Restore old pagination API for products

It's still used by the inventory page. This is an easy fix that I can deploy without risk. A rewrite of the inventory pagination should follow.
Ignore block length cop for feature and scenario
2026-01-13 18:46:49 +00:00 · 2019-09-09 14:51:44 +10:00 · 2019-09-09 14:51:44 +10:00
603 changed files with 9230 additions and 28889 deletions
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,66 @@
+<!-- Provide a general summary of the issue in the Title above.
+
+If your issue is not a bug, please use the Feature template instead:
+https://github.com/openfoodfoundation/openfoodnetwork/wiki/Feature-template
+
+-->
+## Description
+<!-- Provide a more detailed introduction to the issue itself, and why you consider it to be a bug -->
+
+
+
+## Expected Behavior
+<!-- Tell us what should happen -->
+
+
+
+## Actual Behavior
+<!-- Tell us what happens instead -->
+
+
+
+## Steps to Reproduce
+<!-- Provide an unambiguous set of steps to reproduce this bug -->
+<!-- Include code to reproduce if relevant -->
+
+1.
+2.
+3.
+4.
+
+## Animated Gif/Screenshot
+<!-- Provide a screenshot or brief animated gif reproducing the bug. Linux users can use
+[Peek](https://github.com/phw/peek#ubuntu) while Mac users can use [Recordit](http://recordit.co/) -->
+
+
+
+## Context
+<!-- How has this bug affected you? What were you trying to accomplish? -->
+
+
+
+## Severity
+<!-- Assign a label and explain the impact.
+
+bug-s1: a critical feature is broken: checkout, payments, signup, login
+bug-s2: a non-critical feature is broken, no workaround
+bug-s3: a feature is broken but there is a workaround
+bug-s4: it's annoying, but you can use it
+bug-s5: we can live with it, only a few users impacted
+
+https://github.com/openfoodfoundation/openfoodnetwork/wiki/Bug-severity
+-->
+
+
+
+## Your Environment
+<!-- Include relevant details about the environment you experienced the bug in -->
+
+* Version used:
+* Browser name and version:
+* Operating System and version (desktop or mobile):
+
+## Possible Fix
+<!-- Not obligatory, but suggest a fix or reason for the bug -->
+
+
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -9,7 +9,6 @@ assignees: ''

 ## Description
 <!-- Provide a more detailed introduction to the issue itself, and why you consider it to be a bug -->
-<!-- How has this bug affected you? What were you trying to accomplish? -->


 ## Expected Behavior
@@ -23,8 +22,6 @@ assignees: ''
 ## Steps to Reproduce
 <!-- Provide an unambiguous set of steps to reproduce this bug -->
 <!-- Include code to reproduce if relevant -->
-<!-- Include links -->
-<!-- Include user ID -->

 1.
 2.
@@ -32,11 +29,13 @@ assignees: ''
 4.

 ## Animated Gif/Screenshot
-<!-- Provide a screenshot or brief video reproducing the bug.  -->
-<!-- Please try to have the dev tools opened on the network tab (press F12 to open the devtools of your browser -->
+<!-- Provide a screenshot or brief animated gif reproducing the bug. Linux users can use
+[Peek](https://github.com/phw/peek#ubuntu) while Mac users can use [Recordit](http://recordit.co/) -->
+
+
+## Context
+<!-- How has this bug affected you? What were you trying to accomplish? -->

-## Workaround
-<!-- Include a workaround for this bug (if relevant) -->

 ## Severity
 <!-- Assign a label and explain the impact.
@@ -56,6 +55,7 @@ https://github.com/openfoodfoundation/openfoodnetwork/wiki/Bug-severity
 * Version used:
 * Browser name and version:
 * Operating System and version (desktop or mobile):
+* OFN Platform instance where you discovered the bug, and which version of the software they are using. 

 ## Possible Fix
 <!-- Not obligatory, but suggest a fix or reason for the bug -->
--- a/.github/ISSUE_TEMPLATE/release.md
+++ b/.github/ISSUE_TEMPLATE/release.md
@@ -1,19 +0,0 @@
---
-name: Release task
-about: Track the process of a new release
-title: ''
-labels: ''
-assignees: ''
-
---
-
-Steps: 
-
- [ ] Include translations
- [ ] Draft: https://github.com/openfoodfoundation/openfoodnetwork/releases/new <!-- replace the URL -->
- [ ] Test: https://semaphoreci.com/openfoodfoundation/openfoodnetwork-2/branches/master <!-- replace the URL -->
- [ ] Publish and notify #global-community
- [ ] Deploy and notify #instance-managers
- [ ] Nudge next release manager
-
-The full process is described at https://github.com/openfoodfoundation/openfoodnetwork/wiki/Releasing.
--- a/.github/ISSUE_TEMPLATE/story-template.md
+++ b/.github/ISSUE_TEMPLATE/story-template.md
@@ -14,12 +14,5 @@ assignees: ''
 **- I want to be able to do:** (specify the desired behavior)
 (Link to others issues or resources to provide context > only if really necessary). -->

-## Acceptance Criteria & Tests
-<!-- Document the outcomes that need to be achieved before this component can be considered complete.
- -->
-<!-- Provide an unambiguous set of steps a tester should do to validate the PR that will solve this issue -->
-
-1.
-2. 
-3. 
-4.
+## Acceptance Criteria
+<!-- Document the outcomes that need to be achieved before this component can be considered complete. -->
--- a/.rubocop_manual_todo.yml
+++ b/.rubocop_manual_todo.yml
@@ -14,7 +14,8 @@
 #     rubocop > rubo.log
 #     # inspect log file to see which cops are failing
 #     # copy cop configurations and add Exclude parameter
-#     grep ExampleCop rubo.log | cut -d ":" -f 1 | sort -u | while read f; do echo "  - $f"; done >> .rubocop.yml
+#     grep ExampleCop rubo.log | cut -d ":" -f 1 | sort -u >> .rubocop.yml
+#     # use vim to add `- ` before each line
 #
 # This process probably doesn't need repeating. Otherwise there is plenty
 # of room for improvements and automation.
@@ -25,19 +26,21 @@ Metrics/LineLength:
  - app/controllers/admin/bulk_line_items_controller.rb
  - app/controllers/admin/contents_controller.rb
  - app/controllers/admin/customers_controller.rb
+  - app/controllers/admin/enterprises_controller.rb
  - app/controllers/admin/enterprise_fees_controller.rb
  - app/controllers/admin/enterprise_groups_controller.rb
  - app/controllers/admin/enterprise_relationships_controller.rb
  - app/controllers/admin/enterprise_roles_controller.rb
-  - app/controllers/admin/enterprises_controller.rb
  - app/controllers/admin/inventory_items_controller.rb
  - app/controllers/admin/manager_invitations_controller.rb
+  - app/controllers/admin/order_cycles_controller.rb
  - app/controllers/admin/product_import_controller.rb
  - app/controllers/admin/proxy_orders_controller.rb
  - app/controllers/admin/schedules_controller.rb
  - app/controllers/admin/subscriptions_controller.rb
  - app/controllers/admin/variant_overrides_controller.rb
  - app/controllers/api/enterprise_attachment_controller.rb
+  - app/controllers/api/order_cycles_controller.rb
  - app/controllers/api/product_images_controller.rb
  - app/controllers/application_controller.rb
  - app/controllers/checkout_controller.rb
@@ -45,13 +48,19 @@ Metrics/LineLength:
  - app/controllers/spree/admin/base_controller_decorator.rb
  - app/controllers/spree/admin/orders_controller_decorator.rb
  - app/controllers/spree/admin/payments_controller_decorator.rb
+  - app/controllers/spree/admin/payment_methods_controller_decorator.rb
+  - app/controllers/spree/admin/reports_controller_decorator.rb
+  - app/controllers/spree/api/products_controller_decorator.rb
  - app/controllers/spree/credit_cards_controller.rb
+  - app/controllers/spree/orders_controller_decorator.rb
  - app/controllers/spree/paypal_controller_decorator.rb
  - app/controllers/stripe/callbacks_controller.rb
+  - app/helpers/admin/injection_helper.rb
  - app/helpers/angular_form_builder.rb
  - app/helpers/angular_form_helper.rb
  - app/helpers/checkout_helper.rb
  - app/helpers/enterprises_helper.rb
+  - app/helpers/footer_links_helper.rb
  - app/helpers/injection_helper.rb
  - app/helpers/markdown_helper.rb
  - app/helpers/order_cycles_helper.rb
@@ -80,6 +89,7 @@ Metrics/LineLength:
  - app/models/proxy_order.rb
  - app/models/schedule.rb
  - app/models/spree/ability_decorator.rb
+  - app/models/spree/adjustment_decorator.rb
  - app/models/spree/app_configuration_decorator.rb
  - app/models/spree/calculator/default_tax_decorator.rb
  - app/models/spree/classification_decorator.rb
@@ -90,14 +100,28 @@ Metrics/LineLength:
  - app/models/spree/payment_decorator.rb
  - app/models/spree/payment_method_decorator.rb
  - app/models/spree/product_decorator.rb
+  - app/models/spree/shipment_decorator.rb
  - app/models/spree/shipping_method_decorator.rb
  - app/models/spree/tax_rate_decorator.rb
  - app/models/spree/taxon_decorator.rb
-  - app/models/spree/user.rb
+  - app/models/spree/user_decorator.rb
  - app/models/spree/variant_decorator.rb
  - app/models/subscription.rb
  - app/models/variant_override.rb
  - app/models/variant_override_set.rb
+  - app/overrides/add_enterprise_fees_to_admin_configurations_menu.rb
+  - app/serializers/api/admin/basic_enterprise_serializer.rb
+  - app/serializers/api/admin/enterprise_fee_serializer.rb
+  - app/serializers/api/admin/enterprise_serializer.rb
+  - app/serializers/api/admin/exchange_serializer.rb
+  - app/serializers/api/admin/for_order_cycle/enterprise_serializer.rb
+  - app/serializers/api/admin/index_enterprise_serializer.rb
+  - app/serializers/api/admin/index_order_cycle_serializer.rb
+  - app/serializers/api/admin/line_item_serializer.rb
+  - app/serializers/api/admin/order_cycle_serializer.rb
+  - app/serializers/api/admin/subscription_serializer.rb
+  - app/serializers/api/admin/tag_rule_serializer.rb
+  - app/serializers/api/admin/variant_override_serializer.rb
  - app/services/cart_service.rb
  - app/services/default_stock_location.rb
  - app/services/embedded_page_service.rb
@@ -105,6 +129,11 @@ Metrics/LineLength:
  - app/services/order_factory.rb
  - app/services/subscriptions_count.rb
  - app/services/variants_stock_levels.rb
+  - app/views/json/_groups.rabl
+  - app/views/json/_producer.rabl
+  - app/views/json/partials/_enterprise.rabl
+  - app/views/spree/api/products/bulk_show.v1.rabl
+  - app/views/spree/api/variants/bulk_show.v1.rabl
  - engines/web/app/helpers/web/cookies_policy_helper.rb
  - lib/discourse/single_sign_on.rb
  - lib/open_food_network/available_payment_method_filter.rb
@@ -118,15 +147,23 @@ Metrics/LineLength:
  - lib/open_food_network/order_and_distributor_report.rb
  - lib/open_food_network/order_cycle_form_applicator.rb
  - lib/open_food_network/order_cycle_management_report.rb
+  - lib/open_food_network/order_grouper.rb
+  - lib/open_food_network/orders_and_fulfillments_report.rb
  - lib/open_food_network/payments_report.rb
+  - lib/open_food_network/permalink_generator.rb
+  - lib/open_food_network/products_cache.rb
+  - lib/open_food_network/products_renderer.rb
  - lib/open_food_network/reports/bulk_coop_allocation_report.rb
+  - lib/open_food_network/reports/line_items.rb
  - lib/open_food_network/sales_tax_report.rb
+  - lib/open_food_network/users_and_enterprises_report.rb
  - lib/open_food_network/variant_and_line_item_naming.rb
  - lib/open_food_network/xero_invoices_report.rb
  - lib/spree/core/controller_helpers/respond_with_decorator.rb
  - lib/spree/localized_number.rb
  - lib/spree/product_filters.rb
  - lib/stripe/profile_storer.rb
+  - lib/tasks/cache.rake
  - lib/tasks/data.rake
  - lib/tasks/enterprises.rake
  - spec/controllers/admin/bulk_line_items_controller_spec.rb
@@ -143,15 +180,11 @@ Metrics/LineLength:
  - spec/controllers/admin/subscription_line_items_controller_spec.rb
  - spec/controllers/admin/subscriptions_controller_spec.rb
  - spec/controllers/admin/variant_overrides_controller_spec.rb
-  - spec/controllers/api/base_controller_spec.rb
  - spec/controllers/api/logos_controller_spec.rb
  - spec/controllers/api/order_cycles_controller_spec.rb
  - spec/controllers/api/orders_controller_spec.rb
  - spec/controllers/api/product_images_controller_spec.rb
-  - spec/controllers/api/products_controller_spec.rb
  - spec/controllers/api/promo_images_controller_spec.rb
-  - spec/controllers/api/shipments_controller_spec.rb
-  - spec/controllers/api/variants_controller_spec.rb
  - spec/controllers/cart_controller_spec.rb
  - spec/controllers/checkout_controller_spec.rb
  - spec/controllers/enterprises_controller_spec.rb
@@ -164,9 +197,12 @@ Metrics/LineLength:
  - spec/controllers/spree/admin/orders_controller_spec.rb
  - spec/controllers/spree/admin/payment_methods_controller_spec.rb
  - spec/controllers/spree/admin/payments_controller_spec.rb
-  - spec/controllers/spree/admin/products_controller_spec.rb
  - spec/controllers/spree/admin/reports_controller_spec.rb
  - spec/controllers/spree/admin/variants_controller_spec.rb
+  - spec/controllers/spree/api/line_items_controller_spec.rb
+  - spec/controllers/spree/api/products_controller_spec.rb
+  - spec/controllers/spree/api/shipments_controller_spec.rb
+  - spec/controllers/spree/api/variants_controller_spec.rb
  - spec/controllers/spree/credit_cards_controller_spec.rb
  - spec/controllers/spree/orders_controller_spec.rb
  - spec/controllers/spree/user_sessions_controller_spec.rb
@@ -174,6 +210,7 @@ Metrics/LineLength:
  - spec/controllers/stripe/callbacks_controller_spec.rb
  - spec/controllers/stripe/webhooks_controller_spec.rb
  - spec/controllers/user_confirmations_controller_spec.rb
+  - spec/controllers/user_registrations_controller_spec.rb
  - spec/features/admin/adjustments_spec.rb
  - spec/features/admin/bulk_order_management_spec.rb
  - spec/features/admin/bulk_product_update_spec.rb
@@ -198,7 +235,6 @@ Metrics/LineLength:
  - spec/features/admin/shipping_methods_spec.rb
  - spec/features/admin/subscriptions_spec.rb
  - spec/features/admin/tag_rules_spec.rb
-  - spec/features/admin/users_spec.rb
  - spec/features/admin/variant_overrides_spec.rb
  - spec/features/consumer/account/cards_spec.rb
  - spec/features/consumer/account/settings_spec.rb
@@ -226,13 +262,17 @@ Metrics/LineLength:
  - spec/helpers/order_cycles_helper_spec.rb
  - spec/helpers/spree/admin/base_helper_spec.rb
  - spec/jobs/confirm_order_job_spec.rb
+  - spec/jobs/products_cache_integrity_checker_job_spec.rb
+  - spec/jobs/refresh_products_cache_job_spec.rb
  - spec/jobs/subscription_confirm_job_spec.rb
  - spec/jobs/subscription_placement_job_spec.rb
  - spec/lib/open_food_network/address_finder_spec.rb
  - spec/lib/open_food_network/bulk_coop_report_spec.rb
+  - spec/lib/open_food_network/cached_products_renderer_spec.rb
  - spec/lib/open_food_network/customers_report_spec.rb
  - spec/lib/open_food_network/enterprise_fee_applicator_spec.rb
  - spec/lib/open_food_network/enterprise_fee_calculator_spec.rb
+  - spec/lib/open_food_network/enterprise_injection_data_spec.rb
  - spec/lib/open_food_network/group_buy_report_spec.rb
  - spec/lib/open_food_network/lettuce_share_report_spec.rb
  - spec/lib/open_food_network/option_value_namer_spec.rb
@@ -244,6 +284,8 @@ Metrics/LineLength:
  - spec/lib/open_food_network/packing_report_spec.rb
  - spec/lib/open_food_network/permissions_spec.rb
  - spec/lib/open_food_network/products_and_inventory_report_spec.rb
+  - spec/lib/open_food_network/products_cache_spec.rb
+  - spec/lib/open_food_network/products_renderer_spec.rb
  - spec/lib/open_food_network/proxy_order_syncer_spec.rb
  - spec/lib/open_food_network/scope_variant_to_hub_spec.rb
  - spec/lib/open_food_network/subscription_payment_updater_spec.rb
@@ -256,7 +298,6 @@ Metrics/LineLength:
  - spec/mailers/order_mailer_spec.rb
  - spec/mailers/producer_mailer_spec.rb
  - spec/mailers/subscription_mailer_spec.rb
-  - spec/models/calculator/weight_spec.rb
  - spec/models/column_preference_spec.rb
  - spec/models/concerns/order_shipment_spec.rb
  - spec/models/concerns/product_stock_spec.rb
@@ -278,11 +319,11 @@ Metrics/LineLength:
  - spec/models/spree/calculator/price_sack_spec.rb
  - spec/models/spree/classification_spec.rb
  - spec/models/spree/gateway/stripe_connect_spec.rb
+  - spec/models/spree/image_spec.rb
  - spec/models/spree/line_item_spec.rb
  - spec/models/spree/order_spec.rb
  - spec/models/spree/payment_method_spec.rb
  - spec/models/spree/payment_spec.rb
-  - spec/models/spree/product_set_spec.rb
  - spec/models/spree/product_spec.rb
  - spec/models/spree/property_spec.rb
  - spec/models/spree/shipping_method_spec.rb
@@ -301,24 +342,22 @@ Metrics/LineLength:
  - spec/performance/shop_controller_spec.rb
  - spec/requests/checkout/failed_checkout_spec.rb
  - spec/requests/embedded_shopfronts_headers_spec.rb
-  - spec/serializers/api/admin/customer_serializer_spec.rb
-  - spec/serializers/api/admin/exchange_serializer_spec.rb
-  - spec/serializers/api/admin/for_order_cycle/enterprise_serializer_spec.rb
-  - spec/serializers/api/admin/for_order_cycle/supplied_product_serializer_spec.rb
-  - spec/serializers/api/admin/subscription_customer_serializer_spec.rb
-  - spec/serializers/api/admin/variant_override_serializer_spec.rb
-  - spec/serializers/api/current_order_serializer_spec.rb
+  - spec/requests/shop_spec.rb
+  - spec/serializers/admin/customer_serializer_spec.rb
+  - spec/serializers/admin/exchange_serializer_spec.rb
+  - spec/serializers/admin/for_order_cycle/enterprise_serializer_spec.rb
+  - spec/serializers/admin/for_order_cycle/supplied_product_serializer_spec.rb
+  - spec/serializers/admin/subscription_customer_serializer_spec.rb
+  - spec/serializers/admin/variant_override_serializer_spec.rb
  - spec/serializers/api/enterprise_shopfront_serializer_spec.rb
-  - spec/serializers/api/order_serializer_spec.rb
+  - spec/serializers/current_order_serializer_spec.rb
+  - spec/serializers/order_serializer_spec.rb
  - spec/services/cart_service_spec.rb
  - spec/services/embedded_page_service_spec.rb
-  - spec/services/order_cycle_distributed_products_spec.rb
  - spec/services/order_cycle_distributed_variants_spec.rb
  - spec/services/order_cycle_form_spec.rb
  - spec/services/order_factory_spec.rb
  - spec/services/order_syncer_spec.rb
-  - spec/services/product_tag_rules_filterer_spec.rb
-  - spec/services/products_renderer_spec.rb
  - spec/services/subscription_estimator_spec.rb
  - spec/services/subscription_form_spec.rb
  - spec/services/subscription_validator_spec.rb
@@ -339,8 +378,8 @@ Metrics/AbcSize:
  Exclude:
  - app/controllers/admin/bulk_line_items_controller.rb
  - app/controllers/admin/customers_controller.rb
-  - app/controllers/admin/enterprise_fees_controller.rb
  - app/controllers/admin/enterprises_controller.rb
+  - app/controllers/admin/enterprise_fees_controller.rb
  - app/controllers/admin/order_cycles_controller.rb
  - app/controllers/admin/product_import_controller.rb
  - app/controllers/admin/schedules_controller.rb
@@ -348,36 +387,28 @@ Metrics/AbcSize:
  - app/controllers/admin/subscription_line_items_controller.rb
  - app/controllers/admin/subscriptions_controller.rb
  - app/controllers/api/enterprises_controller.rb
+  - app/controllers/api/order_cycles_controller.rb
  - app/controllers/api/product_images_controller.rb
-  - app/controllers/api/products_controller.rb
-  - app/controllers/api/shipments_controller.rb
-  - app/controllers/api/taxons_controller.rb
-  - app/controllers/api/variants_controller.rb
  - app/controllers/base_controller.rb
  - app/controllers/cart_controller.rb
  - app/controllers/checkout_controller.rb
  - app/controllers/discourse_sso_controller.rb
  - app/controllers/enterprises_controller.rb
  - app/controllers/spree/admin/adjustments_controller_decorator.rb
-  - app/controllers/spree/admin/image_settings_controller.rb
  - app/controllers/spree/admin/orders/customer_details_controller_decorator.rb
  - app/controllers/spree/admin/orders_controller_decorator.rb
-  - app/controllers/spree/admin/overview_controller.rb
-  - app/controllers/spree/admin/payment_methods_controller.rb
+  - app/controllers/spree/admin/overview_controller_decorator.rb
  - app/controllers/spree/admin/payments_controller_decorator.rb
+  - app/controllers/spree/admin/payment_methods_controller_decorator.rb
  - app/controllers/spree/admin/products_controller_decorator.rb
  - app/controllers/spree/admin/reports_controller_decorator.rb
  - app/controllers/spree/admin/search_controller_decorator.rb
-  - app/controllers/spree/admin/taxons_controller.rb
-  - app/controllers/spree/admin/users_controller.rb
  - app/controllers/spree/admin/variants_controller_decorator.rb
-  - app/controllers/spree/checkout_controller.rb
+  - app/controllers/spree/api/products_controller_decorator.rb
+  - app/controllers/spree/api/shipments_controller_decorator.rb
  - app/controllers/spree/credit_cards_controller.rb
-  - app/controllers/spree/orders_controller.rb
-  - app/controllers/spree/user_passwords_controller.rb
-  - app/controllers/spree/user_registrations_controller.rb
-  - app/controllers/spree/user_sessions_controller.rb
-  - app/controllers/spree/users_controller.rb
+  - app/controllers/spree/orders_controller_decorator.rb
+  - app/controllers/spree/user_sessions_controller_decorator.rb
  - app/controllers/stripe/callbacks_controller.rb
  - app/controllers/user_confirmations_controller.rb
  - app/controllers/user_passwords_controller.rb
@@ -385,7 +416,6 @@ Metrics/AbcSize:
  - app/helpers/checkout_helper.rb
  - app/helpers/i18n_helper.rb
  - app/helpers/order_cycles_helper.rb
-  - app/helpers/spree/admin/navigation_helper_decorator.rb
  - app/helpers/spree/orders_helper.rb
  - app/jobs/subscription_placement_job.rb
  - app/mailers/producer_mailer.rb
@@ -407,7 +437,6 @@ Metrics/AbcSize:
  - app/models/spree/product_decorator.rb
  - app/models/spree/taxon_decorator.rb
  - app/serializers/api/admin/enterprise_serializer.rb
-  - app/serializers/api/admin/order_cycle_serializer.rb
  - app/serializers/api/product_serializer.rb
  - app/serializers/api/variant_serializer.rb
  - app/services/cart_service.rb
@@ -425,30 +454,29 @@ Metrics/AbcSize:
  - lib/open_food_network/order_cycle_form_applicator.rb
  - lib/open_food_network/order_cycle_management_report.rb
  - lib/open_food_network/order_cycle_permissions.rb
+  - lib/open_food_network/orders_and_fulfillments_report.rb
  - lib/open_food_network/packing_report.rb
  - lib/open_food_network/payments_report.rb
  - lib/open_food_network/permissions.rb
  - lib/open_food_network/products_and_inventory_report.rb
-  - lib/open_food_network/rack_request_blocker.rb
  - lib/open_food_network/reports/line_items.rb
  - lib/open_food_network/sales_tax_report.rb
  - lib/open_food_network/users_and_enterprises_report.rb
  - lib/open_food_network/variant_and_line_item_naming.rb
  - lib/open_food_network/xero_invoices_report.rb
-  - lib/spree/api/controller_setup.rb
  - lib/spree/core/controller_helpers/respond_with_decorator.rb
  - lib/spree/localized_number.rb
  - lib/stripe/account_connector.rb
  - lib/tasks/enterprises.rake
  - lib/tasks/sample_data/product_factory.rb
+  - spec/controllers/spree/api/shipments_controller_spec.rb
  - spec/features/admin/product_import_spec.rb
  - spec/features/admin/reports_spec.rb
  - spec/features/admin/subscriptions_spec.rb
-  - spec/features/consumer/shopping/checkout_paypal_spec.rb
+  - spec/features/consumer/shopping/checkout_spec.rb
  - spec/features/consumer/shopping/variant_overrides_spec.rb
  - spec/models/enterprise_spec.rb
  - spec/models/product_importer_spec.rb
-  - spec/services/restart_checkout_spec.rb
  - spec/support/performance_helper.rb

