Merge pull request #5663 from luisramos0/constraints

Make db timestamps nullable

.codeclimate.yml

@@ -16,6 +16,10 @@ plugins:
         enabled: false
       PropertySortOrder:
         enabled: false
+      StringQuotes:
+        enabled: false
+      DeclarationOrder:
+        enabled: false
   duplication:
     enabled: true
     exclude_patterns:

.rubocop_manual_todo.yml

@@ -142,7 +142,6 @@ Layout/LineLength:
   - spec/controllers/api/product_images_controller_spec.rb
   - spec/controllers/api/products_controller_spec.rb
   - spec/controllers/api/promo_images_controller_spec.rb
-  - spec/controllers/api/shipments_controller_spec.rb
   - spec/controllers/api/variants_controller_spec.rb
   - spec/controllers/cart_controller_spec.rb
   - spec/controllers/checkout_controller_spec.rb

.rubocop_styleguide.yml

@@ -5,7 +5,7 @@
 # rubocop locally, the default configuration file `.rubocop.yml` loads
 # our "todo lists" to ignore all current violations.
 AllCops:
-  TargetRailsVersion: 3.2
+  TargetRailsVersion: 4.0
   Exclude:
     - 'bin/**/*'
     - 'db/**/*'
@@ -20,9 +20,6 @@ AllCops:
 #
 # Cop settings that have been agreed upon by the OFN community
 
-Rails:
-  Enabled: true
-
 Style/Documentation:
   Enabled: false
 
@@ -61,24 +58,6 @@ Lint/UselessAssignment:
   Exclude:
   - spec/**/*
 
-# AFAIK, there is no good alternative to dynamic matchers until we upgrade
-# to Rails 4 and can use #find_by. If there is a better approach, let's do it.
-Rails/DynamicFindBy:
-  Enabled: false
-
-# Same as above, #find_by is not available until Rails 4
-Rails/FindBy:
-  Enabled: false
-
-# Same as above, #update! is not available until Rails 4
-Rails/ActiveRecordAliases:
-  Enabled: false
-
-# This should be the programmer's discretion, perhaps we should review all of
-# the uses of it an make specific exceptions though.
-Rails/SkipsModelValidations:
-  Enabled: false
-
 ## Relaxed.Ruby.Style SETTINGS
 #
 # These styles are a starting point for the conversation around conventions

.rubocop_todo.yml

@@ -1,6 +1,6 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --exclude-limit 1400`
-# on 2020-01-09 11:26:09 +1100 using RuboCop version 0.79.0.
+# on 2020-02-22 11:23:29 +0000 using RuboCop version 0.80.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
@@ -14,10 +14,11 @@ Layout/EmptyLineAfterGuardClause:
     - 'lib/open_food_network/orders_and_fulfillments_report.rb'
     - 'lib/open_food_network/packing_report.rb'
 
-# Offense count: 1
+# Offense count: 2
 # Cop supports --auto-correct.
 Layout/EmptyLines:
   Exclude:
+    - 'app/models/spree/adjustment_decorator.rb'
     - 'spec/features/admin/order_cycles_spec.rb'
 
 # Offense count: 1
@@ -28,6 +29,14 @@ Layout/EmptyLinesAroundBlockBody:
   Exclude:
     - 'spec/controllers/api/orders_controller_spec.rb'
 
+# Offense count: 1
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyleAlignWith, AutoCorrect, Severity.
+# SupportedStylesAlignWith: keyword, variable, start_of_line
+Layout/EndAlignment:
+  Exclude:
+    - 'lib/open_food_network/permalink_generator.rb'
+
 # Offense count: 2
 # Cop supports --auto-correct.
 # Configuration parameters: AllowMultipleStyles, EnforcedHashRocketStyle, EnforcedColonStyle, EnforcedLastArgumentHashStyle.
@@ -38,12 +47,27 @@ Layout/HashAlignment:
   Exclude:
     - 'spec/lib/open_food_network/orders_and_fulfillments_report/customer_totals_report_spec.rb'
 
-# Offense count: 27
+# Offense count: 8
+# Cop supports --auto-correct.
+# Configuration parameters: AllowDoxygenCommentStyle, AllowGemfileRubyComment.
+Layout/LeadingCommentSpace:
+  Exclude:
+    - 'Gemfile'
+    - 'app/helpers/application_helper.rb'
+    - 'app/models/enterprise.rb'
+
+# Offense count: 3
 # Cop supports --auto-correct.
 # Configuration parameters: AutoCorrect, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
 # URISchemes: http, https
 Layout/LineLength:
-  Max: 129
+  Max: 115
+
+# Offense count: 1
+# Cop supports --auto-correct.
+Layout/SpaceAfterColon:
+  Exclude:
+    - 'lib/open_food_network/order_cycle_form_applicator.rb'
 
 # Offense count: 2
 # Cop supports --auto-correct.
@@ -54,14 +78,26 @@ Layout/SpaceAroundOperators:
     - 'app/services/cart_service.rb'
     - 'spec/support/cancan_helper.rb'
 
-# Offense count: 4
+# Offense count: 2
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, EnforcedStyleForEmptyBraces.
+# SupportedStyles: space, no_space, compact
+# SupportedStylesForEmptyBraces: space, no_space
+Layout/SpaceInsideHashLiteralBraces:
+  Exclude:
+    - 'spec/controllers/checkout_controller_spec.rb'
+
+# Offense count: 2
 Lint/AmbiguousOperator:
   Exclude:
-    - 'app/controllers/spree/admin/orders/customer_details_controller_decorator.rb'
-    - 'app/controllers/spree/admin/orders_controller_decorator.rb'
     - 'spec/controllers/api/enterprise_fees_controller_spec.rb'
     - 'spec/controllers/spree/admin/payments_controller_spec.rb'
 
+# Offense count: 2
+Lint/Debugger:
+  Exclude:
+    - 'app/services/order_factory.rb'
+
 # Offense count: 1
 Lint/DuplicateHashKey:
   Exclude:
@@ -116,16 +152,32 @@ Lint/UselessAccessModifier:
     - 'lib/open_food_network/reports/bulk_coop_report.rb'
     - 'spec/lib/open_food_network/reports/report_spec.rb'
 
+# Offense count: 1
+Lint/UselessAssignment:
+  Exclude:
+    - 'spec/**/*'
+    - 'app/models/enterprise.rb'
+
 # Offense count: 1
 # Configuration parameters: CheckForMethodsWithNoSideEffects.
 Lint/Void:
   Exclude:
     - 'app/serializers/api/enterprise_serializer.rb'
 
+# Offense count: 1
+Metrics/AbcSize:
+  Max: 16
+
+# Offense count: 1
+# Configuration parameters: CountComments, ExcludedMethods.
+# ExcludedMethods: refine
+Metrics/BlockLength:
+  Max: 27
+
 # Offense count: 1
 # Configuration parameters: CountComments.
 Metrics/ModuleLength:
-  Max: 114
+  Max: 121
 
 # Offense count: 8
 Naming/AccessorMethodName:
@@ -143,20 +195,18 @@ Naming/HeredocDelimiterNaming:
   Exclude:
     - 'app/models/content_configuration.rb'
 
-# Offense count: 4
+# Offense count: 3
 # Configuration parameters: EnforcedStyleForLeadingUnderscores.
 # SupportedStylesForLeadingUnderscores: disallowed, required, optional
 Naming/MemoizedInstanceVariableName:
   Exclude:
-    - 'app/controllers/spree/admin/payments_controller_decorator.rb'
     - 'lib/open_food_network/address_finder.rb'
 
-# Offense count: 8
+# Offense count: 7
 # Configuration parameters: MinNameLength, AllowNamesEndingInNumbers, AllowedNames, ForbiddenNames.
-# AllowedNames: io, id, to, by, on, in, at, ip, db, os
+# AllowedNames: io, id, to, by, on, in, at, ip, db, os, pp
 Naming/MethodParameterName:
   Exclude:
-    - 'app/helpers/spree/admin/base_helper_decorator.rb'
     - 'app/helpers/spree/base_helper_decorator.rb'
     - 'engines/order_management/app/services/order_management/subscriptions/validator.rb'
     - 'lib/open_food_network/reports/bulk_coop_report.rb'
@@ -190,7 +240,7 @@ Naming/PredicateName:
     - 'lib/open_food_network/packing_report.rb'
     - 'lib/tasks/data.rake'
 
-# Offense count: 152
+# Offense count: 154
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle, Include.
 # SupportedStyles: action, filter
@@ -231,22 +281,22 @@ Rails/ActionFilter:
     - 'app/controllers/spree/admin/base_controller.rb'
     - 'app/controllers/spree/admin/images_controller.rb'
     - 'app/controllers/spree/admin/mail_methods_controller.rb'
-    - 'app/controllers/spree/admin/orders/customer_details_controller_decorator.rb'
-    - 'app/controllers/spree/admin/orders_controller_decorator.rb'
+    - 'app/controllers/spree/admin/orders/customer_details_controller.rb'
+    - 'app/controllers/spree/admin/orders_controller.rb'
     - 'app/controllers/spree/admin/payment_methods_controller.rb'
-    - 'app/controllers/spree/admin/payments_controller_decorator.rb'
+    - 'app/controllers/spree/admin/payments_controller.rb'
     - 'app/controllers/spree/admin/product_properties_controller.rb'
-    - 'app/controllers/spree/admin/products_controller_decorator.rb'
+    - 'app/controllers/spree/admin/products_controller.rb'
     - 'app/controllers/spree/admin/reports/enterprise_fee_summaries_controller.rb'
     - 'app/controllers/spree/admin/reports_controller.rb'
+    - 'app/controllers/spree/admin/resource_controller.rb'
+    - 'app/controllers/spree/admin/search_controller.rb'
     - 'app/controllers/spree/admin/shipping_methods_controller.rb'
     - 'app/controllers/spree/admin/states_controller.rb'
     - 'app/controllers/spree/admin/tax_rates_controller.rb'
     - 'app/controllers/spree/admin/users_controller.rb'
     - 'app/controllers/spree/admin/zones_controller.rb'
-    - 'app/controllers/spree/checkout_controller.rb'
     - 'app/controllers/spree/orders_controller.rb'
-    - 'app/controllers/spree/paypal_controller_decorator.rb'
     - 'app/controllers/spree/store_controller.rb'
     - 'app/controllers/spree/user_registrations_controller.rb'
     - 'app/controllers/spree/user_sessions_controller.rb'
@@ -255,6 +305,78 @@ Rails/ActionFilter:
     - 'app/controllers/user_passwords_controller.rb'
     - 'app/controllers/user_registrations_controller.rb'
 
+# Offense count: 192
+# Cop supports --auto-correct.
+Rails/ActiveRecordAliases:
+  Exclude:
+    - 'app/controllers/admin/bulk_line_items_controller.rb'
+    - 'app/controllers/admin/enterprises_controller.rb'
+    - 'app/controllers/admin/subscriptions_controller.rb'
+    - 'app/controllers/api/customers_controller.rb'
+    - 'app/controllers/api/enterprise_attachment_controller.rb'
+    - 'app/controllers/api/enterprises_controller.rb'
+    - 'app/controllers/api/product_images_controller.rb'
+    - 'app/controllers/api/products_controller.rb'
+    - 'app/controllers/api/shipments_controller.rb'
+    - 'app/controllers/api/taxons_controller.rb'
+    - 'app/controllers/api/variants_controller.rb'
+    - 'app/controllers/checkout_controller.rb'
+    - 'app/controllers/spree/admin/orders/customer_details_controller.rb'
+    - 'app/controllers/spree/admin/orders_controller.rb'
+    - 'app/controllers/spree/admin/payment_methods_controller.rb'
+    - 'app/controllers/spree/admin/resource_controller.rb'
+    - 'app/controllers/spree/admin/taxons_controller.rb'
+    - 'app/controllers/spree/admin/users_controller.rb'
+    - 'app/controllers/spree/credit_cards_controller.rb'
+    - 'app/controllers/spree/orders_controller.rb'
+    - 'app/controllers/spree/users_controller.rb'
+    - 'app/helpers/i18n_helper.rb'
+    - 'app/jobs/subscription_placement_job.rb'
+    - 'app/models/spree/adjustment_decorator.rb'
+    - 'app/models/spree/line_item_decorator.rb'
+    - 'app/models/spree/product_set.rb'
+    - 'app/services/line_item_syncer.rb'
+    - 'app/services/order_factory.rb'
+    - 'app/services/order_syncer.rb'
+    - 'app/services/user_default_address_setter.rb'
+    - 'lib/open_food_network/order_cycle_form_applicator.rb'
+    - 'lib/open_food_network/subscription_payment_updater.rb'
+    - 'lib/stripe/profile_storer.rb'
+    - 'spec/controllers/admin/proxy_orders_controller_spec.rb'
+    - 'spec/controllers/admin/subscriptions_controller_spec.rb'
+    - 'spec/controllers/api/orders_controller_spec.rb'
+    - 'spec/controllers/line_items_controller_spec.rb'
+    - 'spec/controllers/spree/admin/payment_methods_controller_spec.rb'
+    - 'spec/controllers/spree/orders_controller_spec.rb'
+    - 'spec/features/admin/order_cycles_spec.rb'
+    - 'spec/features/admin/subscriptions_spec.rb'
+    - 'spec/features/admin/variant_overrides_spec.rb'
+    - 'spec/features/admin/variants_spec.rb'
+    - 'spec/features/consumer/account_spec.rb'
+    - 'spec/features/consumer/registration_spec.rb'
+    - 'spec/features/consumer/shopping/cart_spec.rb'
+    - 'spec/features/consumer/shopping/orders_spec.rb'
+    - 'spec/features/consumer/shopping/shopping_spec.rb'
+    - 'spec/jobs/subscription_confirm_job_spec.rb'
+    - 'spec/jobs/subscription_placement_job_spec.rb'
+    - 'spec/lib/open_food_network/proxy_order_syncer_spec.rb'
+    - 'spec/models/customer_spec.rb'
+    - 'spec/models/enterprise_caching_spec.rb'
+    - 'spec/models/exchange_spec.rb'
+    - 'spec/models/order_cycle_spec.rb'
+    - 'spec/models/producer_property_spec.rb'
+    - 'spec/models/proxy_order_spec.rb'
+    - 'spec/models/spree/adjustment_spec.rb'
+    - 'spec/models/spree/credit_card_spec.rb'
+    - 'spec/models/spree/line_item_spec.rb'
+    - 'spec/models/spree/order_spec.rb'
+    - 'spec/models/spree/product_spec.rb'
+    - 'spec/models/spree/user_spec.rb'
+    - 'spec/models/spree/variant_spec.rb'
+    - 'spec/requests/checkout/stripe_connect_spec.rb'
+    - 'spec/services/order_syncer_spec.rb'
+    - 'spec/services/subscription_estimator_spec.rb'
+
 # Offense count: 1
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: strict, flexible
@@ -262,6 +384,18 @@ Rails/Date:
   Exclude:
     - 'app/models/order_cycle.rb'
 
+# Offense count: 5
+# Cop supports --auto-correct.
+# Configuration parameters: Whitelist.
+# Whitelist: find_by_sql
+Rails/DynamicFindBy:
+  Exclude:
+    - 'app/controllers/spree/admin/orders/customer_details_controller.rb'
+    - 'app/controllers/spree/admin/orders_controller.rb'
+    - 'app/controllers/spree/admin/payments_controller.rb'
+    - 'app/controllers/spree/admin/products_controller.rb'
+    - 'spec/support/request/web_helper.rb'
+
 # Offense count: 16
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: slashes, arguments
@@ -280,6 +414,18 @@ Rails/FilePath:
     - 'spec/serializers/api/admin/enterprise_serializer_spec.rb'
     - 'spec/support/downloads_helper.rb'
 
+# Offense count: 7
+# Cop supports --auto-correct.
+# Configuration parameters: Include.
+# Include: app/models/**/*.rb
+Rails/FindBy:
+  Exclude:
+    - 'app/models/enterprise.rb'
+    - 'app/models/product_import/entry_processor.rb'
+    - 'app/models/product_import/entry_validator.rb'
+    - 'app/models/product_import/spreadsheet_data.rb'
+    - 'app/models/spree/user.rb'
+
 # Offense count: 7
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
@@ -292,7 +438,7 @@ Rails/HasAndBelongsToMany:
     - 'app/models/spree/concerns/payment_method_distributors.rb'
     - 'app/models/spree/line_item_decorator.rb'
 
-# Offense count: 26
+# Offense count: 24
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
 Rails/HasManyOrHasOneDependent:
@@ -309,7 +455,7 @@ Rails/HasManyOrHasOneDependent:
     - 'app/models/spree/variant_decorator.rb'
     - 'app/models/subscription.rb'
 
-# Offense count: 78
+# Offense count: 83
 # Configuration parameters: Include.
 # Include: app/helpers/**/*.rb
 Rails/HelperInstanceVariable:
@@ -321,19 +467,27 @@ Rails/HelperInstanceVariable:
     - 'app/helpers/injection_helper.rb'
     - 'app/helpers/order_cycles_helper.rb'
     - 'app/helpers/shared_helper.rb'
-    - 'app/helpers/spree/admin/orders_helper_decorator.rb'
+    - 'app/helpers/shop_helper.rb'
+    - 'app/helpers/spree/admin/orders_helper.rb'
     - 'app/helpers/spree/orders_helper.rb'
 
-# Offense count: 6
+# Offense count: 1
+# Configuration parameters: Include.
+# Include: app/**/*.rb, config/**/*.rb, db/**/*.rb, lib/**/*.rb
+Rails/Output:
+  Exclude:
+    - 'app/services/order_factory.rb'
+
+# Offense count: 12
 Rails/OutputSafety:
   Exclude:
     - 'app/controllers/spree/admin/reports_controller.rb'
     - 'app/helpers/angular_form_helper.rb'
     - 'app/helpers/spree/admin/base_helper.rb'
-    - 'app/helpers/spree/admin/zones_helper.rb'
-    - 'app/helpers/spree/reports_helper.rb'
     - 'app/helpers/spree/admin/navigation_helper.rb'
     - 'app/helpers/spree/admin/orders_helper.rb'
+    - 'app/helpers/spree/admin/zones_helper.rb'
+    - 'app/helpers/spree/reports_helper.rb'
     - 'app/serializers/api/product_serializer.rb'
     - 'lib/spree/money_decorator.rb'
     - 'spec/features/admin/orders_spec.rb'
@@ -353,6 +507,86 @@ Rails/ReflectionClassName:
     - 'app/models/enterprise_role.rb'
     - 'app/models/subscription.rb'
 
