Specify API date format when converting date to string in JS

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,66 @@
+<!-- Provide a general summary of the issue in the Title above.
+
+If your issue is not a bug, please use the Feature template instead:
+https://github.com/openfoodfoundation/openfoodnetwork/wiki/Feature-template
+
+-->
+## Description
+<!-- Provide a more detailed introduction to the issue itself, and why you consider it to be a bug -->
+
+
+
+## Expected Behavior
+<!-- Tell us what should happen -->
+
+
+
+## Actual Behavior
+<!-- Tell us what happens instead -->
+
+
+
+## Steps to Reproduce
+<!-- Provide an unambiguous set of steps to reproduce this bug -->
+<!-- Include code to reproduce if relevant -->
+
+1.
+2.
+3.
+4.
+
+## Animated Gif/Screenshot
+<!-- Provide a screenshot or brief animated gif reproducing the bug. Linux users can use
+[Peek](https://github.com/phw/peek#ubuntu) while Mac users can use [Recordit](http://recordit.co/) -->
+
+
+
+## Context
+<!-- How has this bug affected you? What were you trying to accomplish? -->
+
+
+
+## Severity
+<!-- Assign a label and explain the impact.
+
+bug-s1: a critical feature is broken: checkout, payments, signup, login
+bug-s2: a non-critical feature is broken, no workaround
+bug-s3: a feature is broken but there is a workaround
+bug-s4: it's annoying, but you can use it
+bug-s5: we can live with it, only a few users impacted
+
+https://github.com/openfoodfoundation/openfoodnetwork/wiki/Bug-severity
+-->
+
+
+
+## Your Environment
+<!-- Include relevant details about the environment you experienced the bug in -->
+
+* Version used:
+* Browser name and version:
+* Operating System and version (desktop or mobile):
+
+## Possible Fix
+<!-- Not obligatory, but suggest a fix or reason for the bug -->
+
+

.github/ISSUE_TEMPLATE/bug_report.md

@@ -9,7 +9,6 @@ assignees: ''
 
 ## Description
 <!-- Provide a more detailed introduction to the issue itself, and why you consider it to be a bug -->
-<!-- How has this bug affected you? What were you trying to accomplish? -->
 
 
 ## Expected Behavior
@@ -23,8 +22,6 @@ assignees: ''
 ## Steps to Reproduce
 <!-- Provide an unambiguous set of steps to reproduce this bug -->
 <!-- Include code to reproduce if relevant -->
-<!-- Include links -->
-<!-- Include user ID -->
 
 1.
 2.
@@ -32,11 +29,13 @@ assignees: ''
 4.
 
 ## Animated Gif/Screenshot
-<!-- Provide a screenshot or brief video reproducing the bug.  -->
-<!-- Please try to have the dev tools opened on the network tab (press F12 to open the devtools of your browser -->
+<!-- Provide a screenshot or brief animated gif reproducing the bug. Linux users can use
+[Peek](https://github.com/phw/peek#ubuntu) while Mac users can use [Recordit](http://recordit.co/) -->
+
+
+## Context
+<!-- How has this bug affected you? What were you trying to accomplish? -->
 
-## Workaround
-<!-- Include a workaround for this bug (if relevant) -->
 
 ## Severity
 <!-- Assign a label and explain the impact.
@@ -56,6 +55,7 @@ https://github.com/openfoodfoundation/openfoodnetwork/wiki/Bug-severity
 * Version used:
 * Browser name and version:
 * Operating System and version (desktop or mobile):
+* OFN Platform instance where you discovered the bug, and which version of the software they are using. 
 
 ## Possible Fix
 <!-- Not obligatory, but suggest a fix or reason for the bug -->

.github/ISSUE_TEMPLATE/story-template.md

@@ -14,12 +14,5 @@ assignees: ''
 **- I want to be able to do:** (specify the desired behavior)
 (Link to others issues or resources to provide context > only if really necessary). -->
 
-## Acceptance Criteria & Tests
-<!-- Document the outcomes that need to be achieved before this component can be considered complete.
- -->
-<!-- Provide an unambiguous set of steps a tester should do to validate the PR that will solve this issue -->
-
-1.
-2. 
-3. 
-4.
+## Acceptance Criteria
+<!-- Document the outcomes that need to be achieved before this component can be considered complete. -->

.rubocop_manual_todo.yml

@@ -110,6 +110,18 @@ Metrics/LineLength:
   - app/models/variant_override.rb
   - app/models/variant_override_set.rb
   - app/overrides/add_enterprise_fees_to_admin_configurations_menu.rb
+  - app/serializers/api/admin/basic_enterprise_serializer.rb
+  - app/serializers/api/admin/enterprise_fee_serializer.rb
+  - app/serializers/api/admin/enterprise_serializer.rb
+  - app/serializers/api/admin/exchange_serializer.rb
+  - app/serializers/api/admin/for_order_cycle/enterprise_serializer.rb
+  - app/serializers/api/admin/index_enterprise_serializer.rb
+  - app/serializers/api/admin/index_order_cycle_serializer.rb
+  - app/serializers/api/admin/line_item_serializer.rb
+  - app/serializers/api/admin/order_cycle_serializer.rb
+  - app/serializers/api/admin/subscription_serializer.rb
+  - app/serializers/api/admin/tag_rule_serializer.rb
+  - app/serializers/api/admin/variant_override_serializer.rb
   - app/services/cart_service.rb
   - app/services/default_stock_location.rb
   - app/services/embedded_page_service.rb
@@ -136,9 +148,11 @@ Metrics/LineLength:
   - lib/open_food_network/order_cycle_form_applicator.rb
   - lib/open_food_network/order_cycle_management_report.rb
   - lib/open_food_network/order_grouper.rb
+  - lib/open_food_network/orders_and_fulfillments_report.rb
   - lib/open_food_network/payments_report.rb
   - lib/open_food_network/permalink_generator.rb
   - lib/open_food_network/products_cache.rb
+  - lib/open_food_network/products_renderer.rb
   - lib/open_food_network/reports/bulk_coop_allocation_report.rb
   - lib/open_food_network/reports/line_items.rb
   - lib/open_food_network/sales_tax_report.rb
@@ -248,10 +262,13 @@ Metrics/LineLength:
   - spec/helpers/order_cycles_helper_spec.rb
   - spec/helpers/spree/admin/base_helper_spec.rb
   - spec/jobs/confirm_order_job_spec.rb
+  - spec/jobs/products_cache_integrity_checker_job_spec.rb
+  - spec/jobs/refresh_products_cache_job_spec.rb
   - spec/jobs/subscription_confirm_job_spec.rb
   - spec/jobs/subscription_placement_job_spec.rb
   - spec/lib/open_food_network/address_finder_spec.rb
   - spec/lib/open_food_network/bulk_coop_report_spec.rb
+  - spec/lib/open_food_network/cached_products_renderer_spec.rb
   - spec/lib/open_food_network/customers_report_spec.rb
   - spec/lib/open_food_network/enterprise_fee_applicator_spec.rb
   - spec/lib/open_food_network/enterprise_fee_calculator_spec.rb
@@ -268,6 +285,7 @@ Metrics/LineLength:
   - spec/lib/open_food_network/permissions_spec.rb
   - spec/lib/open_food_network/products_and_inventory_report_spec.rb
   - spec/lib/open_food_network/products_cache_spec.rb
+  - spec/lib/open_food_network/products_renderer_spec.rb
   - spec/lib/open_food_network/proxy_order_syncer_spec.rb
   - spec/lib/open_food_network/scope_variant_to_hub_spec.rb
   - spec/lib/open_food_network/subscription_payment_updater_spec.rb
@@ -323,6 +341,7 @@ Metrics/LineLength:
   - spec/performance/orders_controller_spec.rb
   - spec/performance/shop_controller_spec.rb
   - spec/requests/checkout/failed_checkout_spec.rb
+  - spec/requests/checkout/stripe_connect_spec.rb
   - spec/requests/embedded_shopfronts_headers_spec.rb
   - spec/requests/shop_spec.rb
   - spec/serializers/admin/customer_serializer_spec.rb
@@ -436,6 +455,7 @@ Metrics/AbcSize:
   - lib/open_food_network/order_cycle_form_applicator.rb
   - lib/open_food_network/order_cycle_management_report.rb
   - lib/open_food_network/order_cycle_permissions.rb
+  - lib/open_food_network/orders_and_fulfillments_report.rb
   - lib/open_food_network/packing_report.rb
   - lib/open_food_network/payments_report.rb
   - lib/open_food_network/permissions.rb
@@ -462,26 +482,63 @@ Metrics/AbcSize:
 
 Metrics/BlockLength:
   Max: 25
-  ExcludedMethods: [
-    "class_eval",
-    "collection",
-    "context",
-    "describe",
-    "feature",
-    "it",
-    "member",
-    "namespace",
-    "resource",
-    "resources",
-    "scenario"
-  ]
+  ExcludedMethods: ["class_eval", "collection", "context", "describe", "it", "member", "namespace", "resource", "resources"]
   Exclude:
   - lib/tasks/data.rake
   - lib/tasks/dev.rake
   - spec/controllers/spree/admin/invoices_controller_spec.rb
   - spec/factories/variant_factory.rb
+  - spec/features/admin/adjustments_spec.rb
+  - spec/features/admin/bulk_order_management_spec.rb
+  - spec/features/admin/bulk_product_update_spec.rb
+  - spec/features/admin/caching_spec.rb
+  - spec/features/admin/content_spec.rb
+  - spec/features/admin/customers_spec.rb
+  - spec/features/admin/enterprise_fees_spec.rb
+  - spec/features/admin/enterprise_groups_spec.rb
+  - spec/features/admin/enterprise_relationships_spec.rb
+  - spec/features/admin/enterprise_roles_spec.rb
+  - spec/features/admin/enterprises/images_spec.rb
+  - spec/features/admin/enterprises/index_spec.rb
+  - spec/features/admin/enterprises_spec.rb
+  - spec/features/admin/enterprise_user_spec.rb
+  - spec/features/admin/multilingual_spec.rb
+  - spec/features/admin/order_cycles_spec.rb
   - spec/features/admin/orders_spec.rb
+  - spec/features/admin/overview_spec.rb
+  - spec/features/admin/payment_method_spec.rb
+  - spec/features/admin/product_import_spec.rb
+  - spec/features/admin/products_spec.rb
+  - spec/features/admin/reports/enterprise_fee_summaries_spec.rb
+  - spec/features/admin/reports_spec.rb
+  - spec/features/admin/schedules_spec.rb
+  - spec/features/admin/shipping_methods_spec.rb
+  - spec/features/admin/subscriptions_spec.rb
+  - spec/features/admin/tag_rules_spec.rb
+  - spec/features/admin/tax_settings_spec.rb
+  - spec/features/admin/users_spec.rb
+  - spec/features/admin/variant_overrides_spec.rb
+  - spec/features/admin/variants_spec.rb
+  - spec/features/consumer/account/cards_spec.rb
+  - spec/features/consumer/account/settings_spec.rb
+  - spec/features/consumer/account_spec.rb
+  - spec/features/consumer/authentication_spec.rb
+  - spec/features/consumer/cookies_spec.rb
+  - spec/features/consumer/external_services_spec.rb
+  - spec/features/consumer/groups_spec.rb
+  - spec/features/consumer/multilingual_spec.rb
+  - spec/features/consumer/producers_spec.rb
+  - spec/features/consumer/registration_spec.rb
+  - spec/features/consumer/shopping/cart_spec.rb
+  - spec/features/consumer/shopping/checkout_auth_spec.rb
+  - spec/features/consumer/shopping/checkout_spec.rb
+  - spec/features/consumer/shopping/embedded_groups_spec.rb
   - spec/features/consumer/shopping/embedded_shopfronts_spec.rb
+  - spec/features/consumer/shopping/orders_spec.rb
+  - spec/features/consumer/shopping/products_spec.rb
+  - spec/features/consumer/shopping/shopping_spec.rb
+  - spec/features/consumer/shopping/variant_overrides_spec.rb
+  - spec/features/consumer/shops_spec.rb
   - spec/lib/open_food_network/group_buy_report_spec.rb
   - spec/models/tag_rule/discount_order_spec.rb
   - spec/spec_helper.rb
@@ -513,6 +570,7 @@ Metrics/CyclomaticComplexity:
   - lib/discourse/single_sign_on.rb
   - lib/open_food_network/bulk_coop_report.rb
   - lib/open_food_network/enterprise_issue_validator.rb
+  - lib/open_food_network/orders_and_fulfillments_report.rb
   - lib/spree/core/controller_helpers/order_decorator.rb
   - lib/spree/core/controller_helpers/respond_with_decorator.rb
   - lib/spree/localized_number.rb
@@ -537,6 +595,7 @@ Metrics/PerceivedComplexity:
   - lib/discourse/single_sign_on.rb
   - lib/open_food_network/bulk_coop_report.rb
   - lib/open_food_network/enterprise_issue_validator.rb
+  - lib/open_food_network/orders_and_fulfillments_report.rb
   - lib/spree/core/controller_helpers/order_decorator.rb
   - lib/spree/core/controller_helpers/respond_with_decorator.rb
   - lib/spree/localized_number.rb
@@ -606,10 +665,12 @@ Metrics/MethodLength:
   - lib/open_food_network/order_cycle_management_report.rb
   - lib/open_food_network/order_cycle_permissions.rb
   - lib/open_food_network/order_grouper.rb
+  - lib/open_food_network/orders_and_fulfillments_report.rb
   - lib/open_food_network/packing_report.rb
   - lib/open_food_network/payments_report.rb
   - lib/open_food_network/permissions.rb
   - lib/open_food_network/products_and_inventory_report.rb
+  - lib/open_food_network/products_renderer.rb
   - lib/open_food_network/rack_request_blocker.rb
   - lib/open_food_network/reports/bulk_coop_allocation_report.rb
   - lib/open_food_network/reports/bulk_coop_supplier_report.rb
@@ -648,6 +709,7 @@ Metrics/ClassLength:
   - lib/open_food_network/order_cycle_form_applicator.rb
   - lib/open_food_network/order_cycle_management_report.rb
   - lib/open_food_network/order_cycle_permissions.rb
+  - lib/open_food_network/orders_and_fulfillments_report.rb
   - lib/open_food_network/packing_report.rb
   - lib/open_food_network/payments_report.rb
   - lib/open_food_network/permissions.rb
@@ -664,6 +726,7 @@ Metrics/ModuleLength:
   - spec/controllers/api/orders_controller_spec.rb
   - spec/controllers/spree/api/products_controller_spec.rb
   - spec/lib/open_food_network/address_finder_spec.rb
+  - spec/lib/open_food_network/cached_products_renderer_spec.rb
   - spec/lib/open_food_network/customers_report_spec.rb
   - spec/lib/open_food_network/enterprise_fee_calculator_spec.rb
   - spec/lib/open_food_network/option_value_namer_spec.rb

.rubocop_styleguide.yml

@@ -186,19 +186,7 @@ Metrics/AbcSize:
 
 Metrics/BlockLength:
   Max: 25
-  ExcludedMethods: [
-    "class_eval",
-    "collection",
-    "context",
-    "describe",
-    "feature",
-    "it",
-    "member",
-    "namespace",
-    "resource",
-    "resources",
-    "scenario"
-  ]
+  ExcludedMethods: ["class_eval", "collection", "context", "describe", "it", "member", "namespace", "resource", "resources"]
 
 Metrics/BlockNesting:
   Max: 3

.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --exclude-limit 1400`
-# on 2019-07-23 14:09:18 +0100 using RuboCop version 0.57.2.
+# on 2019-05-28 16:29:07 +0100 using RuboCop version 0.57.2.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -32,6 +32,15 @@ Layout/EndAlignment:
 Layout/IndentHash:
   EnforcedStyle: consistent
 
+# Offense count: 7
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, IndentationWidth.
+# SupportedStyles: aligned, indented, indented_relative_to_receiver
+Layout/MultilineMethodCallIndentation:
+  Exclude:
+    - 'app/models/spree/line_item_decorator.rb'
+    - 'app/models/spree/product_decorator.rb'
+
 # Offense count: 4
 Lint/AmbiguousOperator:
   Exclude:
@@ -46,7 +55,7 @@ Lint/DuplicateMethods:
     - 'lib/discourse/single_sign_on.rb'
     - 'lib/open_food_network/subscription_summary.rb'
 
-# Offense count: 8
+# Offense count: 15
 Lint/IneffectiveAccessModifier:
   Exclude:
     - 'app/models/column_preference.rb'
@@ -70,13 +79,7 @@ Lint/UnderscorePrefixedVariableName:
   Exclude:
     - 'spec/support/cancan_helper.rb'
 
-# Offense count: 1
-# Cop supports --auto-correct.
-Lint/UnneededCopDisableDirective:
-  Exclude:
-    - 'app/models/product_import/entry_validator.rb'
-
-# Offense count: 5
+# Offense count: 6
 # Configuration parameters: ContextCreatingMethods, MethodCreatingMethods.
 Lint/UselessAccessModifier:
   Exclude:
@@ -86,47 +89,28 @@ Lint/UselessAccessModifier:
     - 'lib/open_food_network/reports/bulk_coop_report.rb'
     - 'spec/lib/open_food_network/reports/report_spec.rb'
 
-# Offense count: 8
+# Offense count: 91
 # Configuration parameters: CheckForMethodsWithNoSideEffects.
 Lint/Void:
   Exclude:
     - 'app/serializers/api/enterprise_serializer.rb'
     - 'spec/features/admin/bulk_product_update_spec.rb'
+    - 'spec/features/admin/enterprise_groups_spec.rb'
+    - 'spec/features/admin/enterprises/index_spec.rb'
+    - 'spec/features/admin/enterprises_spec.rb'
+    - 'spec/features/admin/order_cycles_spec.rb'
+    - 'spec/features/admin/payment_method_spec.rb'
+    - 'spec/features/admin/products_spec.rb'
+    - 'spec/features/admin/variant_overrides_spec.rb'
+    - 'spec/features/admin/variants_spec.rb'
     - 'spec/features/consumer/shopping/checkout_spec.rb'
     - 'spec/features/consumer/shopping/shopping_spec.rb'
     - 'spec/features/consumer/shopping/variant_overrides_spec.rb'
 
-# Offense count: 15
-Metrics/AbcSize:
-  Max: 36
-
-# Offense count: 13
+# Offense count: 109
 # Configuration parameters: CountComments, ExcludedMethods.
 Metrics/BlockLength:
-  Max: 115
-
-# Offense count: 2
-# Configuration parameters: CountComments.
-Metrics/ClassLength:
-  Max: 169
-
-# Offense count: 1
-Metrics/CyclomaticComplexity:
-  Max: 8
-
-# Offense count: 8
-# Configuration parameters: CountComments.
-Metrics/MethodLength:
-  Max: 31
-
-# Offense count: 2
-# Configuration parameters: CountComments.
-Metrics/ModuleLength:
-  Max: 208
-
-# Offense count: 2
-Metrics/PerceivedComplexity:
-  Max: 11
+  Max: 774
 
 # Offense count: 7
 Naming/AccessorMethodName:
@@ -176,7 +160,7 @@ Naming/PredicateName:
     - 'lib/open_food_network/packing_report.rb'
     - 'lib/tasks/data.rake'
 
-# Offense count: 11
+# Offense count: 12
 # Configuration parameters: MinNameLength, AllowNamesEndingInNumbers, AllowedNames, ForbiddenNames.
 # AllowedNames: io, id, to, by, on, in, at
 Naming/UncommunicativeMethodParamName:
@@ -304,12 +288,13 @@ Style/CaseEquality:
     - 'app/helpers/angular_form_helper.rb'
     - 'spec/models/spree/payment_spec.rb'
 
-# Offense count: 78
+# Offense count: 79
 # Cop supports --auto-correct.
 # Configuration parameters: AutoCorrect, EnforcedStyle.
 # SupportedStyles: nested, compact
 Style/ClassAndModuleChildren:
   Exclude:
+    - 'app/controllers/spree/store_controller_decorator.rb'
     - 'app/helpers/angular_form_helper.rb'
     - 'app/models/calculator/flat_percent_per_item.rb'
     - 'app/models/spree/concerns/payment_method_distributors.rb'
@@ -394,27 +379,11 @@ Style/CommentedKeyword:
   Exclude:
     - 'app/controllers/application_controller.rb'
 
-# Offense count: 4
-# Cop supports --auto-correct.
-# Configuration parameters: EnforcedStyle, SingleLineConditionsOnly, IncludeTernaryExpressions.
-# SupportedStyles: assign_to_condition, assign_inside_condition
-Style/ConditionalAssignment:
-  Exclude:
-    - 'app/controllers/spree/api/products_controller.rb'
-    - 'app/controllers/spree/api/taxons_controller.rb'
-    - 'app/controllers/spree/api/variants_controller.rb'
-
 # Offense count: 2
 Style/DateTime:
   Exclude:
     - 'lib/open_food_network/users_and_enterprises_report.rb'
 
