping_categories_controller.rb
@@ -1,6 +1,10 @@
 module Spree
   module Admin
     class ShippingCategoriesController < ResourceController
+      def permitted_resource_params
+        params.require(:shipping_category).
+          permit(:name, :temperature_controlled)
+      end
     end
   end
 end

From 73f2844fe31abda5a96501ef839a555981ee1d29 Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Sat, 16 May 2020 15:13:29 +0100
Subject: [PATCH 02/13] Add spec for shipping categories

---
 .../shipping_categories_controller_spec.rb    | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 spec/controllers/spree/admin/shipping_categories_controller_spec.rb

diff --git a/spec/controllers/spree/admin/shipping_categories_controller_spec.rb b/spec/controllers/spree/admin/shipping_categories_controller_spec.rb
new file mode 100644
index 0000000000..531b175072
--- /dev/null
+++ b/spec/controllers/spree/admin/shipping_categories_controller_spec.rb
@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+module Spree
+  module Admin
+    describe ShippingCategoriesController, type: :controller do
+      include AuthenticationWorkflow
+
+      describe "#create and #update" do
+        before { login_as_admin }
+
+        it "creates a shipping shipping category" do
+          expect {
+            spree_post :create, shipping_category: { name: "Frozen" }
+          }.to change(Spree::ShippingCategory.all, :count).by(1)
+
+          expect(response).to redirect_to spree.admin_shipping_categories_url
+        end
+
+        it "updates an existing shipping category" do
+          shipping_category = create(:shipping_category)
+          spree_put :update, id: shipping_category.id,
+                             shipping_category: { name: "Super Frozen" }
+
+          expect(response).to redirect_to spree.admin_shipping_categories_url
+          expect(shipping_category.reload.name).to eq "Super Frozen"
+        end
+      end
+    end
+  end
+end

From 583b4a1df72df53f39426d7a692525c2eeb36382 Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Sat, 16 May 2020 15:17:09 +0100
Subject: [PATCH 03/13] Add spec to countries_controller

---
 .../spree/admin/countries_controller_spec.rb  | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 spec/controllers/spree/admin/countries_controller_spec.rb

diff --git a/spec/controllers/spree/admin/countries_controller_spec.rb b/spec/controllers/spree/admin/countries_controller_spec.rb
new file mode 100644
index 0000000000..4146a506de
--- /dev/null
+++ b/spec/controllers/spree/admin/countries_controller_spec.rb
@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+module Spree
+  module Admin
+    describe CountriesController, type: :controller do
+      include AuthenticationWorkflow
+
+      describe "#update" do
+        before { login_as_admin }
+
+        it "updates the name of an existing country" do
+          country = create(:country)
+          spree_put :update, id: country.id,
+                             country: { name: "Kyrgyzstan" }
+
+          expect(response).to redirect_to spree.admin_countries_url
+          expect(country.reload.name).to eq "Kyrgyzstan"
+        end
+      end
+    end
+  end
+end

From bae128738bf4ee0781b6cef0f8d7bd4bc6dde9b9 Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Sat, 16 May 2020 16:25:18 +0100
Subject: [PATCH 04/13] Add spec for return authorizations controller

---
 .../return_authorizations_controller_spec.rb  | 47 +++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 spec/controllers/spree/admin/return_authorizations_controller_spec.rb