+# Offense count: 213
+# Configuration parameters: Blacklist, Whitelist.
+# Blacklist: decrement!, decrement_counter, increment!, increment_counter, toggle!, touch, update_all, update_attribute, update_column, update_columns, update_counters
+Rails/SkipsModelValidations:
+  Exclude:
+    - 'app/controllers/spree/admin/payment_methods_controller.rb'
+    - 'app/controllers/spree/admin/resource_controller.rb'
+    - 'app/controllers/spree/admin/shipping_methods_controller.rb'
+    - 'app/controllers/spree/admin/taxons_controller.rb'
+    - 'app/controllers/spree/orders_controller.rb'
+    - 'app/jobs/subscription_confirm_job.rb'
+    - 'app/jobs/subscription_placement_job.rb'
+    - 'app/models/enterprise.rb'
+    - 'app/models/enterprise_relationship.rb'
+    - 'app/models/product_import/inventory_reset_strategy.rb'
+    - 'app/models/proxy_order.rb'
+    - 'app/models/spree/address_decorator.rb'
+    - 'app/models/spree/credit_card_decorator.rb'
+    - 'app/models/spree/order_decorator.rb'
+    - 'app/models/spree/payment_decorator.rb'
+    - 'app/models/subscription.rb'
+    - 'app/models/variant_override.rb'
+    - 'app/services/order_factory.rb'
+    - 'engines/order_management/spec/services/order_management/reports/enterprise_fee_summary/report_service_spec.rb'
+    - 'lib/tasks/data/anonymize_data.rake'
+    - 'lib/tasks/sample_data/product_factory.rb'
+    - 'lib/tasks/users.rake'
+    - 'spec/controllers/admin/subscription_line_items_controller_spec.rb'
+    - 'spec/controllers/admin/variant_overrides_controller_spec.rb'
+    - 'spec/controllers/api/order_cycles_controller_spec.rb'
+    - 'spec/controllers/api/orders_controller_spec.rb'
+    - 'spec/controllers/api/products_controller_spec.rb'
+    - 'spec/controllers/api/shipments_controller_spec.rb'
+    - 'spec/controllers/api/variants_controller_spec.rb'
+    - 'spec/controllers/checkout_controller_spec.rb'
+    - 'spec/controllers/enterprises_controller_spec.rb'
+    - 'spec/controllers/spree/admin/orders_controller_spec.rb'
+    - 'spec/controllers/spree/admin/overview_controller_spec.rb'
+    - 'spec/controllers/spree/admin/payment_methods_controller_spec.rb'
+    - 'spec/controllers/spree/credit_cards_controller_spec.rb'
+    - 'spec/factories.rb'
+    - 'spec/factories/order_factory.rb'
+    - 'spec/features/admin/bulk_order_management_spec.rb'
+    - 'spec/features/admin/bulk_product_update_spec.rb'
+    - 'spec/features/admin/configuration/tax_rates_spec.rb'
+    - 'spec/features/admin/order_cycles_spec.rb'
+    - 'spec/features/admin/orders_spec.rb'
+    - 'spec/features/admin/reports_spec.rb'
+    - 'spec/features/consumer/shopping/checkout_spec.rb'
+    - 'spec/features/consumer/shopping/products_spec.rb'
+    - 'spec/features/consumer/shopping/shopping_spec.rb'
+    - 'spec/helpers/enterprises_helper_spec.rb'
+    - 'spec/helpers/order_cycles_helper_spec.rb'
+    - 'spec/jobs/subscription_placement_job_spec.rb'
+    - 'spec/lib/open_food_network/address_finder_spec.rb'
+    - 'spec/lib/open_food_network/enterprise_fee_calculator_spec.rb'
+    - 'spec/lib/open_food_network/permissions_spec.rb'
+    - 'spec/lib/open_food_network/products_and_inventory_report_spec.rb'
+    - 'spec/lib/open_food_network/scope_variant_to_hub_spec.rb'
+    - 'spec/lib/open_food_network/subscription_payment_updater_spec.rb'
+    - 'spec/models/calculator/weight_spec.rb'
+    - 'spec/models/concerns/variant_stock_spec.rb'
+    - 'spec/models/enterprise_relationship_spec.rb'
+    - 'spec/models/exchange_spec.rb'
+    - 'spec/models/spree/adjustment_spec.rb'
+    - 'spec/models/spree/line_item_spec.rb'
+    - 'spec/models/spree/order_spec.rb'
+    - 'spec/models/spree/product_spec.rb'
+    - 'spec/models/spree/variant_spec.rb'
+    - 'spec/models/tag_rule/discount_order_spec.rb'
+    - 'spec/performance/proxy_order_syncer_spec.rb'
+    - 'spec/serializers/api/admin/subscription_line_item_serializer_spec.rb'
+    - 'spec/services/order_cycle_distributed_products_spec.rb'
+    - 'spec/services/order_factory_spec.rb'
+    - 'spec/services/order_syncer_spec.rb'
+    - 'spec/services/product_tag_rules_filterer_spec.rb'
+    - 'spec/services/products_renderer_spec.rb'
+    - 'spec/services/restart_checkout_spec.rb'
+    - 'spec/support/request/shop_workflow.rb'
+
 # Offense count: 1
 # Configuration parameters: Environments.
 # Environments: development, test, production
@@ -473,10 +707,10 @@ Style/FormatStringToken:
     - 'lib/open_food_network/sales_tax_report.rb'
     - 'spec/features/admin/bulk_order_management_spec.rb'
 
-# Offense count: 928
+# Offense count: 920
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle.
-# SupportedStyles: always, never
+# SupportedStyles: always, always_true, never
 Style/FrozenStringLiteralComment:
   Exclude:
     - 'Gemfile'
@@ -511,7 +745,6 @@ Style/FrozenStringLiteralComment:
     - 'app/controllers/api/enterprise_attachment_controller.rb'
     - 'app/controllers/api/enterprise_fees_controller.rb'
     - 'app/controllers/api/enterprises_controller.rb'
-    - 'app/controllers/api/exchange_products_controller.rb'
     - 'app/controllers/api/logos_controller.rb'
     - 'app/controllers/api/order_cycles_controller.rb'
     - 'app/controllers/api/orders_controller.rb'
@@ -526,7 +759,6 @@ Style/FrozenStringLiteralComment:
     - 'app/controllers/application_controller.rb'
     - 'app/controllers/base_controller.rb'
     - 'app/controllers/cart_controller.rb'
-    - 'app/controllers/checkout_controller.rb'
     - 'app/controllers/discourse_sso_controller.rb'
     - 'app/controllers/enterprises_controller.rb'
     - 'app/controllers/groups_controller.rb'
@@ -547,19 +779,18 @@ Style/FrozenStringLiteralComment:
     - 'app/controllers/spree/admin/images_controller.rb'
     - 'app/controllers/spree/admin/invoices_controller.rb'
     - 'app/controllers/spree/admin/mail_methods_controller.rb'
-    - 'app/controllers/spree/admin/orders/customer_details_controller_decorator.rb'
-    - 'app/controllers/spree/admin/orders_controller_decorator.rb'
+    - 'app/controllers/spree/admin/orders/customer_details_controller.rb'
+    - 'app/controllers/spree/admin/orders_controller.rb'
     - 'app/controllers/spree/admin/overview_controller.rb'
     - 'app/controllers/spree/admin/payment_methods_controller.rb'
-    - 'app/controllers/spree/admin/payments_controller_decorator.rb'
     - 'app/controllers/spree/admin/product_properties_controller.rb'
-    - 'app/controllers/spree/admin/products_controller_decorator.rb'
+    - 'app/controllers/spree/admin/products_controller.rb'
     - 'app/controllers/spree/admin/properties_controller.rb'
     - 'app/controllers/spree/admin/reports/enterprise_fee_summaries_controller.rb'
     - 'app/controllers/spree/admin/reports_controller.rb'
-    - 'app/controllers/spree/admin/resource_controller_decorator.rb'
+    - 'app/controllers/spree/admin/resource_controller.rb'
     - 'app/controllers/spree/admin/return_authorizations_controller.rb'
-    - 'app/controllers/spree/admin/search_controller_decorator.rb'
+    - 'app/controllers/spree/admin/search_controller.rb'
     - 'app/controllers/spree/admin/shipping_categories_controller.rb'
     - 'app/controllers/spree/admin/shipping_methods_controller.rb'
     - 'app/controllers/spree/admin/states_controller.rb'
@@ -569,13 +800,11 @@ Style/FrozenStringLiteralComment:
     - 'app/controllers/spree/admin/taxonomies_controller.rb'
     - 'app/controllers/spree/admin/taxons_controller.rb'
     - 'app/controllers/spree/admin/users_controller.rb'
-    - 'app/controllers/spree/admin/variants_controller_decorator.rb'
+    - 'app/controllers/spree/admin/variants_controller.rb'
     - 'app/controllers/spree/admin/zones_controller.rb'
-    - 'app/controllers/spree/checkout_controller.rb'
     - 'app/controllers/spree/credit_cards_controller.rb'
     - 'app/controllers/spree/home_controller.rb'
     - 'app/controllers/spree/orders_controller.rb'
-    - 'app/controllers/spree/paypal_controller_decorator.rb'
     - 'app/controllers/spree/store_controller.rb'
     - 'app/controllers/spree/user_passwords_controller.rb'
     - 'app/controllers/spree/user_registrations_controller.rb'
@@ -586,6 +815,7 @@ Style/FrozenStringLiteralComment:
     - 'app/controllers/user_confirmations_controller.rb'
     - 'app/controllers/user_passwords_controller.rb'
     - 'app/controllers/user_registrations_controller.rb'
+    - 'app/helpers/admin/enterprises_helper.rb'
     - 'app/helpers/admin/image_settings_helper.rb'
     - 'app/helpers/admin/injection_helper.rb'
     - 'app/helpers/admin/orders_helper.rb'
@@ -604,16 +834,16 @@ Style/FrozenStringLiteralComment:
     - 'app/helpers/injection_helper.rb'
     - 'app/helpers/map_helper.rb'
     - 'app/helpers/markdown_helper.rb'
-    - 'app/helpers/order_cycles_helper.rb'
     - 'app/helpers/serializer_helper.rb'
     - 'app/helpers/shared_helper.rb'
     - 'app/helpers/shop_helper.rb'
     - 'app/helpers/shop_mail_helper.rb'
-    - 'app/helpers/spree/admin/base_helper_decorator.rb'
+    - 'app/helpers/spree/admin/base_helper.rb'
     - 'app/helpers/spree/admin/general_settings_helper.rb'
-    - 'app/helpers/spree/admin/navigation_helper_decorator.rb'
-    - 'app/helpers/spree/admin/orders_helper_decorator.rb'
+    - 'app/helpers/spree/admin/orders_helper.rb'
+    - 'app/helpers/spree/admin/payments_helper.rb'
     - 'app/helpers/spree/admin/taxons_helper.rb'
+    - 'app/helpers/spree/admin/zones_helper.rb'
     - 'app/helpers/spree/api/api_helpers.rb'
     - 'app/helpers/spree/base_helper_decorator.rb'
     - 'app/helpers/spree/orders_helper.rb'
@@ -739,7 +969,6 @@ Style/FrozenStringLiteralComment:
     - 'app/models/tag_rule/filter_shipping_methods.rb'
     - 'app/models/variant_override.rb'
     - 'app/models/variant_override_set.rb'
-    - 'app/presenters/variant_presenter.rb'
     - 'app/serializers/api/address_serializer.rb'
     - 'app/serializers/api/adjustment_serializer.rb'
     - 'app/serializers/api/admin/basic_enterprise_fee_serializer.rb'
@@ -819,6 +1048,7 @@ Style/FrozenStringLiteralComment:
     - 'app/serializers/api/uncached_enterprise_serializer.rb'
     - 'app/serializers/api/user_serializer.rb'
     - 'app/serializers/api/variant_serializer.rb'
+    - 'app/services/action_callbacks.rb'
     - 'app/services/advance_order_service.rb'
     - 'app/services/bulk_invoice_service.rb'
     - 'app/services/cart_service.rb'
@@ -827,7 +1057,6 @@ Style/FrozenStringLiteralComment:
     - 'app/services/default_shipping_category.rb'
     - 'app/services/default_stock_location.rb'
     - 'app/services/embedded_page_service.rb'
-    - 'app/services/exchange_products_renderer.rb'
     - 'app/services/exchange_variant_bulk_updater.rb'
     - 'app/services/exchange_variant_deleter.rb'
     - 'app/services/invoice_renderer.rb'
@@ -921,7 +1150,6 @@ Style/FrozenStringLiteralComment:
     - 'lib/open_food_network/lettuce_share_report.rb'
     - 'lib/open_food_network/locking.rb'
     - 'lib/open_food_network/model_class_from_controller_name.rb'
-    - 'lib/open_food_network/option_value_namer.rb'
     - 'lib/open_food_network/order_and_distributor_report.rb'
     - 'lib/open_food_network/order_cycle_form_applicator.rb'
     - 'lib/open_food_network/order_cycle_management_report.rb'
@@ -1056,10 +1284,8 @@ Style/FrozenStringLiteralComment:
     - 'spec/controllers/spree/admin/shipping_methods_controller_spec.rb'
     - 'spec/controllers/spree/admin/users_controller_spec.rb'
     - 'spec/controllers/spree/admin/variants_controller_spec.rb'
-    - 'spec/controllers/spree/checkout_controller_spec.rb'
     - 'spec/controllers/spree/credit_cards_controller_spec.rb'
     - 'spec/controllers/spree/orders_controller_spec.rb'
-    - 'spec/controllers/spree/paypal_controller_spec.rb'
     - 'spec/controllers/spree/store_controller_spec.rb'
     - 'spec/controllers/spree/user_sessions_controller_spec.rb'
     - 'spec/controllers/spree/users_controller_spec.rb'
@@ -1258,7 +1484,6 @@ Style/FrozenStringLiteralComment:
     - 'spec/models/spree/classification_spec.rb'
     - 'spec/models/spree/credit_card_spec.rb'
     - 'spec/models/spree/gateway/stripe_connect_spec.rb'
-    - 'spec/models/spree/gateway_tagging_spec.rb'
     - 'spec/models/spree/image_spec.rb'
     - 'spec/models/spree/line_item_spec.rb'
     - 'spec/models/spree/order/checkout_spec.rb'
@@ -1332,6 +1557,7 @@ Style/FrozenStringLiteralComment:
     - 'spec/services/order_cycle_distributed_products_spec.rb'
     - 'spec/services/order_cycle_distributed_variants_spec.rb'
     - 'spec/services/order_cycle_form_spec.rb'
+    - 'spec/services/order_cycle_warning_spec.rb'
     - 'spec/services/order_factory_spec.rb'
     - 'spec/services/order_syncer_spec.rb'
     - 'spec/services/permissions/order_spec.rb'
@@ -1388,7 +1614,7 @@ Style/FrozenStringLiteralComment:
     - 'spec/views/spree/admin/orders/edit.html.haml_spec.rb'
     - 'spec/views/spree/admin/orders/index.html.haml_spec.rb'
 
-# Offense count: 58
+# Offense count: 50
 # Configuration parameters: MinBodyLength.
 Style/GuardClause:
   Exclude:
@@ -1399,11 +1625,7 @@ Style/GuardClause:
     - 'app/controllers/base_controller.rb'
     - 'app/controllers/checkout_controller.rb'
     - 'app/controllers/home_controller.rb'
-    - 'app/controllers/spree/admin/orders_controller_decorator.rb'
-    - 'app/controllers/spree/admin/variants_controller_decorator.rb'
-    - 'app/controllers/spree/checkout_controller.rb'
     - 'app/controllers/spree/orders_controller.rb'
-    - 'app/controllers/spree/paypal_controller_decorator.rb'
     - 'app/models/enterprise.rb'
     - 'app/models/enterprise_group.rb'
     - 'app/models/producer_property.rb'
@@ -1423,14 +1645,13 @@ Style/GuardClause:
     - 'spec/support/request/distribution_helper.rb'
     - 'spec/support/request/shop_workflow.rb'
 
-# Offense count: 4
+# Offense count: 3
 # Configuration parameters: AllowIfModifier.
 Style/IfInsideElse:
   Exclude:
     - 'app/controllers/admin/column_preferences_controller.rb'
     - 'app/controllers/admin/variant_overrides_controller.rb'
     - 'app/controllers/api/taxons_controller.rb'
-    - 'app/controllers/spree/admin/products_controller_decorator.rb'
 
 # Offense count: 1
 # Cop supports --auto-correct.
@@ -1498,16 +1719,17 @@ Style/NumericPredicate:
     - 'lib/spree/money_decorator.rb'
     - 'lib/tasks/sample_data.rake'
 
-# Offense count: 15
+# Offense count: 16
 # Cop supports --auto-correct.
 # Configuration parameters: ConvertCodeThatCanStartToReturnNil, AllowedMethods.
 # AllowedMethods: present?, blank?, presence, try, try!
 Style/SafeNavigation:
   Exclude:
-    - 'app/controllers/checkout_controller.rb'
+    - 'app/controllers/spree/admin/payments_controller.rb'
     - 'app/controllers/spree/credit_cards_controller.rb'
     - 'app/controllers/spree/orders_controller.rb'
     - 'app/helpers/i18n_helper.rb'
+    - 'app/helpers/shop_helper.rb'
     - 'app/models/producer_property.rb'
     - 'app/models/product_import/entry_validator.rb'
     - 'app/models/product_import/product_importer.rb'
@@ -1515,10 +1737,9 @@ Style/SafeNavigation:
     - 'lib/discourse/single_sign_on.rb'
     - 'spec/factories.rb'
 
-# Offense count: 235
+# Offense count: 232
 Style/Send:
   Exclude:
-    - 'app/controllers/spree/checkout_controller.rb'
     - 'app/models/spree/shipping_method_decorator.rb'
     - 'spec/controllers/admin/subscriptions_controller_spec.rb'
     - 'spec/controllers/checkout_controller_spec.rb'

CONTRIBUTING.md

@@ -1,9 +1,9 @@
 # Contributing
-We love pull requests from everyone. Any contribution is valuable, but there are two issue streams that we especially love people to work on:
+We love pull requests from everyone. Any contribution is valuable!
 
-1) Our delivery backlog, is managed via a ZenHub board (ZenHub extensions are available for most major browsers). We use a Kanban-style approach, whereby devs pick issues from the top of the backlog which has been organised according to current priorities. If you have some time and are interested in working on some issues from the backlog, please make yourself known on the [#dev][slack-dev] channel on Slack and we can direct you to the most appropriate issue to pick up.
+If you have some time and are interested in working on some issues please make yourself known on the [#dev][slack-dev] channel on Slack.
 
-2) Our list of bugs and other self-contained issues that we consider to be a good starting point for new contributors, or devs who aren’t able to commit to seeing a whole feature through. These issues are marked with the `# good first issue` label.
+We have curated all issues we consider to be a good starting point for new members of the community within the [Welcome New Developers project board][welcome-dev]. Have a look and pick the one you would prefer working on!
 
 ## Set up
 
@@ -19,10 +19,6 @@ If you want to run the whole test suite, we recommend using a free CI service to
 
     bundle exec rspec spec
 
-## Which issue to pick first?
-
-We have curated all issues interesting for new members of the community within the [Welcome New Developers project board][welcome-dev]. Have a look and pick the one you would prefer working on!
-
 ## Internationalisation (i18n)
 
 The locale `en` is maintained in the source code, but other locales are managed at [Transifex][ofn-transifex]. Read more about [internationalisation][i18n] in the developer wiki.

Dockerfile

@@ -13,8 +13,8 @@ WORKDIR /usr/src/app
 COPY .ruby-version .
 
 # Install Rbenv & Ruby
-RUN git clone https://github.com/rbenv/rbenv.git ${RBENV_ROOT} && \
-    git clone https://github.com/rbenv/ruby-build.git ${RBENV_ROOT}/plugins/ruby-build && \
+RUN git clone --depth 1 --branch v1.1.2 https://github.com/rbenv/rbenv.git ${RBENV_ROOT} && \
+    git clone --depth 1 --branch v20200520 https://github.com/rbenv/ruby-build.git ${RBENV_ROOT}/plugins/ruby-build && \
     ${RBENV_ROOT}/plugins/ruby-build/install.sh && \
     echo 'eval "$(rbenv init -)"' >> /etc/profile.d/rbenv.sh && \
     rbenv install $(cat .ruby-version) && \
@@ -43,4 +43,5 @@ RUN wget https://chromedriver.storage.googleapis.com/2.41/chromedriver_linux64.z
 
 # Copy code and install app dependencies
 COPY . /usr/src/app/
-RUN bundle install
+# Run bundler install in parallel with the amount of available CPUs
+RUN bundle install --jobs="$(nproc)"

GETTING_STARTED.md

@@ -2,21 +2,17 @@
 
 This is a general guide to setting up an Open Food Network development environment on your local machine.
 
