Reload order before updating in Payment callback

The order was being left in an unexpected condition here, it's states are not set and there seem to be some weird issues.

.codeclimate.yml

@@ -2,9 +2,9 @@ version: "2"
 plugins:
   rubocop:
     enabled: true
-    channel: "rubocop-0-76"
+    channel: "rubocop-1-12"
     config:
-      file: ".rubocop_styleguide.yml"
+      file: ".rubocop.yml"
   scss-lint:
     enabled: true
     checks:

.github/workflows/build.yml

@@ -1,28 +1,325 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
-# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
-
 name: Build
 
 on:
+  workflow_dispatch:
   push:
-    branches: [ $default-branch ]
   pull_request:
-    branches: [ $default-branch ]
+
+env:
+  DISABLE_KNAPSACK: true
+  TIMEZONE: UTC
+  COVERAGE: true
 
 jobs:
-  test:
-
+  test-controllers-and-serializers:
     runs-on: ubuntu-18.04
-
+    services:
+      postgres:
+        image: postgres:10
+        ports: ["5432:5432"]
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        env:
+          POSTGRES_DB: open_food_network_test
+          POSTGRES_USER: ofn
+          POSTGRES_PASSWORD: f00d
     steps:
-    - uses: actions/checkout@v2
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        bundler-cache: true # runs 'bundle install' and caches installed gems automatically
-    - name: Run tests
-      run: bundle exec rspec spec/queries
+      - uses: actions/checkout@v2
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '14.15.5'
+
+      - name: Install JS dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Set up application.yml
+        run: cp config/application.yml.example config/application.yml
+
+      - name: Set up database
+        run: |
+          bundle exec rake db:create RAILS_ENV=test
+          bundle exec rake db:schema:load RAILS_ENV=test
+
+      - name: Run controller tests
+        run: bundle exec rspec --profile -- spec/controllers spec/serializers
+
+      - name: Codecov
+        uses: codecov/codecov-action@v1.3.1
+
+  test-models:
+    runs-on: ubuntu-18.04
+    services:
+      postgres:
+        image: postgres:10
+        ports: ["5432:5432"]
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        env:
+          POSTGRES_DB: open_food_network_test
+          POSTGRES_USER: ofn
+          POSTGRES_PASSWORD: f00d
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '14.15.5'
+
+      - name: Install JS dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Set up application.yml
+        run: cp config/application.yml.example config/application.yml
+
+      - name: Set up database
+        run: |
+          bundle exec rake db:create RAILS_ENV=test
+          bundle exec rake db:schema:load RAILS_ENV=test
+
+      - name: Run tests
+        run: bundle exec rspec --profile -- spec/models
+
+      - name: Codecov
+        uses: codecov/codecov-action@v1.3.1
+
+  test-admin-features-1:
+    runs-on: ubuntu-18.04
+    services:
+      postgres:
+        image: postgres:10
+        ports: ["5432:5432"]
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        env:
+          POSTGRES_DB: open_food_network_test
+          POSTGRES_USER: ofn
+          POSTGRES_PASSWORD: f00d
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '14.15.5'
+
+      - name: Install JS dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Set up application.yml
+        run: cp config/application.yml.example config/application.yml
+
+      - name: Set up database
+        run: |
+          bundle exec rake db:create RAILS_ENV=test
+          bundle exec rake db:schema:load RAILS_ENV=test
+
+      - name: Run admin feature tests
+        run: bundle exec rspec --profile -- spec/features/admin/[a-o0-9]*_spec.rb
+
+      - name: Codecov
+        uses: codecov/codecov-action@v1.3.1
+
+  test-admin-features-2:
+    runs-on: ubuntu-18.04
+    services:
+      postgres:
+        image: postgres:10
+        ports: ["5432:5432"]
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        env:
+          POSTGRES_DB: open_food_network_test
+          POSTGRES_USER: ofn
+          POSTGRES_PASSWORD: f00d
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '14.15.5'
+
+      - name: Install JS dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Set up application.yml
+        run: cp config/application.yml.example config/application.yml
+
+      - name: Set up database
+        run: |
+          bundle exec rake db:create RAILS_ENV=test
+          bundle exec rake db:schema:load RAILS_ENV=test
+
+      - name: Run admin feature tests
+        run: bundle exec rspec --profile -- spec/features/admin/[p-z]*_spec.rb
+
+      - name: Codecov
+        uses: codecov/codecov-action@v1.3.1
+
+  test-consumer-features:
+    runs-on: ubuntu-18.04
+    services:
+      postgres:
+        image: postgres:10
+        ports: ["5432:5432"]
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        env:
+          POSTGRES_DB: open_food_network_test
+          POSTGRES_USER: ofn
+          POSTGRES_PASSWORD: f00d
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '14.15.5'
+
+      - name: Install JS dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Set up application.yml
+        run: cp config/application.yml.example config/application.yml
+
+      - name: Set up database
+        run: |
+          bundle exec rake db:create RAILS_ENV=test
+          bundle exec rake db:schema:load RAILS_ENV=test
+
+      - name: Run consumer feature tests
+        run: bundle exec rspec --profile -- spec/features/consumer
+
+      - name: Codecov
+        uses: codecov/codecov-action@v1.3.1
+
+  test-engines-etc:
+    runs-on: ubuntu-18.04
+    services:
+      postgres:
+        image: postgres:10
+        ports: ["5432:5432"]
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        env:
+          POSTGRES_DB: open_food_network_test
+          POSTGRES_USER: ofn
+          POSTGRES_PASSWORD: f00d
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '14.15.5'
+
+      - name: Install JS dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Set up application.yml
+        run: cp config/application.yml.example config/application.yml
+
+      - name: Set up database
+        run: |
+          bundle exec rake db:create RAILS_ENV=test
+          bundle exec rake db:schema:load RAILS_ENV=test
+
+      - name: Run JS tests
+        run: RAILS_ENV=test bundle exec rake karma:run
+
+      # Migration tests need to be run in a separate task.
+      # See: https://github.com/openfoodfoundation/openfoodnetwork/pull/6924#issuecomment-813056525
+      - name: Run migration tests
+        run: bundle exec rspec --pattern "spec/{migrations}/**/*_spec.rb"
+
+      - name: Run all other tests
+        run: bundle exec rake ofn:specs:run:excluding_folders["models,controllers,serializers,features,lib,migrations"]
+
+  test-the-rest:
+    runs-on: ubuntu-18.04
+    services:
+      postgres:
+        image: postgres:10
+        ports: ["5432:5432"]
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+        env:
+          POSTGRES_DB: open_food_network_test
+          POSTGRES_USER: ofn
+          POSTGRES_PASSWORD: f00d
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '14.15.5'
+
+      - name: Install JS dependencies
+        run: yarn install --frozen-lockfile
+
+      - name: Set up application.yml
+        run: cp config/application.yml.example config/application.yml
+
+      - name: Set up database
+        run: |
+          bundle exec rake db:create RAILS_ENV=test
+          bundle exec rake db:schema:load RAILS_ENV=test
+
+      - name: Run admin feature folders, engines, lib
+        run: bundle exec rspec --profile --pattern "engines/*/spec/{,/*/**}/*_spec.rb,spec/features/admin/*/*_spec.rb,spec/lib/{,/*/**}/*_spec.rb"
+
+      - name: Codecov
+        uses: codecov/codecov-action@v1.3.1