diff --git a/spec/controllers/spree/admin/return_authorizations_controller_spec.rb b/spec/controllers/spree/admin/return_authorizations_controller_spec.rb
new file mode 100644
index 0000000000..6c28642da5
--- /dev/null
+++ b/spec/controllers/spree/admin/return_authorizations_controller_spec.rb
@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+module Spree
+  module Admin
+    describe ReturnAuthorizationsController, type: :controller do
+      include AuthenticationWorkflow
+
+      let(:order) do
+        create(:order, :with_line_item, :completed,
+               distributor: create(:distributor_enterprise) )
+      end
+
+      before do
+        login_as_admin
+
+        # Pay the order
+        order.payments.first.complete
+        order.updater.update_payment_state
+
+        # Ship the order
+        order.reload.shipment.ship!
+      end
+
+      it "creates and updates a return authorization" do
+        # Create return authorization
+        spree_post :create, order_id: order.number,
+                            return_authorization: { amount: "20.2", reason: "broken" }
+
+        expect(response).to redirect_to spree.admin_order_return_authorizations_url(order.number)
+        return_authorization = order.return_authorizations.first
+        expect(return_authorization.amount.to_s).to eq "20.2"
+        expect(return_authorization.reason.to_s).to eq "broken"
+
+        # Update return authorization
+        spree_put :update, id: return_authorization.id,
+                           return_authorization: { amount: "10.2", reason: "half broken" }
+
+        expect(response).to redirect_to spree.admin_order_return_authorizations_url(order.number)
+        return_authorization.reload
+        expect(return_authorization.amount.to_s).to eq "10.2"
+        expect(return_authorization.reason.to_s).to eq "half broken"
+      end
+    end
+  end
+end

From 754b657f81b378306269c900fcfe7efb036b57e5 Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Mon, 18 May 2020 15:13:03 +0100
Subject: [PATCH 05/13] Move controller methods to protected to keeep
 consitency and isolation

---
 app/controllers/spree/admin/countries_controller.rb           | 3 +++
 app/controllers/spree/admin/shipping_categories_controller.rb | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/app/controllers/spree/admin/countries_controller.rb b/app/controllers/spree/admin/countries_controller.rb
index f6a90bf567..9dc2cc00a3 100644
--- a/app/controllers/spree/admin/countries_controller.rb
+++ b/app/controllers/spree/admin/countries_controller.rb
@@ -1,6 +1,9 @@
 module Spree
   module Admin
     class CountriesController < ResourceController
+
+      protected
+
       def permitted_resource_params
         params.require(:country).
           permit(:name, :iso_name, :states_required)
diff --git a/app/controllers/spree/admin/shipping_categories_controller.rb b/app/controllers/spree/admin/shipping_categories_controller.rb
index 7fa77bcc9c..91f476e12f 100644
--- a/app/controllers/spree/admin/shipping_categories_controller.rb
+++ b/app/controllers/spree/admin/shipping_categories_controller.rb
@@ -1,6 +1,9 @@
 module Spree
   module Admin
     class ShippingCategoriesController < ResourceController
+
+      protected
+
       def permitted_resource_params
         params.require(:shipping_category).
           permit(:name, :temperature_controlled)

From c6842ada7f680025b6a2f08346e8c604f0e1005c Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Wed, 13 May 2020 10:56:20 +0100
Subject: [PATCH 06/13] Add variant_unit_name to the list of fields to be
 ignored when creating a variant, it's a product field

---
 app/models/product_import/entry_validator.rb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/models/product_import/entry_validator.rb b/app/models/product_import/entry_validator.rb
index 1f27ed7af7..0dbbac1468 100644
--- a/app/models/product_import/entry_validator.rb
+++ b/app/models/product_import/entry_validator.rb
@@ -64,7 +64,8 @@ module ProductImport
     def mark_as_new_variant(entry, product_id)
       new_variant = Spree::Variant.new(
         entry.assignable_attributes.except('id', 'product_id', 'on_hand', 'on_demand',
-                                           'variant_unit', 'variant_unit_scale', 'primary_taxon_id')
+                                           'variant_unit', 'variant_unit_name',
+                                           'variant_unit_scale', 'primary_taxon_id')
       )
       new_variant.save
       new_variant.on_demand = entry.attributes['on_demand'] if entry.attributes['on_demand'].present?
@@ -311,7 +312,8 @@ module ProductImport
 
     def mark_as_existing_variant(entry, existing_variant)
       existing_variant.assign_attributes(
-        entry.assignable_attributes.except('id', 'product_id', 'variant_unit', 'variant_unit_scale', 'primary_taxon_id')
+        entry.assignable_attributes.except('id', 'product_id', 'variant_unit', 'variant_unit_name',
+                                           'variant_unit_scale', 'primary_taxon_id')
       )
       check_on_hand_nil(entry, existing_variant)
 

From 48985bbcd19f65641c233848a1e03217a6b203c1 Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Thu, 7 May 2020 19:59:47 +0100
Subject: [PATCH 07/13] Use patch instead of put, because it's rails 4

