Update all locales with the latest Transifex translations

Move CSS rule to SCSS and remove broken css file reference

.rubocop_manual_todo.yml

@@ -151,12 +151,10 @@ Metrics/LineLength:
   - lib/open_food_network/order_and_distributor_report.rb
   - lib/open_food_network/order_cycle_form_applicator.rb
   - lib/open_food_network/order_cycle_management_report.rb
-  - lib/open_food_network/order_cycle_permissions.rb
   - lib/open_food_network/order_grouper.rb
   - lib/open_food_network/orders_and_fulfillments_report.rb
   - lib/open_food_network/payments_report.rb
   - lib/open_food_network/permalink_generator.rb
-  - lib/open_food_network/permissions.rb
   - lib/open_food_network/products_cache.rb
   - lib/open_food_network/products_renderer.rb
   - lib/open_food_network/proxy_order_syncer.rb
@@ -468,6 +466,7 @@ Metrics/AbcSize:
   - lib/open_food_network/orders_and_fulfillments_report.rb
   - lib/open_food_network/packing_report.rb
   - lib/open_food_network/payments_report.rb
+  - lib/open_food_network/permissions.rb
   - lib/open_food_network/products_and_inventory_report.rb
   - lib/open_food_network/reports/line_items.rb
   - lib/open_food_network/sales_tax_report.rb

Gemfile

@@ -24,7 +24,6 @@ gem 'spree_api', github: 'openfoodfoundation/spree', branch: '2-0-4-stable'
 gem 'spree_backend', github: 'openfoodfoundation/spree', branch: '2-0-4-stable'
 gem 'spree_core', github: 'openfoodfoundation/spree', branch: '2-0-4-stable'
 
-gem 'spree_auth_devise', github: 'spree/spree_auth_devise', branch: '2-0-stable'
 gem 'spree_i18n', github: 'spree/spree_i18n', branch: '1-3-stable'
 
 # Our branch contains two changes
@@ -37,6 +36,8 @@ gem 'stripe'
 # which is needed for Pin Payments (and possibly others).
 gem 'activemerchant', '~> 1.78'
 
+gem 'devise', '~> 2.2.5'
+gem 'devise-encryptable', '0.1.2'
 gem 'jwt', '~> 2.2'
 gem 'oauth2', '~> 1.4.1' # Used for Stripe Connect
 

Gemfile.lock

@@ -31,7 +31,7 @@ GIT
 
 GIT
   remote: https://github.com/openfoodfoundation/spree.git
-  revision: 46d6f8f5fd434105b0c69958276d1727a3066a97
+  revision: 8a8585a43cd04d1a50dc65227f337a91b18d66d5
   branch: 2-0-4-stable
   specs:
     spree_api (2.0.4)
@@ -66,26 +66,6 @@ GIT
       state_machine (= 1.2.0)
       stringex (~> 1.5.1)
       truncate_html (= 0.9.2)
-    spree_frontend (2.0.4)
-      canonical-rails
-      deface (>= 0.9.0)
-      jquery-rails (~> 3.0.0)
-      rails (~> 3.2.13)
-      spree_api (= 2.0.4)
-      spree_core (= 2.0.4)
-      stringex (~> 1.5.1)
-
-GIT
-  remote: https://github.com/spree/spree_auth_devise.git
-  revision: 0181835fb6ac77a05191d26f6f32a0f4a548d851
-  branch: 2-0-stable
-  specs:
-    spree_auth_devise (2.0.0)
-      devise (~> 2.2.5)
-      devise-encryptable (= 0.1.2)
-      spree_backend (~> 2.0.0)
-      spree_core (~> 2.0.0)
-      spree_frontend (~> 2.0.0)
 
 GIT
   remote: https://github.com/spree/spree_i18n.git
@@ -180,7 +160,7 @@ GEM
       json (~> 1.4)
       nokogiri (>= 1.4.4)
       uuidtools (~> 2.1)
-    bcrypt (3.1.11)
+    bcrypt (3.1.13)
     bcrypt-ruby (3.1.5)
       bcrypt (>= 3.1.3)
     blockenspiel (0.5.0)
@@ -189,8 +169,6 @@ GEM
     builder (3.0.4)
     byebug (9.0.6)
     cancan (1.6.10)
-    canonical-rails (0.1.0)
-      rails (>= 3.1, < 5.1)
     capybara (2.18.0)
       addressable
       mini_mime (>= 0.1.3)
@@ -628,7 +606,7 @@ GEM
       trollop (~> 2.1)
     rdoc (3.12.2)
       json (~> 1.4)
-    redcarpet (3.4.0)
+    redcarpet (3.5.0)
     ref (2.0.0)
     request_store (1.4.1)
       rack (>= 1.4)
@@ -801,6 +779,8 @@ DEPENDENCIES
   deface (= 1.0.2)
   delayed_job_active_record
   delayed_job_web
+  devise (~> 2.2.5)
+  devise-encryptable (= 0.1.2)
   diffy
   eventmachine (>= 1.2.3)
   factory_bot_rails
@@ -861,7 +841,6 @@ DEPENDENCIES
   skylight (< 2.0)
   spinjs-rails
   spree_api!
-  spree_auth_devise!
   spree_backend!
   spree_core!
   spree_i18n!

app/assets/javascripts/admin/all.js

@@ -15,7 +15,6 @@
 //= require angular-animate
 //= require angular-sanitize
 //= require admin/spree_backend
-//= require admin/spree_auth
 //= require admin/spree_paypal_express
 //= require ../shared/ng-infinite-scroll.min.js
 //= require ../shared/ng-tags-input.min.js

app/assets/javascripts/admin/orders/controllers/order_controller.js.coffee

@@ -24,8 +24,3 @@ angular.module("admin.orders").controller "orderCtrl", ($scope, shops, orderCycl
 
   for shop in $scope.shops
     shop.disabled = !$scope.distributorHasOrderCycles(shop)
-
-  # Removes the split button introduced by spree in the order form
-  #   We only have one stock location in OFN so it's meaningless to split the order between stock locations
-  #   We delete it instead of hiding or changing CSS so that, when spree code toggles the element, nothing hapens
-  $('.split-item').remove()

app/assets/javascripts/admin/subscriptions/controllers/order_update_issues_controller.js.coffee

@@ -5,7 +5,7 @@ angular.module("admin.subscriptions").controller "OrderUpdateIssuesController",
     OrderCycles.byID[id].name
 
   $scope.orderCycleCloses = (id) ->
-    closes_at = moment(OrderCycles.byID[id].orders_close_at)
+    closes_at = moment(OrderCycles.byID[id].orders_close_at, "YYYY-MM-DD HH:mm:SS Z")
     key = if closes_at > moment() then "closes" else "closed"
     text = t("js.subscriptions." + key)
     "#{text} #{closes_at.fromNow()}"

app/assets/javascripts/admin/subscriptions/controllers/orders_panel_controller.js.coffee

@@ -15,7 +15,7 @@ angular.module("admin.subscriptions").controller "OrdersPanelController", ($scop
   $scope.orderCycleCloses = (id) ->
     oc = OrderCycles.byID[id]
     return t('js.subscriptions.close_date_not_set') unless oc?.orders_close_at?
-    closes_at = moment(oc.orders_close_at)
+    closes_at = moment(oc.orders_close_at, "YYYY-MM-DD HH:mm:SS Z")
     text = if closes_at > moment() then t('js.subscriptions.closes') else t('js.subscriptions.closed')
     "#{text} #{closes_at.fromNow()}"
 

app/assets/javascripts/darkswarm/controllers/offcanvas_controller.js.coffee

@@ -0,0 +1,11 @@
+Darkswarm.controller "OffcanvasCtrl", ($scope) ->
+  $scope.menu = $(".left-off-canvas-menu")
+
+  $scope.setOffcanvasMenuHeight = ->
+    $scope.menu.height($(window).height())
+
+  $scope.bind = ->
+    $(window).on("resize", $scope.setOffcanvasMenuHeight)
+    $scope.setOffcanvasMenuHeight()
+
+  $scope.bind()

app/assets/javascripts/darkswarm/directives/page_alert.js.coffee

@@ -2,7 +2,14 @@ Darkswarm.directive "ofnPageAlert", ($timeout) ->
   restrict: 'A'
   scope: true
   link: (scope, elem, attrs) ->
-    container_elems = $(".off-canvas-wrap .inner-wrap, .off-canvas-wrap .inner-wrap .fixed, .page-alert")
+    moveSelectors = [".off-canvas-wrap .inner-wrap",
+                     ".off-canvas-wrap .inner-wrap .fixed",
+                     ".off-canvas-fixed .top-bar",
+                     ".off-canvas-fixed ofn-flash",
+                     ".off-canvas-fixed nav.tab-bar",
+                     ".off-canvas-fixed .page-alert"]
+
+    container_elems = $(moveSelectors.join(", "))
 