.gitignore

@@ -31,6 +31,7 @@ app/public
 public/system
 public/stylesheets
 public/images
+public/files
 public/spree
 public/assets
 config/abr.yml
@@ -46,3 +47,4 @@ coverage
 /reports/
 !/reports/README.md
 bin/
+/spec/components/stories/**/*.stories.json

.rspec

@@ -1,2 +0,0 @@
---colour
---format Fuubar

.rubocop.yml

@@ -10,8 +10,8 @@ inherit_from:
   # The automatically generated todo list to ignore all current violations.
   - .rubocop_todo.yml
 
-  # Our Open Food Network style guide. It's used by Code Climate. If you want to see all violations,
-  # then use only that configuration (like Code Climate):
+  # Our Open Food Network style guide. If you want to see all violations,
+  # then use only that configuration:
   #
   #     bundle exec rubocop -c .rubocop_styleguide.yml
   #

.rubocop_manual_todo.yml

@@ -21,6 +21,25 @@
 Layout/LineLength:
   Max: 100
   Exclude:
+  - app/controllers/spree/admin/products_controller.rb
+  - app/controllers/spree/admin/reports_controller.rb
+  - app/controllers/spree/paypal_controller.rb
+  - engines/order_management/spec/services/order_management/order/stripe_sca_payment_authorize_spec.rb
+  - engines/order_management/spec/services/order_management/order/updater_spec.rb
+  - engines/order_management/spec/services/order_management/reports/bulk_coop/bulk_coop_report_spec.rb
+  - lib/open_food_network/reports/line_items.rb
+  - spec/controllers/spree/admin/orders/invoices_spec.rb
+  - spec/controllers/spree/admin/tax_rates_controller_spec.rb
+  - spec/controllers/user_passwords_controller_spec.rb
+  - spec/features/admin/configuration/general_settings_spec.rb
+  - spec/features/consumer/shopping/unit_price_spec.rb
+  - spec/helpers/admin/orders_helper_spec.rb
+  - spec/lib/open_food_network/order_cycle_management_report_spec.rb
+  - spec/lib/stripe/authorize_response_patcher_spec.rb
+  - spec/services/bulk_invoice_service_spec.rb
+  - spec/services/content_sanitizer_spec.rb
+  - spec/services/process_payment_intent_spec.rb
+  - spec/support/features/datepicker_helper.rb
   - app/controllers/admin/bulk_line_items_controller.rb
   - app/controllers/admin/contents_controller.rb
   - app/controllers/admin/customers_controller.rb
@@ -230,7 +249,6 @@ Layout/LineLength:
   - spec/lib/open_food_network/products_and_inventory_report_spec.rb
   - spec/lib/open_food_network/scope_variant_to_hub_spec.rb
   - spec/lib/open_food_network/tag_rule_applicator_spec.rb
-  - spec/lib/open_food_network/user_balance_calculator_spec.rb
   - spec/lib/open_food_network/users_and_enterprises_report_spec.rb
   - spec/lib/open_food_network/xero_invoices_report_spec.rb
   - spec/lib/spree/core/calculated_adjustments_spec.rb
@@ -329,6 +347,29 @@ Layout/LineLength:
 Metrics/AbcSize:
   Max: 15
   Exclude:
+  - app/controllers/admin/schedules_controller.rb
+  - app/controllers/checkout_controller.rb
+  - app/controllers/spree/admin/general_settings_controller.rb
+  - app/controllers/spree/admin/images_controller.rb
+  - app/controllers/spree/admin/mail_methods_controller.rb
+  - app/controllers/spree/admin/shipping_methods_controller.rb
+  - app/controllers/spree/paypal_controller.rb
+  - app/helpers/spree/base_helper.rb
+  - app/jobs/subscription_placement_job.rb
+  - app/models/order_cycle.rb
+  - app/models/product_import/unit_converter.rb
+  - app/models/spree/gateway/pay_pal_express.rb
+  - app/serializers/api/admin/enterprise_serializer.rb
+  - app/services/order_factory.rb
+  - app/services/variants_stock_levels.rb
+  - engines/order_management/app/services/order_management/subscriptions/form.rb
+  - lib/open_food_network/enterprise_fee_calculator.rb
+  - lib/open_food_network/order_grouper.rb
+  - lib/spree/core/controller_helpers/auth.rb
+  - lib/spree/core/controller_helpers/common.rb
+  - lib/spree/core/product_duplicator.rb
+  - lib/stripe/authorize_response_patcher.rb
+  - lib/stripe/profile_storer.rb
   - app/controllers/admin/bulk_line_items_controller.rb
   - app/controllers/admin/customers_controller.rb
   - app/controllers/admin/enterprise_fees_controller.rb
@@ -468,7 +509,7 @@ Metrics/AbcSize:
 