 Metrics/BlockLength:
@@ -468,14 +496,8 @@ Metrics/BlockLength:
  ]
  Exclude:
  - lib/tasks/data.rake
+  - lib/tasks/dev.rake
  - spec/controllers/spree/admin/invoices_controller_spec.rb
-  - spec/factories.rb
-  - spec/factories/enterprise_factory.rb
-  - spec/factories/order_cycle_factory.rb
-  - spec/factories/order_factory.rb
-  - spec/factories/product_factory.rb
-  - spec/factories/shipping_method_factory.rb
-  - spec/factories/subscription_factory.rb
  - spec/factories/variant_factory.rb
  - spec/features/admin/orders_spec.rb
  - spec/features/consumer/shopping/embedded_shopfronts_spec.rb
@@ -489,12 +511,11 @@ Metrics/BlockLength:
 Metrics/CyclomaticComplexity:
  Max: 6
  Exclude:
-  - app/controllers/admin/enterprise_fees_controller.rb
  - app/controllers/admin/enterprises_controller.rb
+  - app/controllers/admin/enterprise_fees_controller.rb
  - app/controllers/checkout_controller.rb
  - app/controllers/spree/admin/payments_controller_decorator.rb
-  - app/controllers/spree/admin/taxons_controller.rb
-  - app/controllers/spree/orders_controller.rb
+  - app/controllers/spree/orders_controller_decorator.rb
  - app/helpers/checkout_helper.rb
  - app/helpers/i18n_helper.rb
  - app/helpers/order_cycles_helper.rb
@@ -511,6 +532,7 @@ Metrics/CyclomaticComplexity:
  - lib/discourse/single_sign_on.rb
  - lib/open_food_network/bulk_coop_report.rb
  - lib/open_food_network/enterprise_issue_validator.rb
+  - lib/open_food_network/orders_and_fulfillments_report.rb
  - lib/spree/core/controller_helpers/order_decorator.rb
  - lib/spree/core/controller_helpers/respond_with_decorator.rb
  - lib/spree/localized_number.rb
@@ -520,11 +542,9 @@ Metrics/PerceivedComplexity:
  Max: 7
  Exclude:
  - app/controllers/admin/enterprises_controller.rb
-  - app/controllers/api/variants_controller.rb
  - app/controllers/checkout_controller.rb
  - app/controllers/spree/admin/payments_controller_decorator.rb
-  - app/controllers/spree/admin/taxons_controller.rb
-  - app/controllers/spree/orders_controller.rb
+  - app/controllers/spree/orders_controller_decorator.rb
  - app/helpers/checkout_helper.rb
  - app/helpers/i18n_helper.rb
  - app/helpers/order_cycles_helper.rb
@@ -537,6 +557,7 @@ Metrics/PerceivedComplexity:
  - lib/discourse/single_sign_on.rb
  - lib/open_food_network/bulk_coop_report.rb
  - lib/open_food_network/enterprise_issue_validator.rb
+  - lib/open_food_network/orders_and_fulfillments_report.rb
  - lib/spree/core/controller_helpers/order_decorator.rb
  - lib/spree/core/controller_helpers/respond_with_decorator.rb
  - lib/spree/localized_number.rb
@@ -546,34 +567,25 @@ Metrics/MethodLength:
  Max: 10
  Exclude:
  - app/controllers/admin/customers_controller.rb
-  - app/controllers/admin/enterprise_fees_controller.rb
  - app/controllers/admin/enterprises_controller.rb
+  - app/controllers/admin/enterprise_fees_controller.rb
  - app/controllers/admin/manager_invitations_controller.rb
  - app/controllers/admin/order_cycles_controller.rb
  - app/controllers/admin/stripe_accounts_controller.rb
  - app/controllers/admin/subscriptions_controller.rb
-  - app/controllers/api/products_controller.rb
-  - app/controllers/api/shipments_controller.rb
-  - app/controllers/api/taxons_controller.rb
-  - app/controllers/api/variants_controller.rb
  - app/controllers/base_controller.rb
  - app/controllers/cart_controller.rb
  - app/controllers/checkout_controller.rb
  - app/controllers/shop_controller.rb
-  - app/controllers/spree/admin/image_settings_controller.rb
  - app/controllers/spree/admin/orders/customer_details_controller_decorator.rb
-  - app/controllers/spree/admin/payment_methods_controller.rb
  - app/controllers/spree/admin/payments_controller_decorator.rb
+  - app/controllers/spree/admin/payment_methods_controller_decorator.rb
  - app/controllers/spree/admin/products_controller_decorator.rb
  - app/controllers/spree/admin/reports_controller_decorator.rb
  - app/controllers/spree/admin/search_controller_decorator.rb
-  - app/controllers/spree/admin/tax_categories_controller.rb
-  - app/controllers/spree/admin/taxons_controller.rb
-  - app/controllers/spree/admin/users_controller.rb
  - app/controllers/spree/credit_cards_controller.rb
-  - app/controllers/spree/orders_controller.rb
-  - app/controllers/spree/user_registrations_controller.rb
-  - app/controllers/spree/user_sessions_controller.rb
+  - app/controllers/spree/orders_controller_decorator.rb
+  - app/controllers/spree/user_sessions_controller_decorator.rb
  - app/controllers/stripe/callbacks_controller.rb
  - app/controllers/user_confirmations_controller.rb
  - app/controllers/user_passwords_controller.rb
@@ -615,10 +627,12 @@ Metrics/MethodLength:
  - lib/open_food_network/order_cycle_management_report.rb
  - lib/open_food_network/order_cycle_permissions.rb
  - lib/open_food_network/order_grouper.rb
+  - lib/open_food_network/orders_and_fulfillments_report.rb
  - lib/open_food_network/packing_report.rb
  - lib/open_food_network/payments_report.rb
  - lib/open_food_network/permissions.rb
  - lib/open_food_network/products_and_inventory_report.rb
+  - lib/open_food_network/products_renderer.rb
  - lib/open_food_network/rack_request_blocker.rb
  - lib/open_food_network/reports/bulk_coop_allocation_report.rb
  - lib/open_food_network/reports/bulk_coop_supplier_report.rb
@@ -626,12 +640,11 @@ Metrics/MethodLength:
  - lib/open_food_network/sales_tax_report.rb
  - lib/open_food_network/users_and_enterprises_report.rb
  - lib/open_food_network/xero_invoices_report.rb
-  - lib/spree/api/controller_setup.rb
  - lib/spree/core/controller_helpers/respond_with_decorator.rb
  - lib/spree/localized_number.rb
  - lib/stripe/profile_storer.rb
  - lib/tasks/sample_data/product_factory.rb
-  - spec/features/consumer/shopping/checkout_paypal_spec.rb
+  - spec/features/consumer/shopping/checkout_spec.rb
  - spec/features/consumer/shopping/variant_overrides_spec.rb
  - spec/models/product_importer_spec.rb
  - spec/support/request/authentication_workflow.rb
@@ -642,18 +655,13 @@ Metrics/ClassLength:
  - app/controllers/admin/enterprises_controller.rb
  - app/controllers/admin/order_cycles_controller.rb
  - app/controllers/admin/subscriptions_controller.rb
-  - app/controllers/api/products_controller.rb
  - app/controllers/checkout_controller.rb
-  - app/controllers/spree/admin/payment_methods_controller.rb
-  - app/controllers/spree/admin/users_controller.rb
-  - app/controllers/spree/orders_controller.rb
  - app/models/enterprise.rb
  - app/models/order_cycle.rb
  - app/models/product_import/entry_processor.rb
  - app/models/product_import/entry_validator.rb
  - app/models/product_import/product_importer.rb
  - app/models/spree/ability_decorator.rb
-  - app/models/spree/user.rb
  - app/serializers/api/cached_enterprise_serializer.rb
  - app/serializers/api/enterprise_shopfront_serializer.rb
  - app/services/cart_service.rb
@@ -663,24 +671,24 @@ Metrics/ClassLength:
  - lib/open_food_network/order_cycle_form_applicator.rb
  - lib/open_food_network/order_cycle_management_report.rb
  - lib/open_food_network/order_cycle_permissions.rb
+  - lib/open_food_network/orders_and_fulfillments_report.rb
  - lib/open_food_network/packing_report.rb
  - lib/open_food_network/payments_report.rb
  - lib/open_food_network/permissions.rb
-  - lib/open_food_network/users_and_enterprises_report.rb
+  - lib/open_food_network/products_cache.rb
  - lib/open_food_network/xero_invoices_report.rb

 Metrics/ModuleLength:
  Max: 100
  Exclude:
-  - app/helpers/admin/injection_helper.rb
-  - app/helpers/injection_helper.rb
  - lib/open_food_network/column_preference_defaults.rb
  - spec/controllers/admin/enterprises_controller_spec.rb
  - spec/controllers/admin/order_cycles_controller_spec.rb
  - spec/controllers/api/order_cycles_controller_spec.rb
  - spec/controllers/api/orders_controller_spec.rb
-  - spec/controllers/spree/admin/payment_methods_controller_spec.rb
+  - spec/controllers/spree/api/products_controller_spec.rb
  - spec/lib/open_food_network/address_finder_spec.rb
+  - spec/lib/open_food_network/cached_products_renderer_spec.rb
  - spec/lib/open_food_network/customers_report_spec.rb
  - spec/lib/open_food_network/enterprise_fee_calculator_spec.rb
  - spec/lib/open_food_network/option_value_namer_spec.rb
@@ -689,6 +697,7 @@ Metrics/ModuleLength:
  - spec/lib/open_food_network/order_grouper_spec.rb
  - spec/lib/open_food_network/permissions_spec.rb
  - spec/lib/open_food_network/products_and_inventory_report_spec.rb
+  - spec/lib/open_food_network/products_cache_spec.rb
  - spec/lib/open_food_network/proxy_order_syncer_spec.rb
  - spec/lib/open_food_network/scope_variant_to_hub_spec.rb
  - spec/lib/open_food_network/subscription_payment_updater_spec.rb
@@ -707,5 +716,6 @@ Metrics/ParameterLists:
  Exclude:
  - app/helpers/angular_form_builder.rb
  - app/models/product_import/entry_processor.rb
+  - app/models/product_import/entry_validator.rb
  - lib/open_food_network/xero_invoices_report.rb
  - spec/features/admin/reports_spec.rb
--- a/.rubocop_styleguide.yml
+++ b/.rubocop_styleguide.yml
@@ -5,10 +5,9 @@
 # rubocop locally, the default configuration file `.rubocop.yml` loads
 # our "todo lists" to ignore all current violations.
 AllCops:
-  TargetRubyVersion: 2.2
+  TargetRubyVersion: 2.1
  TargetRailsVersion: 3.2
  Exclude:
-    - 'bin/**/*'
    - 'db/**/*'
    - 'config/**/*'
    - 'script/**/*'
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@@ -1,11 +1,37 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --exclude-limit 1400`
-# on 2019-11-10 18:40:51 +0000 using RuboCop version 0.68.1.
+# on 2019-07-23 14:09:18 +0100 using RuboCop version 0.57.2.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.

+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyleAlignWith, AutoCorrect, Severity.
+# SupportedStylesAlignWith: start_of_line, def
+Layout/DefEndAlignment:
+  Exclude:
+    - 'app/models/order_updater.rb'
+
+# Offense count: 4
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyleAlignWith, AutoCorrect, Severity.
+# SupportedStylesAlignWith: keyword, variable, start_of_line
+Layout/EndAlignment:
+  Exclude:
+    - 'app/controllers/admin/order_cycles_controller.rb'
+    - 'app/controllers/api/order_cycles_controller.rb'
+    - 'app/serializers/api/admin/for_order_cycle/supplied_product_serializer.rb'
+    - 'app/serializers/api/admin/order_cycle_serializer.rb'
+
+# Offense count: 2
+# Cop supports --auto-correct.
+# Configuration parameters: IndentationWidth.
+# SupportedStyles: special_inside_parentheses, consistent, align_braces
+Layout/IndentHash:
+  EnforcedStyle: consistent
+
 # Offense count: 4
 Lint/AmbiguousOperator:
  Exclude:
@@ -20,16 +46,10 @@ Lint/DuplicateMethods:
    - 'lib/discourse/single_sign_on.rb'
    - 'lib/open_food_network/subscription_summary.rb'

-# Offense count: 1
-Lint/DuplicatedKey:
-  Exclude:
-    - 'spec/models/calculator/weight_spec.rb'
-
-# Offense count: 10
+# Offense count: 8
 Lint/IneffectiveAccessModifier:
  Exclude:
    - 'app/models/column_preference.rb'
-    - 'app/models/spree/user.rb'
    - 'app/services/mail_configuration.rb'
    - 'lib/open_food_network/feature_toggle.rb'
    - 'spec/lib/open_food_network/reports/report_spec.rb'
@@ -46,11 +66,16 @@ Lint/ShadowingOuterLocalVariable:
    - 'spec/models/model_set_spec.rb'

 # Offense count: 2
-# Configuration parameters: AllowKeywordBlockArguments.
 Lint/UnderscorePrefixedVariableName:
  Exclude:
    - 'spec/support/cancan_helper.rb'

+# Offense count: 1
+# Cop supports --auto-correct.
+Lint/UnneededCopDisableDirective:
+  Exclude:
+    - 'app/models/product_import/entry_validator.rb'
+
 # Offense count: 5
 # Configuration parameters: ContextCreatingMethods, MethodCreatingMethods.
 Lint/UselessAccessModifier:
@@ -61,21 +86,51 @@ Lint/UselessAccessModifier:
    - 'lib/open_food_network/reports/bulk_coop_report.rb'
    - 'spec/lib/open_food_network/reports/report_spec.rb'

-# Offense count: 1
+# Offense count: 8
 # Configuration parameters: CheckForMethodsWithNoSideEffects.
 Lint/Void:
  Exclude:
    - 'app/serializers/api/enterprise_serializer.rb'
+    - 'spec/features/admin/bulk_product_update_spec.rb'
+    - 'spec/features/consumer/shopping/checkout_spec.rb'
+    - 'spec/features/consumer/shopping/shopping_spec.rb'
+    - 'spec/features/consumer/shopping/variant_overrides_spec.rb'
+
+# Offense count: 15
+Metrics/AbcSize:
+  Max: 36
+
+# Offense count: 13
+# Configuration parameters: CountComments, ExcludedMethods.
+Metrics/BlockLength:
+  Max: 115
+
+# Offense count: 2
+# Configuration parameters: CountComments.
+Metrics/ClassLength:
+  Max: 169

 # Offense count: 1
-# Configuration parameters: CountComments.
-Metrics/ModuleLength:
-  Max: 141
+Metrics/CyclomaticComplexity:
+  Max: 8

 # Offense count: 8
+# Configuration parameters: CountComments.
+Metrics/MethodLength:
+  Max: 31
+
+# Offense count: 2
+# Configuration parameters: CountComments.
+Metrics/ModuleLength:
+  Max: 208
+
+# Offense count: 2
+Metrics/PerceivedComplexity:
+  Max: 11
+
+# Offense count: 7
 Naming/AccessorMethodName:
  Exclude:
-    - 'app/controllers/spree/admin/taxonomies_controller.rb'
    - 'app/models/spree/adjustment_decorator.rb'
    - 'app/models/spree/order_decorator.rb'
    - 'spec/support/request/shop_workflow.rb'
@@ -89,8 +144,6 @@ Naming/HeredocDelimiterNaming:
    - 'app/models/content_configuration.rb'

 # Offense count: 4
-# Configuration parameters: EnforcedStyleForLeadingUnderscores.
-# SupportedStylesForLeadingUnderscores: disallowed, required, optional
 Naming/MemoizedInstanceVariableName:
  Exclude:
    - 'app/controllers/spree/admin/payments_controller_decorator.rb'
@@ -123,11 +176,12 @@ Naming/PredicateName:
    - 'lib/open_food_network/packing_report.rb'
    - 'lib/tasks/data.rake'

-# Offense count: 8
+# Offense count: 11
 # Configuration parameters: MinNameLength, AllowNamesEndingInNumbers, AllowedNames, ForbiddenNames.
-# AllowedNames: io, id, to, by, on, in, at, ip, db
+# AllowedNames: io, id, to, by, on, in, at
 Naming/UncommunicativeMethodParamName:
  Exclude:
+    - 'app/helpers/admin/injection_helper.rb'
    - 'app/helpers/spree/admin/base_helper_decorator.rb'
    - 'app/helpers/spree/base_helper_decorator.rb'
    - 'app/services/subscription_validator.rb'
@@ -136,6 +190,25 @@ Naming/UncommunicativeMethodParamName:
    - 'spec/lib/open_food_network/reports/report_spec.rb'
    - 'spec/mailers/producer_mailer_spec.rb'

+# Offense count: 3
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: snake_case, camelCase
+Naming/VariableName:
+  Exclude:
+    - 'app/helpers/admin/injection_helper.rb'
+
+# Offense count: 4
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: snake_case, normalcase, non_integer
+Naming/VariableNumber:
+  Exclude:
+    - 'spec/lib/open_food_network/products_and_inventory_report_spec.rb'
+
+# Offense count: 1
+Performance/Caller:
+  Exclude:
+    - 'app/controllers/application_controller.rb'
+
 # Offense count: 1
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: strict, flexible
@@ -143,7 +216,7 @@ Rails/Date:
  Exclude:
    - 'app/models/order_cycle.rb'

-# Offense count: 7
+# Offense count: 8
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: slashes, arguments
 Rails/FilePath:
@@ -152,6 +225,7 @@ Rails/FilePath:
    - 'spec/features/admin/bulk_product_update_spec.rb'
    - 'spec/features/admin/content_spec.rb'
    - 'spec/models/content_configuration_spec.rb'
+    - 'spec/models/spree/image_spec.rb'
    - 'spec/models/spree/variant_spec.rb'
    - 'spec/spec_helper.rb'

@@ -167,7 +241,7 @@ Rails/HasAndBelongsToMany:
    - 'app/models/spree/concerns/payment_method_distributors.rb'
    - 'app/models/spree/line_item_decorator.rb'

-# Offense count: 26
+# Offense count: 25
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
 Rails/HasManyOrHasOneDependent:
@@ -180,7 +254,7 @@ Rails/HasManyOrHasOneDependent:
    - 'app/models/spree/payment_method_decorator.rb'
    - 'app/models/spree/property_decorator.rb'
    - 'app/models/spree/shipping_method_decorator.rb'
-    - 'app/models/spree/user.rb'
+    - 'app/models/spree/user_decorator.rb'
    - 'app/models/spree/variant_decorator.rb'
    - 'app/models/subscription.rb'

@@ -194,13 +268,20 @@ Rails/OutputSafety:
    - 'lib/spree/money_decorator.rb'
    - 'spec/features/admin/orders_spec.rb'

-# Offense count: 9
-Rails/ReflectionClassName:
+# Offense count: 15
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: strict, flexible
+Rails/TimeZone:
  Exclude:
-    - 'app/models/customer.rb'
-    - 'app/models/distributor_shipping_method.rb'
-    - 'app/models/enterprise_role.rb'
-    - 'app/models/subscription.rb'
+    - 'app/controllers/api/statuses_controller.rb'
+    - 'app/jobs/heartbeat_job.rb'
+    - 'lib/open_food_network/rack_request_blocker.rb'
+    - 'lib/open_food_network/users_and_enterprises_report.rb'
+    - 'spec/controllers/api/statuses_controller_spec.rb'
+    - 'spec/jobs/heartbeat_job_spec.rb'
+    - 'spec/lib/open_food_network/products_cache_refreshment_spec.rb'
+    - 'spec/lib/open_food_network/products_cache_spec.rb'
+    - 'spec/models/enterprise_relationship_spec.rb'

 # Offense count: 1
 # Configuration parameters: Environments.
@@ -209,13 +290,21 @@ Rails/UnknownEnv:
  Exclude:
    - 'app/models/spree/app_configuration_decorator.rb'

+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: braces, no_braces, context_dependent
+Style/BracesAroundHashParameters:
+  Exclude:
+    - 'spec/spec_helper.rb'
+
 # Offense count: 2
 Style/CaseEquality:
  Exclude:
    - 'app/helpers/angular_form_helper.rb'
    - 'spec/models/spree/payment_spec.rb'

-# Offense count: 76
+# Offense count: 78
 # Cop supports --auto-correct.
 # Configuration parameters: AutoCorrect, EnforcedStyle.
 # SupportedStyles: nested, compact
@@ -305,13 +394,26 @@ Style/CommentedKeyword:
  Exclude:
    - 'app/controllers/application_controller.rb'

-# Offense count: 2
+# Offense count: 4
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, SingleLineConditionsOnly, IncludeTernaryExpressions.
 # SupportedStyles: assign_to_condition, assign_inside_condition
 Style/ConditionalAssignment:
  Exclude:
-    - 'app/controllers/api/taxons_controller.rb'
+    - 'app/controllers/spree/api/products_controller.rb'
+    - 'app/controllers/spree/api/taxons_controller.rb'
+    - 'app/controllers/spree/api/variants_controller.rb'
+
+# Offense count: 2
+Style/DateTime:
+  Exclude:
+    - 'lib/open_food_network/users_and_enterprises_report.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Style/EachWithObject:
+  Exclude:
+    - 'app/controllers/spree/api/base_controller.rb'

 # Offense count: 5
 # Configuration parameters: EnforcedStyle.
@@ -322,7 +424,7 @@ Style/FormatStringToken:
    - 'lib/open_food_network/sales_tax_report.rb'
    - 'spec/models/enterprise_spec.rb'

-# Offense count: 61
+# Offense count: 68
 # Configuration parameters: MinBodyLength.
 Style/GuardClause:
  Exclude:
@@ -336,22 +438,27 @@ Style/GuardClause:
    - 'app/controllers/spree/admin/adjustments_controller_decorator.rb'
    - 'app/controllers/spree/admin/base_controller_decorator.rb'
    - 'app/controllers/spree/admin/orders_controller_decorator.rb'
+    - 'app/controllers/spree/admin/products_controller_decorator.rb'
    - 'app/controllers/spree/admin/resource_controller_decorator.rb'
    - 'app/controllers/spree/admin/variants_controller_decorator.rb'
+    - 'app/controllers/spree/api/base_controller.rb'
    - 'app/controllers/spree/checkout_controller.rb'
    - 'app/controllers/spree/orders_controller.rb'
    - 'app/controllers/spree/paypal_controller_decorator.rb'
+    - 'app/jobs/products_cache_integrity_checker_job.rb'
    - 'app/models/enterprise.rb'
    - 'app/models/enterprise_group.rb'
    - 'app/models/producer_property.rb'
    - 'app/models/spree/classification_decorator.rb'
    - 'app/models/spree/order_decorator.rb'
-    - 'app/models/spree/price_decorator.rb'
+    - 'app/models/spree/preference_decorator.rb'
    - 'app/models/spree/product_decorator.rb'
+    - 'app/models/spree/user_decorator.rb'
    - 'app/services/advance_order_service.rb'
    - 'app/services/order_syncer.rb'
    - 'lib/discourse/single_sign_on.rb'
    - 'lib/open_food_network/order_cycle_form_applicator.rb'
+    - 'lib/open_food_network/products_renderer.rb'
    - 'lib/open_food_network/rack_request_blocker.rb'
    - 'lib/open_food_network/variant_and_line_item_naming.rb'
    - 'lib/spree/core/controller_helpers/order_decorator.rb'
@@ -360,13 +467,23 @@ Style/GuardClause:
    - 'spec/support/request/distribution_helper.rb'
    - 'spec/support/request/shop_workflow.rb'

+# Offense count: 6
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, UseHashRocketsWithSymbolValues, PreferHashRocketsForNonAlnumEndingSymbols.
+# SupportedStyles: ruby19, hash_rockets, no_mixed_keys, ruby19_no_mixed_keys
+Style/HashSyntax:
+  Exclude:
+    - 'app/controllers/spree/api/base_controller.rb'
+    - 'app/controllers/spree/checkout_controller.rb'
+    - 'app/controllers/spree/orders_controller.rb'
+
 # Offense count: 4
 Style/IfInsideElse:
  Exclude:
    - 'app/controllers/admin/column_preferences_controller.rb'
    - 'app/controllers/admin/variant_overrides_controller.rb'
-    - 'app/controllers/api/taxons_controller.rb'
    - 'app/controllers/spree/admin/products_controller_decorator.rb'
+    - 'app/controllers/spree/api/taxons_controller.rb'

 # Offense count: 1
 Style/MissingRespondToMissing:
@@ -382,14 +499,15 @@ Style/MixinUsage:
    - 'spec/lib/open_food_network/order_cycle_management_report_spec.rb'
    - 'spec/lib/open_food_network/packing_report_spec.rb'

-# Offense count: 1
-Style/MultipleComparison:
+# Offense count: 2
+Style/NestedTernaryOperator:
  Exclude:
-    - 'spec/models/product_importer_spec.rb'
+    - 'app/views/spree/api/products/bulk_show.v1.rabl'
+    - 'app/views/spree/api/variants/bulk_show.v1.rabl'

-# Offense count: 9
+# Offense count: 10
 # Cop supports --auto-correct.
-# Configuration parameters: AutoCorrect, EnforcedStyle, IgnoredMethods.
+# Configuration parameters: AutoCorrect, EnforcedStyle.
 # SupportedStyles: predicate, comparison
 Style/NumericPredicate:
  Exclude:
@@ -398,17 +516,34 @@ Style/NumericPredicate:
    - 'app/models/spree/calculator/flexi_rate_decorator.rb'
    - 'app/models/spree/line_item_decorator.rb'
    - 'app/models/spree/order_decorator.rb'
+    - 'lib/open_food_network/integrity_checker.rb'
    - 'lib/open_food_network/rack_request_blocker.rb'
    - 'lib/open_food_network/xero_invoices_report.rb'
    - 'lib/spree/money_decorator.rb'

-# Offense count: 235
+# Offense count: 15
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, AllowInnerSlashes.
+# SupportedStyles: slashes, percent_r, mixed
+Style/RegexpLiteral:
+  Exclude:
+    - 'app/helpers/groups_helper.rb'
+    - 'app/helpers/html_helper.rb'
+    - 'app/models/enterprise.rb'
+    - 'app/models/enterprise_group.rb'
+    - 'app/models/spree/preference_decorator.rb'
+    - 'lib/discourse/single_sign_on.rb'
+    - 'spec/mailers/subscription_mailer_spec.rb'
+    - 'spec/models/content_configuration_spec.rb'
+
+# Offense count: 244
 Style/Send:
  Exclude:
    - 'app/controllers/spree/checkout_controller.rb'
    - 'app/models/spree/shipping_method_decorator.rb'
    - 'spec/controllers/admin/subscriptions_controller_spec.rb'
    - 'spec/controllers/checkout_controller_spec.rb'
+    - 'spec/controllers/shop_controller_spec.rb'
    - 'spec/controllers/spree/admin/base_controller_spec.rb'
    - 'spec/controllers/spree/orders_controller_spec.rb'
    - 'spec/helpers/order_cycles_helper_spec.rb'
@@ -422,18 +557,20 @@ Style/Send:
    - 'spec/lib/open_food_network/order_cycle_form_applicator_spec.rb'
    - 'spec/lib/open_food_network/permissions_spec.rb'
    - 'spec/lib/open_food_network/products_and_inventory_report_spec.rb'
+    - 'spec/lib/open_food_network/products_cache_spec.rb'
+    - 'spec/lib/open_food_network/products_renderer_spec.rb'
    - 'spec/lib/open_food_network/sales_tax_report_spec.rb'
    - 'spec/lib/open_food_network/subscription_payment_updater_spec.rb'
    - 'spec/lib/open_food_network/subscription_summarizer_spec.rb'
    - 'spec/lib/open_food_network/tag_rule_applicator_spec.rb'
    - 'spec/lib/open_food_network/xero_invoices_report_spec.rb'
    - 'spec/lib/stripe/webhook_handler_spec.rb'
-    - 'spec/models/calculator/weight_spec.rb'
    - 'spec/models/enterprise_spec.rb'
    - 'spec/models/exchange_spec.rb'
    - 'spec/models/spree/gateway/stripe_connect_spec.rb'
    - 'spec/models/spree/order_spec.rb'
    - 'spec/models/spree/payment_spec.rb'
+    - 'spec/models/spree/preference_spec.rb'
    - 'spec/models/spree/tax_rate_spec.rb'
    - 'spec/models/tag_rule/discount_order_spec.rb'
    - 'spec/models/tag_rule/filter_order_cycles_spec.rb'
@@ -441,7 +578,6 @@ Style/Send:
    - 'spec/models/tag_rule/filter_products_spec.rb'
    - 'spec/models/tag_rule/filter_shipping_methods_spec.rb'
    - 'spec/services/cart_service_spec.rb'
-    - 'spec/services/products_renderer_spec.rb'
    - 'spec/spec_helper.rb'
    - 'spec/support/localized_number_helper.rb'
    - 'spec/support/matchers/delegate_matchers.rb'
@@ -450,3 +586,9 @@ Style/Send:
 Style/StructInheritance:
  Exclude:
    - 'lib/open_food_network/enterprise_fee_applicator.rb'
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Style/UnlessElse:
+  Exclude:
+    - 'app/controllers/spree/api/variants_controller.rb'
--- a/.ruby-version
+++ b/.ruby-version
@@ -1 +1 @@
-2.3.7
+2.1.5
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -19,10 +19,6 @@ If you want to run the whole test suite, we recommend using a free CI service to

    bundle exec rspec spec

-## Which issue to pick first?
-
-We have curated all issues interesting for new members of the community within the [Welcome New Developers project board][welcome-dev]. Have a look and pick the one you would prefer working on!
-
 ## Internationalisation (i18n)

 The locale `en` is maintained in the source code, but other locales are managed at [Transifex][ofn-transifex]. Read more about [internationalisation][i18n] in the developer wiki.
@@ -66,4 +62,3 @@ From here, your pull request will progress through the [Review, Test, Merge & De
 [slack-dev]: https://openfoodnetwork.slack.com/messages/C2GQ45KNU
 [ofn-transifex]: https://www.transifex.com/open-food-foundation/open-food-network/
 [i18n]: https://github.com/openfoodfoundation/openfoodnetwork/wiki/i18n
-[welcome-dev]: https://github.com/openfoodfoundation/openfoodnetwork/projects/27
--- a/13
+++ b/13
@@ -6,19 +6,16 @@ RUN apt-get update && apt-get install -y curl git build-essential software-prope
 # Setup ENV variables
 ENV PATH /usr/local/src/rbenv/shims:/usr/local/src/rbenv/bin:$PATH
 ENV RBENV_ROOT /usr/local/src/rbenv
+ENV RUBY_VERSION 2.1.5
 ENV CONFIGURE_OPTS --disable-install-doc
-ENV BUNDLE_PATH /bundles
-
-WORKDIR /usr/src/app
-COPY .ruby-version .

