Merge pull request #4300 from daningenthron/daningenthron/add-a-new-card

Translation: "Add new credit card"

.rubocop_manual_todo.yml

@@ -49,7 +49,6 @@ Metrics/LineLength:
   - app/controllers/spree/admin/orders_controller_decorator.rb
   - app/controllers/spree/admin/payments_controller_decorator.rb
   - app/controllers/spree/admin/payment_methods_controller_decorator.rb
-  - app/controllers/spree/admin/products_controller_decorator.rb
   - app/controllers/spree/admin/reports_controller_decorator.rb
   - app/controllers/spree/api/products_controller_decorator.rb
   - app/controllers/spree/credit_cards_controller.rb
@@ -123,14 +122,11 @@ Metrics/LineLength:
   - app/serializers/api/admin/subscription_serializer.rb
   - app/serializers/api/admin/tag_rule_serializer.rb
   - app/serializers/api/admin/variant_override_serializer.rb
-  - app/serializers/api/admin/variant_serializer.rb
   - app/services/cart_service.rb
   - app/services/default_stock_location.rb
   - app/services/embedded_page_service.rb
-  - app/services/line_item_syncer.rb
   - app/services/order_cycle_form.rb
   - app/services/order_factory.rb
-  - app/services/order_syncer.rb
   - app/services/subscriptions_count.rb
   - app/services/variants_stock_levels.rb
   - app/views/json/_groups.rabl
@@ -157,7 +153,6 @@ Metrics/LineLength:
   - lib/open_food_network/permalink_generator.rb
   - lib/open_food_network/products_cache.rb
   - lib/open_food_network/products_renderer.rb
-  - lib/open_food_network/proxy_order_syncer.rb
   - lib/open_food_network/reports/bulk_coop_allocation_report.rb
   - lib/open_food_network/reports/line_items.rb
   - lib/open_food_network/sales_tax_report.rb
@@ -344,11 +339,8 @@ Metrics/LineLength:
   - spec/models/tag_rule/filter_shipping_methods_spec.rb
   - spec/models/variant_override_spec.rb
   - spec/performance/orders_controller_spec.rb
-  - spec/performance/proxy_order_syncer_spec.rb
   - spec/performance/shop_controller_spec.rb
   - spec/requests/checkout/failed_checkout_spec.rb
-  - spec/requests/checkout/paypal_spec.rb
-  - spec/requests/checkout/stripe_connect_spec.rb
   - spec/requests/embedded_shopfronts_headers_spec.rb
   - spec/requests/shop_spec.rb
   - spec/serializers/admin/customer_serializer_spec.rb
@@ -443,7 +435,6 @@ Metrics/AbcSize:
   - app/models/spree/order_decorator.rb
   - app/models/spree/payment_decorator.rb
   - app/models/spree/product_decorator.rb
-  - app/models/spree/product_set.rb
   - app/models/spree/taxon_decorator.rb
   - app/serializers/api/admin/enterprise_serializer.rb
   - app/serializers/api/product_serializer.rb
@@ -490,63 +481,26 @@ Metrics/AbcSize:
 
 Metrics/BlockLength:
   Max: 25
-  ExcludedMethods: ["class_eval", "collection", "context", "describe", "it", "member", "namespace", "resource", "resources"]
+  ExcludedMethods: [
+    "class_eval",
+    "collection",
+    "context",
+    "describe",
+    "feature",
+    "it",
+    "member",
+    "namespace",
+    "resource",
+    "resources",
+    "scenario"
+  ]
   Exclude:
   - lib/tasks/data.rake
   - lib/tasks/dev.rake
   - spec/controllers/spree/admin/invoices_controller_spec.rb
   - spec/factories/variant_factory.rb
-  - spec/features/admin/adjustments_spec.rb
-  - spec/features/admin/bulk_order_management_spec.rb
-  - spec/features/admin/bulk_product_update_spec.rb
-  - spec/features/admin/caching_spec.rb
-  - spec/features/admin/content_spec.rb
-  - spec/features/admin/customers_spec.rb
-  - spec/features/admin/enterprise_fees_spec.rb
-  - spec/features/admin/enterprise_groups_spec.rb
-  - spec/features/admin/enterprise_relationships_spec.rb
-  - spec/features/admin/enterprise_roles_spec.rb
-  - spec/features/admin/enterprises/images_spec.rb
-  - spec/features/admin/enterprises/index_spec.rb
-  - spec/features/admin/enterprises_spec.rb
-  - spec/features/admin/enterprise_user_spec.rb
-  - spec/features/admin/multilingual_spec.rb
-  - spec/features/admin/order_cycles_spec.rb
   - spec/features/admin/orders_spec.rb
-  - spec/features/admin/overview_spec.rb
-  - spec/features/admin/payment_method_spec.rb
-  - spec/features/admin/product_import_spec.rb
-  - spec/features/admin/products_spec.rb
-  - spec/features/admin/reports/enterprise_fee_summaries_spec.rb
-  - spec/features/admin/reports_spec.rb
-  - spec/features/admin/schedules_spec.rb
-  - spec/features/admin/shipping_methods_spec.rb
-  - spec/features/admin/subscriptions_spec.rb
-  - spec/features/admin/tag_rules_spec.rb
-  - spec/features/admin/tax_settings_spec.rb
-  - spec/features/admin/users_spec.rb
-  - spec/features/admin/variant_overrides_spec.rb
-  - spec/features/admin/variants_spec.rb
-  - spec/features/consumer/account/cards_spec.rb
-  - spec/features/consumer/account/settings_spec.rb
-  - spec/features/consumer/account_spec.rb
-  - spec/features/consumer/authentication_spec.rb
-  - spec/features/consumer/cookies_spec.rb
-  - spec/features/consumer/external_services_spec.rb
-  - spec/features/consumer/groups_spec.rb
-  - spec/features/consumer/multilingual_spec.rb
-  - spec/features/consumer/producers_spec.rb
-  - spec/features/consumer/registration_spec.rb
-  - spec/features/consumer/shopping/cart_spec.rb
-  - spec/features/consumer/shopping/checkout_auth_spec.rb
-  - spec/features/consumer/shopping/checkout_spec.rb
-  - spec/features/consumer/shopping/embedded_groups_spec.rb
   - spec/features/consumer/shopping/embedded_shopfronts_spec.rb
-  - spec/features/consumer/shopping/orders_spec.rb
-  - spec/features/consumer/shopping/products_spec.rb
-  - spec/features/consumer/shopping/shopping_spec.rb
-  - spec/features/consumer/shopping/variant_overrides_spec.rb
-  - spec/features/consumer/shops_spec.rb
   - spec/lib/open_food_network/group_buy_report_spec.rb
   - spec/models/tag_rule/discount_order_spec.rb
   - spec/spec_helper.rb
@@ -565,6 +519,7 @@ Metrics/CyclomaticComplexity:
   - app/helpers/checkout_helper.rb
   - app/helpers/i18n_helper.rb
   - app/helpers/order_cycles_helper.rb
+  - app/helpers/spree/admin/navigation_helper_decorator.rb
   - app/models/enterprise.rb
   - app/models/enterprise_relationship.rb
   - app/models/product_import/entry_processor.rb
@@ -572,7 +527,6 @@ Metrics/CyclomaticComplexity:
   - app/models/spree/ability_decorator.rb
   - app/models/spree/payment_decorator.rb
   - app/models/spree/product_decorator.rb
-  - app/models/spree/product_set.rb
   - app/models/variant_override_set.rb
   - app/services/cart_service.rb
   - lib/discourse/single_sign_on.rb
@@ -600,7 +554,6 @@ Metrics/PerceivedComplexity:
   - app/models/spree/ability_decorator.rb
   - app/models/spree/order_decorator.rb
   - app/models/spree/product_decorator.rb
-  - app/models/spree/product_set.rb
   - lib/discourse/single_sign_on.rb
   - lib/open_food_network/bulk_coop_report.rb
   - lib/open_food_network/enterprise_issue_validator.rb
@@ -656,7 +609,6 @@ Metrics/MethodLength:
   - app/models/spree/payment_decorator.rb
   - app/models/spree/payment_method_decorator.rb
   - app/models/spree/product_decorator.rb
-  - app/models/spree/product_set.rb
   - app/serializers/api/admin/order_cycle_serializer.rb
   - app/serializers/api/cached_enterprise_serializer.rb
   - app/services/order_cycle_form.rb

.rubocop_styleguide.yml

@@ -186,7 +186,19 @@ Metrics/AbcSize:
 
 Metrics/BlockLength:
   Max: 25
-  ExcludedMethods: ["class_eval", "collection", "context", "describe", "it", "member", "namespace", "resource", "resources"]
+  ExcludedMethods: [
+    "class_eval",
+    "collection",
+    "context",
+    "describe",
+    "feature",
+    "it",
+    "member",
+    "namespace",
+    "resource",
+    "resources",
+    "scenario"
+  ]
 
 Metrics/BlockNesting:
   Max: 3

.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --exclude-limit 1400`
-# on 2019-05-28 16:29:07 +0100 using RuboCop version 0.57.2.
+# on 2019-07-23 14:09:18 +0100 using RuboCop version 0.57.2.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -32,15 +32,6 @@ Layout/EndAlignment:
 Layout/IndentHash:
   EnforcedStyle: consistent
 
-# Offense count: 7
-# Cop supports --auto-correct.
-# Configuration parameters: EnforcedStyle, IndentationWidth.
-# SupportedStyles: aligned, indented, indented_relative_to_receiver
-Layout/MultilineMethodCallIndentation:
-  Exclude:
-    - 'app/models/spree/line_item_decorator.rb'
-    - 'app/models/spree/product_decorator.rb'
-
 # Offense count: 4
 Lint/AmbiguousOperator:
   Exclude:
@@ -55,7 +46,7 @@ Lint/DuplicateMethods:
     - 'lib/discourse/single_sign_on.rb'
     - 'lib/open_food_network/subscription_summary.rb'
 
-# Offense count: 15
+# Offense count: 8
 Lint/IneffectiveAccessModifier:
   Exclude:
     - 'app/models/column_preference.rb'
@@ -79,7 +70,13 @@ Lint/UnderscorePrefixedVariableName:
   Exclude:
     - 'spec/support/cancan_helper.rb'
 
-# Offense count: 6
+# Offense count: 1
+# Cop supports --auto-correct.
+Lint/UnneededCopDisableDirective:
+  Exclude:
+    - 'app/models/product_import/entry_validator.rb'
+
+# Offense count: 5
 # Configuration parameters: ContextCreatingMethods, MethodCreatingMethods.
 Lint/UselessAccessModifier:
   Exclude:
@@ -89,28 +86,47 @@ Lint/UselessAccessModifier:
     - 'lib/open_food_network/reports/bulk_coop_report.rb'
     - 'spec/lib/open_food_network/reports/report_spec.rb'
 
-# Offense count: 91
+# Offense count: 8
 # Configuration parameters: CheckForMethodsWithNoSideEffects.
 Lint/Void:
   Exclude:
     - 'app/serializers/api/enterprise_serializer.rb'
     - 'spec/features/admin/bulk_product_update_spec.rb'
-    - 'spec/features/admin/enterprise_groups_spec.rb'
-    - 'spec/features/admin/enterprises/index_spec.rb'
-    - 'spec/features/admin/enterprises_spec.rb'
-    - 'spec/features/admin/order_cycles_spec.rb'
-    - 'spec/features/admin/payment_method_spec.rb'
-    - 'spec/features/admin/products_spec.rb'
-    - 'spec/features/admin/variant_overrides_spec.rb'
-    - 'spec/features/admin/variants_spec.rb'
     - 'spec/features/consumer/shopping/checkout_spec.rb'
     - 'spec/features/consumer/shopping/shopping_spec.rb'
     - 'spec/features/consumer/shopping/variant_overrides_spec.rb'
 
-# Offense count: 109
+# Offense count: 15
+Metrics/AbcSize:
+  Max: 36
+
+# Offense count: 13
 # Configuration parameters: CountComments, ExcludedMethods.
 Metrics/BlockLength:
-  Max: 774
+  Max: 115
+
+# Offense count: 2
+# Configuration parameters: CountComments.
+Metrics/ClassLength:
+  Max: 169
+
+# Offense count: 1
+Metrics/CyclomaticComplexity:
+  Max: 8
+
+# Offense count: 8
+# Configuration parameters: CountComments.
+Metrics/MethodLength:
+  Max: 31
+
+# Offense count: 2
+# Configuration parameters: CountComments.
+Metrics/ModuleLength:
+  Max: 208
+
+# Offense count: 2
+Metrics/PerceivedComplexity:
+  Max: 11
 
 # Offense count: 7
 Naming/AccessorMethodName:
@@ -160,7 +176,7 @@ Naming/PredicateName:
     - 'lib/open_food_network/packing_report.rb'
     - 'lib/tasks/data.rake'
 
-# Offense count: 12
+# Offense count: 11
 # Configuration parameters: MinNameLength, AllowNamesEndingInNumbers, AllowedNames, ForbiddenNames.
 # AllowedNames: io, id, to, by, on, in, at
 Naming/UncommunicativeMethodParamName:
@@ -288,13 +304,12 @@ Style/CaseEquality:
     - 'app/helpers/angular_form_helper.rb'
     - 'spec/models/spree/payment_spec.rb'
 
-# Offense count: 79
+# Offense count: 78
 # Cop supports --auto-correct.
 # Configuration parameters: AutoCorrect, EnforcedStyle.
 # SupportedStyles: nested, compact
 Style/ClassAndModuleChildren:
   Exclude:
-    - 'app/controllers/spree/store_controller_decorator.rb'
     - 'app/helpers/angular_form_helper.rb'
     - 'app/models/calculator/flat_percent_per_item.rb'
     - 'app/models/spree/concerns/payment_method_distributors.rb'
@@ -379,11 +394,27 @@ Style/CommentedKeyword:
   Exclude:
     - 'app/controllers/application_controller.rb'
 
+# Offense count: 4
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, SingleLineConditionsOnly, IncludeTernaryExpressions.
+# SupportedStyles: assign_to_condition, assign_inside_condition
+Style/ConditionalAssignment:
+  Exclude:
+    - 'app/controllers/spree/api/products_controller.rb'
+    - 'app/controllers/spree/api/taxons_controller.rb'
+    - 'app/controllers/spree/api/variants_controller.rb'
+
 # Offense count: 2
 Style/DateTime:
   Exclude:
     - 'lib/open_food_network/users_and_enterprises_report.rb'
 
+# Offense count: 1
+# Cop supports --auto-correct.
+Style/EachWithObject:
+  Exclude:
+    - 'app/controllers/spree/api/base_controller.rb'
+
 # Offense count: 5
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: annotated, template, unannotated
@@ -393,7 +424,7 @@ Style/FormatStringToken:
     - 'lib/open_food_network/sales_tax_report.rb'
     - 'spec/models/enterprise_spec.rb'
 
-# Offense count: 69
+# Offense count: 68
 # Configuration parameters: MinBodyLength.
 Style/GuardClause:
   Exclude:
@@ -410,7 +441,9 @@ Style/GuardClause:
     - 'app/controllers/spree/admin/products_controller_decorator.rb'
     - 'app/controllers/spree/admin/resource_controller_decorator.rb'
     - 'app/controllers/spree/admin/variants_controller_decorator.rb'
-    - 'app/controllers/spree/orders_controller_decorator.rb'
+    - 'app/controllers/spree/api/base_controller.rb'
+    - 'app/controllers/spree/checkout_controller.rb'
+    - 'app/controllers/spree/orders_controller.rb'
     - 'app/controllers/spree/paypal_controller_decorator.rb'
     - 'app/jobs/products_cache_integrity_checker_job.rb'
     - 'app/models/enterprise.rb'
@@ -434,12 +467,23 @@ Style/GuardClause:
     - 'spec/support/request/distribution_helper.rb'
     - 'spec/support/request/shop_workflow.rb'
 
-# Offense count: 3
+# Offense count: 6
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, UseHashRocketsWithSymbolValues, PreferHashRocketsForNonAlnumEndingSymbols.
+# SupportedStyles: ruby19, hash_rockets, no_mixed_keys, ruby19_no_mixed_keys
+Style/HashSyntax:
+  Exclude:
+    - 'app/controllers/spree/api/base_controller.rb'
+    - 'app/controllers/spree/checkout_controller.rb'
+    - 'app/controllers/spree/orders_controller.rb'
+
+# Offense count: 4
 Style/IfInsideElse:
   Exclude:
     - 'app/controllers/admin/column_preferences_controller.rb'
     - 'app/controllers/admin/variant_overrides_controller.rb'
     - 'app/controllers/spree/admin/products_controller_decorator.rb'
+    - 'app/controllers/spree/api/taxons_controller.rb'
 