 Metrics/BlockLength:
   Max: 25
-  ExcludedMethods: [
+  IgnoredMethods: [
     "class_eval",
     "collection",
     "context",
@@ -482,6 +523,8 @@ Metrics/BlockLength:
     "scenario"
   ]
   Exclude:
+  - spec/features/admin/order_cycles/complex_updating_specific_time_spec.rb
+  - spec/features/admin/tag_rules_spec.rb
   - app/models/spree/order/checkout.rb
   - app/models/spree/payment/processing.rb
   - app/models/spree/shipment.rb
@@ -514,6 +557,27 @@ Metrics/BlockLength:
 Metrics/CyclomaticComplexity:
   Max: 6
   Exclude:
+  - app/controllers/admin/resource_controller.rb
+  - app/controllers/spree/admin/payment_methods_controller.rb
+  - app/controllers/spree/admin/payments_controller.rb
+  - app/controllers/spree/admin/products_controller.rb
+  - app/controllers/spree/admin/users_controller.rb
+  - app/models/product_import/entry_validator.rb
+  - app/models/spree/order_inventory.rb
+  - app/models/spree/order.rb
+  - app/models/spree/shipment.rb
+  - app/models/spree/tax_rate.rb
+  - app/models/spree/variant.rb
+  - engines/order_management/app/services/order_management/reports/enterprise_fee_summary/parameters.rb
+  - lib/active_merchant/billing/gateways/stripe_decorator.rb
+  - lib/open_food_network/group_buy_report.rb
+  - lib/open_food_network/order_cycle_form_applicator.rb
+  - lib/open_food_network/order_cycle_permissions.rb
+  - lib/open_food_network/payments_report.rb
+  - lib/spree/core/controller_helpers/common.rb
+  - lib/stripe/authorize_response_patcher.rb
+  - lib/stripe/credit_card_clone_destroyer.rb
+  - spec/support/i18n_translations_checker.rb
   - app/controllers/admin/enterprise_fees_controller.rb
   - app/controllers/admin/enterprises_controller.rb
   - app/controllers/spree/admin/taxons_controller.rb
@@ -552,6 +616,18 @@ Metrics/CyclomaticComplexity:
 Metrics/PerceivedComplexity:
   Max: 7
   Exclude:
+  - app/controllers/spree/admin/payment_methods_controller.rb
+  - app/controllers/spree/admin/payments_controller.rb
+  - app/controllers/spree/admin/users_controller.rb
+  - app/models/product_import/entry_validator.rb
+  - app/models/spree/order_inventory.rb
+  - app/models/spree/shipment.rb
+  - app/models/spree/variant.rb
+  - lib/active_merchant/billing/gateways/stripe_decorator.rb
+  - lib/open_food_network/group_buy_report.rb
+  - lib/open_food_network/order_cycle_form_applicator.rb
+  - lib/open_food_network/order_cycle_permissions.rb
+  - lib/open_food_network/payments_report.rb
   - app/controllers/admin/enterprises_controller.rb
   - app/controllers/api/variants_controller.rb
   - app/controllers/spree/admin/taxons_controller.rb
@@ -702,10 +778,18 @@ Metrics/MethodLength:
   - spec/features/consumer/shopping/variant_overrides_spec.rb
   - spec/models/product_importer_spec.rb
   - spec/support/i18n_translations_checker.rb
+  - app/controllers/admin/bulk_line_items_controller.rb
+  - app/controllers/spree/paypal_controller.rb
+  - app/jobs/subscription_placement_job.rb
+  - app/models/spree/gateway/pay_pal_express.rb
 
 Metrics/ClassLength:
   Max: 100
   Exclude:
+  - app/controllers/admin/customers_controller.rb
+  - app/controllers/spree/admin/payments_controller.rb
+  - app/controllers/spree/paypal_controller.rb
+  - engines/order_management/app/services/order_management/order/updater.rb
   - app/controllers/admin/enterprises_controller.rb
   - app/controllers/admin/order_cycles_controller.rb
   - app/controllers/admin/resource_controller.rb
@@ -764,6 +848,7 @@ Metrics/ModuleLength:
   - app/models/spree/payment/processing.rb
   - engines/order_management/spec/services/order_management/subscriptions/proxy_order_syncer_spec.rb
   - engines/order_management/spec/services/order_management/subscriptions/validator_spec.rb
+  - engines/order_management/spec/services/order_management/subscriptions/summary_spec.rb
   - lib/open_food_network/column_preference_defaults.rb
   - spec/controllers/admin/order_cycles_controller_spec.rb
   - spec/controllers/api/orders_controller_spec.rb