Extend the registration process spec to cover package selection
---
 config/routes/admin.rb                      | 2 +-
 spec/features/consumer/registration_spec.rb | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/config/routes/admin.rb b/config/routes/admin.rb
index 3456248e25..931015e302 100644
--- a/config/routes/admin.rb
+++ b/config/routes/admin.rb
@@ -27,7 +27,7 @@ Openfoodnetwork::Application.routes.draw do
 
       member do
         get :welcome
-        put :register
+        patch :register
       end
 
       resources :producer_properties do
diff --git a/spec/features/consumer/registration_spec.rb b/spec/features/consumer/registration_spec.rb
index e4bf198637..ed0c2f96b1 100644
--- a/spec/features/consumer/registration_spec.rb
+++ b/spec/features/consumer/registration_spec.rb
@@ -124,6 +124,10 @@ feature "Registration", js: true do
 
       click_link "Go to Enterprise Dashboard"
       expect(page).to have_content "CHOOSE YOUR PACKAGE"
+
+      page.find('.full_hub h3').click
+      click_button "Select and Continue"
+      expect(page).to have_content "Your profile live"
     end
 
     context "when the user has no more remaining enterprises" do

From 2d7f1ce283bfff962d57dd40c10ea52f6f78f85d Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Mon, 1 Jun 2020 20:36:07 +0100
Subject: [PATCH 08/13] Delete all variants from test product not just the
 first one

---
 spec/models/concerns/product_stock_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec/models/concerns/product_stock_spec.rb b/spec/models/concerns/product_stock_spec.rb
index cf91b4d671..5b5a21efb4 100644
--- a/spec/models/concerns/product_stock_spec.rb
+++ b/spec/models/concerns/product_stock_spec.rb
@@ -5,7 +5,7 @@ describe ProductStock do
 
   context "when product has no variants" do
     before do
-      product.variants.first.destroy
+      product.variants.destroy
       product.variants.reload
     end
 

From c68459f212a7aefb69863f896de7174da25f70fc Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Tue, 2 Jun 2020 16:16:07 +0100
Subject: [PATCH 09/13] Make enterprises_controller_spec use api_post instead
 of spree_post

---
 spec/controllers/api/enterprises_controller_spec.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/spec/controllers/api/enterprises_controller_spec.rb b/spec/controllers/api/enterprises_controller_spec.rb
index 54c5efc3b3..d0e8209f31 100644
--- a/spec/controllers/api/enterprises_controller_spec.rb
+++ b/spec/controllers/api/enterprises_controller_spec.rb
@@ -23,14 +23,14 @@ module Api
               address1: '123 Abc Street',
               city: 'Northcote',
               zipcode: '3070',
-              state_id: australia.states.first,
+              state_id: australia.states.first.id,
               country_id: australia.id
             }
           }
         end
 
         it "creates as sells=any when it is not a producer" do
-          spree_post :create, { enterprise: new_enterprise_params }
+          api_post :create, { enterprise: new_enterprise_params }
           expect(response).to be_success
 
           enterprise = Enterprise.last

From ff0c93a76bc34edb7d91fb03d9fce65726ae0594 Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Tue, 2 Jun 2020 18:22:30 +0100
Subject: [PATCH 10/13] Join module and describe declaration so that rspec
 picks up correct controller under Api namespace and not the controller with
 the same name in the base namespace

---
 .../api/enterprises_controller_spec.rb        | 142 +++++++++---------
 1 file changed, 70 insertions(+), 72 deletions(-)

diff --git a/spec/controllers/api/enterprises_controller_spec.rb b/spec/controllers/api/enterprises_controller_spec.rb
index d0e8209f31..c407a2b918 100644
--- a/spec/controllers/api/enterprises_controller_spec.rb
+++ b/spec/controllers/api/enterprises_controller_spec.rb
@@ -1,95 +1,93 @@
 require 'spec_helper'
 
-module Api
-  describe EnterprisesController, type: :controller do
-    include AuthenticationWorkflow
-    render_views
+describe Api::EnterprisesController, type: :controller do
+  include AuthenticationWorkflow
+  render_views
 