-# Offense count: 1
-# Cop supports --auto-correct.
-Style/EachWithObject:
-  Exclude:
-    - 'app/controllers/spree/api/base_controller.rb'
-
 # Offense count: 5
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: annotated, template, unannotated
@@ -424,7 +393,7 @@ Style/FormatStringToken:
     - 'lib/open_food_network/sales_tax_report.rb'
     - 'spec/models/enterprise_spec.rb'
 
-# Offense count: 68
+# Offense count: 69
 # Configuration parameters: MinBodyLength.
 Style/GuardClause:
   Exclude:
@@ -441,9 +410,7 @@ Style/GuardClause:
     - 'app/controllers/spree/admin/products_controller_decorator.rb'
     - 'app/controllers/spree/admin/resource_controller_decorator.rb'
     - 'app/controllers/spree/admin/variants_controller_decorator.rb'
-    - 'app/controllers/spree/api/base_controller.rb'
-    - 'app/controllers/spree/checkout_controller.rb'
-    - 'app/controllers/spree/orders_controller.rb'
+    - 'app/controllers/spree/orders_controller_decorator.rb'
     - 'app/controllers/spree/paypal_controller_decorator.rb'
     - 'app/jobs/products_cache_integrity_checker_job.rb'
     - 'app/models/enterprise.rb'
@@ -467,23 +434,12 @@ Style/GuardClause:
     - 'spec/support/request/distribution_helper.rb'
     - 'spec/support/request/shop_workflow.rb'
 
-# Offense count: 6
-# Cop supports --auto-correct.
-# Configuration parameters: EnforcedStyle, UseHashRocketsWithSymbolValues, PreferHashRocketsForNonAlnumEndingSymbols.
-# SupportedStyles: ruby19, hash_rockets, no_mixed_keys, ruby19_no_mixed_keys
-Style/HashSyntax:
-  Exclude:
-    - 'app/controllers/spree/api/base_controller.rb'
-    - 'app/controllers/spree/checkout_controller.rb'
-    - 'app/controllers/spree/orders_controller.rb'
-
-# Offense count: 4
+# Offense count: 3
 Style/IfInsideElse:
   Exclude:
     - 'app/controllers/admin/column_preferences_controller.rb'
     - 'app/controllers/admin/variant_overrides_controller.rb'
     - 'app/controllers/spree/admin/products_controller_decorator.rb'
-    - 'app/controllers/spree/api/taxons_controller.rb'
 
 # Offense count: 1
 Style/MissingRespondToMissing:
@@ -536,10 +492,9 @@ Style/RegexpLiteral:
     - 'spec/mailers/subscription_mailer_spec.rb'
     - 'spec/models/content_configuration_spec.rb'
 
-# Offense count: 244
+# Offense count: 243
 Style/Send:
   Exclude:
-    - 'app/controllers/spree/checkout_controller.rb'
     - 'app/models/spree/shipping_method_decorator.rb'
     - 'spec/controllers/admin/subscriptions_controller_spec.rb'
     - 'spec/controllers/checkout_controller_spec.rb'
@@ -586,9 +541,3 @@ Style/Send:
 Style/StructInheritance:
   Exclude:
     - 'lib/open_food_network/enterprise_fee_applicator.rb'
-
-# Offense count: 1
-# Cop supports --auto-correct.
-Style/UnlessElse:
-  Exclude:
-    - 'app/controllers/spree/api/variants_controller.rb'

.ruby-version

@@ -1 +1 @@
-2.2.10
+2.1.5

CONTRIBUTING.md

@@ -19,10 +19,6 @@ If you want to run the whole test suite, we recommend using a free CI service to
 
     bundle exec rspec spec
 
-## Which issue to pick first?
-
-We have curated all issues interesting for new members of the community within the [Welcome New Developers project board][welcome-dev]. Have a look and pick the one you would prefer working on!
-
 ## Internationalisation (i18n)
 
 The locale `en` is maintained in the source code, but other locales are managed at [Transifex][ofn-transifex]. Read more about [internationalisation][i18n] in the developer wiki.
@@ -66,4 +62,3 @@ From here, your pull request will progress through the [Review, Test, Merge & De
 [slack-dev]: https://openfoodnetwork.slack.com/messages/C2GQ45KNU
 [ofn-transifex]: https://www.transifex.com/open-food-foundation/open-food-network/
 [i18n]: https://github.com/openfoodfoundation/openfoodnetwork/wiki/i18n
-[welcome-dev]: https://github.com/openfoodfoundation/openfoodnetwork/projects/27

Dockerfile

@@ -6,7 +6,7 @@ RUN apt-get update && apt-get install -y curl git build-essential software-prope
 # Setup ENV variables
 ENV PATH /usr/local/src/rbenv/shims:/usr/local/src/rbenv/bin:$PATH
 ENV RBENV_ROOT /usr/local/src/rbenv
-ENV RUBY_VERSION 2.1.9
+ENV RUBY_VERSION 2.1.5
 ENV CONFIGURE_OPTS --disable-install-doc
 
 # Rbenv & Ruby part

GETTING_STARTED.md

@@ -11,7 +11,7 @@ The following guides are located in the wiki and provide more OS-specific step-b
 ### Dependencies
 
 * Rails 3.2.x
-* Ruby 2.1.9
+* Ruby 2.1.5
 * PostgreSQL database
 * PhantomJS (for testing)
 * See Gemfile for a list of gems required

Gemfile

@@ -1,9 +1,9 @@
 source 'https://rubygems.org'
-ruby "2.2.10"
+ruby "2.1.5"
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" }
 
 gem 'i18n', '~> 0.6.11'
-gem 'i18n-js', '~> 3.4.1'
+gem 'i18n-js', '~> 3.3.0'
 gem 'rails', '~> 3.2.22'
 gem 'rails-i18n', '~> 3.0.0'
 gem 'rails_safe_tasks', '~> 1.0'
@@ -15,12 +15,12 @@ gem 'nokogiri', '>= 1.6.7.1'
 gem "order_management", path: "./engines/order_management"
 gem 'web', path: './engines/web'
 
-gem 'activerecord-postgresql-adapter'
-gem 'pg', '~> 0.21.0'
+gem 'pg'
 
 # OFN-maintained and patched version of Spree v2.0.4. See
 # https://github.com/openfoodfoundation/openfoodnetwork/wiki/Spree-2.0-upgrade
 # for details.
+gem 'spree_api', github: 'openfoodfoundation/spree', branch: '2-0-4-stable'
 gem 'spree_backend', github: 'openfoodfoundation/spree', branch: '2-0-4-stable'
 gem 'spree_core', github: 'openfoodfoundation/spree', branch: '2-0-4-stable'
 
@@ -39,7 +39,7 @@ gem 'activemerchant', '~> 1.78'
 gem 'devise', '~> 2.2.5'
 gem 'devise-encryptable', '0.2.0'
 gem 'jwt', '~> 2.2'
-gem 'oauth2', '~> 1.4.2' # Used for Stripe Connect
+gem 'oauth2', '~> 1.4.1' # Used for Stripe Connect
 
 gem 'daemons'
 gem 'delayed_job_active_record'
@@ -49,10 +49,6 @@ gem 'delayed_job_web'
 # When merged, revert to upstream gem
 gem 'simple_form', github: 'RohanM/simple_form'
 
-# Spree's default pagination gem (locked to the current version used by Spree)
-# We use it's methods in OFN code as well, so this is a direct dependency
-gem 'kaminari', '~> 0.14.1'
-
 gem 'andand'
 gem 'angularjs-rails', '1.5.5'
 gem 'aws-sdk'
@@ -85,6 +81,7 @@ gem 'paperclip', '~> 3.4.1'
 gem 'rack-rewrite'
 gem 'rack-ssl', require: 'rack/ssl'
 gem 'roadie-rails', '~> 1.1.1'
+gem 'skylight', '< 2.0'
 gem 'spinjs-rails'
 
 gem 'combine_pdf'
@@ -98,18 +95,13 @@ gem 'roo-xls', '~> 1.1.0'
 
 gem 'whenever', require: false
 
-gem 'test-unit', '~> 3.0'
-
 # Gems used only for assets and not required
 # in production environments by default.
 group :assets do
   gem 'coffee-rails', '~> 3.2.1'
   gem 'compass-rails'
 
-  gem 'mini_racer', '0.1.15'
-  # Previously we found that libv8 6.7.288.46.1 breakis the compilation of mini_racer.
-  # Now we see that we need to set the version explicitly. Nothing else depends on libv8.
-  gem 'libv8', '6.3.292.48.1'
+  gem 'therubyracer', '=0.12.0'
 
   gem 'uglifier', '>= 1.0.3'
 
@@ -138,7 +130,7 @@ group :test, :development do
   gem 'capybara', '>= 2.15.4'
   gem 'database_cleaner', '0.7.1', require: false
   gem "factory_bot_rails", require: false
-  gem 'fuubar', '~> 2.5.0'
+  gem 'fuubar', '~> 2.4.1'
   gem 'json_spec', '~> 1.1.4'
   gem 'knapsack'
   gem 'letter_opener', '>= 1.4.1'
@@ -161,6 +153,10 @@ end
 group :development do
   gem 'byebug', '~> 9.0.0' # 9.1 requires ruby 2.2
   gem 'debugger-linecache'
+  gem 'guard'
+  gem 'guard-livereload'
+  gem 'guard-rails'
+  gem 'guard-rspec', '~> 4.7.3'
   gem 'listen', '3.0.8' # 3.1.0 requires ruby 2.2
   gem "newrelic_rpm", "~> 3.0"
   gem 'pry-byebug', '>= 3.4.3'

Gemfile.lock

@@ -129,10 +129,8 @@ GEM
       activesupport (= 3.2.22.5)
       arel (~> 3.0.2)
       tzinfo (~> 0.3.29)
-    activerecord-import (1.0.3)
+    activerecord-import (1.0.2)
       activerecord (>= 3.2)
-    activerecord-postgresql-adapter (0.0.1)
-      pg
     activeresource (3.2.22.5)
       activemodel (= 3.2.22.5)
       activesupport (= 3.2.22.5)
@@ -143,8 +141,8 @@ GEM
       activerecord (>= 3.2, < 5)
     acts_as_list (0.2.0)
       activerecord (>= 3.0)
-    addressable (2.7.0)
-      public_suffix (>= 2.0.2, < 5.0)
+    addressable (2.6.0)
+      public_suffix (>= 2.0.2, < 4.0)
     andand (1.3.3)
     angular-rails-templates (0.3.0)
       railties (>= 3.1)
@@ -166,7 +164,7 @@ GEM
     bcrypt-ruby (3.1.5)
       bcrypt (>= 3.1.3)
     blockenspiel (0.5.0)
-    bugsnag (6.12.2)
+    bugsnag (6.11.1)
       concurrent-ruby (~> 1.0)
     builder (3.0.4)
     byebug (9.0.6)
@@ -212,7 +210,7 @@ GEM
       compass (~> 1.0.0)
       sass-rails (< 5.1)
       sprockets (< 4.0)
-    concurrent-ruby (1.1.5)
+    concurrent-ruby (1.1.4)
     connection_pool (2.2.2)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
@@ -225,7 +223,7 @@ GEM
       activerecord (>= 3.2.0, < 5.0)
       fog (~> 1.0)
       rails (>= 3.2.0, < 5.0)
-    ddtrace (0.28.0)
+    ddtrace (0.26.0)
       msgpack
     debugger-linecache (1.2.0)
     deface (1.0.2)
@@ -233,10 +231,10 @@ GEM
       nokogiri (~> 1.6.0)
       polyglot
       rails (>= 3.1)
-    delayed_job (4.1.8)
-      activesupport (>= 3.0, < 6.1)
-    delayed_job_active_record (4.1.4)
-      activerecord (>= 3.0, < 6.1)
+    delayed_job (4.1.5)
+      activesupport (>= 3.0, < 5.3)
+    delayed_job_active_record (4.1.3)
+      activerecord (>= 3.0, < 5.3)
       delayed_job (>= 3.0, < 5)
     delayed_job_web (1.4.3)
       activerecord (> 3.0.0)
@@ -254,6 +252,9 @@ GEM
     diffy (3.3.0)
     docile (1.3.2)
     dry-inflector (0.1.2)
+    em-websocket (0.5.1)
+      eventmachine (>= 0.12.9)
+      http_parser.rb (~> 0.6.0)
     erubis (2.7.0)
     eventmachine (1.2.7)
     excon (0.62.0)
@@ -426,20 +427,43 @@ GEM
     foundation-rails (5.5.2.1)
       railties (>= 3.1.0)
       sass (>= 3.3.0, < 3.5)
-    fuubar (2.5.0)
+    fuubar (2.4.1)
       rspec-core (~> 3.0)
       ruby-progressbar (~> 1.4)
     geocoder (1.1.8)
     gmaps4rails (1.5.6)
+    guard (2.15.0)
+      formatador (>= 0.2.4)
+      listen (>= 2.7, < 4.0)
+      lumberjack (>= 1.0.12, < 2.0)
+      nenv (~> 0.1)
+      notiffany (~> 0.0)
+      pry (>= 0.9.12)
+      shellany (~> 0.0)
+      thor (>= 0.18.1)
+    guard-compat (1.2.1)
+    guard-livereload (2.5.2)
+      em-websocket (~> 0.5)
+      guard (~> 2.8)
+      guard-compat (~> 1.0)
+      multi_json (~> 1.8)
+    guard-rails (0.7.2)
+      guard (~> 2.11)
+      guard-compat (~> 1.0)
+    guard-rspec (4.7.3)
+      guard (~> 2.1)
+      guard-compat (~> 1.1)
+      rspec (>= 2.99.0, < 4.0)
     haml (4.0.7)
       tilt
     hashdiff (1.0.0)
     highline (1.6.18)
     hike (1.2.3)
+    http_parser.rb (0.6.0)
     httparty (0.16.2)
       multi_xml (>= 0.5.2)
     i18n (0.6.11)
-    i18n-js (3.4.1)
+    i18n-js (3.3.0)
       i18n (>= 0.6.6)
     immigrant (0.3.6)
       activerecord (>= 3.0)
@@ -461,16 +485,17 @@ GEM
       actionpack (>= 3.0.0)
       activesupport (>= 3.0.0)
     kgio (2.11.2)
-    knapsack (1.18.0)
+    knapsack (1.17.2)
       rake
     launchy (2.4.3)
       addressable (~> 2.3)
     letter_opener (1.7.0)
       launchy (~> 2.2)
-    libv8 (6.3.292.48.1)
+    libv8 (3.16.14.19)
     listen (3.0.8)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
+    lumberjack (1.0.13)
     mail (2.5.5)
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
@@ -478,8 +503,6 @@ GEM
     mime-types (1.25.1)
     mini_mime (1.0.1)
     mini_portile2 (2.1.0)
-    mini_racer (0.1.15)
-      libv8 (~> 6.3)
     momentjs-rails (2.20.1)
       railties (>= 3.1)
     money (5.1.1)
@@ -488,13 +511,17 @@ GEM
     multi_json (1.13.1)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
+    nenv (0.3.0)
     net-http-persistent (3.1.0)
       connection_pool (~> 2.2)
     newrelic_rpm (3.18.1.330)
     nokogiri (1.6.8.1)
       mini_portile2 (~> 2.1.0)
-    oauth2 (1.4.2)
-      faraday (>= 0.8, < 2.0)
+    notiffany (0.1.1)
+      nenv (~> 0.1)
+      shellany (~> 0.0)
+    oauth2 (1.4.1)
+      faraday (>= 0.8, < 0.16.0)
       jwt (>= 1.0, < 3.0)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
@@ -524,7 +551,6 @@ GEM
     polyamorous (0.5.0)
       activerecord (~> 3.0)
     polyglot (0.3.5)
-    power_assert (1.1.5)
     powerpack (0.1.1)
     pry (0.12.2)
       coderay (~> 1.1.0)
@@ -584,6 +610,7 @@ GEM
     rdoc (3.12.2)
       json (~> 1.4)
     redcarpet (3.5.0)
+    ref (2.0.0)
     request_store (1.4.1)
       rack (>= 1.4)
     roadie (3.4.0)
@@ -599,29 +626,29 @@ GEM
       nokogiri
       roo (>= 2.0.0beta1, < 3)
       spreadsheet (> 0.9.0)
-    rspec (3.9.0)
-      rspec-core (~> 3.9.0)
-      rspec-expectations (~> 3.9.0)
-      rspec-mocks (~> 3.9.0)
-    rspec-core (3.9.0)
-      rspec-support (~> 3.9.0)
-    rspec-expectations (3.9.0)
+    rspec (3.8.0)
+      rspec-core (~> 3.8.0)
+      rspec-expectations (~> 3.8.0)
+      rspec-mocks (~> 3.8.0)
+    rspec-core (3.8.0)
+      rspec-support (~> 3.8.0)
+    rspec-expectations (3.8.2)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-mocks (3.9.0)
+      rspec-support (~> 3.8.0)
+    rspec-mocks (3.8.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-rails (3.9.0)
+      rspec-support (~> 3.8.0)
+    rspec-rails (3.8.2)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
       railties (>= 3.0)
-      rspec-core (~> 3.9.0)
-      rspec-expectations (~> 3.9.0)
-      rspec-mocks (~> 3.9.0)
-      rspec-support (~> 3.9.0)
+      rspec-core (~> 3.8.0)
+      rspec-expectations (~> 3.8.0)
+      rspec-mocks (~> 3.8.0)
+      rspec-support (~> 3.8.0)
     rspec-retry (0.6.1)
       rspec-core (> 3.3)
-    rspec-support (3.9.0)
+    rspec-support (3.8.0)
     rubocop (0.57.2)
       jaro_winkler (~> 1.5.1)
       parallel (~> 1.10)
@@ -633,7 +660,7 @@ GEM
     ruby-ole (1.2.12.1)
     ruby-progressbar (1.10.1)
     ruby-rc4 (0.1.5)
-    rubyzip (1.3.0)
+    rubyzip (1.2.2)
     safe_yaml (1.0.5)
     sass (3.3.14)
     sass-rails (3.2.6)
@@ -646,9 +673,10 @@ GEM
     selenium-webdriver (3.141.0)
       childprocess (~> 0.5)
       rubyzip (~> 1.2, >= 1.2.2)
+    shellany (0.0.1)
     shoulda-matchers (2.8.0)
       activesupport (>= 3.0.0)
-    simplecov (0.17.1)
+    simplecov (0.17.0)
       docile (~> 1.1)
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
@@ -657,6 +685,8 @@ GEM
       rack (~> 1.4)
       rack-protection (~> 1.4)
       tilt (>= 1.3, < 3)
+    skylight (1.7.2)
+      activesupport (>= 3.0.0)
     spinjs-rails (1.4)
       rails (>= 3.1)
     spreadsheet (1.1.7)
@@ -674,8 +704,9 @@ GEM
     stripe (4.24.0)
       faraday (~> 0.13)
       net-http-persistent (~> 3.0)
-    test-unit (3.3.3)
-      power_assert
+    therubyracer (0.12.0)
+      libv8 (~> 3.16.14.0)
+      ref
     thor (0.20.3)
     tilt (1.4.1)
     timecop (0.9.1)
@@ -688,7 +719,7 @@ GEM
       railties (> 3.2.8, < 4.0.0)
       sprockets (>= 2.2.0)
     tzinfo (0.3.55)
-    uglifier (4.2.0)
+    uglifier (4.1.20)
       execjs (>= 0.3.0, < 3)
     unicode-display_width (1.3.2)
     unicorn (5.5.1)
@@ -708,7 +739,7 @@ GEM
       nokogiri (~> 1.6)
       rubyzip (~> 1.0)
       selenium-webdriver (~> 3.0)
-    webmock (3.7.6)
+    webmock (3.6.2)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
@@ -727,7 +758,6 @@ DEPENDENCIES
   active_model_serializers (= 0.8.4)
   activemerchant (~> 1.78)
   activerecord-import
-  activerecord-postgresql-adapter
   acts-as-taggable-on (~> 3.4)
   andand
   angular-rails-templates (~> 0.3.0)
@@ -763,33 +793,34 @@ DEPENDENCIES
   foundation-icons-sass-rails
   foundation-rails
   foundation_rails_helper!
-  fuubar (~> 2.5.0)
+  fuubar (~> 2.4.1)
   geocoder
   gmaps4rails
+  guard
+  guard-livereload
+  guard-rails
+  guard-rspec (~> 4.7.3)
   haml
   i18n (~> 0.6.11)
-  i18n-js (~> 3.4.1)
+  i18n-js (~> 3.3.0)
   immigrant
   jquery-migrate-rails
   jquery-rails (= 3.0.4)
   json_spec (~> 1.1.4)
   jwt (~> 2.2)
-  kaminari (~> 0.14.1)
   knapsack
   letter_opener (>= 1.4.1)
-  libv8 (= 6.3.292.48.1)
   listen (= 3.0.8)
-  mini_racer (= 0.1.15)
   momentjs-rails
   newrelic_rpm (~> 3.0)
   nokogiri (>= 1.6.7.1)
-  oauth2 (~> 1.4.2)
+  oauth2 (~> 1.4.1)
   ofn-qz!
   oj
   order_management!
   paper_trail (~> 5.2.3)
   paperclip (~> 3.4.1)
-  pg (~> 0.21.0)
+  pg
   pry-byebug (>= 3.4.3)
   rabl
   rack-mini-profiler (< 1.0.0)
@@ -811,7 +842,9 @@ DEPENDENCIES
   shoulda-matchers
   simple_form!
   simplecov
+  skylight (< 2.0)
   spinjs-rails
+  spree_api!
   spree_backend!
   spree_core!
   spree_i18n!
@@ -819,7 +852,7 @@ DEPENDENCIES
   spring (= 1.7.2)
   spring-commands-rspec
   stripe
-  test-unit (~> 3.0)
+  therubyracer (= 0.12.0)
   timecop
   truncate_html
   turbo-sprockets-rails3
@@ -834,7 +867,7 @@ DEPENDENCIES
   wkhtmltopdf-binary
 
 RUBY VERSION
-   ruby 2.2.10p489
+   ruby 2.1.5p273
 
 BUNDLED WITH
    1.17.2

Guardfile

@@ -0,0 +1,11 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+guard 'livereload' do
+  watch(%r{app/views/.+\.(erb|haml|slim)$})
+  watch(%r{app/helpers/.+\.rb})
+  watch(%r{public/.+\.(css|js|html)})
+
+  # Rails Assets Pipeline
+  watch(%r{(app|vendor)(/assets/\w+/(.+\.(css|js|html|png|jpg))).*}) { |m| "/assets/#{m[3]}" }
+end

README.md

@@ -1,22 +1,23 @@
 [![Build Status](https://semaphoreci.com/api/v1/openfoodfoundation/openfoodnetwork-2/branches/master/badge.svg)](https://semaphoreci.com/openfoodfoundation/openfoodnetwork-2)
 [![Code Climate](https://codeclimate.com/github/openfoodfoundation/openfoodnetwork.png)](https://codeclimate.com/github/openfoodfoundation/openfoodnetwork)
+[![View performance data on Skylight](https://badges.skylight.io/status/EiXQ6sSKij8y.svg)](https://oss.skylight.io/app/applications/EiXQ6sSKij8y)
 
 # Open Food Network
 
-The Open Food Network is an online marketplace for local food. It enables a network of independent online food stores that connects farmers and food hubs (including co-ops, online farmers markets, independent food businesses, etc) with individuals and local businesses. It gives farmers and food hubs an easier and fairer way to distribute their food.
+The Open Food Network is an online marketplace for local food. It enables a network of independent online food stores that connect farmers and food hubs (including coops, online farmers' markets, independent food businesses etc);  with individuals and local businesses. It gives farmers and food hubs an easier and fairer way to distribute their food.
 