.rubocop_styleguide.yml

@@ -1,11 +1,10 @@
 # Our Open Food Network style guide.
 #
-# These are the rules we agreed upon and we work towards. Code Climate uses
-# these rules to rate our code and detect new violations. But when you run
-# rubocop locally, the default configuration file `.rubocop.yml` loads
-# our "todo lists" to ignore all current violations.
+# These are the rules we agreed upon and we work towards.
 AllCops:
-  TargetRailsVersion: 4.0
+  NewCops: disable
+  SuggestExtensions: false
+  TargetRailsVersion: 5.0
   Exclude:
     - 'bin/**/*'
     - 'db/**/*'
@@ -183,7 +182,7 @@ Metrics/AbcSize:
 
 Metrics/BlockLength:
   Max: 25
-  ExcludedMethods: [
+  IgnoredMethods: [
     "class_eval",
     "collection",
     "context",
@@ -217,3 +216,6 @@ Metrics/ParameterLists:
 
 Metrics/PerceivedComplexity:
   Max: 7
+
+Naming/PredicateName:
+  Enabled: false

.ruby-version

@@ -1 +1 @@
-2.4.4
+2.5.8

.simplecov

@@ -1,8 +1,5 @@
-# frozen_string_literal: true
+#!/bin/env ruby
 
-require 'simplecov'
-
-SimpleCov.minimum_coverage 54
 SimpleCov.start 'rails' do
   add_filter '/bin/'
   add_filter '/config/'
@@ -16,4 +13,8 @@ SimpleCov.start 'rails' do
   add_filter '/script'
   add_filter '/log'
   add_filter '/db'
+  add_filter '/lib/tasks/sample_data/'
 end
+
+require 'codecov'
+SimpleCov.formatter = SimpleCov::Formatter::Codecov

.storybook/main.js

@@ -0,0 +1,7 @@
+module.exports = {
+  stories: ['../spec/components/stories/**/*.stories.json'],
+  addons: [
+    '@storybook/addon-docs',
+    '@storybook/addon-controls',
+  ],
+};

.storybook/preview-head.html

@@ -0,0 +1,2 @@
+<link href='https://fonts.googleapis.com/css?family=Roboto:400,300italic,400italic,300,700,700italic|Oswald:300,400,700' rel='stylesheet' type='text/css'>
+<link rel="stylesheet" media="screen" href="http://localhost:3000/assets/darkswarm/all.css" />

.storybook/preview.js

@@ -0,0 +1,5 @@
+export const parameters = {
+  server: {
+    url: `http://localhost:3000/rails/stories`,
+  },
+};

GETTING_STARTED.md

@@ -6,12 +6,13 @@ This is a general guide to setting up an Open Food Network **development environ
 
 The fastest way to make it work locally is to use Docker, you only need to setup git, see the [Docker setup guide](docker/README.md).
 Otherwise, for a local setup you will need:
-* Ruby 2.3.7 and bundler
+* Ruby 2.4.4 and bundler (check current Ruby version in [.ruby-version](https://github.com/openfoodfoundation/openfoodnetwork/blob/master/.ruby-version) file)
 * PostgreSQL database
 * Chrome (for testing)
 
 The following guides will provide OS-specific step-by-step instructions to get these requirements installed:
 - [Ubuntu Setup Guide][ubuntu]
+- [Debian Setup Guide][debian]
 - [OSX Setup Guide][osx]
 
 If you are likely to need to manage multiple version of ruby on your local machine, we recommend version managers such as [rbenv](https://github.com/rbenv/rbenv) or [RVM](https://rvm.io/).
@@ -20,7 +21,7 @@ For those new to Rails, the following tutorial will help get you up to speed wit
 
 ### Get it
 
-If you're planning on contributing code to the project (which we [LOVE](CONTRIBUTING.md)), it is a good idea to begin by forking this repo using the `Fork` button in the top-right corner of this screen. You should then be able to use `git clone` to copy your fork onto your local machine.
+So you have set up your local environment according to the requirements listed above. If you're planning on contributing code to the project (which we [LOVE](CONTRIBUTING.md)), it is a good idea to begin by forking this repo using the `Fork` button in the top-right corner of this screen. You should then be able to use `git clone` to copy your fork onto your local machine:
 
     git clone https://github.com/YOUR_GITHUB_USERNAME_HERE/openfoodnetwork
 
@@ -116,6 +117,7 @@ If these commands succeed, you should be able to [continue the setup process](#g
 [developer-wiki]: https://github.com/openfoodfoundation/openfoodnetwork/wiki
 [osx]: https://github.com/openfoodfoundation/openfoodnetwork/wiki/Development-Environment-Setup:-OS-X
 [ubuntu]: https://github.com/openfoodfoundation/openfoodnetwork/wiki/Development-Environment-Setup:-Ubuntu
+[debian]: https://github.com/openfoodfoundation/openfoodnetwork/wiki/Development-Environment-Setup:-Debian
 [wiki]: https://github.com/openfoodfoundation/openfoodnetwork/wiki
 [zeus]: https://github.com/burke/zeus
 [rubocop]: https://rubocop.readthedocs.io/en/latest/