-The fastest way to make it work locally is to use Docker, see the [Docker setup guide](DOCKER.md).
+### Requirements
 
-The following guides are located in the wiki and provide more OS-specific step-by-step instructions:
-
-- [Ubuntu Setup Guide][ubuntu]
-- [macOS Sierra Setup Guide][sierra]
-- [OSX El Capitan Setup Guide][el-capitan]
-
-### Dependencies
-
-* Rails 3.2.x
-* Ruby 2.3.7
+The fastest way to make it work locally is to use Docker, you only need to setup git, see the [Docker setup guide](DOCKER.md).
+Otherwise, for a local setup you will need:
+* Ruby 2.3.7 and bundler
 * PostgreSQL database
-* PhantomJS (for testing)
-* See Gemfile for a list of gems required
+* Chrome (for testing)
+
+The following guides will provide OS-specific step-by-step instructions to get these requirements installed:
+- [Ubuntu Setup Guide][ubuntu]
+- [OSX Setup Guide][osx]
 
 If you are likely to need to manage multiple version of ruby on your local machine, we recommend version managers such as [rbenv](https://github.com/rbenv/rbenv) or [RVM](https://rvm.io/).
 
@@ -52,14 +48,12 @@ This will create the "ofn" user as superuser and allowing it to create databases
 
 Once done, run `script/setup`. If the script succeeds you're ready to start developing. If not, take a look at the output as it should be informative enough to help you troubleshoot.
 
-If you run into any other issues getting your local environment up and running please consult [the wiki][wiki].
-
-If still you get stuck do not hesitate to open an issue reporting the full output of the script.
-
 Now, your dreams of spinning up a development server can be realised:
 
     bundle exec rails server
 
+Go to [http://localhost:3000](http://localhost:3000) to play around!
+
 To login as the default user, use:
 
     email: ofn@example.com
@@ -79,7 +73,7 @@ The tests of all custom engines can be run with:
 
     bundle exec rake ofn:specs:engines:rspec
 
-Note: If your OS is not explicitly supported in the setup guides then not all tests may pass. However, you may still be able to develop. Get in touch with the [#dev][slack-dev] channel on Slack to troubleshoot issues and determine if they will preclude you from contributing to OFN.
+Note: If your OS is not explicitly supported in the setup guides then not all tests may pass. However, you may still be able to develop.
 
 Note: The time zone on your machine should match the one defined in `config/application.yml`.
 
@@ -120,8 +114,7 @@ $ createdb open_food_network_test --owner=ofn
 If these commands succeed, you should be able to [continue the setup process](#get-it-running).
 
 [developer-wiki]: https://github.com/openfoodfoundation/openfoodnetwork/wiki
-[sierra]: https://github.com/openfoodfoundation/openfoodnetwork/wiki/Development-Environment-Setup%3A-macOS-%28Sierra%2C-HighSierra%2C-Mojave-and-Catalina%29
-[el-capitan]: https://github.com/openfoodfoundation/openfoodnetwork/wiki/Development-Environment-Setup:-OS-X-(El-Capitan)
+[osx]: https://github.com/openfoodfoundation/openfoodnetwork/wiki/Development-Environment-Setup:-OS-X
 [ubuntu]: https://github.com/openfoodfoundation/openfoodnetwork/wiki/Development-Environment-Setup:-Ubuntu
 [wiki]: https://github.com/openfoodfoundation/openfoodnetwork/wiki
 [zeus]: https://github.com/burke/zeus

Gemfile

@@ -3,9 +3,9 @@ ruby "2.3.7"
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" }
 
 gem 'i18n', '~> 0.6.11'
-gem 'i18n-js', '~> 3.6.0'
-gem 'rails', '~> 3.2.22'
-gem 'rails-i18n', '~> 3.0.0'
+gem 'i18n-js', '~> 3.7.0'
+gem 'rails', '~> 4.0.13'
+gem 'rails-i18n', '~> 4.0'
 gem 'rails_safe_tasks', '~> 1.0'
 
 gem "activerecord-import"
@@ -21,22 +21,36 @@ gem 'pg', '~> 0.21.0'
 # OFN-maintained and patched version of Spree v2.0.4. See
 # https://github.com/openfoodfoundation/openfoodnetwork/wiki/Tech-Doc:-OFN's-Spree-fork%F0%9F%8D%B4
 # for details.
-gem 'spree_core', github: 'openfoodfoundation/spree', branch: '2-0-4-stable'
+gem 'spree_core', github: 'openfoodfoundation/spree', branch: '2-1-0-stable'
+
+### Dependencies brought from spree core
+gem 'acts_as_list', '= 0.2.0'
+gem 'awesome_nested_set', '~> 3.0.0.rc.1'
+gem 'cancan', '~> 1.6.10'
+gem 'ffaker', '~> 1.16'
+gem 'highline', '= 1.6.18' # Necessary for the install generator
+gem 'httparty', '~> 0.18' # Used to check alerts in spree_core, this is not used in OFN.
+gem 'json', '>= 1.7.7'
+gem 'money', '5.1.1'
+gem 'paranoia', '~> 2.0'
+gem 'ransack', '~> 1.2.3'
+gem 'state_machine', '1.2.0'
+gem 'stringex', '~> 1.5.1'
 
 gem 'spree_i18n', github: 'spree/spree_i18n', branch: '1-3-stable'
 
 # Our branch contains two changes
 # - Pass customer email and phone number to PayPal (merged to upstream master)
 # - Change type of password from string to password to hide it in the form
-gem 'spree_paypal_express', github: "openfoodfoundation/better_spree_paypal_express", branch: "2-0-stable"
+gem 'spree_paypal_express', github: 'openfoodfoundation/better_spree_paypal_express', branch: '2-1-0-stable'
 gem 'stripe'
 
 # We need at least this version to have Digicert's root certificate
 # which is needed for Pin Payments (and possibly others).
-gem 'activemerchant', '~> 1.78'
+gem 'activemerchant', '~> 1.78.0'
 
-gem 'devise', '~> 2.2.5'
-gem 'devise-encryptable', '0.2.0'
+gem 'devise', '~> 3.0.1'
+gem 'devise-encryptable'
 gem 'jwt', '~> 2.2'
 gem 'oauth2', '~> 1.4.4' # Used for Stripe Connect
 
@@ -50,19 +64,21 @@ gem 'kaminari', '~> 0.14.1'
 
 gem 'andand'
 gem 'angularjs-rails', '1.5.5'
-gem 'aws-sdk'
+gem 'aws-sdk', '1.11.1' # temporarily locked down due to https://github.com/aws/aws-sdk-ruby/issues/273
 gem 'bugsnag'
 gem 'db2fog'
 gem 'haml'
 gem 'redcarpet'
-gem 'sass', "~> 3.3"
-gem 'sass-rails', '~> 3.2.3'
-gem 'truncate_html'
+gem 'sass'
+gem 'sass-rails'
+gem 'truncate_html', '0.9.2'
 gem 'unicorn'
 
+gem 'actionpack-action_caching'
 # AMS is pinned to 0.8.4 because 0.9.x is a complete re-write, as is 0.10.x
 # Once Rails is updated to 5.x we should bump directly to 0.10.x
 gem "active_model_serializers", "0.8.4"
+gem 'activerecord-session_store'
 gem 'acts-as-taggable-on', '~> 3.4'
 gem 'angularjs-file-upload-rails', '~> 2.4.1'
 gem 'blockenspiel'
@@ -78,7 +94,6 @@ gem 'paperclip', '~> 3.4.1'
 gem 'rack-rewrite'
 gem 'rack-ssl', require: 'rack/ssl'
 gem 'roadie-rails', '~> 1.3.0'
-gem 'spinjs-rails'
 
 gem 'combine_pdf'
 gem 'wicked_pdf'
@@ -92,7 +107,7 @@ gem 'whenever', require: false
 
 gem 'test-unit', '~> 3.3'
 
-gem 'coffee-rails', '~> 3.2.1'
+gem 'coffee-rails', '~> 4.2.2'
 gem 'compass-rails'
 
 gem 'mini_racer', '0.2.14'
@@ -102,16 +117,15 @@ gem 'uglifier', '>= 1.0.3'
 gem 'angular-rails-templates', '~> 0.3.0'
 gem 'foundation-icons-sass-rails'
 gem 'momentjs-rails'
-gem 'turbo-sprockets-rails3'
 
-gem "foundation-rails"
+gem 'foundation-rails', '= 5.5.2.1'
 
 gem 'jquery-migrate-rails'
 gem 'jquery-rails', '3.1.5'
 gem 'jquery-ui-rails', '~> 4.2'
 gem 'select2-rails', '~> 3.4.7'
 
-gem 'ofn-qz', github: 'openfoodfoundation/ofn-qz', ref: '60da2ae4c44cbb4c8d602f59fb5fff8d0f21db3c'
+gem 'ofn-qz', github: 'openfoodfoundation/ofn-qz', branch: 'ofn-rails-4'
 
 group :production, :staging do
   gem 'ddtrace'
@@ -123,8 +137,8 @@ group :test, :development do
   gem 'atomic'
   gem 'awesome_print'
   gem 'capybara', '>= 2.18.0' # 3.0 requires rack 1.6 that only works with Rails 4.2
-  gem 'database_cleaner', '0.7.1', require: false
-  gem "factory_bot_rails", require: false
+  gem 'database_cleaner', require: false
+  gem "factory_bot_rails", '4.10.0', require: false
   gem 'fuubar', '~> 2.5.0'
   gem 'json_spec', '~> 1.1.4'
   gem 'knapsack'
@@ -146,14 +160,14 @@ group :test do
 end
 
 group :development do
-  gem 'byebug', '~> 11.0' # 11.1 requires ruby 2.4
+  gem 'byebug', '~> 11.0.0' # 11.1 requires ruby 2.4
   gem 'debugger-linecache'
   gem "newrelic_rpm", "~> 3.0"
   gem "pry", "~> 0.12.0" # pry 0.13 is not compatible with pry-byebug 3.7
-  gem 'pry-byebug', '~> 3.7' # 3.8 requires ruby 2.4
+  gem 'pry-byebug', '~> 3.7.0' # 3.8 requires ruby 2.4
   gem 'rubocop'
   gem 'rubocop-rails'
-  gem 'spring', '1.7.2'
+  gem 'spring'
   gem 'spring-commands-rspec'
 
   # 1.0.9 fixed openssl issues on macOS https://github.com/eventmachine/eventmachine/issues/602

Gemfile.lock

@@ -6,31 +6,30 @@ GIT
 
 GIT
   remote: https://github.com/openfoodfoundation/better_spree_paypal_express.git
-  revision: 27ad7165ea4c6e8c5f120b42b676cb9c2c272100
-  branch: 2-0-stable
+  revision: e28e4a8c5cedba504eea9cdad4be440d277d7e68
+  branch: 2-1-0-stable
   specs:
     spree_paypal_express (2.0.3)
       paypal-sdk-merchant (= 1.106.1)
-      spree_core (~> 2.0.3)
+      spree_core (~> 2.1.0)
 
 GIT
   remote: https://github.com/openfoodfoundation/ofn-qz.git
-  revision: 60da2ae4c44cbb4c8d602f59fb5fff8d0f21db3c
-  ref: 60da2ae4c44cbb4c8d602f59fb5fff8d0f21db3c
+  revision: 467f6ea1c44529c7c91cac4c8211bbd863588c0b
+  branch: ofn-rails-4
   specs:
     ofn-qz (0.1.0)
-      railties (~> 3.1)
 