 # Rbenv & Ruby part
 RUN git clone https://github.com/rbenv/rbenv.git ${RBENV_ROOT} && \
    git clone https://github.com/rbenv/ruby-build.git ${RBENV_ROOT}/plugins/ruby-build && \
    ${RBENV_ROOT}/plugins/ruby-build/install.sh && \
    echo 'eval "$(rbenv init -)"' >> /etc/profile.d/rbenv.sh && \
-    rbenv install $(cat .ruby-version) && \
-    rbenv global $(cat .ruby-version) && \
+    rbenv install $RUBY_VERSION && \
+    rbenv global $RUBY_VERSION && \
    gem install bundler --version=1.17.2

 # Postgres
@@ -27,4 +24,8 @@ RUN sh -c "echo 'deb https://apt.postgresql.org/pub/repos/apt/ bionic-pgdg main'
    apt-get update && \
    apt-get install -yqq --no-install-recommends postgresql-client-9.5 libpq-dev

+ENV BUNDLE_PATH /bundles
+
 COPY . /usr/src/app/
+
+WORKDIR /usr/src/app
--- a/GETTING_STARTED.md
+++ b/GETTING_STARTED.md
@@ -11,7 +11,7 @@ The following guides are located in the wiki and provide more OS-specific step-b
 ### Dependencies

 * Rails 3.2.x
-* Ruby 2.1.9
+* Ruby 2.1.5
 * PostgreSQL database
 * PhantomJS (for testing)
 * See Gemfile for a list of gems required
--- a/29
+++ b/29
@@ -1,9 +1,9 @@
 source 'https://rubygems.org'
-ruby "2.3.7"
+ruby "2.1.5"
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" }

 gem 'i18n', '~> 0.6.11'
-gem 'i18n-js', '~> 3.5.0'
+gem 'i18n-js', '~> 3.3.0'
 gem 'rails', '~> 3.2.22'
 gem 'rails-i18n', '~> 3.0.0'
 gem 'rails_safe_tasks', '~> 1.0'
@@ -15,12 +15,12 @@ gem 'nokogiri', '>= 1.6.7.1'
 gem "order_management", path: "./engines/order_management"
 gem 'web', path: './engines/web'

-gem 'activerecord-postgresql-adapter'
-gem 'pg', '~> 0.21.0'
+gem 'pg'

 # OFN-maintained and patched version of Spree v2.0.4. See
 # https://github.com/openfoodfoundation/openfoodnetwork/wiki/Spree-2.0-upgrade
 # for details.
+gem 'spree_api', github: 'openfoodfoundation/spree', branch: '2-0-4-stable'
 gem 'spree_backend', github: 'openfoodfoundation/spree', branch: '2-0-4-stable'
 gem 'spree_core', github: 'openfoodfoundation/spree', branch: '2-0-4-stable'

@@ -39,7 +39,7 @@ gem 'activemerchant', '~> 1.78'
 gem 'devise', '~> 2.2.5'
 gem 'devise-encryptable', '0.2.0'
 gem 'jwt', '~> 2.2'
-gem 'oauth2', '~> 1.4.2' # Used for Stripe Connect
+gem 'oauth2', '~> 1.4.1' # Used for Stripe Connect

 gem 'daemons'
 gem 'delayed_job_active_record'
@@ -84,7 +84,8 @@ gem 'paper_trail', '~> 5.2.3'
 gem 'paperclip', '~> 3.4.1'
 gem 'rack-rewrite'
 gem 'rack-ssl', require: 'rack/ssl'
-gem 'roadie-rails', '~> 1.3.0'
+gem 'roadie-rails', '~> 1.1.1'
+gem 'skylight', '< 2.0'
 gem 'spinjs-rails'

 gem 'combine_pdf'
@@ -98,18 +99,13 @@ gem 'roo-xls', '~> 1.1.0'

 gem 'whenever', require: false

-gem 'test-unit', '~> 3.3'
-
 # Gems used only for assets and not required
 # in production environments by default.
 group :assets do
  gem 'coffee-rails', '~> 3.2.1'
  gem 'compass-rails'

-  gem 'mini_racer', '0.1.15'
-  # Previously we found that libv8 6.7.288.46.1 breakis the compilation of mini_racer.
-  # Now we see that we need to set the version explicitly. Nothing else depends on libv8.
-  gem 'libv8', '6.3.292.48.1'
+  gem 'therubyracer', '=0.12.0'

  gem 'uglifier', '>= 1.0.3'

@@ -138,7 +134,7 @@ group :test, :development do
  gem 'capybara', '>= 2.15.4'
  gem 'database_cleaner', '0.7.1', require: false
  gem "factory_bot_rails", require: false
-  gem 'fuubar', '~> 2.5.0'
+  gem 'fuubar', '~> 2.4.1'
  gem 'json_spec', '~> 1.1.4'
  gem 'knapsack'
  gem 'letter_opener', '>= 1.4.1'
@@ -161,6 +157,11 @@ end
 group :development do
  gem 'byebug', '~> 9.0.0' # 9.1 requires ruby 2.2
  gem 'debugger-linecache'
+  gem 'guard'
+  gem 'guard-livereload'
+  gem 'guard-rails'
+  gem 'guard-rspec', '~> 4.7.3'
+  gem 'listen', '3.0.8' # 3.1.0 requires ruby 2.2
  gem "newrelic_rpm", "~> 3.0"
  gem 'pry-byebug', '>= 3.4.3'
  gem 'rubocop', '>= 0.49.1'
@@ -172,5 +173,5 @@ group :development do
  # greater than 1.0.9, so we just required the latest available version here.
  gem 'eventmachine', '>= 1.2.3'

-  gem 'rack-mini-profiler', '< 2.0.0'
+  gem 'rack-mini-profiler', '< 1.0.0'
 end
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -129,10 +129,8 @@ GEM
      activesupport (= 3.2.22.5)
      arel (~> 3.0.2)
      tzinfo (~> 0.3.29)
-    activerecord-import (1.0.3)
+    activerecord-import (1.0.2)
      activerecord (>= 3.2)
-    activerecord-postgresql-adapter (0.0.1)
-      pg
    activeresource (3.2.22.5)
      activemodel (= 3.2.22.5)
      activesupport (= 3.2.22.5)
@@ -166,7 +164,7 @@ GEM
    bcrypt-ruby (3.1.5)
      bcrypt (>= 3.1.3)
    blockenspiel (0.5.0)
-    bugsnag (6.12.2)
+    bugsnag (6.12.0)
      concurrent-ruby (~> 1.0)
    builder (3.0.4)
    byebug (9.0.6)
@@ -216,7 +214,7 @@ GEM
    connection_pool (2.2.2)
    crack (0.4.3)
      safe_yaml (~> 1.0.0)
-    css_parser (1.7.0)
+    css_parser (1.6.0)
      addressable
    daemons (1.3.1)
    dalli (2.7.10)
@@ -225,7 +223,7 @@ GEM
      activerecord (>= 3.2.0, < 5.0)
      fog (~> 1.0)
      rails (>= 3.2.0, < 5.0)
-    ddtrace (0.30.0)
+    ddtrace (0.26.0)
      msgpack
    debugger-linecache (1.2.0)
    deface (1.0.2)
@@ -254,6 +252,9 @@ GEM
    diffy (3.3.0)
    docile (1.3.2)
    dry-inflector (0.1.2)
+    em-websocket (0.5.1)
+      eventmachine (>= 0.12.9)
+      http_parser.rb (~> 0.6.0)
    erubis (2.7.0)
    eventmachine (1.2.7)
    excon (0.62.0)
@@ -426,25 +427,48 @@ GEM
    foundation-rails (5.5.2.1)
      railties (>= 3.1.0)
      sass (>= 3.3.0, < 3.5)
-    fuubar (2.5.0)
+    fuubar (2.4.1)
      rspec-core (~> 3.0)
      ruby-progressbar (~> 1.4)
    geocoder (1.1.8)
    gmaps4rails (1.5.6)
+    guard (2.15.0)
+      formatador (>= 0.2.4)
+      listen (>= 2.7, < 4.0)
+      lumberjack (>= 1.0.12, < 2.0)
+      nenv (~> 0.1)
+      notiffany (~> 0.0)
+      pry (>= 0.9.12)
+      shellany (~> 0.0)
+      thor (>= 0.18.1)
+    guard-compat (1.2.1)
+    guard-livereload (2.5.2)
+      em-websocket (~> 0.5)
+      guard (~> 2.8)
+      guard-compat (~> 1.0)
+      multi_json (~> 1.8)
+    guard-rails (0.7.2)
+      guard (~> 2.11)
+      guard-compat (~> 1.0)
+    guard-rspec (4.7.3)
+      guard (~> 2.1)
+      guard-compat (~> 1.1)
+      rspec (>= 2.99.0, < 4.0)
    haml (4.0.7)
      tilt
    hashdiff (1.0.0)
    highline (1.6.18)
    hike (1.2.3)
+    http_parser.rb (0.6.0)
    httparty (0.16.2)
      multi_xml (>= 0.5.2)
    i18n (0.6.11)
-    i18n-js (3.5.0)
+    i18n-js (3.3.0)
      i18n (>= 0.6.6)
    immigrant (0.3.6)
      activerecord (>= 3.0)
    ipaddress (0.8.3)
-    jaro_winkler (1.5.4)
+    jaro_winkler (1.5.1)
    journey (1.0.4)
    jquery-migrate-rails (1.2.1)
    jquery-rails (3.0.4)
@@ -467,7 +491,11 @@ GEM
      addressable (~> 2.3)
    letter_opener (1.7.0)
      launchy (~> 2.2)
-    libv8 (6.3.292.48.1)
+    libv8 (3.16.14.19)
+    listen (3.0.8)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+    lumberjack (1.0.13)
    mail (2.5.5)
      mime-types (~> 1.16)
      treetop (~> 1.4.8)
@@ -475,23 +503,25 @@ GEM
    mime-types (1.25.1)
    mini_mime (1.0.1)
    mini_portile2 (2.1.0)
-    mini_racer (0.1.15)
-      libv8 (~> 6.3)
    momentjs-rails (2.20.1)
      railties (>= 3.1)
    money (5.1.1)
      i18n (~> 0.6.0)
    msgpack (1.3.1)
-    multi_json (1.14.1)
+    multi_json (1.13.1)
    multi_xml (0.6.0)
    multipart-post (2.1.1)
+    nenv (0.3.0)
    net-http-persistent (3.1.0)
      connection_pool (~> 2.2)
    newrelic_rpm (3.18.1.330)
    nokogiri (1.6.8.1)
      mini_portile2 (~> 2.1.0)
-    oauth2 (1.4.2)
-      faraday (>= 0.8, < 2.0)
+    notiffany (0.1.1)
+      nenv (~> 0.1)
+      shellany (~> 0.0)
+    oauth2 (1.4.1)
+      faraday (>= 0.8, < 0.16.0)
      jwt (>= 1.0, < 3.0)
      multi_json (~> 1.3)
      multi_xml (~> 0.5)
@@ -507,10 +537,10 @@ GEM
      activesupport (>= 3.0.0)
      cocaine (~> 0.5.0)
      mime-types
-    parallel (1.18.0)
+    parallel (1.11.2)
    paranoia (1.3.4)
      activerecord (~> 3.1)
-    parser (2.6.5.0)
+    parser (2.5.1.0)
      ast (~> 2.4.0)
    paypal-sdk-core (0.2.10)
      multi_json (~> 1.0)
@@ -521,7 +551,7 @@ GEM
    polyamorous (0.5.0)
      activerecord (~> 3.0)
    polyglot (0.3.5)
-    power_assert (1.1.5)
+    powerpack (0.1.1)
    pry (0.12.2)
      coderay (~> 1.1.0)
      method_source (~> 0.9.0)
@@ -534,7 +564,7 @@ GEM
    rack (1.4.7)
    rack-cache (1.9.0)
      rack (>= 0.4)
-    rack-mini-profiler (1.0.0)
+    rack-mini-profiler (0.10.7)
      rack (>= 1.2.0)
    rack-protection (1.5.5)
      rack
@@ -564,7 +594,7 @@ GEM
      thor (>= 0.14.6, < 2.0)
    rainbow (3.0.0)
    raindrops (0.19.0)
-    rake (13.0.0)
+    rake (12.3.3)
    ransack (0.7.2)
      actionpack (~> 3.0)
      activerecord (~> 3.0)
@@ -580,13 +610,14 @@ GEM
    rdoc (3.12.2)
      json (~> 1.4)
    redcarpet (3.5.0)
+    ref (2.0.0)
    request_store (1.4.1)
      rack (>= 1.4)
    roadie (3.4.0)
      css_parser (~> 1.4)
      nokogiri (~> 1.5)
-    roadie-rails (1.3.0)
-      railties (>= 3.0, < 5.3)
+    roadie-rails (1.1.1)
+      railties (>= 3.0, < 5.1)
      roadie (~> 3.1)
    roo (2.7.1)
      nokogiri (~> 1)
@@ -595,40 +626,41 @@ GEM
      nokogiri
      roo (>= 2.0.0beta1, < 3)
      spreadsheet (> 0.9.0)
-    rspec (3.9.0)
-      rspec-core (~> 3.9.0)
-      rspec-expectations (~> 3.9.0)
-      rspec-mocks (~> 3.9.0)
-    rspec-core (3.9.0)
-      rspec-support (~> 3.9.0)
-    rspec-expectations (3.9.0)
+    rspec (3.8.0)
+      rspec-core (~> 3.8.0)
+      rspec-expectations (~> 3.8.0)
+      rspec-mocks (~> 3.8.0)
+    rspec-core (3.8.0)
+      rspec-support (~> 3.8.0)
+    rspec-expectations (3.8.2)
      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-mocks (3.9.0)
+      rspec-support (~> 3.8.0)
+    rspec-mocks (3.8.0)
      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-rails (3.9.0)
+      rspec-support (~> 3.8.0)
+    rspec-rails (3.8.2)
      actionpack (>= 3.0)
      activesupport (>= 3.0)
      railties (>= 3.0)
-      rspec-core (~> 3.9.0)
-      rspec-expectations (~> 3.9.0)
-      rspec-mocks (~> 3.9.0)
-      rspec-support (~> 3.9.0)
-    rspec-retry (0.6.2)
+      rspec-core (~> 3.8.0)
+      rspec-expectations (~> 3.8.0)
+      rspec-mocks (~> 3.8.0)
+      rspec-support (~> 3.8.0)
+    rspec-retry (0.6.1)
      rspec-core (> 3.3)
-    rspec-support (3.9.0)
-    rubocop (0.68.1)
+    rspec-support (3.8.0)
+    rubocop (0.57.2)
      jaro_winkler (~> 1.5.1)
      parallel (~> 1.10)
-      parser (>= 2.5, != 2.5.1.1)
+      parser (>= 2.5)
+      powerpack (~> 0.1)
      rainbow (>= 2.2.2, < 4.0)
      ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 1.6)
+      unicode-display_width (~> 1.0, >= 1.0.1)
    ruby-ole (1.2.12.1)
    ruby-progressbar (1.10.1)
    ruby-rc4 (0.1.5)
-    rubyzip (1.3.0)
+    rubyzip (1.2.2)
    safe_yaml (1.0.5)
    sass (3.3.14)
    sass-rails (3.2.6)
@@ -641,9 +673,10 @@ GEM
    selenium-webdriver (3.141.0)
      childprocess (~> 0.5)
      rubyzip (~> 1.2, >= 1.2.2)
+    shellany (0.0.1)
    shoulda-matchers (2.8.0)
      activesupport (>= 3.0.0)
-    simplecov (0.17.1)
+    simplecov (0.17.0)
      docile (~> 1.1)
      json (>= 1.8, < 3)
      simplecov-html (~> 0.10.0)
@@ -652,6 +685,8 @@ GEM
      rack (~> 1.4)
      rack-protection (~> 1.4)
      tilt (>= 1.3, < 3)
+    skylight (1.7.2)
+      activesupport (>= 3.0.0)
    spinjs-rails (1.4)
      rails (>= 3.1)
    spreadsheet (1.1.7)
@@ -669,8 +704,9 @@ GEM
    stripe (4.24.0)
      faraday (~> 0.13)
      net-http-persistent (~> 3.0)
-    test-unit (3.3.4)
-      power_assert
+    therubyracer (0.12.0)
+      libv8 (~> 3.16.14.0)
+      ref
    thor (0.20.3)
    tilt (1.4.1)
    timecop (0.9.1)
@@ -683,9 +719,9 @@ GEM
      railties (> 3.2.8, < 4.0.0)
      sprockets (>= 2.2.0)
    tzinfo (0.3.55)
-    uglifier (4.2.0)
+    uglifier (4.1.20)
      execjs (>= 0.3.0, < 3)
-    unicode-display_width (1.5.0)
+    unicode-display_width (1.3.2)
    unicorn (5.5.1)
      kgio (~> 2.6)
      raindrops (~> 0.7)
@@ -703,14 +739,14 @@ GEM
      nokogiri (~> 1.6)
      rubyzip (~> 1.0)
      selenium-webdriver (~> 3.0)
-    webmock (3.7.6)
+    webmock (3.7.1)
      addressable (>= 2.3.6)
      crack (>= 0.3.2)
      hashdiff (>= 0.4.0, < 2.0.0)
    whenever (0.11.0)
      chronic (>= 0.6.3)
    wicked_pdf (1.1.0)
-    wkhtmltopdf-binary (0.12.5)
+    wkhtmltopdf-binary (0.12.4)
    xml-simple (1.1.5)
    xpath (2.1.0)
      nokogiri (~> 1.3)
@@ -722,7 +758,6 @@ DEPENDENCIES
  active_model_serializers (= 0.8.4)
  activemerchant (~> 1.78)
  activerecord-import
-  activerecord-postgresql-adapter
  acts-as-taggable-on (~> 3.4)
  andand
  angular-rails-templates (~> 0.3.0)
@@ -758,12 +793,16 @@ DEPENDENCIES
  foundation-icons-sass-rails
  foundation-rails
  foundation_rails_helper!
-  fuubar (~> 2.5.0)
+  fuubar (~> 2.4.1)
  geocoder
  gmaps4rails
+  guard
+  guard-livereload
+  guard-rails
+  guard-rspec (~> 4.7.3)
  haml
  i18n (~> 0.6.11)
-  i18n-js (~> 3.5.0)
+  i18n-js (~> 3.3.0)
  immigrant
  jquery-migrate-rails
  jquery-rails (= 3.0.4)
@@ -772,28 +811,27 @@ DEPENDENCIES
  kaminari (~> 0.14.1)
  knapsack
  letter_opener (>= 1.4.1)
-  libv8 (= 6.3.292.48.1)
-  mini_racer (= 0.1.15)
+  listen (= 3.0.8)
  momentjs-rails
  newrelic_rpm (~> 3.0)
  nokogiri (>= 1.6.7.1)
-  oauth2 (~> 1.4.2)
+  oauth2 (~> 1.4.1)
  ofn-qz!
  oj
  order_management!
  paper_trail (~> 5.2.3)
  paperclip (~> 3.4.1)
-  pg (~> 0.21.0)
+  pg
  pry-byebug (>= 3.4.3)
  rabl
-  rack-mini-profiler (< 2.0.0)
+  rack-mini-profiler (< 1.0.0)
  rack-rewrite
  rack-ssl
  rails (~> 3.2.22)
  rails-i18n (~> 3.0.0)
  rails_safe_tasks (~> 1.0)
  redcarpet
-  roadie-rails (~> 1.3.0)
+  roadie-rails (~> 1.1.1)
  roo (~> 2.7.0)
  roo-xls (~> 1.1.0)
  rspec-rails (>= 3.5.2)
@@ -805,7 +843,9 @@ DEPENDENCIES
  shoulda-matchers
  simple_form!
  simplecov
+  skylight (< 2.0)
  spinjs-rails
+  spree_api!
  spree_backend!
  spree_core!
  spree_i18n!
@@ -813,7 +853,7 @@ DEPENDENCIES
  spring (= 1.7.2)
  spring-commands-rspec
  stripe
-  test-unit (~> 3.3)
+  therubyracer (= 0.12.0)
  timecop
  truncate_html
  turbo-sprockets-rails3
@@ -828,7 +868,7 @@ DEPENDENCIES
  wkhtmltopdf-binary

 RUBY VERSION
-   ruby 2.3.7p456
+   ruby 2.1.5p273

 BUNDLED WITH
   1.17.2
--- a/11
+++ b/11
@@ -0,0 +1,11 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+guard 'livereload' do
+  watch(%r{app/views/.+\.(erb|haml|slim)$})
+  watch(%r{app/helpers/.+\.rb})
+  watch(%r{public/.+\.(css|js|html)})
+
+  # Rails Assets Pipeline
+  watch(%r{(app|vendor)(/assets/\w+/(.+\.(css|js|html|png|jpg))).*}) { |m| "/assets/#{m[3]}" }
+end
--- a/README.md
+++ b/README.md
@@ -1,22 +1,23 @@
 [![Build Status](https://semaphoreci.com/api/v1/openfoodfoundation/openfoodnetwork-2/branches/master/badge.svg)](https://semaphoreci.com/openfoodfoundation/openfoodnetwork-2)
 [![Code Climate](https://codeclimate.com/github/openfoodfoundation/openfoodnetwork.png)](https://codeclimate.com/github/openfoodfoundation/openfoodnetwork)
+[![View performance data on Skylight](https://badges.skylight.io/status/EiXQ6sSKij8y.svg)](https://oss.skylight.io/app/applications/EiXQ6sSKij8y)

 # Open Food Network

-The Open Food Network is an online marketplace for local food. It enables a network of independent online food stores that connects farmers and food hubs (including co-ops, online farmers markets, independent food businesses, etc) with individuals and local businesses. It gives farmers and food hubs an easier and fairer way to distribute their food.
+The Open Food Network is an online marketplace for local food. It enables a network of independent online food stores that connect farmers and food hubs (including coops, online farmers' markets, independent food businesses etc);  with individuals and local businesses. It gives farmers and food hubs an easier and fairer way to distribute their food.

 Supported by the Open Food Foundation and a network of global affiliates, we are proudly open source and not-for-profit - we're trying to seriously disrupt the concentration of power in global agri-food systems, and we need as many smart people working together on this as possible.

 We're part of global movement - get involved!

-* Join the conversation [on Slack][slack-invite]. Make sure you introduce yourself in the #general channel.
+* Join the conversation [on Slack][slack-invite]. Make sure you introduce yourself in the #general channel
 * Head to [https://openfoodnetwork.org](https://openfoodnetwork.org) for more information about the global OFN project.
 * Check out the [User Guide](https://guide.openfoodnetwork.org/) for a list of features and tutorials.
 * Join our [discussion forum](https://community.openfoodnetwork.org).

 ## Contributing

-If you are interested in contributing to the OFN in any capacity, please introduce yourself [on Slack][slack-invite], and have a look through our [Contributor Guide][contributor-guide].
+If you are interested in contributing to the OFN in any capacity, please introducing yourself [on Slack][slack-invite], and have a look through our [Contributor Guide][contributor-guide]

 Our [GETTING_STARTED](GETTING_STARTED.md) and [CONTRIBUTING](CONTRIBUTING.md) guides are the best place to start for developers looking to set up a development environment and make contributions to the codebase.

@@ -35,7 +36,7 @@ We use [BrowserStack](https://www.browserstack.com/) as a manual testing tool. B
 Copyright (c) 2012 - 2019 Open Food Foundation, released under the AGPL licence.