 # Offense count: 1
 Style/MissingRespondToMissing:
@@ -492,9 +536,10 @@ Style/RegexpLiteral:
     - 'spec/mailers/subscription_mailer_spec.rb'
     - 'spec/models/content_configuration_spec.rb'
 
-# Offense count: 243
+# Offense count: 244
 Style/Send:
   Exclude:
+    - 'app/controllers/spree/checkout_controller.rb'
     - 'app/models/spree/shipping_method_decorator.rb'
     - 'spec/controllers/admin/subscriptions_controller_spec.rb'
     - 'spec/controllers/checkout_controller_spec.rb'
@@ -541,3 +586,9 @@ Style/Send:
 Style/StructInheritance:
   Exclude:
     - 'lib/open_food_network/enterprise_fee_applicator.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Style/UnlessElse:
+  Exclude:
+    - 'app/controllers/spree/api/variants_controller.rb'

.ruby-version

@@ -1 +1 @@
-2.1.5
+2.1.9

DOCKER.md

@@ -42,6 +42,6 @@ $ docker-compose up
 ```
 
 This command will setup the database and seed it with sample data. The default admin user is 'ofn@example.com' with 'ofn123' password.
-Check the app in the browser at `http:://localhost:3000`.
+Check the app in the browser at `http://localhost:3000`.
 
 You will then get the trace of the containers in the terminal. You can stop the containers using Ctrl-C in the terminal.

Gemfile

@@ -1,5 +1,5 @@
 source 'https://rubygems.org'
-ruby "2.1.5"
+ruby "2.1.9"
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" }
 
 gem 'i18n', '~> 0.6.11'
@@ -37,7 +37,7 @@ gem 'stripe'
 gem 'activemerchant', '~> 1.78'
 
 gem 'devise', '~> 2.2.5'
-gem 'devise-encryptable', '0.1.2'
+gem 'devise-encryptable', '0.2.0'
 gem 'jwt', '~> 2.2'
 gem 'oauth2', '~> 1.4.1' # Used for Stripe Connect
 
@@ -49,6 +49,10 @@ gem 'delayed_job_web'
 # When merged, revert to upstream gem
 gem 'simple_form', github: 'RohanM/simple_form'
 
+# Spree's default pagination gem (locked to the current version used by Spree)
+# We use it's methods in OFN code as well, so this is a direct dependency
+gem 'kaminari', '~> 0.14.1'
+
 gem 'andand'
 gem 'angularjs-rails', '1.5.5'
 gem 'aws-sdk'
@@ -81,7 +85,6 @@ gem 'paperclip', '~> 3.4.1'
 gem 'rack-rewrite'
 gem 'rack-ssl', require: 'rack/ssl'
 gem 'roadie-rails', '~> 1.1.1'
-gem 'skylight', '< 2.0'
 gem 'spinjs-rails'
 
 gem 'combine_pdf'
@@ -101,7 +104,10 @@ group :assets do
   gem 'coffee-rails', '~> 3.2.1'
   gem 'compass-rails'
 
-  gem 'therubyracer', '=0.12.0'
+  gem 'mini_racer', '0.1.15'
+  # Previously we found that libv8 6.7.288.46.1 breakis the compilation of mini_racer.
+  # Now we see that we need to set the version explicitly. Nothing else depends on libv8.
+  gem 'libv8', '6.3.292.48.1'
 
   gem 'uglifier', '>= 1.0.3'
 
@@ -119,6 +125,10 @@ gem 'jquery-rails', '3.0.4'
 
 gem 'ofn-qz', github: 'openfoodfoundation/ofn-qz', ref: '60da2ae4c44cbb4c8d602f59fb5fff8d0f21db3c'
 
+group :production, :staging do
+  gem 'ddtrace'
+end
+
 group :test, :development do
   # Pretty printed test output
   gem 'atomic'
@@ -149,10 +159,6 @@ end
 group :development do
   gem 'byebug', '~> 9.0.0' # 9.1 requires ruby 2.2
   gem 'debugger-linecache'
-  gem 'guard'
-  gem 'guard-livereload'
-  gem 'guard-rails'
-  gem 'guard-rspec', '~> 4.7.3'
   gem 'listen', '3.0.8' # 3.1.0 requires ruby 2.2
   gem "newrelic_rpm", "~> 3.0"
   gem 'pry-byebug', '>= 3.4.3'

Gemfile.lock

@@ -141,8 +141,8 @@ GEM
       activerecord (>= 3.2, < 5)
     acts_as_list (0.2.0)
       activerecord (>= 3.0)
-    addressable (2.6.0)
-      public_suffix (>= 2.0.2, < 4.0)
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
     andand (1.3.3)
     angular-rails-templates (0.3.0)
       railties (>= 3.1)
@@ -164,7 +164,7 @@ GEM
     bcrypt-ruby (3.1.5)
       bcrypt (>= 3.1.3)
     blockenspiel (0.5.0)
-    bugsnag (6.11.1)
+    bugsnag (6.12.1)
       concurrent-ruby (~> 1.0)
     builder (3.0.4)
     byebug (9.0.6)
@@ -210,7 +210,7 @@ GEM
       compass (~> 1.0.0)
       sass-rails (< 5.1)
       sprockets (< 4.0)
-    concurrent-ruby (1.1.4)
+    concurrent-ruby (1.1.5)
     connection_pool (2.2.2)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
@@ -223,16 +223,18 @@ GEM
       activerecord (>= 3.2.0, < 5.0)
       fog (~> 1.0)
       rails (>= 3.2.0, < 5.0)
+    ddtrace (0.27.0)
+      msgpack
     debugger-linecache (1.2.0)
     deface (1.0.2)
       colorize (>= 0.5.8)
       nokogiri (~> 1.6.0)
       polyglot
       rails (>= 3.1)
-    delayed_job (4.1.5)
-      activesupport (>= 3.0, < 5.3)
-    delayed_job_active_record (4.1.3)
-      activerecord (>= 3.0, < 5.3)
+    delayed_job (4.1.8)
+      activesupport (>= 3.0, < 6.1)
+    delayed_job_active_record (4.1.4)
+      activerecord (>= 3.0, < 6.1)
       delayed_job (>= 3.0, < 5)
     delayed_job_web (1.4.3)
       activerecord (> 3.0.0)
@@ -244,15 +246,12 @@ GEM
       orm_adapter (~> 0.1)
       railties (~> 3.1)
       warden (~> 1.2.1)
-    devise-encryptable (0.1.2)
+    devise-encryptable (0.2.0)
       devise (>= 2.1.0)
     diff-lcs (1.3)
     diffy (3.3.0)
     docile (1.3.2)
     dry-inflector (0.1.2)
-    em-websocket (0.5.1)
-      eventmachine (>= 0.12.9)
-      http_parser.rb (~> 0.6.0)
     erubis (2.7.0)
     eventmachine (1.2.7)
     excon (0.62.0)
@@ -430,34 +429,11 @@ GEM
       ruby-progressbar (~> 1.4)
     geocoder (1.1.8)
     gmaps4rails (1.5.6)
-    guard (2.15.0)
-      formatador (>= 0.2.4)
-      listen (>= 2.7, < 4.0)
-      lumberjack (>= 1.0.12, < 2.0)
-      nenv (~> 0.1)
-      notiffany (~> 0.0)
-      pry (>= 0.9.12)
-      shellany (~> 0.0)
-      thor (>= 0.18.1)
-    guard-compat (1.2.1)
-    guard-livereload (2.5.2)
-      em-websocket (~> 0.5)
-      guard (~> 2.8)
-      guard-compat (~> 1.0)
-      multi_json (~> 1.8)
-    guard-rails (0.7.2)
-      guard (~> 2.11)
-      guard-compat (~> 1.0)
-    guard-rspec (4.7.3)
-      guard (~> 2.1)
-      guard-compat (~> 1.1)
-      rspec (>= 2.99.0, < 4.0)
     haml (4.0.7)
       tilt
-    hashdiff (0.4.0)
+    hashdiff (1.0.0)
     highline (1.6.18)
     hike (1.2.3)
-    http_parser.rb (0.6.0)
     httparty (0.16.2)
       multi_xml (>= 0.5.2)
     i18n (0.6.11)
@@ -483,17 +459,16 @@ GEM
       actionpack (>= 3.0.0)
       activesupport (>= 3.0.0)
     kgio (2.11.2)
-    knapsack (1.17.2)
+    knapsack (1.18.0)
       rake
     launchy (2.4.3)
       addressable (~> 2.3)
     letter_opener (1.7.0)
       launchy (~> 2.2)
-    libv8 (3.16.14.19)
+    libv8 (6.3.292.48.1)
     listen (3.0.8)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
-    lumberjack (1.0.13)
     mail (2.5.5)
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
@@ -501,22 +476,21 @@ GEM
     mime-types (1.25.1)
     mini_mime (1.0.1)
     mini_portile2 (2.1.0)
+    mini_racer (0.1.15)
+      libv8 (~> 6.3)
     momentjs-rails (2.20.1)
       railties (>= 3.1)
     money (5.1.1)
       i18n (~> 0.6.0)
+    msgpack (1.3.1)
     multi_json (1.13.1)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
-    nenv (0.3.0)
-    net-http-persistent (3.0.1)
+    net-http-persistent (3.1.0)
       connection_pool (~> 2.2)
     newrelic_rpm (3.18.1.330)
     nokogiri (1.6.8.1)
       mini_portile2 (~> 2.1.0)
-    notiffany (0.1.1)
-      nenv (~> 0.1)
-      shellany (~> 0.0)
     oauth2 (1.4.1)
       faraday (>= 0.8, < 0.16.0)
       jwt (>= 1.0, < 3.0)
@@ -555,7 +529,7 @@ GEM
     pry-byebug (3.4.3)
       byebug (>= 9.0, < 9.1)
       pry (~> 0.10)
-    public_suffix (3.0.3)
+    public_suffix (3.1.1)
     rabl (0.8.4)
       activesupport (>= 2.3.14)
     rack (1.4.7)
@@ -591,7 +565,7 @@ GEM
       thor (>= 0.14.6, < 2.0)
     rainbow (3.0.0)
     raindrops (0.19.0)
-    rake (12.3.2)
+    rake (12.3.3)
     ransack (0.7.2)
       actionpack (~> 3.0)
       activerecord (~> 3.0)
@@ -607,7 +581,6 @@ GEM
     rdoc (3.12.2)
       json (~> 1.4)
     redcarpet (3.5.0)
-    ref (2.0.0)
     request_store (1.4.1)
       rack (>= 1.4)
     roadie (3.4.0)
@@ -670,10 +643,9 @@ GEM
     selenium-webdriver (3.141.0)
       childprocess (~> 0.5)
       rubyzip (~> 1.2, >= 1.2.2)
-    shellany (0.0.1)
     shoulda-matchers (2.8.0)
       activesupport (>= 3.0.0)
-    simplecov (0.17.0)
+    simplecov (0.17.1)
       docile (~> 1.1)
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
@@ -682,8 +654,6 @@ GEM
       rack (~> 1.4)
       rack-protection (~> 1.4)
       tilt (>= 1.3, < 3)
-    skylight (1.7.2)
-      activesupport (>= 3.0.0)
     spinjs-rails (1.4)
       rails (>= 3.1)
     spreadsheet (1.1.7)
@@ -698,12 +668,9 @@ GEM
       tilt (~> 1.1, != 1.3.0)
     state_machine (1.2.0)
     stringex (1.5.1)
-    stripe (4.19.0)
+    stripe (4.24.0)
       faraday (~> 0.13)
       net-http-persistent (~> 3.0)
-    therubyracer (0.12.0)
-      libv8 (~> 3.16.14.0)
-      ref
     thor (0.20.3)
     tilt (1.4.1)
     timecop (0.9.1)
@@ -736,7 +703,7 @@ GEM
       nokogiri (~> 1.6)
       rubyzip (~> 1.0)
       selenium-webdriver (~> 3.0)
-    webmock (3.6.0)
+    webmock (3.7.5)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
@@ -775,12 +742,13 @@ DEPENDENCIES
   dalli
   database_cleaner (= 0.7.1)
   db2fog
+  ddtrace
   debugger-linecache
   deface (= 1.0.2)
   delayed_job_active_record
   delayed_job_web
   devise (~> 2.2.5)
-  devise-encryptable (= 0.1.2)
+  devise-encryptable (= 0.2.0)
   diffy
   eventmachine (>= 1.2.3)
   factory_bot_rails
@@ -792,10 +760,6 @@ DEPENDENCIES
   fuubar (~> 2.4.1)
   geocoder
   gmaps4rails
-  guard
-  guard-livereload
-  guard-rails
-  guard-rspec (~> 4.7.3)
   haml
   i18n (~> 0.6.11)
   i18n-js (~> 3.3.0)
@@ -804,9 +768,12 @@ DEPENDENCIES
   jquery-rails (= 3.0.4)
   json_spec (~> 1.1.4)
   jwt (~> 2.2)
+  kaminari (~> 0.14.1)
   knapsack
   letter_opener (>= 1.4.1)
+  libv8 (= 6.3.292.48.1)
   listen (= 3.0.8)
+  mini_racer (= 0.1.15)
   momentjs-rails
   newrelic_rpm (~> 3.0)
   nokogiri (>= 1.6.7.1)
@@ -838,7 +805,6 @@ DEPENDENCIES
   shoulda-matchers
   simple_form!
   simplecov
-  skylight (< 2.0)
   spinjs-rails
   spree_api!
   spree_backend!
@@ -848,7 +814,6 @@ DEPENDENCIES
   spring (= 1.7.2)
   spring-commands-rspec
   stripe
-  therubyracer (= 0.12.0)
   timecop
   truncate_html
   turbo-sprockets-rails3
@@ -863,7 +828,7 @@ DEPENDENCIES
   wkhtmltopdf-binary
 
 RUBY VERSION
-   ruby 2.1.5p273
+   ruby 2.1.9p490
 
 BUNDLED WITH
    1.17.2

Guardfile

@@ -1,11 +0,0 @@
-# A sample Guardfile
-# More info at https://github.com/guard/guard#readme
-
-guard 'livereload' do
-  watch(%r{app/views/.+\.(erb|haml|slim)$})
-  watch(%r{app/helpers/.+\.rb})
-  watch(%r{public/.+\.(css|js|html)})
-
-  # Rails Assets Pipeline
-  watch(%r{(app|vendor)(/assets/\w+/(.+\.(css|js|html|png|jpg))).*}) { |m| "/assets/#{m[3]}" }
-end

README.md

@@ -1,6 +1,5 @@
 [![Build Status](https://semaphoreci.com/api/v1/openfoodfoundation/openfoodnetwork-2/branches/master/badge.svg)](https://semaphoreci.com/openfoodfoundation/openfoodnetwork-2)
 [![Code Climate](https://codeclimate.com/github/openfoodfoundation/openfoodnetwork.png)](https://codeclimate.com/github/openfoodfoundation/openfoodnetwork)
-[![View performance data on Skylight](https://badges.skylight.io/status/EiXQ6sSKij8y.svg)](https://oss.skylight.io/app/applications/EiXQ6sSKij8y)
 
 # Open Food Network
 
@@ -36,7 +35,7 @@ We use [BrowserStack](https://www.browserstack.com/) as a manual testing tool. B
 Copyright (c) 2012 - 2019 Open Food Foundation, released under the AGPL licence.
 
 [survey]: https://docs.google.com/a/eaterprises.com.au/forms/d/1zxR5vSiU9CigJ9cEaC8-eJLgYid8CR8er7PPH9Mc-30/edit#
-[slack-invite]: https://openfoodnetwork.org/slack-invite
+[slack-invite]: https://join.slack.com/t/openfoodnetwork/shared_invite/enQtMzU2Mjk5MDc2MjA5LTM4ZTAzZjIwNzIxMmU5ODFiNWY1MTU2ZWUyNzQwNjdjNTY0N2VhY2UwOGU4ZmVjNzYyZDU2NjY3NzZkZmQwYjk
 [contributor-guide]: https://ofn-user-guide.gitbook.io/ofn-contributor-guide/who-are-we
 [ofn-install]: https://github.com/openfoodfoundation/ofn-install
 [super-admin-guide]: https://ofn-user-guide.gitbook.io/ofn-super-admin-guide

app/assets/javascripts/admin/bulk_product_update.js.coffee

@@ -1,267 +1,287 @@
-angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout, $http, $window, BulkProducts, DisplayProperties, dataFetcher, DirtyProducts, VariantUnitManager, StatusMessage, producers, Taxons, SpreeApiAuth, Columns, tax_categories) ->
-    $scope.loading = true
-    $scope.loadingAllPages = true
+angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout, $filter, $http, $window, BulkProducts, DisplayProperties, DirtyProducts, VariantUnitManager, StatusMessage, producers, Taxons, SpreeApiAuth, Columns, tax_categories, RequestMonitor) ->
+  $scope.StatusMessage = StatusMessage
 
-    $scope.StatusMessage = StatusMessage
+  $scope.columns = Columns.columns
 
-    $scope.columns = Columns.columns
+  $scope.variant_unit_options = VariantUnitManager.variantUnitOptions()
 
-    $scope.variant_unit_options = VariantUnitManager.variantUnitOptions()
+  $scope.RequestMonitor = RequestMonitor
+  $scope.pagination = BulkProducts.pagination
+  $scope.per_page_options = [
+    {id: 15, name: t('js.admin.orders.index.per_page', results: 15)},
+    {id: 50, name: t('js.admin.orders.index.per_page', results: 50)},
+    {id: 100, name: t('js.admin.orders.index.per_page', results: 100)}
+  ]
 
-    $scope.filterableColumns = [
-      { name: t("label_producers"),       db_column: "producer_name" },
-      { name: t("name"),           db_column: "name" }
-    ]
+  $scope.filterableColumns = [
+    { name: t("label_producers"),       db_column: "producer_name" },
+    { name: t("name"),           db_column: "name" }
+  ]
 
-    $scope.filterTypes = [
-      { name: t("equals"),         predicate: "eq" },
-      { name: t("contains"),       predicate: "cont" }
-    ]
+  $scope.filterTypes = [
+    { name: t("equals"),         predicate: "eq" },
+    { name: t("contains"),       predicate: "cont" }
+  ]
 
-    $scope.optionTabs =
-      filters:        { title: t("filter_products"),   visible: false }
+  $scope.optionTabs =
+    filters:        { title: t("filter_products"),   visible: false }
+
+  $scope.producers = producers
+  $scope.taxons = Taxons.all
+  $scope.tax_categories = tax_categories
+  $scope.producerFilter = ""
+  $scope.categoryFilter = ""
+  $scope.importDateFilter = ""
+  $scope.page = 1
+  $scope.per_page = 15
+  $scope.products = BulkProducts.products
+  $scope.query = ""
+  $scope.DisplayProperties = DisplayProperties
+
+  $scope.initialise = ->
+    SpreeApiAuth.authorise()
+    .then ->
+      $scope.spree_api_key_ok = true
+      $scope.fetchProducts()
+    .catch (message) ->
+      $scope.api_error_msg = message
+
+  $scope.$watchCollection '[query, producerFilter, categoryFilter, importDateFilter, per_page]', ->
+    $scope.page = 1 # Reset page when changing filters for new search
+
+  $scope.changePage = (newPage) ->
+    $scope.page = newPage
+    $scope.fetchProducts()
+
+  $scope.fetchProducts = ->
+    removeClearedValues()
+    params = {
+      'q[name_cont]': $scope.query,
+      'q[supplier_id_eq]': $scope.producerFilter,
+      'q[primary_taxon_id_eq]': $scope.categoryFilter,
+      import_date: $scope.importDateFilter,
+      page: $scope.page,
+      per_page: $scope.per_page
+    }
+    RequestMonitor.load(BulkProducts.fetch(params).$promise).then ->
+      $scope.resetProducts()
+
+  removeClearedValues = ->
+    delete $scope.producerFilter if $scope.producerFilter == "0"
+    delete $scope.categoryFilter if $scope.categoryFilter == "0"
+    delete $scope.importDateFilter if $scope.importDateFilter == "0"
+
+  $timeout ->
+    if $scope.showLatestImport
+      $scope.importDateFilter = $scope.importDates[1].id
+
+  $scope.resetProducts = ->
+    DirtyProducts.clear()