 GIT
   remote: https://github.com/openfoodfoundation/spree.git
-  revision: e10ca1f689b1658040b081939b7523f6fb68895a
-  branch: 2-0-4-stable
+  revision: 0b0c422369c82b6dd7e7cb627a24e3a9fca19a6c
+  branch: 2-1-0-stable
   specs:
-    spree_core (2.0.4)
-      activemerchant (~> 1.34)
+    spree_core (2.1.0)
+      activemerchant (= 1.78.0)
       acts_as_list (= 0.2.0)
-      awesome_nested_set (= 2.1.5)
-      aws-sdk (~> 1.11.1)
+      awesome_nested_set (~> 3.0.0.rc.1)
+      aws-sdk (= 1.11.1)
       cancan (~> 1.6.10)
       ffaker (~> 1.16)
       highline (= 1.6.18)
@@ -39,9 +38,9 @@ GIT
       kaminari (~> 0.14.1)
       money (= 5.1.1)
       paperclip (~> 3.4.1)
-      paranoia (~> 1.3)
-      rails (~> 3.2.14)
-      ransack (= 0.7.2)
+      paranoia (~> 2.0)
+      rails (~> 4.0)
+      ransack (~> 1.0)
       state_machine (= 1.2.0)
       stringex (~> 1.5.1)
       truncate_html (= 0.9.2)
@@ -82,19 +81,17 @@ GEM
   remote: https://rubygems.org/
   specs:
     CFPropertyList (2.3.6)
-    actionmailer (3.2.22.5)
-      actionpack (= 3.2.22.5)
-      mail (~> 2.5.4)
-    actionpack (3.2.22.5)
-      activemodel (= 3.2.22.5)
-      activesupport (= 3.2.22.5)
-      builder (~> 3.0.0)
+    actionmailer (4.0.13)
+      actionpack (= 4.0.13)
+      mail (~> 2.5, >= 2.5.4)
+    actionpack (4.0.13)
+      activesupport (= 4.0.13)
+      builder (~> 3.1.0)
       erubis (~> 2.7.0)
-      journey (~> 1.0.4)
-      rack (~> 1.4.5)
-      rack-cache (~> 1.2)
-      rack-test (~> 0.6.1)
-      sprockets (~> 2.2.1)
+      rack (~> 1.5.2)
+      rack-test (~> 0.6.2)
+    actionpack-action_caching (1.2.1)
+      actionpack (>= 4.0.0)
     active_model_serializers (0.8.4)
       activemodel (>= 3.0)
     activemerchant (1.78.0)
@@ -102,24 +99,31 @@ GEM
       builder (>= 2.1.2, < 4.0.0)
       i18n (>= 0.6.9)
       nokogiri (~> 1.4)
-    activemodel (3.2.22.5)
-      activesupport (= 3.2.22.5)
-      builder (~> 3.0.0)
-    activerecord (3.2.22.5)
-      activemodel (= 3.2.22.5)
-      activesupport (= 3.2.22.5)
-      arel (~> 3.0.2)
-      tzinfo (~> 0.3.29)
+    activemodel (4.0.13)
+      activesupport (= 4.0.13)
+      builder (~> 3.1.0)
+    activerecord (4.0.13)
+      activemodel (= 4.0.13)
+      activerecord-deprecated_finders (~> 1.0.2)
+      activesupport (= 4.0.13)
+      arel (~> 4.0.0)
+    activerecord-deprecated_finders (1.0.4)
     activerecord-import (1.0.5)
       activerecord (>= 3.2)
     activerecord-postgresql-adapter (0.0.1)
       pg
-    activeresource (3.2.22.5)
-      activemodel (= 3.2.22.5)
-      activesupport (= 3.2.22.5)
-    activesupport (3.2.22.5)
-      i18n (~> 0.6, >= 0.6.4)
-      multi_json (~> 1.0)
+    activerecord-session_store (1.1.3)
+      actionpack (>= 4.0)
+      activerecord (>= 4.0)
+      multi_json (~> 1.11, >= 1.11.2)
+      rack (>= 1.5.2, < 3)
+      railties (>= 4.0)
+    activesupport (4.0.13)
+      i18n (~> 0.6, >= 0.6.9)
+      minitest (~> 4.2)
+      multi_json (~> 1.3)
+      thread_safe (~> 0.1)
+      tzinfo (~> 0.3.37)
     acts-as-taggable-on (3.5.0)
       activerecord (>= 3.2, < 5)
     acts_as_list (0.2.0)
@@ -133,11 +137,11 @@ GEM
       tilt
     angularjs-file-upload-rails (2.4.1)
     angularjs-rails (1.5.5)
-    arel (3.0.3)
+    arel (4.0.2)
     ast (2.4.0)
     atomic (1.1.101)
-    awesome_nested_set (2.1.5)
-      activerecord (>= 3.0.0)
+    awesome_nested_set (3.0.3)
+      activerecord (>= 4.0.0, < 5)
     awesome_print (1.8.0)
     aws-sdk (1.11.1)
       json (~> 1.4)
@@ -149,7 +153,7 @@ GEM
     blockenspiel (0.5.0)
     bugsnag (6.13.1)
       concurrent-ruby (~> 1.0)
-    builder (3.0.4)
+    builder (3.1.4)
     byebug (11.0.1)
     cancan (1.6.10)
     capybara (2.18.0)
@@ -166,13 +170,13 @@ GEM
     cocaine (0.5.8)
       climate_control (>= 0.0.3, < 1.0)
     coderay (1.1.2)
-    coffee-rails (3.2.2)
+    coffee-rails (4.2.2)
       coffee-script (>= 2.2.0)
-      railties (~> 3.2.0)
+      railties (>= 4.0.0)
     coffee-script (2.4.1)
       coffee-script-source
       execjs
-    coffee-script-source (1.10.0)
+    coffee-script-source (1.12.2)
     combine_pdf (1.0.16)
       ruby-rc4 (>= 0.1.5)
     compass (1.0.3)
@@ -194,16 +198,16 @@ GEM
     concurrent-ruby (1.1.6)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
-    css_parser (1.7.0)
+    css_parser (1.7.1)
       addressable
     daemons (1.3.1)
     dalli (2.7.10)
-    database_cleaner (0.7.1)
+    database_cleaner (1.7.0)
     db2fog (0.9.0)
       activerecord (>= 3.2.0, < 5.0)
       fog (~> 1.0)
       rails (>= 3.2.0, < 5.0)
-    ddtrace (0.35.2)
+    ddtrace (0.36.0)
       msgpack
     debugger-linecache (1.2.0)
     delayed_job (4.1.8)
@@ -216,11 +220,11 @@ GEM
       delayed_job (> 2.0.3)
       rack-protection (>= 1.5.5)
       sinatra (>= 1.4.4)
-    devise (2.2.8)
+    devise (3.0.4)
       bcrypt-ruby (~> 3.0)
       orm_adapter (~> 0.1)
-      railties (~> 3.1)
-      warden (~> 1.2.1)
+      railties (>= 3.2.6, < 5)
+      warden (~> 1.2.3)
     devise-encryptable (0.2.0)
       devise (>= 2.1.0)
     diff-lcs (1.3)
@@ -278,7 +282,7 @@ GEM
       fog-xml (~> 0.1.1)
       ipaddress (~> 0.5)
       json (>= 1.8, < 2.0)
-    fog-aliyun (0.3.2)
+    fog-aliyun (0.3.5)
       fog-core
       fog-json
       ipaddress (~> 0.8)
@@ -336,8 +340,8 @@ GEM
       multi_json (~> 1.10)
     fog-local (0.6.0)
       fog-core (>= 1.27, < 3.0)
-    fog-openstack (0.1.25)
-      fog-core (~> 1.40)
+    fog-openstack (0.3.10)
+      fog-core (>= 1.45, <= 2.1.0)
       fog-json (>= 1.0)
       ipaddress (>= 0.8)
     fog-powerdns (0.2.0)
@@ -381,12 +385,13 @@ GEM
     fog-voxel (0.1.0)
       fog-core
       fog-xml
-    fog-vsphere (2.3.0)
+    fog-vsphere (3.2.1)
       fog-core
-      rbvmomi (~> 1.9)
-    fog-xenserver (0.3.0)
+      rbvmomi (>= 1.9, < 3)
+    fog-xenserver (1.0.0)
       fog-core
       fog-xml
+      xmlrpc
     fog-xml (0.1.3)
       fog-core
       nokogiri (>= 1.5.11, < 2.0.0)
@@ -402,25 +407,26 @@ GEM
     fuubar (2.5.0)
       rspec-core (~> 3.0)
       ruby-progressbar (~> 1.4)
-    geocoder (1.1.8)
+    geocoder (1.5.2)
     get_process_mem (0.2.5)
       ffi (~> 1.0)
-    gmaps4rails (1.5.6)
-    haml (4.0.7)
+    gmaps4rails (2.1.2)
+    haml (5.1.2)
+      temple (>= 0.8.0)
       tilt
     hashdiff (1.0.1)
     highline (1.6.18)
     hike (1.2.3)
-    httparty (0.16.2)
+    httparty (0.18.1)
+      mime-types (~> 3.0)
       multi_xml (>= 0.5.2)
     i18n (0.6.11)
-    i18n-js (3.6.0)
+    i18n-js (3.7.0)
       i18n (>= 0.6.6)
     immigrant (0.3.6)
       activerecord (>= 3.0)
     ipaddress (0.8.3)
     jaro_winkler (1.5.4)
-    journey (1.0.4)
     jquery-migrate-rails (1.2.1)
     jquery-rails (3.1.5)
       railties (>= 3.0, < 5.0)
@@ -443,15 +449,17 @@ GEM
     letter_opener (1.7.0)
       launchy (~> 2.2)
     libv8 (7.3.492.27.1)
-    mail (2.5.5)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
+    mail (2.7.1)
+      mini_mime (>= 0.1.1)
     method_source (0.9.2)
-    mime-types (1.25.1)
-    mini_mime (1.0.1)
+    mime-types (3.3.1)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2020.0512)
+    mini_mime (1.0.2)
     mini_portile2 (2.4.0)
     mini_racer (0.2.14)
       libv8 (> 7.3)
+    minitest (4.7.5)
     momentjs-rails (2.20.1)
       railties (>= 3.1)
     money (5.1.1)
@@ -470,6 +478,7 @@ GEM
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
     oj (3.10.6)
+    optimist (3.0.0)
     orm_adapter (0.5.0)
     paper_trail (5.2.3)
       activerecord (>= 3.0, < 6.0)
@@ -481,8 +490,8 @@ GEM
       cocaine (~> 0.5.0)
       mime-types
     parallel (1.19.1)
-    paranoia (1.3.4)
-      activerecord (~> 3.1)
+    paranoia (2.4.2)
+      activerecord (>= 4.0, < 6.1)
     parser (2.7.1.0)
       ast (~> 2.4.0)
     paypal-sdk-core (0.2.10)
@@ -491,10 +500,9 @@ GEM
     paypal-sdk-merchant (1.106.1)
       paypal-sdk-core (~> 0.2.3)
     pg (0.21.0)
-    polyamorous (0.5.0)
-      activerecord (~> 3.0)
-    polyglot (0.3.5)
-    power_assert (1.1.5)
+    polyamorous (1.0.0)
+      activerecord (>= 3.0)
+    power_assert (1.2.0)
     pry (0.12.2)
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
@@ -502,54 +510,50 @@ GEM
       byebug (~> 11.0)
       pry (~> 0.10)
     public_suffix (4.0.3)
-    rack (1.4.7)
-    rack-cache (1.11.0)
-      rack (>= 0.4)
-    rack-mini-profiler (2.0.1)
+    rack (1.5.5)
+    rack-mini-profiler (2.0.2)
       rack (>= 1.2.0)
     rack-protection (1.5.5)
       rack
     rack-rewrite (1.5.1)
-    rack-ssl (1.3.4)
+    rack-ssl (1.4.1)
       rack
     rack-test (0.6.3)
       rack (>= 1.0)
-    rails (3.2.22.5)
-      actionmailer (= 3.2.22.5)
-      actionpack (= 3.2.22.5)
-      activerecord (= 3.2.22.5)
-      activeresource (= 3.2.22.5)
-      activesupport (= 3.2.22.5)
-      bundler (~> 1.0)
-      railties (= 3.2.22.5)
-    rails-i18n (3.0.1)
-      i18n (~> 0.5)
-      rails (>= 3.0.0, < 4.0.0)
+    rails (4.0.13)
+      actionmailer (= 4.0.13)
+      actionpack (= 4.0.13)
+      activerecord (= 4.0.13)
+      activesupport (= 4.0.13)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 4.0.13)
+      sprockets-rails (~> 2.0)
+    rails-i18n (4.0.5)
+      i18n (~> 0.6)
+      railties (~> 4.0)
     rails_safe_tasks (1.0.0)
-    railties (3.2.22.5)
-      actionpack (= 3.2.22.5)
-      activesupport (= 3.2.22.5)
-      rack-ssl (~> 1.3.2)
+    railties (4.0.13)
+      actionpack (= 4.0.13)
+      activesupport (= 4.0.13)
       rake (>= 0.8.7)
-      rdoc (~> 3.4)
-      thor (>= 0.14.6, < 2.0)
+      thor (>= 0.18.1, < 2.0)
     rainbow (3.0.0)
     raindrops (0.19.1)
     rake (13.0.1)
-    ransack (0.7.2)
-      actionpack (~> 3.0)
-      activerecord (~> 3.0)
-      polyamorous (~> 0.5.0)
+    ransack (1.2.3)
+      actionpack (>= 3.0)
+      activerecord (>= 3.0)
+      activesupport (>= 3.0)
+      i18n
+      polyamorous (~> 1.0.0)
     rb-fsevent (0.10.3)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    rbvmomi (1.13.0)
+    rbvmomi (2.2.0)
       builder (~> 3.0)
       json (>= 1.8)
       nokogiri (~> 1.5)
-      trollop (~> 2.1)
-    rdoc (3.12.2)
-      json (~> 1.4)
+      optimist (~> 3.0)
     redcarpet (3.5.0)
     request_store (1.4.1)
       rack (>= 1.4)
@@ -602,54 +606,53 @@ GEM
     ruby-rc4 (0.1.5)
     rubyzip (1.3.0)
     safe_yaml (1.0.5)
-    sass (3.3.14)
-    sass-rails (3.2.6)
-      railties (~> 3.2.0)
-      sass (>= 3.1.10)
-      tilt (~> 1.3)
+    sass (3.4.25)
+    sass-rails (5.0.7)
+      railties (>= 4.0.0, < 6)
+      sass (~> 3.1)
+      sprockets (>= 2.8, < 4.0)
+      sprockets-rails (>= 2.0, < 4.0)
+      tilt (>= 1.1, < 3)
     select2-rails (3.4.9)
       sass-rails
       thor (~> 0.14)
     selenium-webdriver (3.142.7)
       childprocess (>= 0.5, < 4.0)
       rubyzip (>= 1.2.2)
-    shoulda-matchers (2.8.0)
-      activesupport (>= 3.0.0)
+    shoulda-matchers (3.1.3)
+      activesupport (>= 4.0.0)
     simplecov (0.17.1)
       docile (~> 1.1)
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
     simplecov-html (0.10.2)
-    sinatra (1.4.6)
-      rack (~> 1.4)
+    sinatra (1.4.8)
+      rack (~> 1.5)
       rack-protection (~> 1.4)
       tilt (>= 1.3, < 3)
-    spinjs-rails (1.4)
-      rails (>= 3.1)
     spring (1.7.2)
     spring-commands-rspec (1.0.4)
       spring (>= 0.9.1)
-    sprockets (2.2.3)
+    sprockets (2.12.5)
       hike (~> 1.2)
       multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
+    sprockets-rails (2.3.3)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      sprockets (>= 2.8, < 4.0)
     state_machine (1.2.0)
     stringex (1.5.1)
-    stripe (5.15.0)
-    test-unit (3.3.5)
+    stripe (5.22.0)
+    temple (0.8.2)
+    test-unit (3.3.6)
       power_assert
     thor (0.20.3)
+    thread_safe (0.3.6)
     tilt (1.4.1)
     timecop (0.9.1)
-    treetop (1.4.15)
-      polyglot
-      polyglot (>= 0.3.1)
-    trollop (2.9.9)
     truncate_html (0.9.2)
-    turbo-sprockets-rails3 (0.3.14)
-      railties (> 3.2.8, < 4.0.0)
-      sprockets (>= 2.2.0)
     tzinfo (0.3.57)
     uglifier (4.2.0)
       execjs (>= 0.3.0, < 3)
@@ -674,11 +677,13 @@ GEM
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    whenever (0.11.0)
+    whenever (1.0.0)
       chronic (>= 0.6.3)
-    wicked_pdf (1.1.0)
+    wicked_pdf (1.4.0)
+      activesupport
     wkhtmltopdf-binary (0.12.5)
     xml-simple (1.1.5)
+    xmlrpc (0.3.0)
     xpath (2.1.0)
       nokogiri (~> 1.3)
 
@@ -686,55 +691,64 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  actionpack-action_caching
   active_model_serializers (= 0.8.4)
-  activemerchant (~> 1.78)
+  activemerchant (~> 1.78.0)
   activerecord-import
   activerecord-postgresql-adapter
+  activerecord-session_store
   acts-as-taggable-on (~> 3.4)
+  acts_as_list (= 0.2.0)
   andand
   angular-rails-templates (~> 0.3.0)
   angularjs-file-upload-rails (~> 2.4.1)
   angularjs-rails (= 1.5.5)
   atomic
+  awesome_nested_set (~> 3.0.0.rc.1)
   awesome_print
-  aws-sdk
+  aws-sdk (= 1.11.1)
   blockenspiel
   bugsnag
-  byebug (~> 11.0)
+  byebug (~> 11.0.0)
+  cancan (~> 1.6.10)
   capybara (>= 2.18.0)
   catalog!
-  coffee-rails (~> 3.2.1)
+  coffee-rails (~> 4.2.2)
   combine_pdf
   compass-rails
   custom_error_message!
   daemons
   dalli
-  database_cleaner (= 0.7.1)
+  database_cleaner
   db2fog
   ddtrace
   debugger-linecache
   delayed_job_active_record
   delayed_job_web
-  devise (~> 2.2.5)
-  devise-encryptable (= 0.2.0)
+  devise (~> 3.0.1)
+  devise-encryptable
   dfc_provider!
   diffy
   eventmachine (>= 1.2.3)
-  factory_bot_rails
+  factory_bot_rails (= 4.10.0)
+  ffaker (~> 1.16)
   figaro
   foreigner
   foundation-icons-sass-rails
-  foundation-rails
+  foundation-rails (= 5.5.2.1)
   fuubar (~> 2.5.0)
   geocoder
   gmaps4rails
   haml
+  highline (= 1.6.18)
+  httparty (~> 0.18)
   i18n (~> 0.6.11)
-  i18n-js (~> 3.6.0)
+  i18n-js (~> 3.7.0)
   immigrant
   jquery-migrate-rails
   jquery-rails (= 3.1.5)
   jquery-ui-rails (~> 4.2)
+  json (>= 1.7.7)
   json_spec (~> 1.1.4)
   jwt (~> 2.2)
   kaminari (~> 0.14.1)
@@ -742,6 +756,7 @@ DEPENDENCIES
   letter_opener (>= 1.4.1)
   mini_racer (= 0.2.14)
   momentjs-rails
+  money (= 5.1.1)
   newrelic_rpm (~> 3.0)
   oauth2 (~> 1.4.4)
   ofn-qz!
@@ -749,15 +764,17 @@ DEPENDENCIES
   order_management!
   paper_trail (~> 5.2.3)
   paperclip (~> 3.4.1)
+  paranoia (~> 2.0)
   pg (~> 0.21.0)
   pry (~> 0.12.0)
-  pry-byebug (~> 3.7)
+  pry-byebug (~> 3.7.0)
   rack-mini-profiler (< 3.0.0)
   rack-rewrite
   rack-ssl
-  rails (~> 3.2.22)
-  rails-i18n (~> 3.0.0)
+  rails (~> 4.0.13)
+  rails-i18n (~> 4.0)
   rails_safe_tasks (~> 1.0)
+  ransack (~> 1.2.3)
   redcarpet
   roadie-rails (~> 1.3.0)
   roo (~> 2.8.3)
@@ -765,23 +782,23 @@ DEPENDENCIES
   rspec-retry
   rubocop
   rubocop-rails
-  sass (~> 3.3)
-  sass-rails (~> 3.2.3)
+  sass
+  sass-rails
   select2-rails (~> 3.4.7)
   selenium-webdriver
   shoulda-matchers
   simplecov
-  spinjs-rails
   spree_core!
   spree_i18n!
   spree_paypal_express!
-  spring (= 1.7.2)
+  spring
   spring-commands-rspec
+  state_machine (= 1.2.0)
+  stringex (~> 1.5.1)
   stripe
   test-unit (~> 3.3)
   timecop
-  truncate_html
-  turbo-sprockets-rails3
+  truncate_html (= 0.9.2)
   uglifier (>= 1.0.3)
   unicorn
   unicorn-rails

app/assets/images/home/producers-bg.svg

@@ -1,72 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Generator: Adobe Illustrator 17.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
-<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
-<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
-	 width="386.638px" height="320px" viewBox="-31.319 2 386.638 320" enable-background="new -31.319 2 386.638 320"
-	 xml:space="preserve">
-<g>
-	<path fill="#ABDBD0" d="M331.518,159.254c-13.147,0-23.805,26.723-23.805,59.69c0,32.96,10.658,59.685,23.805,59.685
-		c13.142,0,23.801-26.725,23.801-59.685C355.319,185.977,344.66,159.254,331.518,159.254z M332.114,255.185
-		c-8.06,0-14.593-15.746-14.593-35.167s6.533-35.165,14.593-35.165c8.059,0,14.594,15.743,14.594,35.165
-		S340.173,255.185,332.114,255.185z"/>
-	<path fill="#ABDBD0" d="M304.557,219.468c0-36.244,11.718-65.623,26.171-65.623c2.107,0,4.154,0.642,6.116,1.823
-		c-10.469-8.709-35.108-4.515-46.498-2.514c-2.139,3.216-3.572,6.079-4.237,7.624c-3.91,9.023-7.063,22.001-7.063,22.001
-		l-11.863-0.291l11.689,55.666h-17.909c2.54,25.911,10.809,43.072,25.314,46.94c0,0,30.567,4.944,45.693-0.081
-		c-0.414,0.046-0.828,0.081-1.243,0.081C316.273,285.091,304.557,255.707,304.557,219.468z"/>
-	<path fill="#ABDBD0" d="M64.393,237.666c0-46.574,34.058-84.332,76.072-84.332c1.812,0,3.605,0.095,5.386,0.234
-		c-5.466-1.08-11.117-1.655-16.903-1.655c-47.453,0-85.919,38.074-85.919,85.044c0,46.967,38.467,85.042,85.919,85.042
-		c2.052,0,4.08-0.097,6.096-0.238C95.562,318.679,64.393,282.219,64.393,237.666z"/>
-	<path fill="#ABDBD0" d="M122.02,149.109c44.188-2.104,67.371,17.402,79.829,34.057l3.027-2.314l4.452-5.008l28.39,7.793
-		l10.02,52.325h27.275l-11.689-55.667l11.861,0.291c0,0,3.157-12.974,7.066-22c1.977-4.57,10.576-20.597,24.492-23.378
-		c13.917-2.784,26.31,15.218,26.31,15.218l-6.824-19.114l-25.606-9.464l-7.794-42.304l11.689-7.236l-1.114-11.69l-64.57-23.38
-		l-82.387,19.483V66.74l13.361,3.341l-8.908,25.608c0,0-23.709-3.198-47.031-1.02c-27.244,2.543-54.707,10.521-54.707,10.521
-		l-7.365,14.434l-5.009,66.242l2.983,0.565l5.182-59.414l70.49-6.662L122.02,149.109L122.02,149.109z M65.958,118.276
-		c-3.541,0.556-6.775-1.29-7.219-4.123c-0.446-2.835,2.065-5.583,5.606-6.139c3.543-0.556,6.776,1.288,7.22,4.124
-		C72.011,114.972,69.5,117.719,65.958,118.276z M107.793,115.428c-4.711,0.741-9.011-1.713-9.603-5.483
-		c-0.592-3.77,2.748-7.425,7.458-8.167c4.713-0.741,9.014,1.717,9.604,5.484C115.845,111.034,112.505,114.689,107.793,115.428z
-		 M225.388,109.481h-19.989L166.472,98.96l7.715-25.25l57.162-10.17L225.388,109.481z M252.39,181.723l-17.886-0.702l7.015-117.482
-		l30.508,9.469l5.612,49.447L252.39,181.723z M282.025,122.017l-6.135-47.956l14.378,7.715l7.015,43.925L282.025,122.017z"/>
-	<path fill="#ABDBD0" d="M147.008,91.476V57.053h-6.84V41.534c-0.001-8.57-6.945-15.515-15.517-15.519v6.314
-		c5.083,0.008,9.198,4.123,9.206,9.204v15.519h-6.312v33.7C134.962,90.733,141.75,91.082,147.008,91.476z"/>
-	<path fill="#ABDBD0" d="M-22.811,227.408c0-33.523,28.628-60.694,63.942-60.694c1.17,0,2.333,0.034,3.487,0.094l0.406-5.338
-		c-2.084-0.176-4.193-0.274-6.325-0.274c-38.67-0.001-70.018,29.602-70.018,66.12c0,36.522,31.348,66.125,70.018,66.125
-		c6.585,0,12.95-0.877,18.994-2.483c-1.019-1.387-1.98-2.814-2.918-4.26c-4.397,0.909-8.959,1.4-13.642,1.4
-		C5.817,288.099-22.811,260.925-22.811,227.408z"/>
-	<path fill="#ABDBD0" d="M10.539,226.003c0-18.358,16.222-33.24,36.233-33.24c2.119,0,4.189,0.176,6.207,0.497
-		c0.214-0.435,0.437-0.864,0.675-1.295l-10.952-2.055l1.408-18.469c-1.078-0.059-2.159-0.087-3.249-0.087
-		c-32.898,0-59.568,25.249-59.568,56.395c0,31.139,26.67,56.388,59.568,56.388c4.363,0,8.614-0.457,12.71-1.299
-		c-4.71-7.248-8.31-15.242-10.552-23.764C24.771,257.346,10.539,243.2,10.539,226.003z"/>
-	<g>
-		<polygon fill="#ABDBD0" points="121.189,130.962 56.135,136.089 56.662,129.208 122.02,123.859 		"/>
-		<polygon fill="#ABDBD0" points="120.531,141.218 55.478,146.347 56.004,139.465 121.364,134.116 		"/>
-		<path fill="#ABDBD0" d="M120.311,143.455l-65.36,5.348l-0.526,6.882l50.139-3.953c4.875-1.368,9.922-2.336,15.109-2.83
-			L120.311,143.455z"/>
-		<path fill="#ABDBD0" d="M54.293,159.059l-0.527,6.883l24.851-1.96c4.491-3.131,9.296-5.842,14.364-8.088L54.293,159.059z"/>
-		<path fill="#ABDBD0" d="M72.954,168.275l-19.187,1.571l-0.526,6.882l11.721-0.926C67.461,173.128,70.129,170.612,72.954,168.275z"
-			/>
-		<path fill="#ABDBD0" d="M52.847,179.313l-0.526,6.882l4.571-0.362c1.745-2.542,3.636-4.978,5.641-7.313L52.847,179.313z"/>
-	</g>
-	<circle fill="#ABDBD0" cx="140.958" cy="239.852" r="19.726"/>
-	<ellipse fill="#ABDBD0" cx="328.491" cy="218.807" rx="4.487" ry="12.775"/>
-	<g>
-		<circle fill="#ABDBD0" cx="162.134" cy="223.81" r="2.781"/>
-		<circle fill="#ABDBD0" cx="133.371" cy="215.827" r="2.781"/>
-		<circle fill="#ABDBD0" cx="115.492" cy="239.462" r="2.781"/>
-		<circle fill="#ABDBD0" cx="131.915" cy="265.616" r="2.781"/>
-		<circle fill="#ABDBD0" cx="161.682" cy="255.915" r="2.783"/>
-	</g>
-	<path fill="#ABDBD0" d="M126.341,6.21c-9.103,0-16.483,7.379-16.483,16.482c0,2.76,0.686,5.357,1.886,7.641
-		c-2.135-2.062-3.7-4.699-4.48-7.655l0,0c-0.538,0.587-1.051,1.203-1.509,1.884c-5.088,7.548-3.096,17.791,4.454,22.881
-		c2.287,1.542,4.825,2.424,7.39,2.708c-4.22,0.898-8.783,0.158-12.644-2.444c-7.548-5.088-9.542-15.333-4.452-22.881
-		c1.634-2.423,3.81-4.247,6.245-5.472c-0.014-0.289-0.046-0.574-0.046-0.869c0-3.665,1.211-7.038,3.233-9.775l-0.001,0.001
-		c-0.855-0.185-1.731-0.312-2.642-0.312c-7.101,0-12.857,5.756-12.857,12.858c0,2.152,0.535,4.177,1.472,5.959
-		c-2.421-2.337-3.933-5.611-3.933-9.241c0-7.101,5.756-12.857,12.856-12.857c2.414,0,4.663,0.675,6.591,1.833
-		c-0.004,0.002-0.004,0.004-0.006,0.005C114.405,3.9,118.571,2,123.185,2c6.343,0,11.841,3.588,14.598,8.842
-		C134.817,7.98,130.789,6.21,126.341,6.21z"/>
-	<path fill="#ABDBD0" d="M188.32,300.982c-0.004,0-0.006,0.002-0.008,0.004c19.094-15.154,31.275-38.079,31.275-63.757
-		c0-40.085-29.659-73.5-69.016-81.055c-1.782-0.134-3.574-0.227-5.385-0.227c-42.013,0-76.072,36.7-76.072,81.97
-		c0,43.31,31.169,78.747,70.65,81.743c7.991-0.539,15.673-2.145,22.914-4.642L188.32,300.982z M144.663,286.068
-		c-23.696,0-42.907-20.166-42.907-45.041c0-24.878,19.211-45.042,42.907-45.042c23.697,0,42.908,20.166,42.908,45.042
-		C187.571,265.902,168.359,286.068,144.663,286.068z"/>
-</g>
-</svg>

app/assets/javascripts/admin/all.js

@@ -30,7 +30,6 @@
 //= require spree
 //= require admin/spree/spree-select2
 //= require modernizr
-//= require spin
 //= require equalize
 //= require css_browser_selector_dev
 //= require responsive-tables

app/assets/javascripts/admin/bulk_product_update.js.coffee

@@ -105,6 +105,7 @@ angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout
     $scope.producerFilter = "0"
     $scope.categoryFilter = "0"
     $scope.importDateFilter = "0"
+    $scope.fetchProducts()
 