Gemfile

@@ -1,48 +1,27 @@
 # frozen_string_literal: true
 
 source 'https://rubygems.org'
-ruby "2.4.4"
+ruby "2.5.8"
 git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" }
 
-plugin 'bootboot', '~> 0.1.1' unless Bundler.settings[:frozen]
-Plugin.__send__(:load_plugin, 'bootboot') if Plugin.installed?('bootboot')
+gem 'rails', '~> 5.0.0'
 
-if ENV['DEPENDENCIES_NEXT']
-  enable_dual_booting if Plugin.installed?('bootboot')
-
-  # This will only be loaded when running
-  # bundler command prefixed with `DEPENDENCIES_NEXT=1
-  gem 'rails', '> 5.0', '< 5.1'
-
-  gem 'activemerchant', '>= 1.78.0'
-  gem 'angular-rails-templates', '>= 0.3.0', '< 1.1.0'
-  gem 'awesome_nested_set'
-  gem 'rails-controller-testing'
-  gem 'ransack', '2.3.0'
-  gem 'responders'
-else
-  gem 'rails', '~> 4.2'
-
-  gem 'activemerchant', '~> 1.78.0'
-  gem 'angular-rails-templates', '~> 0.3.0'
-  gem 'awesome_nested_set', '~> 3.3.1'
-  gem 'ransack', '~> 1.8.10'
-  gem 'responders', '~> 2.0'
-
-  gem 'db2fog'
-  gem 'unicorn'
-
-  group :test do
-    gem 'test_after_commit' # needed to test Devise callbacks
-  end
-end
+gem 'activemerchant', '>= 1.78.0'
+gem 'angular-rails-templates', '>= 0.3.0'
+gem 'awesome_nested_set'
+gem 'ransack', '2.3.0'
+gem 'responders'
+gem 'sass', '<= 4.7.1'
+gem 'sass-rails', '< 6.0.0'
 
 gem 'i18n'
-gem 'i18n-js', '~> 3.8.0'
+gem 'i18n-js', '~> 3.8.2'
 gem 'rails-i18n'
 gem 'rails_safe_tasks', '~> 1.0'
 
 gem "activerecord-import"
+gem "db2fog", github: "openfoodfoundation/db2fog", branch: "rails-5"
+gem "fog-aws", ">= 0.6.0"
 
 gem "catalog", path: "./engines/catalog"
 gem 'dfc_provider', path: './engines/dfc_provider'
@@ -52,12 +31,12 @@ gem 'web', path: './engines/web'
 gem 'activerecord-postgresql-adapter'
 gem 'pg', '~> 0.21.0'
 
-gem 'acts_as_list', '0.9.19'
-gem 'cancancan', '~> 1.7.0'
+gem 'acts_as_list', '1.0.4'
+gem 'cancancan', '~> 1.15.0'
 gem 'ffaker'
 gem 'highline', '2.0.3' # Necessary for the install generator
 gem 'json'
-gem 'monetize', '~> 1.10'
+gem 'monetize', '~> 1.11'
 gem 'paranoia', '~> 2.4'
 gem 'state_machines-activerecord'
 gem 'stringex', '~> 2.8.5'
@@ -69,7 +48,7 @@ gem 'devise'
 gem 'devise-encryptable'
 gem 'devise-token_authenticatable'
 gem 'jwt', '~> 2.2'
-gem 'oauth2', '~> 1.4.4' # Used for Stripe Connect
+gem 'oauth2', '~> 1.4.7' # Used for Stripe Connect
 
 gem 'daemons'
 gem 'delayed_job_active_record'
@@ -89,7 +68,7 @@ gem 'actionpack-action_caching'
 #   AMS is deprecated, we will introduce an alternative at some point
 gem "active_model_serializers", "0.8.4"
 gem 'activerecord-session_store'
-gem 'acts-as-taggable-on', '~> 4.0'
+gem 'acts-as-taggable-on', '~> 7.0'
 gem 'angularjs-file-upload-rails', '~> 2.4.1'
 gem 'custom_error_message', github: 'jeremydurham/custom-err-msg'
 gem 'dalli'
@@ -116,15 +95,12 @@ gem 'test-unit', '~> 3.4'
 gem 'coffee-rails', '~> 4.2.2'
 gem 'compass-rails'
 
-gem 'libv8', '< 8'
-gem 'mini_racer', '0.2.15'
+gem 'mini_racer', '0.4.0'
 
 gem 'uglifier', '>= 1.0.3'
 
 gem 'angular_rails_csrf'
 gem 'foundation-icons-sass-rails'
-gem 'sass', '<= 4.7.1'
-gem 'sass-rails', '< 6.0.0'
 
 gem 'foundation-rails', '= 5.5.2.1'
 
@@ -135,6 +111,14 @@ gem 'select2-rails', '~> 3.4.7'
 
 gem 'ofn-qz', github: 'openfoodfoundation/ofn-qz', branch: 'ofn-rails-4'
 