 [survey]: https://docs.google.com/a/eaterprises.com.au/forms/d/1zxR5vSiU9CigJ9cEaC8-eJLgYid8CR8er7PPH9Mc-30/edit#
-[slack-invite]: https://join.slack.com/t/openfoodnetwork/shared_invite/enQtNzY3NDEwNzM2MDM0LWFmNGRhNDUwYzNmNWNkYmFkMzgxNDg1OTg1ODNjNWY4Y2FhNDIwNmE4ZWI0OThiMGNmZjFkODczNGZiYTJmNWI
+[slack-invite]: https://openfoodnetwork.org/slack-invite
 [contributor-guide]: https://ofn-user-guide.gitbook.io/ofn-contributor-guide/who-are-we
 [ofn-install]: https://github.com/openfoodfoundation/ofn-install
 [super-admin-guide]: https://ofn-user-guide.gitbook.io/ofn-super-admin-guide
--- a/app/assets/javascripts/admin/bulk_product_update.js.coffee
+++ b/app/assets/javascripts/admin/bulk_product_update.js.coffee
@@ -1,4 +1,4 @@
-angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout, $filter, $http, $window, BulkProducts, DisplayProperties, DirtyProducts, VariantUnitManager, StatusMessage, producers, Taxons, Columns, tax_categories, RequestMonitor) ->
+angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout, $filter, $http, $window, BulkProducts, DisplayProperties, DirtyProducts, VariantUnitManager, StatusMessage, producers, Taxons, SpreeApiAuth, Columns, tax_categories, RequestMonitor) ->
  $scope.StatusMessage = StatusMessage

  $scope.columns = Columns.columns
@@ -39,7 +39,12 @@ angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout
  $scope.DisplayProperties = DisplayProperties

  $scope.initialise = ->
-    $scope.fetchProducts()
+    SpreeApiAuth.authorise()
+    .then ->
+      $scope.spree_api_key_ok = true
+      $scope.fetchProducts()
+    .catch (message) ->
+      $scope.api_error_msg = message

  $scope.$watchCollection '[query, producerFilter, categoryFilter, importDateFilter, per_page]', ->
    $scope.page = 1 # Reset page when changing filters for new search
@@ -103,15 +108,9 @@ angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout
    $scope.categoryFilter = "0"
    $scope.importDateFilter = "0"

-  confirm_unsaved_changes = () ->
-    (DirtyProducts.count() > 0 and confirm(t("unsaved_changes_confirmation"))) or (DirtyProducts.count() == 0)
-  
-  editProductUrl = (product, variant) ->
-    "/admin/products/" + product.permalink_live + ((if variant then "/variants/" + variant.id else "")) + "/edit"
-
  $scope.editWarn = (product, variant) ->
-    if confirm_unsaved_changes()
-      window.open(editProductUrl(product, variant), "_blank")
+    if (DirtyProducts.count() > 0 and confirm(t("unsaved_changes_confirmation"))) or (DirtyProducts.count() == 0)
+      window.location = "/admin/products/" + product.permalink_live + ((if variant then "/variants/" + variant.id else "")) + "/edit"


  $scope.toggleShowAllVariants = ->
--- a/app/assets/javascripts/admin/index_utils/services/spree_api_auth.js.coffee
+++ b/app/assets/javascripts/admin/index_utils/services/spree_api_auth.js.coffee
@@ -0,0 +1,16 @@
+angular.module("admin.indexUtils").factory "SpreeApiAuth", ($q, $http, SpreeApiKey) ->
+  new class SpreeApiAuth
+    authorise: ->
+      deferred = $q.defer()
+
+      $http.get("/api/users/authorise_api?token=" + SpreeApiKey)
+      .success (response) ->
+        if response?.success == "Use of API Authorised"
+          $http.defaults.headers.common["X-Spree-Token"] = SpreeApiKey
+          deferred.resolve()
+
+      .error (response) ->
+        error = response?.error || t('js.unauthorized')
+        deferred.reject(error)
+
+      deferred.promise
--- a/app/assets/javascripts/admin/order_cycles/controllers/create.js.coffee
+++ b/app/assets/javascripts/admin/order_cycles/controllers/create.js.coffee
@@ -1,12 +1,92 @@
 angular.module('admin.orderCycles')
-  .controller 'AdminCreateOrderCycleCtrl', ($scope, $controller, $filter, $window, OrderCycle, Enterprise, EnterpriseFee, Schedules, RequestMonitor, ocInstance, StatusMessage) ->
-    $controller('AdminOrderCycleBasicCtrl', {$scope: $scope, ocInstance: ocInstance})
-
-    $scope.order_cycle = OrderCycle.new({ coordinator_id: ocInstance.coordinator_id})
+  .controller 'AdminCreateOrderCycleCtrl', ($scope, $filter, $window, OrderCycle, Enterprise, EnterpriseFee, Schedules, RequestMonitor, ocInstance, StatusMessage) ->
    $scope.enterprises = Enterprise.index(coordinator_id: ocInstance.coordinator_id)
+    $scope.supplier_enterprises = Enterprise.producer_enterprises
+    $scope.distributor_enterprises = Enterprise.hub_enterprises
+    $scope.supplied_products = Enterprise.supplied_products
    $scope.enterprise_fees = EnterpriseFee.index(coordinator_id: ocInstance.coordinator_id)
+    $scope.schedules = Schedules.index({enterprise_id: ocInstance.coordinator_id})
+
+    $scope.OrderCycle = OrderCycle
+    $scope.order_cycle = OrderCycle.new({ coordinator_id: ocInstance.coordinator_id})
+
+    $scope.StatusMessage = StatusMessage
+
+    $scope.$watch 'order_cycle_form.$dirty', (newValue) ->
+      StatusMessage.display 'notice', t("admin.unsaved_changes") if newValue
+
+    $scope.$watch 'order_cycle_form.$valid', (isValid) ->
+      StatusMessage.setValidation(isValid)
+
+    $scope.loaded = ->
+      Enterprise.loaded && EnterpriseFee.loaded && OrderCycle.loaded && !RequestMonitor.loading
+
+    $scope.suppliedVariants = (enterprise_id) ->
+      Enterprise.suppliedVariants(enterprise_id)
+
+    $scope.exchangeSelectedVariants = (exchange) ->
+      OrderCycle.exchangeSelectedVariants(exchange)
+
+    $scope.setExchangeVariants = (exchange, variants, selected) ->
+      OrderCycle.setExchangeVariants(exchange, variants, selected)
+
+    $scope.enterpriseTotalVariants = (enterprise) ->
+      Enterprise.totalVariants(enterprise)
+
+    $scope.productSuppliedToOrderCycle = (product) ->
+      OrderCycle.productSuppliedToOrderCycle(product)
+
+    $scope.variantSuppliedToOrderCycle = (variant) ->
+      OrderCycle.variantSuppliedToOrderCycle(variant)
+
+    $scope.incomingExchangeVariantsFor = (enterprise_id) ->
+      $filter('filterExchangeVariants')(OrderCycle.incomingExchangesVariants(), $scope.order_cycle.visible_variants_for_outgoing_exchanges[enterprise_id])
+
+    $scope.exchangeDirection = (exchange) ->
+      OrderCycle.exchangeDirection(exchange)
+
+    $scope.enterprisesWithFees = ->
+      $scope.enterprises[id] for id in OrderCycle.participatingEnterpriseIds() when $scope.enterpriseFeesForEnterprise(id).length > 0
+
+    $scope.enterpriseFeesForEnterprise = (enterprise_id) ->
+      EnterpriseFee.forEnterprise(parseInt(enterprise_id))
+
+    $scope.addSupplier = ($event) ->
+      $event.preventDefault()
+      OrderCycle.addSupplier($scope.new_supplier_id)
+
+    $scope.addDistributor = ($event) ->
+      $event.preventDefault()
+      OrderCycle.addDistributor($scope.new_distributor_id)
+
+    $scope.removeExchange = ($event, exchange) ->
+      $event.preventDefault()
+      OrderCycle.removeExchange(exchange)
+      $scope.order_cycle_form.$dirty = true
+
+    $scope.addCoordinatorFee = ($event) ->
+      $event.preventDefault()
+      OrderCycle.addCoordinatorFee()
+
+    $scope.removeCoordinatorFee = ($event, index) ->
+      $event.preventDefault()
+      OrderCycle.removeCoordinatorFee(index)
+
+    $scope.addExchangeFee = ($event, exchange) ->
+      $event.preventDefault()
+      OrderCycle.addExchangeFee(exchange)
+
+    $scope.removeExchangeFee = ($event, exchange, index) ->
+      $event.preventDefault()
+      OrderCycle.removeExchangeFee(exchange, index)
+
+    $scope.removeDistributionOfVariant = (variant_id) ->
+      OrderCycle.removeDistributionOfVariant(variant_id)

    $scope.submit = ($event, destination) ->
      $event.preventDefault()
      StatusMessage.display 'progress', t('js.saving')
      OrderCycle.create(destination)
+
+    $scope.cancel = (destination) ->
+      $window.location = destination
--- a/app/assets/javascripts/admin/order_cycles/controllers/edit.js.coffee
+++ b/app/assets/javascripts/admin/order_cycles/controllers/edit.js.coffee
@@ -1,17 +1,91 @@
 angular.module('admin.orderCycles')
-  .controller 'AdminEditOrderCycleCtrl', ($scope, $controller, $filter, $location, $window, OrderCycle, Enterprise, EnterpriseFee, StatusMessage, Schedules, RequestMonitor, ocInstance) ->
-    $controller('AdminOrderCycleBasicCtrl', {$scope: $scope, ocInstance: ocInstance})
-
+  .controller 'AdminEditOrderCycleCtrl', ($scope, $filter, $location, $window, OrderCycle, Enterprise, EnterpriseFee, StatusMessage, Schedules, RequestMonitor, ocInstance) ->
    order_cycle_id = $location.absUrl().match(/\/admin\/order_cycles\/(\d+)/)[1]
-    $scope.order_cycle = OrderCycle.load(order_cycle_id)
    $scope.enterprises = Enterprise.index(order_cycle_id: order_cycle_id)
+    $scope.supplier_enterprises = Enterprise.producer_enterprises
+    $scope.distributor_enterprises = Enterprise.hub_enterprises
+    $scope.supplied_products = Enterprise.supplied_products
    $scope.enterprise_fees = EnterpriseFee.index(order_cycle_id: order_cycle_id)
+    $scope.schedules = Schedules.index({enterprise_id: ocInstance.coordinator_id})
+
+    $scope.OrderCycle = OrderCycle
+    $scope.order_cycle = OrderCycle.load(order_cycle_id)
+
+    $scope.StatusMessage = StatusMessage
+
+    $scope.$watch 'order_cycle_form.$dirty', (newValue) ->
+      StatusMessage.display 'notice', t("admin.unsaved_changes") if newValue
+
+    $scope.$watch 'order_cycle_form.$valid', (isValid) ->
+      StatusMessage.setValidation(isValid)
+
+    $scope.loaded = ->
+      Enterprise.loaded && EnterpriseFee.loaded && OrderCycle.loaded && !RequestMonitor.loading
+
+    $scope.suppliedVariants = (enterprise_id) ->
+      Enterprise.suppliedVariants(enterprise_id)
+
+    $scope.exchangeSelectedVariants = (exchange) ->
+      OrderCycle.exchangeSelectedVariants(exchange)
+
+    $scope.setExchangeVariants = (exchange, variants, selected) ->
+      OrderCycle.setExchangeVariants(exchange, variants, selected)
+
+    $scope.enterpriseTotalVariants = (enterprise) ->
+      Enterprise.totalVariants(enterprise)
+
+    $scope.productSuppliedToOrderCycle = (product) ->
+      OrderCycle.productSuppliedToOrderCycle(product)
+
+    $scope.variantSuppliedToOrderCycle = (variant) ->
+      OrderCycle.variantSuppliedToOrderCycle(variant)
+
+    $scope.incomingExchangeVariantsFor = (enterprise_id) ->
+      $filter('filterExchangeVariants')(OrderCycle.incomingExchangesVariants(), $scope.order_cycle.visible_variants_for_outgoing_exchanges[enterprise_id])
+
+    $scope.exchangeDirection = (exchange) ->
+      OrderCycle.exchangeDirection(exchange)
+
+    $scope.enterprisesWithFees = ->
+      $scope.enterprises[id] for id in OrderCycle.participatingEnterpriseIds() when $scope.enterpriseFeesForEnterprise(id).length > 0
+
+    $scope.enterpriseFeesForEnterprise = (enterprise_id) ->
+      EnterpriseFee.forEnterprise(parseInt(enterprise_id))
+
+    $scope.addSupplier = ($event) ->
+      $event.preventDefault()
+      OrderCycle.addSupplier($scope.new_supplier_id)
+
+    $scope.addDistributor = ($event) ->
+      $event.preventDefault()
+      OrderCycle.addDistributor($scope.new_distributor_id)
+
+    $scope.removeExchange = ($event, exchange) ->
+      $event.preventDefault()
+      OrderCycle.removeExchange(exchange)
+      $scope.order_cycle_form.$dirty = true
+
+    $scope.addCoordinatorFee = ($event) ->
+      $event.preventDefault()
+      OrderCycle.addCoordinatorFee()

    $scope.removeCoordinatorFee = ($event, index) ->
      $event.preventDefault()
      OrderCycle.removeCoordinatorFee(index)
      $scope.order_cycle_form.$dirty = true

+    $scope.addExchangeFee = ($event, exchange) ->
+      $event.preventDefault()
+      OrderCycle.addExchangeFee(exchange)
+
+    $scope.removeExchangeFee = ($event, exchange, index) ->
+      $event.preventDefault()
+      OrderCycle.removeExchangeFee(exchange, index)
+      $scope.order_cycle_form.$dirty = true
+
+    $scope.removeDistributionOfVariant = (variant_id) ->
+      OrderCycle.removeDistributionOfVariant(variant_id)
+
    $scope.submit = (destination) ->
      $event.preventDefault()
      StatusMessage.display 'progress', t('js.saving')
@@ -20,3 +94,6 @@ angular.module('admin.orderCycles')
      $event.preventDefault()
      StatusMessage.display 'progress', t('js.saving')
      OrderCycle.update(destination, $scope.order_cycle_form)
+
+    $scope.cancel = (destination) ->
+      $window.location = destination
--- a/app/assets/javascripts/admin/order_cycles/controllers/incoming_controller.js.coffee
+++ b/app/assets/javascripts/admin/order_cycles/controllers/incoming_controller.js.coffee
@@ -1,5 +0,0 @@
-angular.module('admin.orderCycles').controller 'AdminOrderCycleIncomingCtrl', ($scope, $controller, $location, Enterprise, ocInstance) ->
-  $controller('AdminOrderCycleExchangesCtrl', {$scope: $scope, ocInstance: ocInstance, $location: $location})
-
-  $scope.enterpriseTotalVariants = (enterprise) ->
-    Enterprise.totalVariants(enterprise)
--- a/app/assets/javascripts/admin/order_cycles/controllers/order_cycle_basic_controller.js.coffee
+++ b/app/assets/javascripts/admin/order_cycles/controllers/order_cycle_basic_controller.js.coffee
@@ -1,40 +0,0 @@
-angular.module('admin.orderCycles')
-  .controller 'AdminOrderCycleBasicCtrl', ($scope, $filter, $window, OrderCycle, Enterprise, EnterpriseFee, Schedules, RequestMonitor, ocInstance, StatusMessage) ->
-    $scope.StatusMessage = StatusMessage
-    $scope.OrderCycle = OrderCycle
-
-    $scope.$watch 'order_cycle_form.$dirty', (newValue) ->
-      StatusMessage.display 'notice', t("admin.unsaved_changes") if newValue
-
-    $scope.$watch 'order_cycle_form.$valid', (isValid) ->
-      StatusMessage.setValidation(isValid)
-
-    $scope.loaded = ->
-      Enterprise.loaded && EnterpriseFee.loaded && OrderCycle.loaded && !RequestMonitor.loading
-
-    $scope.enterpriseFeesForEnterprise = (enterprise_id) ->
-      EnterpriseFee.forEnterprise(parseInt(enterprise_id))
-
-    $scope.cancel = (destination) ->
-      $window.location = destination
-
-    # Used in panels/exchange_supplied_products.html
-    $scope.suppliedVariants = (enterprise_id) ->
-      Enterprise.suppliedVariants(enterprise_id)
-
-    # Used in panels/exchange_supplied_products.html and panels/exchange_distributed_products.html
-    $scope.setExchangeVariants = (exchange, variants, selected) ->
-      OrderCycle.setExchangeVariants(exchange, variants, selected)
-
-    # The following methods are specific to the general settings pages:
-    #   - simple create, simple edit and general settings pages
-
-    $scope.schedules = Schedules.index({enterprise_id: ocInstance.coordinator_id})
-
-    $scope.addCoordinatorFee = ($event) ->
-      $event.preventDefault()
-      OrderCycle.addCoordinatorFee()
-
-    $scope.removeCoordinatorFee = ($event, index) ->
-      $event.preventDefault()
-      OrderCycle.removeCoordinatorFee(index)
--- a/app/assets/javascripts/admin/order_cycles/controllers/order_cycle_exchanges_controller.js.coffee
+++ b/app/assets/javascripts/admin/order_cycles/controllers/order_cycle_exchanges_controller.js.coffee
@@ -1,46 +0,0 @@
-angular.module('admin.orderCycles')
-  .controller 'AdminOrderCycleExchangesCtrl', ($scope, $controller, $filter, $window, $location, $timeout, OrderCycle, Enterprise, EnterpriseFee, Schedules, RequestMonitor, ocInstance, StatusMessage) ->
-    $controller('AdminEditOrderCycleCtrl', {$scope: $scope, ocInstance: ocInstance, $location: $location})
-
-    $scope.supplier_enterprises = Enterprise.producer_enterprises
-    $scope.distributor_enterprises = Enterprise.hub_enterprises
-    $scope.supplied_products = Enterprise.supplied_products
-
-    $scope.exchangeSelectedVariants = (exchange) ->
-      OrderCycle.exchangeSelectedVariants(exchange)
-
-    $scope.exchangeDirection = (exchange) ->
-      OrderCycle.exchangeDirection(exchange)
-
-    $scope.enterprisesWithFees = ->
-      $scope.enterprises[id] for id in OrderCycle.participatingEnterpriseIds() when $scope.enterpriseFeesForEnterprise(id).length > 0
-
-    $scope.removeExchange = ($event, exchange) ->
-      $event.preventDefault()
-      OrderCycle.removeExchange(exchange)
-      $scope.order_cycle_form.$dirty = true
-
-    $scope.addExchangeFee = ($event, exchange) ->
-      $event.preventDefault()
-      OrderCycle.addExchangeFee(exchange)
-
-    $scope.removeExchangeFee = ($event, exchange, index) ->
-      $event.preventDefault()
-      OrderCycle.removeExchangeFee(exchange, index)
-      $scope.order_cycle_form.$dirty = true
-
-    $scope.addSupplier = ($event) ->
-      $event.preventDefault()
-      OrderCycle.addSupplier($scope.new_supplier_id)
-
-    $scope.addDistributor = ($event) ->
-      $event.preventDefault()
-      OrderCycle.addDistributor($scope.new_distributor_id)
-
-    $scope.setPickupTimeFieldDirty = (index) ->
-      $timeout ->
-        pickup_time_field_name = "order_cycle_outgoing_exchange_" + index + "_pickup_time"
-        $scope.order_cycle_form[pickup_time_field_name].$setDirty()
-
-    $scope.removeDistributionOfVariant = (variant_id) ->
-      OrderCycle.removeDistributionOfVariant(variant_id)
--- a/app/assets/javascripts/admin/order_cycles/controllers/outgoing_controller.js.coffee
+++ b/app/assets/javascripts/admin/order_cycles/controllers/outgoing_controller.js.coffee
@@ -1,16 +0,0 @@
-angular.module('admin.orderCycles').controller 'AdminOrderCycleOutgoingCtrl', ($scope, $controller, $filter, $location, OrderCycle, ocInstance, StatusMessage) ->
-  $controller('AdminOrderCycleExchangesCtrl', {$scope: $scope, ocInstance: ocInstance, $location: $location})
-
-  $scope.productSuppliedToOrderCycle = (product) ->
-    OrderCycle.productSuppliedToOrderCycle(product)
-
-  $scope.variantSuppliedToOrderCycle = (variant) ->
-    OrderCycle.variantSuppliedToOrderCycle(variant)
-
-  $scope.incomingExchangeVariantsFor = (enterprise_id) ->
-    $filter('filterExchangeVariants')(OrderCycle.incomingExchangesVariants(), $scope.order_cycle.visible_variants_for_outgoing_exchanges[enterprise_id])
-
-  $scope.submit = ($event, destination) ->
-    $event.preventDefault()
-    StatusMessage.display 'progress', t('js.saving')
-    OrderCycle.update(destination, $scope.order_cycle_form) if OrderCycle.confirmNoDistributors()
--- a/app/assets/javascripts/admin/order_cycles/controllers/simple_create.js.coffee
+++ b/app/assets/javascripts/admin/order_cycles/controllers/simple_create.js.coffee
@@ -1,12 +1,19 @@
-angular.module('admin.orderCycles').controller "AdminSimpleCreateOrderCycleCtrl", ($scope, $controller, $window, OrderCycle, Enterprise, EnterpriseFee, StatusMessage, Schedules, RequestMonitor, ocInstance) ->
-  $controller('AdminOrderCycleBasicCtrl', {$scope: $scope, ocInstance: ocInstance})
-
+angular.module('admin.orderCycles').controller "AdminSimpleCreateOrderCycleCtrl", ($scope, $window, OrderCycle, Enterprise, EnterpriseFee, StatusMessage, Schedules, RequestMonitor, ocInstance) ->
+  $scope.StatusMessage = StatusMessage
+  $scope.OrderCycle = OrderCycle
+  $scope.schedules = Schedules.index({enterprise_id: ocInstance.coordinator_id})
  $scope.order_cycle = OrderCycle.new {coordinator_id: ocInstance.coordinator_id}, =>
    # TODO: make this a get method, which only fetches one enterprise
    $scope.enterprises = Enterprise.index {coordinator_id: ocInstance.coordinator_id}, (enterprises) =>
      $scope.init(enterprises)
    $scope.enterprise_fees = EnterpriseFee.index(coordinator_id: ocInstance.coordinator_id)

+  $scope.$watch 'order_cycle_form.$dirty', (newValue) ->
+      StatusMessage.display 'notice', t("admin.unsaved_changes") if newValue
+
+  $scope.$watch 'order_cycle_form.$valid', (isValid) ->
+    StatusMessage.setValidation(isValid)
+
  $scope.init = (enterprises) ->
    enterprise = enterprises[Object.keys(enterprises)[0]]
    OrderCycle.addSupplier enterprise.id
@@ -19,10 +26,33 @@ angular.module('admin.orderCycles').controller "AdminSimpleCreateOrderCycleCtrl"

    OrderCycle.order_cycle.coordinator_id = enterprise.id

+  $scope.loaded = ->
+    Enterprise.loaded && EnterpriseFee.loaded && OrderCycle.loaded && !RequestMonitor.loading
+
  $scope.removeDistributionOfVariant = angular.noop

+  $scope.setExchangeVariants = (exchange, variants, selected) ->
+    OrderCycle.setExchangeVariants(exchange, variants, selected)
+
+  $scope.suppliedVariants = (enterprise_id) ->
+    Enterprise.suppliedVariants(enterprise_id)
+
+  $scope.addCoordinatorFee = ($event) ->
+    $event.preventDefault()
+    OrderCycle.addCoordinatorFee()
+
+  $scope.removeCoordinatorFee = ($event, index) ->
+    $event.preventDefault()
+    OrderCycle.removeCoordinatorFee(index)
+
+  $scope.enterpriseFeesForEnterprise = (enterprise_id) ->
+    EnterpriseFee.forEnterprise(parseInt(enterprise_id))
+
  $scope.submit = ($event, destination) ->
    $event.preventDefault()
    StatusMessage.display 'progress', t('js.saving')
    OrderCycle.mirrorIncomingToOutgoingProducts()
-    OrderCycle.create(destination) if OrderCycle.confirmNoDistributors()
+    OrderCycle.create(destination)
+
+  $scope.cancel = (destination) ->
+      $window.location = destination
--- a/app/assets/javascripts/admin/order_cycles/controllers/simple_edit.js.coffee
+++ b/app/assets/javascripts/admin/order_cycles/controllers/simple_edit.js.coffee
@@ -1,21 +1,51 @@
-angular.module('admin.orderCycles').controller "AdminSimpleEditOrderCycleCtrl", ($scope, $controller, $location, $window, OrderCycle, Enterprise, EnterpriseFee, Schedules, RequestMonitor, StatusMessage, ocInstance) ->
-  $controller('AdminOrderCycleBasicCtrl', {$scope: $scope, ocInstance: ocInstance})
-
+angular.module('admin.orderCycles').controller "AdminSimpleEditOrderCycleCtrl", ($scope, $location, $window, OrderCycle, Enterprise, EnterpriseFee, Schedules, RequestMonitor, StatusMessage, ocInstance) ->
  $scope.orderCycleId = ->
    $location.absUrl().match(/\/admin\/order_cycles\/(\d+)/)[1]

+  $scope.StatusMessage = StatusMessage
  $scope.enterprises = Enterprise.index(order_cycle_id: $scope.orderCycleId())
  $scope.enterprise_fees = EnterpriseFee.index(order_cycle_id: $scope.orderCycleId())
+  $scope.schedules = Schedules.index({enterprise_id: ocInstance.coordinator_id})
+  $scope.OrderCycle = OrderCycle
  $scope.order_cycle = OrderCycle.load $scope.orderCycleId(), (order_cycle) =>
    $scope.init()

+  $scope.$watch 'order_cycle_form.$dirty', (newValue) ->
+      StatusMessage.display 'notice', t("admin.unsaved_changes") if newValue
+
+  $scope.$watch 'order_cycle_form.$valid', (isValid) ->
+    StatusMessage.setValidation(isValid)
+
+  $scope.loaded = ->
+    Enterprise.loaded && EnterpriseFee.loaded && OrderCycle.loaded && !RequestMonitor.loading
+
  $scope.init = ->
    $scope.outgoing_exchange = OrderCycle.order_cycle.outgoing_exchanges[0]

+  $scope.enterpriseFeesForEnterprise = (enterprise_id) ->
+    EnterpriseFee.forEnterprise(parseInt(enterprise_id))
+
  $scope.removeDistributionOfVariant = angular.noop

+  $scope.setExchangeVariants = (exchange, variants, selected) ->
+    OrderCycle.setExchangeVariants(exchange, variants, selected)
+
+  $scope.suppliedVariants = (enterprise_id) ->
+    Enterprise.suppliedVariants(enterprise_id)
+
+  $scope.addCoordinatorFee = ($event) ->
+    $event.preventDefault()
+    OrderCycle.addCoordinatorFee()
+
+  $scope.removeCoordinatorFee = ($event, index) ->
+    $event.preventDefault()
+    OrderCycle.removeCoordinatorFee(index)
+
  $scope.submit = ($event, destination) ->
    $event.preventDefault()
    StatusMessage.display 'progress', t('js.saving')
    OrderCycle.mirrorIncomingToOutgoingProducts()
-    OrderCycle.update(destination, $scope.order_cycle_form) if OrderCycle.confirmNoDistributors()
+    OrderCycle.update(destination, $scope.order_cycle_form)
+
+  $scope.cancel = (destination) ->
+    $window.location = destination
--- a/app/assets/javascripts/admin/order_cycles/services/order_cycle.js.coffee
+++ b/app/assets/javascripts/admin/order_cycles/services/order_cycle.js.coffee
@@ -148,12 +148,10 @@ angular.module('admin.orderCycles').factory 'OrderCycle', ($resource, $window, S
      this.order_cycle

    create: (destination) ->
+      return unless @confirmNoDistributors()
      oc = new OrderCycleResource({order_cycle: this.dataForSubmit()})
      oc.$create (data) ->
-        if destination? && destination.length != 0
-          $window.location = destination
-        else if data.edit_path?
-          $window.location = data.edit_path
+        $window.location = destination
      , (response) ->
        if response.data.errors?
          StatusMessage.display('failure', response.data.errors[0])
@@ -161,6 +159,7 @@ angular.module('admin.orderCycles').factory 'OrderCycle', ($resource, $window, S
          StatusMessage.display('failure', t('js.order_cycles.create_failure'))

    update: (destination, form) ->
+      return unless @confirmNoDistributors()
      oc = new OrderCycleResource({order_cycle: this.dataForSubmit()})
      oc.$update {order_cycle_id: this.order_cycle.id, reloading: (if destination? then 1 else 0)}, (data) =>
        form.$setPristine() if form
@@ -174,6 +173,7 @@ angular.module('admin.orderCycles').factory 'OrderCycle', ($resource, $window, S
        else
          StatusMessage.display('failure', t('js.order_cycles.update_failure'))