     # Wait a moment after page load before showing the alert. Otherwise we often miss the
     # start of the animation.

app/assets/stylesheets/admin/all.scss

@@ -5,12 +5,10 @@
  *
 
  *= require admin/spree_backend
- *= require admin/spree_auth
 
  *= require jquery-ui-timepicker-addon
  *= require shared/textAngular
  *= require shared/ng-tags-input.min
- *= require admin/custom
 
  *= require_self
 */

app/assets/stylesheets/admin/components/timepicker.css.scss

@@ -1,2 +1 @@
-/* Custom fix */
 .ui-timepicker-div.ui-timepicker-oneLine dl dd { width: 25%; }

app/assets/stylesheets/darkswarm/all.scss

@@ -10,6 +10,7 @@
 @import 'foundation-icons';
 
 @import 'base/*';
+@import 'layout/*';
 @import '*';
 @import 'pages/*';
 @import '../web/all';

app/assets/stylesheets/darkswarm/layout/offcanvas.css.scss

@@ -0,0 +1,17 @@
+@import "compass/css3/transition";
+
+.off-canvas-fixed {
+  @include transition(transform 1000ms ease-in-out);
+}
+
+.move-right > .off-canvas-fixed {
+  height: 100%;
+  -webkit-transform: translate3d(15.625rem, 0, 0);
+  transform: translate3d(15.625rem, 0, 0);
+}
+
+.left-off-canvas-menu {
+  -webkit-transform: none;
+  transform: none;
+  margin-left: -15.625rem;
+}

app/assets/stylesheets/darkswarm/menu.css.scss

@@ -1,8 +1,8 @@
-@import "compass";
-@import "branding";
-@import "mixins";
-@import "typography";
-@import "variables";
+@import 'compass';
+@import 'branding';
+@import 'mixins';
+@import 'typography';
+@import 'variables';
 
 nav.top-bar {
   @include textpress;
@@ -42,6 +42,8 @@ nav.top-bar {
 }
 
 .top-bar-section {
+  border-bottom: 1px solid $ofn-grey;
+
   a.icon {
     &:hover {
       text-decoration: none;
@@ -168,12 +170,17 @@ nav.top-bar {
 
 .tab-bar {
   background-color: white;
+  position: fixed;
+  width: 100%;
+  height: 2.8em;
+  z-index: 1;
 
   .cart-span {
     background-color: #f4704c;
     padding: 13px;
 
-    a, span {
+    a,
+    span {
       color: white;
       display: inline-block;
     }
@@ -202,7 +209,6 @@ nav.top-bar {
   }
 }
 
-
 .off-canvas-list li.language-switcher ul li {
   list-style-type: none;
   padding-left: 0.5em;
@@ -228,10 +234,19 @@ nav.top-bar {
   padding: 9px 0 0 9px;
 }
 
+// Leave space for tab bar, in screens smaller than large.
+[role="main"] {
+  margin-top: 2.8em;
+
+  @media #{$large-up} {
+    margin-top: 0;
+  }
+}
+
 .top-bar .ofn-logo img {
   height: auto;
   width: auto;
-  max-height: 51px;
+  max-height: 44px;
   max-width: 250px;
 }
 
@@ -239,7 +254,7 @@ nav.top-bar {
   background-color: white;
 }
 
-.off-canvas-wrap.move-right ul.off-canvas-list {
+.off-canvas-wrap ul.off-canvas-list {
   font-size: 0.875rem;
 
   .li-menu {
@@ -259,12 +274,10 @@ nav.top-bar {
       background-color: transparent;
       color: $brand-colour;
     }
-
-    @include transition(all 0.3s ease-in-out);
   }
 }
 
-.off-canvas-wrap.move-right ul.off-canvas-list i {
+.off-canvas-wrap ul.off-canvas-list i {
   font-size: 1.5rem;
   margin-right: 0.25rem;
 }
@@ -273,7 +286,8 @@ nav.top-bar {
 
 @media screen and (max-width: 1450px) {
   nav .top-bar-section {
-    ul li a, .has-dropdown > a {
+    ul li a,
+    .has-dropdown > a {
       padding: 0 ($topbar-height / 8) !important;
     }
 

app/assets/stylesheets/darkswarm/page_alert.css.scss

@@ -2,10 +2,12 @@
 @import "animations";
 @import "compass/css3/transition";
 
+$page-alert-height: 55px;
+
 // Basic style \\
 .page-alert {
   .alert-box {
-    height: 55px;
+    height: $page-alert-height;
     overflow: hidden;
     border: 1px solid rgba($dark-grey, 0.35);
     border-left: none;
@@ -45,33 +47,26 @@
 }
 
 // Show-hide animation \\
-.off-canvas-wrap .inner-wrap, .off-canvas-wrap .inner-wrap .fixed, nav.tab-bar {
-  @include transition(all, 1000ms, ease-in-out);
+
+.off-canvas-wrap .inner-wrap,
+.off-canvas-fixed .top-bar,
+.off-canvas-fixed ofn-flash,
+.off-canvas-fixed nav.tab-bar,
+.off-canvas-fixed .page-alert {
+  @include transition(all 1000ms ease-in-out);
 
   &.move-down {
-    margin-top: 55px;
-
-    @include transition(all, 1000ms, ease-in-out);
+    margin-top: $page-alert-height;
   }
 }
 
-.off-canvas-wrap .inner-wrap .page-alert.fixed {
-  top: -55px;
-  z-index: 1;
-
-  // TODO: Compass to disable transition
-  -moz-transition: none;
-  -webkit-transition: none;
-  -o-transition: color 0 ease-in;
-  transition: none;
+.off-canvas-wrap .page-alert {
+  top: -1 * $page-alert-height;
+  z-index: 100;
 }
 
 .off-canvas-wrap.move-right .inner-wrap.move-down {
-  .page-alert {
-    top: -55px * 2;
-  }
-
   .left-off-canvas-menu {
-    top: -55px;
+    top: -1 * $page-alert-height;
   }
 }

app/controllers/api/enterprises_controller.rb

@@ -5,12 +5,7 @@ module Api
     before_filter :override_sells, only: [:create, :update]
     before_filter :override_visible, only: [:create, :update]
     respond_to :json
-    skip_authorization_check only: [:shopfront, :managed]
-
-    def managed
-      @enterprises = Enterprise.ransack(params[:q]).result.managed_by(current_api_user)
-      render params[:template] || :bulk_index
-    end
+    skip_authorization_check only: [:shopfront]
 
     def create
       authorize! :create, Enterprise

app/controllers/api/order_cycles_controller.rb

@@ -1,25 +0,0 @@
-module Api
-  class OrderCyclesController < Spree::Api::BaseController
-    respond_to :json
-    def managed
-      authorize! :admin, OrderCycle
-      authorize! :read, OrderCycle
-      @order_cycles = OrderCycle.ransack(params[:q]).result.managed_by(current_api_user)
-      render params[:template] || :bulk_index
-    end
-
-    def accessible
-      @order_cycles = if params[:as] == "distributor"
-                        OrderCycle.ransack(params[:q]).result.
-                          involving_managed_distributors_of(current_api_user).order('updated_at DESC')
-                      elsif params[:as] == "producer"
-                        OrderCycle.ransack(params[:q]).result.
-                          involving_managed_producers_of(current_api_user).order('updated_at DESC')
-                      else
-                        OrderCycle.ransack(params[:q]).result.accessible_by(current_api_user)
-      end
-
-      render params[:template] || :bulk_index
-    end
-  end
-end

app/controllers/application_controller.rb

@@ -1,4 +1,5 @@
 require 'open_food_network/referer_parser'
+require 'spree/authentication_helpers'
 
 class ApplicationController < ActionController::Base
   protect_from_forgery
@@ -7,6 +8,7 @@ class ApplicationController < ActionController::Base
   before_filter :set_cache_headers # prevent cart emptying via cache when using back button #1213
 
   include EnterprisesHelper
+  include Spree::AuthenticationHelpers
 
   def redirect_to(options = {}, response_status = {})
     ::Rails.logger.error("Redirected by #{begin

app/controllers/checkout_controller.rb

@@ -8,7 +8,6 @@ class CheckoutController < Spree::CheckoutController
   prepend_before_filter :require_order_cycle
   prepend_before_filter :require_distributor_chosen
 