+gem 'good_migrations'
+
+gem 'flipper'
+gem 'flipper-active_record'
+gem 'flipper-ui'
+
+gem "view_component", require: "view_component/engine"
+
 group :production, :staging do
   gem 'ddtrace'
   gem 'unicorn-worker-killer'
@@ -144,9 +128,10 @@ group :test, :development do
   # Pretty printed test output
   gem 'atomic'
   gem 'awesome_print'
+  gem 'bullet'
   gem 'capybara'
   gem 'database_cleaner', require: false
-  gem "factory_bot_rails", '5.2.0', require: false
+  gem "factory_bot_rails", '6.1.0', require: false
   gem 'fuubar', '~> 2.5.1'
   gem 'json_spec', '~> 1.1.4'
   gem 'knapsack'
@@ -162,9 +147,11 @@ group :test, :development do
 end
 
 group :test do
+  gem 'codecov', require: false
   gem 'simplecov', require: false
   gem 'test-prof'
   gem 'webmock'
+  gem 'rails-controller-testing'
   # See spec/spec_helper.rb for instructions
   # gem 'perftools.rb'
 end
@@ -179,6 +166,8 @@ group :development do
   gem 'spring'
   gem 'spring-commands-rspec'
 
+  gem "view_component_storybook", require: "view_component/storybook/engine"
+
   # 1.0.9 fixed openssl issues on macOS https://github.com/eventmachine/eventmachine/issues/602
   # While we don't require this gem directly, no dependents forced the upgrade to a version
   # greater than 1.0.9, so we just required the latest available version here.

Gemfile.lock

@@ -4,6 +4,16 @@ GIT
   specs:
     custom_error_message (1.1.1)
 