 Supported by the Open Food Foundation and a network of global affiliates, we are proudly open source and not-for-profit - we're trying to seriously disrupt the concentration of power in global agri-food systems, and we need as many smart people working together on this as possible.
 
 We're part of global movement - get involved!
 
-* Join the conversation [on Slack][slack-invite]. Make sure you introduce yourself in the #general channel.
+* Join the conversation [on Slack][slack-invite]. Make sure you introduce yourself in the #general channel
 * Head to [https://openfoodnetwork.org](https://openfoodnetwork.org) for more information about the global OFN project.
 * Check out the [User Guide](https://guide.openfoodnetwork.org/) for a list of features and tutorials.
 * Join our [discussion forum](https://community.openfoodnetwork.org).
 
 ## Contributing
 
-If you are interested in contributing to the OFN in any capacity, please introduce yourself [on Slack][slack-invite], and have a look through our [Contributor Guide][contributor-guide].
+If you are interested in contributing to the OFN in any capacity, please introducing yourself [on Slack][slack-invite], and have a look through our [Contributor Guide][contributor-guide]
 
 Our [GETTING_STARTED](GETTING_STARTED.md) and [CONTRIBUTING](CONTRIBUTING.md) guides are the best place to start for developers looking to set up a development environment and make contributions to the codebase.
 
@@ -35,7 +36,7 @@ We use [BrowserStack](https://www.browserstack.com/) as a manual testing tool. B
 Copyright (c) 2012 - 2019 Open Food Foundation, released under the AGPL licence.
 
 [survey]: https://docs.google.com/a/eaterprises.com.au/forms/d/1zxR5vSiU9CigJ9cEaC8-eJLgYid8CR8er7PPH9Mc-30/edit#
-[slack-invite]: https://join.slack.com/t/openfoodnetwork/shared_invite/enQtNzY3NDEwNzM2MDM0LWFmNGRhNDUwYzNmNWNkYmFkMzgxNDg1OTg1ODNjNWY4Y2FhNDIwNmE4ZWI0OThiMGNmZjFkODczNGZiYTJmNWI
+[slack-invite]: https://openfoodnetwork.org/slack-invite
 [contributor-guide]: https://ofn-user-guide.gitbook.io/ofn-contributor-guide/who-are-we
 [ofn-install]: https://github.com/openfoodfoundation/ofn-install
 [super-admin-guide]: https://ofn-user-guide.gitbook.io/ofn-super-admin-guide

app/assets/javascripts/admin/bulk_product_update.js.coffee

@@ -1,288 +1,267 @@
-angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout, $filter, $http, $window, BulkProducts, DisplayProperties, DirtyProducts, VariantUnitManager, StatusMessage, producers, Taxons, Columns, tax_categories, RequestMonitor) ->
-  $scope.StatusMessage = StatusMessage
+angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout, $http, $window, BulkProducts, DisplayProperties, dataFetcher, DirtyProducts, VariantUnitManager, StatusMessage, producers, Taxons, SpreeApiAuth, Columns, tax_categories) ->
+    $scope.loading = true
+    $scope.loadingAllPages = true
 
-  $scope.columns = Columns.columns
+    $scope.StatusMessage = StatusMessage
 
-  $scope.variant_unit_options = VariantUnitManager.variantUnitOptions()
+    $scope.columns = Columns.columns
 
-  $scope.RequestMonitor = RequestMonitor
-  $scope.pagination = BulkProducts.pagination
-  $scope.per_page_options = [
-    {id: 15, name: t('js.admin.orders.index.per_page', results: 15)},
-    {id: 50, name: t('js.admin.orders.index.per_page', results: 50)},
-    {id: 100, name: t('js.admin.orders.index.per_page', results: 100)}
-  ]
+    $scope.variant_unit_options = VariantUnitManager.variantUnitOptions()
 
-  $scope.filterableColumns = [
-    { name: t("label_producers"),       db_column: "producer_name" },
-    { name: t("name"),           db_column: "name" }
-  ]
+    $scope.filterableColumns = [
+      { name: t("label_producers"),       db_column: "producer_name" },
+      { name: t("name"),           db_column: "name" }
+    ]
 
-  $scope.filterTypes = [
-    { name: t("equals"),         predicate: "eq" },
-    { name: t("contains"),       predicate: "cont" }
-  ]
+    $scope.filterTypes = [
+      { name: t("equals"),         predicate: "eq" },
+      { name: t("contains"),       predicate: "cont" }
+    ]
 
-  $scope.optionTabs =
-    filters:        { title: t("filter_products"),   visible: false }
-
-  $scope.producers = producers
-  $scope.taxons = Taxons.all
-  $scope.tax_categories = tax_categories
-  $scope.producerFilter = ""
-  $scope.categoryFilter = ""
-  $scope.importDateFilter = ""
-  $scope.page = 1
-  $scope.per_page = 15
-  $scope.products = BulkProducts.products
-  $scope.query = ""
-  $scope.DisplayProperties = DisplayProperties
-
-  $scope.initialise = ->
-    $scope.fetchProducts()
-
-  $scope.$watchCollection '[query, producerFilter, categoryFilter, importDateFilter, per_page]', ->
-    $scope.page = 1 # Reset page when changing filters for new search
-
-  $scope.changePage = (newPage) ->
-    $scope.page = newPage
-    $scope.fetchProducts()
-
-  $scope.fetchProducts = ->
-    removeClearedValues()
-    params = {
-      'q[name_cont]': $scope.query,
-      'q[supplier_id_eq]': $scope.producerFilter,
-      'q[primary_taxon_id_eq]': $scope.categoryFilter,
-      import_date: $scope.importDateFilter,
-      page: $scope.page,
-      per_page: $scope.per_page
-    }
-    RequestMonitor.load(BulkProducts.fetch(params).$promise).then ->
-      $scope.resetProducts()
-
-  removeClearedValues = ->
-    delete $scope.producerFilter if $scope.producerFilter == "0"
-    delete $scope.categoryFilter if $scope.categoryFilter == "0"
-    delete $scope.importDateFilter if $scope.importDateFilter == "0"
-
-  $timeout ->
-    if $scope.showLatestImport
-      $scope.importDateFilter = $scope.importDates[1].id
-
-  $scope.resetProducts = ->
-    DirtyProducts.clear()
-    StatusMessage.clear()
-
-  $scope.updateOnHand = (product) ->
-    on_demand_variants = []
-    if product.variants
-      on_demand_variants = (variant for id, variant of product.variants when variant.on_demand)
-
-    unless product.on_demand || on_demand_variants.length > 0
-      product.on_hand = $scope.onHand(product)
+    $scope.optionTabs =
+      filters:        { title: t("filter_products"),   visible: false }
 
 
-  $scope.onHand = (product) ->
-    onHand = 0
-    if product.hasOwnProperty("variants") and product.variants instanceof Object
-      for id, variant of product.variants
-        onHand = onHand + parseInt(if variant.on_hand > 0 then variant.on_hand else 0)
-    else
-      onHand = "error"
-    onHand
-
-  $scope.shiftTab = (tab) ->
-    $scope.visibleTab.visible = false unless $scope.visibleTab == tab || $scope.visibleTab == undefined
-    tab.visible = !tab.visible
-    $scope.visibleTab = tab
-
-  $scope.resetSelectFilters = ->
-    $scope.query = ""
+    $scope.producers = producers
+    $scope.taxons = Taxons.all
+    $scope.tax_categories = tax_categories
+    $scope.filterProducers = [{id: "0", name: ""}].concat $scope.producers
+    $scope.filterTaxons = [{id: "0", name: ""}].concat $scope.taxons
     $scope.producerFilter = "0"
     $scope.categoryFilter = "0"
     $scope.importDateFilter = "0"
+    $scope.products = BulkProducts.products
+    $scope.filteredProducts = []
+    $scope.currentFilters = []
+    $scope.limit = 15
+    $scope.query = ""
+    $scope.DisplayProperties = DisplayProperties
 
-  confirm_unsaved_changes = () ->
-    (DirtyProducts.count() > 0 and confirm(t("unsaved_changes_confirmation"))) or (DirtyProducts.count() == 0)
-  
-  editProductUrl = (product, variant) ->
-    "/admin/products/" + product.permalink_live + ((if variant then "/variants/" + variant.id else "")) + "/edit"
+    $scope.initialise = ->
+      SpreeApiAuth.authorise()
+      .then ->
+        $scope.spree_api_key_ok = true
+        $scope.fetchProducts()
+      .catch (message) ->
+        $scope.api_error_msg = message
 
-  $scope.editWarn = (product, variant) ->
-    if confirm_unsaved_changes()
-      window.open(editProductUrl(product, variant), "_blank")
+    $scope.$watchCollection '[query, producerFilter, categoryFilter, importDateFilter]', ->
+      $scope.limit = 15 # Reset limit whenever searching
 
+    $scope.fetchProducts = ->
+      $scope.loading = true
+      $scope.loadingAllPages = true
+      BulkProducts.fetch($scope.currentFilters, ->
+        $scope.loadingAllPages = false
+      ).then ->
+        $scope.resetProducts()
+        $scope.loading = false
 
-  $scope.toggleShowAllVariants = ->
-    showVariants = !DisplayProperties.showVariants 0
-    $scope.products.forEach (product) ->
-      DisplayProperties.setShowVariants product.id, showVariants
-    DisplayProperties.setShowVariants 0, showVariants
+    $timeout ->
+      if $scope.showLatestImport
+        $scope.importDateFilter = $scope.importDates[1].id
 
-  $scope.addVariant = (product) ->
-    product.variants.push
-      id: $scope.nextVariantId()
-      unit_value: null
-      unit_description: null
-      on_demand: false
-      display_as: null
-      display_name: null
-      on_hand: null
-      price: null
-    DisplayProperties.setShowVariants product.id, true
-
-
-  $scope.nextVariantId = ->
-    $scope.variantIdCounter = 0 unless $scope.variantIdCounter?
-    $scope.variantIdCounter -= 1
-    $scope.variantIdCounter
-
-  $scope.deleteProduct = (product) ->
-    if confirm("Are you sure?")
-      $http(
-        method: "DELETE"
-        url: "/api/products/" + product.id + "/soft_delete"
-      ).success (data) ->
-        $scope.products.splice $scope.products.indexOf(product), 1
-        DirtyProducts.deleteProduct product.id
-        $scope.displayDirtyProducts()
-
-
-  $scope.deleteVariant = (product, variant) ->
-    if product.variants.length > 1
-      if !$scope.variantSaved(variant)
-        $scope.removeVariant(product, variant)
-      else
-        if confirm(t("are_you_sure"))
-          $http(
-            method: "DELETE"
-            url: "/api/products/" + product.permalink_live + "/variants/" + variant.id + "/soft_delete"
-          ).success (data) ->
-            $scope.removeVariant(product, variant)
-    else
-      alert(t("delete_product_variant"))
-
-  $scope.removeVariant = (product, variant) ->
-    product.variants.splice product.variants.indexOf(variant), 1
-    DirtyProducts.deleteVariant product.id, variant.id
-    $scope.displayDirtyProducts()
-
-
-  $scope.cloneProduct = (product) ->
-    BulkProducts.cloneProduct product
-
-  $scope.hasVariants = (product) ->
-    product.variants.length > 0
-
-
-  $scope.hasUnit = (product) ->
-    product.variant_unit_with_scale?
-
-
-  $scope.variantSaved = (variant) ->
-    variant.hasOwnProperty('id') && variant.id > 0
-
-
-  $scope.hasOnDemandVariants = (product) ->
-    (variant for id, variant of product.variants when variant.on_demand).length > 0
-
-
-  $scope.submitProducts = ->
-    # Pack pack $scope.products, so they will match the list returned from the server,
-    # then pack $scope.dirtyProducts, ensuring that the correct product info is sent to the server.
-    $scope.packProduct product for id, product of $scope.products
-    $scope.packProduct product for id, product of DirtyProducts.all()
-
-    productsToSubmit = filterSubmitProducts(DirtyProducts.all())
-    if productsToSubmit.length > 0
-      $scope.updateProducts productsToSubmit # Don't submit an empty list
-    else
-      StatusMessage.display 'alert', t("products_change")
-
-
-  $scope.updateProducts = (productsToSubmit) ->
-    $scope.displayUpdating()
-    $http(
-      method: "POST"
-      url: "/admin/products/bulk_update"
-      data:
-        products: productsToSubmit
-        filters:
-          'q[name_cont]': $scope.query
-          'q[supplier_id_eq]': $scope.producerFilter
-          'q[primary_taxon_id_eq]': $scope.categoryFilter
-          import_date: $scope.importDateFilter
-        page: $scope.page
-        per_page: $scope.per_page
-    ).success((data) ->
+    $scope.resetProducts = ->
       DirtyProducts.clear()
-      BulkProducts.updateVariantLists(data.products || [])
-      $timeout -> $scope.displaySuccess()
-    ).error (data, status) ->
-      if status == 400 && data.errors? && data.errors.length > 0
-        errors = error + "\n" for error in data.errors
-        alert t("products_update_error") + "\n" + errors
-        $scope.displayFailure t("products_update_error")
+      StatusMessage.clear()
+
+    $scope.updateOnHand = (product) ->
+      on_demand_variants = []
+      if product.variants
+        on_demand_variants = (variant for id, variant of product.variants when variant.on_demand)
+
+      unless product.on_demand || on_demand_variants.length > 0
+        product.on_hand = $scope.onHand(product)
+
+
+    $scope.onHand = (product) ->
+      onHand = 0
+      if product.hasOwnProperty("variants") and product.variants instanceof Object
+        for id, variant of product.variants
+          onHand = onHand + parseInt(if variant.on_hand > 0 then variant.on_hand else 0)
       else
-        $scope.displayFailure t("products_update_error_data") + status
+        onHand = "error"
+      onHand
 
-  $scope.cancel = (destination) ->
-    $window.location = destination
+    $scope.shiftTab = (tab) ->
+      $scope.visibleTab.visible = false unless $scope.visibleTab == tab || $scope.visibleTab == undefined
+      tab.visible = !tab.visible
+      $scope.visibleTab = tab
 
-  $scope.packProduct = (product) ->
-    if product.variant_unit_with_scale
-      match = product.variant_unit_with_scale.match(/^([^_]+)_([\d\.]+)$/)
-      if match
-        product.variant_unit = match[1]
-        product.variant_unit_scale = parseFloat(match[2])
+    $scope.resetSelectFilters = ->
+      $scope.query = ""
+      $scope.producerFilter = "0"
+      $scope.categoryFilter = "0"
+      $scope.importDateFilter = "0"
+
+    $scope.editWarn = (product, variant) ->
+      if (DirtyProducts.count() > 0 and confirm(t("unsaved_changes_confirmation"))) or (DirtyProducts.count() == 0)
+        window.location = "/admin/products/" + product.permalink_live + ((if variant then "/variants/" + variant.id else "")) + "/edit"
+
+
+    $scope.toggleShowAllVariants = ->
+      showVariants = !DisplayProperties.showVariants 0
+      $scope.filteredProducts.forEach (product) ->
+        DisplayProperties.setShowVariants product.id, showVariants
+      DisplayProperties.setShowVariants 0, showVariants
+
+    $scope.addVariant = (product) ->
+      product.variants.push
+        id: $scope.nextVariantId()
+        unit_value: null
+        unit_description: null
+        on_demand: false
+        display_as: null
+        display_name: null
+        on_hand: null
+        price: null
+      DisplayProperties.setShowVariants product.id, true
+
+
+    $scope.nextVariantId = ->
+      $scope.variantIdCounter = 0 unless $scope.variantIdCounter?
+      $scope.variantIdCounter -= 1
+      $scope.variantIdCounter
+
+    $scope.deleteProduct = (product) ->
+      if confirm("Are you sure?")
+        $http(
+          method: "DELETE"
+          url: "/api/products/" + product.id + "/soft_delete"
+        ).success (data) ->
+          $scope.products.splice $scope.products.indexOf(product), 1
+          DirtyProducts.deleteProduct product.id
+          $scope.displayDirtyProducts()
+
+
+    $scope.deleteVariant = (product, variant) ->
+      if product.variants.length > 1
+        if !$scope.variantSaved(variant)
+          $scope.removeVariant(product, variant)
+        else
+          if confirm(t("are_you_sure"))
+            $http(
+              method: "DELETE"
+              url: "/api/products/" + product.permalink_live + "/variants/" + variant.id + "/soft_delete"
+            ).success (data) ->
+              $scope.removeVariant(product, variant)
       else
-        product.variant_unit = product.variant_unit_with_scale
-        product.variant_unit_scale = null
-    else
-      product.variant_unit = product.variant_unit_scale = null
+        alert(t("delete_product_variant"))
 
-    $scope.packVariant product, product.master if product.master
-
-    if product.variants
-      for id, variant of product.variants
-        $scope.packVariant product, variant
+    $scope.removeVariant = (product, variant) ->
+      product.variants.splice product.variants.indexOf(variant), 1
+      DirtyProducts.deleteVariant product.id, variant.id
+      $scope.displayDirtyProducts()
 
 
-  $scope.packVariant = (product, variant) ->
-    if variant.hasOwnProperty("unit_value_with_description")
-      match = variant.unit_value_with_description.match(/^([\d\.]+(?= |$)|)( |)(.*)$/)
-      if match
-        product = BulkProducts.find product.id
-        variant.unit_value  = parseFloat(match[1])
-        variant.unit_value  = null if isNaN(variant.unit_value)
-        variant.unit_value *= product.variant_unit_scale if variant.unit_value && product.variant_unit_scale
-        variant.unit_description = match[3]
+    $scope.cloneProduct = (product) ->
+      BulkProducts.cloneProduct product
 
-  $scope.incrementLimit = ->
-    if $scope.limit < $scope.products.length
-      $scope.limit = $scope.limit + 5
+    $scope.hasVariants = (product) ->
+      product.variants.length > 0
 
 
-  $scope.displayUpdating = ->
-    StatusMessage.display 'progress', t("saving")
+    $scope.hasUnit = (product) ->
+      product.variant_unit_with_scale?
 