+    StatusMessage.clear()
+
+  $scope.updateOnHand = (product) ->
+    on_demand_variants = []
+    if product.variants
+      on_demand_variants = (variant for id, variant of product.variants when variant.on_demand)
+
+    unless product.on_demand || on_demand_variants.length > 0
+      product.on_hand = $scope.onHand(product)
 
 
-    $scope.producers = producers
-    $scope.taxons = Taxons.all
-    $scope.tax_categories = tax_categories
-    $scope.filterProducers = [{id: "0", name: ""}].concat $scope.producers
-    $scope.filterTaxons = [{id: "0", name: ""}].concat $scope.taxons
+  $scope.onHand = (product) ->
+    onHand = 0
+    if product.hasOwnProperty("variants") and product.variants instanceof Object
+      for id, variant of product.variants
+        onHand = onHand + parseInt(if variant.on_hand > 0 then variant.on_hand else 0)
+    else
+      onHand = "error"
+    onHand
+
+  $scope.shiftTab = (tab) ->
+    $scope.visibleTab.visible = false unless $scope.visibleTab == tab || $scope.visibleTab == undefined
+    tab.visible = !tab.visible
+    $scope.visibleTab = tab
+
+  $scope.resetSelectFilters = ->
+    $scope.query = ""
     $scope.producerFilter = "0"
     $scope.categoryFilter = "0"
     $scope.importDateFilter = "0"
-    $scope.products = BulkProducts.products
-    $scope.filteredProducts = []
-    $scope.currentFilters = []
-    $scope.limit = 15
-    $scope.query = ""
-    $scope.DisplayProperties = DisplayProperties
 
-    $scope.initialise = ->
-      SpreeApiAuth.authorise()
-      .then ->
-        $scope.spree_api_key_ok = true
-        $scope.fetchProducts()
-      .catch (message) ->
-        $scope.api_error_msg = message
-
-    $scope.$watchCollection '[query, producerFilter, categoryFilter, importDateFilter]', ->
-      $scope.limit = 15 # Reset limit whenever searching
-
-    $scope.fetchProducts = ->
-      $scope.loading = true
-      $scope.loadingAllPages = true
-      BulkProducts.fetch($scope.currentFilters, ->
-        $scope.loadingAllPages = false
-      ).then ->
-        $scope.resetProducts()
-        $scope.loading = false
-
-    $timeout ->
-      if $scope.showLatestImport
-        $scope.importDateFilter = $scope.importDates[1].id
-
-    $scope.resetProducts = ->
-      DirtyProducts.clear()
-      StatusMessage.clear()
-
-    $scope.updateOnHand = (product) ->
-      on_demand_variants = []
-      if product.variants
-        on_demand_variants = (variant for id, variant of product.variants when variant.on_demand)
-
-      unless product.on_demand || on_demand_variants.length > 0
-        product.on_hand = $scope.onHand(product)
+  $scope.editWarn = (product, variant) ->
+    if (DirtyProducts.count() > 0 and confirm(t("unsaved_changes_confirmation"))) or (DirtyProducts.count() == 0)
+      window.location = "/admin/products/" + product.permalink_live + ((if variant then "/variants/" + variant.id else "")) + "/edit"
 
 
-    $scope.onHand = (product) ->
-      onHand = 0
-      if product.hasOwnProperty("variants") and product.variants instanceof Object
-        for id, variant of product.variants
-          onHand = onHand + parseInt(if variant.on_hand > 0 then variant.on_hand else 0)
-      else
-        onHand = "error"
-      onHand
+  $scope.toggleShowAllVariants = ->
+    showVariants = !DisplayProperties.showVariants 0
+    $scope.products.forEach (product) ->
+      DisplayProperties.setShowVariants product.id, showVariants
+    DisplayProperties.setShowVariants 0, showVariants
 
-    $scope.shiftTab = (tab) ->
-      $scope.visibleTab.visible = false unless $scope.visibleTab == tab || $scope.visibleTab == undefined
-      tab.visible = !tab.visible
-      $scope.visibleTab = tab
-
-    $scope.resetSelectFilters = ->
-      $scope.query = ""
-      $scope.producerFilter = "0"
-      $scope.categoryFilter = "0"
-      $scope.importDateFilter = "0"
-
-    $scope.editWarn = (product, variant) ->
-      if (DirtyProducts.count() > 0 and confirm(t("unsaved_changes_confirmation"))) or (DirtyProducts.count() == 0)
-        window.location = "/admin/products/" + product.permalink_live + ((if variant then "/variants/" + variant.id else "")) + "/edit"
+  $scope.addVariant = (product) ->
+    product.variants.push
+      id: $scope.nextVariantId()
+      unit_value: null
+      unit_description: null
+      on_demand: false
+      display_as: null
+      display_name: null
+      on_hand: null
+      price: null
+    DisplayProperties.setShowVariants product.id, true
 
 
-    $scope.toggleShowAllVariants = ->
-      showVariants = !DisplayProperties.showVariants 0
-      $scope.filteredProducts.forEach (product) ->
-        DisplayProperties.setShowVariants product.id, showVariants
-      DisplayProperties.setShowVariants 0, showVariants
+  $scope.nextVariantId = ->
+    $scope.variantIdCounter = 0 unless $scope.variantIdCounter?
+    $scope.variantIdCounter -= 1
+    $scope.variantIdCounter
 
-    $scope.addVariant = (product) ->
-      product.variants.push
-        id: $scope.nextVariantId()
-        unit_value: null
-        unit_description: null
-        on_demand: false
-        display_as: null
-        display_name: null
-        on_hand: null
-        price: null
-      DisplayProperties.setShowVariants product.id, true
-
-
-    $scope.nextVariantId = ->
-      $scope.variantIdCounter = 0 unless $scope.variantIdCounter?
-      $scope.variantIdCounter -= 1
-      $scope.variantIdCounter
-
-    $scope.deleteProduct = (product) ->
-      if confirm("Are you sure?")
-        $http(
-          method: "DELETE"
-          url: "/api/products/" + product.id + "/soft_delete"
-        ).success (data) ->
-          $scope.products.splice $scope.products.indexOf(product), 1
-          DirtyProducts.deleteProduct product.id
-          $scope.displayDirtyProducts()
-
-
-    $scope.deleteVariant = (product, variant) ->
-      if product.variants.length > 1
-        if !$scope.variantSaved(variant)
-          $scope.removeVariant(product, variant)
-        else
-          if confirm(t("are_you_sure"))
-            $http(
-              method: "DELETE"
-              url: "/api/products/" + product.permalink_live + "/variants/" + variant.id + "/soft_delete"
-            ).success (data) ->
-              $scope.removeVariant(product, variant)
-      else
-        alert(t("delete_product_variant"))
-
-    $scope.removeVariant = (product, variant) ->
-      product.variants.splice product.variants.indexOf(variant), 1
-      DirtyProducts.deleteVariant product.id, variant.id
-      $scope.displayDirtyProducts()
-
-
-    $scope.cloneProduct = (product) ->
-      BulkProducts.cloneProduct product
-
-    $scope.hasVariants = (product) ->
-      product.variants.length > 0
-
-
-    $scope.hasUnit = (product) ->
-      product.variant_unit_with_scale?
-
-
-    $scope.variantSaved = (variant) ->
-      variant.hasOwnProperty('id') && variant.id > 0
-
-
-    $scope.hasOnDemandVariants = (product) ->
-      (variant for id, variant of product.variants when variant.on_demand).length > 0
-
-
-    $scope.submitProducts = ->
-      # Pack pack $scope.products, so they will match the list returned from the server,
-      # then pack $scope.dirtyProducts, ensuring that the correct product info is sent to the server.
-      $scope.packProduct product for id, product of $scope.products
-      $scope.packProduct product for id, product of DirtyProducts.all()
-
-      productsToSubmit = filterSubmitProducts(DirtyProducts.all())
-      if productsToSubmit.length > 0
-        $scope.updateProducts productsToSubmit # Don't submit an empty list
-      else
-        StatusMessage.display 'alert', t("products_change")
-
-
-    $scope.updateProducts = (productsToSubmit) ->
-      $scope.displayUpdating()
+  $scope.deleteProduct = (product) ->
+    if confirm("Are you sure?")
       $http(
-        method: "POST"
-        url: "/admin/products/bulk_update"
-        data:
-          products: productsToSubmit
-          filters: $scope.currentFilters
-      ).success((data) ->
-        DirtyProducts.clear()
-        BulkProducts.updateVariantLists(data.products || [])
-        $timeout -> $scope.displaySuccess()
-      ).error (data, status) ->
-        if status == 400 && data.errors? && data.errors.length > 0
-          errors = error + "\n" for error in data.errors
-          alert t("products_update_error") + "\n" + errors
-          $scope.displayFailure t("products_update_error")
-        else
-          $scope.displayFailure t("products_update_error_data") + status
+        method: "DELETE"
+        url: "/api/products/" + product.id + "/soft_delete"
+      ).success (data) ->
+        $scope.products.splice $scope.products.indexOf(product), 1
+        DirtyProducts.deleteProduct product.id
+        $scope.displayDirtyProducts()
 
-    $scope.cancel = (destination) ->
-      $window.location = destination
 
-    $scope.packProduct = (product) ->
-      if product.variant_unit_with_scale
-        match = product.variant_unit_with_scale.match(/^([^_]+)_([\d\.]+)$/)
-        if match
-          product.variant_unit = match[1]
-          product.variant_unit_scale = parseFloat(match[2])
-        else
-          product.variant_unit = product.variant_unit_with_scale
-          product.variant_unit_scale = null
+  $scope.deleteVariant = (product, variant) ->
+    if product.variants.length > 1
+      if !$scope.variantSaved(variant)
+        $scope.removeVariant(product, variant)
       else
-        product.variant_unit = product.variant_unit_scale = null
+        if confirm(t("are_you_sure"))
+          $http(
+            method: "DELETE"
+            url: "/api/products/" + product.permalink_live + "/variants/" + variant.id + "/soft_delete"
+          ).success (data) ->
+            $scope.removeVariant(product, variant)
+    else
+      alert(t("delete_product_variant"))
 
-      $scope.packVariant product, product.master if product.master
-
-      if product.variants
-        for id, variant of product.variants
-          $scope.packVariant product, variant
+  $scope.removeVariant = (product, variant) ->
+    product.variants.splice product.variants.indexOf(variant), 1
+    DirtyProducts.deleteVariant product.id, variant.id
+    $scope.displayDirtyProducts()
 
 
-    $scope.packVariant = (product, variant) ->
-      if variant.hasOwnProperty("unit_value_with_description")
-        match = variant.unit_value_with_description.match(/^([\d\.]+(?= |$)|)( |)(.*)$/)
-        if match
-          product = BulkProducts.find product.id
-          variant.unit_value  = parseFloat(match[1])
-          variant.unit_value  = null if isNaN(variant.unit_value)
-          variant.unit_value *= product.variant_unit_scale if variant.unit_value && product.variant_unit_scale
-          variant.unit_description = match[3]
+  $scope.cloneProduct = (product) ->
+    BulkProducts.cloneProduct product
 
-    $scope.incrementLimit = ->
-      if $scope.limit < $scope.products.length
-        $scope.limit = $scope.limit + 5
+  $scope.hasVariants = (product) ->
+    product.variants.length > 0
 
 
-    $scope.displayUpdating = ->
-      StatusMessage.display 'progress', t("saving")
+  $scope.hasUnit = (product) ->
+    product.variant_unit_with_scale?
 
 
-    $scope.displaySuccess = ->
-      StatusMessage.display 'success',t("products_changes_saved")
-      $scope.bulk_product_form.$setPristine()
+  $scope.variantSaved = (variant) ->
+    variant.hasOwnProperty('id') && variant.id > 0
 
 
-    $scope.displayFailure = (failMessage) ->
-      StatusMessage.display  'failure', t("products_update_error_msg") + "#{failMessage}"
+  $scope.hasOnDemandVariants = (product) ->
+    (variant for id, variant of product.variants when variant.on_demand).length > 0
 
 
-    $scope.displayDirtyProducts = ->
-      count = DirtyProducts.count()
-      switch count
-        when 0 then StatusMessage.clear()
-        when 1 then StatusMessage.display 'notice', t("one_product_unsaved")
-        else StatusMessage.display 'notice', t("products_unsaved", n: count)
+  $scope.submitProducts = ->
+    # Pack pack $scope.products, so they will match the list returned from the server,
+    # then pack $scope.dirtyProducts, ensuring that the correct product info is sent to the server.
+    $scope.packProduct product for id, product of $scope.products
+    $scope.packProduct product for id, product of DirtyProducts.all()
+
+    productsToSubmit = filterSubmitProducts(DirtyProducts.all())
+    if productsToSubmit.length > 0
+      $scope.updateProducts productsToSubmit # Don't submit an empty list
+    else
+      StatusMessage.display 'alert', t("products_change")
+
+
+  $scope.updateProducts = (productsToSubmit) ->
+    $scope.displayUpdating()
+    $http(
+      method: "POST"
+      url: "/admin/products/bulk_update"
+      data:
+        products: productsToSubmit
+        filters:
+          'q[name_cont]': $scope.query
+          'q[supplier_id_eq]': $scope.producerFilter
+          'q[primary_taxon_id_eq]': $scope.categoryFilter
+          import_date: $scope.importDateFilter
+        page: $scope.page
+        per_page: $scope.per_page
+    ).success((data) ->
+      DirtyProducts.clear()
+      BulkProducts.updateVariantLists(data.products || [])
+      $timeout -> $scope.displaySuccess()
+    ).error (data, status) ->
+      if status == 400 && data.errors? && data.errors.length > 0
+        errors = error + "\n" for error in data.errors
+        alert t("products_update_error") + "\n" + errors
+        $scope.displayFailure t("products_update_error")
+      else
+        $scope.displayFailure t("products_update_error_data") + status
+
+  $scope.cancel = (destination) ->
+    $window.location = destination
+
+  $scope.packProduct = (product) ->
+    if product.variant_unit_with_scale
+      match = product.variant_unit_with_scale.match(/^([^_]+)_([\d\.]+)$/)
+      if match
+        product.variant_unit = match[1]
+        product.variant_unit_scale = parseFloat(match[2])
+      else
+        product.variant_unit = product.variant_unit_with_scale
+        product.variant_unit_scale = null
+    else
+      product.variant_unit = product.variant_unit_scale = null
+
+    $scope.packVariant product, product.master if product.master
+
+    if product.variants
+      for id, variant of product.variants
+        $scope.packVariant product, variant
+
+
+  $scope.packVariant = (product, variant) ->
+    if variant.hasOwnProperty("unit_value_with_description")
+      match = variant.unit_value_with_description.match(/^([\d\.]+(?= |$)|)( |)(.*)$/)
+      if match
+        product = BulkProducts.find product.id
+        variant.unit_value  = parseFloat(match[1])
+        variant.unit_value  = null if isNaN(variant.unit_value)
+        variant.unit_value *= product.variant_unit_scale if variant.unit_value && product.variant_unit_scale
+        variant.unit_description = match[3]
+
+  $scope.incrementLimit = ->
+    if $scope.limit < $scope.products.length
+      $scope.limit = $scope.limit + 5
+
+
+  $scope.displayUpdating = ->
+    StatusMessage.display 'progress', t("saving")
+
+
+  $scope.displaySuccess = ->
+    StatusMessage.display 'success',t("products_changes_saved")
+    $scope.bulk_product_form.$setPristine()
+
+
+  $scope.displayFailure = (failMessage) ->
+    StatusMessage.display  'failure', t("products_update_error_msg") + "#{failMessage}"
+
+
+  $scope.displayDirtyProducts = ->
+    count = DirtyProducts.count()
+    switch count
+      when 0 then StatusMessage.clear()
+      when 1 then StatusMessage.display 'notice', t("one_product_unsaved")