+GIT
+  remote: https://github.com/openfoodfoundation/db2fog.git
+  revision: 8ceef362c64e6573d62d26db5ebb0c0f33cd3d61
+  branch: rails-5
+  specs:
+    db2fog (0.9.1)
+      activerecord (>= 3.2.0, < 6.0)
+      fog-core (~> 1.0)
+      rails (>= 3.2.0, < 6.0)
+
 GIT
   remote: https://github.com/openfoodfoundation/ofn-qz.git
   revision: 467f6ea1c44529c7c91cac4c8211bbd863588c0b
@@ -37,45 +47,47 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    CFPropertyList (2.3.6)
-    actionmailer (4.2.11.3)
-      actionpack (= 4.2.11.3)
-      actionview (= 4.2.11.3)
-      activejob (= 4.2.11.3)
+    actioncable (5.0.7.2)
+      actionpack (= 5.0.7.2)
+      nio4r (>= 1.2, < 3.0)
+      websocket-driver (~> 0.6.1)
+    actionmailer (5.0.7.2)
+      actionpack (= 5.0.7.2)
+      actionview (= 5.0.7.2)
+      activejob (= 5.0.7.2)
       mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
-    actionpack (4.2.11.3)
-      actionview (= 4.2.11.3)
-      activesupport (= 4.2.11.3)
-      rack (~> 1.6)
-      rack-test (~> 0.6.2)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-dom-testing (~> 2.0)
+    actionpack (5.0.7.2)
+      actionview (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
+      rack (~> 2.0)
+      rack-test (~> 0.6.3)
+      rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
     actionpack-action_caching (1.2.1)
       actionpack (>= 4.0.0)
-    actionview (4.2.11.3)
-      activesupport (= 4.2.11.3)
+    actionview (5.0.7.2)
+      activesupport (= 5.0.7.2)
       builder (~> 3.1)
       erubis (~> 2.7.0)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.3)
     active_model_serializers (0.8.4)
       activemodel (>= 3.0)
-    activejob (4.2.11.3)
-      activesupport (= 4.2.11.3)
-      globalid (>= 0.3.0)
-    activemerchant (1.78.0)
-      activesupport (>= 3.2.14, < 6.x)
+    activejob (5.0.7.2)
+      activesupport (= 5.0.7.2)
+      globalid (>= 0.3.6)
+    activemerchant (1.119.0)
+      activesupport (>= 4.2)
       builder (>= 2.1.2, < 4.0.0)
       i18n (>= 0.6.9)
       nokogiri (~> 1.4)
-    activemodel (4.2.11.3)
-      activesupport (= 4.2.11.3)
-      builder (~> 3.1)
-    activerecord (4.2.11.3)
-      activemodel (= 4.2.11.3)
-      activesupport (= 4.2.11.3)
-      arel (~> 6.0)
+    activemodel (5.0.7.2)
+      activesupport (= 5.0.7.2)
+    activerecord (5.0.7.2)
+      activemodel (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
+      arel (~> 7.0)
     activerecord-import (1.0.8)
       activerecord (>= 3.2)
     activerecord-postgresql-adapter (0.0.1)
@@ -86,60 +98,62 @@ GEM
       multi_json (~> 1.11, >= 1.11.2)
       rack (>= 1.5.2, < 3)
       railties (>= 4.0)
-    activesupport (4.2.11.3)
-      i18n (~> 0.7)
+    activesupport (5.0.7.2)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
       minitest (~> 5.1)
-      thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
-    acts-as-taggable-on (4.0.0)
-      activerecord (>= 4.0)
-    acts_as_list (0.9.19)
-      activerecord (>= 3.0)
+    acts-as-taggable-on (7.0.0)
+      activerecord (>= 5.0, < 6.2)
+    acts_as_list (1.0.4)
+      activerecord (>= 4.2)
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
-    aliyun-sdk (0.8.0)
-      nokogiri (~> 1.6)
-      rest-client (~> 2.0)
     andand (1.3.3)
-    angular-rails-templates (0.3.0)
-      railties (>= 3.1)
-      sprockets (~> 2.0)
+    angular-rails-templates (1.1.0)
+      railties (>= 4.2, < 7)
+      sprockets (>= 3.0, < 5)
       tilt
-    angular_rails_csrf (4.2.0)
+    angular_rails_csrf (4.5.0)
       railties (>= 3, < 7)
     angularjs-file-upload-rails (2.4.1)
     angularjs-rails (1.5.5)
-    arel (6.0.4)
+    arel (7.1.4)
     ast (2.4.2)
     atomic (1.1.101)
-    awesome_nested_set (3.3.1)
+    awesome_nested_set (3.4.0)
       activerecord (>= 4.0.0, < 7.0)
-    awesome_print (1.8.0)
+    awesome_print (1.9.2)
     aws-sdk (1.67.0)
       aws-sdk-v1 (= 1.67.0)
     aws-sdk-v1 (1.67.0)
       json (~> 1.4)
       nokogiri (~> 1)
     bcrypt (3.1.16)
-    bugsnag (6.19.0)
+    bugsnag (6.20.0)
       concurrent-ruby (~> 1.0)
     builder (3.2.4)
+    bullet (6.1.4)
+      activesupport (>= 3.0.0)
+      uniform_notifier (~> 1.11)
     byebug (11.1.3)
-    cancancan (1.7.1)
-    capybara (3.32.2)
+    cancancan (1.15.0)
+    capybara (3.35.3)
       addressable
       mini_mime (>= 0.1.3)
       nokogiri (~> 1.8)
       rack (>= 1.6.0)
       rack-test (>= 0.6.3)
-      regexp_parser (~> 1.5)
+      regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
     childprocess (3.0.0)
     chronic (0.10.2)
-    chunky_png (1.3.14)
+    chunky_png (1.4.0)
     climate_control (0.2.0)
     cocaine (0.5.8)
       climate_control (>= 0.0.3, < 1.0)
+    codecov (0.5.1)
+      simplecov (>= 0.15, < 0.22)
     coderay (1.1.3)
     coffee-rails (4.2.2)
       coffee-script (>= 2.2.0)
@@ -175,19 +189,16 @@ GEM
     daemons (1.3.1)
     dalli (2.7.11)
     database_cleaner (1.99.0)
-    db2fog (0.9.0)
-      activerecord (>= 3.2.0, < 5.0)
-      fog (~> 1.0)
-      rails (>= 3.2.0, < 5.0)
-    ddtrace (0.45.0)
+    ddtrace (0.48.0)
+      ffi (~> 1.0)
       msgpack
     debugger-linecache (1.2.0)
     delayed_job (4.1.9)
       activesupport (>= 3.0, < 6.2)
-    delayed_job_active_record (4.1.5)
+    delayed_job_active_record (4.1.6)
       activerecord (>= 3.0, < 6.2)
       delayed_job (>= 3.0, < 5)
-    delayed_job_web (1.4.3)
+    delayed_job_web (1.4.4)
       activerecord (> 3.0.0)
       delayed_job (> 2.0.3)