+
    confirmNoDistributors: ->
      if @order_cycle.outgoing_exchanges.length == 0
        confirm t('js.order_cycles.no_distributors')
--- a/app/assets/javascripts/admin/subscriptions/controllers/products_panel_controller.js.coffee
+++ b/app/assets/javascripts/admin/subscriptions/controllers/products_panel_controller.js.coffee
@@ -20,4 +20,4 @@ angular.module("admin.subscriptions").controller "ProductsPanelController", ($sc
        keys = Object.keys(response.data.errors)
        StatusMessage.display 'failure', response.data.errors[keys[0]][0]
      else
-        StatusMessage.display 'failure', t('js.admin.subscriptions.error_saving')
+        StatusMessage.display 'success', t('js.changes_saved')
--- a/app/assets/javascripts/admin/variant_overrides/controllers/variant_overrides_controller.js.coffee
+++ b/app/assets/javascripts/admin/variant_overrides/controllers/variant_overrides_controller.js.coffee
@@ -1,4 +1,4 @@
-angular.module("admin.variantOverrides").controller "AdminVariantOverridesCtrl", ($scope, $http, $timeout, Indexer, Columns, Views, PagedFetcher, StatusMessage, RequestMonitor, hubs, producers, hubPermissions, InventoryItems, VariantOverrides, DirtyVariantOverrides) ->
+angular.module("admin.variantOverrides").controller "AdminVariantOverridesCtrl", ($scope, $http, $timeout, Indexer, Columns, Views, SpreeApiAuth, PagedFetcher, StatusMessage, RequestMonitor, hubs, producers, hubPermissions, InventoryItems, VariantOverrides, DirtyVariantOverrides) ->
  $scope.hubs = Indexer.index hubs
  $scope.hub_id = if hubs.length == 1 then hubs[0].id else null
  $scope.products = []
@@ -39,7 +39,13 @@ angular.module("admin.variantOverrides").controller "AdminVariantOverridesCtrl",
    $scope.producerFilter != 0 || $scope.query != ''

  $scope.initialise = ->
-    $scope.fetchProducts()
+    SpreeApiAuth.authorise()
+    .then ->
+      $scope.spree_api_key_ok = true
+      $scope.fetchProducts()
+    .catch (message) ->
+      $scope.api_error_msg = message
+

  $scope.fetchProducts = ->
    url = "/api/products/overridable?page=::page::;per_page=100"
--- a/app/assets/javascripts/darkswarm/controllers/order_cycle_controller.js.coffee
+++ b/app/assets/javascripts/darkswarm/controllers/order_cycle_controller.js.coffee
@@ -1,4 +1,4 @@
-Darkswarm.controller "OrderCycleCtrl", ($scope, $rootScope, $timeout, OrderCycle) ->
+Darkswarm.controller "OrderCycleCtrl", ($scope, $timeout, OrderCycle) ->
  $scope.order_cycle = OrderCycle.order_cycle
  $scope.OrderCycle = OrderCycle

@@ -6,12 +6,11 @@ Darkswarm.controller "OrderCycleCtrl", ($scope, $rootScope, $timeout, OrderCycle
  # This is a hack. We should probably write our own "popover" directive
  # That takes an expression instead of a trigger, and binds to that
  $timeout =>
-    $rootScope.$broadcast 'orderCycleSelected'
    if !$scope.OrderCycle.selected()
      $("#order_cycle_id").trigger("openTrigger")


-Darkswarm.controller "OrderCycleChangeCtrl", ($scope, $rootScope, $timeout, OrderCycle, Products, Variants, Cart, ChangeableOrdersAlert) ->
+Darkswarm.controller "OrderCycleChangeCtrl", ($scope, $timeout, OrderCycle, Products, Variants, Cart, ChangeableOrdersAlert) ->
  # Track previous order cycle id for use with revertOrderCycle()
  $scope.previous_order_cycle_id = OrderCycle.order_cycle.order_cycle_id
  $scope.$watch 'order_cycle.order_cycle_id', (newValue, oldValue)->
@@ -33,4 +32,3 @@ Darkswarm.controller "OrderCycleChangeCtrl", ($scope, $rootScope, $timeout, Orde
    Products.update()
    Cart.reloadFinalisedLineItems()
    ChangeableOrdersAlert.reload()
-    $rootScope.$broadcast 'orderCycleSelected'
--- a/app/assets/javascripts/darkswarm/controllers/products_controller.js.coffee
+++ b/app/assets/javascripts/darkswarm/controllers/products_controller.js.coffee
@@ -1,65 +1,41 @@
-Darkswarm.controller "ProductsCtrl", ($scope, $filter, $rootScope, Products, OrderCycle, OrderCycleResource, FilterSelectorsService, Cart, Dereferencer, Taxons, Properties, currentHub, $timeout) ->
+Darkswarm.controller "ProductsCtrl", ($scope, $filter, $rootScope, Products, OrderCycle, FilterSelectorsService, Cart, Taxons, Properties) ->
  $scope.Products = Products
  $scope.Cart = Cart
  $scope.query = ""
  $scope.taxonSelectors = FilterSelectorsService.createSelectors()
  $scope.propertySelectors = FilterSelectorsService.createSelectors()
  $scope.filtersActive = true
-  $scope.page = 1
-  $scope.per_page = 10
+  $scope.limit = 10
  $scope.order_cycle = OrderCycle.order_cycle
-  $scope.supplied_taxons = null
-  $scope.supplied_properties = null
+  # $scope.infiniteDisabled = true

-  $rootScope.$on "orderCycleSelected", ->
-    $scope.update_filters()
-    $scope.clearAll()
+  # All of this logic basically just replicates the functionality filtering an ng-repeat
+  # except that it allows us to filter a separate list before rendering, meaning that
+  # we can get much better performance when applying filters by resetting the limit on the
+  # number of products being rendered each time a filter is changed.

-  $scope.update_filters = ->
-    order_cycle_id = OrderCycle.order_cycle.order_cycle_id
+  $scope.$watch "Products.loading", (newValue, oldValue) ->
+    $scope.updateFilteredProducts()
+    $scope.$broadcast("loadFilterSelectors") if !newValue

-    return unless order_cycle_id
+  $scope.incrementLimit = ->
+    if $scope.limit < Products.products.length
+      $scope.limit += 10
+      $scope.updateVisibleProducts()

-    params = {
-      id: order_cycle_id,
-      distributor: currentHub.id
-    }
-    OrderCycleResource.taxons params, (data)=>
-      $scope.supplied_taxons = {}
-      data.map( (taxon) ->
-        $scope.supplied_taxons[taxon.id] = Taxons.taxons_by_id[taxon.id]
-      )
-    OrderCycleResource.properties params, (data)=>
-      $scope.supplied_properties = {}
-      data.map( (property) ->
-        $scope.supplied_properties[property.id] = Properties.properties_by_id[property.id]
-      )
+  $scope.$watch 'query', -> $scope.updateFilteredProducts()
+  $scope.$watchCollection 'activeTaxons', -> $scope.updateFilteredProducts()
+  $scope.$watchCollection 'activeProperties', -> $scope.updateFilteredProducts()

-  $scope.loadMore = ->
-    if ($scope.page * $scope.per_page) <= Products.products.length
-      $scope.loadMoreProducts()
+  $scope.updateFilteredProducts = ->
+    $scope.limit = 10
+    f1 = $filter('products')(Products.products, $scope.query)
+    f2 = $filter('taxons')(f1, $scope.activeTaxons)
+    $scope.filteredProducts = $filter('properties')(f2, $scope.activeProperties)
+    $scope.updateVisibleProducts()

-  $scope.$watch 'query', (newValue, oldValue) -> $scope.loadProducts() if newValue != oldValue
-  $scope.$watchCollection 'activeTaxons', (newValue, oldValue) -> $scope.loadProducts() if newValue != oldValue
-  $scope.$watchCollection 'activeProperties', (newValue, oldValue) -> $scope.loadProducts() if newValue != oldValue
-
-  $scope.loadProducts = ->
-    $scope.page = 1
-    Products.update($scope.queryParams())
-
-  $scope.loadMoreProducts = ->
-    Products.update($scope.queryParams($scope.page + 1), true)
-    $scope.page += 1
-
-  $scope.queryParams = (page = null) ->
-    {
-      id: $scope.order_cycle.order_cycle_id,
-      page: page || $scope.page,
-      per_page: $scope.per_page,
-      'q[name_or_meta_keywords_or_supplier_name_cont]': $scope.query,
-      'q[properties_id_or_supplier_properties_id_in_any][]': $scope.activeProperties,
-      'q[primary_taxon_id_in_any][]': $scope.activeTaxons
-    }
+  $scope.updateVisibleProducts = ->
+    $scope.visibleProducts = $filter('limitTo')($scope.filteredProducts, $scope.limit)

  $scope.searchKeypress = (e)->
    code = e.keyCode || e.which
--- a/app/assets/javascripts/darkswarm/services/order_cycle_resource.js.coffee
+++ b/app/assets/javascripts/darkswarm/services/order_cycle_resource.js.coffee
@@ -1,21 +0,0 @@
-Darkswarm.factory 'OrderCycleResource', ($resource) ->
-  $resource('/api/order_cycles/:id', {}, {
-    'products':
-      method: 'GET'
-      isArray: true
-      url: '/api/order_cycles/:id/products'
-      params:
-        id: '@id'
-    'taxons':
-      method: 'GET'
-      isArray: true
-      url: '/api/order_cycles/:id/taxons'
-      params:
-        id: '@id'
-    'properties':
-      method: 'GET'
-      isArray: true
-      url: '/api/order_cycles/:id/properties'
-      params:
-        id: '@id'
-  })
--- a/app/assets/javascripts/darkswarm/services/products.js.coffee
+++ b/app/assets/javascripts/darkswarm/services/products.js.coffee
@@ -1,34 +1,26 @@
-Darkswarm.factory 'Products', (OrderCycleResource, OrderCycle, Shopfront, currentHub, Dereferencer, Taxons, Properties, Cart, Variants) ->
+Darkswarm.factory 'Products', ($resource, Shopfront, Dereferencer, Taxons, Properties, Cart, Variants) ->
  new class Products
    constructor: ->
      @update()

-    products: []
-    fetched_products: []
+    # TODO: don't need to scope this into object
+    # Already on object as far as controller scope is concerned
+    products: null
    loading: true

-    update: (params = {}, load_more = false) =>
+    update: =>
      @loading = true
-      order_cycle_id = OrderCycle.order_cycle.order_cycle_id
+      @products = []
+      $resource("/shop/products").query (products)=>
+        @products = products

-      if order_cycle_id == undefined
-        @loading = false
-        return
-
-      params['id'] = order_cycle_id
-      params['distributor'] = currentHub.id
-
-      OrderCycleResource.products params, (data)=>
-        @products = [] unless load_more
-        @fetched_products = data
        @extend()
        @dereference()
        @registerVariants()
-        @products = @products.concat(@fetched_products)
        @loading = false

    extend: ->
-      for product in @fetched_products
+      for product in @products
        if product.variants?.length > 0
          prices = (v.price for v in product.variants)
          product.price = Math.min.apply(null, prices)
@@ -38,7 +30,7 @@ Darkswarm.factory 'Products', (OrderCycleResource, OrderCycle, Shopfront, curren
        product.largeImage = product.images[0]?.large_url if product.images

    dereference: ->
-      for product in @fetched_products
+      for product in @products
        product.supplier = Shopfront.producers_by_id[product.supplier.id]
        Dereferencer.dereference product.taxons, Taxons.taxons_by_id

@@ -48,7 +40,7 @@ Darkswarm.factory 'Products', (OrderCycleResource, OrderCycle, Shopfront, curren
    # May return different objects! If the variant has already been registered
    # by another service, we fetch those
    registerVariants: ->
-      for product in @fetched_products
+      for product in @products
        if product.variants
          product.variant_names = ""
          product.variants = for variant in product.variants
--- a/app/assets/javascripts/templates/admin/panels/exchange_distributed_products.html.haml
+++ b/app/assets/javascripts/templates/admin/panels/exchange_distributed_products.html.haml
@@ -11,7 +11,7 @@

    .exchange-products
      -# Scope product list based on permissions the current user has to view variants in this exchange
-      .exchange-product{'ng-repeat' => 'product in supplied_products | filter:productSuppliedToOrderCycle | visibleProducts:exchange:order_cycle.visible_variants_for_outgoing_exchanges' }
+      .exchange-product{'ng-repeat' => 'product in supplied_products | filter:productSuppliedToOrderCycle | visibleProducts:exchange:order_cycle.visible_variants_for_outgoing_exchanges | orderBy:"name"' }
        .exchange-product-details
          %label
            %img{'ng-src' => '{{ product.image_url }}'}
--- a/app/assets/javascripts/templates/admin/panels/exchange_supplied_products.html.haml
+++ b/app/assets/javascripts/templates/admin/panels/exchange_supplied_products.html.haml
@@ -13,11 +13,31 @@
      -# No need to scope product list based on permissions, because if an incoming exchange is visible,
      -# then all of the variants within it should be visible. May change in the future?
      .exchange-product{'ng-repeat' => 'product in enterprises[exchange.enterprise_id].supplied_products'}
+
        .exchange-product-details
          %label
+            %input{ type: 'checkbox', name: 'order_cycle_incoming_exchange_{{ $parent.$index }}_variants_{{ product.master_id }}',
+              value: 1,
+              'ng-hide' => 'product.variants.length > 0',
+              'ng-model' => 'exchange.variants[product.master_id]',
+              'ofn-sync-distributions' => '{{ product.master_id }}',
+              'id' => 'order_cycle_incoming_exchange_{{ $parent.$index }}_variants_{{ product.master_id }}',
+              'ng-disabled' => 'product.variants.length > 0 || !order_cycle.editable_variants_for_incoming_exchanges.hasOwnProperty(exchange.enterprise_id) || order_cycle.editable_variants_for_incoming_exchanges[exchange.enterprise_id].indexOf(product.master_id) < 0' }
            %img{'ng-src' => '{{ product.image_url }}'}
            {{ product.name }}

+        -# When the master variant is in the order cycle but the product has variants, we want to
+        -# be able to remove the master variant, since it serves no purpose. Display a checkbox to do so.
+        .exchange-product-variant{'ng-show' => 'exchange.variants[product.master_id] && product.variants.length > 0'}
+          %label
+            %input{ type: 'checkbox', name: 'order_cycle_incoming_exchange_{{ $parent.$index }}_variants_{{ product.master_id }}',
+              value: 1,
+              'ng-model' => 'exchange.variants[product.master_id]',
+              'ofn-sync-distributions' => '{{ product.master_id }}',
+              'id' => 'order_cycle_incoming_exchange_{{ $parent.$index }}_variants_{{ product.master_id }}',
+              'ng-disabled' => '!order_cycle.editable_variants_for_incoming_exchanges.hasOwnProperty(exchange.enterprise_id) || order_cycle.editable_variants_for_incoming_exchanges[exchange.enterprise_id].indexOf(product.master_id) < 0' }
+            {{ 'admin.obsolete_master' | t }}
+
        .exchange-product-variant{'ng-repeat' => 'variant in product.variants'}
          %label
            %input{ type: 'checkbox', name: 'order_cycle_incoming_exchange_{{ $parent.$parent.$index }}_variants_{{ variant.id }}',
--- a/app/assets/javascripts/templates/shop_variant.html.haml
+++ b/app/assets/javascripts/templates/shop_variant.html.haml
@@ -17,7 +17,7 @@
  .small-4.medium-2.large-2.columns.variant-price
    .table-cell.price
      %i.ofn-i_009-close
-      {{ variant.price_with_fees | localizeCurrency }}
+      {{  ::variant.price_with_fees | localizeCurrency }}

      -# Now in a template in app/assets/javascripts/templates !
      %price-breakdown{"price-breakdown" => "_", variant: "variant",
--- a/app/assets/stylesheets/admin/components/tooltip.css.scss
+++ b/app/assets/stylesheets/admin/components/tooltip.css.scss
@@ -1,4 +0,0 @@
-#powerTip {
-  max-width: 240px;
-  white-space: normal;
-}
--- a/app/assets/stylesheets/admin/components/wizard_progress.css.scss
+++ b/app/assets/stylesheets/admin/components/wizard_progress.css.scss
@@ -19,9 +19,6 @@ ul.wizard-progress {
 		line-height: 30px;
 		padding: 0 25px 0 40px;
 		position: relative;
-		a {
-		  color: #494949;
-		}
 		&:first-child {
 			padding-left: 25px;
 			border-top-left-radius: 3px;
@@ -65,9 +62,6 @@ ul.wizard-progress {
 		&.current {
 			background-color: $color_selected;
 			color: #fff;
-			a {
-			  color: #fff;
-			}
 			&:after {
 				background-color: $color_selected;
 			}
--- a/app/assets/stylesheets/admin/openfoodnetwork.css.scss
+++ b/app/assets/stylesheets/admin/openfoodnetwork.css.scss
@@ -255,9 +255,6 @@ text-angular {
      background-color: #4583bf;
    }
  }
-  a {
-    color: $spree-green
-  }
 }

 span.required {
--- a/app/controllers/admin/bulk_line_items_controller.rb
+++ b/app/controllers/admin/bulk_line_items_controller.rb
@@ -4,18 +4,9 @@ module Admin
    #
    def index
      order_params = params[:q].andand.delete :order
-
-      order_permissions = ::Permissions::Order.new(spree_current_user)
-      orders = order_permissions.
-        editable_orders.ransack(order_params).result
-
-      line_items = order_permissions.
-        editable_line_items.where(order_id: orders).
-        includes(variant: { option_values: :option_type }).
-        ransack(params[:q]).result.
-        reorder('spree_line_items.order_id ASC, spree_line_items.id ASC')
-
-      render_as_json line_items
+      orders = OpenFoodNetwork::Permissions.new(spree_current_user).editable_orders.ransack(order_params).result
+      line_items = OpenFoodNetwork::Permissions.new(spree_current_user).editable_line_items.where(order_id: orders).ransack(params[:q])
+      render_as_json line_items.result.reorder('order_id ASC, id ASC')
    end

    # PUT /admin/bulk_line_items/:id.json
--- a/app/controllers/admin/cache_settings_controller.rb
+++ b/app/controllers/admin/cache_settings_controller.rb
@@ -0,0 +1,27 @@
+require 'open_food_network/products_cache_integrity_checker'
+
+module Admin
+  class CacheSettingsController < Spree::Admin::BaseController
+    def edit
+      @results = Exchange.cachable.map do |exchange|
+        checker = OpenFoodNetwork::ProductsCacheIntegrityChecker
+          .new(exchange.receiver, exchange.order_cycle)
+
+        {
+          distributor: exchange.receiver,
+          order_cycle: exchange.order_cycle,
+          status: checker.ok?,
+          diff: checker.diff
+        }
+      end
+    end
+
+    def update
+      Spree::Config.set(params[:preferences])
+
+      respond_to do |format|
+        format.html { redirect_to main_app.edit_admin_cache_settings_path }
+      end
+    end
+  end
+end
--- a/app/controllers/admin/customers_controller.rb
+++ b/app/controllers/admin/customers_controller.rb
@@ -63,7 +63,6 @@ module Admin

    def collection
      return Customer.where("1=0") unless json_request? && params[:enterprise_id].present?
-
      enterprise = Enterprise.managed_by(spree_current_user).find_by_id(params[:enterprise_id])
      Customer.of(enterprise)
    end
--- a/app/controllers/admin/enterprises_controller.rb
+++ b/app/controllers/admin/enterprises_controller.rb
@@ -148,8 +148,7 @@ module Admin

        unless enterprises.empty?
          enterprises.includes(
-            supplied_products:
-              [:supplier, master: [:images], variants: { option_values: :option_type }]
+            supplied_products: [:supplier, :variants, master: [:images]]
          )
        end
      when :index
--- a/app/controllers/admin/order_cycles_controller.rb
+++ b/app/controllers/admin/order_cycles_controller.rb
@@ -2,7 +2,6 @@ module Admin
  class OrderCyclesController < ResourceController
    include OrderCyclesHelper

-    prepend_before_filter :set_order_cycle_id, only: [:incoming, :outgoing]
    before_filter :load_data_for_index, only: :index
    before_filter :require_coordinator, only: :new
    before_filter :remove_protected_attrs, only: [:update]
@@ -13,10 +12,7 @@ module Admin
      respond_to do |format|
        format.html
        format.json do
-          render_as_json @collection,
-                         ams_prefix: params[:ams_prefix],
-                         current_user: spree_current_user,
-                         subscriptions_count: SubscriptionsCount.new(@collection)
+          render_as_json @collection, ams_prefix: params[:ams_prefix], current_user: spree_current_user, subscriptions_count: SubscriptionsCount.new(@collection)
        end
      end
    end
@@ -44,17 +40,12 @@ module Admin

      if @order_cycle_form.save
        flash[:notice] = I18n.t(:order_cycles_create_notice)
-        render json: { success: true,
-                       edit_path: main_app.admin_order_cycle_incoming_path(@order_cycle) }
+        render json: { success: true }
      else
        render json: { errors: @order_cycle.errors.full_messages }, status: :unprocessable_entity
      end
    end

-    def set_order_cycle_id
-      params[:id] = params[:order_cycle_id]
-    end
-
    def update
      @order_cycle_form = OrderCycleForm.new(@order_cycle, params, spree_current_user)

@@ -71,10 +62,7 @@ module Admin

    def bulk_update
      if order_cycle_set.andand.save
-        render_as_json @order_cycles,
-                       ams_prefix: 'index',
-                       current_user: spree_current_user,
-                       subscriptions_count: SubscriptionsCount.new(@collection)
+        render_as_json @order_cycles, ams_prefix: 'index', current_user: spree_current_user, subscriptions_count: SubscriptionsCount.new(@collection)
      else
        order_cycle = order_cycle_set.collection.find{ |oc| oc.errors.present? }
        render json: { errors: order_cycle.errors.full_messages }, status: :unprocessable_entity
@@ -84,16 +72,14 @@ module Admin
    def clone
      @order_cycle = OrderCycle.find params[:id]
      @order_cycle.clone!
-      redirect_to main_app.admin_order_cycles_path,
-                  notice: I18n.t(:order_cycles_clone_notice, name: @order_cycle.name)
+      redirect_to main_app.admin_order_cycles_path, notice: I18n.t(:order_cycles_clone_notice, name: @order_cycle.name)
    end

    # Send notifications to all producers who are part of the order cycle
    def notify_producers
      Delayed::Job.enqueue OrderCycleNotificationJob.new(params[:id].to_i)

-      redirect_to main_app.admin_order_cycles_path,
-                  notice: I18n.t(:order_cycles_email_to_producers_notice)
+      redirect_to main_app.admin_order_cycles_path, notice: I18n.t(:order_cycles_email_to_producers_notice)
    end

    protected
@@ -101,9 +87,20 @@ module Admin
    def collection
      return Enterprise.where("1=0") unless json_request?
      return order_cycles_from_set if params[:order_cycle_set]
+      ocs = if params[:as] == "distributor"
+              OrderCycle.preload(:schedules).ransack(params[:q]).result.
+                involving_managed_distributors_of(spree_current_user).order('updated_at DESC')
+            elsif params[:as] == "producer"
+              OrderCycle.preload(:schedules).ransack(params[:q]).result.
+                involving_managed_producers_of(spree_current_user).order('updated_at DESC')
+            else
+              OrderCycle.preload(:schedules).ransack(params[:q]).result.accessible_by(spree_current_user)
+      end

-      ocs = order_cycles
-      ocs.undated | ocs.soonest_closing | ocs.soonest_opening | ocs.closed
+      ocs.undated |
+        ocs.soonest_closing |
+        ocs.soonest_opening |
+        ocs.closed
    end

    def collection_actions
@@ -112,60 +109,21 @@ module Admin

    private

-    def order_cycles
-      if params[:as] == "distributor"
-        order_cycles_as_distributor
-      elsif params[:as] == "producer"
-        order_cycles_as_producer
-      else
-        order_cycles_as_both
-      end
-    end
-
-    def order_cycles_as_distributor
-      OrderCycle.
-        preload(:schedules).
-        ransack(params[:q]).
-        result.
-        involving_managed_distributors_of(spree_current_user).
-        order('updated_at DESC')
-    end
-
-    def order_cycles_as_producer
-      OrderCycle.
-        preload(:schedules).
-        ransack(params[:q]).
-        result.
-        involving_managed_producers_of(spree_current_user).
-        order('updated_at DESC')
-    end
-
-    def order_cycles_as_both
-      OrderCycle.
-        preload(:schedules).
-        ransack(params[:q]).
-        result.
-        accessible_by(spree_current_user)
-    end
-
    def load_data_for_index
      if json_request?
-        # Split ransack params into all those that currently exist and new ones
-        #   to limit returned ocs to recent or undated
+        # Split ransack params into all those that currently exist and new ones to limit returned ocs to recent or undated
        orders_close_at_gt = params[:q].andand.delete(:orders_close_at_gt) || 31.days.ago
        params[:q] = {
-          g: [params.delete(:q) || {}, { m: 'or',
-                                         orders_close_at_gt: orders_close_at_gt,
-                                         orders_close_at_null: true }]
+          g: [params.delete(:q) || {}, { m: 'or', orders_close_at_gt: orders_close_at_gt, orders_close_at_null: true }]
        }
        @collection = collection
      end
    end

    def require_coordinator
-      @order_cycle.coordinator =
-        permitted_coordinating_enterprises_for(@order_cycle).find_by_id(params[:coordinator_id])
-      return if params[:coordinator_id] && @order_cycle.coordinator
+      if params[:coordinator_id] && @order_cycle.coordinator = permitted_coordinating_enterprises_for(@order_cycle).find_by_id(params[:coordinator_id])
+        return
+      end

      available_coordinators = permitted_coordinating_enterprises_for(@order_cycle)
      case available_coordinators.count
@@ -175,9 +133,7 @@ module Admin
      when 1
        @order_cycle.coordinator = available_coordinators.first
      else
-        if params[:coordinator_id]
-          flash[:error] = I18n.t(:order_cycles_no_permission_to_create_error)
-        end
+        flash[:error] = I18n.t(:order_cycles_no_permission_to_create_error) if params[:coordinator_id]
        render :set_coordinator
      end
    end
@@ -201,9 +157,7 @@ module Admin
      params[:order_cycle].delete :coordinator_id

      unless Enterprise.managed_by(spree_current_user).include?(@order_cycle.coordinator)
-        params[:order_cycle].delete_if do |k, _v|
-          [:name, :orders_open_at, :orders_close_at].include? k.to_sym
-        end
+        params[:order_cycle].delete_if{ |k, _v| [:name, :orders_open_at, :orders_close_at].include? k.to_sym }
      end
    end