 
-  $scope.displaySuccess = ->
-    StatusMessage.display 'success',t("products_changes_saved")
-    $scope.bulk_product_form.$setPristine()
+    $scope.variantSaved = (variant) ->
+      variant.hasOwnProperty('id') && variant.id > 0
 
 
-  $scope.displayFailure = (failMessage) ->
-    StatusMessage.display  'failure', t("products_update_error_msg") + "#{failMessage}"
+    $scope.hasOnDemandVariants = (product) ->
+      (variant for id, variant of product.variants when variant.on_demand).length > 0
 
 
-  $scope.displayDirtyProducts = ->
-    count = DirtyProducts.count()
-    switch count
-      when 0 then StatusMessage.clear()
-      when 1 then StatusMessage.display 'notice', t("one_product_unsaved")
-      else StatusMessage.display 'notice', t("products_unsaved", n: count)
+    $scope.submitProducts = ->
+      # Pack pack $scope.products, so they will match the list returned from the server,
+      # then pack $scope.dirtyProducts, ensuring that the correct product info is sent to the server.
+      $scope.packProduct product for id, product of $scope.products
+      $scope.packProduct product for id, product of DirtyProducts.all()
+
+      productsToSubmit = filterSubmitProducts(DirtyProducts.all())
+      if productsToSubmit.length > 0
+        $scope.updateProducts productsToSubmit # Don't submit an empty list
+      else
+        StatusMessage.display 'alert', t("products_change")
+
+
+    $scope.updateProducts = (productsToSubmit) ->
+      $scope.displayUpdating()
+      $http(
+        method: "POST"
+        url: "/admin/products/bulk_update"
+        data:
+          products: productsToSubmit
+          filters: $scope.currentFilters
+      ).success((data) ->
+        DirtyProducts.clear()
+        BulkProducts.updateVariantLists(data.products || [])
+        $timeout -> $scope.displaySuccess()
+      ).error (data, status) ->
+        if status == 400 && data.errors? && data.errors.length > 0
+          errors = error + "\n" for error in data.errors
+          alert t("products_update_error") + "\n" + errors
+          $scope.displayFailure t("products_update_error")
+        else
+          $scope.displayFailure t("products_update_error_data") + status
+
+    $scope.cancel = (destination) ->
+      $window.location = destination
+
+    $scope.packProduct = (product) ->
+      if product.variant_unit_with_scale
+        match = product.variant_unit_with_scale.match(/^([^_]+)_([\d\.]+)$/)
+        if match
+          product.variant_unit = match[1]
+          product.variant_unit_scale = parseFloat(match[2])
+        else
+          product.variant_unit = product.variant_unit_with_scale
+          product.variant_unit_scale = null
+      else
+        product.variant_unit = product.variant_unit_scale = null
+
+      $scope.packVariant product, product.master if product.master
+
+      if product.variants
+        for id, variant of product.variants
+          $scope.packVariant product, variant
+
+
+    $scope.packVariant = (product, variant) ->
+      if variant.hasOwnProperty("unit_value_with_description")
+        match = variant.unit_value_with_description.match(/^([\d\.]+(?= |$)|)( |)(.*)$/)
+        if match
+          product = BulkProducts.find product.id
+          variant.unit_value  = parseFloat(match[1])
+          variant.unit_value  = null if isNaN(variant.unit_value)
+          variant.unit_value *= product.variant_unit_scale if variant.unit_value && product.variant_unit_scale
+          variant.unit_description = match[3]
+
+    $scope.incrementLimit = ->
+      if $scope.limit < $scope.products.length
+        $scope.limit = $scope.limit + 5
+
+
+    $scope.displayUpdating = ->
+      StatusMessage.display 'progress', t("saving")
+
+
+    $scope.displaySuccess = ->
+      StatusMessage.display 'success',t("products_changes_saved")
+      $scope.bulk_product_form.$setPristine()
+
+
+    $scope.displayFailure = (failMessage) ->
+      StatusMessage.display  'failure', t("products_update_error_msg") + "#{failMessage}"
+
+
+    $scope.displayDirtyProducts = ->
+      count = DirtyProducts.count()
+      switch count
+        when 0 then StatusMessage.clear()
+        when 1 then StatusMessage.display 'notice', t("one_product_unsaved")
+        else StatusMessage.display 'notice', t("products_unsaved", n: count)
 
 
 filterSubmitProducts = (productsToFilter) ->

app/assets/javascripts/admin/index_utils/services/spree_api_auth.js.coffee

@@ -0,0 +1,16 @@
+angular.module("admin.indexUtils").factory "SpreeApiAuth", ($q, $http, SpreeApiKey) ->
+  new class SpreeApiAuth
+    authorise: ->
+      deferred = $q.defer()
+
+      $http.get("/api/users/authorise_api?token=" + SpreeApiKey)
+      .success (response) ->
+        if response?.success == "Use of API Authorised"
+          $http.defaults.headers.common["X-Spree-Token"] = SpreeApiKey
+          deferred.resolve()
+
+      .error (response) ->
+        error = response?.error || t('js.unauthorized')
+        deferred.reject(error)
+
+      deferred.promise

app/assets/javascripts/admin/orders/controllers/orders_controller.js.coffee

@@ -23,7 +23,7 @@ angular.module("admin.orders").controller "ordersCtrl", ($scope, RequestMonitor,
 
   $scope.fetchResults = (page=1) ->
     $scope.resetSelected()
-    params = {
+    Orders.index({
       'q[completed_at_lt]': $scope['q']['completed_at_lt'],
       'q[completed_at_gt]': $scope['q']['completed_at_gt'],
       'q[state_eq]': $scope['q']['state_eq'],
@@ -39,8 +39,7 @@ angular.module("admin.orders").controller "ordersCtrl", ($scope, RequestMonitor,
       'q[s]': $scope.sorting || 'completed_at desc',
       per_page: $scope.per_page,
       page: page
-    }
-    RequestMonitor.load(Orders.index(params).$promise)
+    })
 
   $scope.resetSelected = ->
     $scope.selected_orders.length = 0

app/assets/javascripts/admin/resources/resources/product_resource.js.coffee

@@ -1,6 +0,0 @@
-angular.module("admin.resources").factory 'ProductResource', ($resource) ->
-  $resource('/admin/product/:id/:action.json', {}, {
-    'index':
-      url: '/api/products/bulk_products.json'
-      method: 'GET'
-  })

app/assets/javascripts/admin/services/bulk_products.js.coffee

@@ -1,13 +1,15 @@
-angular.module("ofn.admin").factory "BulkProducts", (ProductResource, dataFetcher, $http) ->
+angular.module("ofn.admin").factory "BulkProducts", (PagedFetcher, dataFetcher, $http) ->
   new class BulkProducts
     products: []
-    pagination: {}
 
-    fetch: (params) ->
-      ProductResource.index params, (data) =>
-        @products.length = 0
-        @addProducts data.products
-        angular.extend(@pagination, data.pagination)
+    fetch: (filters, onComplete) ->
+      queryString = filters.reduce (qs,f) ->
+        return qs + "q[#{f.property.db_column}_#{f.predicate.predicate}]=#{f.value};"
+      , ""
+
+      url = "/api/products/bulk_products?page=::page::;per_page=20;#{queryString}"
+      processData = (data) => @addProducts data.products
+      PagedFetcher.fetch url, processData, onComplete
 
     cloneProduct: (product) ->
       $http.post("/api/products/" + product.id + "/clone").success (data) =>

app/assets/javascripts/admin/variant_overrides/controllers/variant_overrides_controller.js.coffee

@@ -1,4 +1,4 @@
-angular.module("admin.variantOverrides").controller "AdminVariantOverridesCtrl", ($scope, $http, $timeout, Indexer, Columns, Views, PagedFetcher, StatusMessage, RequestMonitor, hubs, producers, hubPermissions, InventoryItems, VariantOverrides, DirtyVariantOverrides) ->
+angular.module("admin.variantOverrides").controller "AdminVariantOverridesCtrl", ($scope, $http, $timeout, Indexer, Columns, Views, SpreeApiAuth, PagedFetcher, StatusMessage, RequestMonitor, hubs, producers, hubPermissions, InventoryItems, VariantOverrides, DirtyVariantOverrides) ->
   $scope.hubs = Indexer.index hubs
   $scope.hub_id = if hubs.length == 1 then hubs[0].id else null
   $scope.products = []
@@ -39,7 +39,13 @@ angular.module("admin.variantOverrides").controller "AdminVariantOverridesCtrl",
     $scope.producerFilter != 0 || $scope.query != ''
 
   $scope.initialise = ->
-    $scope.fetchProducts()
+    SpreeApiAuth.authorise()
+    .then ->
+      $scope.spree_api_key_ok = true
+      $scope.fetchProducts()
+    .catch (message) ->
+      $scope.api_error_msg = message
+
 
   $scope.fetchProducts = ->
     url = "/api/products/overridable?page=::page::;per_page=100"

app/assets/javascripts/darkswarm/controllers/order_cycle_controller.js.coffee

@@ -1,4 +1,4 @@
-Darkswarm.controller "OrderCycleCtrl", ($scope, $rootScope, $timeout, OrderCycle) ->
+Darkswarm.controller "OrderCycleCtrl", ($scope, $timeout, OrderCycle) ->
   $scope.order_cycle = OrderCycle.order_cycle
   $scope.OrderCycle = OrderCycle
 
@@ -6,12 +6,11 @@ Darkswarm.controller "OrderCycleCtrl", ($scope, $rootScope, $timeout, OrderCycle
   # This is a hack. We should probably write our own "popover" directive
   # That takes an expression instead of a trigger, and binds to that
   $timeout =>
-    $rootScope.$broadcast 'orderCycleSelected'
     if !$scope.OrderCycle.selected()
       $("#order_cycle_id").trigger("openTrigger")
 
 
-Darkswarm.controller "OrderCycleChangeCtrl", ($scope, $rootScope, $timeout, OrderCycle, Products, Variants, Cart, ChangeableOrdersAlert) ->
+Darkswarm.controller "OrderCycleChangeCtrl", ($scope, $timeout, OrderCycle, Products, Variants, Cart, ChangeableOrdersAlert) ->
   # Track previous order cycle id for use with revertOrderCycle()
   $scope.previous_order_cycle_id = OrderCycle.order_cycle.order_cycle_id
   $scope.$watch 'order_cycle.order_cycle_id', (newValue, oldValue)->
@@ -33,4 +32,3 @@ Darkswarm.controller "OrderCycleChangeCtrl", ($scope, $rootScope, $timeout, Orde
     Products.update()
     Cart.reloadFinalisedLineItems()
     ChangeableOrdersAlert.reload()
-    $rootScope.$broadcast 'orderCycleSelected'

app/assets/javascripts/darkswarm/controllers/products_controller.js.coffee

@@ -1,65 +1,41 @@
-Darkswarm.controller "ProductsCtrl", ($scope, $filter, $rootScope, Products, OrderCycle, OrderCycleResource, FilterSelectorsService, Cart, Dereferencer, Taxons, Properties, currentHub, $timeout) ->
+Darkswarm.controller "ProductsCtrl", ($scope, $filter, $rootScope, Products, OrderCycle, FilterSelectorsService, Cart, Taxons, Properties) ->
   $scope.Products = Products
   $scope.Cart = Cart
   $scope.query = ""
   $scope.taxonSelectors = FilterSelectorsService.createSelectors()
   $scope.propertySelectors = FilterSelectorsService.createSelectors()
   $scope.filtersActive = true
-  $scope.page = 1
-  $scope.per_page = 10
+  $scope.limit = 10
   $scope.order_cycle = OrderCycle.order_cycle
-  $scope.supplied_taxons = null
-  $scope.supplied_properties = null
+  # $scope.infiniteDisabled = true
 
-  $rootScope.$on "orderCycleSelected", ->
-    $scope.update_filters()
-    $scope.clearAll()
+  # All of this logic basically just replicates the functionality filtering an ng-repeat
+  # except that it allows us to filter a separate list before rendering, meaning that
+  # we can get much better performance when applying filters by resetting the limit on the
+  # number of products being rendered each time a filter is changed.
 
-  $scope.update_filters = ->
-    order_cycle_id = OrderCycle.order_cycle.order_cycle_id
+  $scope.$watch "Products.loading", (newValue, oldValue) ->
+    $scope.updateFilteredProducts()
+    $scope.$broadcast("loadFilterSelectors") if !newValue
 
-    return unless order_cycle_id
+  $scope.incrementLimit = ->
+    if $scope.limit < Products.products.length
+      $scope.limit += 10
+      $scope.updateVisibleProducts()
 
-    params = {
-      id: order_cycle_id,
-      distributor: currentHub.id
-    }
-    OrderCycleResource.taxons params, (data)=>
-      $scope.supplied_taxons = {}
-      data.map( (taxon) ->
-        $scope.supplied_taxons[taxon.id] = Taxons.taxons_by_id[taxon.id]
-      )
-    OrderCycleResource.properties params, (data)=>
-      $scope.supplied_properties = {}
-      data.map( (property) ->
-        $scope.supplied_properties[property.id] = Properties.properties_by_id[property.id]
-      )
+  $scope.$watch 'query', -> $scope.updateFilteredProducts()
+  $scope.$watchCollection 'activeTaxons', -> $scope.updateFilteredProducts()
+  $scope.$watchCollection 'activeProperties', -> $scope.updateFilteredProducts()
 
-  $scope.loadMore = ->
-    if ($scope.page * $scope.per_page) <= Products.products.length
-      $scope.loadMoreProducts()
+  $scope.updateFilteredProducts = ->
+    $scope.limit = 10
+    f1 = $filter('products')(Products.products, $scope.query)
+    f2 = $filter('taxons')(f1, $scope.activeTaxons)
+    $scope.filteredProducts = $filter('properties')(f2, $scope.activeProperties)
+    $scope.updateVisibleProducts()
 
-  $scope.$watch 'query', (newValue, oldValue) -> $scope.loadProducts() if newValue != oldValue
-  $scope.$watchCollection 'activeTaxons', (newValue, oldValue) -> $scope.loadProducts() if newValue != oldValue
-  $scope.$watchCollection 'activeProperties', (newValue, oldValue) -> $scope.loadProducts() if newValue != oldValue
-
-  $scope.loadProducts = ->
-    $scope.page = 1
-    Products.update($scope.queryParams())
-
-  $scope.loadMoreProducts = ->
-    Products.update($scope.queryParams($scope.page + 1), true)
-    $scope.page += 1
-
-  $scope.queryParams = (page = null) ->
-    {
-      id: $scope.order_cycle.order_cycle_id,
-      page: page || $scope.page,
-      per_page: $scope.per_page,
-      'q[name_or_meta_keywords_or_supplier_name_cont]': $scope.query,
-      'q[properties_id_or_supplier_properties_id_in_any][]': $scope.activeProperties,
-      'q[primary_taxon_id_in_any][]': $scope.activeTaxons
-    }
+  $scope.updateVisibleProducts = ->
+    $scope.visibleProducts = $filter('limitTo')($scope.filteredProducts, $scope.limit)
 
   $scope.searchKeypress = (e)->
     code = e.keyCode || e.which

app/assets/javascripts/darkswarm/services/order_cycle_resource.js.coffee

@@ -1,21 +0,0 @@
-Darkswarm.factory 'OrderCycleResource', ($resource) ->
-  $resource('/api/order_cycles/:id', {}, {
-    'products':
-      method: 'GET'
-      isArray: true
-      url: '/api/order_cycles/:id/products'
-      params:
-        id: '@id'
-    'taxons':
-      method: 'GET'
-      isArray: true
-      url: '/api/order_cycles/:id/taxons'
-      params:
-        id: '@id'
-    'properties':
-      method: 'GET'
-      isArray: true
-      url: '/api/order_cycles/:id/properties'
-      params:
-        id: '@id'
-  })

app/assets/javascripts/darkswarm/services/products.js.coffee

@@ -1,34 +1,26 @@
-Darkswarm.factory 'Products', (OrderCycleResource, OrderCycle, Shopfront, currentHub, Dereferencer, Taxons, Properties, Cart, Variants) ->
+Darkswarm.factory 'Products', ($resource, Shopfront, Dereferencer, Taxons, Properties, Cart, Variants) ->
   new class Products
     constructor: ->
       @update()
 
-    products: []
-    fetched_products: []
+    # TODO: don't need to scope this into object
+    # Already on object as far as controller scope is concerned
+    products: null
     loading: true
 
-    update: (params = {}, load_more = false) =>
+    update: =>
       @loading = true
-      order_cycle_id = OrderCycle.order_cycle.order_cycle_id
+      @products = []
+      $resource("/shop/products").query (products)=>
+        @products = products
 
-      if order_cycle_id == undefined
-        @loading = false
-        return
-
-      params['id'] = order_cycle_id
-      params['distributor'] = currentHub.id
-
-      OrderCycleResource.products params, (data)=>
-        @products = [] unless load_more
-        @fetched_products = data
         @extend()
         @dereference()
         @registerVariants()
-        @products = @products.concat(@fetched_products)
         @loading = false
 
     extend: ->
-      for product in @fetched_products
+      for product in @products
         if product.variants?.length > 0
           prices = (v.price for v in product.variants)
           product.price = Math.min.apply(null, prices)
@@ -38,7 +30,7 @@ Darkswarm.factory 'Products', (OrderCycleResource, OrderCycle, Shopfront, curren
         product.largeImage = product.images[0]?.large_url if product.images
 
     dereference: ->
-      for product in @fetched_products
+      for product in @products
         product.supplier = Shopfront.producers_by_id[product.supplier.id]
         Dereferencer.dereference product.taxons, Taxons.taxons_by_id
 
@@ -48,7 +40,7 @@ Darkswarm.factory 'Products', (OrderCycleResource, OrderCycle, Shopfront, curren
     # May return different objects! If the variant has already been registered
     # by another service, we fetch those
     registerVariants: ->
-      for product in @fetched_products
+      for product in @products
         if product.variants
           product.variant_names = ""
           product.variants = for variant in product.variants

app/assets/javascripts/templates/shop_variant.html.haml

@@ -17,7 +17,7 @@
   .small-4.medium-2.large-2.columns.variant-price
     .table-cell.price
       %i.ofn-i_009-close
-      {{ variant.price_with_fees | localizeCurrency }}
+      {{  ::variant.price_with_fees | localizeCurrency }}
 
       -# Now in a template in app/assets/javascripts/templates !
       %price-breakdown{"price-breakdown" => "_", variant: "variant",

app/assets/stylesheets/admin/openfoodnetwork.css.scss

@@ -255,9 +255,6 @@ text-angular {
       background-color: #4583bf;
     }
   }
-  a {
-    color: $spree-green
-  }
 }
 
 span.required {

app/assets/stylesheets/admin/select2.css.scss

@@ -3,7 +3,7 @@
 .select2-container {
   .select2-choice {
     .select2-search-choice-close {
-      display: none !important;
+      display: none;
     }
     .select2-arrow {
       width: 22px;

app/controllers/admin/cache_settings_controller.rb

@@ -0,0 +1,27 @@
+require 'open_food_network/products_cache_integrity_checker'
+
+module Admin
+  class CacheSettingsController < Spree::Admin::BaseController
+    def edit
+      @results = Exchange.cachable.map do |exchange|
+        checker = OpenFoodNetwork::ProductsCacheIntegrityChecker
+          .new(exchange.receiver, exchange.order_cycle)
+
+        {
+          distributor: exchange.receiver,
+          order_cycle: exchange.order_cycle,
+          status: checker.ok?,
+          diff: checker.diff
+        }
+      end
+    end
+
+    def update
+      Spree::Config.set(params[:preferences])
+
+      respond_to do |format|
+        format.html { redirect_to main_app.edit_admin_cache_settings_path }
+      end
+    end
+  end
+end

app/controllers/api/base_controller.rb

@@ -1,44 +1,16 @@
 # Base controller for OFN's API
-require_dependency 'spree/api/controller_setup'
-
+# Includes the minimum machinery required by ActiveModelSerializers
 module Api
-  class BaseController < ActionController::Metal
-    include Spree::Api::ControllerSetup
-    include Spree::Core::ControllerHelpers::SSL
-    include ::ActionController::Head
-
-    respond_to :json
-
-    attr_accessor :current_api_user
-
-    before_filter :set_content_type
-    before_filter :authenticate_user
-    after_filter  :set_jsonp_format
-
-    rescue_from Exception, with: :error_during_processing
-    rescue_from CanCan::AccessDenied, with: :unauthorized
-    rescue_from ActiveRecord::RecordNotFound, with: :not_found
-
-    helper Spree::Api::ApiHelpers
-
-    ssl_allowed
-
-    # Include these because we inherit from ActionController::Metal
-    #   rather than ActionController::Base and these are required for AMS
+  class BaseController < Spree::Api::BaseController
+    # Need to include these because Spree::Api::BaseContoller inherits
+    # from ActionController::Metal rather than ActionController::Base
+    # and they are required by ActiveModelSerializers
     include ActionController::Serialization
     include ActionController::UrlFor
     include Rails.application.routes.url_helpers
-
     use_renderers :json
     check_authorization
 
-    def set_jsonp_format
-      return unless params[:callback] && request.get?
-
-      self.response_body = "#{params[:callback]}(#{response_body})"
-      headers["Content-Type"] = 'application/javascript'
-    end
-
     def respond_with_conflict(json_hash)
       render json: json_hash, status: :conflict
     end
@@ -47,62 +19,16 @@ module Api
 