+      else StatusMessage.display 'notice', t("products_unsaved", n: count)
 
 
 filterSubmitProducts = (productsToFilter) ->

app/assets/javascripts/admin/orders/controllers/orders_controller.js.coffee

@@ -23,7 +23,7 @@ angular.module("admin.orders").controller "ordersCtrl", ($scope, RequestMonitor,
 
   $scope.fetchResults = (page=1) ->
     $scope.resetSelected()
-    Orders.index({
+    params = {
       'q[completed_at_lt]': $scope['q']['completed_at_lt'],
       'q[completed_at_gt]': $scope['q']['completed_at_gt'],
       'q[state_eq]': $scope['q']['state_eq'],
@@ -39,7 +39,8 @@ angular.module("admin.orders").controller "ordersCtrl", ($scope, RequestMonitor,
       'q[s]': $scope.sorting || 'completed_at desc',
       per_page: $scope.per_page,
       page: page
-    })
+    }
+    RequestMonitor.load(Orders.index(params).$promise)
 
   $scope.resetSelected = ->
     $scope.selected_orders.length = 0

app/assets/javascripts/admin/products/directives/set_variant_on_demand.js.coffee

@@ -0,0 +1,19 @@
+angular.module("admin.products").directive "setOnDemand", ->
+  link: (scope, element, attr) ->
+    onHand = element.context.querySelector("#variant_on_hand")
+    onDemand = element.context.querySelector("#variant_on_demand")
+
+    disableOnHandIfOnDemand = ->
+      if onDemand.checked
+        onHand.disabled = 'disabled'
+        onHand.dataStock = onHand.value
+        onHand.value = t('admin.products.variants.infinity')
+
+    disableOnHandIfOnDemand()
+
+    onDemand.addEventListener 'change', (event) ->
+      disableOnHandIfOnDemand()
+
+      if !onDemand.checked
+        onHand.removeAttribute('disabled')
+        onHand.value = onHand.dataStock

app/assets/javascripts/admin/resources/resources/product_resource.js.coffee

@@ -0,0 +1,6 @@
+angular.module("admin.resources").factory 'ProductResource', ($resource) ->
+  $resource('/admin/product/:id/:action.json', {}, {
+    'index':
+      url: '/api/products/bulk_products.json'
+      method: 'GET'
+  })

app/assets/javascripts/admin/services/bulk_products.js.coffee

@@ -1,15 +1,13 @@
-angular.module("ofn.admin").factory "BulkProducts", (PagedFetcher, dataFetcher, $http) ->
+angular.module("ofn.admin").factory "BulkProducts", (ProductResource, dataFetcher, $http) ->
   new class BulkProducts
     products: []
+    pagination: {}
 
-    fetch: (filters, onComplete) ->
-      queryString = filters.reduce (qs,f) ->
-        return qs + "q[#{f.property.db_column}_#{f.predicate.predicate}]=#{f.value};"
-      , ""
-
-      url = "/api/products/bulk_products?page=::page::;per_page=20;#{queryString}"
-      processData = (data) => @addProducts data.products
-      PagedFetcher.fetch url, processData, onComplete
+    fetch: (params) ->
+      ProductResource.index params, (data) =>
+        @products.length = 0
+        @addProducts data.products
+        angular.extend(@pagination, data.pagination)
 
     cloneProduct: (product) ->
       $http.post("/api/products/" + product.id + "/clone").success (data) =>

app/assets/javascripts/admin/utils/directives/variant_autocomplete.js.coffee

@@ -27,8 +27,6 @@ angular.module("admin.utils").directive "variantAutocomplete", ($timeout) ->
               window.variants = data # this is how spree auto complete JS code picks up variants
               results: data
           formatResult: (variant) ->
-            if variant["images"][0] != undefined && variant["images"][0].image != undefined
-              variant.image = variant.images[0].image.mini_url
             variantTemplate variant: variant
           formatSelection: (variant) ->
             element.parent().children(".options_placeholder").html variant.options_text

app/assets/javascripts/darkswarm/directives/cart_popover.js.coffee

@@ -1,8 +0,0 @@
-Darkswarm.directive "cart", ->
-  # Toggles visibility of the "cart" popover
-  restrict: 'A'
-  link: (scope, elem, attr)->
-    scope.open = false
-    elem.bind 'click', ->
-      scope.$apply ->
-        scope.open = !scope.open

app/assets/javascripts/darkswarm/directives/cart_toggle.js.coffee

@@ -0,0 +1,19 @@
+Darkswarm.directive "cartToggle", ($document) ->
+  # Toggles visibility of the "cart" popover
+  restrict: 'A'
+  link: (scope, elem, attr)->
+    scope.open = false
+
+    $document.bind 'click', (event) ->
+      cart_button = elem[0]
+      element_and_parents = [event.target, event.target.parentElement, event.target.parentElement.parentElement]
+      cart_button_clicked = (element_and_parents.indexOf(cart_button) != -1)
+
+      if cart_button_clicked
+        scope.$apply ->
+          scope.open = !scope.open
+      else
+        scope.$apply ->
+          scope.open = false
+
+      return

app/assets/javascripts/darkswarm/filters/dates.js.coffee

@@ -1,10 +1,15 @@
+@API_DATETIME_FORMAT = "YYYY-MM-DD HH:mm:SS Z"
+
 Darkswarm.filter "date_in_words", ->
-  (date) ->
-    moment(date).fromNow()
+  (date, dateFormat) ->
+    dateFormat ?= @API_DATETIME_FORMAT
+    moment(date, dateFormat).fromNow()
 
 Darkswarm.filter "sensible_timeframe", (date_in_wordsFilter)->
-  (date) ->
-    if moment().add(2, 'days') < moment(date)
+  (date, dateFormat) ->
+    dateFormat ?= @API_DATETIME_FORMAT
+
+    if moment().add(2, 'days') < moment(date, dateFormat)
       t 'orders_open'
     else
       t('closing') + date_in_wordsFilter(date)

app/assets/stylesheets/admin/pages/subscription_line_items.css.scss

@@ -0,0 +1,11 @@
+.add-line-item {
+  fieldset {
+    .vertical-align-top {
+      vertical-align: top;
+    }
+
+    .actions {
+      padding-top: 18px;
+    }
+  }
+}

app/assets/stylesheets/admin/select2.css.scss

@@ -3,7 +3,7 @@
 .select2-container {
   .select2-choice {
     .select2-search-choice-close {
-      display: none;
+      display: none !important;
     }
     .select2-arrow {
       width: 22px;

app/assets/stylesheets/darkswarm/branding.css.scss

@@ -35,5 +35,6 @@ $med-grey: #666;
 $med-drk-grey: #444;
 $dark-grey: #333;
 $light-grey: #ddd;
+$light-grey-transparency: rgba(0, 0, 0, .1);
 $black: #000;
 $white: #fff;

app/assets/stylesheets/darkswarm/menu.css.scss

@@ -42,7 +42,7 @@ nav.top-bar {
 }
 
 .top-bar-section {
-  border-bottom: 1px solid $ofn-grey;
+  border-bottom: 1px solid $light-grey-transparency;
 
   a.icon {
     &:hover {
@@ -170,9 +170,10 @@ nav.top-bar {
 
 .tab-bar {
   background-color: white;
+  border-bottom: 1px solid $light-grey-transparency;
+  height: 2.8em;
   position: fixed;
   width: 100%;
-  height: 2.8em;
   z-index: 1;
 
   .cart-span {

app/assets/stylesheets/darkswarm/shopping-cart.css.scss

@@ -1,6 +1,7 @@
 @import "mixins";
 @import "branding";
 @import "compass/css3/user-interface";
+@import 'variables';
 
 .cart {
   @include user-select(none);
@@ -15,8 +16,8 @@
 
   .joyride-tip-guide {
     display: block;
-    right: 10px;
-    top: 55px;
+    right: 0;
+    top: $topbar-height;
     width: 480px;
 
     @media screen and (min-width: 641px) {

app/controllers/admin/subscriptions_controller.rb

@@ -1,4 +1,5 @@
 require 'open_food_network/permissions'
+require 'open_food_network/proxy_order_syncer'
 
 module Admin
   class SubscriptionsController < ResourceController
@@ -32,21 +33,11 @@ module Admin
     end
 
     def create
-      form = SubscriptionForm.new(@subscription, params[:subscription])
-      if form.save
-        render_as_json @subscription
-      else
-        render json: { errors: form.json_errors }, status: :unprocessable_entity
-      end
+      save_form_and_render(false)
     end
 
     def update
-      form = SubscriptionForm.new(@subscription, params[:subscription])
-      if form.save
-        render_as_json @subscription, order_update_issues: form.order_update_issues
-      else
-        render json: { errors: form.json_errors }, status: :unprocessable_entity
-      end
+      save_form_and_render
     end
 
     def cancel
@@ -67,12 +58,26 @@ module Admin
     end
 
     def unpause
-      @subscription.update_attributes(paused_at: nil)
-      render_as_json @subscription
+      params[:subscription][:paused_at] = nil
+      save_form_and_render
     end
 
     private
 
+    def save_form_and_render(render_issues = true)
+      form = SubscriptionForm.new(@subscription, params[:subscription])
+      unless form.save
+        render json: { errors: form.json_errors }, status: :unprocessable_entity
+        return
+      end
+
+      if render_issues
+        render_as_json @subscription, order_update_issues: form.order_update_issues
+      else
+        render_as_json @subscription
+      end
+    end
+
     def permissions
       return @permissions unless @permissions.nil?
       @permissions = OpenFoodNetwork::Permissions.new(spree_current_user)

app/controllers/admin/tag_rules_controller.rb

@@ -9,8 +9,8 @@ module Admin
     def map_by_tag
       respond_to do |format|
         format.json do
-          serialiser = ActiveModel::ArraySerializer.new(collection)
-          render json: serialiser.to_json
+          serializer = ActiveModel::ArraySerializer.new(collection)
+          render json: serializer.to_json
         end
       end
     end

app/controllers/api/product_images_controller.rb

@@ -1,5 +1,5 @@
 module Api
-  class ProductImagesController < Spree::Api::BaseController
+  class ProductImagesController < BaseController
     respond_to :json
 
     def update_product_image
@@ -8,11 +8,11 @@ module Api
 
       if @product.images.first.nil?
         @image = Spree::Image.create(attachment: params[:file], viewable_id: @product.master.id, viewable_type: 'Spree::Variant')
-        respond_with(@image, status: 201)
+        render json: @image, serializer: ImageSerializer, status: :created
       else
         @image = @product.images.first
         @image.update_attributes(attachment: params[:file])
-        respond_with(@image, status: 200)
+        render json: @image, serializer: ImageSerializer, status: :ok
       end
     end
   end

app/controllers/api/products_controller.rb

@@ -0,0 +1,146 @@
+require 'open_food_network/permissions'
+
+module Api
+  class ProductsController < Api::BaseController
+    respond_to :json
+    DEFAULT_PAGE = 1
+    DEFAULT_PER_PAGE = 15
+
+    skip_authorization_check only: [:show, :bulk_products, :overridable]
+
+    def show
+      @product = find_product(params[:id])
+      render json: @product, serializer: Api::Admin::ProductSerializer
+    end
+
+    def create
+      authorize! :create, Spree::Product
+      params[:product][:available_on] ||= Time.zone.now
+      @product = Spree::Product.new(params[:product])
+      begin
+        if @product.save
+          render json: @product, serializer: Api::Admin::ProductSerializer, status: 201
+        else
+          invalid_resource!(@product)
+        end
+      rescue ActiveRecord::RecordNotUnique
+        @product.permalink = nil
+        retry
+      end
+    end
+
+    def update
+      authorize! :update, Spree::Product
+      @product = find_product(params[:id])
+      if @product.update_attributes(params[:product])
+        render json: @product, serializer: Api::Admin::ProductSerializer, status: 200
+      else
+        invalid_resource!(@product)
+      end
+    end
+
+    def destroy
+      authorize! :delete, Spree::Product
+      @product = find_product(params[:id])
+      @product.update_attribute(:deleted_at, Time.zone.now)
+      @product.variants_including_master.update_all(deleted_at: Time.zone.now)
+      render json: @product, serializer: Api::Admin::ProductSerializer, status: 204
+    end
+
+    # TODO: This should be named 'managed'. Is the action above used? Maybe we should remove it.
+    def bulk_products
+      product_query = OpenFoodNetwork::Permissions.new(current_api_user).
+        editable_products.merge(product_scope)
+
+      if params[:import_date].present?
+        product_query = product_query.imported_on(params[:import_date]).group_by_products_id
+      end
+
+      @products = product_query.order('created_at DESC').
+        ransack(params[:q]).result.
+        page(params[:page] || DEFAULT_PAGE).per(params[:per_page] || DEFAULT_PER_PAGE)
+
+      render_paged_products @products
+    end
+
+    def overridable
+      producers = OpenFoodNetwork::Permissions.new(current_api_user).
+        variant_override_producers.by_name
+
+      @products = paged_products_for_producers producers
+
+      render_paged_products @products
+    end
+
+    def soft_delete
+      authorize! :delete, Spree::Product
+      @product = find_product(params[:product_id])
+      authorize! :delete, @product
+      @product.destroy
+      render json: @product, serializer: Api::Admin::ProductSerializer, status: 204
+    end
+
+    # POST /api/products/:product_id/clone
+    #
+    def clone
+      authorize! :create, Spree::Product
+      original_product = find_product(params[:product_id])
+      authorize! :update, original_product
+
+      @product = original_product.duplicate
+
+      render json: @product, serializer: Api::Admin::ProductSerializer, status: 201
+    end
+
+    private
+
+    # Copied and modified from SpreeApi::BaseController to allow
+    # enterprise users to access inactive products
+    def product_scope
+      # This line modified
+      if current_api_user.has_spree_role?("admin") || current_api_user.enterprises.present?
+        scope = Spree::Product
+        if params[:show_deleted]
+          scope = scope.with_deleted
+        end
+      else
+        scope = Spree::Product.active
+      end
+
+      scope.includes(:master)
+    end
+
+    def paged_products_for_producers(producers)
+      Spree::Product.scoped.
+        merge(product_scope).
+        where(supplier_id: producers).
+        by_producer.by_name.
+        ransack(params[:q]).result.
+        page(params[:page]).per(params[:per_page])
+    end
+
+    def render_paged_products(products)
+      serializer = ActiveModel::ArraySerializer.new(
+        products,
+        each_serializer: ::Api::Admin::ProductSerializer
+      )
+
+      render text: {
+        products: serializer,
+        # This line is used by the PagedFetcher JS service (inventory).
+        pages: products.num_pages,
+        # This hash is used by the BulkProducts JS service.
+        pagination: pagination_data(products)
+      }.to_json
+    end
+
+    def pagination_data(results)
+      {
+        results: results.total_count,
+        pages: results.num_pages,
+        page: (params[:page] || DEFAULT_PAGE).to_i,
+        per_page: (params[:per_page] || DEFAULT_PER_PAGE).to_i
+      }
+    end
+  end
+end

app/controllers/api/shipments_controller.rb

@@ -0,0 +1,105 @@
+require 'open_food_network/scope_variant_to_hub'
+
+module Api
+  class ShipmentsController < Api::BaseController
+    respond_to :json
+
+    before_filter :find_order
+    before_filter :find_and_update_shipment, only: [:ship, :ready, :add, :remove]
+
+    def create
+      variant = scoped_variant(params[:variant_id])
+      quantity = params[:quantity].to_i
+      @shipment = get_or_create_shipment(params[:stock_location_id])
+
+      @order.contents.add(variant, quantity, nil, @shipment)
+
+      @shipment.refresh_rates
+      @shipment.save!
+
+      render json: @shipment.reload, serializer: Api::ShipmentSerializer, status: :ok
+    end
+
+    def update
+      authorize! :read, Spree::Shipment
+      @shipment = @order.shipments.find_by_number!(params[:id])
+      params[:shipment] ||= []
+      unlock = params[:shipment].delete(:unlock)
+
+      if unlock == 'yes'
+        @shipment.adjustment.open
+      end
+
+      @shipment.update_attributes(params[:shipment])
+
+      if unlock == 'yes'