-    let(:enterprise) { create(:distributor_enterprise) }
+  let(:enterprise) { create(:distributor_enterprise) }
 
-    context "as an enterprise owner" do
-      let(:enterprise_owner) { create_enterprise_user enterprise_limit: 10 }
-      let!(:enterprise) { create(:distributor_enterprise, owner: enterprise_owner) }
+  context "as an enterprise owner" do
+    let(:enterprise_owner) { create_enterprise_user enterprise_limit: 10 }
+    let!(:enterprise) { create(:distributor_enterprise, owner: enterprise_owner) }
 
-      before do
-        allow(controller).to receive(:spree_current_user) { enterprise_owner }
-      end
-
-      describe "creating an enterprise" do
-        let(:australia) { Spree::Country.find_by(name: 'Australia') }
-        let(:new_enterprise_params) do
-          {
-            name: 'name', contact_name: 'Sheila', address_attributes: {
-              address1: '123 Abc Street',
-              city: 'Northcote',
-              zipcode: '3070',
-              state_id: australia.states.first.id,
-              country_id: australia.id
-            }
-          }
-        end
-
-        it "creates as sells=any when it is not a producer" do
-          api_post :create, { enterprise: new_enterprise_params }
-          expect(response).to be_success
-
-          enterprise = Enterprise.last
-          expect(enterprise.sells).to eq('any')
-        end
-
-        it "saves all user ids submitted" do
-          manager1 = create(:user)
-          manager2 = create(:user)
-          spree_post :create, {
-            enterprise: new_enterprise_params.
-              merge({ user_ids: [enterprise_owner.id, manager1.id, manager2.id] })
-          }
-          expect(response).to be_success
-
-          enterprise = Enterprise.last
-          expect(enterprise.user_ids).to match_array([enterprise_owner.id, manager1.id, manager2.id])
-        end
-      end
+    before do
+      allow(controller).to receive(:spree_current_user) { enterprise_owner }
     end
 
-    context "as an enterprise manager" do
-      let(:enterprise_manager) { create_enterprise_user }
-
-      before do
-        enterprise_manager.enterprise_roles.build(enterprise: enterprise).save
-        allow(controller).to receive(:spree_current_user) { enterprise_manager }
+    describe "creating an enterprise" do
+      let(:australia) { Spree::Country.find_by(name: 'Australia') }
+      let(:new_enterprise_params) do
+        {
+          name: 'name', contact_name: 'Sheila', address_attributes: {
+            address1: '123 Abc Street',
+            city: 'Northcote',
+            zipcode: '3070',
+            state_id: australia.states.first.id,
+            country_id: australia.id
+          }
+        }
       end
 
-      describe "submitting a valid image" do
-        before do
-          allow(Enterprise)
-            .to receive(:find_by).with({ permalink: enterprise.id.to_s }) { enterprise }
-          allow(enterprise).to receive(:update_attributes).and_return(true)
-        end
+      it "creates as sells=any when it is not a producer" do
+        api_post :create, { enterprise: new_enterprise_params }
+        expect(response).to be_success
 
-        it "I can update enterprise image" do
-          spree_post :update_image, logo: 'a logo', id: enterprise.id
-          expect(response).to be_success
-        end
+        enterprise = Enterprise.last
+        expect(enterprise.sells).to eq('any')
+      end
+
+      it "saves all user ids submitted" do
+        manager1 = create(:user)
+        manager2 = create(:user)
+        spree_post :create, {
+          enterprise: new_enterprise_params.
+            merge({ user_ids: [enterprise_owner.id, manager1.id, manager2.id] })
+        }
+        expect(response).to be_success
+
+        enterprise = Enterprise.last
+        expect(enterprise.user_ids).to match_array([enterprise_owner.id, manager1.id, manager2.id])
       end
     end
+  end
 
-    context "as an non-managing user" do
-      let(:non_managing_user) { create_enterprise_user }
+  context "as an enterprise manager" do
+    let(:enterprise_manager) { create_enterprise_user }
 