   $scope.$watch 'sortOptions', (sort) ->
     return unless sort && sort.predicate != ""

app/assets/javascripts/admin/orders/controllers/orders_controller.js.coffee

@@ -37,6 +37,7 @@ angular.module("admin.orders").controller "ordersCtrl", ($scope, $timeout, Reque
       'q[distributor_id_in][]': $scope['q']['distributor_id_in'],
       'q[order_cycle_id_in][]': $scope['q']['order_cycle_id_in'],
       'q[s]': $scope.sorting || 'completed_at desc',
+      shipping_method_id: $scope.shipping_method_id,
       per_page: $scope.per_page,
       page: page
     }

app/assets/javascripts/admin/side_menu/services/side_menu.js.coffee

@@ -4,7 +4,6 @@ angular.module("admin.side_menu")
       items: []
       selected: null
 
-
       # Checks for path and uses it to set the view
       # If no path, loads first view
       init: =>
@@ -31,11 +30,3 @@ angular.module("admin.side_menu")
         for item in @items when item.name is name
           return item
         null
-
-      hide_item_by_name: (name) =>
-        item = @find_by_name(name)
-        item.visible = false if item
-
-      show_item_by_name: (name) =>
-        item = @find_by_name(name)
-        item.visible = true if item

app/assets/javascripts/admin/spree/progress.coffee

@@ -1,27 +1,7 @@
 $(document).ready ->
-  opts =
-    lines: 11
-    length: 2
-    width: 3
-    radius: 9
-    corners: 1
-    rotate: 0
-    color: '#fff'
-    speed: 0.8
-    trail: 48
-    shadow: false
-    hwaccel: true
-    className: 'spinner'
-    zIndex: 2e9
-    top: 'auto'
-    left: 'auto'
-
-  target = document.getElementById("spinner")  
-
   $(document).ajaxStart ->
     $("#progress").fadeIn()
-    spinner = new Spinner(opts).spin(target)    
 
   $(document).ajaxStop ->
-    $("#progress").fadeOut()    
+    $("#progress").fadeOut()
 

app/assets/javascripts/darkswarm/all.js.coffee

@@ -1,13 +1,15 @@
 #= require jquery
 #= require jquery_ujs
 #= require jquery.ui.all
-#= require spin
 #
 #= require angular
 #= require angular-cookies
 #= require angular-sanitize
 #= require angular-animate
 #= require angular-resource
+#= require autocomplete.min.js
+#= require leaflet-1.6.0.js
+#= require leaflet-providers.js
 #= require lodash.underscore.js
 # bluebird.js is a dependency of angular-google-maps.js 2.0.0
 #= require bluebird.js

app/assets/javascripts/darkswarm/controllers/cart_controller.js.coffee

@@ -1,2 +1,4 @@
-Darkswarm.controller "CartCtrl", ($scope, Cart, $timeout) ->
+Darkswarm.controller "CartCtrl", ($scope, Cart, CurrentHub) ->
   $scope.Cart = Cart
+  $scope.CurrentHub = CurrentHub
+  $scope.max_characters = 20

app/assets/javascripts/darkswarm/controllers/cart_dropdown_controller.js.coffee

@@ -0,0 +1,7 @@
+Darkswarm.controller "CartDropdownCtrl", ($scope, Cart, BodyScroll) ->
+  $scope.Cart = Cart
+  $scope.showCartSidebar = false
+
+  $scope.toggleCartSidebar = ->
+    $scope.showCartSidebar = !$scope.showCartSidebar
+    BodyScroll.toggle()

app/assets/javascripts/darkswarm/controllers/group_page_controller.js.coffee

@@ -1,6 +1,3 @@
-Darkswarm.controller "GroupPageCtrl", ($scope, enterprises, Enterprises, MapConfiguration, OfnMap) ->
+Darkswarm.controller "GroupPageCtrl", ($scope, enterprises, Enterprises) ->
   $scope.Enterprises = Enterprises
-
-  $scope.map = angular.copy MapConfiguration.options
-  $scope.mapMarkers = OfnMap.enterprise_markers enterprises
   $scope.embedded_layout = window.location.search.indexOf("embedded_shopfront=true") != -1

app/assets/javascripts/darkswarm/controllers/products/product_node_controller.js.coffee

@@ -2,6 +2,5 @@ Darkswarm.controller "ProductNodeCtrl", ($scope, $modal, FilterSelectorsService)
   $scope.enterprise = $scope.product.supplier # For the modal, so it's consistent
 
   $scope.triggerProductModal = ->
-    $scope.productTaxonSelectors = FilterSelectorsService.createSelectors()
     $scope.productPropertySelectors = FilterSelectorsService.createSelectors()
     $modal.open(templateUrl: "product_modal.html", scope: $scope)

app/assets/javascripts/darkswarm/directives/body_scroll.js.coffee

@@ -0,0 +1,9 @@
+Darkswarm.directive "bodyScroll", ($rootScope, BodyScroll) ->
+  restrict: 'A'
+  scope: true
+  link: (scope, elem, attrs) ->
+    $rootScope.$on "toggleBodyScroll", ->
+      if BodyScroll.disabled
+        elem.addClass "disable-scroll"
+      else
+        elem.removeClass "disable-scroll"

app/assets/javascripts/darkswarm/directives/cart_toggle.js.coffee

@@ -1,19 +0,0 @@
-Darkswarm.directive "cartToggle", ($document) ->
-  # Toggles visibility of the "cart" popover
-  restrict: 'A'
-  link: (scope, elem, attr)->
-    scope.open = false
-
-    $document.bind 'click', (event) ->
-      cart_button = elem[0]
-      element_and_parents = [event.target, event.target.parentElement, event.target.parentElement.parentElement]
-      cart_button_clicked = (element_and_parents.indexOf(cart_button) != -1)
-
-      if cart_button_clicked
-        scope.$apply ->
-          scope.open = !scope.open
-      else
-        scope.$apply ->
-          scope.open = false
-
-      return

app/assets/javascripts/darkswarm/directives/open_street_map.js.coffee

@@ -0,0 +1,100 @@
+Darkswarm.directive 'ofnOpenStreetMap', ($window, Enterprises, EnterpriseModal, availableCountries, openStreetMapConfig) ->
+  restrict: 'E'
+  replace: true
+  scope: true
+  template: "<div></div>"
+
+  link: (scope, element, attrs, ctrl, transclude)->
+    map = null
+    markers = []
+    enterpriseNames = []
+    openStreetMapProviderName = openStreetMapConfig.open_street_map_provider_name
+    openStreetMapProviderOptions = JSON.parse(openStreetMapConfig.open_street_map_provider_options)
+
+    average = (values) ->
+      total = values.reduce (sum, value) ->
+        sum = sum + value
+      , 0
+      total / values.length
+
+    averageAngle = (angleName) ->
+      positiveAngles = []
+      negativeAngles = []
+      for enterprise in Enterprises.enterprises
+        if enterprise.latitude? && enterprise.longitude?
+          if enterprise[angleName] > 0
+            positiveAngles.push(enterprise[angleName])
+          else
+            negativeAngles.push(enterprise[angleName])
+
+      averageNegativeAngle = average(negativeAngles)
+      averagePositiveAngle = average(positiveAngles)
+
+      if negativeAngles.length == 0
+        averagePositiveAngle
+      else if positiveAngles.length == 0
+        averageNegativeAngle
+      else if averagePositiveAngle > averageNegativeAngle
+        averagePositiveAngle - averageNegativeAngle
+      else
+        averageNegativeAngle - averagePositiveAngle
+
+    buildMarker = (enterprise, latlng, title) ->
+      icon = L.icon
+        iconUrl: enterprise.icon
+      marker = L.marker latlng,
+        draggable:   true,
+        icon:        icon,
+        riseOnHover: true,
+        title:       title
+      marker.on "click", ->
+        EnterpriseModal.open enterprise
+      marker
+
+    enterpriseName = (enterprise) ->
+      return enterprise.name + " (" + enterprise.address.address1 + ", " + enterprise.address.city + ", " + enterprise.address.state_name + ")";
+
+    goToEnterprise = (selectedEnterpriseName) ->
+      enterprise = Enterprises.enterprises.find (enterprise) ->
+        enterpriseName(enterprise) == selectedEnterpriseName
+      map.setView([enterprise.latitude, enterprise.longitude], 12)
+
+    displayMap = ->
+      setMapDimensions()
+      averageLatitude = averageAngle("latitude")
+      averageLongitude = averageAngle("longitude")
+      zoomLevel = 6
+      map = L.map('open-street-map')
+      L.tileLayer.provider(openStreetMapProviderName, openStreetMapProviderOptions).addTo(map)
+      map.setView([averageLatitude, averageLongitude], zoomLevel)
+
+    displayEnterprises = ->
+      for enterprise in Enterprises.enterprises
+        if enterprise.latitude? && enterprise.longitude?
+          marker = buildMarker(enterprise, { lat: enterprise.latitude, lng: enterprise.longitude }, enterprise.name).addTo(map)
+          enterpriseNames.push(enterpriseName(enterprise))
+          markers.push(marker)
+
+    displaySearchField = () ->
+      new Autocomplete('#open-street-map--search',
+        onSubmit: goToEnterprise
+        search: searchEnterprises
+      )
+      overwriteInlinePositionRelativeToPositionSearchField = ->
+        $('#open-street-map--search').css("position", "absolute")
+      overwriteInlinePositionRelativeToPositionSearchField()
+
+    searchEnterprises = (input) ->
+      if input.length < 1
+        return []
+      enterpriseNames.filter (country) ->
+        country.toLowerCase().includes input.toLowerCase()
+
+    setMapDimensions = ->
+      height = $window.innerHeight - element.offset().top
+      element.css "width", "100%"
+      element.css "height", (height + "px")
+
+    displayMap()
+    displayEnterprises()
+    displaySearchField()

app/assets/javascripts/darkswarm/directives/page_alert.js.coffee

@@ -14,8 +14,8 @@ Darkswarm.directive "ofnPageAlert", ($timeout) ->
     # Wait a moment after page load before showing the alert. Otherwise we often miss the
     # start of the animation.
     $timeout ->
-      container_elems.addClass("move-down")
+      container_elems.addClass("move-up")
     , 1000
 
     scope.close = ->
-      container_elems.removeClass("move-down")
+      container_elems.removeClass("move-up")

app/assets/javascripts/darkswarm/directives/smooth_scroll_to.js.coffee

@@ -10,6 +10,5 @@ Darkswarm.directive "ofnSmoothScrollTo", ($location, $document)->
       # Scrolling is confused by our position:fixed top bar and page alert bar
       # - add an offset to scroll to the correct location, plus 5px buffer
       offset  = $("nav.top-bar").height()
-      offset += $(".page-alert.move-down").height()
       offset += 5
       $document.scrollTo target, offset, 1000

app/assets/javascripts/darkswarm/services/body_scroll.js.coffee

@@ -0,0 +1,7 @@
+angular.module("Darkswarm").factory "BodyScroll", ($rootScope) ->
+  new class BodyScroll
+    disabled: false
+
+    toggle: ->
+      @disabled = !@disabled
+      $rootScope.$broadcast "toggleBodyScroll"

app/assets/javascripts/darkswarm/services/checkout.js.coffee

@@ -21,14 +21,18 @@ Darkswarm.factory 'Checkout', ($injector, CurrentOrder, ShippingMethods, StripeE
         try
           @handle_checkout_error_response(response)
         catch error
-          @loadFlash(error: t("checkout.failed")) # inform the user about the unexpected error
-          throw error # generate a BugsnagJS alert
+          try
+            @loadFlash(error: t("checkout.failed")) # inform the user about the unexpected error
+          finally
+            throw error # generate a BugsnagJS alert
 
     handle_checkout_error_response: (response) =>
-      if response.data.path
+      throw response unless response.data?
+
+      if response.data.path?
         Navigation.go response.data.path
       else
-        throw response unless response.data.flash
+        throw response unless response.data.flash?
 
         @errors = response.data.errors
         @loadFlash(response.data.flash)

app/assets/javascripts/darkswarm/services/enterprises.js.coffee

@@ -1,4 +1,4 @@
-Darkswarm.factory 'Enterprises', (enterprises, ShopsResource, CurrentHub, Taxons, Dereferencer, Matcher, Geo, $rootScope) ->
+Darkswarm.factory 'Enterprises', (enterprises, ShopsResource, CurrentHub, Taxons, Dereferencer, Matcher, GmapsGeo, $rootScope) ->
   new class Enterprises
     enterprises: []
     enterprises_by_id: {}
@@ -59,7 +59,7 @@ Darkswarm.factory 'Enterprises', (enterprises, ShopsResource, CurrentHub, Taxons
           false
 
     calculateDistance: (query, firstMatching) ->
-      if query?.length > 0 and Geo.OK
+      if query?.length > 0 and GmapsGeo.OK
         if firstMatching?
           @setDistanceFrom firstMatching
         else
@@ -68,9 +68,9 @@ Darkswarm.factory 'Enterprises', (enterprises, ShopsResource, CurrentHub, Taxons
         @resetDistance()
 
     calculateDistanceGeo: (query) ->
-      Geo.geocode query, (results, status) =>
+      GmapsGeo.geocode query, (results, status) =>
         $rootScope.$apply =>
-          if status == Geo.OK
+          if status == GmapsGeo.OK
             #console.log "Geocoded #{query} -> #{results[0].geometry.location}."
             @setDistanceFrom results[0].geometry.location
           else
@@ -79,7 +79,7 @@ Darkswarm.factory 'Enterprises', (enterprises, ShopsResource, CurrentHub, Taxons
 
     setDistanceFrom: (locatable) ->
       for enterprise in @enterprises
-        enterprise.distance = Geo.distanceBetween enterprise, locatable
+        enterprise.distance = GmapsGeo.distanceBetween enterprise, locatable
       $rootScope.$broadcast 'enterprisesChanged'
 
     resetDistance: ->

app/assets/javascripts/darkswarm/services/gmaps_geo.js.erb.coffee

@@ -1,5 +1,5 @@
-Darkswarm.service "Geo", ->
-  new class Geo
+Darkswarm.service "GmapsGeo", ->
+  new class GmapsGeo
     OK: google?.maps?.GeocoderStatus?.OK
 
     # Usage:
@@ -10,7 +10,7 @@ Darkswarm.service "Geo", ->
     #     console.log "Error: #{status}"
     geocode: (address, callback) ->
       geocoder = new google.maps.Geocoder()
-      geocoder.geocode {'address': address, 'region': "<%= Spree::Country.find_by_id(Spree::Config[:default_country_id]).iso %>"}, callback
+      geocoder.geocode {'address': address, 'region': "<%= Spree::Country.find_by(id: Spree::Config[:default_country_id]).iso %>"}, callback
 
     distanceBetween: (src, dst) ->
       google.maps.geometry.spherical.computeDistanceBetween @toLatLng(src), @toLatLng(dst)

app/assets/javascripts/darkswarm/services/map_configuration.js.erb.coffee

@@ -4,7 +4,7 @@ Darkswarm.factory "MapConfiguration", ->
       center:
         latitude: -37.4713077
         longitude: 144.7851531
-      cluster_icon: 'assets/map_009-cluster.svg'
+      cluster_icon: "<%= image_path('map_009-cluster.svg') %>"
       zoom: 12
       additional_options:
         # mapTypeId: 'satellite'

app/assets/javascripts/darkswarm/services/variants.js.coffee

@@ -20,7 +20,6 @@ Darkswarm.factory 'Variants', ->
         name = variant.product_name
       else
         name =  "#{variant.product_name} - #{variant.name_to_display}"
-      name += " (#{variant.options_text})" if variant.options_text
       name
 
     lineItemFor: (variant) ->

app/assets/javascripts/templates/admin/columns_dropdown.html.haml

@@ -4,7 +4,7 @@
   %div.menu{ 'ng-show' => "expanded" }
     %div.menu_item{ ng: { repeat: "column in columns", click: "toggle(column)", class: "{selected: column.visible}" } }
       %span.check
-      %span.name {{column.name }}
+      %span.name {{ column.name }}
     %hr
     %div.menu_item.text-center
       %input.fullwidth.orange{ type: "button", ng: { value: "saved() ? 'Saved': 'Saving'", show: "saved() || saving", disabled: "saved()" } }

app/assets/javascripts/templates/product_modal.html.haml

@@ -1,6 +1,5 @@
 .row
-
-  .columns.small-12.large-6.product-header
+  .columns.small-12.medium-6.large-6.product-header
     %h3{"ng-bind" => "::product.name"}
     %span
       %em {{'products_from' | t}}
@@ -8,19 +7,14 @@
 
     %br
 
-    .filter-shopfront.taxon-selectors.inline-block
-      %filter-selector{ 'selector-set' => "productTaxonSelectors", objects: "[product] | taxonsOf" }
-
     .filter-shopfront.property-selectors.inline-block
       %filter-selector{ 'selector-set' => "productPropertySelectors", objects: "[product] | propertiesWithValuesOf" }
 