+        @shipment.adjustment.close
+      end
+
+      render json: @shipment.reload, serializer: Api::ShipmentSerializer, status: :ok
+    end
+
+    def ready
+      authorize! :read, Spree::Shipment
+      unless @shipment.ready?
+        if @shipment.can_ready?
+          @shipment.ready!
+        else
+          render(json: { error: I18n.t(:cannot_ready, scope: "spree.api.shipment") },
+                 status: :unprocessable_entity) && return
+        end
+      end
+      render json: @shipment, serializer: Api::ShipmentSerializer, status: :ok
+    end
+
+    def ship
+      authorize! :read, Spree::Shipment
+      unless @shipment.shipped?
+        @shipment.ship!
+      end
+      render json: @shipment, serializer: Api::ShipmentSerializer, status: :ok
+    end
+
+    def add
+      variant = scoped_variant(params[:variant_id])
+      quantity = params[:quantity].to_i
+
+      @order.contents.add(variant, quantity, nil, @shipment)
+
+      render json: @shipment, serializer: Api::ShipmentSerializer, status: :ok
+    end
+
+    def remove
+      variant = scoped_variant(params[:variant_id])
+      quantity = params[:quantity].to_i
+
+      @order.contents.remove(variant, quantity, @shipment)
+      @shipment.reload if @shipment.persisted?
+
+      render json: @shipment, serializer: Api::ShipmentSerializer, status: :ok
+    end
+
+    private
+
+    def find_order
+      @order = Spree::Order.find_by_number!(params[:order_id])
+      authorize! :read, @order
+    end
+
+    def find_and_update_shipment
+      @shipment = @order.shipments.find_by_number!(params[:id])
+      @shipment.update_attributes(params[:shipment])
+      @shipment.reload
+    end
+
+    def scoped_variant(variant_id)
+      variant = Spree::Variant.find(variant_id)
+      OpenFoodNetwork::ScopeVariantToHub.new(@order.distributor).scope(variant)
+      variant
+    end
+
+    def get_or_create_shipment(stock_location_id)
+      @order.shipment || @order.shipments.create(stock_location_id: stock_location_id)
+    end
+  end
+end

app/controllers/api/taxonomies_controller.rb

@@ -0,0 +1,12 @@
+module Api
+  class TaxonomiesController < Api::BaseController
+    respond_to :json
+
+    skip_authorization_check only: :jstree
+
+    def jstree
+      @taxonomy = Spree::Taxonomy.find(params[:id])
+      render json: @taxonomy.root, serializer: Api::TaxonJstreeSerializer
+    end
+  end
+end

app/controllers/api/taxons_controller.rb

@@ -0,0 +1,71 @@
+module Api
+  class TaxonsController < Api::BaseController
+    respond_to :json
+
+    skip_authorization_check only: [:index, :show, :jstree]
+
+    def index
+      if taxonomy
+        @taxons = taxonomy.root.children
+      else
+        if params[:ids]
+          @taxons = Spree::Taxon.where(id: params[:ids].split(","))
+        else
+          @taxons = Spree::Taxon.ransack(params[:q]).result
+        end
+      end
+      render json: @taxons, each_serializer: Api::TaxonSerializer
+    end
+
+    def jstree
+      @taxon = taxon
+      render json: @taxon.children, each_serializer: Api::TaxonJstreeSerializer
+    end
+
+    def create
+      authorize! :create, Spree::Taxon
+      @taxon = Spree::Taxon.new(params[:taxon])
+      @taxon.taxonomy_id = params[:taxonomy_id]
+      taxonomy = Spree::Taxonomy.find_by_id(params[:taxonomy_id])
+
+      if taxonomy.nil?
+        @taxon.errors[:taxonomy_id] = I18n.t(:invalid_taxonomy_id, scope: 'spree.api')
+        invalid_resource!(@taxon) && return
+      end
+
+      @taxon.parent_id = taxonomy.root.id unless params[:taxon][:parent_id]
+
+      if @taxon.save
+        render json: @taxon, serializer: Api::TaxonSerializer, status: :created
+      else
+        invalid_resource!(@taxon)
+      end
+    end
+
+    def update
+      authorize! :update, Spree::Taxon
+      if taxon.update_attributes(params[:taxon])
+        render json: taxon, serializer: Api::TaxonSerializer, status: :ok
+      else
+        invalid_resource!(taxon)
+      end
+    end
+
+    def destroy
+      authorize! :delete, Spree::Taxon
+      taxon.destroy
+      render json: taxon, serializer: Api::TaxonSerializer, status: :no_content
+    end
+
+    private
+
+    def taxonomy
+      return if params[:taxonomy_id].blank?
+      @taxonomy ||= Spree::Taxonomy.find(params[:taxonomy_id])
+    end
+
+    def taxon
+      @taxon ||= taxonomy.taxons.find(params[:id])
+    end
+  end
+end

app/controllers/api/variants_controller.rb

@@ -0,0 +1,79 @@
+module Api
+  class VariantsController < Api::BaseController
+    respond_to :json
+
+    skip_authorization_check only: [:index, :show]
+    before_filter :product
+
+    def index
+      @variants = scope.includes(:option_values).ransack(params[:q]).result
+      render json: @variants, each_serializer: Api::VariantSerializer
+    end
+
+    def show
+      @variant = scope.includes(:option_values).find(params[:id])
+      render json: @variant, serializer: Api::VariantSerializer
+    end
+
+    def create
+      authorize! :create, Spree::Variant
+      @variant = scope.new(params[:variant])
+      if @variant.save
+        render json: @variant, serializer: Api::VariantSerializer, status: 201
+      else
+        invalid_resource!(@variant)
+      end
+    end
+
+    def update
+      authorize! :update, Spree::Variant
+      @variant = scope.find(params[:id])
+      if @variant.update_attributes(params[:variant])
+        render json: @variant, serializer: Api::VariantSerializer, status: 200
+      else
+        invalid_resource!(@product)
+      end
+    end
+
+    def soft_delete
+      @variant = scope.find(params[:variant_id])
+      authorize! :delete, @variant
+
+      VariantDeleter.new.delete(@variant)
+      render json: @variant, serializer: Api::VariantSerializer, status: 204
+    end
+
+    def destroy
+      authorize! :delete, Spree::Variant
+      @variant = scope.find(params[:id])
+      @variant.destroy
+      render json: @variant, serializer: Api::VariantSerializer, status: 204
+    end
+
+    private
+
+    def product
+      @product ||= Spree::Product.find_by_permalink(params[:product_id]) if params[:product_id]
+    end
+
+    def scope
+      if @product
+        unless current_api_user.has_spree_role?("admin") || params[:show_deleted]
+          variants = @product.variants_including_master
+        else
+          variants = @product.variants_including_master.with_deleted
+        end
+      else
+        variants = Spree::Variant.scoped
+        if current_api_user.has_spree_role?("admin")
+          unless params[:show_deleted]
+            variants = Spree::Variant.active
+          end
+        else
+          variants = variants.active
+        end
+      end
+      variants
+    end
+  end
+end

app/controllers/checkout_controller.rb

@@ -152,7 +152,7 @@ class CheckoutController < Spree::CheckoutController
   end
 
   def update_failed
-    clear_ship_address
+    current_order.updater.shipping_address_from_distributor
     RestartCheckout.new(@order).call
 
     respond_to do |format|
@@ -165,15 +165,6 @@ class CheckoutController < Spree::CheckoutController
     end
   end
 
-  # When we have a pickup Shipping Method,
-  #   we clone the distributor address into ship_address before_save
-  # We don't want this data in the form, so we clear it out
-  def clear_ship_address
-    unless current_order.shipping_method.andand.require_ship_address
-      current_order.ship_address = Spree::Address.default
-    end
-  end
-
   def load_order
     @order = current_order
     redirect_to(main_app.shop_path) && return unless @order && @order.checkout_allowed?

app/controllers/shop_controller.rb

@@ -27,12 +27,12 @@ class ShopController < BaseController
       if oc = OrderCycle.with_distributor(@distributor).active.find_by_id(params[:order_cycle_id])
         current_order(true).set_order_cycle! oc
         @current_order_cycle = oc
-        render partial: "json/order_cycle"
+        render json: @current_order_cycle, serializer: Api::OrderCycleSerializer
       else
         render status: :not_found, json: ""
       end
     else
-      render partial: "json/order_cycle"
+      render json: current_order_cycle, serializer: Api::OrderCycleSerializer
     end
   end
 

app/controllers/spree/admin/base_controller_decorator.rb

@@ -61,7 +61,7 @@ Spree::Admin::BaseController.class_eval do
 
   def active_distributors_not_ready_for_checkout
     ocs = OrderCycle.managed_by(spree_current_user).active
-    distributors = ocs.map(&:distributors).flatten.uniq
+    distributors = ocs.includes(:distributors).map(&:distributors).flatten.uniq
     Enterprise.where('enterprises.id IN (?)', distributors).not_ready_for_checkout
   end
 

app/controllers/spree/admin/orders_controller_decorator.rb

@@ -3,7 +3,6 @@ require 'open_food_network/spree_api_key_loader'
 Spree::Admin::OrdersController.class_eval do
   include OpenFoodNetwork::SpreeApiKeyLoader
   helper CheckoutHelper
-  before_filter :load_spree_api_key, only: :bulk_management
   before_filter :load_order, only: %i[show edit update fire resend invoice print print_ticket]
 
   before_filter :load_distribution_choices, only: [:new, :edit, :update]
@@ -27,6 +26,10 @@ Spree::Admin::OrdersController.class_eval do
     # within the page then fetches the data it needs from Api::OrdersController
   end
 
+  def bulk_management
+    load_spree_api_key
+  end
+
   def edit
     @order.shipments.map &:refresh_rates
 

app/controllers/spree/admin/products_controller_decorator.rb

@@ -1,5 +1,6 @@
 require 'open_food_network/spree_api_key_loader'
 require 'open_food_network/referer_parser'
+require 'open_food_network/permissions'
 
 Spree::Admin::ProductsController.class_eval do
   include OpenFoodNetwork::SpreeApiKeyLoader
@@ -48,19 +49,13 @@ Spree::Admin::ProductsController.class_eval do
   end
 
   def bulk_update
-    collection_hash = Hash[params[:products].each_with_index.map { |p, i| [i, p] }]
-    product_set = Spree::ProductSet.new(collection_attributes: collection_hash)
-
-    params[:filters] ||= {}
-    bulk_index_query = params[:filters].reduce("") do |string, filter|
-      "#{string}q[#{filter[:property][:db_column]}_#{filter[:predicate][:predicate]}]=#{filter[:value]};"
-    end
+    product_set = product_set_from_params(params)
 
     # Ensure we're authorised to update all products
     product_set.collection.each { |p| authorize! :update, p }
 
     if product_set.save
-      redirect_to "/api/products/bulk_products?page=1;per_page=500;#{bulk_index_query}"
+      redirect_to main_app.bulk_products_api_products_path( bulk_index_query(params) )
     else
       if product_set.errors.present?
         render json: { errors: product_set.errors }, status: :bad_request
@@ -73,7 +68,8 @@ Spree::Admin::ProductsController.class_eval do
   protected
 
   def collection
-    # This method is copied directly from the spree product controller, except where we narrow the search below with the managed_by search to support
+    # This method is copied directly from the spree product controller
+    #   except where we narrow the search below with the managed_by search to support
     # enterprise users.
     # TODO: There has to be a better way!!!
     return @collection if @collection.present?
@@ -108,14 +104,32 @@ Spree::Admin::ProductsController.class_eval do
 
   private
 
+  def product_set_from_params(params)
+    collection_hash = Hash[params[:products].each_with_index.map { |p, i| [i, p] }]
+    Spree::ProductSet.new(collection_attributes: collection_hash)
+  end
+
+  def bulk_index_query(params)
+    params[:filters].to_h.merge(page: params[:page], per_page: params[:per_page])
+  end
+
   def load_form_data
-    @producers = OpenFoodNetwork::Permissions.new(spree_current_user).managed_product_enterprises.is_primary_producer.by_name
+    @producers = OpenFoodNetwork::Permissions.new(spree_current_user).
+      managed_product_enterprises.is_primary_producer.by_name
     @taxons = Spree::Taxon.order(:name)
     @import_dates = product_import_dates.uniq.to_json
   end
 
   def product_import_dates
-    import_dates = Spree::Variant.
+    options = [{ id: '0', name: '' }]
+    product_import_dates_query.collect(&:import_date).
+      map { |i| options.push(id: i.to_date, name: i.to_date.to_formatted_s(:long)) }
+
+    options
+  end
+
+  def product_import_dates_query
+    Spree::Variant.
       select('DISTINCT spree_variants.import_date').
       joins(:product).
       where('spree_products.supplier_id IN (?)', editable_enterprises.collect(&:id)).
@@ -123,18 +137,14 @@ Spree::Admin::ProductsController.class_eval do
       where(spree_variants: { is_master: false }).
       where(spree_variants: { deleted_at: nil }).
       order('spree_variants.import_date DESC')
-
-    options = [{ id: '0', name: '' }]
-    import_dates.collect(&:import_date).map { |i| options.push(id: i.to_date, name: i.to_date.to_formatted_s(:long)) }
-
-    options
   end
 
   def strip_new_properties
-    unless spree_current_user.admin? || params[:product][:product_properties_attributes].nil?
-      names = Spree::Property.pluck(:name)
-      params[:product][:product_properties_attributes].each do |key, property|
-        params[:product][:product_properties_attributes].delete key unless names.include? property[:property_name]
+    return if spree_current_user.admin? || params[:product][:product_properties_attributes].nil?
+    names = Spree::Property.pluck(:name)
+    params[:product][:product_properties_attributes].each do |key, property|
+      unless names.include? property[:property_name]
+        params[:product][:product_properties_attributes].delete key
       end
     end
   end
@@ -149,12 +159,32 @@ Spree::Admin::ProductsController.class_eval do
   end
 
   def set_stock_levels(product, on_hand, on_demand)
-    variant = product.master
-    if product.variants.any?
-      variant = product.variants.first
+    variant = product_variant(product)
+
+    begin
+      variant.on_demand = on_demand if on_demand.present?
+      variant.on_hand = on_hand.to_i if on_hand.present?
+    rescue StandardError => error
+      notify_bugsnag(error, product, variant)
+      raise error
+    end
+  end
+
+  def notify_bugsnag(error, product, variant)
+    Bugsnag.notify(error) do |report|
+      report.add_tab(:product, product.attributes)
+      report.add_tab(:product_error, product.errors.first) unless product.valid?
+      report.add_tab(:variant, variant.attributes)
+      report.add_tab(:variant_error, variant.errors.first) unless variant.valid?
+    end
+  end
+
+  def product_variant(product)
+    if product.variants.any?
+      product.variants.first
+    else
+      product.master
     end
-    variant.on_demand = on_demand if on_demand.present?
-    variant.on_hand = on_hand.to_i if on_hand.present?
   end
 
   def set_product_master_variant_price_to_zero

app/controllers/spree/admin/users_controller.rb

@@ -46,7 +46,12 @@ module Spree
             @user.spree_roles = roles.reject(&:blank?).collect{ |r| Spree::Role.find(r) }
           end
 
-          flash.now[:success] = Spree.t(:account_updated)
+          message = if new_email_unconfirmed?
+                      Spree.t(:email_updated)
+                    else
+                      Spree.t(:account_updated)
+                    end
+          flash.now[:success] = message
         end
         render :edit
       end
@@ -126,6 +131,10 @@ module Spree
       def load_roles
         @roles = Spree::Role.scoped
       end
+
+      def new_email_unconfirmed?
+        params[:user][:email] != @user.email
+      end
     end
   end
 end