+    before do
+      enterprise_manager.enterprise_roles.build(enterprise: enterprise).save
+      allow(controller).to receive(:spree_current_user) { enterprise_manager }
+    end
+
+    describe "submitting a valid image" do
       before do
         allow(Enterprise)
           .to receive(:find_by).with({ permalink: enterprise.id.to_s }) { enterprise }
-        allow(controller).to receive(:spree_current_user) { non_managing_user }
+        allow(enterprise).to receive(:update_attributes).and_return(true)
       end
 
-      describe "submitting a valid image" do
-        before { allow(enterprise).to receive(:update_attributes).and_return(true) }
+      it "I can update enterprise image" do
+        spree_post :update_image, logo: 'a logo', id: enterprise.id
+        expect(response).to be_success
+      end
+    end
+  end
 
-        it "I can't update enterprise image" do
-          spree_post :update_image, logo: 'a logo', id: enterprise.id
-          assert_unauthorized!
-        end
+  context "as an non-managing user" do
+    let(:non_managing_user) { create_enterprise_user }
+
+    before do
+      allow(Enterprise)
+        .to receive(:find_by).with({ permalink: enterprise.id.to_s }) { enterprise }
+      allow(controller).to receive(:spree_current_user) { non_managing_user }
+    end
+
+    describe "submitting a valid image" do
+      before { allow(enterprise).to receive(:update_attributes).and_return(true) }
+
+      it "I can't update enterprise image" do
+        spree_post :update_image, logo: 'a logo', id: enterprise.id
+        assert_unauthorized!
       end
     end
   end

From 251c04f2d91ed06abb1e5b2770bbafa9e25de6e6 Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Tue, 2 Jun 2020 19:08:13 +0100
Subject: [PATCH 11/13] Make all tests in enterprises_controller_spec use
 api_post instead of spree_post

---
 spec/controllers/api/enterprises_controller_spec.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/spec/controllers/api/enterprises_controller_spec.rb b/spec/controllers/api/enterprises_controller_spec.rb
index c407a2b918..1b3382274e 100644
--- a/spec/controllers/api/enterprises_controller_spec.rb
+++ b/spec/controllers/api/enterprises_controller_spec.rb
@@ -39,7 +39,7 @@ describe Api::EnterprisesController, type: :controller do
       it "saves all user ids submitted" do
         manager1 = create(:user)
         manager2 = create(:user)
-        spree_post :create, {
+        api_post :create, {
           enterprise: new_enterprise_params.
             merge({ user_ids: [enterprise_owner.id, manager1.id, manager2.id] })
         }
@@ -67,7 +67,7 @@ describe Api::EnterprisesController, type: :controller do
       end
 
       it "I can update enterprise image" do
-        spree_post :update_image, logo: 'a logo', id: enterprise.id
+        api_post :update_image, logo: 'a logo', id: enterprise.id
         expect(response).to be_success
       end
     end
@@ -86,7 +86,7 @@ describe Api::EnterprisesController, type: :controller do
       before { allow(enterprise).to receive(:update_attributes).and_return(true) }
 
       it "I can't update enterprise image" do
-        spree_post :update_image, logo: 'a logo', id: enterprise.id
+        api_post :update_image, logo: 'a logo', id: enterprise.id
         assert_unauthorized!
       end
     end

From f9d86eb7edce9e32b3547fe0e243796bbd11d927 Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Tue, 2 Jun 2020 20:17:46 +0100
Subject: [PATCH 12/13] Join module and describe declaration so that rspec
 picks up correct controller under Api namespace and not the controller with
 the same name in the base namespace

---
 spec/controllers/api/shops_controller_spec.rb | 64 +++++++++----------
 1 file changed, 31 insertions(+), 33 deletions(-)

diff --git a/spec/controllers/api/shops_controller_spec.rb b/spec/controllers/api/shops_controller_spec.rb
index 33343e8d84..127dd83848 100644
--- a/spec/controllers/api/shops_controller_spec.rb
+++ b/spec/controllers/api/shops_controller_spec.rb
@@ -2,45 +2,43 @@
 
 require 'spec_helper'
 
-module Api
-  describe ShopsController, type: :controller do
-    include AuthenticationWorkflow
-    render_views
+describe Api::ShopsController, type: :controller do
+  include AuthenticationWorkflow
+  render_views
 