-  skip_before_filter :check_registration
   before_filter :enable_embedded_shopfront
 
   include OrderCyclesHelper

app/controllers/metal_decorator.rb

@@ -0,0 +1,6 @@
+# For the API
+ActionController::Metal.class_eval do
+  def spree_current_user
+    @spree_current_user ||= env['warden'].user
+  end
+end

app/controllers/spree/admin/base_controller_decorator.rb

@@ -47,6 +47,16 @@ Spree::Admin::BaseController.class_eval do
     end
   end
 
+  protected
+
+  def model_class
+    const_name = controller_name.classify
+    if Spree.const_defined?(const_name)
+      return "Spree::#{const_name}".constantize
+    end
+    nil
+  end
+
   private
 
   def active_distributors_not_ready_for_checkout

app/controllers/spree/admin/orders/customer_details_controller_decorator.rb

@@ -1,4 +1,5 @@
 Spree::Admin::Orders::CustomerDetailsController.class_eval do
+  before_filter :check_authorization
   before_filter :set_guest_checkout_status, only: :update
 
   def update
@@ -25,6 +26,17 @@ Spree::Admin::Orders::CustomerDetailsController.class_eval do
 
   private
 
+  def check_authorization
+    load_order
+    session[:access_token] ||= params[:token]
+
+    resource = @order
+    action = params[:action].to_sym
+    action = :edit if action == :show # show route renders :edit for this controller
+
+    authorize! action, resource, session[:access_token]
+  end
+
   def set_guest_checkout_status
     registered_user = Spree::User.find_by_email(params[:order][:email])
 

app/controllers/spree/admin/resource_controller_decorator.rb

@@ -14,3 +14,7 @@ module AuthorizeOnLoadResource
 end
 
 Spree::Admin::ResourceController.prepend(AuthorizeOnLoadResource)
+
+Spree::Admin::ResourceController.class_eval do
+  rescue_from CanCan::AccessDenied, :with => :unauthorized
+end

app/controllers/spree/admin/users_controller.rb

@@ -0,0 +1,131 @@
+module Spree
+  module Admin
+    class UsersController < ResourceController
+      rescue_from Spree::User::DestroyWithOrdersError, with: :user_destroy_with_orders_error
+
+      after_filter :sign_in_if_change_own_password, only: :update
+
+      # http://spreecommerce.com/blog/2010/11/02/json-hijacking-vulnerability/
+      before_filter :check_json_authenticity, only: :index
+      before_filter :load_roles, only: [:edit, :new, :update, :create,
+                                        :generate_api_key, :clear_api_key]
+
+      def index
+        respond_with(@collection) do |format|
+          format.html
+          format.json { render json: json_data }
+        end
+      end
+
+      def create
+        if params[:user]
+          roles = params[:user].delete("spree_role_ids")
+        end
+
+        @user = Spree::User.new(params[:user])
+        if @user.save
+
+          if roles
+            @user.spree_roles = roles.reject(&:blank?).collect{ |r| Spree::Role.find(r) }
+          end
+
+          flash.now[:success] = Spree.t(:created_successfully)
+          render :edit
+        else
+          render :new
+        end
+      end
+
+      def update
+        if params[:user]
+          roles = params[:user].delete("spree_role_ids")
+        end
+
+        if @user.update_attributes(params[:user])
+          if roles
+            @user.spree_roles = roles.reject(&:blank?).collect{ |r| Spree::Role.find(r) }
+          end
+
+          flash.now[:success] = Spree.t(:account_updated)
+        end
+        render :edit
+      end
+
+      def generate_api_key
+        if @user.generate_spree_api_key!
+          flash[:success] = Spree.t('api.key_generated')
+        end
+        redirect_to edit_admin_user_path(@user)
+      end
+
+      def clear_api_key
+        if @user.clear_spree_api_key!
+          flash[:success] = Spree.t('api.key_cleared')
+        end
+        redirect_to edit_admin_user_path(@user)
+      end
+
+      protected
+
+      def collection
+        return @collection if @collection.present?
+        if request.xhr? && params[:q].present?
+          # Disabling proper nested include here due to rails 3.1 bug
+          @collection = Spree::User.
+            includes(:bill_address, :ship_address).
+            where("spree_users.email #{LIKE} :search
+                    OR (spree_addresses.firstname #{LIKE} :search
+                      AND spree_addresses.id = spree_users.bill_address_id)
+                    OR (spree_addresses.lastname  #{LIKE} :search
+                      AND spree_addresses.id = spree_users.bill_address_id)
+                    OR (spree_addresses.firstname #{LIKE} :search
+                      AND spree_addresses.id = spree_users.ship_address_id)
+                    OR (spree_addresses.lastname  #{LIKE} :search
+                      AND spree_addresses.id = spree_users.ship_address_id)",
+                  search: "#{params[:q].strip}%").
+            limit(params[:limit] || 100)
+        else
+          @search = Spree::User.registered.ransack(params[:q])
+          @collection = @search.
+            result.
+            page(params[:page]).
+            per(Spree::Config[:admin_products_per_page])
+        end
+      end
+
+      private
+
+      # handling raise from Spree::Admin::ResourceController#destroy
+      def user_destroy_with_orders_error
+        invoke_callbacks(:destroy, :fails)
+        render status: :forbidden, text: Spree.t(:error_user_destroy_with_orders)
+      end
+
+      # Allow different formats of json data to suit different ajax calls
+      def json_data
+        json_format = params[:json_format] || 'default'
+        case json_format
+        when 'basic'
+          collection.map { |u| { 'id' => u.id, 'name' => u.email } }.to_json
+        else
+          address_fields = [:firstname, :lastname, :address1, :address2, :city,
+                            :zipcode, :phone, :state_name, :state_id, :country_id]
+          includes = { only: address_fields, include: { state: { only: :name },
+                                                        country: { only: :name } } }
+
+          collection.to_json(only: [:id, :email], include:
+                             { bill_address: includes, ship_address: includes })
+        end
+      end
+
+      def sign_in_if_change_own_password
+        return unless spree_current_user == @user && @user.password.present?
+        sign_in(@user, event: :authentication, bypass: true)
+      end
+
+      def load_roles
+        @roles = Spree::Role.scoped
+      end
+    end
+  end
+end

app/controllers/spree/user_passwords_controller.rb

@@ -0,0 +1,44 @@
+module Spree
+  class UserPasswordsController < Devise::PasswordsController
+    helper 'spree/base', 'spree/store'
+
+    include Spree::Core::ControllerHelpers::Auth
+    include Spree::Core::ControllerHelpers::Common
+    include Spree::Core::ControllerHelpers::Order
+    include Spree::Core::ControllerHelpers::SSL
+
+    ssl_required
+
+    # Overridden due to bug in Devise.
+    #   respond_with resource, :location => new_session_path(resource_name)
+    # is generating bad url /session/new.user
+    #
+    # overridden to:
+    #   respond_with resource, :location => spree.login_path
+    #
+    def create
+      self.resource = resource_class.send_reset_password_instructions(params[resource_name])
+
+      if resource.errors.empty?
+        set_flash_message(:notice, :send_instructions) if is_navigational_format?
+        respond_with resource, location: spree.login_path
+      else
+        respond_with_navigational(resource) { render :new }
+      end
+    end
+
+    # Devise::PasswordsController allows for blank passwords.
+    # Silly Devise::PasswordsController!
+    # Fixes spree/spree#2190.
+    def update
+      if params[:spree_user][:password].blank?
+        self.resource = resource_class.new
+        resource.reset_password_token = params[:spree_user][:reset_password_token]
+        set_flash_message(:error, :cannot_be_blank)
+        render :edit
+      else
+        super
+      end
+    end
+  end
+end

app/controllers/spree/user_registrations_controller.rb

@@ -0,0 +1,65 @@
+module Spree
+  class UserRegistrationsController < Devise::RegistrationsController
+    helper 'spree/base', 'spree/store'
+
+    include Spree::Core::ControllerHelpers::Auth
+    include Spree::Core::ControllerHelpers::Common
+    include Spree::Core::ControllerHelpers::Order
+    include Spree::Core::ControllerHelpers::SSL
+
+    ssl_required
+    before_filter :check_permissions, only: [:edit, :update]
+    skip_before_filter :require_no_authentication
+
+    # GET /resource/sign_up
+    def new
+      super
+      @user = resource
+    end
+
+    # POST /resource/sign_up
+    def create
+      @user = build_resource(params[:spree_user])
+      if resource.save
+        set_flash_message(:notice, :signed_up)
+        sign_in(:spree_user, @user)
+        session[:spree_user_signup] = true
+        associate_user
+        respond_with resource, location: after_sign_up_path_for(resource)
+      else
+        clean_up_passwords(resource)
+        render :new
+      end
+    end
+
+    # GET /resource/edit
+    def edit
+      super
+    end
+
+    # PUT /resource
+    def update
+      super
+    end
+
+    # DELETE /resource
+    def destroy
+      super
+    end
+
+    # GET /resource/cancel
+    # Forces the session data which is usually expired after sign
+    # in to be expired now. This is useful if the user wants to
+    # cancel oauth signing in/up in the middle of the process,
+    # removing all OAuth session data.
+    def cancel
+      super
+    end
+
+    protected
+
+    def check_permissions
+      authorize!(:create, resource)
+    end
+  end
+end