     # Use logged in user (spree_current_user) for API authentication (current_api_user)
     def authenticate_user
-      return if @current_api_user = try_spree_current_user
-      if api_key.blank?
-        # An anonymous user
-        @current_api_user = Spree.user_class.new
-        return
-      end
-
-      return if @current_api_user = Spree.user_class.find_by_spree_api_key(api_key.to_s)
-
-      invalid_api_key
+      @current_api_user = try_spree_current_user
+      super
     end
 
-    def set_content_type
-      content_type = case params[:format]
-                     when "json"
-                       "application/json"
-                     when "xml"
-                       "text/xml"
-                     end
-      headers["Content-Type"] = content_type
-    end
-
-    def error_during_processing(exception)
-      render(text: { exception: exception.message }.to_json,
-             status: :unprocessable_entity) && return
-    end
-
-    def current_ability
-      Spree::Ability.new(current_api_user)
-    end
-
-    def api_key
-      request.headers["X-Spree-Token"] || params[:token]
-    end
-    helper_method :api_key
-
-    def invalid_resource!(resource)
-      @resource = resource
-      render(json: { error: I18n.t(:invalid_resource, scope: "spree.api"),
-                     errors: @resource.errors },
-             status: :unprocessable_entity)
-    end
-
-    def invalid_api_key
-      render(json: { error: I18n.t(:invalid_api_key, key: api_key, scope: "spree.api") },
-             status: :unauthorized) && return
-    end
-
-    def unauthorized
-      render(json: { error: I18n.t(:unauthorized, scope: "spree.api") },
-             status: :unauthorized) && return
-    end
-
-    def not_found
-      render(json: { error: I18n.t(:resource_not_found, scope: "spree.api") },
-             status: :not_found) && return
+    # Allows API access without authentication, but only for OFN controllers which inherit
+    # from Api::BaseController. @current_api_user will now initialize an empty Spree::User
+    # unless one is present. We now also apply devise's `check_authorization`. See here for
+    # details: https://github.com/CanCanCommunity/cancancan/wiki/Ensure-Authorization
+    def requires_authentication?
+      false
     end
   end
 end

app/controllers/api/order_cycles_controller.rb

@@ -1,88 +0,0 @@
-module Api
-  class OrderCyclesController < BaseController
-    include EnterprisesHelper
-    respond_to :json
-
-    skip_authorization_check
-
-    def products
-      products = ProductsRenderer.new(
-        distributor,
-        order_cycle,
-        customer,
-        search_params
-      ).products_json
-
-      render json: products
-    rescue ProductsRenderer::NoProducts
-      render status: :not_found, json: ''
-    end
-
-    def taxons
-      taxons = Spree::Taxon.
-        joins(:products).
-        where(spree_products: { id: distributed_products }).
-        select('DISTINCT spree_taxons.*')
-
-      render json: ActiveModel::ArraySerializer.new(taxons, each_serializer: Api::TaxonSerializer)
-    end
-
-    def properties
-      render json: ActiveModel::ArraySerializer.new(
-        product_properties | producer_properties, each_serializer: Api::PropertySerializer
-      )
-    end
-
-    private
-
-    def product_properties
-      Spree::Property.
-        joins(:products).
-        where(spree_products: { id: distributed_products }).
-        select('DISTINCT spree_properties.*')
-    end
-
-    def producer_properties
-      producers = Enterprise.
-        joins(:supplied_products).
-        where(spree_products: { id: distributed_products })
-
-      Spree::Property.
-        joins(:producer_properties).
-        where(producer_properties: { producer_id: producers }).
-        select('DISTINCT spree_properties.*')
-    end
-
-    def search_params
-      permitted_search_params = params.slice :q, :page, :per_page
-
-      if permitted_search_params.key? :q
-        permitted_search_params[:q].slice!(*permitted_ransack_params)
-      end
-
-      permitted_search_params
-    end
-
-    def permitted_ransack_params
-      [:name_or_meta_keywords_or_supplier_name_cont,
-       :properties_id_or_supplier_properties_id_in_any,
-       :primary_taxon_id_in_any]
-    end
-
-    def distributor
-      Enterprise.find_by_id(params[:distributor])
-    end
-
-    def order_cycle
-      OrderCycle.find_by_id(params[:id])
-    end
-
-    def customer
-      @current_api_user.andand.customer_of(distributor) || nil
-    end
-
-    def distributed_products
-      OrderCycleDistributedProducts.new(distributor, order_cycle, customer).products_relation
-    end
-  end
-end

app/controllers/api/orders_controller.rb

@@ -1,10 +1,5 @@
 module Api
   class OrdersController < BaseController
-    def show
-      authorize! :read, order
-      render json: order, serializer: Api::OrderDetailedSerializer, current_order: order
-    end
-
     def index
       authorize! :admin, Spree::Order
 
@@ -24,12 +19,5 @@ module Api
         each_serializer: Api::Admin::OrderSerializer
       )
     end
-
-    def order
-      @order ||= Spree::Order.
-        where(number: params[:id]).
-        includes(line_items: { variant: [:product, :stock_items, :default_price] }).
-        first!
-    end
   end
 end

app/controllers/api/products_controller.rb

@@ -1,148 +0,0 @@
-require 'open_food_network/permissions'
-
-module Api
-  class ProductsController < Api::BaseController
-    respond_to :json
-    DEFAULT_PAGE = 1
-    DEFAULT_PER_PAGE = 15
-
-    skip_authorization_check only: [:show, :bulk_products, :overridable]
-
-    def show
-      @product = find_product(params[:id])
-      render json: @product, serializer: Api::Admin::ProductSerializer
-    end
-
-    def create
-      authorize! :create, Spree::Product
-      params[:product][:available_on] ||= Time.zone.now
-      @product = Spree::Product.new(params[:product])
-      begin
-        if @product.save
-          render json: @product, serializer: Api::Admin::ProductSerializer, status: 201
-        else
-          invalid_resource!(@product)
-        end
-      rescue ActiveRecord::RecordNotUnique
-        @product.permalink = nil
-        retry
-      end
-    end
-
-    def update
-      authorize! :update, Spree::Product
-      @product = find_product(params[:id])
-      if @product.update_attributes(params[:product])
-        render json: @product, serializer: Api::Admin::ProductSerializer, status: 200
-      else
-        invalid_resource!(@product)
-      end
-    end
-
-    def destroy
-      authorize! :delete, Spree::Product
-      @product = find_product(params[:id])
-      @product.update_attribute(:deleted_at, Time.zone.now)
-      @product.variants_including_master.update_all(deleted_at: Time.zone.now)
-      render json: @product, serializer: Api::Admin::ProductSerializer, status: 204
-    end
-
-    def bulk_products
-      product_query = OpenFoodNetwork::Permissions.new(current_api_user).
-        editable_products.merge(product_scope)
-
-      if params[:import_date].present?
-        product_query = product_query.imported_on(params[:import_date]).group_by_products_id
-      end
-
-      @products = product_query.order('created_at DESC').
-        ransack(params[:q]).result.
-        page(params[:page] || DEFAULT_PAGE).per(params[:per_page] || DEFAULT_PER_PAGE)
-
-      render_paged_products @products
-    end
-
-    def overridable
-      producers = OpenFoodNetwork::Permissions.new(current_api_user).
-        variant_override_producers.by_name
-
-      @products = paged_products_for_producers producers
-
-      render_paged_products @products
-    end
-
-    def soft_delete
-      authorize! :delete, Spree::Product
-      @product = find_product(params[:product_id])
-      authorize! :delete, @product
-      @product.destroy
-      render json: @product, serializer: Api::Admin::ProductSerializer, status: 204
-    end
-
-    # POST /api/products/:product_id/clone
-    #
-    def clone
-      authorize! :create, Spree::Product
-      original_product = find_product(params[:product_id])
-      authorize! :update, original_product
-
-      @product = original_product.duplicate
-
-      render json: @product, serializer: Api::Admin::ProductSerializer, status: 201
-    end
-
-    private
-
-    def find_product(id)
-      product_scope.find_by_permalink!(id.to_s)
-    rescue ActiveRecord::RecordNotFound
-      product_scope.find(id)
-    end
-
-    def product_scope
-      if current_api_user.has_spree_role?("admin") || current_api_user.enterprises.present?
-        scope = Spree::Product
-        if params[:show_deleted]
-          scope = scope.with_deleted
-        end
-      else
-        scope = Spree::Product.active
-      end
-
-      scope.includes(:master)
-    end
-
-    def paged_products_for_producers(producers)
-      Spree::Product.scoped.
-        merge(product_scope).
-        where(supplier_id: producers).
-        by_producer.by_name.
-        ransack(params[:q]).result.
-        page(params[:page]).per(params[:per_page])
-    end
-
-    def render_paged_products(products)
-      serializer = ActiveModel::ArraySerializer.new(
-        products,
-        each_serializer: ::Api::Admin::ProductSerializer
-      )
-
-      render text: {
-        products: serializer,
-        # This line is used by the PagedFetcher JS service (inventory).
-        pages: products.num_pages,
-        # This hash is used by the BulkProducts JS service.
-        pagination: pagination_data(products)
-      }.to_json
-    end
-
-    def pagination_data(results)
-      {
-        results: results.total_count,
-        pages: results.num_pages,
-        page: (params[:page] || DEFAULT_PAGE).to_i,
-        per_page: (params[:per_page] || DEFAULT_PER_PAGE).to_i
-      }
-    end
-  end
-end

app/controllers/api/shipments_controller.rb

@@ -1,105 +0,0 @@
-require 'open_food_network/scope_variant_to_hub'
-
-module Api
-  class ShipmentsController < Api::BaseController
-    respond_to :json
-
-    before_filter :find_order
-    before_filter :find_and_update_shipment, only: [:ship, :ready, :add, :remove]
-
-    def create
-      variant = scoped_variant(params[:variant_id])
-      quantity = params[:quantity].to_i
-      @shipment = get_or_create_shipment(params[:stock_location_id])
-
-      @order.contents.add(variant, quantity, nil, @shipment)
-
-      @shipment.refresh_rates
-      @shipment.save!
-
-      render json: @shipment.reload, serializer: Api::ShipmentSerializer, status: :ok
-    end
-
-    def update
-      authorize! :read, Spree::Shipment
-      @shipment = @order.shipments.find_by_number!(params[:id])
-      params[:shipment] ||= []
-      unlock = params[:shipment].delete(:unlock)
-
-      if unlock == 'yes'
-        @shipment.adjustment.open
-      end
-
-      @shipment.update_attributes(params[:shipment])
-
-      if unlock == 'yes'
-        @shipment.adjustment.close
-      end
-
-      render json: @shipment.reload, serializer: Api::ShipmentSerializer, status: :ok
-    end
-
-    def ready
-      authorize! :read, Spree::Shipment
-      unless @shipment.ready?
-        if @shipment.can_ready?
-          @shipment.ready!
-        else
-          render(json: { error: I18n.t(:cannot_ready, scope: "spree.api.shipment") },
-                 status: :unprocessable_entity) && return
-        end
-      end
-      render json: @shipment, serializer: Api::ShipmentSerializer, status: :ok
-    end
-
-    def ship
-      authorize! :read, Spree::Shipment
-      unless @shipment.shipped?
-        @shipment.ship!
-      end
-      render json: @shipment, serializer: Api::ShipmentSerializer, status: :ok
-    end
-
-    def add
-      variant = scoped_variant(params[:variant_id])
-      quantity = params[:quantity].to_i
-
-      @order.contents.add(variant, quantity, nil, @shipment)
-
-      render json: @shipment, serializer: Api::ShipmentSerializer, status: :ok
-    end
-
-    def remove
-      variant = scoped_variant(params[:variant_id])
-      quantity = params[:quantity].to_i
-
-      @order.contents.remove(variant, quantity, @shipment)
-      @shipment.reload if @shipment.persisted?
-
-      render json: @shipment, serializer: Api::ShipmentSerializer, status: :ok
-    end
-
-    private
-
-    def find_order
-      @order = Spree::Order.find_by_number!(params[:order_id])
-      authorize! :read, @order
-    end
-
-    def find_and_update_shipment
-      @shipment = @order.shipments.find_by_number!(params[:id])
-      @shipment.update_attributes(params[:shipment])
-      @shipment.reload
-    end
-
-    def scoped_variant(variant_id)
-      variant = Spree::Variant.find(variant_id)
-      OpenFoodNetwork::ScopeVariantToHub.new(@order.distributor).scope(variant)
-      variant
-    end
-
-    def get_or_create_shipment(stock_location_id)
-      @order.shipment || @order.shipments.create(stock_location_id: stock_location_id)
-    end
-  end
-end

app/controllers/api/taxonomies_controller.rb

@@ -1,12 +0,0 @@
-module Api
-  class TaxonomiesController < Api::BaseController
-    respond_to :json
-
-    skip_authorization_check only: :jstree
-
-    def jstree
-      @taxonomy = Spree::Taxonomy.find(params[:id])
-      render json: @taxonomy.root, serializer: Api::TaxonJstreeSerializer
-    end
-  end
-end

app/controllers/api/taxons_controller.rb

@@ -1,71 +0,0 @@
-module Api
-  class TaxonsController < Api::BaseController
-    respond_to :json
-
-    skip_authorization_check only: [:index, :show, :jstree]
-
-    def index
-      if taxonomy
-        @taxons = taxonomy.root.children
-      else
-        if params[:ids]
-          @taxons = Spree::Taxon.where(id: params[:ids].split(","))
-        else
-          @taxons = Spree::Taxon.ransack(params[:q]).result
-        end
-      end
-      render json: @taxons, each_serializer: Api::TaxonSerializer
-    end
-
-    def jstree
-      @taxon = taxon
-      render json: @taxon.children, each_serializer: Api::TaxonJstreeSerializer
-    end
-
-    def create
-      authorize! :create, Spree::Taxon
-      @taxon = Spree::Taxon.new(params[:taxon])
-      @taxon.taxonomy_id = params[:taxonomy_id]
-      taxonomy = Spree::Taxonomy.find_by_id(params[:taxonomy_id])
-
-      if taxonomy.nil?
-        @taxon.errors[:taxonomy_id] = I18n.t(:invalid_taxonomy_id, scope: 'spree.api')
-        invalid_resource!(@taxon) && return
-      end
-
-      @taxon.parent_id = taxonomy.root.id unless params[:taxon][:parent_id]
-
-      if @taxon.save
-        render json: @taxon, serializer: Api::TaxonSerializer, status: :created
-      else
-        invalid_resource!(@taxon)
-      end
-    end
-
-    def update
-      authorize! :update, Spree::Taxon
-      if taxon.update_attributes(params[:taxon])
-        render json: taxon, serializer: Api::TaxonSerializer, status: :ok
-      else
-        invalid_resource!(taxon)
-      end
-    end
-
-    def destroy
-      authorize! :delete, Spree::Taxon
-      taxon.destroy
-      render json: taxon, serializer: Api::TaxonSerializer, status: :no_content
-    end
-
-    private
-
-    def taxonomy
-      return if params[:taxonomy_id].blank?
-      @taxonomy ||= Spree::Taxonomy.find(params[:taxonomy_id])
-    end
-
-    def taxon
-      @taxon ||= taxonomy.taxons.find(params[:id])
-    end
-  end
-end

app/controllers/api/variants_controller.rb

@@ -1,79 +0,0 @@
-module Api
-  class VariantsController < Api::BaseController
-    respond_to :json
-
-    skip_authorization_check only: [:index, :show]
-    before_filter :product
-
-    def index
-      @variants = scope.includes(:option_values).ransack(params[:q]).result
-      render json: @variants, each_serializer: Api::VariantSerializer
-    end
-
-    def show
-      @variant = scope.includes(:option_values).find(params[:id])
-      render json: @variant, serializer: Api::VariantSerializer
-    end
-
-    def create
-      authorize! :create, Spree::Variant
-      @variant = scope.new(params[:variant])
-      if @variant.save
-        render json: @variant, serializer: Api::VariantSerializer, status: 201
-      else
-        invalid_resource!(@variant)
-      end
-    end
-
-    def update
-      authorize! :update, Spree::Variant
-      @variant = scope.find(params[:id])
-      if @variant.update_attributes(params[:variant])
-        render json: @variant, serializer: Api::VariantSerializer, status: 200
-      else
-        invalid_resource!(@product)
-      end
-    end
-
-    def soft_delete
-      @variant = scope.find(params[:variant_id])
-      authorize! :delete, @variant
-
-      VariantDeleter.new.delete(@variant)
-      render json: @variant, serializer: Api::VariantSerializer, status: 204
-    end
-
-    def destroy
-      authorize! :delete, Spree::Variant
-      @variant = scope.find(params[:id])
-      @variant.destroy
-      render json: @variant, serializer: Api::VariantSerializer, status: 204
-    end
-
-    private
-
-    def product
-      @product ||= Spree::Product.find_by_permalink(params[:product_id]) if params[:product_id]
-    end
-
-    def scope
-      if @product
-        unless current_api_user.has_spree_role?("admin") || params[:show_deleted]
-          variants = @product.variants_including_master
-        else
-          variants = @product.variants_including_master.with_deleted
-        end
-      else
-        variants = Spree::Variant.scoped
-        if current_api_user.has_spree_role?("admin")
-          unless params[:show_deleted]
-            variants = Spree::Variant.active
-          end
-        else
-          variants = variants.active
-        end
-      end
-      variants
-    end
-  end
-end

app/controllers/checkout_controller.rb

@@ -152,7 +152,7 @@ class CheckoutController < Spree::CheckoutController
   end
 
   def update_failed
-    current_order.updater.shipping_address_from_distributor
+    clear_ship_address
     RestartCheckout.new(@order).call
 
     respond_to do |format|
@@ -165,6 +165,15 @@ class CheckoutController < Spree::CheckoutController
     end
   end
 
+  # When we have a pickup Shipping Method,
+  #   we clone the distributor address into ship_address before_save
+  # We don't want this data in the form, so we clear it out
+  def clear_ship_address
+    unless current_order.shipping_method.andand.require_ship_address
+      current_order.ship_address = Spree::Address.default
+    end
+  end
+
   def load_order
     @order = current_order
     redirect_to(main_app.shop_path) && return unless @order && @order.checkout_allowed?

app/controllers/shop_controller.rb

@@ -1,3 +1,5 @@
+require 'open_food_network/cached_products_renderer'
+
 class ShopController < BaseController
   layout "darkswarm"
   before_filter :require_distributor_chosen, :set_order_cycles, except: :changeable_orders_alert
@@ -7,6 +9,19 @@ class ShopController < BaseController
     redirect_to main_app.enterprise_shop_path(current_distributor)
   end
 