-    context "as a non-authenticated user" do
-      let!(:hub) {
-        create(:distributor_enterprise, with_payment_and_shipping: true, name: 'Shopfront Test Hub')
-      }
-      let!(:producer) { create(:supplier_enterprise, name: 'Shopfront Test Producer') }
-      let!(:category) { create(:taxon, name: 'Fruit') }
-      let!(:product) { create(:product, supplier: producer, primary_taxon: category ) }
-      let!(:relationship) { create(:enterprise_relationship, parent: hub, child: producer) }
-      let!(:closed_hub1) { create(:distributor_enterprise) }
-      let!(:closed_hub2) { create(:distributor_enterprise) }
+  context "as a non-authenticated user" do
+    let!(:hub) {
+      create(:distributor_enterprise, with_payment_and_shipping: true, name: 'Shopfront Test Hub')
+    }
+    let!(:producer) { create(:supplier_enterprise, name: 'Shopfront Test Producer') }
+    let!(:category) { create(:taxon, name: 'Fruit') }
+    let!(:product) { create(:product, supplier: producer, primary_taxon: category ) }
+    let!(:relationship) { create(:enterprise_relationship, parent: hub, child: producer) }
+    let!(:closed_hub1) { create(:distributor_enterprise) }
+    let!(:closed_hub2) { create(:distributor_enterprise) }
 
-      before do
-        allow(controller).to receive(:spree_current_user) { nil }
+    before do
+      allow(controller).to receive(:spree_current_user) { nil }
+    end
+
+    describe "#show" do
+      it "returns shopfront data for an enterprise" do
+        spree_get :show, id: producer.id
+
+        expect(json_response['name']).to eq 'Shopfront Test Producer'
+        expect(json_response['hubs'][0]['name']).to eq 'Shopfront Test Hub'
+        expect(json_response['supplied_taxons'][0]['name']).to eq 'Fruit'
       end
+    end
 
-      describe "#show" do
-        it "returns shopfront data for an enterprise" do
-          spree_get :show, id: producer.id
+    describe "#closed_shops" do
+      it "returns data for all closed shops" do
+        spree_get :closed_shops, nil
 
-          expect(json_response['name']).to eq 'Shopfront Test Producer'
-          expect(json_response['hubs'][0]['name']).to eq 'Shopfront Test Hub'
-          expect(json_response['supplied_taxons'][0]['name']).to eq 'Fruit'
-        end
-      end
+        expect(json_response).not_to match hub.name
 
-      describe "#closed_shops" do
-        it "returns data for all closed shops" do
-          spree_get :closed_shops, nil
-
-          expect(json_response).not_to match hub.name
-
-          response_ids = json_response.map { |shop| shop['id'] }
-          expect(response_ids).to contain_exactly(closed_hub1.id, closed_hub2.id)
-        end
+        response_ids = json_response.map { |shop| shop['id'] }
+        expect(response_ids).to contain_exactly(closed_hub1.id, closed_hub2.id)
       end
     end
   end

From 0b76a2594183eccf40f5691722af3237e92f1eda Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Tue, 19 May 2020 00:44:09 +0100
Subject: [PATCH 13/13] Add spree_core dependencies to OFN so we can upgrade
 them

This will enable us to upgrade these dependencies independently
---
 Gemfile      | 18 ++++++++++++++++--
 Gemfile.lock | 16 ++++++++++++++--
 2 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/Gemfile b/Gemfile
index 9f842b68fd..9d2e680a20 100644
--- a/Gemfile
+++ b/Gemfile
@@ -23,6 +23,20 @@ gem 'pg', '~> 0.21.0'
 # for details.
 gem 'spree_core', github: 'openfoodfoundation/spree', branch: '2-1-0-stable'
 