app/controllers/spree/user_sessions_controller.rb

@@ -0,0 +1,56 @@
+module Spree
+  class UserSessionsController < Devise::SessionsController
+    helper 'spree/base', 'spree/store'
+
+    include Spree::Core::ControllerHelpers::Auth
+    include Spree::Core::ControllerHelpers::Common
+    include Spree::Core::ControllerHelpers::Order
+    include Spree::Core::ControllerHelpers::SSL
+
+    ssl_required :new, :create, :destroy, :update
+    ssl_allowed :login_bar
+
+    before_filter :set_checkout_redirect, only: :create
+
+    def create
+      authenticate_spree_user!
+
+      if spree_user_signed_in?
+        respond_to do |format|
+          format.html {
+            flash[:success] = t('devise.success.logged_in_succesfully')
+            redirect_back_or_default(after_sign_in_path_for(spree_current_user))
+          }
+          format.js {
+            render json: { email: spree_current_user.login }, status: :ok
+          }
+        end
+      else
+        respond_to do |format|
+          format.html {
+            flash.now[:error] = t('devise.failure.invalid')
+            render :new
+          }
+          format.js {
+            render json: { message: t('devise.failure.invalid') }, status: :unauthorized
+          }
+        end
+      end
+    end
+
+    def nav_bar
+      render partial: 'spree/shared/nav_bar'
+    end
+
+    private
+
+    def accurate_title
+      Spree.t(:login)
+    end
+
+    def redirect_back_or_default(default)
+      redirect_to(session["spree_user_return_to"] || default)
+      session["spree_user_return_to"] = nil
+    end
+  end
+end

app/controllers/spree/user_sessions_controller_decorator.rb

@@ -1,29 +0,0 @@
-Spree::UserSessionsController.class_eval do
-  before_filter :set_checkout_redirect, only: :create
-
-  def create
-    authenticate_spree_user!
-
-    if spree_user_signed_in?
-      respond_to do |format|
-        format.html {
-          flash[:success] = t('devise.success.logged_in_succesfully')
-          redirect_back_or_default(after_sign_in_path_for(spree_current_user))
-        }
-        format.js {
-          render json: { email: spree_current_user.login }, status: :ok
-        }
-      end
-    else
-      respond_to do |format|
-        format.html {
-          flash.now[:error] = t('devise.failure.invalid')
-          render :new
-        }
-        format.js {
-          render json: { message: t('devise.failure.invalid') }, status: :unauthorized
-        }
-      end
-    end
-  end
-end

app/controllers/spree/users_controller.rb

@@ -0,0 +1,74 @@
+module Spree
+  class UsersController < Spree::StoreController
+    layout 'darkswarm'
+    ssl_required
+    skip_before_filter :set_current_order, only: :show
+    prepend_before_filter :load_object, only: [:show, :edit, :update]
+    prepend_before_filter :authorize_actions, only: :new
+
+    include Spree::Core::ControllerHelpers
+    include I18nHelper
+
+    before_filter :set_locale
+    before_filter :enable_embedded_shopfront
+
+    # Ignores invoice orders, only order where state: 'complete'
+    def show
+      @orders = @user.orders.where(state: 'complete').order('completed_at desc')
+      @unconfirmed_email = spree_current_user.unconfirmed_email
+    end
+
+    # Endpoint for queries to check if a user is already registered
+    def registered_email
+      user = Spree.user_class.find_by_email params[:email]
+      render json: { registered: user.present? }
+    end
+
+    def create
+      @user = Spree::User.new(params[:user])
+      if @user.save
+
+        if current_order
+          session[:guest_token] = nil
+        end
+
+        redirect_back_or_default(root_url)
+      else
+        render :new
+      end
+    end
+
+    def update
+      if @user.update_attributes(params[:user])
+        if params[:user][:password].present?
+          # this logic needed b/c devise wants to log us out after password changes
+          Spree::User.reset_password_by_token(params[:user])
+          sign_in(@user, event: :authentication,
+                         bypass: true)
+        end
+        redirect_to spree.account_url, notice: Spree.t(:account_updated)
+      else
+        render :edit
+      end
+    end
+
+    private
+
+    def load_object
+      @user ||= spree_current_user
+      if @user
+        authorize! params[:action].to_sym, @user
+      else
+        redirect_to spree.login_path
+      end
+    end
+
+    def authorize_actions
+      authorize! params[:action].to_sym, Spree::User.new
+    end
+
+    def accurate_title
+      Spree.t(:my_account)
+    end
+  end
+end

app/controllers/spree/users_controller_decorator.rb

@@ -1,20 +0,0 @@
-Spree::UsersController.class_eval do
-  layout 'darkswarm'
-  include I18nHelper
-
-  before_filter :set_locale
-  before_filter :enable_embedded_shopfront
-
-  # Override of spree_auth_devise default
-  # Ignores invoice orders, only order where state: 'complete'
-  def show
-    @orders = @user.orders.where(state: 'complete').order('completed_at desc')
-    @unconfirmed_email = spree_current_user.unconfirmed_email
-  end
-
-  # Endpoint for queries to check if a user is already registered
-  def registered_email
-    user = Spree.user_class.find_by_email params[:email]
-    render json: { registered: user.present? }
-  end
-end

app/helpers/injection_helper.rb

@@ -111,8 +111,12 @@ module InjectionHelper
     inject_json_ams "savedCreditCards", data, Api::CreditCardSerializer
   end
 
-  def inject_json(name, partial, opts = {})
-    render partial: "json/injection", locals: { name: name, partial: partial }.merge(opts)
+  def inject_current_user
+    inject_json_ams "user", spree_current_user, Api::UserSerializer
+  end
+
+  def inject_rails_flash
+    inject_json_ams "railsFlash", OpenStruct.new(flash.to_hash), Api::RailsFlashSerializer
   end
 
   def inject_json_ams(name, data, serializer, opts = {})

app/mailers/spree/user_mailer.rb

@@ -0,0 +1,47 @@
+# This mailer is configured to be the Devise mailer
+# Some methods here override Devise::Mailer methods
+module Spree
+  class UserMailer < BaseMailer
+    include I18nHelper
+
+    # Overrides `Devise::Mailer.reset_password_instructions`
+    def reset_password_instructions(user)
+      recipient = user.respond_to?(:id) ? user : Spree.user_class.find(user)
+      @edit_password_reset_url = spree.
+        edit_spree_user_password_url(reset_password_token: recipient.reset_password_token)
+
+      mail(to: recipient.email, from: from_address,
+           subject: Spree::Config[:site_name] + ' ' +
+             I18n.t(:subject, scope: [:devise, :mailer, :reset_password_instructions]))
+    end
+
+    # This is a OFN specific email, not from Devise::Mailer
+    def signup_confirmation(user)
+      @user = user
+      I18n.with_locale valid_locale(@user) do
+        mail(to: user.email, from: from_address,
+             subject: t(:welcome_to) + Spree::Config[:site_name])
+      end
+    end
+
+    # Overrides `Devise::Mailer.confirmation_instructions`
+    def confirmation_instructions(user, _opts)
+      @user = user
+      @instance = Spree::Config[:site_name]
+      @contact = ContentConfig.footer_email
+
+      I18n.with_locale valid_locale(@user) do
+        subject = t('spree.user_mailer.confirmation_instructions.subject')
+        mail(to: confirmation_email_address,
+             from: from_address,
+             subject: subject)
+      end
+    end
+
+    private
+
+    def confirmation_email_address
+      @user.pending_reconfirmation? ? @user.unconfirmed_email : @user.email
+    end
+  end
+end

app/mailers/spree/user_mailer_decorator.rb

@@ -1,32 +0,0 @@
-Spree::UserMailer.class_eval do
-  include I18nHelper
-
-  def signup_confirmation(user)
-    @user = user
-    I18n.with_locale valid_locale(@user) do
-      mail(to: user.email, from: from_address,
-           subject: t(:welcome_to) + Spree::Config[:site_name])
-    end
-  end
-
-  # Overriding `Spree::UserMailer.confirmation_instructions` which is
-  # overriding `Devise::Mailer.confirmation_instructions`.
-  def confirmation_instructions(user, _opts)
-    @user = user
-    @instance = Spree::Config[:site_name]
-    @contact = ContentConfig.footer_email
-
-    I18n.with_locale valid_locale(@user) do
-      subject = t('spree.user_mailer.confirmation_instructions.subject')
-      mail(to: confirmation_email_address,
-           from: from_address,
-           subject: subject)
-    end
-  end
-
-  private
-
-  def confirmation_email_address
-    @user.pending_reconfirmation? ? @user.unconfirmed_email : @user.email
-  end
-end

app/models/enterprise_relationship.rb

@@ -25,8 +25,8 @@ class EnterpriseRelationship < ActiveRecord::Base
     where('parent_id IN (?) OR child_id IN (?)', enterprises, enterprises)
   }
 
-  scope :permitting, ->(enterprises) { where('child_id IN (?)', enterprises) }
-  scope :permitted_by, ->(enterprises) { where('parent_id IN (?)', enterprises) }
+  scope :permitting, ->(enterprise_ids) { where('child_id IN (?)', enterprise_ids) }
+  scope :permitted_by, ->(enterprise_ids) { where('parent_id IN (?)', enterprise_ids) }
 
   scope :with_permission, ->(permission) {
     joins(:permissions).

app/models/spree/credit_card_decorator.rb

@@ -15,7 +15,7 @@ Spree::CreditCard.class_eval do
   belongs_to :user
 
   after_create :ensure_single_default_card
-  after_save :ensure_single_default_card, if: :is_default_changed?
+  after_save :ensure_single_default_card, if: :default_card_needs_updating?
 