@@ -227,9 +181,7 @@ module Admin

    def require_order_cycle_set_params
      return if params[:order_cycle_set]
-
-      render json: { errors: t('admin.order_cycles.bulk_update.no_data') },
-             status: :unprocessable_entity
+      render json: { errors: t('admin.order_cycles.bulk_update.no_data') }, status: :unprocessable_entity
    end

    def ams_prefix_whitelist
--- a/app/controllers/admin/product_import_controller.rb
+++ b/app/controllers/admin/product_import_controller.rb
@@ -23,13 +23,11 @@ module Admin

    def validate_data
      return unless process_data('validate')
-
      render json: @importer.import_results, response: 200
    end

    def save_data
      return unless process_data('save')
-
      render json: @importer.save_results, response: 200
    end

--- a/app/controllers/admin/schedules_controller.rb
+++ b/app/controllers/admin/schedules_controller.rb
@@ -31,7 +31,6 @@ module Admin

    def collection
      return Schedule.where("1=0") unless json_request?
-
      if params[:enterprise_id]
        filter_schedules_by_enterprise_id(permissions.visible_schedules, params[:enterprise_id])
      else
@@ -50,7 +49,6 @@ module Admin

    def check_editable_order_cycle_ids
      return unless params[:schedule][:order_cycle_ids]
-
      requested = params[:schedule][:order_cycle_ids]
      @existing_order_cycle_ids = @schedule.persisted? ? @schedule.order_cycle_ids : []
      permitted = OrderCycle.where(id: params[:schedule][:order_cycle_ids] | @existing_order_cycle_ids).merge(OrderCycle.managed_by(spree_current_user)).pluck(:id)
@@ -63,23 +61,19 @@ module Admin

    def check_dependent_subscriptions
      return if Subscription.where(schedule_id: @schedule).empty?
-
      render json: { errors: [t('admin.schedules.destroy.associated_subscriptions_error')] }, status: :conflict
    end

    def permissions
      return @permissions unless @permission.nil?
-
      @permissions = OpenFoodNetwork::Permissions.new(spree_current_user)
    end

    def sync_subscriptions
      return unless params[:schedule][:order_cycle_ids]
-
      removed_ids = @existing_order_cycle_ids - @schedule.order_cycle_ids
      new_ids = @schedule.order_cycle_ids - @existing_order_cycle_ids
      return unless removed_ids.any? || new_ids.any?
-
      subscriptions = Subscription.where(schedule_id: @schedule)
      syncer = OpenFoodNetwork::ProxyOrderSyncer.new(subscriptions)
      syncer.sync!
--- a/app/controllers/admin/stripe_accounts_controller.rb
+++ b/app/controllers/admin/stripe_accounts_controller.rb
@@ -27,10 +27,8 @@ module Admin

    def status
      return render json: { status: :stripe_disabled } unless Spree::Config.stripe_connect_enabled
-
      stripe_account = StripeAccount.find_by_enterprise_id(params[:enterprise_id])
      return render json: { status: :account_missing } unless stripe_account
-
      authorize! :status, stripe_account

      begin
--- a/app/controllers/admin/stripe_connect_settings_controller.rb
+++ b/app/controllers/admin/stripe_connect_settings_controller.rb
@@ -8,7 +8,6 @@ module Admin

    def edit
      return @stripe_account = { status: :empty_api_key_error_html } if Stripe.api_key.blank?
-
      attrs = %i[id business_name charges_enabled]
      @obfuscated_secret_key = obfuscated_secret_key
      @stripe_account = Stripe::Account.retrieve.to_hash.slice(*attrs).merge(status: :ok)
--- a/app/controllers/admin/subscription_line_items_controller.rb
+++ b/app/controllers/admin/subscription_line_items_controller.rb
@@ -36,20 +36,17 @@ module Admin

    def ensure_shop
      return if @shop
-
      render json: { errors: ['Unauthorised'] }, status: :unauthorized
    end

    def ensure_variant
      return if @variant
-
      error = "#{@shop.name} is not permitted to sell the selected product"
      render json: { errors: [error] }, status: :unprocessable_entity
    end

    def price_estimate
      return unless @order_cycle
-
      fee_calculator = OpenFoodNetwork::EnterpriseFeeCalculator.new(@shop, @order_cycle)
      OpenFoodNetwork::ScopeVariantToHub.new(@shop).scope(@variant)
      @variant.price + fee_calculator.indexed_fees_for(@variant)
--- a/app/controllers/admin/subscriptions_controller.rb
+++ b/app/controllers/admin/subscriptions_controller.rb
@@ -80,7 +80,6 @@ module Admin

    def permissions
      return @permissions unless @permissions.nil?
-
      @permissions = OpenFoodNetwork::Permissions.new(spree_current_user)
    end

@@ -127,17 +126,14 @@ module Admin

    def check_for_open_orders
      return if params[:open_orders] == 'cancel'
-
      @open_orders_to_keep = @subscription.proxy_orders.placed_and_open.pluck(:id)
      return if @open_orders_to_keep.empty? || params[:open_orders] == 'keep'
-
      render json: { errors: { open_orders: t('admin.subscriptions.confirm_cancel_open_orders_msg') } }, status: :conflict
    end

    def check_for_canceled_orders
      return if params[:canceled_orders] == 'notified'
      return if @subscription.proxy_orders.active.canceled.empty?
-
      render json: { errors: { canceled_orders: t('admin.subscriptions.resume_canceled_orders_msg') } }, status: :conflict
    end

--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -1,44 +1,16 @@
 # Base controller for OFN's API
-require_dependency 'spree/api/controller_setup'
-
+# Includes the minimum machinery required by ActiveModelSerializers
 module Api
-  class BaseController < ActionController::Metal
-    include Spree::Api::ControllerSetup
-    include Spree::Core::ControllerHelpers::SSL
-    include ::ActionController::Head
-
-    respond_to :json
-
-    attr_accessor :current_api_user
-
-    before_filter :set_content_type
-    before_filter :authenticate_user
-    after_filter  :set_jsonp_format
-
-    rescue_from Exception, with: :error_during_processing
-    rescue_from CanCan::AccessDenied, with: :unauthorized
-    rescue_from ActiveRecord::RecordNotFound, with: :not_found
-
-    helper Spree::Api::ApiHelpers
-
-    ssl_allowed
-
-    # Include these because we inherit from ActionController::Metal
-    #   rather than ActionController::Base and these are required for AMS
+  class BaseController < Spree::Api::BaseController
+    # Need to include these because Spree::Api::BaseContoller inherits
+    # from ActionController::Metal rather than ActionController::Base
+    # and they are required by ActiveModelSerializers
    include ActionController::Serialization
    include ActionController::UrlFor
    include Rails.application.routes.url_helpers
-
    use_renderers :json
    check_authorization

-    def set_jsonp_format
-      return unless params[:callback] && request.get?
-
-      self.response_body = "#{params[:callback]}(#{response_body})"
-      headers["Content-Type"] = 'application/javascript'
-    end
-
    def respond_with_conflict(json_hash)
      render json: json_hash, status: :conflict
    end
@@ -47,63 +19,16 @@ module Api

    # Use logged in user (spree_current_user) for API authentication (current_api_user)
    def authenticate_user
-      return if @current_api_user = try_spree_current_user
-
-      if api_key.blank?
-        # An anonymous user
-        @current_api_user = Spree.user_class.new
-        return
-      end
-
-      return if @current_api_user = Spree.user_class.find_by_spree_api_key(api_key.to_s)
-
-      invalid_api_key
+      @current_api_user = try_spree_current_user
+      super
    end

-    def set_content_type
-      content_type = case params[:format]
-                     when "json"
-                       "application/json"
-                     when "xml"
-                       "text/xml"
-                     end
-      headers["Content-Type"] = content_type
-    end
-
-    def error_during_processing(exception)
-      render(text: { exception: exception.message }.to_json,
-             status: :unprocessable_entity) && return
-    end
-
-    def current_ability
-      Spree::Ability.new(current_api_user)
-    end
-
-    def api_key
-      request.headers["X-Spree-Token"] || params[:token]
-    end
-    helper_method :api_key
-
-    def invalid_resource!(resource)
-      @resource = resource
-      render(json: { error: I18n.t(:invalid_resource, scope: "spree.api"),
-                     errors: @resource.errors },
-             status: :unprocessable_entity)
-    end
-
-    def invalid_api_key
-      render(json: { error: I18n.t(:invalid_api_key, key: api_key, scope: "spree.api") },
-             status: :unauthorized) && return
-    end
-
-    def unauthorized
-      render(json: { error: I18n.t(:unauthorized, scope: "spree.api") },
-             status: :unauthorized) && return
-    end
-
-    def not_found
-      render(json: { error: I18n.t(:resource_not_found, scope: "spree.api") },
-             status: :not_found) && return
+    # Allows API access without authentication, but only for OFN controllers which inherit
+    # from Api::BaseController. @current_api_user will now initialize an empty Spree::User
+    # unless one is present. We now also apply devise's `check_authorization`. See here for
+    # details: https://github.com/CanCanCommunity/cancancan/wiki/Ensure-Authorization
+    def requires_authentication?
+      false
    end
  end
 end
--- a/app/controllers/api/enterprise_attachment_controller.rb
+++ b/app/controllers/api/enterprise_attachment_controller.rb
@@ -27,7 +27,6 @@ module Api
    def load_enterprise
      @enterprise = Enterprise.find_by_permalink(params[:enterprise_id].to_s)
      raise UnknownEnterpriseAuthorizationActionError if enterprise_authorize_action.blank?
-
      authorize!(enterprise_authorize_action, @enterprise)
    end

--- a/app/controllers/api/order_cycles_controller.rb
+++ b/app/controllers/api/order_cycles_controller.rb
@@ -1,88 +0,0 @@
-module Api
-  class OrderCyclesController < BaseController
-    include EnterprisesHelper
-    respond_to :json
-
-    skip_authorization_check
-
-    def products
-      products = ProductsRenderer.new(
-        distributor,
-        order_cycle,
-        customer,
-        search_params
-      ).products_json
-
-      render json: products
-    rescue ProductsRenderer::NoProducts
-      render status: :not_found, json: ''
-    end
-
-    def taxons
-      taxons = Spree::Taxon.
-        joins(:products).
-        where(spree_products: { id: distributed_products }).
-        select('DISTINCT spree_taxons.*')
-
-      render json: ActiveModel::ArraySerializer.new(taxons, each_serializer: Api::TaxonSerializer)
-    end
-
-    def properties
-      render json: ActiveModel::ArraySerializer.new(
-        product_properties | producer_properties, each_serializer: Api::PropertySerializer
-      )
-    end
-
-    private
-
-    def product_properties
-      Spree::Property.
-        joins(:products).
-        where(spree_products: { id: distributed_products }).
-        select('DISTINCT spree_properties.*')
-    end
-
-    def producer_properties
-      producers = Enterprise.
-        joins(:supplied_products).
-        where(spree_products: { id: distributed_products })
-
-      Spree::Property.
-        joins(:producer_properties).
-        where(producer_properties: { producer_id: producers }).
-        select('DISTINCT spree_properties.*')
-    end
-
-    def search_params
-      permitted_search_params = params.slice :q, :page, :per_page
-
-      if permitted_search_params.key? :q
-        permitted_search_params[:q].slice!(*permitted_ransack_params)
-      end
-
-      permitted_search_params
-    end
-
-    def permitted_ransack_params
-      [:name_or_meta_keywords_or_supplier_name_cont,
-       :properties_id_or_supplier_properties_id_in_any,
-       :primary_taxon_id_in_any]
-    end
-
-    def distributor
-      Enterprise.find_by_id(params[:distributor])
-    end
-
-    def order_cycle
-      OrderCycle.find_by_id(params[:id])
-    end
-
-    def customer
-      @current_api_user.andand.customer_of(distributor) || nil
-    end
-
-    def distributed_products
-      OrderCycleDistributedProducts.new(distributor, order_cycle, customer).products_relation
-    end
-  end
-end
--- a/app/controllers/api/orders_controller.rb
+++ b/app/controllers/api/orders_controller.rb
@@ -1,10 +1,5 @@
 module Api
  class OrdersController < BaseController
-    def show
-      authorize! :read, order
-      render json: order, serializer: Api::OrderDetailedSerializer, current_order: order
-    end
-
    def index
      authorize! :admin, Spree::Order

@@ -24,12 +19,5 @@ module Api
        each_serializer: Api::Admin::OrderSerializer
      )
    end
-
-    def order
-      @order ||= Spree::Order.
-        where(number: params[:id]).
-        includes(line_items: { variant: [:product, :stock_items, :default_price] }).
-        first!
-    end
  end
 end
--- a/app/controllers/api/products_controller.rb
+++ b/app/controllers/api/products_controller.rb
@@ -19,7 +19,7 @@ module Api
      @product = Spree::Product.new(params[:product])
      begin
        if @product.save
-          render json: @product, serializer: Api::Admin::ProductSerializer, status: :created
+          render json: @product, serializer: Api::Admin::ProductSerializer, status: 201
        else
          invalid_resource!(@product)
        end
@@ -33,7 +33,7 @@ module Api
      authorize! :update, Spree::Product
      @product = find_product(params[:id])
      if @product.update_attributes(params[:product])
-        render json: @product, serializer: Api::Admin::ProductSerializer, status: :ok
+        render json: @product, serializer: Api::Admin::ProductSerializer, status: 200
      else
        invalid_resource!(@product)
      end
@@ -44,9 +44,10 @@ module Api
      @product = find_product(params[:id])
      @product.update_attribute(:deleted_at, Time.zone.now)
      @product.variants_including_master.update_all(deleted_at: Time.zone.now)
-      render json: @product, serializer: Api::Admin::ProductSerializer, status: :no_content
+      render json: @product, serializer: Api::Admin::ProductSerializer, status: 204
    end

+    # TODO: This should be named 'managed'. Is the action above used? Maybe we should remove it.
    def bulk_products
      product_query = OpenFoodNetwork::Permissions.new(current_api_user).
        editable_products.merge(product_scope)
@@ -76,7 +77,7 @@ module Api
      @product = find_product(params[:product_id])
      authorize! :delete, @product
      @product.destroy
-      render json: @product, serializer: Api::Admin::ProductSerializer, status: :no_content
+      render json: @product, serializer: Api::Admin::ProductSerializer, status: 204
    end

    # POST /api/products/:product_id/clone
@@ -88,18 +89,15 @@ module Api

      @product = original_product.duplicate

-      render json: @product, serializer: Api::Admin::ProductSerializer, status: :created
+      render json: @product, serializer: Api::Admin::ProductSerializer, status: 201
    end

    private

-    def find_product(id)
-      product_scope.find_by_permalink!(id.to_s)
-    rescue ActiveRecord::RecordNotFound
-      product_scope.find(id)
-    end
-
+    # Copied and modified from SpreeApi::BaseController to allow
+    # enterprise users to access inactive products
    def product_scope
+      # This line modified
      if current_api_user.has_spree_role?("admin") || current_api_user.enterprises.present?
        scope = Spree::Product
        if params[:show_deleted]
@@ -109,15 +107,7 @@ module Api
        scope = Spree::Product.active
      end

-      scope.includes(product_query_includes)
-    end
-
-    def product_query_includes
-      [
-        master: [:images],
-        variants: [:default_price, :stock_locations, :stock_items, :variant_overrides,
-                   { option_values: :option_type }]
-      ]
+      scope.includes(:master)
    end

    def paged_products_for_producers(producers)
--- a/app/controllers/api/shipments_controller.rb
+++ b/app/controllers/api/shipments_controller.rb
@@ -1,105 +0,0 @@
-require 'open_food_network/scope_variant_to_hub'
-
-module Api
-  class ShipmentsController < Api::BaseController
-    respond_to :json
-
-    before_filter :find_order
-    before_filter :find_and_update_shipment, only: [:ship, :ready, :add, :remove]
-
-    def create
-      variant = scoped_variant(params[:variant_id])
-      quantity = params[:quantity].to_i
-      @shipment = get_or_create_shipment(params[:stock_location_id])
-
-      @order.contents.add(variant, quantity, nil, @shipment)
-
-      @shipment.refresh_rates
-      @shipment.save!
-
-      render json: @shipment.reload, serializer: Api::ShipmentSerializer, status: :ok
-    end
-
-    def update
-      authorize! :read, Spree::Shipment
-      @shipment = @order.shipments.find_by_number!(params[:id])
-      params[:shipment] ||= []
-      unlock = params[:shipment].delete(:unlock)
-
-      if unlock == 'yes'
-        @shipment.adjustment.open
-      end
-
-      @shipment.update_attributes(params[:shipment])
-
-      if unlock == 'yes'
-        @shipment.adjustment.close
-      end
-
-      render json: @shipment.reload, serializer: Api::ShipmentSerializer, status: :ok
-    end
-
-    def ready
-      authorize! :read, Spree::Shipment
-      unless @shipment.ready?
-        if @shipment.can_ready?
-          @shipment.ready!
-        else
-          render(json: { error: I18n.t(:cannot_ready, scope: "spree.api.shipment") },
-                 status: :unprocessable_entity) && return
-        end
-      end
-      render json: @shipment, serializer: Api::ShipmentSerializer, status: :ok
-    end
-
-    def ship
-      authorize! :read, Spree::Shipment
-      unless @shipment.shipped?
-        @shipment.ship!
-      end
-      render json: @shipment, serializer: Api::ShipmentSerializer, status: :ok
-    end
-
-    def add
-      variant = scoped_variant(params[:variant_id])
-      quantity = params[:quantity].to_i
-
-      @order.contents.add(variant, quantity, nil, @shipment)
-
-      render json: @shipment, serializer: Api::ShipmentSerializer, status: :ok
-    end
-
-    def remove
-      variant = scoped_variant(params[:variant_id])
-      quantity = params[:quantity].to_i
-
-      @order.contents.remove(variant, quantity, @shipment)
-      @shipment.reload if @shipment.persisted?
-
-      render json: @shipment, serializer: Api::ShipmentSerializer, status: :ok
-    end
-
-    private
-
-    def find_order
-      @order = Spree::Order.find_by_number!(params[:order_id])
-      authorize! :read, @order
-    end
-
-    def find_and_update_shipment
-      @shipment = @order.shipments.find_by_number!(params[:id])
-      @shipment.update_attributes(params[:shipment])
-      @shipment.reload
-    end
-
-    def scoped_variant(variant_id)
-      variant = Spree::Variant.find(variant_id)
-      OpenFoodNetwork::ScopeVariantToHub.new(@order.distributor).scope(variant)
-      variant
-    end
-
-    def get_or_create_shipment(stock_location_id)
-      @order.shipment || @order.shipments.create(stock_location_id: stock_location_id)
-    end
-  end
-end
--- a/app/controllers/api/statuses_controller.rb
+++ b/app/controllers/api/statuses_controller.rb
@@ -10,7 +10,7 @@ module Api

    def job_queue_alive?
      Spree::Config.last_job_queue_heartbeat_at.present? &&
-        Time.parse(Spree::Config.last_job_queue_heartbeat_at).in_time_zone > 6.minutes.ago
+        Time.parse(Spree::Config.last_job_queue_heartbeat_at) > 6.minutes.ago
    end
  end
 end
--- a/app/controllers/api/taxonomies_controller.rb
+++ b/app/controllers/api/taxonomies_controller.rb
@@ -1,12 +0,0 @@
-module Api
-  class TaxonomiesController < Api::BaseController
-    respond_to :json
-
-    skip_authorization_check only: :jstree
-
-    def jstree
-      @taxonomy = Spree::Taxonomy.find(params[:id])
-      render json: @taxonomy.root, serializer: Api::TaxonJstreeSerializer
-    end
-  end
-end
--- a/app/controllers/api/taxons_controller.rb
+++ b/app/controllers/api/taxons_controller.rb
@@ -1,72 +0,0 @@
-module Api
-  class TaxonsController < Api::BaseController
-    respond_to :json
-
-    skip_authorization_check only: [:index, :show, :jstree]
-
-    def index
-      if taxonomy
-        @taxons = taxonomy.root.children
-      else
-        if params[:ids]
-          @taxons = Spree::Taxon.where(id: params[:ids].split(","))
-        else
-          @taxons = Spree::Taxon.ransack(params[:q]).result
-        end
-      end
-      render json: @taxons, each_serializer: Api::TaxonSerializer
-    end
-
-    def jstree
-      @taxon = taxon
-      render json: @taxon.children, each_serializer: Api::TaxonJstreeSerializer
-    end
-
-    def create
-      authorize! :create, Spree::Taxon
-      @taxon = Spree::Taxon.new(params[:taxon])
-      @taxon.taxonomy_id = params[:taxonomy_id]
-      taxonomy = Spree::Taxonomy.find_by_id(params[:taxonomy_id])
-
-      if taxonomy.nil?
-        @taxon.errors[:taxonomy_id] = I18n.t(:invalid_taxonomy_id, scope: 'spree.api')
-        invalid_resource!(@taxon) && return
-      end
-
-      @taxon.parent_id = taxonomy.root.id unless params[:taxon][:parent_id]
-
-      if @taxon.save
-        render json: @taxon, serializer: Api::TaxonSerializer, status: :created
-      else
-        invalid_resource!(@taxon)
-      end
-    end
-
-    def update
-      authorize! :update, Spree::Taxon
-      if taxon.update_attributes(params[:taxon])
-        render json: taxon, serializer: Api::TaxonSerializer, status: :ok
-      else
-        invalid_resource!(taxon)
-      end
-    end
-
-    def destroy
-      authorize! :delete, Spree::Taxon
-      taxon.destroy
-      render json: taxon, serializer: Api::TaxonSerializer, status: :no_content
-    end
-
-    private
-
-    def taxonomy
-      return if params[:taxonomy_id].blank?
-
-      @taxonomy ||= Spree::Taxonomy.find(params[:taxonomy_id])
-    end
-
-    def taxon
-      @taxon ||= taxonomy.taxons.find(params[:id])
-    end
-  end
-end
--- a/app/controllers/api/variants_controller.rb
+++ b/app/controllers/api/variants_controller.rb
@@ -6,12 +6,12 @@ module Api
    before_filter :product

    def index
-      @variants = scope.includes(option_values: :option_type).ransack(params[:q]).result
+      @variants = scope.includes(:option_values).ransack(params[:q]).result
      render json: @variants, each_serializer: Api::VariantSerializer
    end

    def show
-      @variant = scope.includes(option_values: :option_type).find(params[:id])
+      @variant = scope.includes(:option_values).find(params[:id])
      render json: @variant, serializer: Api::VariantSerializer
    end

@@ -19,7 +19,7 @@ module Api
      authorize! :create, Spree::Variant
      @variant = scope.new(params[:variant])
      if @variant.save
-        render json: @variant, serializer: Api::VariantSerializer, status: :created
+        render json: @variant, serializer: Api::VariantSerializer, status: 201
      else
        invalid_resource!(@variant)
      end
@@ -29,7 +29,7 @@ module Api
      authorize! :update, Spree::Variant
      @variant = scope.find(params[:id])
      if @variant.update_attributes(params[:variant])
-        render json: @variant, serializer: Api::VariantSerializer, status: :ok
+        render json: @variant, serializer: Api::VariantSerializer, status: 200
      else
        invalid_resource!(@product)
      end
@@ -40,14 +40,14 @@ module Api
      authorize! :delete, @variant

      VariantDeleter.new.delete(@variant)
-      render json: @variant, serializer: Api::VariantSerializer, status: :no_content
+      render json: @variant, serializer: Api::VariantSerializer, status: 204
    end

    def destroy
      authorize! :delete, Spree::Variant
      @variant = scope.find(params[:id])
      @variant.destroy
-      render json: @variant, serializer: Api::VariantSerializer, status: :no_content
+      render json: @variant, serializer: Api::VariantSerializer, status: 204
    end

    private
@@ -58,11 +58,11 @@ module Api

    def scope
      if @product
-        variants = if current_api_user.has_spree_role?("admin") || params[:show_deleted]
-                     @product.variants_including_master.with_deleted
-                   else
-                     @product.variants_including_master
-                   end
+        unless current_api_user.has_spree_role?("admin") || params[:show_deleted]
+          variants = @product.variants_including_master
+        else
+          variants = @product.variants_including_master.with_deleted
+        end
      else
        variants = Spree::Variant.scoped
        if current_api_user.has_spree_role?("admin")
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -47,7 +47,6 @@ class ApplicationController < ActionController::Base

  def after_sign_in_path_for(resource_or_scope)
    return session[:shopfront_redirect] if session[:shopfront_redirect]
-
    stored_location_for(resource_or_scope) || signed_in_root_path(resource_or_scope)
  end

--- a/app/controllers/checkout_controller.rb
+++ b/app/controllers/checkout_controller.rb
@@ -3,10 +3,6 @@ require 'open_food_network/address_finder'
 class CheckoutController < Spree::CheckoutController
  layout 'darkswarm'

-  # We need pessimistic locking to avoid race conditions.
-  # Otherwise we fail on duplicate indexes or end up with negative stock.
-  prepend_around_filter CurrentOrderLocker, only: :update
-
  prepend_before_filter :check_hub_ready_for_checkout
  prepend_before_filter :check_order_cycle_expiry
  prepend_before_filter :require_order_cycle
@@ -156,7 +152,7 @@ class CheckoutController < Spree::CheckoutController
  end

  def update_failed
-    current_order.updater.shipping_address_from_distributor
+    clear_ship_address
    RestartCheckout.new(@order).call

    respond_to do |format|
@@ -169,6 +165,15 @@ class CheckoutController < Spree::CheckoutController
    end
  end

+  # When we have a pickup Shipping Method,
+  #   we clone the distributor address into ship_address before_save
+  # We don't want this data in the form, so we clear it out
+  def clear_ship_address
+    unless current_order.shipping_method.andand.require_ship_address
+      current_order.ship_address = Spree::Address.default
+    end
+  end
+
  def load_order
    @order = current_order
    redirect_to(main_app.shop_path) && return unless @order && @order.checkout_allowed?
--- a/app/controllers/enterprises_controller.rb
+++ b/app/controllers/enterprises_controller.rb
@@ -16,7 +16,6 @@ class EnterprisesController < BaseController

  def shop
    return redirect_to main_app.cart_path unless enough_stock?
-
    set_noindex_meta_tag

    @enterprise = current_distributor
--- a/app/controllers/line_items_controller.rb
+++ b/app/controllers/line_items_controller.rb
@@ -23,7 +23,6 @@ class LineItemsController < BaseController
  # List all items the user already ordered in the current order cycle
  def bought_items
    return [] unless current_order_cycle && spree_current_user && current_distributor
-
    current_order_cycle.items_bought_by_user(spree_current_user, current_distributor)
  end

--- a/app/controllers/shop_controller.rb
+++ b/app/controllers/shop_controller.rb
@@ -1,3 +1,5 @@
+require 'open_food_network/cached_products_renderer'
+
 class ShopController < BaseController
  layout "darkswarm"
  before_filter :require_distributor_chosen, :set_order_cycles, except: :changeable_orders_alert
@@ -7,6 +9,19 @@ class ShopController < BaseController
    redirect_to main_app.enterprise_shop_path(current_distributor)
  end