+  def products
+    renderer = OpenFoodNetwork::CachedProductsRenderer.new(current_distributor,
+                                                           current_order_cycle)
+
+    # If we add any more filtering logic, we should probably
+    # move it all to a lib class like 'CachedProductsFilterer'
+    products_json = filter(renderer.products_json)
+
+    render json: products_json
+  rescue OpenFoodNetwork::CachedProductsRenderer::NoProducts
+    render status: :not_found, json: ''
+  end
+
   def order_cycle
     if request.post?
       if oc = OrderCycle.with_distributor(@distributor).active.find_by_id(params[:order_cycle_id])
@@ -24,4 +39,27 @@ class ShopController < BaseController
   def changeable_orders_alert
     render layout: false
   end
+
+  private
+
+  def filtered_json(products_json)
+    if applicator.rules.any?
+      filter(products_json)
+    else
+      products_json
+    end
+  end
+
+  def filter(products_json)
+    products_hash = JSON.parse(products_json)
+    applicator.filter!(products_hash)
+    JSON.unparse(products_hash)
+  end
+
+  def applicator
+    return @applicator unless @applicator.nil?
+    @applicator = OpenFoodNetwork::TagRuleApplicator.new(current_distributor,
+                                                         "FilterProducts",
+                                                         current_customer.andand.tag_list)
+  end
 end

app/controllers/spree/admin/countries_controller.rb

@@ -1,9 +0,0 @@
-module Spree
-  module Admin
-    class CountriesController < ResourceController
-      def collection
-        super.order(:name)
-      end
-    end
-  end
-end

app/controllers/spree/admin/general_settings_controller.rb

@@ -1,35 +0,0 @@
-module Spree
-  module Admin
-    class GeneralSettingsController < Spree::Admin::BaseController
-      def edit
-        @preferences_general = [:site_name, :default_seo_title, :default_meta_keywords,
-                                :default_meta_description, :site_url, :bugherd_api_key]
-        @preferences_security = [:allow_ssl_in_production,
-                                 :allow_ssl_in_staging, :allow_ssl_in_development_and_test,
-                                 :check_for_spree_alerts]
-        @preferences_currency = [:display_currency, :hide_cents]
-      end
-
-      def update
-        params.each do |name, value|
-          next unless Spree::Config.has_preference? name
-          Spree::Config[name] = value
-        end
-        flash[:success] = Spree.t(:successfully_updated, resource: Spree.t(:general_settings))
-
-        redirect_to edit_admin_general_settings_path
-      end
-
-      def dismiss_alert
-        return unless request.xhr? && params[:alert_id]
-        dismissed = Spree::Config[:dismissed_spree_alerts] || ''
-        Spree::Config.set(dismissed_spree_alerts: dismissed.
-                                                    split(',').
-                                                    push(params[:alert_id]).
-                                                    join(','))
-        filter_dismissed_alerts
-        render nothing: true
-      end
-    end
-  end
-end

app/controllers/spree/admin/general_settings_controller_decorator.rb

@@ -0,0 +1,14 @@
+module Spree
+  module Admin
+    GeneralSettingsController.class_eval do
+    end
+
+    module GeneralSettingsEditPreferences
+      def edit
+        super
+        @preferences_general << :bugherd_api_key
+      end
+    end
+    GeneralSettingsController.prepend(GeneralSettingsEditPreferences)
+  end
+end

app/controllers/spree/admin/image_settings_controller.rb

@@ -1,79 +0,0 @@
-module Spree
-  module Admin
-    class ImageSettingsController < Spree::Admin::BaseController
-      def edit
-        @styles = ActiveSupport::JSON.decode(Spree::Config[:attachment_styles])
-        @headers = ActiveSupport::JSON.decode(Spree::Config[:s3_headers])
-      end
-
-      def update
-        update_styles(params)
-        update_headers(params) if Spree::Config[:use_s3]
-
-        Spree::Config.set(params[:preferences])
-        update_paperclip_settings
-
-        respond_to do |format|
-          format.html {
-            flash[:success] = Spree.t(:image_settings_updated)
-            redirect_to spree.edit_admin_image_settings_path
-          }
-        end
-      end
-
-      private
-
-      def update_styles(params)
-        if params[:new_attachment_styles].present?
-          params[:new_attachment_styles].each do |_index, style|
-            params[:attachment_styles][style[:name]] = style[:value] unless style[:value].empty?
-          end
-        end
-
-        styles = params[:attachment_styles]
-
-        Spree::Config[:attachment_styles] = ActiveSupport::JSON.encode(styles) unless styles.nil?
-      end
-
-      def update_headers(params)
-        if params[:new_s3_headers].present?
-          params[:new_s3_headers].each do |_index, header|
-            params[:s3_headers][header[:name]] = header[:value] unless header[:value].empty?
-          end
-        end
-
-        headers = params[:s3_headers]
-
-        Spree::Config[:s3_headers] = ActiveSupport::JSON.encode(headers) unless headers.nil?
-      end
-
-      def update_paperclip_settings
-        if Spree::Config[:use_s3]
-          s3_creds = { access_key_id: Spree::Config[:s3_access_key],
-                       secret_access_key: Spree::Config[:s3_secret],
-                       bucket: Spree::Config[:s3_bucket] }
-          Spree::Image.attachment_definitions[:attachment][:storage] = :s3
-          Spree::Image.attachment_definitions[:attachment][:s3_credentials] = s3_creds
-          Spree::Image.attachment_definitions[:attachment][:s3_headers] =
-            ActiveSupport::JSON.decode(Spree::Config[:s3_headers])
-          Spree::Image.attachment_definitions[:attachment][:bucket] = Spree::Config[:s3_bucket]
-        else
-          Spree::Image.attachment_definitions[:attachment].delete :storage
-        end
-
-        Spree::Image.attachment_definitions[:attachment][:styles] =
-          ActiveSupport::JSON.decode(Spree::Config[:attachment_styles]).symbolize_keys!
-        Spree::Image.attachment_definitions[:attachment][:path] = Spree::Config[:attachment_path]
-        Spree::Image.attachment_definitions[:attachment][:default_url] =
-          Spree::Config[:attachment_default_url]
-        Spree::Image.attachment_definitions[:attachment][:default_style] =
-          Spree::Config[:attachment_default_style]
-
-        # Spree stores attachent definitions in JSON. This converts the style name and format to
-        # strings. However, when paperclip encounters these, it doesn't recognise the format.
-        # Here we solve that problem by converting format and style name to symbols.
-        Spree::Image.reformat_styles
-      end
-    end
-  end
-end

app/controllers/spree/admin/image_settings_controller_decorator.rb

@@ -0,0 +1,11 @@
+Spree::Admin::ImageSettingsController.class_eval do
+  # Spree stores attachent definitions in JSON. This converts the style name and format to
+  # strings. However, when paperclip encounters these, it doesn't recognise the format.
+  # Here we solve that problem by converting format and style name to symbols.
+  def update_paperclip_settings_with_format_styles
+    update_paperclip_settings_without_format_styles
+    Spree::Image.reformat_styles
+  end
+
+  alias_method_chain :update_paperclip_settings, :format_styles
+end

app/controllers/spree/admin/mail_methods_controller.rb

@@ -1,39 +0,0 @@
-module Spree
-  module Admin
-    class MailMethodsController < Spree::Admin::BaseController
-      after_filter :initialize_mail_settings
-
-      def update
-        if params[:smtp_password].blank?
-          params.delete(:smtp_password)
-        end
-
-        params.each do |name, value|
-          next unless Spree::Config.has_preference? name
-          Spree::Config[name] = value
-        end
-
-        flash[:success] = Spree.t(:successfully_updated, resource: Spree.t(:mail_methods))
-        render :edit
-      end
-
-      def testmail
-        if TestMailer.test_email(try_spree_current_user).deliver
-          flash[:success] = Spree.t('admin.mail_methods.testmail.delivery_success')
-        else
-          flash[:error] = Spree.t('admin.mail_methods.testmail.delivery_error')
-        end
-      rescue StandardError => e
-        flash[:error] = Spree.t('admin.mail_methods.testmail.error') % { e: e }
-      ensure
-        redirect_to edit_admin_mail_method_url
-      end
-
-      private
-
-      def initialize_mail_settings
-        Spree::Core::MailSettings.init
-      end
-    end
-  end
-end

app/controllers/spree/admin/orders_controller_decorator.rb

@@ -3,6 +3,7 @@ require 'open_food_network/spree_api_key_loader'
 Spree::Admin::OrdersController.class_eval do
   include OpenFoodNetwork::SpreeApiKeyLoader
   helper CheckoutHelper
+  before_filter :load_spree_api_key, only: :bulk_management
   before_filter :load_order, only: %i[show edit update fire resend invoice print print_ticket]
 
   before_filter :load_distribution_choices, only: [:new, :edit, :update]
@@ -26,10 +27,6 @@ Spree::Admin::OrdersController.class_eval do
     # within the page then fetches the data it needs from Api::OrdersController
   end
 
-  def bulk_management
-    load_spree_api_key
-  end
-
   def edit
     @order.shipments.map &:refresh_rates
 

app/controllers/spree/admin/products_controller_decorator.rb

@@ -1,6 +1,5 @@
 require 'open_food_network/spree_api_key_loader'
 require 'open_food_network/referer_parser'
-require 'open_food_network/permissions'
 
 Spree::Admin::ProductsController.class_eval do
   include OpenFoodNetwork::SpreeApiKeyLoader
@@ -30,11 +29,6 @@ Spree::Admin::ProductsController.class_eval do
     @show_latest_import = params[:latest_import] || false
   end
 
-  def new
-    @object.shipping_category = DefaultShippingCategory.find_or_create
-    super
-  end
-
   def create
     delete_stock_params_and_set_after do
       super
@@ -46,12 +40,11 @@ Spree::Admin::ProductsController.class_eval do
   end
 
   def update
-    original_supplier_id = @product.supplier_id
-
     delete_stock_params_and_set_after do
       super
-      ExchangeVariantDeleter.new.delete(@product) if original_supplier_id != @product.supplier_id
     end
+
+    clear_variants_unit_description if @object.variant_unit == 'items'
   end
 
   def bulk_update
@@ -61,7 +54,7 @@ Spree::Admin::ProductsController.class_eval do
     product_set.collection.each { |p| authorize! :update, p }
 
     if product_set.save
-      redirect_to main_app.bulk_products_api_products_path( bulk_index_query(params) )
+      redirect_to "/api/products/bulk_products?page=1;per_page=500;#{bulk_index_query(params)}"
     else
       if product_set.errors.present?
         render json: { errors: product_set.errors }, status: :bad_request
@@ -116,7 +109,13 @@ Spree::Admin::ProductsController.class_eval do
   end
 
   def bulk_index_query(params)
-    params[:filters].to_h.merge(page: params[:page], per_page: params[:per_page])
+    params[:filters] ||= {}
+    params[:filters].reduce("") do |string, filter|
+      filter_db_column = filter[:property][:db_column]
+      filter_predicate = filter[:predicate][:predicate]
+      filter_value = filter[:value]
+      "#{string}q[#{filter_db_column}_#{filter_predicate}]=#{filter_value};"
+    end
   end
 
   def load_form_data
@@ -196,4 +195,10 @@ Spree::Admin::ProductsController.class_eval do
   def set_product_master_variant_price_to_zero
     @product.price = 0 if @product.price.nil?
   end
+
+  def clear_variants_unit_description
+    @object.variants.each do |variant|
+      variant.update_attribute :unit_description, ''
+    end
+  end
 end

app/controllers/spree/admin/reports_controller_decorator.rb

@@ -109,7 +109,7 @@ Spree::Admin::ReportsController.class_eval do
   end
 
   def orders_and_fulfillment
-    params[:q] ||= orders_and_fulfillment_default_filters
+    params[:q] ||= {}
 
     # -- Prepare Form Options
     permissions = OpenFoodNetwork::Permissions.new(spree_current_user)
@@ -126,8 +126,7 @@ Spree::Admin::ReportsController.class_eval do
     @include_blank = I18n.t(:all)
 
     # -- Build Report with Order Grouper
-    @report = OpenFoodNetwork::OrdersAndFulfillmentsReport.new(permissions,
-                                                               params, render_content?)
+    @report = OpenFoodNetwork::OrdersAndFulfillmentsReport.new spree_current_user, params, render_content?
     @table = order_grouper_table
     csv_file_name = "#{params[:report_type]}_#{timestamp}.csv"
 
@@ -278,10 +277,4 @@ Spree::Admin::ReportsController.class_eval do
   def timestamp
     Time.zone.now.strftime("%Y%m%d")
   end
-
-  def orders_and_fulfillment_default_filters
-    now = Time.zone.now
-    { completed_at_gt: (now - 1.month).beginning_of_day,
-      completed_at_lt: (now + 1.day).beginning_of_day }
-  end
 end

app/controllers/spree/admin/shipping_categories_controller.rb

@@ -1,6 +0,0 @@
-module Spree
-  module Admin
-    class ShippingCategoriesController < ResourceController
-    end
-  end
-end

app/controllers/spree/admin/shipping_methods_controller.rb

@@ -1,84 +0,0 @@
-module Spree
-  module Admin
-    class ShippingMethodsController < ResourceController
-      before_filter :load_data, except: [:index]
-      before_filter :set_shipping_category, only: [:create, :update]
-      before_filter :set_zones, only: [:create, :update]
-      before_filter :load_hubs, only: [:new, :edit, :create, :update]
-
-      # Sort shipping methods by distributor name
-      def collection
-        collection = super
-        collection = collection.managed_by(spree_current_user).by_name
-
-        if params.key? :enterprise_id
-          distributor = Enterprise.find params[:enterprise_id]
-          collection = collection.for_distributor(distributor)
-        end
-
-        collection
-      end
-
-      def new
-        @object.shipping_categories = [DefaultShippingCategory.find_or_create]
-        super
-      end
-
-      def destroy
-        # Our reports are not adapted to soft deleted shipping_methods so here we prevent
-        #   the deletion (even soft) of shipping_methods that are referenced in orders
-        if order = order_referenced_by_shipping_method
-          flash[:error] = I18n.t(:shipping_method_destroy_error, number: order.number)
-          redirect_to(collection_url) && return
-        end
-
-        @object.touch :deleted_at
-        flash[:success] = flash_message_for(@object, :successfully_removed)
-
-        respond_with(@object) do |format|
-          format.html { redirect_to collection_url }
-        end
-      end
-
-      private
-
-      def order_referenced_by_shipping_method
-        Order.joins(shipments: :shipping_rates)
-          .where( spree_shipping_rates: { shipping_method_id: @object } )
-          .first
-      end
-
-      def load_hubs
-        # rubocop:disable Style/TernaryParentheses
-        @hubs = Enterprise.managed_by(spree_current_user).is_distributor.sort_by! do |d|
-          [(@shipping_method.has_distributor? d) ? 0 : 1, d.name]
-        end
-        # rubocop:enable Style/TernaryParentheses
-      end
-
-      def set_shipping_category
-        return true if params["shipping_method"][:shipping_categories] == ""
-        @shipping_method.shipping_categories =
-          Spree::ShippingCategory.where(id: params["shipping_method"][:shipping_categories])
-        @shipping_method.save
-        params[:shipping_method].delete(:shipping_categories)
-      end
-
-      def set_zones
-        return true if params["shipping_method"][:zones] == ""
-        @shipping_method.zones = Spree::Zone.where(id: params["shipping_method"][:zones])
-        @shipping_method.save
-        params[:shipping_method].delete(:zones)
-      end
-
-      def location_after_save
-        edit_admin_shipping_method_path(@shipping_method)
-      end
-
-      def load_data
-        @available_zones = Zone.order(:name)
-        @calculators = ShippingMethod.calculators.sort_by(&:name)
-      end
-    end
-  end
-end

app/controllers/spree/admin/shipping_methods_controller_decorator.rb

@@ -0,0 +1,42 @@
+module Spree
+  module Admin
+    ShippingMethodsController.class_eval do
+      before_filter :do_not_destroy_referenced_shipping_methods, only: :destroy
+      before_filter :load_hubs, only: [:new, :edit, :create, :update]
+
+      # Sort shipping methods by distributor name
+      def collection
+        collection = super
+        collection = collection.managed_by(spree_current_user).by_name
+
+        if params.key? :enterprise_id
+          distributor = Enterprise.find params[:enterprise_id]
+          collection = collection.for_distributor(distributor)
+        end
+
+        collection
+      end
+
+      # Spree allows soft deletes of shipping_methods but our reports are not adapted to that
+      #   Here we prevent the deletion (even soft) of shipping_methods that are referenced in orders
+      def do_not_destroy_referenced_shipping_methods
+        order = Order.joins(shipments: :shipping_rates)
+          .where( spree_shipping_rates: { shipping_method_id: @object } )
+          .first
+        return unless order
+        flash[:error] = I18n.t(:shipping_method_destroy_error, number: order.number)
+        redirect_to(collection_url) && return
+      end
+
+      private
+
+      def load_hubs
+        # rubocop:disable Style/TernaryParentheses
+        @hubs = Enterprise.managed_by(spree_current_user).is_distributor.sort_by! do |d|
+          [(@shipping_method.has_distributor? d) ? 0 : 1, d.name]
+        end
+        # rubocop:enable Style/TernaryParentheses
+      end
+    end
+  end
+end

app/controllers/spree/admin/states_controller.rb

@@ -1,29 +0,0 @@
-module Spree
-  module Admin
-    class StatesController < ResourceController
-      belongs_to 'spree/country'
-      before_filter :load_data
-
-      def index
-        respond_with(@collection) do |format|
-          format.html
-          format.js { render partial: 'state_list' }
-        end
-      end
-
-      protected
-
-      def location_after_save
-        admin_country_states_url(@country)
-      end
-
-      def collection
-        super.order(:name)
-      end
-
-      def load_data
-        @countries = Country.order(:name)
-      end
-    end
-  end
-end

app/controllers/spree/admin/tax_categories_controller.rb

@@ -1,19 +0,0 @@
-module Spree
-  module Admin
-    class TaxCategoriesController < ResourceController
-      def destroy
-        if @object.destroy
-          flash[:success] = flash_message_for(@object, :successfully_removed)
-          respond_with(@object) do |format|
-            format.html { redirect_to collection_url }
-            format.js   { render partial: "spree/admin/shared/destroy" }
-          end
-        else
-          respond_with(@object) do |format|
-            format.html { redirect_to collection_url }
-          end
-        end
-      end
-    end
-  end
-end

app/controllers/spree/admin/tax_rates_controller.rb

@@ -1,26 +0,0 @@
-module Spree
-  module Admin
-    class TaxRatesController < ResourceController
-      before_filter :load_data
-
-      update.after :update_after
-      create.after :create_after
-
-      private
-
-      def load_data
-        @available_zones = Zone.order(:name)
-        @available_categories = TaxCategory.order(:name)
-        @calculators = TaxRate.calculators.sort_by(&:name)
-      end
-
-      def update_after
-        Rails.cache.delete('vat_rates')
-      end
-
-      def create_after
-        Rails.cache.delete('vat_rates')
-      end
-    end
-  end
-end

app/controllers/spree/admin/tax_settings_controller.rb

@@ -1,15 +0,0 @@
-module Spree
-  module Admin
-    class TaxSettingsController < Spree::Admin::BaseController
-      def update
-        Spree::Config.set(params[:preferences])
-
-        respond_to do |format|
-          format.html {
-            redirect_to edit_admin_tax_settings_path
-          }
-        end
-      end
-    end
-  end
-end

app/controllers/spree/admin/taxonomies_controller.rb

@@ -1,21 +0,0 @@
-module Spree
-  module Admin
-    class TaxonomiesController < ResourceController
-      respond_to :json, :only => [:get_children]
-
-      def get_children
-        @taxons = Taxon.find(params[:parent_id]).children
-      end
-
-      private
-
-      def location_after_save
-        if @taxonomy.created_at == @taxonomy.updated_at
-          edit_admin_taxonomy_url(@taxonomy)
-        else
-          admin_taxonomies_url
-        end
-      end
-    end
-  end
-end

app/controllers/spree/admin/taxons_controller.rb

@@ -1,118 +0,0 @@
-module Spree
-  module Admin
-    class TaxonsController < Spree::Admin::BaseController
-      respond_to :html, :json, :js
-
-      def search
-        if params[:ids]
-          @taxons = Spree::Taxon.where(id: params[:ids].split(','))
-        else
-          @taxons = Spree::Taxon.limit(20).search(name_cont: params[:q]).result
-        end
-      end
-
-      def create
-        @taxonomy = Taxonomy.find(params[:taxonomy_id])
-        @taxon = @taxonomy.taxons.build(params[:taxon])
-        if @taxon.save
-          respond_with(@taxon) do |format|
-            format.json { render json: @taxon.to_json }
-          end
-        else
-          flash[:error] = Spree.t('errors.messages.could_not_create_taxon')
-          respond_with(@taxon) do |format|
-            format.html do
-              if redirect_to @taxonomy
-                edit_admin_taxonomy_url(@taxonomy)
-              else
-                admin_taxonomies_url
-              end
-            end
-          end
-        end
-      end
-
-      def edit
-        @taxonomy = Taxonomy.find(params[:taxonomy_id])
-        @taxon = @taxonomy.taxons.find(params[:id])
-        @permalink_part = @taxon.permalink.split("/").last
-      end
-
-      def update
-        @taxonomy = Taxonomy.find(params[:taxonomy_id])
-        @taxon = @taxonomy.taxons.find(params[:id])
-        parent_id = params[:taxon][:parent_id]
-        new_position = params[:taxon][:position]
-
-        if parent_id || new_position # taxon is being moved
-          new_parent = parent_id.nil? ? @taxon.parent : Taxon.find(parent_id.to_i)
-          new_position = new_position.nil? ? -1 : new_position.to_i
-
-          # Bellow is a very complicated way of finding where in nested set we
-          # should actually move the taxon to achieve sane results,
-          # JS is giving us the desired position, which was awesome for previous setup,
-          # but now it's quite complicated to find where we should put it as we have
-          # to differenciate between moving to the same branch, up down and into
-          # first position.
-          new_siblings = new_parent.children
-          if new_position <= 0 && new_siblings.empty?
-            @taxon.move_to_child_of(new_parent)
-          elsif new_parent.id != @taxon.parent_id
-            if new_position.zero?
-              @taxon.move_to_left_of(new_siblings.first)
-            else
-              @taxon.move_to_right_of(new_siblings[new_position - 1])
-            end
-          elsif new_position < new_siblings.index(@taxon)
-            @taxon.move_to_left_of(new_siblings[new_position]) # we move up
-          else
-            @taxon.move_to_right_of(new_siblings[new_position - 1]) # we move down
-          end
-          # Reset legacy position, if any extensions still rely on it
-          new_parent.children.reload.each{ |t| t.update_column(:position, t.position) }
-
-          if parent_id
-            @taxon.reload
-            @taxon.set_permalink
-            @taxon.save!
-            @update_children = true
-          end
-        end
-
-        if params.key? "permalink_part"
-          parent_permalink = @taxon.permalink.split("/")[0...-1].join("/")
-          parent_permalink += "/" if parent_permalink.present?
-          params[:taxon][:permalink] = parent_permalink + params[:permalink_part]
-        end
-        # check if we need to rename child taxons if parent name or permalink changes
-        if params[:taxon][:name] != @taxon.name || params[:taxon][:permalink] != @taxon.permalink
-          @update_children = true
-        end
-
-        if @taxon.update_attributes(params[:taxon])
-          flash[:success] = flash_message_for(@taxon, :successfully_updated)
-        end
-
-        # rename child taxons
-        if @update_children
-          @taxon.descendants.each do |taxon|
-            taxon.reload
-            taxon.set_permalink
-            taxon.save!
-          end
-        end
-
-        respond_with(@taxon) do |format|
-          format.html { redirect_to edit_admin_taxonomy_url(@taxonomy) }
-          format.json { render json: @taxon.to_json }
-        end
-      end
-
-      def destroy
-        @taxon = Taxon.find(params[:id])
-        @taxon.destroy
-        respond_with(@taxon) { |format| format.json { render json: '' } }
-      end
-    end
-  end
-end

app/controllers/spree/admin/users_controller.rb

@@ -46,26 +46,21 @@ module Spree
             @user.spree_roles = roles.reject(&:blank?).collect{ |r| Spree::Role.find(r) }
           end
 