   # Allows us to use a gateway_payment_profile_id to store Stripe Tokens
   # Should be able to remove once we reach Spree v2.2.0
@@ -39,6 +39,10 @@ Spree::CreditCard.class_eval do
     !user.credit_cards.exists?(is_default: true)
   end
 
+  def default_card_needs_updating?
+    is_default_changed? || gateway_customer_profile_id_changed?
+  end
+
   def ensure_single_default_card
     return unless user
     return unless is_default? || (reusable? && default_missing?)

app/models/spree/product_decorator.rb

@@ -118,7 +118,7 @@ Spree::Product.class_eval do
 
   scope :stockable_by, lambda { |enterprise|
     return where('1=0') if enterprise.blank?
-    permitted_producer_ids = EnterpriseRelationship.joins(:parent).permitting(enterprise)
+    permitted_producer_ids = EnterpriseRelationship.joins(:parent).permitting(enterprise.id)
       .with_permission(:add_to_order_cycle).where(enterprises: { is_primary_producer: true }).pluck(:parent_id)
     return where('spree_products.supplier_id IN (?)', [enterprise.id] | permitted_producer_ids)
   }

app/models/spree/user.rb

@@ -0,0 +1,184 @@
+module Spree
+  class User < ActiveRecord::Base
+    include Core::UserBanners
+
+    devise :database_authenticatable, :token_authenticatable, :registerable, :recoverable,
+           :rememberable, :trackable, :validatable, :encryptable, encryptor: 'authlogic_sha512'
+
+    has_many :orders
+    belongs_to :ship_address, foreign_key: 'ship_address_id', class_name: 'Spree::Address'
+    belongs_to :bill_address, foreign_key: 'bill_address_id', class_name: 'Spree::Address'
+
+    before_validation :set_login
+    before_destroy :check_completed_orders
+
+    # Setup accessible (or protected) attributes for your model
+    attr_accessible :email, :password, :password_confirmation,
+                    :remember_me, :persistence_token, :login
+
+    users_table_name = User.table_name
+    roles_table_name = Role.table_name
+
+    scope :admin, lambda { includes(:spree_roles).where("#{roles_table_name}.name" => "admin") }
+    scope :registered, -> { where("#{users_table_name}.email NOT LIKE ?", "%@example.net") }
+
+    has_many :enterprise_roles, dependent: :destroy
+    has_many :enterprises, through: :enterprise_roles
+    has_many :owned_enterprises, class_name: 'Enterprise',
+                                 foreign_key: :owner_id, inverse_of: :owner
+    has_many :owned_groups, class_name: 'EnterpriseGroup',
+                            foreign_key: :owner_id, inverse_of: :owner
+    has_many :customers
+    has_many :credit_cards
+
+    accepts_nested_attributes_for :enterprise_roles, allow_destroy: true
+
+    accepts_nested_attributes_for :bill_address
+    accepts_nested_attributes_for :ship_address
+
+    attr_accessible :enterprise_ids, :enterprise_roles_attributes, :enterprise_limit,
+                    :locale, :bill_address_attributes, :ship_address_attributes
+    after_create :associate_customers
+
+    validate :limit_owned_enterprises
+
+    # We use the same options as Spree and add :confirmable
+    devise :confirmable, reconfirmable: true
+    # TODO: Later versions of devise have a dedicated after_confirmation callback, so use that
+    after_update :welcome_after_confirm, if: lambda {
+      confirmation_token_changed? && confirmation_token.nil?
+    }
+
+    class DestroyWithOrdersError < StandardError; end
+
+    # Creates an anonymous user. An anonymous user is basically an auto-generated +User+ account
+    # that is created for the customer behind the scenes and it's transparent to the customer.
+    # All +Orders+ must have a +User+ so this is necessary when adding to the "cart" (an order)
+    # and before the customer has a chance to provide an email or to register.
+    def self.anonymous!
+      token = User.generate_token(:persistence_token)
+      User.create(email: "#{token}@example.net",
+                  password: token, password_confirmation: token, persistence_token: token)
+    end
+
+    def self.admin_created?
+      User.admin.count > 0
+    end
+
+    def admin?
+      has_spree_role?('admin')
+    end
+
+    def anonymous?
+      email =~ /@example.net$/ ? true : false
+    end
+
+    def send_reset_password_instructions
+      generate_reset_password_token!
+      UserMailer.reset_password_instructions(id).deliver
+    end
+    # handle_asynchronously will define send_reset_password_instructions_with_delay.
+    # If handle_asynchronously is called twice, we get an infinite job loop.
+    handle_asynchronously :send_reset_password_instructions unless method_defined? :send_reset_password_instructions_with_delay
+
+    def known_users
+      if admin?
+        Spree::User.scoped
+      else
+        Spree::User
+          .includes(:enterprises)
+          .where("enterprises.id IN (SELECT enterprise_id FROM enterprise_roles WHERE user_id = ?)",
+                 id)
+      end
+    end
+
+    def build_enterprise_roles
+      Enterprise.all.find_each do |enterprise|
+        unless enterprise_roles.find_by_enterprise_id enterprise.id
+          enterprise_roles.build(enterprise: enterprise)
+        end
+      end
+    end
+
+    def customer_of(enterprise)
+      return nil unless enterprise
+      customers.find_by_enterprise_id(enterprise)
+    end
+
+    def welcome_after_confirm
+      # Send welcome email if we are confirming an user's email
+      # Note: this callback only runs on email confirmation
+      return unless confirmed? && unconfirmed_email.nil? && !unconfirmed_email_changed?
+      send_signup_confirmation
+    end
+
+    def send_signup_confirmation
+      Delayed::Job.enqueue ConfirmSignupJob.new(id)
+    end
+
+    def associate_customers
+      self.customers = Customer.where(email: email)
+    end
+
+    def can_own_more_enterprises?
+      owned_enterprises(:reload).size < enterprise_limit
+    end
+
+    def default_card
+      credit_cards.where(is_default: true).first
+    end
+
+    # Checks whether the specified user is a superadmin, with full control of the
+    # instance
+    #
+    # @return [Boolean]
+    def superadmin?
+      has_spree_role?('admin')
+    end
+
+    protected
+
+    def password_required?
+      !persisted? || password.present? || password_confirmation.present?
+    end
+
+    private
+
+    def check_completed_orders
+      raise DestroyWithOrdersError if orders.complete.present?
+    end
+
+    def set_login
+      # for now force login to be same as email, eventually we will make this configurable, etc.
+      self.login ||= email if email
+    end
+
+    # Generate a friendly string randomically to be used as token.
+    def self.friendly_token
+      SecureRandom.base64(15).tr('+/=', '-_ ').strip.delete("\n")
+    end
+
+    # Generate a token by looping and ensuring does not already exist.
+    def self.generate_token(column)
+      loop do
+        token = friendly_token
+        break token unless find(:first, conditions: { column => token })
+      end
+    end
+
+    def limit_owned_enterprises
+      return unless owned_enterprises.size > enterprise_limit
+      errors.add(:owned_enterprises, I18n.t(:spree_user_enterprise_limit_error,
+                                            email: email,
+                                            enterprise_limit: enterprise_limit))
+    end
+
+    def remove_payments_in_checkout(enterprises)
+      enterprises.each do |enterprise|
+        enterprise.distributed_orders.each do |order|
+          order.payments.keep_if { |payment| payment.state != "checkout" }
+        end
+      end
+    end
+  end
+end