+  def products
+    renderer = OpenFoodNetwork::CachedProductsRenderer.new(current_distributor,
+                                                           current_order_cycle)
+
+    # If we add any more filtering logic, we should probably
+    # move it all to a lib class like 'CachedProductsFilterer'
+    products_json = filter(renderer.products_json)
+
+    render json: products_json
+  rescue OpenFoodNetwork::CachedProductsRenderer::NoProducts
+    render status: :not_found, json: ''
+  end
+
  def order_cycle
    if request.post?
      if oc = OrderCycle.with_distributor(@distributor).active.find_by_id(params[:order_cycle_id])
@@ -24,4 +39,27 @@ class ShopController < BaseController
  def changeable_orders_alert
    render layout: false
  end
+
+  private
+
+  def filtered_json(products_json)
+    if applicator.rules.any?
+      filter(products_json)
+    else
+      products_json
+    end
+  end
+
+  def filter(products_json)
+    products_hash = JSON.parse(products_json)
+    applicator.filter!(products_hash)
+    JSON.unparse(products_hash)
+  end
+
+  def applicator
+    return @applicator unless @applicator.nil?
+    @applicator = OpenFoodNetwork::TagRuleApplicator.new(current_distributor,
+                                                         "FilterProducts",
+                                                         current_customer.andand.tag_list)
+  end
 end
--- a/app/controllers/spree/admin/base_controller_decorator.rb
+++ b/app/controllers/spree/admin/base_controller_decorator.rb
@@ -54,7 +54,6 @@ Spree::Admin::BaseController.class_eval do
    if Spree.const_defined?(const_name)
      return "Spree::#{const_name}".constantize
    end
-
    nil
  end

--- a/app/controllers/spree/admin/countries_controller.rb
+++ b/app/controllers/spree/admin/countries_controller.rb
@@ -1,9 +0,0 @@
-module Spree
-  module Admin
-    class CountriesController < ResourceController
-      def collection
-        super.order(:name)
-      end
-    end
-  end
-end
--- a/app/controllers/spree/admin/general_settings_controller.rb
+++ b/app/controllers/spree/admin/general_settings_controller.rb
@@ -1,37 +0,0 @@
-module Spree
-  module Admin
-    class GeneralSettingsController < Spree::Admin::BaseController
-      def edit
-        @preferences_general = [:site_name, :default_seo_title, :default_meta_keywords,
-                                :default_meta_description, :site_url, :bugherd_api_key]
-        @preferences_security = [:allow_ssl_in_production,
-                                 :allow_ssl_in_staging, :allow_ssl_in_development_and_test,
-                                 :check_for_spree_alerts]
-        @preferences_currency = [:display_currency, :hide_cents]
-      end
-
-      def update
-        params.each do |name, value|
-          next unless Spree::Config.has_preference? name
-
-          Spree::Config[name] = value
-        end
-        flash[:success] = Spree.t(:successfully_updated, resource: Spree.t(:general_settings))
-
-        redirect_to edit_admin_general_settings_path
-      end
-
-      def dismiss_alert
-        return unless request.xhr? && params[:alert_id]
-
-        dismissed = Spree::Config[:dismissed_spree_alerts] || ''
-        Spree::Config.set(dismissed_spree_alerts: dismissed.
-                                                    split(',').
-                                                    push(params[:alert_id]).
-                                                    join(','))
-        filter_dismissed_alerts
-        render nothing: true
-      end
-    end
-  end
-end
--- a/app/controllers/spree/admin/general_settings_controller_decorator.rb
+++ b/app/controllers/spree/admin/general_settings_controller_decorator.rb
@@ -0,0 +1,14 @@
+module Spree
+  module Admin
+    GeneralSettingsController.class_eval do
+    end
+
+    module GeneralSettingsEditPreferences
+      def edit
+        super
+        @preferences_general << :bugherd_api_key
+      end
+    end
+    GeneralSettingsController.prepend(GeneralSettingsEditPreferences)
+  end
+end
--- a/app/controllers/spree/admin/image_settings_controller.rb
+++ b/app/controllers/spree/admin/image_settings_controller.rb
@@ -1,79 +0,0 @@
-module Spree
-  module Admin
-    class ImageSettingsController < Spree::Admin::BaseController
-      def edit
-        @styles = ActiveSupport::JSON.decode(Spree::Config[:attachment_styles])
-        @headers = ActiveSupport::JSON.decode(Spree::Config[:s3_headers])
-      end
-
-      def update
-        update_styles(params)
-        update_headers(params) if Spree::Config[:use_s3]
-
-        Spree::Config.set(params[:preferences])
-        update_paperclip_settings
-
-        respond_to do |format|
-          format.html {
-            flash[:success] = Spree.t(:image_settings_updated)
-            redirect_to spree.edit_admin_image_settings_path
-          }
-        end
-      end
-
-      private
-
-      def update_styles(params)
-        if params[:new_attachment_styles].present?
-          params[:new_attachment_styles].each do |_index, style|
-            params[:attachment_styles][style[:name]] = style[:value] unless style[:value].empty?
-          end
-        end
-
-        styles = params[:attachment_styles]
-
-        Spree::Config[:attachment_styles] = ActiveSupport::JSON.encode(styles) unless styles.nil?
-      end
-
-      def update_headers(params)
-        if params[:new_s3_headers].present?
-          params[:new_s3_headers].each do |_index, header|
-            params[:s3_headers][header[:name]] = header[:value] unless header[:value].empty?
-          end
-        end
-
-        headers = params[:s3_headers]
-
-        Spree::Config[:s3_headers] = ActiveSupport::JSON.encode(headers) unless headers.nil?
-      end
-
-      def update_paperclip_settings
-        if Spree::Config[:use_s3]
-          s3_creds = { access_key_id: Spree::Config[:s3_access_key],
-                       secret_access_key: Spree::Config[:s3_secret],
-                       bucket: Spree::Config[:s3_bucket] }
-          Spree::Image.attachment_definitions[:attachment][:storage] = :s3
-          Spree::Image.attachment_definitions[:attachment][:s3_credentials] = s3_creds
-          Spree::Image.attachment_definitions[:attachment][:s3_headers] =
-            ActiveSupport::JSON.decode(Spree::Config[:s3_headers])
-          Spree::Image.attachment_definitions[:attachment][:bucket] = Spree::Config[:s3_bucket]
-        else
-          Spree::Image.attachment_definitions[:attachment].delete :storage
-        end
-
-        Spree::Image.attachment_definitions[:attachment][:styles] =
-          ActiveSupport::JSON.decode(Spree::Config[:attachment_styles]).symbolize_keys!
-        Spree::Image.attachment_definitions[:attachment][:path] = Spree::Config[:attachment_path]
-        Spree::Image.attachment_definitions[:attachment][:default_url] =
-          Spree::Config[:attachment_default_url]
-        Spree::Image.attachment_definitions[:attachment][:default_style] =
-          Spree::Config[:attachment_default_style]
-
-        # Spree stores attachent definitions in JSON. This converts the style name and format to
-        # strings. However, when paperclip encounters these, it doesn't recognise the format.
-        # Here we solve that problem by converting format and style name to symbols.
-        Spree::Image.reformat_styles
-      end
-    end
-  end
-end
--- a/app/controllers/spree/admin/image_settings_controller_decorator.rb
+++ b/app/controllers/spree/admin/image_settings_controller_decorator.rb
@@ -0,0 +1,11 @@
+Spree::Admin::ImageSettingsController.class_eval do
+  # Spree stores attachent definitions in JSON. This converts the style name and format to
+  # strings. However, when paperclip encounters these, it doesn't recognise the format.
+  # Here we solve that problem by converting format and style name to symbols.
+  def update_paperclip_settings_with_format_styles
+    update_paperclip_settings_without_format_styles
+    Spree::Image.reformat_styles
+  end
+
+  alias_method_chain :update_paperclip_settings, :format_styles
+end
--- a/app/controllers/spree/admin/images_controller.rb
+++ b/app/controllers/spree/admin/images_controller.rb
@@ -1,39 +0,0 @@
-module Spree
-  module Admin
-    class ImagesController < ResourceController
-      # This will make resource controller redirect correctly after deleting product images.
-      # This can be removed after upgrading to Spree 2.1.
-      # See here https://github.com/spree/spree/commit/334a011d2b8e16355e4ae77ae07cd93f7cbc8fd1
-      belongs_to 'spree/product', find_by: :permalink
-
-      before_filter :load_data
-
-      create.before :set_viewable
-      update.before :set_viewable
-      destroy.before :destroy_before
-
-      private
-
-      def location_after_save
-        admin_product_images_url(@product)
-      end
-
-      def load_data
-        @product = Product.find_by_permalink(params[:product_id])
-        @variants = @product.variants.collect do |variant|
-          [variant.options_text, variant.id]
-        end
-        @variants.insert(0, [Spree.t(:all), @product.master.id])
-      end
-
-      def set_viewable
-        @image.viewable_type = 'Spree::Variant'
-        @image.viewable_id = params[:image][:viewable_id]
-      end
-
-      def destroy_before
-        @viewable = @image.viewable
-      end
-    end
-  end
-end
--- a/app/controllers/spree/admin/images_controller_decorator.rb
+++ b/app/controllers/spree/admin/images_controller_decorator.rb
@@ -0,0 +1,6 @@
+Spree::Admin::ImagesController.class_eval do
+  # This will make resource controller redirect correctly after deleting product images.
+  # This can be removed after upgrading to Spree 2.1.
+  # See here https://github.com/spree/spree/commit/334a011d2b8e16355e4ae77ae07cd93f7cbc8fd1
+  belongs_to 'spree/product', find_by: :permalink
+end
--- a/app/controllers/spree/admin/mail_methods_controller.rb
+++ b/app/controllers/spree/admin/mail_methods_controller.rb
@@ -1,40 +0,0 @@
-module Spree
-  module Admin
-    class MailMethodsController < Spree::Admin::BaseController
-      after_filter :initialize_mail_settings
-
-      def update
-        if params[:smtp_password].blank?
-          params.delete(:smtp_password)
-        end
-
-        params.each do |name, value|
-          next unless Spree::Config.has_preference? name
-
-          Spree::Config[name] = value
-        end
-
-        flash[:success] = Spree.t(:successfully_updated, resource: Spree.t(:mail_methods))
-        render :edit
-      end
-
-      def testmail
-        if TestMailer.test_email(try_spree_current_user).deliver
-          flash[:success] = Spree.t('admin.mail_methods.testmail.delivery_success')
-        else
-          flash[:error] = Spree.t('admin.mail_methods.testmail.delivery_error')
-        end
-      rescue StandardError => e
-        flash[:error] = Spree.t('admin.mail_methods.testmail.error') % { e: e }
-      ensure
-        redirect_to edit_admin_mail_method_url
-      end
-
-      private
-
-      def initialize_mail_settings
-        Spree::Core::MailSettings.init
-      end
-    end
-  end
-end
--- a/app/controllers/spree/admin/orders/customer_details_controller_decorator.rb
+++ b/app/controllers/spree/admin/orders/customer_details_controller_decorator.rb
@@ -43,7 +43,6 @@ Spree::Admin::Orders::CustomerDetailsController.class_eval do
    params[:order][:guest_checkout] = registered_user.nil?

    return unless registered_user
-
    @order.user_id = registered_user.id
  end
 end
--- a/app/controllers/spree/admin/orders_controller_decorator.rb
+++ b/app/controllers/spree/admin/orders_controller_decorator.rb
@@ -3,6 +3,7 @@ require 'open_food_network/spree_api_key_loader'
 Spree::Admin::OrdersController.class_eval do
  include OpenFoodNetwork::SpreeApiKeyLoader
  helper CheckoutHelper
+  before_filter :load_spree_api_key, only: :bulk_management
  before_filter :load_order, only: %i[show edit update fire resend invoice print print_ticket]

  before_filter :load_distribution_choices, only: [:new, :edit, :update]
@@ -26,10 +27,6 @@ Spree::Admin::OrdersController.class_eval do
    # within the page then fetches the data it needs from Api::OrdersController
  end

-  def bulk_management
-    load_spree_api_key
-  end
-
  def edit
    @order.shipments.map &:refresh_rates

--- a/app/controllers/spree/admin/overview_controller.rb
+++ b/app/controllers/spree/admin/overview_controller.rb
@@ -1,79 +0,0 @@
-# this clas was inspired (heavily) from the mephisto admin architecture
-module Spree
-  module Admin
-    class OverviewController < Spree::Admin::BaseController
-      def index
-        @enterprises = Enterprise
-          .managed_by(spree_current_user)
-          .order('is_primary_producer ASC, name')
-        @product_count = Spree::Product.active.managed_by(spree_current_user).count
-        @order_cycle_count = OrderCycle.active.managed_by(spree_current_user).count
-
-        if first_access
-          redirect_to enterprises_path
-        else
-          render dashboard_view
-        end
-      end
-
-      private
-
-      # Checks whether the user is accessing the admin for the first time
-      #
-      # @return [Boolean]
-      def first_access
-        outside_referral && incomplete_enterprise_registration?
-      end
-
-      # Checks whether the request comes from another admin page or not
-      #
-      # @return [Boolean]
-      def outside_referral
-        !URI(request.referer.to_s).path.match(%r{/admin})
-      end
-
-      # Checks that all of the enterprises owned by the current user have a 'sells'
-      # property specified, which indicates that the registration process has been
-      # completed
-      #
-      # @return [Boolean]
-      def incomplete_enterprise_registration?
-        @incomplete_enterprise_registration ||= spree_current_user
-          .owned_enterprises
-          .where(sells: 'unspecified')
-          .exists?
-      end
-
-      # Returns the appropriate enterprise path for the current user
-      #
-      # @return [String]
-      def enterprises_path
-        if managed_enterprises.size == 1
-          @enterprise = @enterprises.first
-          main_app.welcome_admin_enterprise_path(@enterprise)
-        else
-          main_app.admin_enterprises_path
-        end
-      end
-
-      # Returns the appropriate dashboard view for the current user
-      #
-      # @return [String]
-      def dashboard_view
-        if managed_enterprises.size == 1
-          @enterprise = @enterprises.first
-          :single_enterprise_dashboard
-        else
-          :multi_enterprise_dashboard
-        end
-      end
-
-      # Returns the list of enterprises the current user is manager of
-      #
-      # @return [ActiveRecord::Relation<Enterprise>]
-      def managed_enterprises
-        spree_current_user.enterprises
-      end
-    end
-  end
-end
--- a/app/controllers/spree/admin/overview_controller_decorator.rb
+++ b/app/controllers/spree/admin/overview_controller_decorator.rb
@@ -0,0 +1,74 @@
+Spree::Admin::OverviewController.class_eval do
+  def index
+    @enterprises = Enterprise
+      .managed_by(spree_current_user)
+      .order('is_primary_producer ASC, name')
+    @product_count = Spree::Product.active.managed_by(spree_current_user).count
+    @order_cycle_count = OrderCycle.active.managed_by(spree_current_user).count
+
+    if first_access
+      redirect_to enterprises_path
+    else
+      render dashboard_view
+    end
+  end
+
+  private
+
+  # Checks whether the user is accessing the admin for the first time
+  #
+  # @return [Boolean]
+  def first_access
+    outside_referral && incomplete_enterprise_registration?
+  end
+
+  # Checks whether the request comes from another admin page or not
+  #
+  # @return [Boolean]
+  def outside_referral
+    !URI(request.referer.to_s).path.match(%r{/admin})
+  end
+
+  # Checks that all of the enterprises owned by the current user have a 'sells'
+  # property specified, which indicates that the registration process has been
+  # completed
+  #
+  # @return [Boolean]
+  def incomplete_enterprise_registration?
+    @incomplete_enterprise_registration ||= spree_current_user
+      .owned_enterprises
+      .where(sells: 'unspecified')
+      .exists?
+  end
+
+  # Returns the appropriate enterprise path for the current user
+  #
+  # @return [String]
+  def enterprises_path
+    if managed_enterprises.size == 1
+      @enterprise = @enterprises.first
+      main_app.welcome_admin_enterprise_path(@enterprise)
+    else
+      main_app.admin_enterprises_path
+    end
+  end
+
+  # Returns the appropriate dashboard view for the current user
+  #
+  # @return [String]
+  def dashboard_view
+    if managed_enterprises.size == 1
+      @enterprise = @enterprises.first
+      :single_enterprise_dashboard
+    else
+      :multi_enterprise_dashboard
+    end
+  end
+
+  # Returns the list of enterprises the current user is manager of
+  #
+  # @return [ActiveRecord::Relation<Enterprise>]
+  def managed_enterprises
+    spree_current_user.enterprises
+  end
+end
--- a/app/controllers/spree/admin/payment_methods_controller_decorator.rb
+++ b/app/controllers/spree/admin/payment_methods_controller_decorator.rb
@@ -1,68 +1,16 @@
 module Spree
  module Admin
-    class PaymentMethodsController < ResourceController
-      skip_before_filter :load_resource, only: [:create, :show_provider_preferences]
-      before_filter :load_data
-      before_filter :validate_payment_method_provider, only: [:create]
+    PaymentMethodsController.class_eval do
+      before_filter :restrict_stripe_account_change, only: [:update]
+      before_filter :force_environment, only: [:create, :update]
+      skip_before_filter :load_resource, only: [:show_provider_preferences]
      before_filter :load_hubs, only: [:new, :edit, :update]
      create.before :load_hubs

-      respond_to :html
-
-      def create
-        force_environment
-
-        @payment_method = params[:payment_method].
-          delete(:type).
-          constantize.
-          new(params[:payment_method])
-        @object = @payment_method
-
-        invoke_callbacks(:create, :before)
-        if @payment_method.save
-          invoke_callbacks(:create, :after)
-          flash[:success] = Spree.t(:successfully_created, resource: Spree.t(:payment_method))
-          redirect_to edit_admin_payment_method_path(@payment_method)
-        else
-          invoke_callbacks(:create, :fails)
-          respond_with(@payment_method)
-        end
-      end
-
-      def update
-        restrict_stripe_account_change
-        force_environment
-
-        invoke_callbacks(:update, :before)
-        payment_method_type = params[:payment_method].delete(:type)
-        if @payment_method['type'].to_s != payment_method_type
-          @payment_method.update_column(:type, payment_method_type)
-          @payment_method = PaymentMethod.find(params[:id])
-        end
-
-        payment_method_params = params[ActiveModel::Naming.param_key(@payment_method)] || {}
-        attributes = params[:payment_method].merge(payment_method_params)
-        attributes.each do |k, _v|
-          if k.include?("password") && attributes[k].blank?
-            attributes.delete(k)
-          end
-        end
-
-        if @payment_method.update_attributes(attributes)
-          invoke_callbacks(:update, :after)
-          flash[:success] = Spree.t(:successfully_updated, resource: Spree.t(:payment_method))
-          redirect_to edit_admin_payment_method_path(@payment_method)
-        else
-          invoke_callbacks(:update, :fails)
-          respond_with(@payment_method)
-        end
-      end
-
      # Only show payment methods that user has access to and sort by distributor name
      # ! Redundant code copied from Spree::Admin::ResourceController with modifications marked
      def collection
        return parent.public_send(controller_name) if parent_data.present?
-
        collection = if model_class.respond_to?(:accessible_by) &&
                        !current_ability.has_block?(params[:action], model_class)

@@ -114,14 +62,6 @@ module Spree
        @calculators = PaymentMethod.calculators.sort_by(&:name)
      end

-      def validate_payment_method_provider
-        valid_payment_methods = Rails.application.config.spree.payment_methods.map(&:to_s)
-        return if valid_payment_methods.include?(params[:payment_method][:type])
-
-        flash[:error] = Spree.t(:invalid_payment_provider)
-        redirect_to new_admin_payment_method_path
-      end
-
      def load_hubs
        # rubocop:disable Style/TernaryParentheses
        @hubs = Enterprise.managed_by(spree_current_user).is_distributor.sort_by! do |d|
@@ -133,8 +73,7 @@ module Spree
      # Show Stripe as an option if enabled, or if the
      # current payment_method is already a Stripe method
      def show_stripe?
-        Spree::Config.stripe_connect_enabled ||
-          @payment_method.try(:type) == "Spree::Gateway::StripeConnect"
+        Spree::Config.stripe_connect_enabled || @payment_method.try(:type) == "Spree::Gateway::StripeConnect"
      end

      def restrict_stripe_account_change
--- a/app/controllers/spree/admin/payments_controller_decorator.rb
+++ b/app/controllers/spree/admin/payments_controller_decorator.rb
@@ -43,8 +43,8 @@ Spree::Admin::PaymentsController.class_eval do
    else
      flash[:error] = t(:cannot_perform_operation)
    end
-  rescue Spree::Core::GatewayError => e
-    flash[:error] = e.message
+  rescue Spree::Core::GatewayError => ge
+    flash[:error] = ge.message
  ensure
    redirect_to request.referer
  end
--- a/app/controllers/spree/admin/product_properties_controller.rb
+++ b/app/controllers/spree/admin/product_properties_controller.rb
@@ -1,19 +0,0 @@
-module Spree
-  module Admin
-    class ProductPropertiesController < ResourceController
-      belongs_to 'spree/product', find_by: :permalink
-      before_filter :find_properties
-      before_filter :setup_property, only: [:index]
-
-      private
-
-      def find_properties
-        @properties = Spree::Property.pluck(:name)
-      end
-
-      def setup_property
-        @product.product_properties.build
-      end
-    end
-  end
-end
--- a/app/controllers/spree/admin/products_controller_decorator.rb
+++ b/app/controllers/spree/admin/products_controller_decorator.rb
@@ -30,11 +30,6 @@ Spree::Admin::ProductsController.class_eval do
    @show_latest_import = params[:latest_import] || false
  end

-  def new
-    @object.shipping_category = DefaultShippingCategory.find_or_create
-    super
-  end
-
  def create
    delete_stock_params_and_set_after do
      super
@@ -46,12 +41,11 @@ Spree::Admin::ProductsController.class_eval do
  end

  def update
-    original_supplier_id = @product.supplier_id
-
    delete_stock_params_and_set_after do
      super
-      ExchangeVariantDeleter.new.delete(@product) if original_supplier_id != @product.supplier_id
    end
+
+    clear_variants_unit_description if @object.variant_unit == 'items'
  end

  def bulk_update
@@ -79,7 +73,6 @@ Spree::Admin::ProductsController.class_eval do
    # enterprise users.
    # TODO: There has to be a better way!!!
    return @collection if @collection.present?
-
    params[:q] ||= {}
    params[:q][:deleted_at_null] ||= "1"

@@ -148,7 +141,6 @@ Spree::Admin::ProductsController.class_eval do

  def strip_new_properties
    return if spree_current_user.admin? || params[:product][:product_properties_attributes].nil?
-
    names = Spree::Property.pluck(:name)
    params[:product][:product_properties_attributes].each do |key, property|
      unless names.include? property[:property_name]
@@ -172,9 +164,9 @@ Spree::Admin::ProductsController.class_eval do
    begin
      variant.on_demand = on_demand if on_demand.present?
      variant.on_hand = on_hand.to_i if on_hand.present?
-    rescue StandardError => e
-      notify_bugsnag(e, product, variant)
-      raise e
+    rescue StandardError => error
+      notify_bugsnag(error, product, variant)
+      raise error
    end
  end

@@ -198,4 +190,10 @@ Spree::Admin::ProductsController.class_eval do
  def set_product_master_variant_price_to_zero
    @product.price = 0 if @product.price.nil?
  end
+
+  def clear_variants_unit_description
+    @object.variants.each do |variant|
+      variant.update_attribute :unit_description, ''
+    end
+  end
 end
--- a/app/controllers/spree/admin/properties_controller.rb
+++ b/app/controllers/spree/admin/properties_controller.rb
@@ -1,6 +0,0 @@
-module Spree
-  module Admin
-    class PropertiesController < ResourceController
-    end
-  end
-end
--- a/app/controllers/spree/admin/reports_controller_decorator.rb
+++ b/app/controllers/spree/admin/reports_controller_decorator.rb
@@ -23,8 +23,7 @@ Spree::Admin::ReportsController.class_eval do

  before_filter :cache_search_state
  # Fetches user's distributors, suppliers and order_cycles
-  before_filter :load_data,
-                only: [:customers, :products_and_inventory, :order_cycle_management, :packing]
+  before_filter :load_data, only: [:customers, :products_and_inventory, :order_cycle_management, :packing]

  def report_types
    OpenFoodNetwork::Reports::List.all
@@ -50,9 +49,7 @@ Spree::Admin::ReportsController.class_eval do
    @report_type = params[:report_type]

    # -- Build Report with Order Grouper
-    @report = OpenFoodNetwork::OrderCycleManagementReport.new spree_current_user,
-                                                              params,
-                                                              render_content?
+    @report = OpenFoodNetwork::OrderCycleManagementReport.new spree_current_user, params, render_content?
    @table = @report.table_items

    render_report(@report.header, @table, params[:csv], "order_cycle_management_#{timestamp}.csv")
@@ -72,9 +69,7 @@ Spree::Admin::ReportsController.class_eval do
  end

  def orders_and_distributors
-    @report = OpenFoodNetwork::OrderAndDistributorReport.new spree_current_user,
-                                                             params,
-                                                             render_content?
+    @report = OpenFoodNetwork::OrderAndDistributorReport.new spree_current_user, params, render_content?
    @search = @report.search
    csv_file_name = "orders_and_distributors_#{timestamp}.csv"
    render_report(@report.header, @report.table, params[:csv], csv_file_name)
@@ -114,7 +109,7 @@ Spree::Admin::ReportsController.class_eval do
  end

  def orders_and_fulfillment
-    params[:q] ||= orders_and_fulfillment_default_filters
+    params[:q] ||= {}

    # -- Prepare Form Options
    permissions = OpenFoodNetwork::Permissions.new(spree_current_user)
@@ -131,9 +126,7 @@ Spree::Admin::ReportsController.class_eval do
    @include_blank = I18n.t(:all)

    # -- Build Report with Order Grouper
-    @report = OpenFoodNetwork::OrdersAndFulfillmentsReport.new spree_current_user,
-                                                               params,
-                                                               render_content?
+    @report = OpenFoodNetwork::OrdersAndFulfillmentsReport.new spree_current_user, params, render_content?
    @table = order_grouper_table
    csv_file_name = "#{params[:report_type]}_#{timestamp}.csv"