-    %div{"ng-if" => "product.description_html"}
-      %hr
+    .product-description{"ng-if" => "product.description_html"}
       %p.text-small{"ng-bind-html" => "::product.description_html"}
-      %hr
 
-  .columns.small-12.large-6
-    %img.product-img{"ng-src" => "{{::product.largeImage}}", "ng-if" => "::product.largeImage"}
-    %img.product-img.placeholder{ src: "/assets/noimage/large.png", "ng-if" => "::!product.largeImage"}
+  .columns.small-12.medium-6.large-6.product-img
+    %img{"ng-src" => "{{::product.largeImage}}", "ng-if" => "::product.largeImage"}
+    %img.placeholder{ src: "/assets/noimage/large.png", "ng-if" => "::!product.largeImage"}
 
 %ng-include{src: "'partials/close.html'"}

app/assets/javascripts/templates/signup.html.haml

@@ -40,6 +40,8 @@
           tabindex: 2,
           inputmode: "password",
           "ng-model" => "spree_user.password_confirmation"}
+        %span.error{"ng-show" => "errors.password_confirmation != null"}
+          {{ errors.password_confirmation.join(' ') }}
     .row
       .large-12.columns
         %input.button.primary{name: "commit",

app/assets/stylesheets/admin/components/progress.scss

@@ -1,38 +1,31 @@
 @import 'admin/globals/variables';
 @import 'admin/globals/mixins';
 
-#progress { 
-  display: none;
+#progress {
+  @include border-radius(10px);
   position: fixed;
-  top: 0;  
+  top: -10px;
+  left: 50%;
   z-index: 1000;
   opacity: 0.8;
-  width: 100%;
+  width: 200px;
+  background-color: $spree-blue;
+  color: $color-1;
+  display: none;
+  font-size: 120%;
+  font-weight: bold;
+  line-height: 40px;
+  margin-left: -100px;
+  padding-top: 15px;
+  text-align: center;
+  text-transform: uppercase;
 
-  .wrapper {
-    @include border-radius(10px);
-    top: -10px;
+  .spinner {
     position: absolute;
     left: 50%;
-    width: 200px;
-    margin-left: -100px;
-    padding: 11px 0;
-    background-color: $color-3;
-    color: $color-1;
-    text-align: center;
+    width: 30px;
+    height: 30px;
+    top: -5px;
+    margin-left: -15px;
   }
-
-  #spinner {    
-    position: absolute;
-    top: 10px;
-    left: 50%;
-    margin-left: -5px;
-  }
-
-  .progress-message {
-    font-size: 120%;
-    font-weight: $font-weight-bold;
-    margin-top: 20px;
-    text-transform: uppercase;
-  }
-}
+}

app/assets/stylesheets/admin/components/todo.scss

@@ -1,5 +1,3 @@
-@import '../plugins/font-awesome';
-
 .todolist{
   .todo {
     &.done {
@@ -18,10 +16,6 @@
       .steps {
         display: none;
       }
-
-      i {
-        @extend .icon-check
-      }
     }
   }
 }

app/assets/stylesheets/admin/icons.css.scss

@@ -1,4 +0,0 @@
-@import 'plugins/font-awesome';
-
-.icon-refund:before { @extend .icon-ok:before }
-.icon-credit:before { @extend .icon-ok:before }

app/assets/stylesheets/admin/welcome.css.scss

@@ -7,7 +7,7 @@
 
     @include fullbg;
     background-color: black;
-    background-image: url("/assets/home/tagline-bg.jpg");
+    background-image: image-url("home/tagline-bg.jpg");
     background-repeat: no-repeat;
     background-position: center center;
     margin-bottom: 2em;

app/assets/stylesheets/darkswarm/_shop-filters.css.scss

@@ -27,13 +27,11 @@
 
     a, a.button {
       display: block;
-      padding-top: 0.5rem;
 
       @include border-radius(0.5em);
 
       border: 1px solid $border-clr;
       padding: 0.5em 0.625em;
-      font-size: 0.875em;
       color: $base-clr;
       font-size: 0.75em;
       background: white;

app/assets/stylesheets/darkswarm/_shop-modals.css.scss

@@ -1,9 +1,30 @@
 .product-header {
+  padding-left: 1.5rem;
+
   h1, h2, h3, h4, h5, h6 {
-    margin: 0;
+    margin: 0.2rem 1.5rem 0 0;
   }
 
-  hr {
-    margin: 0.5em 0;
+  span {
+    color: $grey-500;
+  }
+
+  .product-description {
+    margin: 1rem 0.25rem 0.25rem 0;
+  }
+
+  .property-selectors li {
+    margin: 0 0.25rem 0.25rem 0;
+    padding: 0.4rem 0 0;
+
+    a {
+      border: 1px solid $grey-300;
+      font-weight: normal;
+      padding: 0.15rem 0.5rem;
+    }
+
+    span {
+      color: $grey-600;
+    }
   }
 }

app/assets/stylesheets/darkswarm/_shop-navigation.css.scss

@@ -62,7 +62,9 @@ ordercycle {
     }
 
     select {
-      background-image: url('/assets/white-caret.svg');
+      background-image: image-url('white-caret.svg');
+      background-size: 30px auto;
+      background-position-x: 102%;
     }
 
     p {
@@ -71,24 +73,27 @@ ordercycle {
 
     select,
     p {
-      width: inherit;
       display: inline-block;
       color: $white;
       background-color: transparent;
       border: 0;
+      border-radius: 0 $radius-small $radius-small 0;
       margin-bottom: 0;
+      padding: 0.5em 1.25em 0.5em 0.75em;
       font-size: 1em;
       line-height: 1.3em;
-      padding: 0.5em 1.25em 0.5em 0.75em;
       height: 2.35em;
-      background-size: 30px auto;
-      border-radius: 0 $radius-small $radius-small 0;
       min-width: 13em;
+      width: 200px;
 
       @include breakpoint(mobile) {
         width: 100%;
         min-width: 0;
       }
+
+      @media all and (min-width: 640px) and (max-width: 1024px), (min-width: 1200px) {
+        width: 250px;
+      }
     }
 
     option {
@@ -107,6 +112,7 @@ ordercycle {
 
     @include breakpoint(mobile) {
       display: flex;
+      margin-right: 0;
     }
   }
 
@@ -141,7 +147,7 @@ shop ordercycle {
 
       select {
         background-color: $white;
-        background-image: url('/assets/black-caret.svg');
+        background-image: image-url('black-caret.svg');
         color: $grey-500;
         font-style: italic;
       }
@@ -162,7 +168,7 @@ shop ordercycle {
 
     @include breakpoint(tablet) {
       float: none;
-      padding: 0 0 10px;
+      padding: 0;
     }
   }
 

app/assets/stylesheets/darkswarm/_shop-taxon-flag.css.scss

@@ -4,7 +4,7 @@
   products {
     product {
       .taxon-flag {
-        background: transparent url("/assets/flag.svg") top center no-repeat;
+        background: transparent image-url("flag.svg") top center no-repeat;
         background-size: 34px 39px;
         min-height: 40px;
         width: 34px;

app/assets/stylesheets/darkswarm/all.scss

@@ -3,6 +3,9 @@
    * and any sub-directories. You're free to add application-wide styles to this file and they'll appear at
    * the top of the compiled file, but it's generally better to create a new file per style scope.
 
+   *= require autocomplete
+   *= require leaflet
+
    *= require_self
 */
 @import 'variables';
@@ -13,7 +16,7 @@
 @import 'layout/*';
 @import '*';
 @import 'pages/*';
-@import '../web/all';
+@import 'web/all';
 
 ofn-modal {
   display: block;

app/assets/stylesheets/darkswarm/animations.scss

@@ -143,8 +143,8 @@
 }
 
 .reveal-modal-bg.in {
-  filter: alpha(opacity = 50);
-  opacity: 0.5;
+  filter: alpha(opacity = 75);
+  opacity: 0.75;
 }
 
 .animate-repeat {

app/assets/stylesheets/darkswarm/cart-dropdown.css.scss

@@ -0,0 +1,124 @@
+@import "mixins";
+@import "variables";
+@import "branding";
+
+.expanding-sidebar.cart-sidebar {
+  .background {
+    z-index: 150;
+  }
+
+  .sidebar {
+    padding: $topbar-height 0 0;
+    background-color: $white;
+    z-index: 160;
+
+    @include breakpoint(desktop) {
+      padding: $mobile-nav-height 0 0;
+    }
+  }
+
+  .cart-header {
+    background-color: $white;
+    border-bottom: 1px solid $grey-100;
+    min-height: 3.5em;
+    padding: 1em;
+    position: sticky;
+    top: 0;
+
+    .title {
+      color: $grey-800;
+      margin: 0;
+    }
+
+    .close {
+      color: $grey-500;
+      float: right;
+
+      i {
+        vertical-align: middle;
+      }
+    }
+  }
+
+  .cart-content {
+    margin-bottom: $sidebar-footer-height + 2em;
+
+    .cart-empty {
+      text-align: center;
+      padding-top: 10em;
+      width: 100%;
+
+      p {
+        font-size: 1.5em;
+      }
+    }
+  }
+
+  .go-shopping {
+    display: none;
+    padding: 0 1.5em;
+
+    @include breakpoint(mobile) {
+      display: inline-block;
+    }
+  }
+
+  table {
+    width: 100%;
+    border: 0;
+    border-spacing: 0;
+    margin: 0;
+
+    .product-cart {
+      background-color: $white;
+
+      td {
+        border-bottom: 1px solid $grey-100;
+        padding: 0.75em 1em 0.5em;
+        vertical-align: top;
+
+        &.image {
+          width: 42px;
+          padding: 0.5em 0 0.5em 1em;
+        }
+
+        span {
+          color: $grey-800;
+          font-size: 16px;
+          line-height: 1.4em;
+        }
+
+        img {
+          max-width: 56px;
+          max-height: 56px;
+        }
+
+        .options-text {
+          color: $grey-500;
+          font-size: 14px;
+        }
+      }
+    }
+  }
+
+  .cart-total {
+    color: $white;
+    text-align: center;
+    margin: -0.5em 0 0.75em;
+  }
+
+  .sidebar,
+  .sidebar-footer {
+    width: 375px;
+    margin-right: -375px;
+
+    @include breakpoint(mobile) {
+      width: 100%;
+      margin-right: -100%;
+    }
+  }
+
+  .sidebar-footer {
+    z-index: 170;
+  }
+}

app/assets/stylesheets/darkswarm/cart-page.css.scss

@@ -0,0 +1,77 @@
+@import "mixins";
+@import "branding";
+@import "compass/css3/user-interface";
+@import "variables";
+
+#update-cart {
+  #errorExplanation {
+    display: none;
+  }
+}
+
+#cart-detail {
+  width: 100%;
+
+  .cart-item-delete,
+  .bought-item-delete {
+    a {
+      font-size: 1.125em;
+    }
+  }
+
+  .out-of-stock {
+    color: $clr-brick;
+  }
+
+  button,
+  .button {
+    margin: 0;
+  }
+
+  .toggle-bought {
+    cursor: pointer;
+  }
+
+  .bought td {
+    color: $med-grey;
+
+    h5 {
+      color: $med-grey;
+    }
+
+    .already-confirmed {
+      float: right;
+    }
+  }
+
+  input {
+    &.ng-invalid-stock,
+    &.ng-invalid-number {
+      border: 1px solid $clr-brick;
+    }
+  }
+}
+
+.item-thumb-image {
+  display: none;
+
+  @media screen and (min-width: 640px) {
+    display: inline-block;
+    float: left;
+    padding-right: 0.5em;
+    width: 36px;
+    height: 36px;
+  }
+}
+
+.links {
+  .button {
+    padding: 1.125rem 0 1.1875rem;
+    width: 210px;
+    font-size: 1.1em;
+
+    @include breakpoint(mobile) {
+      width: 100%;
+    }
+  }
+}

app/assets/stylesheets/darkswarm/distributor_header.css.scss

@@ -11,7 +11,7 @@ section {
   display: block;
   background: $white;
   position: relative;
-  z-index: 2;
+  z-index: 20;
 
   .details {
     box-sizing: border-box;
@@ -20,10 +20,6 @@ section {
     padding: 30px 0 0;
     position: relative;
 
-    select {
-      width: 200px;
-    }
-
     img {
       display: block;
       height: 100px;

app/assets/stylesheets/darkswarm/expanding-sidebar.css.scss

@@ -0,0 +1,79 @@
+@import "mixins";
+@import "variables";
+@import "branding";
+
+.expanding-sidebar {
+  display: flex;
+  flex-direction: column;
+  height: 100%;
+
+  .background {
+    position: fixed;
+    top: 0;
+    right: 0;
+    z-index: 200;
+    height: 100%;
+    width: 100%;
+    background-color: $shop-sidebar-overlay;
+    opacity: 0;
+    transition: opacity $transition-sidebar;
+  }
+
+  &.shown {
+    .background {
+      opacity: 1;
+    }
+
+    .sidebar,
+    .sidebar-footer {
+      margin-right: 0;
+    }
+  }
+
+  .sidebar {
+    position: fixed;
+    top: 0;
+    right: 0;
+    z-index: 210;
+    height: 100%;
+    width: $sidebar-large-width;
+    margin-right: -$sidebar-large-width;
+    background-color: rgba($white, 0.95);
+    padding: 1em;
+    transition: margin $transition-sidebar;
+    overflow-y: auto;
+  }
+
+  .sidebar-footer {
+    background-color: $grey-800;
+    width: $sidebar-large-width;
+    margin-right: -$sidebar-large-width;
+    min-height: $sidebar-footer-height;
+    position: fixed;
+    bottom: 0;
+    right: 0;
+    transition: margin $transition-sidebar;
+    padding: 1em;
+
+    button,
+    a.button {
+      width: 48%;
+    }
+  }
+
+  @include breakpoint(tablet) {
+    .sidebar,
+    .sidebar-footer {
+      width: $sidebar-medium-width;
+      margin-right: -$sidebar-medium-width;
+    }
+  }
+
+  @include breakpoint(mobile) {
+    .sidebar,
+    .sidebar-footer {
+      width: $sidebar-small-width;
+      margin-right: -$sidebar-small-width;
+    }
+  }
+}

app/assets/stylesheets/darkswarm/footer.scss

@@ -50,7 +50,7 @@ footer {
 
         width: 100%;
         border: 1px solid rgba($dark-grey, 0.35);
-        background-image: url("/assets/tile-wide.png");
+        background-image: image-url("tile-wide.png");
         background-position: center center;
         background-color: #bbb;
         padding: 12px 0 8px 0;

app/assets/stylesheets/darkswarm/home_panes.css.scss

@@ -42,7 +42,7 @@
 }
 
 #stats.pane {
-  background-image: url("/assets/home/background-blurred-oranges.jpg");
+  background-image: image-url("home/background-blurred-oranges.jpg");
   background-position: center center;
   background-color: $ofn-grey;
 
@@ -94,7 +94,7 @@
   }
 
   .home-icon-box {
-    background-image: url("/assets/ofn-o.png");
+    background-image: image-url("ofn-o.png");
     background-position: center center;
     background-repeat: no-repeat;
     background-size: auto 100%;
@@ -121,15 +121,15 @@
       background-size: auto 100%;
 
       &.search {
-        background-image: url("/assets/icon-mask-magnifier.png");
+        background-image: image-url("icon-mask-magnifier.png");
       }
 
       &.shop {
-        background-image: url("/assets/icon-mask-apple.png");
+        background-image: image-url("icon-mask-apple.png");
       }
 
       &.pick-up-delivery {
-        background-image: url("/assets/icon-mask-truck.png");
+        background-image: image-url("icon-mask-truck.png");
       }
     }
   }

app/assets/stylesheets/darkswarm/home_tagline.css.scss

@@ -13,7 +13,7 @@
     @include fullbg;
 
     background-color: $ofn-grey;
-    background-image: url("/assets/home/home.jpg");
+    background-image: image-url("home/home.jpg");
     position: fixed;
     left: 0;
     right: 0;

app/assets/stylesheets/darkswarm/images.css.scss

@@ -3,18 +3,22 @@
 @import "branding";
 
 .product-img {
-  padding: 5px;
-  margin-bottom: 10px;
-  outline: 1px solid #ccc;
+  text-align: center;
 
-  @include box-shadow(0 1px 2px 1px rgba(0, 0, 0, 0.15));
+  img {
+    padding: 0.3rem;
 
-  // placeholder for when no product images
-  &.placeholder {
-    opacity: 0.35;
+    // placeholder for when no product images
+    &.placeholder {
+      opacity: 0.35;
 
-    @include breakpoint(desktop) {
-      display: none;
+      @include breakpoint(desktop) {
+        display: none;
+      }
+    }
+
+    @media only screen and (max-width: 1024px) {
+      margin: 0 0 0.5rem;
     }
   }
 }
@@ -49,10 +53,3 @@
 .producer-logo {
   max-width: 220px;
 }
-
-@media only screen and (max-width: 1024px) {
-  .product-img {
-    margin-top: 2em;
-    margin-bottom: 1em;
-  }
-}

app/assets/stylesheets/darkswarm/map.css.scss

@@ -6,6 +6,7 @@
 
 .map-container {
   width: 100%;
+  position: relative;
 
   map, .angular-google-map-container, google-map, .angular-google-map {
     display: block;
@@ -38,6 +39,30 @@
       background: rgba(255, 255, 255, 1);
     }
   }
+
+  #open-street-map {
+    z-index: 1;
+  }
+
+  #open-street-map--search {
+    top: 16px;
+    left: 54px;
+    width: 50%;
+    z-index: 1000;
+
+    .autocomplete-input,
+    .autocomplete-result-list {
+      border: 2px solid $grey-500;
+
+      &:hover, &:active, &:focus {
+        border-color: $clr-brick;
+      }
+    }
+
+    .autocomplete-result-list {
+      border-top: 1px dotted $grey-500;
+    }
+  }
 }
 
 .map-footer {
@@ -63,3 +88,8 @@
     left: 0px;
   }
 }
+
+.tabs-content .map-footer {
+  position: relative;
+  bottom: 30px;
+}

app/assets/stylesheets/darkswarm/menu.css.scss

@@ -11,6 +11,7 @@ nav.top-bar {
   font-size: 16px;
   margin-bottom: 0;
   height: $topbar-height;
+  z-index: 190;
 }
 
 @media #{$large-only} {
@@ -174,7 +175,7 @@ nav.top-bar {
   height: $mobile-nav-height;
   position: fixed;
   width: 100%;
-  z-index: 1;
+  z-index: 190; // Above cart sidebar and shaded overlay
 
   .cart-span {
     background-color: #f4704c;
@@ -225,14 +226,7 @@ nav.top-bar {
 
 .off-canvas-wrap .tab-bar .menu-icon {
   @include box-shadow(none);
-}
-
-.off-canvas-wrap.move-right .tab-bar .menu-icon span {
-  box-shadow: 0 0px 0 1px #666, 0 7px 0 1px #666, 0 14px 0 1px #666;
-}
-
-.tab-bar .menu-icon span::after {
-  box-shadow: 0 0 0 1px black, 0 7px 0 1px black, 0 14px 0 1px black;
+  text-indent: 0;
 }
 
 .tab-bar .ofn-logo {

app/assets/stylesheets/darkswarm/mixins.scss

@@ -5,7 +5,7 @@
 // Generic \\
 
 @mixin tiledPane {
-  background-image: url("/assets/tile-wide.png");
+  background-image: image-url("tile-wide.png");
   background-color: $brand-colour;
   background-position: center center;
 