app/models/spree/user_decorator.rb

@@ -1,98 +0,0 @@
-Spree.user_class.class_eval do
-  # handle_asynchronously will define send_reset_password_instructions_with_delay.
-  # If handle_asynchronously is called twice, we get an infinite job loop.
-  handle_asynchronously :send_reset_password_instructions unless method_defined? :send_reset_password_instructions_with_delay
-
-  has_many :enterprise_roles, dependent: :destroy
-  has_many :enterprises, through: :enterprise_roles
-  has_many :owned_enterprises, class_name: 'Enterprise', foreign_key: :owner_id, inverse_of: :owner
-  has_many :owned_groups, class_name: 'EnterpriseGroup', foreign_key: :owner_id, inverse_of: :owner
-  has_many :customers
-  has_many :credit_cards
-
-  accepts_nested_attributes_for :enterprise_roles, allow_destroy: true
-
-  accepts_nested_attributes_for :bill_address
-  accepts_nested_attributes_for :ship_address
-
-  attr_accessible :enterprise_ids, :enterprise_roles_attributes, :enterprise_limit, :locale, :bill_address_attributes, :ship_address_attributes
-  after_create :associate_customers
-
-  validate :limit_owned_enterprises
-
-  # We use the same options as Spree and add :confirmable
-  devise :confirmable, reconfirmable: true
-  # TODO: Later versions of devise have a dedicated after_confirmation callback, so use that
-  after_update :welcome_after_confirm, if: lambda { confirmation_token_changed? && confirmation_token.nil? }
-
-  def known_users
-    if admin?
-      Spree::User.scoped
-    else
-      Spree::User
-        .includes(:enterprises)
-        .where("enterprises.id IN (SELECT enterprise_id FROM enterprise_roles WHERE user_id = ?)", id)
-    end
-  end
-
-  def build_enterprise_roles
-    Enterprise.all.find_each do |enterprise|
-      unless enterprise_roles.find_by_enterprise_id enterprise.id
-        enterprise_roles.build(enterprise: enterprise)
-      end
-    end
-  end
-
-  def customer_of(enterprise)
-    return nil unless enterprise
-    customers.find_by_enterprise_id(enterprise)
-  end
-
-  def welcome_after_confirm
-    # Send welcome email if we are confirming an user's email
-    # Note: this callback only runs on email confirmation
-    if confirmed? && unconfirmed_email.nil? && !unconfirmed_email_changed?
-      send_signup_confirmation
-    end
-  end
-
-  def send_signup_confirmation
-    Delayed::Job.enqueue ConfirmSignupJob.new(id)
-  end
-
-  def associate_customers
-    self.customers = Customer.where(email: email)
-  end
-
-  def can_own_more_enterprises?
-    owned_enterprises(:reload).size < enterprise_limit
-  end
-
-  def default_card
-    credit_cards.where(is_default: true).first
-  end
-
-  # Checks whether the specified user is a superadmin, with full control of the
-  # instance
-  #
-  # @return [Boolean]
-  def superadmin?
-    has_spree_role?('admin')
-  end
-
-  private
-
-  def limit_owned_enterprises
-    if owned_enterprises.size > enterprise_limit
-      errors.add(:owned_enterprises, I18n.t(:spree_user_enterprise_limit_error, email: email, enterprise_limit: enterprise_limit))
-    end
-  end
-
-  def remove_payments_in_checkout(enterprises)
-    enterprises.each do |enterprise|
-      enterprise.distributed_orders.each do |order|
-        order.payments.keep_if { |payment| payment.state != "checkout" }
-      end
-    end
-  end
-end

app/overrides/add_enterprise_fees_to_admin_configurations_menu.rb

@@ -1,6 +0,0 @@
-Deface::Override.new(virtual_path: "spree/admin/shared/_configuration_menu",
-                     name: "add_enterprise_fees_to_admin_configurations_menu",
-                     insert_bottom: "[data-hook='admin_configurations_sidebar_menu']",
-                     text: "<li><%= link_to I18n.t(:enterprise_fees), main_app.admin_enterprise_fees_path %></li>",
-                     partial: 'enterprise_fees/admin_configurations_menu',
-                     original: '8445a03cc903cacc832f395757ffcfaa7e99ca92')

app/overrides/admin_tab.rb

@@ -0,0 +1,6 @@
+Deface::Override.new(virtual_path: "spree/layouts/admin",
+                     name: "user_admin_tabs",
+                     insert_bottom: "[data-hook='admin_tabs'], #admin_tabs[data-hook]",
+                     partial: "spree/admin/users_tab",
+                     disabled: false,
+                     original: '031652cf5a054796022506622082ab6d2693699f')

app/overrides/auth_admin_login_navigation_bar.rb

@@ -0,0 +1,5 @@
+Deface::Override.new(virtual_path: "spree/layouts/admin",
+                     name: "auth_admin_login_navigation_bar",
+                     insert_top: "[data-hook='admin_login_navigation_bar'], #admin_login_navigation_bar[data-hook]",
+                     partial: "spree/layouts/admin/login_nav",
+                     original: '841227d0aedf7909d62237d8778df99100087715')

app/overrides/auth_shared_login_bar.rb

@@ -0,0 +1,6 @@
+Deface::Override.new(virtual_path: "spree/shared/_nav_bar",
+                     name: "auth_shared_login_bar",
+                     insert_before: "li#search-bar",
+                     partial: "spree/shared/login_bar",
+                     disabled: false,
+                     original: 'eb3fa668cd98b6a1c75c36420ef1b238a1fc55ac')

app/overrides/spree/admin/adjustments/_adjustments_table/add_tax_to_body.html.haml.deface

@@ -1,9 +0,0 @@
-/ replace_contents "[data-hook='adjustment_row']"
-
-%td.align-center.created_at= pretty_time(adjustment.created_at)
-%td.align-center.label= adjustment.label
-%td.align-center.amount= adjustment.display_amount.to_html
-%td.align-center.included-tax= adjustment.display_included_tax.to_html
-%td.actions
-  = link_to_edit adjustment, no_text: true
-  = link_to_delete adjustment, no_text: true

app/overrides/spree/admin/adjustments/_adjustments_table/add_tax_to_head.html.haml.deface

@@ -1,8 +0,0 @@
-/ replace_contents "[data-hook='adjustmment_head']"
-
-%tr
-  %th= "#{t('spree.date')}/#{t('spree.time')}"
-  %th= t(:description)
-  %th= t(:amount)
-  %th= t(:included_tax)
-  %th.actions

app/overrides/spree/admin/adjustments/_adjustments_table/remove_adjustments_actions.html.haml.deface

@@ -1 +0,0 @@
-/ remove "tr:nth-child(4)"

app/overrides/spree/admin/adjustments/_form/add_tax_rate.html.haml.deface

@@ -1,6 +0,0 @@
-/ replace_contents "[data-hook='admin_adjustment_form_fields']"
-
-- if @adjustment.new_record?
-  = render 'new_form', f: f
-- else
-  = render 'edit_form', f: f

app/overrides/spree/admin/general_settings/edit/embedded_shopfront_settings.html.haml.deface

@@ -1,11 +0,0 @@
-/ insert_after "fieldset.security"
-
-%fieldset.embedded_shopfronts.no-border-bottom
-  %legend{:align => "center"}= t('admin.shopfront_settings.embedded_shopfront_settings')
-  .field
-    = preference_field_tag(:enable_embedded_shopfronts, Spree::Config[:enable_embedded_shopfronts], type: Spree::Config.preference_type(:enable_embedded_shopfronts))
-    = label_tag(:enable_embedded_shopfronts, t('admin.shopfront_settings.enable_embedded_shopfronts')) + tag(:br)
-  .field
-    = label_tag(:embedded_shopfronts_whitelist, t('admin.shopfront_settings.embedded_shopfronts_whitelist')) + tag(:br)
-    = preference_field_tag(:embedded_shopfronts_whitelist, Spree::Config[:embedded_shopfronts_whitelist], type: Spree::Config.preference_type(:embedded_shopfronts_whitelist))
-

app/overrides/spree/admin/general_settings/edit/legal_settings.html.haml.deface

@@ -1,22 +0,0 @@
-/ insert_after "fieldset.security"
-
-%fieldset.legal.no-border-bottom
-  %legend{:align => "center"}= t('.legal_settings')
-  .field
-    = label_tag(:footer_tos_url, t('.footer_tos_url')) + tag(:br)
-    = preference_field_tag(:footer_tos_url, Spree::Config[:footer_tos_url], type: Spree::Config.preference_type(:footer_tos_url))
-  .field
-    = preference_field_tag(:enterprises_require_tos, Spree::Config[:enterprises_require_tos], :type => Spree::Config.preference_type(:enterprises_require_tos))
-    = label_tag(:enterprises_require_tos, t('.enterprises_require_tos')) + tag(:br)
-  .field
-    = preference_field_tag(:cookies_consent_banner_toggle, Spree::Config[:cookies_consent_banner_toggle], :type => Spree::Config.preference_type(:cookies_consent_banner_toggle))
-    = label_tag(:cookies_consent_banner_toggle, t('.cookies_consent_banner_toggle')) + tag(:br)
-  .field
-    = preference_field_tag(:cookies_policy_matomo_section, Spree::Config[:cookies_policy_matomo_section], :type => Spree::Config.preference_type(:cookies_policy_matomo_section))
-    = label_tag(:cookies_policy_matomo_section, t('.cookies_policy_matomo_section')) + tag(:br)
-  .field
-    = preference_field_tag(:cookies_policy_ga_section, Spree::Config[:cookies_policy_ga_section], :type => Spree::Config.preference_type(:cookies_policy_ga_section))
-    = label_tag(:cookies_policy_ga_section, t('.cookies_policy_ga_section')) + tag(:br)
-  .field
-    = label_tag(:privacy_policy_url, t('.privacy_policy_url')) + tag(:br)
-    = preference_field_tag(:privacy_policy_url, Spree::Config[:privacy_policy_url], type: Spree::Config.preference_type(:privacy_policy_url))

app/overrides/spree/admin/general_settings/edit/number_localization.html.haml.deface