app/controllers/spree/admin/variants_controller_decorator.rb

@@ -18,6 +18,7 @@ Spree::Admin::VariantsController.class_eval do
   def search
     scoper = OpenFoodNetwork::ScopeVariantsForSearch.new(params)
     @variants = scoper.search
+    render json: @variants, each_serializer: Api::Admin::VariantSerializer
   end
 
   def destroy

app/controllers/spree/api/base_controller.rb

@@ -0,0 +1,130 @@
+require_dependency 'spree/api/controller_setup'
+
+module Spree
+  module Api
+    class BaseController < ActionController::Metal
+      include Spree::Api::ControllerSetup
+      include Spree::Core::ControllerHelpers::SSL
+      include ::ActionController::Head
+
+      self.responder = Spree::Api::Responders::AppResponder
+
+      respond_to :json
+
+      attr_accessor :current_api_user
+
+      before_filter :set_content_type
+      before_filter :check_for_user_or_api_key, :if => :requires_authentication?
+      before_filter :authenticate_user
+      after_filter  :set_jsonp_format
+
+      rescue_from Exception, :with => :error_during_processing
+      rescue_from CanCan::AccessDenied, :with => :unauthorized
+      rescue_from ActiveRecord::RecordNotFound, :with => :not_found
+
+      helper Spree::Api::ApiHelpers
+
+      ssl_allowed
+
+      def set_jsonp_format
+        if params[:callback] && request.get?
+          self.response_body = "#{params[:callback]}(#{response_body})"
+          headers["Content-Type"] = 'application/javascript'
+        end
+      end
+
+      def map_nested_attributes_keys(klass, attributes)
+        nested_keys = klass.nested_attributes_options.keys
+        attributes.inject({}) do |h, (k, v)|
+          key = nested_keys.include?(k.to_sym) ? "#{k}_attributes" : k
+          h[key] = v
+          h
+        end.with_indifferent_access
+      end
+
+      private
+
+      def set_content_type
+        content_type = case params[:format]
+                       when "json"
+                         "application/json"
+                       when "xml"
+                         "text/xml"
+                       end
+        headers["Content-Type"] = content_type
+      end
+
+      def check_for_user_or_api_key
+        # User is already authenticated with Spree, make request this way instead.
+        return true if @current_api_user = try_spree_current_user ||
+                                           !requires_authentication?
+
+        return if api_key.present?
+        render("spree/api/errors/must_specify_api_key", status: :unauthorized) && return
+      end
+
+      def authenticate_user
+        return if @current_api_user
+
+        if requires_authentication? || api_key.present?
+          unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key.to_s)
+            render("spree/api/errors/invalid_api_key", status: :unauthorized) && return
+          end
+        else
+          # An anonymous user
+          @current_api_user = Spree.user_class.new
+        end
+      end
+
+      def unauthorized
+        render("spree/api/errors/unauthorized", status: :unauthorized) && return
+      end
+
+      def error_during_processing(exception)
+        render(text: { exception: exception.message }.to_json,
+               status: :unprocessable_entity) && return
+      end
+
+      def requires_authentication?
+        true
+      end
+
+      def not_found
+        render("spree/api/errors/not_found", status: :not_found) && return
+      end
+
+      def current_ability
+        Spree::Ability.new(current_api_user)
+      end
+
+      def invalid_resource!(resource)
+        @resource = resource
+        render "spree/api/errors/invalid_resource", status: :unprocessable_entity
+      end
+
+      def api_key
+        request.headers["X-Spree-Token"] || params[:token]
+      end
+      helper_method :api_key
+
+      def find_product(id)
+        product_scope.find_by_permalink!(id.to_s)
+      rescue ActiveRecord::RecordNotFound
+        product_scope.find(id)
+      end
+
+      def product_scope
+        if current_api_user.has_spree_role?("admin")
+          scope = Product
+          if params[:show_deleted]
+            scope = scope.with_deleted
+          end
+        else
+          scope = Product.active
+        end
+
+        scope.includes(:master)
+      end
+    end
+  end
+end

app/controllers/spree/api/line_items_controller_decorator.rb

@@ -1,13 +0,0 @@
-Spree::Api::LineItemsController.class_eval do
-  around_filter :apply_enterprise_fees_with_lock, only: :update
-
-  private
-
-  def apply_enterprise_fees_with_lock
-    authorize! :read, order
-    order.with_lock do
-      yield
-      order.update_distribution_charge!
-    end
-  end
-end

app/controllers/spree/api/products_controller_decorator.rb

@@ -1,86 +0,0 @@
-require 'open_food_network/permissions'
-
-Spree::Api::ProductsController.class_eval do
-  def managed
-    authorize! :admin, Spree::Product
-    authorize! :read, Spree::Product
-
-    @products = product_scope.ransack(params[:q]).result.managed_by(current_api_user).page(params[:page]).per(params[:per_page])
-    respond_with(@products, default_template: :index)
-  end
-
-  # TODO: This should be named 'managed'. Is the action above used? Maybe we should remove it.
-  def bulk_products
-    @products = OpenFoodNetwork::Permissions.new(current_api_user).editable_products.
-      merge(product_scope).
-      order('created_at DESC').
-      ransack(params[:q]).result.
-      page(params[:page]).per(params[:per_page])
-
-    render_paged_products @products
-  end
-
-  def overridable
-    producers = OpenFoodNetwork::Permissions.new(current_api_user).
-      variant_override_producers.by_name
-
-    @products = paged_products_for_producers producers
-
-    render_paged_products @products
-  end
-
-  def soft_delete
-    authorize! :delete, Spree::Product
-    @product = find_product(params[:product_id])
-    authorize! :delete, @product
-    @product.destroy
-    respond_with(@product, status: 204)
-  end
-
-  # POST /api/products/:product_id/clone
-  #
-  def clone
-    authorize! :create, Spree::Product
-    original_product = find_product(params[:product_id])
-    authorize! :update, original_product
-
-    @product = original_product.duplicate
-
-    respond_with(@product, status: 201, default_template: :show)
-  end
-
-  private
-
-  # Copied and modified from Spree::Api::BaseController to allow
-  # enterprise users to access inactive products
-  def product_scope
-    if current_api_user.has_spree_role?("admin") || current_api_user.enterprises.present? # This line modified
-      scope = Spree::Product
-      if params[:show_deleted]
-        scope = scope.with_deleted
-      end
-    else
-      scope = Spree::Product.active
-    end
-
-    scope.includes(:master)
-  end
-
-  def paged_products_for_producers(producers)
-    Spree::Product.scoped.
-      merge(product_scope).
-      where(supplier_id: producers).
-      by_producer.by_name.
-      ransack(params[:q]).result.
-      page(params[:page]).per(params[:per_page])
-  end
-
-  def render_paged_products(products)
-    serializer = ActiveModel::ArraySerializer.new(
-      products,
-      each_serializer: Api::Admin::ProductSerializer
-    )
-
-    render text: { products: serializer, pages: products.num_pages }.to_json
-  end
-end

app/controllers/spree/api/shipments_controller_decorator.rb

@@ -1,47 +0,0 @@
-require 'open_food_network/scope_variant_to_hub'
-
-Spree::Api::ShipmentsController.class_eval do
-  def create
-    variant = scoped_variant(params[:variant_id])
-    quantity = params[:quantity].to_i
-    @shipment = get_or_create_shipment(params[:stock_location_id])
-
-    @order.contents.add(variant, quantity, nil, @shipment)
-
-    @shipment.refresh_rates
-    @shipment.save!
-
-    respond_with(@shipment.reload, default_template: :show)
-  end
-
-  def add
-    variant = scoped_variant(params[:variant_id])
-    quantity = params[:quantity].to_i
-
-    @order.contents.add(variant, quantity, nil, @shipment)
-
-    respond_with(@shipment, default_template: :show)
-  end
-
-  def remove
-    variant = scoped_variant(params[:variant_id])
-    quantity = params[:quantity].to_i
-
-    @order.contents.remove(variant, quantity, @shipment)
-    @shipment.reload if @shipment.persisted?
-
-    respond_with(@shipment, default_template: :show)
-  end
-
-  private
-
-  def scoped_variant(variant_id)
-    variant = Spree::Variant.find(variant_id)
-    OpenFoodNetwork::ScopeVariantToHub.new(@order.distributor).scope(variant)
-    variant
-  end
-
-  def get_or_create_shipment(stock_location_id)
-    @order.shipment || @order.shipments.create(stock_location_id: stock_location_id)
-  end
-end

app/controllers/spree/api/variants_controller_decorator.rb

@@ -1,9 +0,0 @@
-Spree::Api::VariantsController.class_eval do
-  def soft_delete
-    @variant = scope.find(params[:variant_id])
-    authorize! :delete, @variant
-
-    VariantDeleter.new.delete(@variant)
-    respond_with @variant, status: 204
-  end
-end

app/controllers/spree/checkout_controller.rb

@@ -29,7 +29,7 @@ module Spree
 
     def load_order
       @order = current_order
-      redirect_to main_app.cart_path && return unless @order
+      redirect_to(main_app.cart_path) && return unless @order
 
       if params[:state]
         redirect_to checkout_state_path(@order.state) if @order.can_go_to_state?(params[:state])

app/controllers/spree/user_sessions_controller.rb

@@ -38,10 +38,6 @@ module Spree
       end
     end
 
-    def nav_bar
-      render partial: 'spree/shared/nav_bar'
-    end
-
     private
 
     def accurate_title

app/helpers/injection_helper.rb

@@ -61,6 +61,12 @@ module InjectionHelper
     inject_json_ams "currentOrder", current_order, Api::CurrentOrderSerializer, current_distributor: current_distributor, current_order_cycle: current_order_cycle
   end
 
+  def inject_current_order_cycle
+    serializer = Api::OrderCycleSerializer.new(current_order_cycle)
+    json = serializer.object.present? ? serializer.to_json : "{}"
+    render partial: "json/injection_ams", locals: { name: "orderCycleData", json: json }
+  end
+
   def inject_available_shipping_methods
     inject_json_ams "shippingMethods", available_shipping_methods,
                     Api::ShippingMethodSerializer, current_order: current_order

app/helpers/spree/admin/navigation_helper_decorator.rb

@@ -18,6 +18,7 @@ module Spree
         klass = Spree::Order if klass == :bulk_order_management
         klass = EnterpriseGroup if klass == :group
         klass = VariantOverride if klass == :Inventory
+        klass = ProductImport::ProductImporter if klass == :import
         klass = Spree::Admin::ReportsController if klass == :report
         klass
       end

app/helpers/spree/api/api_helpers.rb

@@ -0,0 +1,120 @@
+module Spree
+  module Api
+    module ApiHelpers
+      def required_fields_for(model)
+        required_fields = model._validators.select do |_field, validations|
+          validations.any? { |v| v.is_a?(ActiveModel::Validations::PresenceValidator) }
+        end.map(&:first) # get fields that are invalid
+        # Permalinks presence is validated, but are really automatically generated
+        # Therefore we shouldn't tell API clients that they MUST send one through
+        required_fields.map!(&:to_s).delete("permalink")
+        required_fields
+      end
+
+      def product_attributes
+        [:id, :name, :description, :price, :available_on, :permalink, :meta_description,
+         :meta_keywords, :shipping_category_id, :taxon_ids]
+      end
+
+      def product_property_attributes
+        [:id, :product_id, :property_id, :value, :property_name]
+      end
+
+      def variant_attributes
+        [:id, :name, :sku, :price, :weight, :height, :width, :depth,
+         :is_master, :cost_price, :permalink]
+      end
+
+      def image_attributes
+        [:id, :position, :attachment_content_type, :attachment_file_name,
+         :type, :attachment_updated_at, :attachment_width, :attachment_height, :alt]
+      end
+
+      def option_value_attributes
+        [:id, :name, :presentation, :option_type_name, :option_type_id]
+      end
+
+      def order_attributes
+        [:id, :number, :item_total, :total, :state, :adjustment_total, :user_id,
+         :created_at, :updated_at, :completed_at, :payment_total,
+         :shipment_state, :payment_state, :email, :special_instructions, :token]
+      end
+
+      def line_item_attributes
+        [:id, :quantity, :price, :variant_id]
+      end
+
+      def option_type_attributes
+        [:id, :name, :presentation, :position]
+      end
+
+      def payment_attributes
+        [:id, :source_type, :source_id, :amount, :payment_method_id,
+         :response_code, :state, :avs_response, :created_at, :updated_at]
+      end
+
+      def payment_method_attributes
+        [:id, :name, :description]
+      end
+
+      def shipment_attributes
+        [:id, :tracking, :number, :cost, :shipped_at, :state]
+      end
+
+      def taxonomy_attributes
+        [:id, :name]
+      end
+
+      def taxon_attributes
+        [:id, :name, :pretty_name, :permalink, :position, :parent_id, :taxonomy_id]
+      end
+
+      def inventory_unit_attributes
+        [:id, :lock_version, :state, :variant_id, :shipment_id, :return_authorization_id]
+      end
+
+      def return_authorization_attributes
+        [:id, :number, :state, :amount, :order_id, :reason, :created_at, :updated_at]
+      end
+
+      def country_attributes
+        [:id, :iso_name, :iso, :iso3, :name, :numcode]
+      end
+
+      def state_attributes
+        [:id, :name, :abbr, :country_id]
+      end
+
+      def adjustment_attributes
+        [:id, :source_type, :source_id, :adjustable_type, :adjustable_id, :originator_type,
+         :originator_id, :amount, :label, :mandatory, :locked, :eligible, :created_at, :updated_at]
+      end
+
+      def creditcard_attributes
+        [:id, :month, :year, :cc_type, :last_digits, :first_name, :last_name,
+         :gateway_customer_profile_id, :gateway_payment_profile_id]
+      end
+
+      def user_attributes
+        [:id, :email, :created_at, :updated_at]
+      end
+
+      def property_attributes
+        [:id, :name, :presentation]
+      end
+
+      def stock_location_attributes
+        [:id, :name, :address1, :address2, :city,
+         :state_id, :state_name, :country_id, :zipcode, :phone, :active]
+      end
+
+      def stock_movement_attributes
+        [:id, :quantity, :stock_item_id]
+      end
+
+      def stock_item_attributes
+        [:id, :count_on_hand, :backorderable, :lock_version, :stock_location_id, :variant_id]
+      end
+    end
+  end
+end

app/jobs/subscription_placement_job.rb

@@ -59,7 +59,7 @@ class SubscriptionPlacementJob
   end
 
   def move_to_completion(order)
-    until order.completed? do order.next! end
+    AdvanceOrderService.new(order).call!
   end
 
   def unavailable_stock_lines_for(order)

app/models/calculator/weight.rb

@@ -13,8 +13,43 @@ module Calculator
 
     def compute(object)
       line_items = line_items_for object
-      total_weight = line_items.sum { |li| ((li.variant.andand.weight || 0) * li.quantity) }
-      total_weight * preferred_per_kg
+      (total_weight(line_items) * preferred_per_kg).round(2)
+    end
+
+    private
+
+    def total_weight(line_items)
+      line_items.sum do |line_item|
+        line_item_weight(line_item)
+      end
+    end
+
+    def line_item_weight(line_item)
+      if line_item.final_weight_volume.present?
+        weight_per_final_weight_volume(line_item)
+      else
+        weight_per_variant(line_item) * line_item.quantity