@@ -236,7 +236,7 @@
 
 @mixin producersbg {
   background-color: lighten($clr-turquoise, 68%);
-  background-image: url("/assets/producers.svg");
+  background-image: image-url("producers.svg");
   background-position: center 50px;
   background-repeat: no-repeat;
   background-size: 922px 763px;
@@ -244,13 +244,13 @@
 
 @mixin hubsbg {
   background-color: $brand-colour;
-  background-image: url("/assets/hubs-bg.jpg");
+  background-image: image-url("hubs-bg.jpg");
   background-position: center center;
 }
 
 @mixin groupsbg {
   background-color: lighten($clr-brick, 56%);
-  background-image: url("/assets/groups.svg");
+  background-image: image-url("groups.svg");
   background-position: center 50px;
   background-repeat: no-repeat;
   background-size: 922px 922px;

app/assets/stylesheets/darkswarm/modals.css.scss

@@ -5,8 +5,6 @@ dialog
 , .reveal-modal {
   border: none;
   outline: none;
-  padding: 30px 20px 0 20px;
-  border-bottom: 30px solid white;
   overflow-y: scroll;
   overflow-x: hidden;
   min-height: 260px;
@@ -18,23 +16,26 @@ dialog
   // Reveal.js break point:
   // @media only screen and (max-width: 40.063em)
 
-  // Small - when modal IS full screen
+  // Small - smaller outside area
   @media only screen and (max-width: 640px) {
-    left: 0;
-    max-height: 100%;
-    position: absolute !important;
-    top: 0;
+    left: 4%;
+    max-height: 92%;
+    max-width: 92%;
+    padding: 15px 0 0;
+    top: 4%;
   }
 
-  // Medium and up - when modal IS NOT full screen
+  // Medium and up - larger outside area
   @media only screen and (min-width: 641px) {
+    border-bottom: 30px solid $white;
     max-height: 90%;
+    padding: 30px 20px 0 20px;
     top: 5%;
   }
 }
 
 .reveal-modal-bg {
-  background-color: rgba(0, 0, 0, 0.85);
+  background-color: $black;
   position: fixed;
 }
 
@@ -58,6 +59,10 @@ dialog
 dialog .close-reveal-modal
 , .reveal-modal .close-reveal-modal {
   @include close-button(0.25rem);
+
+  background-color: $grey-500;
+  color: $white;
+  font-size: 1.5rem;
   right: 0.25rem;
 }
 

app/assets/stylesheets/darkswarm/page_alert.css.scss

@@ -14,7 +14,7 @@ $page-alert-height: 55px;
     border-left: none;
     border-right: none;
     background-color: #bbb;
-    background-image: url("/assets/tile-wide.png");
+    background-image: image-url("tile-wide.png");
     background-position: center center;
     padding: 12px 0 8px 0;
     margin: 0;
@@ -55,19 +55,18 @@ $page-alert-height: 55px;
 .off-canvas-fixed nav.tab-bar,
 .off-canvas-fixed .page-alert {
   @include transition(all 1000ms ease-in-out);
-
-  &.move-down {
-    margin-top: $page-alert-height;
-  }
 }
 
 .off-canvas-wrap .page-alert {
-  top: -1 * $page-alert-height;
+  bottom: -1 * $page-alert-height;
+  top: unset;
   z-index: 100;
-}
 
-.off-canvas-wrap.move-right .inner-wrap.move-down {
-  .left-off-canvas-menu {
-    top: -1 * $page-alert-height;
+  &.move-up {
+    bottom: 0;
+  }
+
+  .alert-box {
+    border-bottom: 0;
   }
 }

app/assets/stylesheets/darkswarm/pages/login_modal.css.scss

@@ -23,6 +23,12 @@
       text-decoration: underline;
     }
   }
+
+  @media only screen and (max-width: 640px) {
+    .tabbable {
+      margin: 0 15px;
+    }
+  }
 }
 
 @media only screen and (min-width: 1025px) {

app/assets/stylesheets/darkswarm/registration.css.scss

@@ -2,6 +2,10 @@
 @import "mixins";
 
 #registration-modal {
+  @media only screen and (max-width: 640px) {
+    margin: 0 15px;
+  }
+
   header {
     text-align: center;
 

app/assets/stylesheets/darkswarm/shop.css.scss

@@ -11,88 +11,7 @@
 @import "shop-taxon-flag";
 @import "shop-popovers";
 
-$sidebar-small-width: 75%;
-$sidebar-medium-width: 65%;
-$sidebar-large-width: 45%;
-$sidebar-footer-height: 5em;
-
 .darkswarm {
-  .shop-filters-sidebar {
-    display: flex;
-    flex-direction: column;
-    height: 100%;
-
-    .background {
-      position: fixed;
-      top: 0;
-      right: 0;
-      z-index: 200;
-      height: 100%;
-      width: 100%;
-      background-color: $shop-sidebar-overlay;
-      opacity: 0;
-      transition: opacity $transition-sidebar;
-    }
-
-    &.shown {
-      .background {
-        opacity: 1;
-      }
-
-      .sidebar, .sidebar-footer {
-        margin-right: 0;
-      }
-    }
-
-    .sidebar {
-      position: fixed;
-      top: 0;
-      right: 0;
-      z-index: 210;
-      height: 100%;
-      width: $sidebar-large-width;
-      margin-right: -$sidebar-large-width;
-      background-color: rgba($white, 0.95);
-      padding: 1em;
-      transition: margin $transition-sidebar;
-      overflow-y: scroll;
-
-      .property-selectors {
-        margin-bottom: $sidebar-footer-height + 2em;
-      }
-    }
-
-    .sidebar-footer {
-      background-color: $grey-800;
-      width: $sidebar-large-width;
-      margin-right: -$sidebar-large-width;
-      height: $sidebar-footer-height;
-      position: fixed;
-      bottom: 0;
-      right: 0;
-      transition: margin $transition-sidebar;
-      padding: 1em;
-
-      button {
-        width: 48%;
-      }
-    }
-
-    @include breakpoint(tablet) {
-      .sidebar, .sidebar-footer {
-        width: $sidebar-medium-width;
-        margin-right: -$sidebar-medium-width;
-      }
-    }
-
-    @include breakpoint(mobile) {
-      .sidebar, .sidebar-footer {
-        width: $sidebar-small-width;
-        margin-right: -$sidebar-small-width;
-      }
-    }
-  }
-
   products {
     display: block;
 
@@ -205,11 +124,13 @@ $sidebar-footer-height: 5em;
 
   .open-shop-message {
     a {
-      color: #0096ad;
+      color: $teal-500;
 
-      &:hover, &:focus, &:active {
+      &:hover,
+      &:focus,
+      &:active {
         text-decoration: none;
-        color: #4aadbd;
+        color: $teal-400;
       }
     }
   }
@@ -231,9 +152,10 @@ $sidebar-footer-height: 5em;
     }
   }
 
-  .warning-sign {
-    margin: 0 10px 0 5px;
-    display: inline-block;
+.warning-sign {
+  margin: 0 10px 0 5px;
+  display: inline-block;
+  line-height: 1.9rem;
 
     strong {
       color: $grey-650;
@@ -255,3 +177,9 @@ $sidebar-footer-height: 5em;
     }
   }
 }
+
+.shop-filters-sidebar {
+  .property-selectors {
+    margin-bottom: $sidebar-footer-height + 2em;
+  }
+}

app/assets/stylesheets/darkswarm/shop_search.css.scss

@@ -32,7 +32,7 @@
     padding: 0 2.25em 0 2.75em;
     width: 100%;
     min-width: 0;
-    background: $white url("/assets/icn-search-grey.png") 1em center no-repeat;
+    background: $white image-url("icn-search-grey.png") 1em center no-repeat;
     font-size: 1rem; // avoid zoom on iphone, see issue #4535
 
     &::placeholder {

app/assets/stylesheets/darkswarm/shop_tabs.css.scss

@@ -9,6 +9,7 @@
     color: $dark-grey;
     box-shadow: $distributor-header-shadow;
     position: relative;
+    z-index: 10;
 
     .columns {
       display: flex;

app/assets/stylesheets/darkswarm/shopping-cart.css.scss

@@ -1,140 +0,0 @@
-@import "mixins";
-@import "branding";
-@import "compass/css3/user-interface";
-@import 'variables';
-
-.cart {
-  @include user-select(none);
-
-  .cart-span, .cart-span a {
-    display: inline-block;
-  }
-
-  .cart-span {
-    float: left;
-  }
-
-  .joyride-tip-guide {
-    display: block;
-    right: 0;
-    top: $topbar-height;
-    width: 480px;
-
-    @media screen and (min-width: 641px) {
-      overflow-y: auto;
-      max-height: calc(95vh - 55px);
-    }
-
-    @media screen and (max-width: 640px) {
-      width: 96%;
-    }
-
-    .joyride-nub {
-      right: 22px !important;
-      left: auto;
-    }
-
-    table {
-      width: 100%;
-      border: none;
-      border-spacing: 0px;
-      margin-bottom: 5px;
-
-      tr.total-cart {
-        color: #fff;
-        background-color: #424242;
-
-        td {
-          color: #fff;
-        }
-      }
-
-      tr.product-cart {
-        background-color: #333333;
-        border-top: 1px solid #424242;
-
-        td {
-          padding: 4px 12px;
-          color: #fff;
-        }
-      }
-    }
-
-    .buttons {
-      margin-bottom: 0.1em;
-
-      .button {
-        height: auto;
-        top: 0px;
-      }
-    }
-  }
-}
-
-// Shopping cart
-#update-cart {
-  #errorExplanation {
-    display: none;
-  }
-}
-
-#cart-detail {
-  .cart-item-delete, .bought-item-delete {
-    a {
-      font-size: 1.125em;
-    }
-  }
-
-  .out-of-stock {
-    color: $clr-brick;
-  }
-
-  button, .button {
-    margin: 0;
-  }
-
-  .toggle-bought {
-    cursor: pointer;
-  }
-
-  tr.bought td {
-    color: $med-grey;
-
-    h5 {
-      color: $med-grey;
-    }
-
-    .already-confirmed {
-      float: right;
-    }
-  }
-
-  input {
-    &.ng-invalid-stock, &.ng-invalid-number {
-      border: 1px solid $clr-brick;
-    }
-  }
-}
-
-.item-thumb-image {
-  display: none;
-
-  @media screen and (min-width: 640px) {
-    display: inline-block;
-    float: left;
-    padding-right: 0.5em;
-    width: 36px;
-    height: 36px;
-  }
-}
-
-.links {
-  .button {
-    padding: 1.125rem 0 1.1875rem;
-    width: 210px;
-
-    @media all and (max-width: 480px) {
-      width: 100%;
-    }
-  }
-}

app/assets/stylesheets/darkswarm/ui.css.scss

@@ -124,7 +124,12 @@ button.success, .button.success {
   }
 }
 
-button.large {
+a.button.large {
+  line-height: 2.75em;
+}
+
+button.large,
+a.button.large {
   height: 3em;
   font-size: 1em;
   color: $white;
@@ -158,3 +163,7 @@ button.large {
   padding-right: 0;
   padding-left: 0;
 }
+
+.disable-scroll {
+  overflow: hidden;
+}

app/assets/stylesheets/darkswarm/variables.css.scss

@@ -33,6 +33,11 @@ $topbar-dropdown-link-bg-hover: $white;
 
 $mobile-nav-height: 2.8em;
 
+$sidebar-small-width: 75%;
+$sidebar-medium-width: 65%;
+$sidebar-large-width: 45%;
+$sidebar-footer-height: 5em;
+
 $radius-small: 0.25em;
 $radius-medium: 0.5em;
 

app/assets/stylesheets/mail/email.css.scss

@@ -68,6 +68,10 @@ table.social {
     background-color: white !important;
     border: 1px solid #ebebeb;
   }
+
+  &.fullwidth {
+    width: 100%;
+  }
 }
 
 table.order-summary {

app/controllers/admin/bulk_line_items_controller.rb

@@ -28,7 +28,7 @@ module Admin
       # See https://github.com/rails/rails/blob/3-2-stable/activerecord/lib/active_record/locking/pessimistic.rb#L69
       # and https://www.postgresql.org/docs/current/static/sql-select.html#SQL-FOR-UPDATE-SHARE
       order.with_lock do
-        if @line_item.update_attributes(params[:line_item])
+        if @line_item.update_attributes(line_item_params)
           order.update_distribution_charge!
           render nothing: true, status: :no_content # No Content, does not trigger ng resource auto-update
         else
@@ -79,6 +79,10 @@ module Admin
       @line_item.order
     end
 
+    def line_item_params
+      params.require(:line_item).permit(:price, :quantity, :final_weight_volume)
+    end
+
     def order_permissions
       ::Permissions::Order.new(spree_current_user)
     end

app/controllers/admin/column_preferences_controller.rb

@@ -8,7 +8,6 @@ module Admin
       @cp_set.collection.each { |cp| authorize! :bulk_update, cp }
 
       if @cp_set.save
-        # Return saved VOs with IDs
         render json: @cp_set.collection, each_serializer: Api::Admin::ColumnPreferenceSerializer
       else
         if @cp_set.errors.present?
@@ -21,14 +20,23 @@ module Admin
 
     private
 
+    def permitted_params
+      params.permit(
+        :action_name,
+        column_preferences: [:id, :user_id, :action_name, :column_name, :name, :visible]
+      )
+    end
+
     def load_collection
-      collection_hash = Hash[params[:column_preferences].each_with_index.map { |cp, i| [i, cp] }]
-      collection_hash.select!{ |_i, cp| cp[:action_name] == params[:action_name] }
+      collection_hash = Hash[permitted_params[:column_preferences].
+        each_with_index.map { |cp, i| [i, cp] }]
+      collection_hash.select!{ |_i, cp| cp[:action_name] == permitted_params[:action_name] }
       @cp_set = ColumnPreferenceSet.new @column_preferences, collection_attributes: collection_hash
     end
 
     def collection
-      ColumnPreference.where(user_id: spree_current_user, action_name: params[:action_name])
+      ColumnPreference.where(user_id: spree_current_user,
+                             action_name: permitted_params[:action_name])
     end
 
     def collection_actions

app/controllers/admin/contents_controller.rb

@@ -32,7 +32,8 @@ module Admin
         PreferenceSections::GroupSignupPageSection.new,
         PreferenceSections::MainLinksSection.new,
         PreferenceSections::FooterAndExternalLinksSection.new,
-        PreferenceSections::UserGuideSection.new
+        PreferenceSections::UserGuideSection.new,
+        PreferenceSections::MapSection.new
       ]
     end
   end

app/controllers/admin/customers_controller.rb

@@ -29,7 +29,7 @@ module Admin
     end
 
     def create
-      @customer = Customer.new(params[:customer])
+      @customer = Customer.new(customer_params)
       if user_can_create_customer?
         if @customer.save
           tag_rule_mapping = TagRule.mapping_for(Enterprise.where(id: @customer.enterprise))
@@ -71,7 +71,7 @@ module Admin
 
     def managed_enterprise_id
       @managed_enterprise_id ||= Enterprise.managed_by(spree_current_user).
-        select('enterprises.id').find_by_id(params[:enterprise_id])
+        select('enterprises.id').find_by(id: params[:enterprise_id])
     end
 
     def load_managed_shops
@@ -87,6 +87,19 @@ module Admin
       [:subscription]
     end
 
+    def customer_params
+      params.require(:customer).permit(
+        :enterprise_id, :name, :email, :code, :tag_list,
+        ship_address_attributes: PermittedAttributes::Address.attributes,
+        bill_address_attributes: PermittedAttributes::Address.attributes,
+      )
+    end
+
+    # Used in ResourceController#update
+    def permitted_resource_params
+      customer_params
+    end
+
     def tag_rule_mapping
       TagRule.mapping_for(Enterprise.where(id: managed_enterprise_id))
     end

app/controllers/admin/enterprise_fees_controller.rb

@@ -51,8 +51,8 @@ module Admin
     def collection
       case action
       when :for_order_cycle
-        order_cycle = OrderCycle.find_by_id(params[:order_cycle_id]) if params[:order_cycle_id]
-        coordinator = Enterprise.find_by_id(params[:coordinator_id]) if params[:coordinator_id]
+        order_cycle = OrderCycle.find_by(id: params[:order_cycle_id]) if params[:order_cycle_id]
+        coordinator = Enterprise.find_by(id: params[:coordinator_id]) if params[:coordinator_id]
         order_cycle = OrderCycle.new(coordinator: coordinator) if order_cycle.nil? && coordinator.present?
         enterprises = OpenFoodNetwork::OrderCyclePermissions.new(spree_current_user, order_cycle).visible_enterprises
         EnterpriseFee.for_enterprises(enterprises).order('enterprise_id', 'fee_type', 'name')

app/controllers/admin/enterprise_groups_controller.rb

@@ -28,7 +28,9 @@ module Admin
     def build_resource_with_address
       enterprise_group = build_resource_without_address
       enterprise_group.address = Spree::Address.new
-      enterprise_group.address.country = Spree::Country.find_by_id(Spree::Config[:default_country_id])
+      enterprise_group.address.country = Spree::Country.find_by(
+        id: Spree::Config[:default_country_id]
+      )
       enterprise_group
     end
     alias_method_chain :build_resource, :address
@@ -38,7 +40,7 @@ module Admin
     # The ! version is important to raise a RecordNotFound error.
     def find_resource
       permalink = params[:id] || params[:enterprise_group_id]
-      EnterpriseGroup.find_by_permalink!(permalink)
+      EnterpriseGroup.find_by!(permalink: permalink)
     end
 
     private
@@ -55,5 +57,13 @@ module Admin
     def collection
       EnterpriseGroup.by_position
     end
+
+    def permitted_resource_params
+      params.require(:enterprise_group).permit(
+        :name, :description, :long_description, :on_front_page, :owner_id, :permalink,
+        :email, :website, :facebook, :instagram, :linkedin, :twitter,
+        enterprise_ids: [], address_attributes: PermittedAttributes::Address.attributes
+      )
+    end
   end
 end

app/controllers/admin/enterprise_relationships_controller.rb

@@ -11,7 +11,7 @@ module Admin
     end
 
     def create
-      @enterprise_relationship = EnterpriseRelationship.new params[:enterprise_relationship]
+      @enterprise_relationship = EnterpriseRelationship.new enterprise_relationship_params
 
       if @enterprise_relationship.save
         render text: Api::Admin::EnterpriseRelationshipSerializer.new(@enterprise_relationship).to_json
@@ -25,5 +25,11 @@ module Admin
       @enterprise_relationship.destroy
       render nothing: true
     end
+
+    private
+
+    def enterprise_relationship_params
+      params.require(:enterprise_relationship).permit(:parent_id, :child_id, permissions_list: [])
+    end
   end
 end

app/controllers/admin/enterprise_roles_controller.rb

@@ -7,7 +7,7 @@ module Admin
     end
 
     def create
-      @enterprise_role = EnterpriseRole.new params[:enterprise_role]
+      @enterprise_role = EnterpriseRole.new enterprise_role_params
 
       if @enterprise_role.save
         render text: Api::Admin::EnterpriseRoleSerializer.new(@enterprise_role).to_json
@@ -22,5 +22,11 @@ module Admin
       @enterprise_role.destroy
       render nothing: true
     end
+
+    private
+
+    def enterprise_role_params
+      params.require(:enterprise_role).permit(:user_id, :enterprise_id)
+    end
   end
 end

app/controllers/admin/enterprises_controller.rb

@@ -47,7 +47,7 @@ module Admin
       tag_rules_attributes = params[object_name].delete :tag_rules_attributes
       update_tag_rules(tag_rules_attributes) if tag_rules_attributes.present?
       update_enterprise_notifications
-      if @object.update_attributes(params[object_name])
+      if @object.update_attributes(enterprise_params)
         invoke_callbacks(:update, :after)
         flash[:success] = flash_message_for(@object, :successfully_updated)
         respond_with(@object) do |format|
@@ -115,7 +115,7 @@ module Admin
     def build_resource_with_address
       enterprise = build_resource_without_address
       enterprise.address ||= Spree::Address.new
-      enterprise.address.country ||= Spree::Country.find_by_id(Spree::Config[:default_country_id])
+      enterprise.address.country ||= Spree::Country.find_by(id: Spree::Config[:default_country_id])
       enterprise
     end
     alias_method_chain :build_resource, :address
@@ -123,7 +123,7 @@ module Admin
     # Overriding method on Spree's resource controller,
     # so that resources are found using permalink
     def find_resource
-      Enterprise.find_by_permalink(params[:id])
+      Enterprise.find_by(permalink: params[:id])
     end
 
     private
@@ -139,8 +139,8 @@ module Admin
     def collection
       case action
       when :for_order_cycle
-        @order_cycle = OrderCycle.find_by_id(params[:order_cycle_id]) if params[:order_cycle_id]
-        coordinator = Enterprise.find_by_id(params[:coordinator_id]) if params[:coordinator_id]
+        @order_cycle = OrderCycle.find_by(id: params[:order_cycle_id]) if params[:order_cycle_id]
+        coordinator = Enterprise.find_by(id: params[:coordinator_id]) if params[:coordinator_id]
         @order_cycle = OrderCycle.new(coordinator: coordinator) if @order_cycle.nil? && coordinator.present?
 