-          message = if new_email_unconfirmed?
-                      Spree.t(:email_updated)
-                    else
-                      Spree.t(:account_updated)
-                    end
-          flash.now[:success] = message
+          flash.now[:success] = Spree.t(:account_updated)
         end
         render :edit
       end
 
       def generate_api_key
         if @user.generate_spree_api_key!
-          flash[:success] = t('spree.api.key_generated')
+          flash[:success] = Spree.t('api.key_generated')
         end
         redirect_to edit_admin_user_path(@user)
       end
 
       def clear_api_key
         if @user.clear_spree_api_key!
-          flash[:success] = t('spree.api.key_cleared')
+          flash[:success] = Spree.t('api.key_cleared')
         end
         redirect_to edit_admin_user_path(@user)
       end
@@ -131,10 +126,6 @@ module Spree
       def load_roles
         @roles = Spree::Role.scoped
       end
-
-      def new_email_unconfirmed?
-        params[:user][:email] != @user.email
-      end
     end
   end
 end

app/controllers/spree/admin/zones_controller.rb

@@ -1,26 +0,0 @@
-module Spree
-  module Admin
-    class ZonesController < ResourceController
-      before_filter :load_data, except: [:index]
-
-      def new
-        @zone.zone_members.build
-      end
-
-      protected
-
-      def collection
-        params[:q] ||= {}
-        params[:q][:s] ||= "ascend_by_name"
-        @search = super.ransack(params[:q])
-        @zones = @search.result.page(params[:page]).per(Spree::Config[:orders_per_page])
-      end
-
-      def load_data
-        @countries = Country.order(:name)
-        @states = State.order(:name)
-        @zones = Zone.order(:name)
-      end
-    end
-  end
-end

app/controllers/spree/api/line_items_controller_decorator.rb

@@ -0,0 +1,13 @@
+Spree::Api::LineItemsController.class_eval do
+  around_filter :apply_enterprise_fees_with_lock, only: :update
+
+  private
+
+  def apply_enterprise_fees_with_lock
+    authorize! :read, order
+    order.with_lock do
+      yield
+      order.update_distribution_charge!
+    end
+  end
+end

app/controllers/spree/api/products_controller_decorator.rb

@@ -0,0 +1,86 @@
+require 'open_food_network/permissions'
+
+Spree::Api::ProductsController.class_eval do
+  def managed
+    authorize! :admin, Spree::Product
+    authorize! :read, Spree::Product
+
+    @products = product_scope.ransack(params[:q]).result.managed_by(current_api_user).page(params[:page]).per(params[:per_page])
+    respond_with(@products, default_template: :index)
+  end
+
+  # TODO: This should be named 'managed'. Is the action above used? Maybe we should remove it.
+  def bulk_products
+    @products = OpenFoodNetwork::Permissions.new(current_api_user).editable_products.
+      merge(product_scope).
+      order('created_at DESC').
+      ransack(params[:q]).result.
+      page(params[:page]).per(params[:per_page])
+
+    render_paged_products @products
+  end
+
+  def overridable
+    producers = OpenFoodNetwork::Permissions.new(current_api_user).
+      variant_override_producers.by_name
+
+    @products = paged_products_for_producers producers
+
+    render_paged_products @products
+  end
+
+  def soft_delete
+    authorize! :delete, Spree::Product
+    @product = find_product(params[:product_id])
+    authorize! :delete, @product
+    @product.destroy
+    respond_with(@product, status: 204)
+  end
+
+  # POST /api/products/:product_id/clone
+  #
+  def clone
+    authorize! :create, Spree::Product
+    original_product = find_product(params[:product_id])
+    authorize! :update, original_product
+
+    @product = original_product.duplicate
+
+    respond_with(@product, status: 201, default_template: :show)
+  end
+
+  private
+
+  # Copied and modified from Spree::Api::BaseController to allow
+  # enterprise users to access inactive products
+  def product_scope
+    if current_api_user.has_spree_role?("admin") || current_api_user.enterprises.present? # This line modified
+      scope = Spree::Product
+      if params[:show_deleted]
+        scope = scope.with_deleted
+      end
+    else
+      scope = Spree::Product.active
+    end
+
+    scope.includes(:master)
+  end
+
+  def paged_products_for_producers(producers)
+    Spree::Product.scoped.
+      merge(product_scope).
+      where(supplier_id: producers).
+      by_producer.by_name.
+      ransack(params[:q]).result.
+      page(params[:page]).per(params[:per_page])
+  end
+
+  def render_paged_products(products)
+    serializer = ActiveModel::ArraySerializer.new(
+      products,
+      each_serializer: Api::Admin::ProductSerializer
+    )
+
+    render text: { products: serializer, pages: products.num_pages }.to_json
+  end
+end

app/controllers/spree/api/shipments_controller_decorator.rb

@@ -0,0 +1,47 @@
+require 'open_food_network/scope_variant_to_hub'
+
+Spree::Api::ShipmentsController.class_eval do
+  def create
+    variant = scoped_variant(params[:variant_id])
+    quantity = params[:quantity].to_i
+    @shipment = get_or_create_shipment(params[:stock_location_id])
+
+    @order.contents.add(variant, quantity, nil, @shipment)
+
+    @shipment.refresh_rates
+    @shipment.save!
+
+    respond_with(@shipment.reload, default_template: :show)
+  end
+
+  def add
+    variant = scoped_variant(params[:variant_id])
+    quantity = params[:quantity].to_i
+
+    @order.contents.add(variant, quantity, nil, @shipment)
+
+    respond_with(@shipment, default_template: :show)
+  end
+
+  def remove
+    variant = scoped_variant(params[:variant_id])
+    quantity = params[:quantity].to_i
+
+    @order.contents.remove(variant, quantity, @shipment)
+    @shipment.reload if @shipment.persisted?
+
+    respond_with(@shipment, default_template: :show)
+  end
+
+  private
+
+  def scoped_variant(variant_id)
+    variant = Spree::Variant.find(variant_id)
+    OpenFoodNetwork::ScopeVariantToHub.new(@order.distributor).scope(variant)
+    variant
+  end
+
+  def get_or_create_shipment(stock_location_id)
+    @order.shipment || @order.shipments.create(stock_location_id: stock_location_id)
+  end
+end

app/controllers/spree/api/users_controller.rb

@@ -0,0 +1,7 @@
+module Spree
+  module Api
+    class UsersController < Spree::Api::BaseController
+      respond_to :json
+    end
+  end
+end

app/controllers/spree/api/variants_controller_decorator.rb

@@ -0,0 +1,9 @@
+Spree::Api::VariantsController.class_eval do
+  def soft_delete
+    @variant = scope.find(params[:variant_id])
+    authorize! :delete, @variant
+
+    VariantDeleter.new.delete(@variant)
+    respond_with @variant, status: 204
+  end
+end

app/controllers/spree/checkout_controller.rb

@@ -29,7 +29,7 @@ module Spree
 
     def load_order
       @order = current_order
-      redirect_to(main_app.cart_path) && return unless @order
+      redirect_to main_app.cart_path && return unless @order
 
       if params[:state]
         redirect_to checkout_state_path(@order.state) if @order.can_go_to_state?(params[:state])

app/controllers/spree/user_sessions_controller.rb

@@ -38,6 +38,10 @@ module Spree
       end
     end
 
+    def nav_bar
+      render partial: 'spree/shared/nav_bar'
+    end
+
     private
 
     def accurate_title

app/helpers/spree/admin/general_settings_helper.rb

@@ -1,13 +0,0 @@
-module Spree
-  module Admin
-    module GeneralSettingsHelper
-      def currency_options
-        currencies = ::Money::Currency.table.map do |_code, details|
-          iso = details[:iso_code]
-          [iso, "#{details[:name]} (#{iso})"]
-        end
-        options_from_collection_for_select(currencies, :first, :last, Spree::Config[:currency])
-      end
-    end
-  end
-end

app/helpers/spree/admin/taxons_helper.rb

@@ -1,9 +0,0 @@
-module Spree
-  module Admin
-    module TaxonsHelper
-      def taxon_path(taxon)
-        taxon.ancestors.reverse.collect(&:name).join( " >> ")
-      end
-    end
-  end
-end

app/helpers/spree/api/api_helpers.rb

@@ -1,120 +0,0 @@
-module Spree
-  module Api
-    module ApiHelpers
-      def required_fields_for(model)
-        required_fields = model._validators.select do |_field, validations|
-          validations.any? { |v| v.is_a?(ActiveModel::Validations::PresenceValidator) }
-        end.map(&:first) # get fields that are invalid
-        # Permalinks presence is validated, but are really automatically generated
-        # Therefore we shouldn't tell API clients that they MUST send one through
-        required_fields.map!(&:to_s).delete("permalink")
-        required_fields
-      end
-
-      def product_attributes
-        [:id, :name, :description, :price, :available_on, :permalink, :meta_description,
-         :meta_keywords, :shipping_category_id, :taxon_ids]
-      end
-
-      def product_property_attributes
-        [:id, :product_id, :property_id, :value, :property_name]
-      end
-
-      def variant_attributes
-        [:id, :name, :sku, :price, :weight, :height, :width, :depth,
-         :is_master, :cost_price, :permalink]
-      end
-
-      def image_attributes
-        [:id, :position, :attachment_content_type, :attachment_file_name,
-         :type, :attachment_updated_at, :attachment_width, :attachment_height, :alt]
-      end
-
-      def option_value_attributes
-        [:id, :name, :presentation, :option_type_name, :option_type_id]
-      end
-
-      def order_attributes
-        [:id, :number, :item_total, :total, :state, :adjustment_total, :user_id,
-         :created_at, :updated_at, :completed_at, :payment_total,
-         :shipment_state, :payment_state, :email, :special_instructions, :token]
-      end
-
-      def line_item_attributes
-        [:id, :quantity, :price, :variant_id]
-      end
-
-      def option_type_attributes
-        [:id, :name, :presentation, :position]
-      end
-
-      def payment_attributes
-        [:id, :source_type, :source_id, :amount, :payment_method_id,
-         :response_code, :state, :avs_response, :created_at, :updated_at]
-      end
-
-      def payment_method_attributes
-        [:id, :name, :description]
-      end
-
-      def shipment_attributes
-        [:id, :tracking, :number, :cost, :shipped_at, :state]
-      end
-
-      def taxonomy_attributes
-        [:id, :name]
-      end
-
-      def taxon_attributes
-        [:id, :name, :pretty_name, :permalink, :position, :parent_id, :taxonomy_id]
-      end
-
-      def inventory_unit_attributes
-        [:id, :lock_version, :state, :variant_id, :shipment_id, :return_authorization_id]
-      end
-
-      def return_authorization_attributes
-        [:id, :number, :state, :amount, :order_id, :reason, :created_at, :updated_at]
-      end
-
-      def country_attributes
-        [:id, :iso_name, :iso, :iso3, :name, :numcode]
-      end
-
-      def state_attributes
-        [:id, :name, :abbr, :country_id]
-      end
-
-      def adjustment_attributes
-        [:id, :source_type, :source_id, :adjustable_type, :adjustable_id, :originator_type,
-         :originator_id, :amount, :label, :mandatory, :locked, :eligible, :created_at, :updated_at]
-      end
-
-      def creditcard_attributes
-        [:id, :month, :year, :cc_type, :last_digits, :first_name, :last_name,
-         :gateway_customer_profile_id, :gateway_payment_profile_id]
-      end
-
-      def user_attributes
-        [:id, :email, :created_at, :updated_at]
-      end
-
-      def property_attributes
-        [:id, :name, :presentation]
-      end
-
-      def stock_location_attributes
-        [:id, :name, :address1, :address2, :city,
-         :state_id, :state_name, :country_id, :zipcode, :phone, :active]
-      end
-
-      def stock_movement_attributes
-        [:id, :quantity, :stock_item_id]
-      end
-
-      def stock_item_attributes
-        [:id, :count_on_hand, :backorderable, :lock_version, :stock_location_id, :variant_id]
-      end
-    end
-  end
-end

app/jobs/products_cache_integrity_checker_job.rb

@@ -0,0 +1,30 @@
+require 'open_food_network/products_cache_integrity_checker'
+
+ProductsCacheIntegrityCheckerJob = Struct.new(:distributor_id, :order_cycle_id) do
+  def perform
+    unless checker.ok?
+      exception = RuntimeError.new(
+        "Products JSON differs from cached version for distributor: #{distributor_id}, " \
+        "order cycle: #{order_cycle_id}"
+      )
+
+      Bugsnag.notify(exception) do |report|
+        report.add_tab(:products_cache, diff: checker.diff.to_s(:text))
+      end
+    end
+  end
+
+  private
+
+  def checker
+    OpenFoodNetwork::ProductsCacheIntegrityChecker.new(distributor, order_cycle)
+  end
+
+  def distributor
+    Enterprise.find distributor_id
+  end
+
+  def order_cycle
+    OrderCycle.find order_cycle_id
+  end
+end

app/jobs/refresh_products_cache_job.rb

@@ -0,0 +1,21 @@
+require 'open_food_network/products_renderer'
+
+RefreshProductsCacheJob = Struct.new(:distributor_id, :order_cycle_id) do
+  def perform
+    Rails.cache.write(key, products_json)
+  rescue ActiveRecord::RecordNotFound
+    true
+  end
+
+  private
+
+  def key
+    "products-json-#{distributor_id}-#{order_cycle_id}"
+  end
+
+  def products_json
+    distributor = Enterprise.find distributor_id
+    order_cycle = OrderCycle.find order_cycle_id
+    OpenFoodNetwork::ProductsRenderer.new(distributor, order_cycle).products_json
+  end
+end

app/models/calculator/weight.rb

@@ -13,43 +13,8 @@ module Calculator
 
     def compute(object)
       line_items = line_items_for object
-      (total_weight(line_items) * preferred_per_kg).round(2)
-    end
-
-    private
-
-    def total_weight(line_items)
-      line_items.sum do |line_item|
-        line_item_weight(line_item)
-      end
-    end
-
-    def line_item_weight(line_item)
-      if line_item.final_weight_volume.present?
-        weight_per_final_weight_volume(line_item)
-      else
-        weight_per_variant(line_item) * line_item.quantity
-      end
-    end
-
-    def weight_per_variant(line_item)
-      line_item.variant.andand.weight || 0
-    end
-
-    def weight_per_final_weight_volume(line_item)
-      if line_item.variant.product.andand.variant_unit == 'weight'
-        # Divided by 1000 because grams is the base weight unit and the calculator price is per_kg
-        line_item.final_weight_volume / 1000.0
-      else
-        weight_per_variant(line_item) * quantity_implied_in_final_weight_volume(line_item)
-      end
-    end
-
-    #  Example: 2 (line_item.quantity) wine glasses of 125mL (line_item.variant.unit_value)
-    #    Customer ends up getting 350mL (line_item.final_weight_volume) of wine
-    #      that represent 2.8 (quantity_implied_in_final_weight_volume) glasses of wine
-    def quantity_implied_in_final_weight_volume(line_item)
-      (1.0 * line_item.final_weight_volume / line_item.variant.unit_value).round(3)
+      total_weight = line_items.sum { |li| ((li.variant.andand.weight || 0) * li.quantity) }
+      total_weight * preferred_per_kg
     end
   end
 end

app/models/concerns/order_shipment.rb

@@ -19,7 +19,7 @@ module OrderShipment
   #
   # @return [ShippingMethod]
   def shipping_method
-    return if shipments.blank?
+    return if shipments.empty?
     shipments.first.shipping_method
   end
 

app/models/concerns/variant_stock.rb

@@ -25,21 +25,36 @@ module VariantStock
   #
   # @return [Float|Integer]
   def on_hand
+    warn_deprecation(__method__, '#total_on_hand')
+
     total_on_hand
   end
 
   # Sets the stock level of the variant.
-  # This will only work if there is a stock item for the variant.
+  # This will only work if `track_inventory_levels` config is set
+  #   and if there is a stock item for the variant.
   #
-  # @raise [StandardError] when the variant has no stock item
+  # @raise [StandardError] when the track_inventory_levels config key is not set
+  #   and when the variant has no stock item
   def on_hand=(new_level)
+    warn_deprecation(__method__, '#total_on_hand')
+
+    error = 'Cannot set on_hand value when Spree::Config[:track_inventory_levels] is false'
+    raise error unless Spree::Config.track_inventory_levels
+
     raise_error_if_no_stock_item_available
 
     overwrite_stock_levels(new_level)
   end
 
   # Checks whether this variant is produced on demand.
+  #
+  # In Spree 2.0 this attribute is removed in favour of
+  # track_inventory_levels only. It was initially introduced in
+  # https://github.com/openfoodfoundation/spree/commit/20b5ad9835dca7f41a40ad16c7b45f987eea6dcc
   def on_demand
+    warn_deprecation(__method__, 'StockItem#backorderable?')
+
     # A variant that has not been saved yet, doesn't have a stock item
     #   This provides a default value for variant.on_demand using Spree::StockLocation.backorderable_default
     return Spree::StockLocation.first.backorderable_default if stock_items.empty?
@@ -54,6 +69,8 @@ module VariantStock
   #
   # @raise [StandardError] when the variant has no stock item yet
   def on_demand=(new_value)
+    warn_deprecation(__method__, 'StockItem#backorderable=')
+
     raise_error_if_no_stock_item_available
 
     # There should be only one at the default stock location.
@@ -72,6 +89,8 @@ module VariantStock
   # Here we depend only on variant.total_on_hand and variant.on_demand.
   #   This way, variant_overrides only need to override variant.total_on_hand and variant.on_demand.
   def can_supply?(quantity)
+    return true unless Spree::Config[:track_inventory_levels]
+
     on_demand || total_on_hand >= quantity
   end
 
@@ -81,13 +100,13 @@ module VariantStock
   # Here we depend only on variant.total_on_hand and variant.on_demand.
   #   This way, variant_overrides only need to override variant.total_on_hand and variant.on_demand.
   def fill_status(quantity)
-    on_hand = if total_on_hand >= quantity || on_demand
-                quantity
-              else
-                [0, total_on_hand].max
-              end
-
-    backordered = 0
+    if on_hand >= quantity
+      on_hand = quantity
+      backordered = 0
+    else
+      on_hand = [0, total_on_hand].max
+      backordered = on_demand ? (quantity - on_hand) : 0
+    end
 
     [on_hand, backordered]
   end
@@ -98,9 +117,6 @@ module VariantStock
   def move(quantity, originator = nil)
     raise_error_if_no_stock_item_available
 
-    # Don't change variant stock if variant is on_demand
-    return if on_demand
-
     # Creates a stock movement: it updates stock_item.count_on_hand and fills backorders
     #
     # This is the original Spree::StockLocation#move,
@@ -139,4 +155,11 @@ module VariantStock
   def stock_item
     stock_items.first
   end
+
+  def warn_deprecation(method_name, new_method_name)
+    ActiveSupport::Deprecation.warn(
+      "`##{method_name}` is deprecated and will be removed. " \
+      "Please use `#{new_method_name}` instead."
+    )
+  end
 end

app/models/coordinator_fee.rb

@@ -1,4 +1,13 @@
 class CoordinatorFee < ActiveRecord::Base
   belongs_to :order_cycle
   belongs_to :enterprise_fee
+
+  after_save :refresh_products_cache
+  after_destroy :refresh_products_cache
+
+  private
+
+  def refresh_products_cache
+    order_cycle.refresh_products_cache
+  end
 end

app/models/enterprise.rb

@@ -90,6 +90,7 @@ class Enterprise < ActiveRecord::Base
   validates :permalink, uniqueness: true, presence: true
   validate :shopfront_taxons
   validate :enforce_ownership_limit, if: lambda { owner_id_changed? && !owner_id.nil? }
+  validates :description, length: { maximum: 255 }
 
   before_validation :initialize_permalink, if: lambda { permalink.nil? }
   before_validation :ensure_owner_is_manager, if: lambda { owner_id_changed? && !owner_id.nil? }

app/models/enterprise_fee.rb

@@ -10,6 +10,10 @@ class EnterpriseFee < ActiveRecord::Base
   has_many :exchange_fees, dependent: :destroy
   has_many :exchanges, through: :exchange_fees
 
+  after_save :refresh_products_cache
+  # After destroy, the products cache is refreshed via the after_destroy hook for
+  # coordinator_fees and exchange_fees
+
   attr_accessible :enterprise_id, :fee_type, :name, :tax_category_id, :calculator_type, :inherits_tax_category
 
   FEE_TYPES = %w(packing transport admin sales fundraising).freeze
@@ -55,4 +59,8 @@ class EnterpriseFee < ActiveRecord::Base
     end
     true
   end
+
+  def refresh_products_cache
+    OpenFoodNetwork::ProductsCache.enterprise_fee_changed self
+  end
 end

app/models/exchange.rb

@@ -23,6 +23,9 @@ class Exchange < ActiveRecord::Base
   validates :order_cycle, :sender, :receiver, presence: true
   validates :sender_id, uniqueness: { scope: [:order_cycle_id, :receiver_id, :incoming] }
 
+  after_save :refresh_products_cache
+  after_destroy :refresh_products_cache_from_destroy
+
   accepts_nested_attributes_for :variants
 
   scope :in_order_cycle, lambda { |order_cycle| where(order_cycle_id: order_cycle) }
@@ -95,4 +98,12 @@ class Exchange < ActiveRecord::Base
   def participant
     incoming? ? sender : receiver
   end
+
+  def refresh_products_cache
+    OpenFoodNetwork::ProductsCache.exchange_changed self
+  end
+
+  def refresh_products_cache_from_destroy
+    OpenFoodNetwork::ProductsCache.exchange_destroyed self
+  end
 end

app/models/exchange_fee.rb

@@ -1,4 +1,13 @@
 class ExchangeFee < ActiveRecord::Base
   belongs_to :exchange
   belongs_to :enterprise_fee
+
+  after_save :refresh_products_cache
+  after_destroy :refresh_products_cache
+
+  private
+
+  def refresh_products_cache
+    exchange.refresh_products_cache
+  end
 end

app/models/inventory_item.rb

@@ -1,3 +1,5 @@
+require 'open_food_network/products_cache'
+
 class InventoryItem < ActiveRecord::Base
   attr_accessible :enterprise, :enterprise_id, :variant, :variant_id, :visible
 
@@ -11,4 +13,12 @@ class InventoryItem < ActiveRecord::Base
 
   scope :visible, -> { where(visible: true) }
   scope :hidden, -> { where(visible: false) }
+
+  after_save :refresh_products_cache
+
+  private
+
+  def refresh_products_cache
+    OpenFoodNetwork::ProductsCache.inventory_item_changed self
+  end
 end

app/models/order_cycle.rb

@@ -23,6 +23,8 @@ class OrderCycle < ActiveRecord::Base
   validates :name, :coordinator_id, presence: true
   validate :orders_close_at_after_orders_open_at?
 