@@ -1,7 +0,0 @@
-/ insert_after "fieldset.currency"
-
-%fieldset.number_localization.no-border-bottom
-  %legend{:align => "center"}= t('admin.number_localization.number_localization_settings')
-  .field
-    = preference_field_tag(:enable_localized_number?, Spree::Config[:enable_localized_number?], type: Spree::Config.preference_type(:enable_localized_number?))
-    = label_tag(:enable_localized_number?, t('admin.number_localization.enable_localized_number')) + tag(:br)

app/overrides/spree/admin/image_settings/edit/add_image_format.html.haml.deface

@@ -1,11 +0,0 @@
-/ replace_contents '#styles_list'
-
-- @styles.each_with_index do |(style_name, style_value), index|
-  .field.three.columns
-    = label_tag "attachment_styles[#{style_name}]", style_name
-    %a.destroy_style{:alt => t(:destroy), :href => "#", :title => t(:destroy)}
-      %i.icon-trash
-    = text_field_tag "attachment_styles[#{style_name}][]", admin_image_settings_geometry_from_style(style_value), :class => 'fullwidth'
-    %br/
-    - current_format = admin_image_settings_format_from_style(style_value) || ''
-    = select_tag "attachment_styles[#{style_name}][]", options_for_select(admin_image_settings_format_options, current_format), :class => 'fullwidth', :id => "attachment_styles_format_#{style_name}"

app/overrides/spree/admin/orders/customer_details/_form/make_email_fullwidth.html.haml.deface

@@ -1,2 +0,0 @@
-/ set_attributes "div[data-hook='customer_fields'] div.alpha"
-/ attributes({class: "fullwidth"})

app/overrides/spree/admin/orders/customer_details/_form/remove_guest_order_buttons.deface

@@ -1 +0,0 @@
-remove "div[data-hook='customer_fields'] div.omega"

app/overrides/spree/admin/orders/customer_details/edit/replace_customer_search.html.haml.deface

@@ -1,6 +0,0 @@
-/ replace "erb[loud]:contains('hidden_field_tag :customer_search')"
-
-- content_for :app_wrapper_attrs do
-  = 'ng-app=admin.orders'
-
-= hidden_field_tag :customer_search_override,  nil, distributor_id: @order.distributor_id, :class => 'fullwidth title customer-search-override'

app/overrides/spree/admin/orders/show/add_action_dropdown.html.haml.deface

@@ -1,6 +0,0 @@
-/ insert_after "code[erb-loud]:contains('button_link_to t(:edit)')"
-
-%li.links-dropdown#links-dropdown{ links: order_links(@order).to_json }
-
-:coffee
-  angular.bootstrap(document.getElementById("links-dropdown"),['admin.dropdown'])

app/overrides/spree/admin/payment_methods/index/add_distributor_td.html.haml.deface

@@ -1,6 +0,0 @@
-/ insert_after "[data-hook='admin_payment_methods_index_rows'] td:first-child"
-
-%td.align-center
-  - method.distributors.each do |distributor|
-    = distributor.name
-    %br/

app/overrides/spree/admin/payment_methods/index/add_distributor_th.html.haml.deface

@@ -1,4 +0,0 @@
-/ insert_after "[data-hook='admin_payment_methods_index_headers'] th:first-child"
-
-%th
-  = t(:products_distributor)

app/overrides/spree/admin/payment_methods/index/rearrange_cols.html.haml.deface

@@ -1,9 +0,0 @@
-/ replace_contents "table#listing_payment_methods colgroup"
-
-%col{style: "width: 13%"}
-%col{style: "width: 14%"}
-%col{style: "width: 32%"}
-%col{style: "width: 14%"}
-%col{style: "width:  8%"}
-%col{style: "width:  8%"}
-%col{style: "width: 11%"}

app/overrides/spree/admin/payment_methods/index/remove_configuration_sidebar.deface

@@ -1 +0,0 @@
-remove "erb[loud]:contains(\"render :partial => 'spree/admin/shared/configuration_menu'\")"

app/overrides/spree/admin/shared/_head/replace_spree_title.html.haml.deface

@@ -1,7 +0,0 @@
-/ replace_contents "title"
-
-- if content_for? :html_title
-  = yield :html_title
-- else
-  = t(controller.controller_name, :default => controller.controller_name.titleize)
-= " - OFN #{t(:administration)}"

app/overrides/spree/admin/shared/_order_details/replace_item_price.html.haml.deface

@@ -1,3 +0,0 @@
-/ replace_contents 'tr[data-hook="order_details_line_item_row"] td.price'
-
-= item.single_display_amount

app/overrides/spree/admin/shared/_order_details/replace_variant_label.html.haml.deface

@@ -1,3 +0,0 @@
-/ replace 'code[erb-loud]:contains(\'"(" + variant_options(item.variant) + ")"\')'
-
-= "(#{item.full_name})"

app/overrides/spree/admin/shared/_order_tabs/add_customer_name.html.haml.deface

@@ -1,6 +0,0 @@
-/ insert_after "code[erb-silent]:contains('content_for :page_title')"
-
-- if @order.bill_address.present?
-  = @order.bill_address.firstname
-  = @order.bill_address.lastname
-  \-

app/overrides/spree/admin/shipping_categories/_form/add_temperature_controlled_form_element.html.haml.deface

@@ -1,5 +0,0 @@
-/ insert_bottom "div[data-hook='admin_shipping_category_form_fields']"
-
-%div.field.align-center{"data-hook" => "name"}
-  = f.label :temperature_controlled, t(:temperature_controlled)
-  = f.check_box :temperature_controlled

app/overrides/spree/admin/shipping_categories/index/add_temp_controlled_td.html.haml.deface

@@ -1,5 +0,0 @@
-/ insert_after "[data-hook='category_row'] td:first-child"
-
-%td.align-center
-  = shipping_category.temperature_controlled ? t(:yes) : t(:no)
-  %br/

app/overrides/spree/admin/shipping_categories/index/add_temp_controlled_th.html.haml.deface

@@ -1,4 +0,0 @@
-/ insert_after "[data-hook='categories_header'] th:first-child"
-
-%th
-  = t(:temperature_controlled)

app/overrides/spree/layouts/admin/add_analytics.html.haml.deface

@@ -1,3 +0,0 @@
-/ insert_bottom "[data-hook='admin_footer_scripts']"
-
-= render 'spree/shared/google_analytics'

app/overrides/spree/layouts/admin/add_currency_config.html.haml.deface

@@ -1,3 +0,0 @@
-/ insert_before "div#wrapper"
-
-= admin_inject_currency_config

app/overrides/spree/layouts/admin/add_customers_admin_tab.html.haml.deface

@@ -1,2 +0,0 @@
-/ insert_bottom "[data-hook='admin_tabs'], #admin_tabs[data-hook]"
-= tab :customers, :url => main_app.admin_customers_path

app/overrides/spree/layouts/admin/add_enterprises_admin_tab.html.haml.deface

@@ -1,2 +0,0 @@
-/ insert_bottom "[data-hook='admin_tabs'], #admin_tabs[data-hook]"
-= tab :enterprises, :url => main_app.admin_enterprises_path

app/overrides/spree/layouts/admin/add_groups_admin_tab.html.haml.deface

@@ -1,2 +0,0 @@
-/ insert_bottom "[data-hook='admin_tabs'], #admin_tabs[data-hook]"
-= tab :enterprise_groups, :url => main_app.admin_enterprise_groups_path, label: 'groups'

app/overrides/spree/layouts/admin/add_i18n_script.html.haml.deface

@@ -1,3 +0,0 @@
-/ insert_before "div#wrapper"
-
-= render "layouts/i18n_script"

app/overrides/spree/layouts/admin/add_order_cycles_admin_tab.html.haml.deface

@@ -1,2 +0,0 @@
-/ insert_bottom "[data-hook='admin_tabs'], #admin_tabs[data-hook]"
-= tab :order_cycles, :url => main_app.admin_order_cycles_path

app/overrides/spree/layouts/admin/admin_inside_head.html.haml.deface

@@ -1,5 +0,0 @@
-/
-  insert_before '[data-hook="admin_inside_head"]'
-
-= render "layouts/bugherd_script"
-%link{'data-require' => "font-awesome@*", 'data-semver'=>"4.2.0", 'rel' => "stylesheet", 'href' => "//cdnjs.cloudflare.com/ajax/libs/font-awesome/4.2.0/css/font-awesome.css"}

app/overrides/spree/layouts/bare_admin/add_login_nav.html.haml.deface

@@ -1,3 +0,0 @@
-/ insert_top "[data-hook='admin_login_navigation_bar']"
-
-= render partial: "spree/layouts/admin/login_nav"