         enterprises = OpenFoodNetwork::OrderCyclePermissions.new(spree_current_user, @order_cycle)
@@ -211,7 +211,8 @@ module Admin
       # record is persisted. This problem is compounded by the use of calculators.
       @object.transaction do
         tag_rules_attributes.select{ |_i, attrs| attrs[:type].present? }.each do |_i, attrs|
-          rule = @object.tag_rules.find_by_id(attrs.delete(:id)) || attrs[:type].constantize.new(enterprise: @object)
+          rule = @object.tag_rules.find_by(id: attrs.delete(:id)) ||
+                 attrs[:type].constantize.new(enterprise: @object)
           create_calculator_for(rule, attrs) if rule.type == "TagRule::DiscountOrder" && rule.calculator.nil?
           rule.update_attributes(attrs)
         end
@@ -234,7 +235,9 @@ module Admin
     def check_can_change_bulk_sells
       unless spree_current_user.admin?
         params[:enterprise_set][:collection_attributes].each do |_i, enterprise_params|
-          enterprise_params.delete :sells unless spree_current_user == Enterprise.find_by_id(enterprise_params[:id]).owner
+          unless spree_current_user == Enterprise.find_by(id: enterprise_params[:id]).owner
+            enterprise_params.delete :sells
+          end
         end
       end
     end
@@ -252,7 +255,7 @@ module Admin
     def override_sells
       unless spree_current_user.admin?
         has_hub = spree_current_user.owned_enterprises.is_hub.any?
-        new_enterprise_is_producer = Enterprise.new(params[:enterprise]).is_primary_producer
+        new_enterprise_is_producer = Enterprise.new(enterprise_params).is_primary_producer
         params[:enterprise][:sells] = has_hub && !new_enterprise_is_producer ? 'any' : 'none'
       end
     end
@@ -311,5 +314,14 @@ module Admin
     def ams_prefix_whitelist
       [:index, :basic]
     end
+
+    def enterprise_params
+      PermittedAttributes::Enterprise.new(params).call
+    end
+
+    # Used in ResourceController#create
+    def permitted_resource_params
+      enterprise_params
+    end
   end
 end

app/controllers/admin/inventory_items_controller.rb

@@ -14,14 +14,14 @@ module Admin
 
     private
 
-    # Overriding Spree method to load data from params here so that
+    # Overriding resource_controller method to load data from params here so that
     # we can authorise #create using an object with required attributes
     def build_resource
-      if parent_data.present?
-        parent.public_send(controller_name).build
-      else
-        model_class.new(params[object_name]) # This line changed
-      end
+      model_class.new(permitted_resource_params)
+    end
+
+    def permitted_resource_params
+      params.require(:inventory_item).permit(:enterprise_id, :variant_id, :visible)
     end
   end
 end

app/controllers/admin/manager_invitations_controller.rb

@@ -8,7 +8,7 @@ module Admin
 
       authorize! :edit, @enterprise
 
-      existing_user = Spree::User.find_by_email(@email)
+      existing_user = Spree::User.find_by(email: @email)
 
       if existing_user
         render json: { errors: t('admin.enterprises.invite_manager.user_already_exists') }, status: :unprocessable_entity

app/controllers/admin/order_cycles_controller.rb

@@ -40,7 +40,7 @@ module Admin
     end
 
     def create
-      @order_cycle_form = OrderCycleForm.new(@order_cycle, params, spree_current_user)
+      @order_cycle_form = OrderCycleForm.new(@order_cycle, order_cycle_params, spree_current_user)
 
       if @order_cycle_form.save
         flash[:notice] = I18n.t(:order_cycles_create_notice)
@@ -56,7 +56,7 @@ module Admin
     end
 
     def update
-      @order_cycle_form = OrderCycleForm.new(@order_cycle, params, spree_current_user)
+      @order_cycle_form = OrderCycleForm.new(@order_cycle, order_cycle_params, spree_current_user)
 
       if @order_cycle_form.save
         respond_to do |format|
@@ -145,7 +145,7 @@ module Admin
         preload(:schedules).
         ransack(params[:q]).
         result.
-        accessible_by(spree_current_user)
+        visible_by(spree_current_user)
     end
 
     def load_data_for_index
@@ -164,7 +164,7 @@ module Admin
 
     def require_coordinator
       @order_cycle.coordinator =
-        permitted_coordinating_enterprises_for(@order_cycle).find_by_id(params[:coordinator_id])
+        permitted_coordinating_enterprises_for(@order_cycle).find_by(id: params[:coordinator_id])
       return if params[:coordinator_id] && @order_cycle.coordinator
 
       available_coordinators = permitted_coordinating_enterprises_for(@order_cycle)
@@ -235,5 +235,9 @@ module Admin
     def ams_prefix_whitelist
       [:basic, :index]
     end
+
+    def order_cycle_params
+      PermittedAttributes::OrderCycle.new(params).call
+    end
   end
 end

app/controllers/admin/producer_properties_controller.rb

@@ -11,7 +11,7 @@ module Admin
     end
 
     def load_enterprise
-      @enterprise = Enterprise.find_by_permalink! params[:enterprise_id]
+      @enterprise = Enterprise.find_by! permalink: params[:enterprise_id]
     end
 
     def load_properties

app/controllers/admin/schedules_controller.rb

@@ -3,10 +3,11 @@ require 'order_management/subscriptions/proxy_order_syncer'
 
 module Admin
   class SchedulesController < ResourceController
-    before_filter :check_editable_order_cycle_ids, only: [:create, :update]
+    before_filter :adapt_params, only: [:update]
+    before_filter :editable_order_cycle_ids_for_create, only: [:create]
+    before_filter :editable_order_cycle_ids_for_update, only: [:update]
     before_filter :check_dependent_subscriptions, only: [:destroy]
-    create.after :sync_subscriptions
-    update.after :sync_subscriptions
+    update.after :sync_subscriptions_for_update
 
     respond_to :json
 
@@ -27,6 +28,23 @@ module Admin
       end
     end
 
+    def create
+      return respond_with(@schedule) if params[:order_cycle_ids].blank?
+
+      @schedule.attributes = permitted_resource_params
+
+      if @schedule.save
+        @schedule.order_cycle_ids = params[:order_cycle_ids]
+        @schedule.save!
+
+        sync_subscriptions_for_create
+
+        flash[:success] = flash_message_for(@schedule, :successfully_created)
+      end
+
+      respond_with(@schedule)
+    end
+
     private
 
     def collection
@@ -48,17 +66,43 @@ module Admin
       [:index]
     end
 
-    def check_editable_order_cycle_ids
+    # In this controller, params like params[:name] are moved into
+    #   params[:schedule] becoming params[:schedule][:name].
+    # For some reason in rails 4, this is not happening for params[:order_cycle_ids]
+    #   We do it manually in this filter
+    def adapt_params
+      params[:schedule] = {} if params[:schedule].blank?
+      params[:schedule][:order_cycle_ids] = params[:order_cycle_ids]
+    end
+
+    def editable_order_cycle_ids_for_create
+      return unless params[:order_cycle_ids]
+
+      @existing_order_cycle_ids = []
+      result = editable_order_cycles(params[:order_cycle_ids])
+
+      params[:order_cycle_ids] = result
+    end
+
+    def editable_order_cycle_ids_for_update
       return unless params[:schedule][:order_cycle_ids]
 
-      requested = params[:schedule][:order_cycle_ids]
-      @existing_order_cycle_ids = @schedule.persisted? ? @schedule.order_cycle_ids : []
-      permitted = OrderCycle.where(id: params[:schedule][:order_cycle_ids] | @existing_order_cycle_ids).merge(OrderCycle.managed_by(spree_current_user)).pluck(:id)
+      @existing_order_cycle_ids = @schedule.order_cycle_ids
+      result = editable_order_cycles(params[:schedule][:order_cycle_ids])
+
+      params[:schedule][:order_cycle_ids] = result
+      @schedule.order_cycle_ids = result
+    end
+
+    def editable_order_cycles(requested)
+      permitted = OrderCycle
+        .where(id: params[:order_cycle_ids] | @existing_order_cycle_ids)
+        .merge(OrderCycle.managed_by(spree_current_user))
+        .pluck(:id)
       result = @existing_order_cycle_ids
       result |= (requested & permitted) # add any requested & permitted ids
       result -= ((result & permitted) - requested) # remove any existing and permitted ids that were not specifically requested
-      params[:schedule][:order_cycle_ids] = result
-      @object.order_cycle_ids = result
+      result
     end
 
     def check_dependent_subscriptions
@@ -73,9 +117,19 @@ module Admin
       @permissions = OpenFoodNetwork::Permissions.new(spree_current_user)
     end
 
-    def sync_subscriptions
+    def sync_subscriptions_for_update
       return unless params[:schedule][:order_cycle_ids]
 
+      sync_subscriptions
+    end
+
+    def sync_subscriptions_for_create
+      return unless params[:order_cycle_ids]
+
+      sync_subscriptions
+    end
+
+    def sync_subscriptions
       removed_ids = @existing_order_cycle_ids - @schedule.order_cycle_ids
       new_ids = @schedule.order_cycle_ids - @existing_order_cycle_ids
       return unless removed_ids.any? || new_ids.any?
@@ -84,5 +138,9 @@ module Admin
       syncer = OrderManagement::Subscriptions::ProxyOrderSyncer.new(subscriptions)
       syncer.sync!
     end
+
+    def permitted_resource_params
+      params.require(:schedule).permit(:id, :name)
+    end
   end
 end

app/controllers/admin/stripe_accounts_controller.rb

@@ -28,7 +28,7 @@ module Admin
     def status
       return render json: { status: :stripe_disabled } unless Spree::Config.stripe_connect_enabled
 
-      stripe_account = StripeAccount.find_by_enterprise_id(params[:enterprise_id])
+      stripe_account = StripeAccount.find_by(enterprise_id: params[:enterprise_id])
       return render json: { status: :account_missing } unless stripe_account
 
       authorize! :status, stripe_account

app/controllers/admin/subscription_line_items_controller.rb

@@ -11,7 +11,7 @@ module Admin
     respond_to :json
 
     def build
-      @subscription_line_item.assign_attributes(params[:subscription_line_item])
+      @subscription_line_item.assign_attributes(subscription_line_item_params)
       @subscription_line_item.price_estimate = price_estimate
       render json: @subscription_line_item, serializer: Api::Admin::SubscriptionLineItemSerializer,
              shop: @shop, schedule: @schedule
@@ -24,10 +24,10 @@ module Admin
     end
 
     def load_build_context
-      @shop = Enterprise.managed_by(spree_current_user).find_by_id(params[:shop_id])
-      @schedule = permissions.editable_schedules.find_by_id(params[:schedule_id])
+      @shop = Enterprise.managed_by(spree_current_user).find_by(id: params[:shop_id])
+      @schedule = permissions.editable_schedules.find_by(id: params[:schedule_id])
       @order_cycle = @schedule.andand.current_or_next_order_cycle
-      @variant = variant_if_eligible(params[:subscription_line_item][:variant_id]) if @shop.present?
+      @variant = variant_if_eligible(subscription_line_item_params[:variant_id]) if @shop.present?
     end
 
     def new_actions
@@ -56,7 +56,11 @@ module Admin
     end
 
     def variant_if_eligible(variant_id)
-      OrderManagement::Subscriptions::VariantsList.eligible_variants(@shop).find_by_id(variant_id)
+      OrderManagement::Subscriptions::VariantsList.eligible_variants(@shop).find_by(id: variant_id)
+    end
+
+    def subscription_line_item_params
+      params.require(:subscription_line_item).permit(:quantity, :variant_id)
     end
   end
 end

app/controllers/admin/subscriptions_controller.rb

@@ -64,7 +64,7 @@ module Admin
     private
 
     def save_form_and_render(render_issues = true)
-      form = OrderManagement::Subscriptions::Form.new(@subscription, params[:subscription])
+      form = OrderManagement::Subscriptions::Form.new(@subscription, subscription_params)
       unless form.save
         render json: { errors: form.json_errors }, status: :unprocessable_entity
         return
@@ -148,11 +148,15 @@ module Admin
     # Overriding Spree method to load data from params here so that
     # we can authorise #create using an object with required attributes
     def build_resource
-      Subscription.new(params[:subscription])
+      Subscription.new(subscription_params)
     end
 
     def ams_prefix_whitelist
       [:index]
     end
+
+    def subscription_params
+      PermittedAttributes::Subscription.new(params).call
+    end
   end
 end

app/controllers/admin/variant_overrides_controller.rb

@@ -68,7 +68,7 @@ module Admin
     end
 
     def load_collection
-      collection_hash = Hash[params[:variant_overrides].each_with_index.map { |vo, i| [i, vo] }]
+      collection_hash = Hash[variant_overrides_params.each_with_index.map { |vo, i| [i, vo] }]
       @vo_set = VariantOverrideSet.new @variant_overrides, collection_attributes: collection_hash
     end
 
@@ -76,6 +76,7 @@ module Admin
       @variant_overrides = VariantOverride.
         includes(variant: :product).
         for_hubs(params[:hub_id] || @hubs).
+        references(:variant).
         select { |vo| vo.variant.present? }
     end
 
@@ -91,5 +92,15 @@ module Admin
       full_messages.each { |fm| errors.add(:base, fm) }
       errors
     end
+
+    def variant_overrides_params
+      params.require(:variant_overrides).map do |variant_override|
+        variant_override.permit(
+          :id, :variant_id, :hub_id,
+          :price, :count_on_hand, :sku, :on_demand,
+          :default_stock, :resettable, :tag_list
+        )
+      end
+    end
   end
 end

app/controllers/api/base_controller.rb

@@ -32,6 +32,12 @@ module Api
     use_renderers :json
     check_authorization
 
+    # Temporary measure to help debugging strong_parameters
+    rescue_from ActiveModel::ForbiddenAttributesError, with: :print_params
+    def print_params
+      raise ActiveModel::ForbiddenAttributesError, params.to_s
+    end
+
     def set_jsonp_format
       return unless params[:callback] && request.get?
 
@@ -55,7 +61,7 @@ module Api
         return
       end
 
-      return if @current_api_user = Spree.user_class.find_by_spree_api_key(api_key.to_s)
+      return if @current_api_user = Spree.user_class.find_by(spree_api_key: api_key.to_s)
 
       invalid_api_key
     end

app/controllers/api/enterprise_attachment_controller.rb

@@ -1,3 +1,7 @@
+# frozen_string_literal: true
+
+require 'api/admin/enterprise_serializer'
+
 module Api
   class EnterpriseAttachmentController < Api::BaseController
     class MissingImplementationError < StandardError; end
@@ -25,7 +29,7 @@ module Api
     end
 
     def load_enterprise
-      @enterprise = Enterprise.find_by_permalink(params[:enterprise_id].to_s)
+      @enterprise = Enterprise.find_by(permalink: params[:enterprise_id].to_s)
       raise UnknownEnterpriseAuthorizationActionError if enterprise_authorize_action.blank?
 
       authorize!(enterprise_authorize_action, @enterprise)

app/controllers/api/enterprise_fees_controller.rb

@@ -15,7 +15,7 @@ module Api
     private
 
     def enterprise_fee
-      @enterprise_fee ||= EnterpriseFee.find_by_id params[:id]
+      @enterprise_fee ||= EnterpriseFee.find_by id: params[:id]
     end
   end
 end

app/controllers/api/enterprises_controller.rb

@@ -1,5 +1,5 @@
 module Api
-  class EnterprisesController < BaseController
+  class EnterprisesController < Api::BaseController
     before_filter :override_owner, only: [:create, :update]
     before_filter :check_type, only: :update
     before_filter :override_sells, only: [:create, :update]
@@ -9,8 +9,12 @@ module Api
     def create
       authorize! :create, Enterprise
 
+      # params[:user_ids] breaks the enterprise creation
+      # We remove them from params and save them after creating the enterprise
+      user_ids = params[:enterprise].delete(:user_ids)
       @enterprise = Enterprise.new(params[:enterprise])
       if @enterprise.save
+        @enterprise.user_ids = user_ids
         render text: @enterprise.id, status: :created
       else
         invalid_resource!(@enterprise)
@@ -18,7 +22,7 @@ module Api
     end
 
     def update
-      @enterprise = Enterprise.find_by_permalink(params[:id]) || Enterprise.find(params[:id])
+      @enterprise = Enterprise.find_by(permalink: params[:id]) || Enterprise.find(params[:id])
       authorize! :update, @enterprise
 
       if @enterprise.update_attributes(params[:enterprise])
@@ -29,7 +33,7 @@ module Api
     end
 
     def update_image
-      @enterprise = Enterprise.find_by_permalink(params[:id]) || Enterprise.find(params[:id])
+      @enterprise = Enterprise.find_by(permalink: params[:id]) || Enterprise.find(params[:id])
       authorize! :update, @enterprise
 
       if params[:logo] && @enterprise.update_attributes( logo: params[:logo] )

app/controllers/api/exchange_products_controller.rb

@@ -58,7 +58,7 @@ module Api
     end
 
     def load_data_from_exchange
-      exchange = Exchange.find_by_id(params[:exchange_id])
+      exchange = Exchange.find_by(id: params[:exchange_id])
 
       @order_cycle = exchange.order_cycle
       @incoming = exchange.incoming
@@ -66,10 +66,10 @@ module Api
     end
 
     def load_data_from_other_params
-      @enterprise = Enterprise.find_by_id(params[:enterprise_id])
+      @enterprise = Enterprise.find_by(id: params[:enterprise_id])
 
       if params[:order_cycle_id]
-        @order_cycle = OrderCycle.find_by_id(params[:order_cycle_id])
+        @order_cycle = OrderCycle.find_by(id: params[:order_cycle_id])
       elsif !params[:incoming]
         raise "order_cycle_id is required to list products for new outgoing exchange"
       end

app/controllers/api/order_cycles_controller.rb

@@ -81,11 +81,11 @@ module Api
     end
 
     def distributor
-      @distributor ||= Enterprise.find_by_id(params[:distributor])
+      @distributor ||= Enterprise.find_by(id: params[:distributor])
     end
 
     def order_cycle
-      @order_cycle ||= OrderCycle.find_by_id(params[:id])
+      @order_cycle ||= OrderCycle.find_by(id: params[:id])
     end
 
     def customer