+  after_save :refresh_products_cache
+
   preference :product_selection_from_coordinator_inventory_only, :boolean, default: false
 
   scope :active, lambda {
@@ -245,6 +247,10 @@ class OrderCycle < ActiveRecord::Base
     coordinator.users.include? user
   end
 
+  def refresh_products_cache
+    OpenFoodNetwork::ProductsCache.order_cycle_changed self
+  end
+
   def items_bought_by_user(user, distributor)
     # The Spree::Order.complete scope only checks for completed_at date
     #   it does not ensure state is "complete"

app/models/producer_property.rb

@@ -4,6 +4,9 @@ class ProducerProperty < ActiveRecord::Base
 
   default_scope order("#{table_name}.position")
 
+  after_save :refresh_products_cache
+  after_destroy :refresh_products_cache_from_destroy
+
   scope :ever_sold_by, ->(shop) {
     joins(producer: { supplied_products: { variants: { exchanges: :order_cycle } } }).
       merge(Exchange.outgoing).
@@ -26,4 +29,14 @@ class ProducerProperty < ActiveRecord::Base
                       Spree::Property.create(name: name, presentation: name)
     end
   end
+
+  private
+
+  def refresh_products_cache
+    OpenFoodNetwork::ProductsCache.producer_property_changed self
+  end
+
+  def refresh_products_cache_from_destroy
+    OpenFoodNetwork::ProductsCache.producer_property_destroyed self
+  end
 end

app/models/spree/ability_decorator.rb

@@ -207,15 +207,12 @@ class AbilityDecorator
   end
 
   def add_order_management_abilities(user)
+    # Enterprise User can only access orders that they are a distributor for
     can [:index, :create], Spree::Order
     can [:read, :update, :fire, :resend, :invoice, :print, :print_ticket], Spree::Order do |order|
       # We allow editing orders with a nil distributor as this state occurs
       # during the order creation process from the admin backend
-      order.distributor.nil? ||
-        # Enterprise User can access orders that they are a distributor for
-        user.enterprises.include?(order.distributor) ||
-        # Enterprise User can access orders that are placed inside a OC they coordinate
-        order.order_cycle.andand.coordinated_by?(user)
+      order.distributor.nil? || user.enterprises.include?(order.distributor) || order.order_cycle.andand.coordinated_by?(user)
     end
     can [:admin, :bulk_management, :managed], Spree::Order do
       user.admin? || user.enterprises.any?(&:is_distributor)

app/models/spree/classification_decorator.rb

@@ -2,9 +2,16 @@ Spree::Classification.class_eval do
   belongs_to :product, class_name: "Spree::Product", touch: true
 
   before_destroy :dont_destroy_if_primary_taxon
+  after_destroy :refresh_products_cache
+  after_save :refresh_products_cache
 
   private
 
+  def refresh_products_cache
+    product = Spree::Product.with_deleted.find(product_id) if product.blank?
+    product.refresh_products_cache
+  end
+
   def dont_destroy_if_primary_taxon
     if product.primary_taxon == taxon
       errors.add :base, I18n.t(:spree_classification_primary_taxon_error, taxon: taxon.name, product: product.name)

app/models/spree/image_decorator.rb

@@ -1,4 +1,7 @@
 Spree::Image.class_eval do
+  after_save :refresh_products_cache
+  after_destroy :refresh_products_cache
+
   # Spree stores attachent definitions in JSON. This converts the style name and format to
   # strings. However, when paperclip encounters these, it doesn't recognise the format.
   # Here we solve that problem by converting format and style name to symbols.
@@ -20,4 +23,10 @@ Spree::Image.class_eval do
   end
 
   reformat_styles
+
+  private
+
+  def refresh_products_cache
+    viewable.try :refresh_products_cache
+  end
 end

app/models/spree/option_type_decorator.rb

@@ -1,5 +1,12 @@
 module Spree
   OptionType.class_eval do
     has_many :products, through: :product_option_types
+    after_save :refresh_products_cache
+
+    private
+
+    def refresh_products_cache
+      products(:reload).each(&:refresh_products_cache)
+    end
   end
 end

app/models/spree/option_value_decorator.rb

@@ -0,0 +1,18 @@
+module Spree
+  OptionValue.class_eval do
+    after_save :refresh_products_cache
+    around_destroy :refresh_products_cache_from_destroy
+
+    private
+
+    def refresh_products_cache
+      variants(:reload).each(&:refresh_products_cache)
+    end
+
+    def refresh_products_cache_from_destroy
+      vs = variants(:reload).to_a
+      yield
+      vs.each(&:refresh_products_cache)
+    end
+  end
+end

app/models/spree/preference_decorator.rb

@@ -0,0 +1,30 @@
+require 'open_food_network/products_cache'
+
+module Spree
+  Preference.class_eval do
+    after_save :refresh_products_cache
+
+    # When the setting preferred_product_selection_from_inventory_only has changed, we want to
+    # refresh all active exchanges for this enterprise.
+    def refresh_products_cache
+      if product_selection_from_inventory_only_changed?
+        OpenFoodNetwork::ProductsCache.distributor_changed(enterprise)
+      end
+    end
+
+    private
+
+    def product_selection_from_inventory_only_changed?
+      !!(key =~ product_selection_from_inventory_only_regex)
+    end
+
+    def enterprise
+      enterprise_id = key.match(product_selection_from_inventory_only_regex)[1]
+      Enterprise.find(enterprise_id)
+    end
+
+    def product_selection_from_inventory_only_regex
+      /^enterprise\/product_selection_from_inventory_only\/(\d+)$/
+    end
+  end
+end

app/models/spree/price_decorator.rb

@@ -1,18 +1,11 @@
 module Spree
   Price.class_eval do
-    acts_as_paranoid without_default_scope: true
-
-    # Allow prices to access associated soft-deleted variants.
-    def variant
-      Spree::Variant.unscoped { super }
-    end
+    after_save :refresh_products_cache
 
     private
 
-    def check_price
-      if currency.nil?
-        self.currency = Spree::Config[:currency]
-      end
+    def refresh_products_cache
+      variant.andand.refresh_products_cache
     end
   end
 end

app/models/spree/product_decorator.rb

@@ -38,6 +38,7 @@ Spree::Product.class_eval do
   after_save :remove_previous_primary_taxon_from_taxons
   after_save :ensure_standard_variant
   after_save :update_units
+  after_save :refresh_products_cache
 
   # -- Joins
   scope :with_order_cycles_outer, -> {
@@ -55,12 +56,6 @@ Spree::Product.class_eval do
           ON (o_order_cycles.id = o_exchanges.order_cycle_id)")
   }
 
-  scope :imported_on, lambda { |import_date|
-    import_date = Time.zone.parse import_date if import_date.is_a? String
-    import_date = import_date.to_date
-    joins(:variants).merge(Spree::Variant.where(import_date: import_date.beginning_of_day..import_date.end_of_day))
-  }
-
   scope :with_order_cycles_inner, -> {
     joins(variants_including_master: { exchanges: :order_cycle })
   }
@@ -191,17 +186,23 @@ Spree::Product.class_eval do
 
   def destroy_with_delete_from_order_cycles
     transaction do
-      touch_distributors
+      OpenFoodNetwork::ProductsCache.product_deleted(self) do
+        touch_distributors
 
-      ExchangeVariant.
-        where('exchange_variants.variant_id IN (?)', variants_including_master.with_deleted.
-        select(:id)).destroy_all
+        ExchangeVariant.
+          where('exchange_variants.variant_id IN (?)', variants_including_master.with_deleted.
+          select(:id)).destroy_all
 
-      destroy_without_delete_from_order_cycles
+        destroy_without_delete_from_order_cycles
+      end
     end
   end
   alias_method_chain :destroy, :delete_from_order_cycles
 
+  def refresh_products_cache
+    OpenFoodNetwork::ProductsCache.product_changed self
+  end
+
   private
 
   def set_available_on_to_now

app/models/spree/product_property_decorator.rb

@@ -1,5 +1,10 @@
 module Spree
   ProductProperty.class_eval do
     belongs_to :product, class_name: "Spree::Product", touch: true
+
+    after_save :refresh_products_cache
+    after_destroy :refresh_products_cache
+
+    delegate :refresh_products_cache, to: :product
   end
 end

app/models/spree/product_set.rb

@@ -3,20 +3,6 @@ class Spree::ProductSet < ModelSet
     super(Spree::Product, [], attributes, proc { |attrs| attrs[:product_id].blank? })
   end
 
-  def save
-    @collection_hash.each_value.all? do |product_attributes|
-      update_attributes(product_attributes)
-    end
-  end
-
-  def collection_attributes=(attributes)
-    @collection = Spree::Product
-      .where(id: attributes.each_value.map { |product| product[:id] })
-    @collection_hash = attributes
-  end
-
-  private
-
   # A separate method of updating products was required due to an issue with
   # the way Rails' assign_attributes and updates_attributes behave when
   # delegated attributes of a nested object are updated via the parent object
@@ -33,11 +19,14 @@ class Spree::ProductSet < ModelSet
   def update_attributes(attributes)
     split_taxon_ids!(attributes)
 
-    product = find_model(@collection, attributes[:id])
-    if product.nil?
+    found_model = @collection.find do |model|
+      model.id.to_s == attributes[:id].to_s && model.persisted?
+    end
+
+    if found_model.nil?
       @klass.new(attributes).save unless @reject_if.andand.call(attributes)
     else
-      update_product(product, attributes)
+      update_product(found_model, attributes)
     end
   end
 
@@ -45,34 +34,28 @@ class Spree::ProductSet < ModelSet
     attributes[:taxon_ids] = attributes[:taxon_ids].split(',') if attributes[:taxon_ids].present?
   end
 
-  def update_product(product, attributes)
-    original_supplier = product.supplier_id
-    return false unless update_product_only_attributes(product, attributes)
-    ExchangeVariantDeleter.new.delete(product) if original_supplier != product.supplier_id
-
-    update_product_variants(product, attributes) &&
-      update_product_master(product, attributes)
+  def update_product(found_model, attributes)
+    update_product_only_attributes(found_model, attributes) &&
+      update_product_variants(found_model, attributes) &&
+      update_product_master(found_model, attributes)
   end
 
   def update_product_only_attributes(product, attributes)
     variant_related_attrs = [:id, :variants_attributes, :master_attributes]
     product_related_attrs = attributes.except(*variant_related_attrs)
+
     return true if product_related_attrs.blank?
 
     product.assign_attributes(product_related_attrs)
 
-    validate_presence_of_unit_value_in_product(product)
-
-    product.errors.empty? && product.save
-  end
-
-  def validate_presence_of_unit_value_in_product(product)
     product.variants.each do |variant|
-      validate_presence_of_unit_value_in_variant(product, variant)
+      validate_presence_of_unit_value(product, variant)
     end
+
+    product.save if errors.empty?
   end
 
-  def validate_presence_of_unit_value_in_variant(product, variant)
+  def validate_presence_of_unit_value(product, variant)
     return unless %w(weight volume).include?(product.variant_unit)
     return if variant.unit_value.present?
 
@@ -96,9 +79,12 @@ class Spree::ProductSet < ModelSet
   end
 
   def create_or_update_variant(product, variant_attributes)
-    variant = find_model(product.variants_including_master, variant_attributes[:id])
-    if variant.present?
-      variant.update_attributes(variant_attributes.except(:id))
+    found_variant = product.variants_including_master.find do |variant|
+      variant.id.to_s == variant_attributes[:id].to_s && variant.persisted?
+    end
+
+    if found_variant.present?
+      found_variant.update_attributes(variant_attributes.except(:id))
     else
       create_variant(product, variant_attributes)
     end
@@ -129,9 +115,15 @@ class Spree::ProductSet < ModelSet
     end
   end
 
-  def find_model(collection, model_id)
-    collection.find do |model|
-      model.id.to_s == model_id.to_s && model.persisted?
+  def collection_attributes=(attributes)
+    @collection = Spree::Product
+      .where(id: attributes.each_value.map { |product| product[:id] })
+    @collection_hash = attributes
+  end
+
+  def save
+    @collection_hash.each_value.all? do |product_attributes|
+      update_attributes(product_attributes)
     end
   end
 end

app/models/spree/property_decorator.rb

@@ -20,8 +20,19 @@ module Spree
         merge(OrderCycle.active)
     }
 
+    after_save :refresh_products_cache
+
+    # When a Property is destroyed, dependent-destroy will destroy all ProductProperties,
+    # which will take care of refreshing the products cache
+
     def property
       self
     end
+
+    private
+
+    def refresh_products_cache
+      product_properties(:reload).each(&:refresh_products_cache)
+    end
   end
 end

app/models/spree/shipment_decorator.rb

@@ -32,7 +32,7 @@ module Spree
     # NOTE: This is an override of spree's method, needed to allow orders
     # without line items (ie. user invoices) to not have inventory units
     def require_inventory
-      return false unless line_items.count > 0 # This line altered
+      return false unless Spree::Config[:track_inventory_levels] && line_items.count > 0 # This line altered
       order.completed? && !order.canceled?
     end
   end

app/models/spree/stock_movement_decorator.rb

@@ -0,0 +1,10 @@
+Spree::StockMovement.class_eval do
+  after_save :refresh_products_cache
+
+  private
+
+  def refresh_products_cache
+    return if stock_item.variant.blank?
+    OpenFoodNetwork::ProductsCache.variant_changed stock_item.variant
+  end
+end

app/models/spree/taxon_decorator.rb

@@ -4,6 +4,8 @@ Spree::Taxon.class_eval do
   attachment_definitions[:icon][:path] = 'public/images/spree/taxons/:id/:style/:basename.:extension'
   attachment_definitions[:icon][:url] = '/images/spree/taxons/:id/:style/:basename.:extension'
 
+  after_save :refresh_products_cache
+
   # Indicate which filters should be used for this taxon
   def applicable_filters
     fs = []
@@ -47,4 +49,10 @@ Spree::Taxon.class_eval do
       ts[t.enterprise_id.to_i] << t.id
     end
   end
+
+  private
+
+  def refresh_products_cache
+    products(:reload).each(&:refresh_products_cache)
+  end
 end

app/models/spree/user.rb

@@ -136,16 +136,6 @@ module Spree
       has_spree_role?('admin')
     end
 
-    def generate_spree_api_key!
-      self.spree_api_key = SecureRandom.hex(24)
-      save!
-    end
-
-    def clear_spree_api_key!
-      self.spree_api_key = nil
-      save!
-    end
-
     protected
 
     def password_required?

app/models/spree/variant_decorator.rb

@@ -1,6 +1,7 @@
 require 'open_food_network/enterprise_fee_calculator'
 require 'open_food_network/variant_and_line_item_naming'
 require 'concerns/variant_stock'
+require 'open_food_network/products_cache'
 
 Spree::Variant.class_eval do
   extend Spree::LocalizedNumber
@@ -29,6 +30,7 @@ Spree::Variant.class_eval do
 
   before_validation :update_weight_from_unit_value, if: ->(v) { v.product.present? }
   after_save :update_units
+  after_save :refresh_products_cache
   around_destroy :destruction
 
   scope :with_order_cycles_inner, -> { joins(exchanges: :order_cycle) }
@@ -89,11 +91,6 @@ Spree::Variant.class_eval do
     can_supply?(quantity)
   end
 
-  # Allow variant to access associated soft-deleted prices.
-  def default_price
-    Spree::Price.unscoped { super }
-  end
-
   def price_with_fees(distributor, order_cycle)
     price + fees_for(distributor, order_cycle)
   end
@@ -106,6 +103,14 @@ Spree::Variant.class_eval do
     OpenFoodNetwork::EnterpriseFeeCalculator.new(distributor, order_cycle).fees_by_type_for self
   end
 
+  def refresh_products_cache
+    if is_master?
+      product.refresh_products_cache
+    else
+      OpenFoodNetwork::ProductsCache.variant_changed self
+    end
+  end
+
   private
 
   def update_weight_from_unit_value
@@ -113,7 +118,21 @@ Spree::Variant.class_eval do
   end
 
   def destruction
-    exchange_variants(:reload).destroy_all
-    yield
+    if is_master?
+      exchange_variants(:reload).destroy_all
+      yield
+      product.refresh_products_cache
+
+    else
+      OpenFoodNetwork::ProductsCache.variant_destroyed(self) do
+        # Remove this association here instead of using dependent: :destroy because
+        # dependent-destroy acts before this around_filter is called, so ProductsCache
+        # has no way of knowing which exchanges the variant was a member of.
+        exchange_variants(:reload).destroy_all
+
+        # Destroy the variant
+        yield
+      end
+    end
   end
 end

app/models/subscription_line_item.rb

@@ -10,11 +10,6 @@ class SubscriptionLineItem < ActiveRecord::Base
     (price_estimate || 0) * (quantity || 0)
   end
 
-  # Ensure SubscriptionLineItem always has access to soft-deleted Variant attribute
-  def variant
-    Spree::Variant.unscoped { super }
-  end
-
   # Used to calculators to estimate fees
   alias_method :amount, :total_estimate
 

app/models/variant_override.rb

@@ -12,6 +12,9 @@ class VariantOverride < ActiveRecord::Base
   # Default stock can be nil, indicating stock should not be reset or zero, meaning reset to zero. Need to ensure this can be set by the user.
   validates :default_stock, numericality: { greater_than_or_equal_to: 0 }, allow_nil: true
 
+  after_save :refresh_products_cache_from_save
+  after_destroy :refresh_products_cache_from_destroy
+
   default_scope where(permission_revoked_at: nil)
 
   scope :for_hubs, lambda { |hubs|
@@ -70,4 +73,14 @@ class VariantOverride < ActiveRecord::Base
     end
     self
   end
+
+  private
+
+  def refresh_products_cache_from_save
+    OpenFoodNetwork::ProductsCache.variant_override_changed self
+  end
+
+  def refresh_products_cache_from_destroy
+    OpenFoodNetwork::ProductsCache.variant_override_destroyed self
+  end
 end

app/overrides/admin_tab.rb

@@ -0,0 +1,6 @@
+Deface::Override.new(virtual_path: "spree/layouts/admin",
+                     name: "user_admin_tabs",
+                     insert_bottom: "[data-hook='admin_tabs'], #admin_tabs[data-hook]",
+                     partial: "spree/admin/users_tab",
+                     disabled: false,
+                     original: '031652cf5a054796022506622082ab6d2693699f')