app/overrides/spree/layouts/spree_application/inside_head.html.haml.deface

@@ -1,5 +0,0 @@
-/
-  insert_before '[data-hook="inside_head"]'
-
-%div#test
-= render "layouts/bugherd_script"

app/serializers/api/rails_flash_serializer.rb

@@ -0,0 +1,7 @@
+module Api
+  class RailsFlashSerializer < ActiveModel::Serializer
+    attributes :info, :success, :error, :notice
+
+    delegate :info, :success, :error, :notice, to: :object
+  end
+end

app/serializers/api/user_serializer.rb

@@ -0,0 +1,5 @@
+module Api
+  class UserSerializer < ActiveModel::Serializer
+    attributes :id, :email
+  end
+end

app/services/subscription_variants_service.rb

@@ -24,7 +24,7 @@ class SubscriptionVariantsService
 
   def self.permitted_producer_ids(distributor)
     other_permitted_producer_ids = EnterpriseRelationship.joins(:parent)
-      .permitting(distributor).with_permission(:add_to_order_cycle)
+      .permitting(distributor.id).with_permission(:add_to_order_cycle)
       .merge(Enterprise.is_primary_producer)
       .pluck(:parent_id)
 

app/views/admin/json/_enterprises.rabl

@@ -1,3 +0,0 @@
-collection @enterprises
-
-attributes :id, :name

app/views/api/enterprises/bulk_index.v1.rabl

@@ -1,2 +0,0 @@
-collection @enterprises
-extends "api/enterprises/bulk_show"

app/views/api/order_cycles/bulk_index.v1.rabl

@@ -1,2 +0,0 @@
-collection @order_cycles
-extends "api/order_cycles/bulk_show"

app/views/api/order_cycles/bulk_show.v1.rabl

@@ -1,11 +0,0 @@
-object @order_cycle
-
-attributes :id, :name
-node( :first_order ) { |order| order.orders_open_at.strftime("%F") }
-node( :last_order ) { |order| (order.orders_close_at + 1.day).strftime("%F") }
-node( :suppliers ) do |oc|
-  partial 'api/enterprises/bulk_index', object: oc.suppliers
-end
-node( :distributors ) do |oc|
-  partial 'api/enterprises/bulk_index', object: oc.distributors
-end

app/views/home/index.html.haml

@@ -2,8 +2,10 @@
   #tagline:before { background-image: url("#{ContentConfig.home_hero.url}") }
 
 
-%div{"ng-controller" => "HomeCtrl"}
+- content_for :page_alert do
   = render "shared/menu/alert"
+
+%div{"ng-controller" => "HomeCtrl"}
   = render "home/tagline"
 
   #panes

app/views/json/_current_order.rabl

@@ -1,12 +0,0 @@
-object current_order
-attributes :id, :item_total
-
-if current_order
-  child line_items: :line_items do
-    attributes :id, :variant_id, :quantity, :price
-  end
-
-  node :cart_count do
-    cart_count
-  end
-end

app/views/json/_current_user.rabl

@@ -1,2 +0,0 @@
-object spree_current_user
-attributes :email, :id

app/views/json/_enterprises.rabl

@@ -1,7 +0,0 @@
-# TODO: This should be moved into the controller
-# RABL is tricky to pass variables into: so we do this as a workaround for now
-# I noticed some vague comments on Rabl github about this, but haven't looked into
-collection Enterprise.visible
-extends 'json/partials/enterprise'
-extends 'json/partials/producer'
-extends 'json/partials/hub'

app/views/json/_flash.rabl

@@ -1,2 +0,0 @@
-object OpenStruct.new(flash.to_hash)
-attributes :info, :success, :error, :notice

app/views/json/_groups.rabl

@@ -1,18 +0,0 @@
-collection @groups
-attributes :id, :permalink, :name, :position, :description, :long_description, :email, :website, :facebook, :instagram, :linkedin, :twitter
-
-child enterprises: :enterprises do
-  attributes :id
-end
-
-node :logo do |group|
-  group.logo(:medium) if group.logo?
-end
-
-node :promo_image do |group|
-  group.promo_image(:large) if group.promo_image?
-end
-
-node :state do |group|
-  group.state.andand.abbr
-end

app/views/json/_hubs.rabl

@@ -1,3 +0,0 @@
-collection Enterprise.is_distributor.visible
-extends 'json/partials/enterprise'
-extends 'json/partials/hub'

app/views/json/_injection.html.haml

@@ -1,2 +0,0 @@
-:javascript
-  angular.module('Darkswarm').value("#{name.to_s}", #{render partial: "json/#{partial.to_s}"})

app/views/json/_producer.rabl

@@ -1,14 +0,0 @@
-attributes :id, :name, :description, :long_description, :website, :instagram, :facebook, :linkedin, :twitter
-
-node :promo_image do |producer|
-  producer.promo_image(:large)
-end
-node :logo do |producer|
-  producer.logo(:medium)
-end
-
-node :path do |producer|
-  main_app.producer_path(producer)
-end
-
-node :hash, &:to_param

app/views/json/_producers.rabl

@@ -1,3 +0,0 @@
-collection Enterprise.is_primary_producer.visible
-extends 'json/partials/enterprise'
-extends 'json/partials/producer'

app/views/json/_taxon.rabl

@@ -1,5 +0,0 @@
-attributes :name, :id, :permalink
-
-node :icon do |taxon|
-  taxon.icon(:original)
-end

app/views/json/partials/_address.rabl

@@ -1,4 +0,0 @@
-attributes :city, :zipcode, :phone
-node :state_name do |address|
-  address.state.abbr
-end

app/views/json/partials/_enterprise.rabl

@@ -1,29 +0,0 @@
-attributes :name, :id, :description, :latitude, :longitude, :long_description, :website, :instagram, :linkedin, :twitter, :facebook, :is_primary_producer, :is_distributor, :phone
-
-node :email_address do |enterprise|
-  enterprise.email_address.to_s.reverse
-end
-
-child :address do
-  extends "json/partials/address"
-end
-
-node :hash, &:to_param
-
-node :logo do |enterprise|
-  enterprise.logo(:medium) if enterprise.logo?
-end
-
-node :promo_image do |enterprise|
-  enterprise.promo_image(:large) if enterprise.promo_image?
-end
-
-node :icon do |e|
-  if e.is_primary_producer && e.is_distributor
-    image_path "map_003-producer-shop.svg"
-  elsif e.is_primary_producer
-    image_path "map_001-producer-only.svg"
-  else
-    image_path "map_005-hub.svg"
-  end
-end

app/views/json/partials/_hub.rabl

@@ -1,23 +0,0 @@
-child distributed_taxons: :taxons do
-  extends "json/taxon"
-end
-child suppliers: :producers do
-  attributes :id
-end
-node :path do |enterprise|
-  main_app.enterprise_shop_path(enterprise)
-end
-node :pickup do |hub|
-  hub.shipping_methods.where(require_ship_address: false).present?
-end
-node :delivery do |hub|
-  hub.shipping_methods.where(require_ship_address: true).present?
-end
-if @active_distributors
-  node :active do |hub|
-    @active_distributors.include?(hub)
-  end
-end
-node :orders_close_at do |hub|
-  OrderCycle.first_closing_for(hub).andand.orders_close_at
-end

app/views/json/partials/_producer.rabl

@@ -1,10 +0,0 @@
-child distributors: :hubs do
-  attributes :id
-end
-node :path do |producer|
-  main_app.producer_path(producer)
-end
-
-child supplied_taxons: :supplied_taxons do
-  extends 'json/taxon'
-end

app/views/layouts/darkswarm.html.haml

@@ -26,9 +26,11 @@
     = render "layouts/shopfront_script" if @shopfront_layout
 
     .off-canvas-wrap{offcanvas: true}
-      .inner-wrap
+      .fixed.off-canvas-fixed
         = render "shared/menu/menu" unless @hide_menu
+        = yield :page_alert
 
+      .inner-wrap
         %section{ role: "main" }
           = yield
 
@@ -43,8 +45,8 @@
     = yield :scripts
 
     = inject_current_hub
-    = inject_json "user", "current_user"
-    = inject_json "railsFlash", "flash"
+    = inject_current_user
+    = inject_rails_flash
     = inject_taxons
     = inject_properties
     = inject_current_order

app/views/layouts/registration.html.haml

@@ -31,7 +31,7 @@
     = javascript_include_tag "darkswarm/all"
     = yield :scripts
 
-    = inject_json "user", "current_user"
+    = inject_current_user
     = yield :injection_data
 
     = render "layouts/i18n_script"

app/views/shared/menu/_menu.html.haml

@@ -1,4 +1,4 @@
-.fixed
-  = render partial: "shared/menu/large_menu"
-  %ofn-flash
-= render partial: "shared/menu/mobile_menu"
+= render "shared/menu/large_menu"
+%ofn-flash
+= render "shared/menu/mobile_menu"
+= render "shared/menu/offcanvas_menu"