+      end
+    end
+
+    def weight_per_variant(line_item)
+      line_item.variant.andand.weight || 0
+    end
+
+    def weight_per_final_weight_volume(line_item)
+      if line_item.variant.product.andand.variant_unit == 'weight'
+        # Divided by 1000 because grams is the base weight unit and the calculator price is per_kg
+        line_item.final_weight_volume / 1000.0
+      else
+        weight_per_variant(line_item) * quantity_implied_in_final_weight_volume(line_item)
+      end
+    end
+
+    #  Example: 2 (line_item.quantity) wine glasses of 125mL (line_item.variant.unit_value)
+    #    Customer ends up getting 350mL (line_item.final_weight_volume) of wine
+    #      that represent 2.8 (quantity_implied_in_final_weight_volume) glasses of wine
+    def quantity_implied_in_final_weight_volume(line_item)
+      (1.0 * line_item.final_weight_volume / line_item.variant.unit_value).round(3)
     end
   end
 end

app/models/concerns/variant_stock.rb

@@ -100,13 +100,13 @@ module VariantStock
   # Here we depend only on variant.total_on_hand and variant.on_demand.
   #   This way, variant_overrides only need to override variant.total_on_hand and variant.on_demand.
   def fill_status(quantity)
-    if on_hand >= quantity
-      on_hand = quantity
-      backordered = 0
-    else
-      on_hand = [0, total_on_hand].max
-      backordered = on_demand ? (quantity - on_hand) : 0
-    end
+    on_hand = if total_on_hand >= quantity || on_demand
+                quantity
+              else
+                [0, total_on_hand].max
+              end
+
+    backordered = 0
 
     [on_hand, backordered]
   end
@@ -117,6 +117,9 @@ module VariantStock
   def move(quantity, originator = nil)
     raise_error_if_no_stock_item_available
 
+    # Don't change variant stock if variant is on_demand
+    return if on_demand
+
     # Creates a stock movement: it updates stock_item.count_on_hand and fills backorders
     #
     # This is the original Spree::StockLocation#move,

app/models/enterprise.rb

@@ -90,7 +90,6 @@ class Enterprise < ActiveRecord::Base
   validates :permalink, uniqueness: true, presence: true
   validate :shopfront_taxons
   validate :enforce_ownership_limit, if: lambda { owner_id_changed? && !owner_id.nil? }
-  validates :description, length: { maximum: 255 }
 
   before_validation :initialize_permalink, if: lambda { permalink.nil? }
   before_validation :ensure_owner_is_manager, if: lambda { owner_id_changed? && !owner_id.nil? }
@@ -464,9 +463,11 @@ class Enterprise < ActiveRecord::Base
     self.permalink = Enterprise.find_available_permalink(name)
   end
 
+  # Touch distributors without them touching their distributors.
+  # We avoid an infinite loop and don't need to touch the whole distributor tree.
   def touch_distributors
     Enterprise.distributing_products(supplied_products.select(:id)).
       where('enterprises.id != ?', id).
-      find_each(&:touch)
+      update_all(updated_at: Time.zone.now)
   end
 end

app/models/feature_flags.rb

@@ -1,20 +0,0 @@
-# Tells whether a particular feature is enabled or not
-class FeatureFlags
-  # Constructor
-  #
-  # @param user [User]
-  def initialize(user)
-    @user = user
-  end
-
-  # Checks whether product import is enabled for the specified user
-  #
-  # @return [Boolean]
-  def product_import_enabled?
-    user.superadmin?
-  end
-
-  private
-
-  attr_reader :user
-end

app/models/spree/price_decorator.rb

@@ -1,9 +1,22 @@
 module Spree
   Price.class_eval do
+    acts_as_paranoid without_default_scope: true
+
     after_save :refresh_products_cache
 
+    # Allow prices to access associated soft-deleted variants.
+    def variant
+      Spree::Variant.unscoped { super }
+    end
+
     private
 
+    def check_price
+      if currency.nil?
+        self.currency = Spree::Config[:currency]
+      end
+    end
+
     def refresh_products_cache
       variant.andand.refresh_products_cache
     end

app/models/spree/product_decorator.rb

@@ -56,6 +56,12 @@ Spree::Product.class_eval do
           ON (o_order_cycles.id = o_exchanges.order_cycle_id)")
   }
 
+  scope :imported_on, lambda { |import_date|
+    import_date = Time.zone.parse import_date if import_date.is_a? String
+    import_date = import_date.to_date
+    joins(:variants).merge(Spree::Variant.where(import_date: import_date.beginning_of_day..import_date.end_of_day))
+  }
+
   scope :with_order_cycles_inner, -> {
     joins(variants_including_master: { exchanges: :order_cycle })
   }

app/models/spree/product_set.rb

@@ -17,9 +17,7 @@ class Spree::ProductSet < ModelSet
   #   variant.update_attributes( { price: xx.x } )
   #
   def update_attributes(attributes)
-    if attributes[:taxon_ids].present?
-      attributes[:taxon_ids] = attributes[:taxon_ids].split(',')
-    end
+    split_taxon_ids!(attributes)
 
     found_model = @collection.find do |model|
       model.id.to_s == attributes[:id].to_s && model.persisted?
@@ -28,12 +26,20 @@ class Spree::ProductSet < ModelSet
     if found_model.nil?
       @klass.new(attributes).save unless @reject_if.andand.call(attributes)
     else
-      update_product_only_attributes(found_model, attributes) &&
-        update_product_variants(found_model, attributes) &&
-        update_product_master(found_model, attributes)
+      update_product(found_model, attributes)
     end
   end
 
+  def split_taxon_ids!(attributes)
+    attributes[:taxon_ids] = attributes[:taxon_ids].split(',') if attributes[:taxon_ids].present?
+  end
+
+  def update_product(found_model, attributes)
+    update_product_only_attributes(found_model, attributes) &&
+      update_product_variants(found_model, attributes) &&
+      update_product_master(found_model, attributes)
+  end
+
   def update_product_only_attributes(product, attributes)
     variant_related_attrs = [:id, :variants_attributes, :master_attributes]
     product_related_attrs = attributes.except(*variant_related_attrs)
@@ -90,8 +96,23 @@ class Spree::ProductSet < ModelSet
 
     variant = product.variants.create(variant_attributes)
 
-    variant.on_demand = on_demand if on_demand.present?
-    variant.on_hand = on_hand.to_i if on_hand.present?
+    begin
+      variant.on_demand = on_demand if on_demand.present?
+      variant.on_hand = on_hand.to_i if on_hand.present?
+    rescue StandardError => error
+      notify_bugsnag(error, product, variant, variant_attributes)
+      raise error
+    end
+  end
+
+  def notify_bugsnag(error, product, variant, variant_attributes)
+    Bugsnag.notify(error) do |report|
+      report.add_tab(:product, product.attributes)
+      report.add_tab(:product_error, product.errors.first) unless product.valid?
+      report.add_tab(:variant_attributes, variant_attributes)
+      report.add_tab(:variant, variant.attributes)
+      report.add_tab(:variant_error, variant.errors.first) unless variant.valid?
+    end
   end
 
   def collection_attributes=(attributes)

app/models/spree/stock_movement_decorator.rb

@@ -0,0 +1,10 @@
+Spree::StockMovement.class_eval do
+  after_save :refresh_products_cache
+
+  private
+
+  def refresh_products_cache
+    return if stock_item.variant.blank?
+    OpenFoodNetwork::ProductsCache.variant_changed stock_item.variant
+  end
+end

app/models/spree/user.rb

@@ -136,6 +136,16 @@ module Spree
       has_spree_role?('admin')
     end
 
+    def generate_spree_api_key!
+      self.spree_api_key = SecureRandom.hex(24)
+      save!
+    end
+
+    def clear_spree_api_key!
+      self.spree_api_key = nil
+      save!
+    end
+
     protected
 
     def password_required?

app/models/spree/variant_decorator.rb

@@ -91,6 +91,11 @@ Spree::Variant.class_eval do
     can_supply?(quantity)
   end
 
+  # Allow variant to access associated soft-deleted prices.
+  def default_price
+    Spree::Price.unscoped { super }
+  end
+
   def price_with_fees(distributor, order_cycle)
     price + fees_for(distributor, order_cycle)
   end

app/models/subscription_line_item.rb

@@ -10,6 +10,11 @@ class SubscriptionLineItem < ActiveRecord::Base
     (price_estimate || 0) * (quantity || 0)
   end
 
+  # Ensure SubscriptionLineItem always has access to soft-deleted Variant attribute
+  def variant
+    Spree::Variant.unscoped { super }
+  end
+
   # Used to calculators to estimate fees
   alias_method :amount, :total_estimate
 

app/overrides/admin_tab.rb

@@ -1,6 +0,0 @@
-Deface::Override.new(virtual_path: "spree/layouts/admin",
-                     name: "user_admin_tabs",
-                     insert_bottom: "[data-hook='admin_tabs'], #admin_tabs[data-hook]",
-                     partial: "spree/admin/users_tab",
-                     disabled: false,
-                     original: '031652cf5a054796022506622082ab6d2693699f')

app/overrides/auth_admin_login_navigation_bar.rb

@@ -1,5 +0,0 @@
-Deface::Override.new(virtual_path: "spree/layouts/admin",
-                     name: "auth_admin_login_navigation_bar",
-                     insert_top: "[data-hook='admin_login_navigation_bar'], #admin_login_navigation_bar[data-hook]",
-                     partial: "spree/layouts/admin/login_nav",
-                     original: '841227d0aedf7909d62237d8778df99100087715')

app/overrides/auth_shared_login_bar.rb

@@ -1,6 +0,0 @@
-Deface::Override.new(virtual_path: "spree/shared/_nav_bar",
-                     name: "auth_shared_login_bar",
-                     insert_before: "li#search-bar",
-                     partial: "spree/shared/login_bar",
-                     disabled: false,
-                     original: 'eb3fa668cd98b6a1c75c36420ef1b238a1fc55ac')

app/overrides/remove_search_bar.rb

@@ -1,3 +0,0 @@
-Deface::Override.new(virtual_path: "spree/shared/_nav_bar",
-                     remove: "#search-bar",
-                     name: "search_removal")

app/overrides/remove_side_bar.rb

@@ -1,3 +0,0 @@
-Deface::Override.new(virtual_path: "spree/shared/_sidebar",
-                     remove: "#sidebar",
-                     name: "sidebar_removal")

app/overrides/set_auth_token_in_backend.rb

@@ -1,5 +0,0 @@
-Deface::Override.new(virtual_path: "spree/layouts/admin",
-                     insert_bottom: "[data-hook='admin_inside_head']",
-                     partial: "layouts/auth_token_script",
-                     name: "set_auth_token_in_backend",
-                     original: '6bc2c5de1c8f7542d033548557437c9fe4b3ba02')

app/overrides/set_auth_token_in_frontend.rb

@@ -1,5 +0,0 @@
-Deface::Override.new(virtual_path: "spree/layouts/spree_application",
-                     insert_bottom: "[data-hook='inside_head']",
-                     partial: "layouts/auth_token_script",
-                     name: "set_auth_token_in_frontend",
-                     original: '5659ac7dbf6ac6469907b005b85285b894677815')

app/overrides/spree/admin/payments/new/add_angular_to_form.html.haml.deface

@@ -1,2 +0,0 @@
-/replace 'code[erb-loud]:contains("form_for @payment")'
-= form_for @payment, :url => admin_order_payments_path(@order), :html => {"ng-app" => "admin.payments", "ng-controller" => "PaymentCtrl"} do |f|

app/overrides/spree/admin/payments/new/add_save_bar.html.haml.deface

@@ -1,3 +0,0 @@
-/ insert_before "fieldset.no-border-top"
-
-%save-bar{ persist: "true" }

app/overrides/spree/admin/payments/new/override_submit_for_button.html.haml.deface

@@ -1,2 +0,0 @@
-/replace 'code[erb-loud]:contains("button @order.cart?")'
-= button_tag t(:update), type: 'button', "ng-click" => "submitPayment()"

app/overrides/spree/admin/product_properties/_product_property_fields/replace_free_text_with_select.html.haml.deface

@@ -1,6 +0,0 @@
-/ replace_contents "td.property_name"
-
-- if spree_current_user.admin?
-  = f.text_field :property_name, :class => 'autocomplete'
-- else
-  = f.select :property_name, @properties, { :include_blank => true }, { class: 'select2 fullwidth' }

app/overrides/spree/admin/product_properties/index/add_producer_properties_warning_and_table.html.haml.deface

@@ -1,26 +0,0 @@
-/ insert_after 'table.index.sortable'
-
-=f.check_box :inherits_properties
-=f.label :inherits_properties, t(".inherits_properties_checkbox_hint", supplier: @product.supplier.name)
-%br
-%br
-
-#inherited_properties
-  %table.index
-    %thead
-      %tr{"data-hook" => "producer_properties_header"}
-        %th= t('admin.products.properties.inherited_property')
-        %th= t('admin.description')
-        %th.actions
-    %tbody#producer_properties{"data-hook" => ""}
-      - @product.supplier.producer_properties.each do |producer_property|
-        %tr
-          %td= producer_property.property.presentation
-          %td= producer_property.value
-          %td.actions
-
-:coffee
-  $(document).ready ->
-    $("#inherited_properties").toggle $("input#product_inherits_properties").is(':checked')
-  $("input#product_inherits_properties").change ->
-    $("#inherited_properties").toggle $(this).is(':checked')

app/overrides/spree/admin/product_properties/index/rename_form_headings.html.haml.deface

@@ -1,5 +0,0 @@
-/ replace "tr[data-hook='product_properties_header']"
-%tr{"data-hook" => "product_properties_header"}
-  %th= t('admin.products.properties.property_name')
-  %th= t('admin.description')
-  %th.actions

app/overrides/spree/admin/variants/_form/add_angular.deface

@@ -1,2 +0,0 @@
-add_to_attributes '[data-hook="admin_variant_form_fields"]'
-attributes 'ng-app' => 'admin.products'

app/overrides/spree/admin/variants/_form/add_display_name_unit_value_and_description.html.haml.deface

@@ -1,25 +0,0 @@
-/ insert_top "[data-hook='admin_variant_form_fields']"
-
-.field
-  = f.label :display_name, t(:display_name)
-  = f.text_field :display_name, class: "fullwidth"
-.field
-  = f.label :display_as, t(:display_as)
-  = f.text_field :display_as, class: "fullwidth"
-
-- if product_has_variant_unit_option_type?(@product)
-  - if @product.variant_unit != 'items'
-    .field{"data-hook" => "unit_value", 'ng-controller' => 'variantUnitsCtrl'}
-      = f.label :unit_value, "#{t('admin.'+@product.variant_unit)} ({{unitName(#{@product.variant_unit_scale}, '#{@product.variant_unit}')}})"
-      = hidden_field_tag 'product_variant_unit_scale', @product.variant_unit_scale
-      = text_field_tag :unit_value_human, nil, {class: "fullwidth", 'ng-model' => 'unit_value_human', 'ng-change' => 'updateValue()'}
-      = f.text_field :unit_value, {hidden: true, 'ng-value' => 'unit_value'}
-
-    .field{"data-hook" => "unit_description"}
-      = f.label :unit_description, t(:spree_admin_unit_description)
-      = f.text_field :unit_description, class: "fullwidth", placeholder: t('admin.products.unit_name_placeholder')
-
-    :javascript
-      angular.element(document.getElementById("new_variant")).ready(function() {
-        angular.bootstrap(document.getElementById("new_variant"), ['admin.products']);
-      });

app/overrides/spree/admin/variants/_form/add_stock_management.html.haml.deface

@@ -1,11 +0,0 @@
-/ insert_bottom "[data-hook='admin_variant_form_fields']"
-
-- if Spree::Config[:track_inventory_levels]
-  .field.checkbox
-    %label
-      = f.check_box :on_demand
-      = t(:on_demand)
-  .field
-    = f.label :on_hand, t(:on_hand)
-    .fullwidth
-      = f.text_field :on_hand

app/overrides/spree/admin/variants/_form/hide_unit_option_types.html.haml.deface

@@ -1,10 +0,0 @@
-/ replace "[data-hook='presentation']"
-
-- unless variant_unit_option_type?(option_type)
-  .field{"data-hook" => "presentation"}
-    = label :new_variant, option_type.presentation
-    - if @variant.new_record?
-      = select(:new_variant, option_type.presentation, option_type.option_values.collect {|ov| [ ov.presentation, ov.id ] }, {}, {:class => 'select2 fullwidth'})