@@ -143,24 +136,16 @@ Spree::Admin::ReportsController.class_eval do
  def products_and_inventory
    @report_types = report_types[:products_and_inventory]
    @report = if params[:report_type] != 'lettuce_share'
-                OpenFoodNetwork::ProductsAndInventoryReport.new spree_current_user,
-                                                                params,
-                                                                render_content?
+                OpenFoodNetwork::ProductsAndInventoryReport.new spree_current_user, params, render_content?
              else
                OpenFoodNetwork::LettuceShareReport.new spree_current_user, params, render_content?
              end
-    render_report(@report.header,
-                  @report.table,
-                  params[:csv],
-                  "products_and_inventory_#{timestamp}.csv")
+    render_report(@report.header, @report.table, params[:csv], "products_and_inventory_#{timestamp}.csv")
  end

  def users_and_enterprises
    @report = OpenFoodNetwork::UsersAndEnterprisesReport.new params, render_content?
-    render_report(@report.header,
-                  @report.table,
-                  params[:csv],
-                  "users_and_enterprises_#{timestamp}.csv")
+    render_report(@report.header, @report.table, params[:csv], "users_and_enterprises_#{timestamp}.csv")
  end

  def xero_invoices
@@ -236,8 +221,7 @@ Spree::Admin::ReportsController.class_eval do
  end

  def suppliers_of_products_distributed_by(distributors)
-    distributors.map { |d| Spree::Product.in_distributor(d).includes(:supplier).all }.
-      flatten.map(&:supplier).uniq
+    distributors.map { |d| Spree::Product.in_distributor(d) }.flatten.map(&:supplier).uniq
  end

  # Load order cycles the current user has access to
@@ -273,14 +257,14 @@ Spree::Admin::ReportsController.class_eval do
  def describe_report(report)
    name = I18n.t(:name, scope: [:admin, :reports, report])
    description = begin
-                    I18n.t!(:description, scope: [:admin, :reports, report])
-                  rescue I18n::MissingTranslationData
-                    render_to_string(
-                      partial: "#{report}_description",
-                      layout: false,
-                      locals: { report_types: report_types[report] }
-                    ).html_safe
-                  end
+      I18n.t!(:description, scope: [:admin, :reports, report])
+    rescue I18n::MissingTranslationData
+      render_to_string(
+        partial: "#{report}_description",
+        layout: false,
+        locals: { report_types: report_types[report] }
+      ).html_safe
+    end
    { name: name, url: url_for_report(report), description: description }
  end

@@ -293,10 +277,4 @@ Spree::Admin::ReportsController.class_eval do
  def timestamp
    Time.zone.now.strftime("%Y%m%d")
  end
-
-  def orders_and_fulfillment_default_filters
-    now = Time.zone.now
-    { completed_at_gt: (now - 1.month).beginning_of_day,
-      completed_at_lt: (now + 1.day).beginning_of_day }
-  end
 end
--- a/app/controllers/spree/admin/resource_controller_decorator.rb
+++ b/app/controllers/spree/admin/resource_controller_decorator.rb
@@ -16,5 +16,5 @@ end
 Spree::Admin::ResourceController.prepend(AuthorizeOnLoadResource)

 Spree::Admin::ResourceController.class_eval do
-  rescue_from CanCan::AccessDenied, with: :unauthorized
+  rescue_from CanCan::AccessDenied, :with => :unauthorized
 end
--- a/app/controllers/spree/admin/return_authorizations_controller.rb
+++ b/app/controllers/spree/admin/return_authorizations_controller.rb
@@ -1,24 +0,0 @@
-module Spree
-  module Admin
-    class ReturnAuthorizationsController < ResourceController
-      belongs_to 'spree/order', find_by: :number
-
-      update.after :associate_inventory_units
-      create.after :associate_inventory_units
-
-      def fire
-        @return_authorization.public_send("#{params[:e]}!")
-        flash[:success] = Spree.t(:return_authorization_updated)
-        redirect_to :back
-      end
-
-      protected
-
-      def associate_inventory_units
-        (params[:return_quantity] || []).each do |variant_id, qty|
-          @return_authorization.add_variant(variant_id.to_i, qty.to_i)
-        end
-      end
-    end
-  end
-end
--- a/app/controllers/spree/admin/shipping_categories_controller.rb
+++ b/app/controllers/spree/admin/shipping_categories_controller.rb
@@ -1,6 +0,0 @@
-module Spree
-  module Admin
-    class ShippingCategoriesController < ResourceController
-    end
-  end
-end
--- a/app/controllers/spree/admin/shipping_methods_controller.rb
+++ b/app/controllers/spree/admin/shipping_methods_controller.rb
@@ -1,86 +0,0 @@
-module Spree
-  module Admin
-    class ShippingMethodsController < ResourceController
-      before_filter :load_data, except: [:index]
-      before_filter :set_shipping_category, only: [:create, :update]
-      before_filter :set_zones, only: [:create, :update]
-      before_filter :load_hubs, only: [:new, :edit, :create, :update]
-
-      # Sort shipping methods by distributor name
-      def collection
-        collection = super
-        collection = collection.managed_by(spree_current_user).by_name
-
-        if params.key? :enterprise_id
-          distributor = Enterprise.find params[:enterprise_id]
-          collection = collection.for_distributor(distributor)
-        end
-
-        collection
-      end
-
-      def new
-        @object.shipping_categories = [DefaultShippingCategory.find_or_create]
-        super
-      end
-
-      def destroy
-        # Our reports are not adapted to soft deleted shipping_methods so here we prevent
-        #   the deletion (even soft) of shipping_methods that are referenced in orders
-        if order = order_referenced_by_shipping_method
-          flash[:error] = I18n.t(:shipping_method_destroy_error, number: order.number)
-          redirect_to(collection_url) && return
-        end
-
-        @object.touch :deleted_at
-        flash[:success] = flash_message_for(@object, :successfully_removed)
-
-        respond_with(@object) do |format|
-          format.html { redirect_to collection_url }
-        end
-      end
-
-      private
-
-      def order_referenced_by_shipping_method
-        Order.joins(shipments: :shipping_rates)
-          .where( spree_shipping_rates: { shipping_method_id: @object } )
-          .first
-      end
-
-      def load_hubs
-        # rubocop:disable Style/TernaryParentheses
-        @hubs = Enterprise.managed_by(spree_current_user).is_distributor.sort_by! do |d|
-          [(@shipping_method.has_distributor? d) ? 0 : 1, d.name]
-        end
-        # rubocop:enable Style/TernaryParentheses
-      end
-
-      def set_shipping_category
-        return true if params["shipping_method"][:shipping_categories] == ""
-
-        @shipping_method.shipping_categories =
-          Spree::ShippingCategory.where(id: params["shipping_method"][:shipping_categories])
-        @shipping_method.save
-        params[:shipping_method].delete(:shipping_categories)
-      end
-
-      def set_zones
-        return true if params["shipping_method"][:zones] == ""
-
-        @shipping_method.zones = Spree::Zone.where(id: params["shipping_method"][:zones])
-        @shipping_method.save
-        params[:shipping_method].delete(:zones)
-      end
-
-      def location_after_save
-        edit_admin_shipping_method_path(@shipping_method)
-      end
-
-      def load_data
-        @available_zones = Zone.order(:name)
-        @calculators = ShippingMethod.calculators.sort_by(&:name)
-      end
-    end
-  end
-end
--- a/app/controllers/spree/admin/shipping_methods_controller_decorator.rb
+++ b/app/controllers/spree/admin/shipping_methods_controller_decorator.rb
@@ -0,0 +1,42 @@
+module Spree
+  module Admin
+    ShippingMethodsController.class_eval do
+      before_filter :do_not_destroy_referenced_shipping_methods, only: :destroy
+      before_filter :load_hubs, only: [:new, :edit, :create, :update]
+
+      # Sort shipping methods by distributor name
+      def collection
+        collection = super
+        collection = collection.managed_by(spree_current_user).by_name
+
+        if params.key? :enterprise_id
+          distributor = Enterprise.find params[:enterprise_id]
+          collection = collection.for_distributor(distributor)
+        end
+
+        collection
+      end
+
+      # Spree allows soft deletes of shipping_methods but our reports are not adapted to that
+      #   Here we prevent the deletion (even soft) of shipping_methods that are referenced in orders
+      def do_not_destroy_referenced_shipping_methods
+        order = Order.joins(shipments: :shipping_rates)
+          .where( spree_shipping_rates: { shipping_method_id: @object } )
+          .first
+        return unless order
+        flash[:error] = I18n.t(:shipping_method_destroy_error, number: order.number)
+        redirect_to(collection_url) && return
+      end
+
+      private
+
+      def load_hubs
+        # rubocop:disable Style/TernaryParentheses
+        @hubs = Enterprise.managed_by(spree_current_user).is_distributor.sort_by! do |d|
+          [(@shipping_method.has_distributor? d) ? 0 : 1, d.name]
+        end
+        # rubocop:enable Style/TernaryParentheses
+      end
+    end
+  end
+end
--- a/app/controllers/spree/admin/states_controller.rb
+++ b/app/controllers/spree/admin/states_controller.rb
@@ -1,29 +0,0 @@
-module Spree
-  module Admin
-    class StatesController < ResourceController
-      belongs_to 'spree/country'
-      before_filter :load_data
-
-      def index
-        respond_with(@collection) do |format|
-          format.html
-          format.js { render partial: 'state_list' }
-        end
-      end
-
-      protected
-
-      def location_after_save
-        admin_country_states_url(@country)
-      end
-
-      def collection
-        super.order(:name)
-      end
-
-      def load_data
-        @countries = Country.order(:name)
-      end
-    end
-  end
-end
--- a/app/controllers/spree/admin/tax_categories_controller.rb
+++ b/app/controllers/spree/admin/tax_categories_controller.rb
@@ -1,19 +0,0 @@
-module Spree
-  module Admin
-    class TaxCategoriesController < ResourceController
-      def destroy
-        if @object.destroy
-          flash[:success] = flash_message_for(@object, :successfully_removed)
-          respond_with(@object) do |format|
-            format.html { redirect_to collection_url }
-            format.js   { render partial: "spree/admin/shared/destroy" }
-          end
-        else
-          respond_with(@object) do |format|
-            format.html { redirect_to collection_url }
-          end
-        end
-      end
-    end
-  end
-end
--- a/app/controllers/spree/admin/tax_rates_controller.rb
+++ b/app/controllers/spree/admin/tax_rates_controller.rb
@@ -1,26 +0,0 @@
-module Spree
-  module Admin
-    class TaxRatesController < ResourceController
-      before_filter :load_data
-
-      update.after :update_after
-      create.after :create_after
-
-      private
-
-      def load_data
-        @available_zones = Zone.order(:name)
-        @available_categories = TaxCategory.order(:name)
-        @calculators = TaxRate.calculators.sort_by(&:name)
-      end
-
-      def update_after
-        Rails.cache.delete('vat_rates')
-      end
-
-      def create_after
-        Rails.cache.delete('vat_rates')
-      end
-    end
-  end
-end
--- a/app/controllers/spree/admin/tax_settings_controller.rb
+++ b/app/controllers/spree/admin/tax_settings_controller.rb
@@ -1,15 +0,0 @@
-module Spree
-  module Admin
-    class TaxSettingsController < Spree::Admin::BaseController
-      def update
-        Spree::Config.set(params[:preferences])
-
-        respond_to do |format|
-          format.html {
-            redirect_to edit_admin_tax_settings_path
-          }
-        end
-      end
-    end
-  end
-end
--- a/app/controllers/spree/admin/taxonomies_controller.rb
+++ b/app/controllers/spree/admin/taxonomies_controller.rb
@@ -1,21 +0,0 @@
-module Spree
-  module Admin
-    class TaxonomiesController < ResourceController
-      respond_to :json, only: [:get_children]
-
-      def get_children
-        @taxons = Taxon.find(params[:parent_id]).children
-      end
-
-      private
-
-      def location_after_save
-        if @taxonomy.created_at == @taxonomy.updated_at
-          edit_admin_taxonomy_url(@taxonomy)
-        else
-          admin_taxonomies_url
-        end
-      end
-    end
-  end
-end
--- a/app/controllers/spree/admin/taxons_controller.rb
+++ b/app/controllers/spree/admin/taxons_controller.rb
@@ -1,118 +0,0 @@
-module Spree
-  module Admin
-    class TaxonsController < Spree::Admin::BaseController
-      respond_to :html, :json, :js
-
-      def search
-        @taxons = if params[:ids]
-                    Spree::Taxon.where(id: params[:ids].split(','))
-                  else
-                    Spree::Taxon.limit(20).search(name_cont: params[:q]).result
-                  end
-      end
-
-      def create
-        @taxonomy = Taxonomy.find(params[:taxonomy_id])
-        @taxon = @taxonomy.taxons.build(params[:taxon])
-        if @taxon.save
-          respond_with(@taxon) do |format|
-            format.json { render json: @taxon.to_json }
-          end
-        else
-          flash[:error] = Spree.t('errors.messages.could_not_create_taxon')
-          respond_with(@taxon) do |format|
-            format.html do
-              if redirect_to @taxonomy
-                edit_admin_taxonomy_url(@taxonomy)
-              else
-                admin_taxonomies_url
-              end
-            end
-          end
-        end
-      end
-
-      def edit
-        @taxonomy = Taxonomy.find(params[:taxonomy_id])
-        @taxon = @taxonomy.taxons.find(params[:id])
-        @permalink_part = @taxon.permalink.split("/").last
-      end
-
-      def update
-        @taxonomy = Taxonomy.find(params[:taxonomy_id])
-        @taxon = @taxonomy.taxons.find(params[:id])
-        parent_id = params[:taxon][:parent_id]
-        new_position = params[:taxon][:position]
-
-        if parent_id || new_position # taxon is being moved
-          new_parent = parent_id.nil? ? @taxon.parent : Taxon.find(parent_id.to_i)
-          new_position = new_position.nil? ? -1 : new_position.to_i
-
-          # Bellow is a very complicated way of finding where in nested set we
-          # should actually move the taxon to achieve sane results,
-          # JS is giving us the desired position, which was awesome for previous setup,
-          # but now it's quite complicated to find where we should put it as we have
-          # to differenciate between moving to the same branch, up down and into
-          # first position.
-          new_siblings = new_parent.children
-          if new_position <= 0 && new_siblings.empty?
-            @taxon.move_to_child_of(new_parent)
-          elsif new_parent.id != @taxon.parent_id
-            if new_position.zero?
-              @taxon.move_to_left_of(new_siblings.first)
-            else
-              @taxon.move_to_right_of(new_siblings[new_position - 1])
-            end
-          elsif new_position < new_siblings.index(@taxon)
-            @taxon.move_to_left_of(new_siblings[new_position]) # we move up
-          else
-            @taxon.move_to_right_of(new_siblings[new_position - 1]) # we move down
-          end
-          # Reset legacy position, if any extensions still rely on it
-          new_parent.children.reload.each{ |t| t.update_column(:position, t.position) }
-
-          if parent_id
-            @taxon.reload
-            @taxon.set_permalink
-            @taxon.save!
-            @update_children = true
-          end
-        end
-
-        if params.key? "permalink_part"
-          parent_permalink = @taxon.permalink.split("/")[0...-1].join("/")
-          parent_permalink += "/" if parent_permalink.present?
-          params[:taxon][:permalink] = parent_permalink + params[:permalink_part]
-        end
-        # check if we need to rename child taxons if parent name or permalink changes
-        if params[:taxon][:name] != @taxon.name || params[:taxon][:permalink] != @taxon.permalink
-          @update_children = true
-        end
-
-        if @taxon.update_attributes(params[:taxon])
-          flash[:success] = flash_message_for(@taxon, :successfully_updated)
-        end
-
-        # rename child taxons
-        if @update_children
-          @taxon.descendants.each do |taxon|
-            taxon.reload
-            taxon.set_permalink
-            taxon.save!
-          end
-        end
-
-        respond_with(@taxon) do |format|
-          format.html { redirect_to edit_admin_taxonomy_url(@taxonomy) }
-          format.json { render json: @taxon.to_json }
-        end
-      end
-
-      def destroy
-        @taxon = Taxon.find(params[:id])
-        @taxon.destroy
-        respond_with(@taxon) { |format| format.json { render json: '' } }
-      end
-    end
-  end
-end
--- a/app/controllers/spree/admin/users_controller.rb
+++ b/app/controllers/spree/admin/users_controller.rb
@@ -46,26 +46,21 @@ module Spree
            @user.spree_roles = roles.reject(&:blank?).collect{ |r| Spree::Role.find(r) }
          end

-          message = if new_email_unconfirmed?
-                      Spree.t(:email_updated)
-                    else
-                      Spree.t(:account_updated)
-                    end
-          flash.now[:success] = message
+          flash.now[:success] = Spree.t(:account_updated)
        end
        render :edit
      end

      def generate_api_key
        if @user.generate_spree_api_key!
-          flash[:success] = t('spree.api.key_generated')
+          flash[:success] = Spree.t('api.key_generated')
        end
        redirect_to edit_admin_user_path(@user)
      end

      def clear_api_key
        if @user.clear_spree_api_key!
-          flash[:success] = t('spree.api.key_cleared')
+          flash[:success] = Spree.t('api.key_cleared')
        end
        redirect_to edit_admin_user_path(@user)
      end
@@ -74,7 +69,6 @@ module Spree

      def collection
        return @collection if @collection.present?
-
        if request.xhr? && params[:q].present?
          # Disabling proper nested include here due to rails 3.1 bug
          @collection = Spree::User.
@@ -126,17 +120,12 @@ module Spree

      def sign_in_if_change_own_password
        return unless spree_current_user == @user && @user.password.present?
-
        sign_in(@user, event: :authentication, bypass: true)
      end

      def load_roles
        @roles = Spree::Role.scoped
      end
-
-      def new_email_unconfirmed?
-        params[:user][:email] != @user.email
-      end
    end
  end
 end
--- a/app/controllers/spree/admin/zones_controller.rb
+++ b/app/controllers/spree/admin/zones_controller.rb
@@ -1,26 +0,0 @@
-module Spree
-  module Admin
-    class ZonesController < ResourceController
-      before_filter :load_data, except: [:index]
-
-      def new
-        @zone.zone_members.build
-      end
-
-      protected
-
-      def collection
-        params[:q] ||= {}
-        params[:q][:s] ||= "ascend_by_name"
-        @search = super.ransack(params[:q])
-        @zones = @search.result.page(params[:page]).per(Spree::Config[:orders_per_page])
-      end
-
-      def load_data
-        @countries = Country.order(:name)
-        @states = State.order(:name)
-        @zones = Zone.order(:name)
-      end
-    end
-  end
-end
--- a/app/controllers/spree/api/base_controller.rb
+++ b/app/controllers/spree/api/base_controller.rb
@@ -0,0 +1,130 @@
+require_dependency 'spree/api/controller_setup'
+
+module Spree
+  module Api
+    class BaseController < ActionController::Metal
+      include Spree::Api::ControllerSetup
+      include Spree::Core::ControllerHelpers::SSL
+      include ::ActionController::Head
+
+      self.responder = Spree::Api::Responders::AppResponder
+
+      respond_to :json
+
+      attr_accessor :current_api_user
+
+      before_filter :set_content_type
+      before_filter :check_for_user_or_api_key, :if => :requires_authentication?
+      before_filter :authenticate_user
+      after_filter  :set_jsonp_format
+
+      rescue_from Exception, :with => :error_during_processing
+      rescue_from CanCan::AccessDenied, :with => :unauthorized
+      rescue_from ActiveRecord::RecordNotFound, :with => :not_found
+
+      helper Spree::Api::ApiHelpers
+
+      ssl_allowed
+
+      def set_jsonp_format
+        if params[:callback] && request.get?
+          self.response_body = "#{params[:callback]}(#{response_body})"
+          headers["Content-Type"] = 'application/javascript'
+        end
+      end
+
+      def map_nested_attributes_keys(klass, attributes)
+        nested_keys = klass.nested_attributes_options.keys
+        attributes.inject({}) do |h, (k, v)|
+          key = nested_keys.include?(k.to_sym) ? "#{k}_attributes" : k
+          h[key] = v
+          h
+        end.with_indifferent_access
+      end
+
+      private
+
+      def set_content_type
+        content_type = case params[:format]
+                       when "json"
+                         "application/json"
+                       when "xml"
+                         "text/xml"
+                       end
+        headers["Content-Type"] = content_type
+      end
+
+      def check_for_user_or_api_key
+        # User is already authenticated with Spree, make request this way instead.
+        return true if @current_api_user = try_spree_current_user ||
+                                           !requires_authentication?
+
+        return if api_key.present?
+        render("spree/api/errors/must_specify_api_key", status: :unauthorized) && return
+      end
+
+      def authenticate_user
+        return if @current_api_user
+
+        if requires_authentication? || api_key.present?
+          unless @current_api_user = Spree.user_class.find_by_spree_api_key(api_key.to_s)
+            render("spree/api/errors/invalid_api_key", status: :unauthorized) && return
+          end
+        else
+          # An anonymous user
+          @current_api_user = Spree.user_class.new
+        end
+      end
+
+      def unauthorized
+        render("spree/api/errors/unauthorized", status: :unauthorized) && return
+      end
+
+      def error_during_processing(exception)
+        render(text: { exception: exception.message }.to_json,
+               status: :unprocessable_entity) && return
+      end
+
+      def requires_authentication?
+        true
+      end
+
+      def not_found
+        render("spree/api/errors/not_found", status: :not_found) && return
+      end
+
+      def current_ability
+        Spree::Ability.new(current_api_user)
+      end
+
+      def invalid_resource!(resource)
+        @resource = resource
+        render "spree/api/errors/invalid_resource", status: :unprocessable_entity
+      end
+
+      def api_key
+        request.headers["X-Spree-Token"] || params[:token]
+      end
+      helper_method :api_key
+
+      def find_product(id)
+        product_scope.find_by_permalink!(id.to_s)
+      rescue ActiveRecord::RecordNotFound
+        product_scope.find(id)
+      end
+
+      def product_scope
+        if current_api_user.has_spree_role?("admin")
+          scope = Product
+          if params[:show_deleted]
+            scope = scope.with_deleted
+          end
+        else
+          scope = Product.active
+        end
+
+        scope.includes(:master)
+      end
+    end
+  end
+end
--- a/app/controllers/spree/api/shipments_controller.rb
+++ b/app/controllers/spree/api/shipments_controller.rb
@@ -0,0 +1,108 @@
+require 'open_food_network/scope_variant_to_hub'
+
+module Spree
+  module Api
+    class ShipmentsController < Spree::Api::BaseController
+      respond_to :json
+
+      before_filter :find_order
+      before_filter :find_and_update_shipment, only: [:ship, :ready, :add, :remove]
+
+      def create
+        variant = scoped_variant(params[:variant_id])
+        quantity = params[:quantity].to_i
+        @shipment = get_or_create_shipment(params[:stock_location_id])
+
+        @order.contents.add(variant, quantity, nil, @shipment)
+
+        @shipment.refresh_rates
+        @shipment.save!
+
+        respond_with(@shipment.reload, default_template: :show)
+      end
+
+      def update
+        authorize! :read, Shipment
+        @shipment = @order.shipments.find_by_number!(params[:id])
+        params[:shipment] ||= []
+        unlock = params[:shipment].delete(:unlock)
+
+        if unlock == 'yes'
+          @shipment.adjustment.open
+        end
+
+        @shipment.update_attributes(params[:shipment])
+
+        if unlock == 'yes'
+          @shipment.adjustment.close
+        end
+
+        @shipment.reload
+        respond_with(@shipment, default_template: :show)
+      end
+
+      def ready
+        authorize! :read, Shipment
+        unless @shipment.ready?
+          if @shipment.can_ready?
+            @shipment.ready!
+          else
+            render "spree/api/shipments/cannot_ready_shipment", status: :unprocessable_entity
+            return
+          end
+        end
+        respond_with(@shipment, default_template: :show)
+      end
+
+      def ship
+        authorize! :read, Shipment
+        unless @shipment.shipped?
+          @shipment.ship!
+        end
+        respond_with(@shipment, default_template: :show)
+      end
+
+      def add
+        variant = scoped_variant(params[:variant_id])
+        quantity = params[:quantity].to_i
+
+        @order.contents.add(variant, quantity, nil, @shipment)
+
+        respond_with(@shipment, default_template: :show)
+      end
+
+      def remove
+        variant = scoped_variant(params[:variant_id])
+        quantity = params[:quantity].to_i
+
+        @order.contents.remove(variant, quantity, @shipment)
+        @shipment.reload if @shipment.persisted?
+
+        respond_with(@shipment, default_template: :show)
+      end
+
+      private
+
+      def find_order
+        @order = Spree::Order.find_by_number!(params[:order_id])
+        authorize! :read, @order
+      end
+
+      def find_and_update_shipment
+        @shipment = @order.shipments.find_by_number!(params[:id])
+        @shipment.update_attributes(params[:shipment])
+        @shipment.reload
+      end
+
+      def scoped_variant(variant_id)
+        variant = Spree::Variant.find(variant_id)
+        OpenFoodNetwork::ScopeVariantToHub.new(@order.distributor).scope(variant)
+        variant
+      end
+
+      def get_or_create_shipment(stock_location_id)
+        @order.shipment || @order.shipments.create(stock_location_id: stock_location_id)
+      end
+    end
+  end
+end
--- a/app/controllers/spree/api/taxons_controller.rb
+++ b/app/controllers/spree/api/taxons_controller.rb
@@ -0,0 +1,75 @@
+module Spree
+  module Api
+    class TaxonsController < Spree::Api::BaseController
+      respond_to :json
+
+      def index
+        if taxonomy
+          @taxons = taxonomy.root.children
+        else
+          if params[:ids]
+            @taxons = Taxon.where(id: params[:ids].split(","))
+          else
+            @taxons = Taxon.ransack(params[:q]).result
+          end
+        end
+        respond_with(@taxons)
+      end
+
+      def show
+        @taxon = taxon
+        respond_with(@taxon)
+      end
+
+      def jstree
+        show
+      end
+
+      def create
+        authorize! :create, Taxon
+        @taxon = Taxon.new(params[:taxon])
+        @taxon.taxonomy_id = params[:taxonomy_id]
+        taxonomy = Taxonomy.find_by_id(params[:taxonomy_id])
+
+        if taxonomy.nil?
+          @taxon.errors[:taxonomy_id] = I18n.t(:invalid_taxonomy_id, scope: 'spree.api')
+          invalid_resource!(@taxon) && return
+        end
+
+        @taxon.parent_id = taxonomy.root.id unless params[:taxon][:parent_id]
+
+        if @taxon.save
+          respond_with(@taxon, status: 201, default_template: :show)
+        else
+          invalid_resource!(@taxon)
+        end
+      end
+
+      def update
+        authorize! :update, Taxon
+        if taxon.update_attributes(params[:taxon])
+          respond_with(taxon, status: 200, default_template: :show)
+        else
+          invalid_resource!(taxon)
+        end
+      end
+
+      def destroy
+        authorize! :delete, Taxon
+        taxon.destroy
+        respond_with(taxon, status: 204)
+      end
+
+      private
+
+      def taxonomy
+        return if params[:taxonomy_id].blank?
+        @taxonomy ||= Taxonomy.find(params[:taxonomy_id])
+      end
+
+      def taxon
+        @taxon ||= taxonomy.taxons.find(params[:id])
+      end
+    end
+  end
+end
--- a/app/controllers/spree/api/users_controller.rb
+++ b/app/controllers/spree/api/users_controller.rb
@@ -0,0 +1,7 @@
+module Spree
+  module Api
+    class UsersController < Spree::Api::BaseController
+      respond_to :json
+    end
+  end
+end
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .3.7
 .1.5