+### Dependencies brought from spree core
+gem 'acts_as_list', '= 0.2.0'
+gem 'awesome_nested_set', '~> 3.0.0.rc.1'
+gem 'cancan', '~> 1.6.10'
+gem 'ffaker', '~> 1.16'
+gem 'highline', '= 1.6.18' # Necessary for the install generator
+gem 'httparty', '~> 0.11' # For checking alerts.
+gem 'json', '>= 1.7.7'
+gem 'money', '5.1.1'
+gem 'paranoia', '~> 2.0'
+gem 'ransack', '1.0.0'
+gem 'state_machine', '1.2.0'
+gem 'stringex', '~> 1.5.1'
+
 gem 'spree_i18n', github: 'spree/spree_i18n', branch: '1-3-stable'
 
 # Our branch contains two changes
@@ -50,14 +64,14 @@ gem 'kaminari', '~> 0.14.1'
 
 gem 'andand'
 gem 'angularjs-rails', '1.5.5'
-gem 'aws-sdk'
+gem 'aws-sdk', '1.11.1' # temporarily locked down due to https://github.com/aws/aws-sdk-ruby/issues/273
 gem 'bugsnag'
 gem 'db2fog'
 gem 'haml'
 gem 'redcarpet'
 gem 'sass'
 gem 'sass-rails'
-gem 'truncate_html'
+gem 'truncate_html', '0.9.2'
 gem 'unicorn'
 
 gem 'actionpack-action_caching'
diff --git a/Gemfile.lock b/Gemfile.lock
index 863d90a098..3d841a7705 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -696,16 +696,19 @@ DEPENDENCIES
   activerecord-postgresql-adapter
   activerecord-session_store
   acts-as-taggable-on (~> 3.4)
+  acts_as_list (= 0.2.0)
   andand
   angular-rails-templates (~> 0.3.0)
   angularjs-file-upload-rails (~> 2.4.1)
   angularjs-rails (= 1.5.5)
   atomic
+  awesome_nested_set (~> 3.0.0.rc.1)
   awesome_print
-  aws-sdk
+  aws-sdk (= 1.11.1)
   blockenspiel
   bugsnag
   byebug (~> 11.0)
+  cancan (~> 1.6.10)
   capybara (>= 2.18.0)
   catalog!
   coffee-rails (~> 4.0.0)
@@ -726,6 +729,7 @@ DEPENDENCIES
   diffy
   eventmachine (>= 1.2.3)
   factory_bot_rails (= 4.10.0)
+  ffaker (~> 1.16)
   figaro
   foreigner
   foundation-icons-sass-rails
@@ -734,12 +738,15 @@ DEPENDENCIES
   geocoder
   gmaps4rails
   haml
+  highline (= 1.6.18)
+  httparty (~> 0.11)
   i18n (~> 0.6.11)
   i18n-js (~> 3.6.0)
   immigrant
   jquery-migrate-rails
   jquery-rails (= 3.1.5)
   jquery-ui-rails (~> 4.2)
+  json (>= 1.7.7)
   json_spec (~> 1.1.4)
   jwt (~> 2.2)
   kaminari (~> 0.14.1)
@@ -747,6 +754,7 @@ DEPENDENCIES
   letter_opener (>= 1.4.1)
   mini_racer (= 0.2.14)
   momentjs-rails
+  money (= 5.1.1)
   newrelic_rpm (~> 3.0)
   oauth2 (~> 1.4.4)
   ofn-qz!
@@ -754,6 +762,7 @@ DEPENDENCIES
   order_management!
   paper_trail (~> 5.2.3)
   paperclip (~> 3.4.1)
+  paranoia (~> 2.0)
   pg (~> 0.21.0)
   pry (~> 0.12.0)
   pry-byebug (~> 3.7)
@@ -763,6 +772,7 @@ DEPENDENCIES
   rails (~> 4.0.13)
   rails-i18n (~> 4.0)
   rails_safe_tasks (~> 1.0)
+  ransack (= 1.0.0)
   redcarpet
   roadie-rails (~> 1.3.0)
   roo (~> 2.8.3)
@@ -782,10 +792,12 @@ DEPENDENCIES
   spree_paypal_express!
   spring
   spring-commands-rspec
+  state_machine (= 1.2.0)
+  stringex (~> 1.5.1)
   stripe
   test-unit (~> 3.3)
   timecop
-  truncate_html
+  truncate_html (= 0.9.2)
   uglifier (>= 1.0.3)
   unicorn
   unicorn-rails