-    - else
-      - if opt = @variant.option_values.detect {|o| o.option_type == option_type }.try(:presentation)
-        = text_field(:new_variant, option_type.presentation, :value => opt, :disabled => 'disabled', :class => 'fullwidth')

app/overrides/spree/admin/variants/_form/on_demand_script.html.haml.deface

@@ -1,33 +0,0 @@
-/ insert_bottom "[data-hook='admin_variant_form_fields']"
-:javascript
-
-    $(document).ready(function() {
-
-        var on_demand = $('input#variant_on_demand');
-        var on_hand = $('input#variant_on_hand');
-
-        disableOnHandIfOnDemand = function() {
-            on_demand_checked = on_demand.attr('checked')
-            if ( on_demand_checked == undefined )
-                on_demand_checked = false;
-
-            on_hand.attr('disabled', on_demand_checked);
-            if(on_demand_checked) {
-              on_hand.attr('data-stock', on_hand.val());
-              on_hand.val(t('admin.products.variants.infinity'));
-            }
-        }
-
-        disableOnHandIfOnDemand();
-
-        on_demand.change(function(){
-            disableOnHandIfOnDemand();
-            if(!this.checked) {
-                if(on_hand.attr('data-stock') !== undefined) {
-                    on_hand.val(on_hand.attr('data-stock'));
-                } else {
-                    on_hand.val("0");
-                }
-            }
-        });
-    });

app/overrides/spree/admin/variants/_form/on_demand_tooltip.html.haml.deface

@@ -1,3 +0,0 @@
-/ insert_bottom "[data-hook='on_demand']"
-%div{'ofn-with-tip' => t('admin.products.variants.to_order_tip')}
-  %a= t('admin.whats_this')

app/overrides/spree/admin/variants/_form/replace_weight.html.haml.deface

@@ -1,14 +0,0 @@
-/ replace "[data-hook='admin_variant_form_additional_fields']"
-
-.right.six.columns.omega.label-block{"data-hook" => "admin_variant_form_additional_fields"}
-  - if @product.variant_unit != 'weight'
-    .field{"data-hook" => 'weight'}
-      = f.label 'weight', t('weight')+' (kg)'
-      - value = number_with_precision(@variant.weight, :precision => 2)
-      = f.text_field 'weight', :value => value, :class => 'fullwidth'
-
-  - [:height, :width, :depth].each do |field|
-    .field{"data-hook" => field}
-      = f.label field, t(field)
-      - value = number_with_precision(@variant.send(field), :precision => 2)
-      = f.text_field field, :value => value, :class => 'fullwidth'

app/overrides/spree/admin/variants/index/replace_options_text.html.haml.deface

@@ -1,3 +0,0 @@
-/ replace "code[erb-loud]:contains('variant.options_text')"
-
-= variant.full_name

app/overrides/spree/layouts/admin/add_app_wrapper.html.erb.deface

@@ -1,5 +0,0 @@
-<!-- surround_contents 'body' -->
-
-<div <%= yield(:app_wrapper_attrs).strip.html_safe %>>
-  <%= render_original %>
-</div>

app/overrides/spree/shared/_footer/footer.html.haml.deface

@@ -1,19 +0,0 @@
-/ replace "footer"
-
--#= render partial: "shared/footer"
-%footer
-  %hr/
-
-  -#.row
-    -#.seven.columns.offset-by-three
-      -#%center
-        -#%h1 What is open food network?
-        -#%p
-          -#%i
-            -#Open food network is an online space in which people can connect with, trade and sell food directly with
-            -#Australian farmers.  We aim to reconnect people with their food.
-  -#%hr/
-
-  -#.row
-    -#.five.columns.secondary.offset-by-seven.secondary
-      -#All rights reserved. © 2013 Open Food Foundation

app/overrides/spree/shared/_header/replace_logo_with_link_text.html.haml.deface

@@ -1,8 +0,0 @@
-/ replace "#logo"
-
-%figure#logo.columns.eight
-  - if current_distributor
-    %h1= link_to current_distributor.name, main_app.enterprise_shop_path(current_distributor)
-    .change-location= link_to 'Change Location', root_path
-  - else
-    %h1= link_to "OPEN FOOD NETWORK", root_path

app/overrides/spree/shared/_nav_bar/adjust_top_nav_columns.html.haml.deface

@@ -1,2 +0,0 @@
-/ set_attributes '#top-nav-bar'
-/ attributes({:class => "columns eight"})

app/overrides/spree/shared/_user_form/add_confirmation_message.html.haml.deface

@@ -1,5 +0,0 @@
-/ insert_before "#password-credentials"
-
-- if @unconfirmed_email
-  %p.alert-box
-    = t('spree.users.show.unconfirmed_email', unconfirmed_email: @unconfirmed_email)

app/serializers/api/admin/variant_serializer.rb

@@ -1,15 +1,49 @@
 class Api::Admin::VariantSerializer < ActiveModel::Serializer
-  attributes :id, :options_text, :unit_value, :unit_description, :unit_to_display, :on_demand, :display_as, :display_name, :name_to_display, :sku
-  attributes :on_hand, :price, :import_date
+  attributes :id, :name, :producer_name, :image, :sku, :import_date
+  attributes :options_text, :unit_value, :unit_description, :unit_to_display
+  attributes :display_as, :display_name, :name_to_display
+  attributes :price, :on_demand, :on_hand, :in_stock, :stock_location_id, :stock_location_name
+
   has_many :variant_overrides
 
+  def name
+    if object.full_name.present?
+      "#{object.name} - #{object.full_name}"
+    else
+      object.name
+    end
+  end
+
   def on_hand
     return 0 if object.on_hand.nil?
     object.on_hand
   end
 
   def price
-    # Decimals are passed to json as strings, we need to run parseFloat.toFixed(2) on the client side.
+    # Decimals are passed to json as strings, we need to run parseFloat.toFixed(2) on the client.
     object.price.nil? ? 0.to_f : object.price
   end
+
+  def producer_name
+    object.product.supplier.name
+  end
+
+  def image
+    return if object.product.images.empty?
+    object.product.images.first.mini_url
+  end
+
+  def in_stock
+    object.in_stock?
+  end
+
+  def stock_location_id
+    return if object.stock_items.empty?
+    object.stock_items.first.stock_location.id
+  end
+
+  def stock_location_name
+    return if object.stock_items.empty?
+    object.stock_items.first.stock_location.name
+  end
 end

app/serializers/api/image_serializer.rb

@@ -1,10 +1,18 @@
 class Api::ImageSerializer < ActiveModel::Serializer
-  attributes :id, :alt, :small_url, :large_url
+  attributes :id, :alt, :thumb_url, :small_url, :image_url, :large_url
+
+  def thumb_url
+    object.attachment.url(:mini, false)
+  end
 
   def small_url
     object.attachment.url(:small, false)
   end
 
+  def image_url
+    object.attachment.url(:product, false)
+  end
+
   def large_url
     object.attachment.url(:large, false)
   end

app/serializers/api/order_cycle_serializer.rb

@@ -0,0 +1,13 @@
+module Api
+  class OrderCycleSerializer < ActiveModel::Serializer
+    attributes :order_cycle_id, :orders_close_at
+
+    def order_cycle_id
+      object.id
+    end
+
+    def orders_close_at
+      object.orders_close_at.to_s
+    end
+  end
+end

app/serializers/api/shipment_serializer.rb

@@ -0,0 +1,13 @@
+module Api
+  class ShipmentSerializer < ActiveModel::Serializer
+    attributes :id, :tracking, :number, :order_id, :cost, :shipped_at, :stock_location_name, :state
+
+    def order_id
+      object.order.number
+    end
+
+    def stock_location_name
+      object.stock_location.name
+    end
+  end
+end

app/serializers/api/taxon_jstree_attribute_serializer.rb

@@ -0,0 +1,5 @@
+module Api
+  class TaxonJstreeAttributeSerializer < ActiveModel::Serializer
+    attributes :id, :name
+  end
+end

app/serializers/api/taxon_jstree_serializer.rb

@@ -0,0 +1,18 @@
+module Api
+  class TaxonJstreeSerializer < ActiveModel::Serializer
+    attributes :data, :state
+    has_one :attr, serializer: TaxonJstreeAttributeSerializer
+
+    def data
+      object.name
+    end
+
+    def attr
+      object
+    end
+
+    def state
+      "closed"
+    end
+  end
+end

app/serializers/api/taxon_serializer.rb

@@ -2,7 +2,7 @@ class Api::TaxonSerializer < ActiveModel::Serializer
   cached
   delegate :cache_key, to: :object
 
-  attributes :id, :name, :permalink, :icon
+  attributes :id, :name, :permalink, :icon, :pretty_name, :position, :parent_id, :taxonomy_id
 
   def icon
     object.icon(:original)

app/serializers/api/variant_serializer.rb

@@ -1,6 +1,8 @@
 class Api::VariantSerializer < ActiveModel::Serializer
-  attributes :id, :is_master, :on_hand, :name_to_display, :unit_to_display, :unit_value
-  attributes :options_text, :on_demand, :price, :fees, :price_with_fees, :product_name
+  attributes :id, :is_master, :product_name, :sku
+  attributes :options_text, :unit_value, :unit_description, :unit_to_display
+  attributes :display_as, :display_name, :name_to_display
+  attributes :price, :on_demand, :on_hand, :fees, :price_with_fees
   attributes :tag_list
 
   delegate :price, to: :object

app/services/embedded_page_service.rb

@@ -73,7 +73,9 @@ class EmbeddedPageService
 
   def current_referer
     return if @request.referer.blank?
-    URI(@request.referer).host.downcase
+    uri = URI(@request.referer)
+    return if uri.host.blank?
+    uri.host.downcase
   end
 
   def current_referer_without_www

app/services/line_item_syncer.rb

@@ -22,20 +22,36 @@ class LineItemSyncer
   def update_item_quantities(order)
     changed_subscription_line_items.each do |sli|
       line_item = order.line_items.find_by_variant_id(sli.variant_id)
-      next if update_quantity(line_item, sli)
-      product_name = "#{line_item.product.name} - #{line_item.full_name}"
-      order_update_issues.add(order, product_name)
+
+      if line_item.blank?
+        order_update_issues.add(order, sli.variant.product_and_full_name)
+        next
+      end
+
+      unless update_quantity(line_item, sli)
+        add_order_update_issue(order, line_item)
+      end
     end
   end
 
   def create_new_items(order)
     new_subscription_line_items.each do |sli|
-      order.line_items.create(variant_id: sli.variant_id, quantity: sli.quantity, skip_stock_check: true)
+      new_line_item = order.line_items.create(variant_id: sli.variant_id,
+                                              quantity: sli.quantity,
+                                              skip_stock_check: skip_stock_check?(order))
+      next if skip_stock_check?(order) || new_line_item.sufficient_stock?
+
+      order.line_items.delete(new_line_item)
+      add_order_update_issue(order, new_line_item)
     end
   end
 
   def destroy_obsolete_items(order)
-    order.line_items.where(variant_id: subscription_line_items.select(&:marked_for_destruction?).map(&:variant_id)).destroy_all
+    order.line_items.
+      where(variant_id: subscription_line_items.
+                        select(&:marked_for_destruction?).
+                        map(&:variant_id)).
+      destroy_all
   end
 
   def changed_subscription_line_items
@@ -48,8 +64,27 @@ class LineItemSyncer
 
   def update_quantity(line_item, sli)
     if line_item.quantity == sli.quantity_was
-      return line_item.update_attributes(quantity: sli.quantity, skip_stock_check: true)
+      return line_item.update_attributes(quantity: sli.quantity,
+                                         skip_stock_check: skip_stock_check?(line_item.order))
     end
     line_item.quantity == sli.quantity
   end
+
+  def skip_stock_check?(order)
+    !order.complete?
+  end
+
+  def add_order_update_issue(order, line_item)
+    issue_description = "#{line_item.product.name} - #{line_item.variant.full_name}"
+    issue_description << " - #{stock_issue_description(line_item)}" if line_item.insufficient_stock?
+    order_update_issues.add(order, issue_description)
+  end
+
+  def stock_issue_description(line_item)
+    if line_item.variant.in_stock?
+      I18n.t("admin.subscriptions.stock.insufficient_stock")
+    else
+      I18n.t("admin.subscriptions.stock.out_of_stock")
+    end
+  end
 end

app/services/order_syncer.rb

@@ -1,6 +1,5 @@
 # Responsible for ensuring that any updates to a Subscription are propagated to any
 # orders belonging to that Subscription which have been instantiated
-
 class OrderSyncer
   attr_reader :order_update_issues
 
@@ -11,8 +10,9 @@ class OrderSyncer
   end
 
   def sync!
-    future_and_undated_orders.all? do |order|
-      order.assign_attributes(customer_id: customer_id, email: customer.andand.email, distributor_id: shop_id)
+    orders_in_order_cycles_not_closed.all? do |order|
+      order.assign_attributes(customer_id: customer_id, email: customer.andand.email,
+                              distributor_id: shop_id)
       update_associations_for(order)
       line_item_syncer.sync!(order)
       order.save
@@ -25,7 +25,8 @@ class OrderSyncer
 
   delegate :orders, :bill_address, :ship_address, :subscription_line_items, to: :subscription
   delegate :shop_id, :customer, :customer_id, to: :subscription
-  delegate :shipping_method, :shipping_method_id, :payment_method, :payment_method_id, to: :subscription
+  delegate :shipping_method, :shipping_method_id,
+           :payment_method, :payment_method_id, to: :subscription
   delegate :shipping_method_id_changed?, :shipping_method_id_was, to: :subscription
   delegate :payment_method_id_changed?, :payment_method_id_was, to: :subscription
 
@@ -36,9 +37,10 @@ class OrderSyncer
     update_payment_for(order) if payment_method_id_changed?
   end
 
-  def future_and_undated_orders
-    return @future_and_undated_orders unless @future_and_undated_orders.nil?
-    @future_and_undated_orders = orders.joins(:order_cycle).merge(OrderCycle.not_closed).readonly(false)
+  def orders_in_order_cycles_not_closed
+    return @orders_in_order_cycles_not_closed unless @orders_in_order_cycles_not_closed.nil?
+    @orders_in_order_cycles_not_closed = orders.joins(:order_cycle).
+      merge(OrderCycle.not_closed).readonly(false)
   end
 
   def update_bill_address_for(order)
@@ -49,7 +51,8 @@ class OrderSyncer
   end
 
   def update_payment_for(order)
-    payment = order.payments.with_state('checkout').where(payment_method_id: payment_method_id_was).last
+    payment = order.payments.
+      with_state('checkout').where(payment_method_id: payment_method_id_was).last
     if payment
       payment.andand.void_transaction!
       order.payments.create(payment_method_id: payment_method_id, amount: order.reload.total)

app/services/subscription_validator.rb

@@ -9,8 +9,8 @@ class SubscriptionValidator
 
   attr_reader :subscription
 
-  validates_presence_of :shop, :customer, :schedule, :shipping_method, :payment_method
-  validates_presence_of :bill_address, :ship_address, :begins_at
+  validates :shop, :customer, :schedule, :shipping_method, :payment_method, presence: true
+  validates :bill_address, :ship_address, :begins_at, presence: true
   validate :shipping_method_allowed?
   validate :payment_method_allowed?
   validate :payment_method_type_allowed?

app/views/admin/customers/index.html.haml

@@ -2,8 +2,8 @@
   %h1.page-title
     =t :customers
 
-- content_for :app_wrapper_attrs do
-  = "ng-app='admin.customers'"
+- content_for :main_ng_app_name do
+  = "admin.customers"
 
 - content_for :page_actions do
   %li

app/views/admin/enterprises/edit.html.haml

@@ -4,8 +4,8 @@
   = t('.editing')
   = @enterprise.name
 
-- content_for :app_wrapper_attrs do
-  = "ng-app='admin.enterprises'"
+- content_for :main_ng_app_name do
+  = "admin.enterprises"
 
 - content_for :page_actions do
   %li= select :enterprise, :id, options_for_select(editable_enterprises.collect {|e| [e.name, e.id, {:'data-url' => "#{main_app.edit_admin_enterprise_path(e.permalink)}", :'ng-selected' => "selected==#{e.id}"}]}, @enterprise.id ), {}, {:'enterprise-switcher' => '', 'data-initial' => "#{@enterprise.id}", :'ng-init' => "selected='#{@enterprise.id}'", :'ng-model' => 'selected', :id => 'enterprise_switcher', :class => 'select2'}