       rack-protection (>= 1.5.5)
@@ -203,172 +214,47 @@ GEM
     devise-token_authenticatable (1.1.0)
       devise (>= 4.0.0, < 5.0.0)
     diff-lcs (1.4.4)
-    docile (1.3.4)
-    domain_name (0.5.20190701)
-      unf (>= 0.0.5, < 1.0.0)
-    dry-inflector (0.1.2)
+    docile (1.3.5)
+    erubi (1.10.0)
     erubis (2.7.0)
     eventmachine (1.2.7)
-    excon (0.78.0)
+    excon (0.79.0)
     execjs (2.7.0)
-    factory_bot (5.2.0)
-      activesupport (>= 4.2.0)
-    factory_bot_rails (5.2.0)
-      factory_bot (~> 5.2.0)
-      railties (>= 4.2.0)
-    faraday (1.0.1)
+    factory_bot (6.1.0)
+      activesupport (>= 5.0.0)
+    factory_bot_rails (6.1.0)
+      factory_bot (~> 6.1.0)
+      railties (>= 5.0.0)
+    faraday (1.3.0)
+      faraday-net_http (~> 1.0)
       multipart-post (>= 1.2, < 3)
-    ffaker (2.16.0)
-    ffi (1.13.1)
+      ruby2_keywords
+    faraday-net_http (1.0.1)
+    ffaker (2.18.0)
+    ffi (1.15.0)
     figaro (1.2.0)
       thor (>= 0.14.0, < 2)
-    fission (0.5.0)
-      CFPropertyList (~> 2.2)
-    fog (1.41.0)
-      fog-aliyun (>= 0.1.0)
-      fog-atmos
-      fog-aws (>= 0.6.0)
-      fog-brightbox (~> 0.4)
-      fog-cloudatcost (~> 0.1.0)
-      fog-core (~> 1.45)
-      fog-digitalocean (>= 0.3.0)
-      fog-dnsimple (~> 1.0)
-      fog-dynect (~> 0.0.2)
-      fog-ecloud (~> 0.1)
-      fog-google (<= 0.1.0)
-      fog-internet-archive
-      fog-joyent
-      fog-json
-      fog-local
-      fog-openstack
-      fog-powerdns (>= 0.1.1)
-      fog-profitbricks
-      fog-rackspace
-      fog-radosgw (>= 0.0.2)
-      fog-riakcs
-      fog-sakuracloud (>= 0.0.4)
-      fog-serverlove
-      fog-softlayer
-      fog-storm_on_demand
-      fog-terremark
-      fog-vmfusion
-      fog-voxel
-      fog-vsphere (>= 0.4.0)
-      fog-xenserver
-      fog-xml (~> 0.1.1)
-      ipaddress (~> 0.5)
-      json (>= 1.8, < 2.0)
-    fog-aliyun (0.3.19)
-      aliyun-sdk (~> 0.8.0)
-      fog-core
-      fog-json
-      ipaddress (~> 0.8)
-      xml-simple (~> 1.1)
-    fog-atmos (0.1.0)
-      fog-core
-      fog-xml
+    flipper (0.20.4)
+    flipper-active_record (0.20.4)
+      activerecord (>= 5.0, < 7)
+      flipper (~> 0.20.4)
+    flipper-ui (0.20.4)
+      erubi (>= 1.0.0, < 2.0.0)
+      flipper (~> 0.20.4)
+      rack (>= 1.4, < 3)
+      rack-protection (>= 1.5.3, < 2.2.0)
     fog-aws (2.0.1)
       fog-core (~> 1.38)
       fog-json (~> 1.0)
       fog-xml (~> 0.1)
       ipaddress (~> 0.8)
-    fog-brightbox (0.16.1)
-      dry-inflector
-      fog-core
-      fog-json
-      mime-types
-    fog-cloudatcost (0.1.2)
-      fog-core (~> 1.36)
-      fog-json (~> 1.0)
-      fog-xml (~> 0.1)
-      ipaddress (~> 0.8)
     fog-core (1.45.0)
       builder
       excon (~> 0.58)
       formatador (~> 0.2)
-    fog-digitalocean (0.4.0)
-      fog-core
-      fog-json
-      fog-xml
-      ipaddress (>= 0.5)
-    fog-dnsimple (1.0.0)
-      fog-core (~> 1.38)
-      fog-json (~> 1.0)
-    fog-dynect (0.0.3)
-      fog-core
-      fog-json
-      fog-xml
-    fog-ecloud (0.3.0)
-      fog-core
-      fog-xml
-    fog-google (0.1.0)
-      fog-core
-      fog-json
-      fog-xml
-    fog-internet-archive (0.0.2)
-      fog-core
-      fog-json
-      fog-xml
-    fog-joyent (0.0.1)
-      fog-core (~> 1.42)
-      fog-json (>= 1.0)
     fog-json (1.2.0)
       fog-core
       multi_json (~> 1.10)
-    fog-local (0.6.0)
-      fog-core (>= 1.27, < 3.0)
-    fog-openstack (0.3.10)
-      fog-core (>= 1.45, <= 2.1.0)
-      fog-json (>= 1.0)
-      ipaddress (>= 0.8)
-    fog-powerdns (0.2.0)
-      fog-core
-      fog-json
-      fog-xml
-    fog-profitbricks (4.1.1)
-      fog-core (~> 1.42)
-      fog-json (~> 1.0)
-    fog-rackspace (0.1.6)
-      fog-core (>= 1.35)
-      fog-json (>= 1.0)
-      fog-xml (>= 0.1)
-      ipaddress (>= 0.8)
-    fog-radosgw (0.0.5)
-      fog-core (>= 1.21.0)
-      fog-json
-      fog-xml (>= 0.0.1)
-    fog-riakcs (0.1.0)
-      fog-core
-      fog-json
-      fog-xml
-    fog-sakuracloud (1.7.5)
-      fog-core
-      fog-json
-    fog-serverlove (0.1.2)
-      fog-core
-      fog-json
-    fog-softlayer (1.1.4)
-      fog-core
-      fog-json
-    fog-storm_on_demand (0.1.1)
-      fog-core
-      fog-json
-    fog-terremark (0.1.0)
-      fog-core
-      fog-xml
-    fog-vmfusion (0.1.0)
-      fission
-      fog-core
-    fog-voxel (0.1.0)
-      fog-core
-      fog-xml
-    fog-vsphere (3.4.0)
-      fog-core
-      rbvmomi (>= 1.9, < 3)
-    fog-xenserver (1.0.0)
-      fog-core
-      fog-xml
-      xmlrpc
     fog-xml (0.1.3)
       fog-core
       nokogiri (>= 1.5.11, < 2.0.0)
@@ -382,24 +268,23 @@ GEM
     fuubar (2.5.1)
       rspec-core (~> 3.0)
       ruby-progressbar (~> 1.4)
-    geocoder (1.6.5)
+    geocoder (1.6.7)
     get_process_mem (0.2.7)
       ffi (~> 1.0)
     globalid (0.4.2)
       activesupport (>= 4.2.0)
     gmaps4rails (2.1.2)
+    good_migrations (0.0.2)
+      activerecord (>= 3.1)
+      railties (>= 3.1)
     haml (5.2.1)
       temple (>= 0.8.0)
       tilt
     hashdiff (1.0.1)
     highline (2.0.3)
-    hike (1.2.3)
-    http-accept (1.7.0)
-    http-cookie (1.0.3)
-      domain_name (~> 0.5)
-    i18n (0.9.5)
+    i18n (1.8.10)
       concurrent-ruby (~> 1.0)
-    i18n-js (3.8.0)
+    i18n-js (3.8.2)
       i18n (>= 0.6.6)
     immigrant (0.3.6)
       activerecord (>= 3.0)
@@ -431,13 +316,13 @@ GEM
       kaminari-core (= 1.2.1)
     kaminari-core (1.2.1)
     kgio (2.11.3)
-    knapsack (1.20.0)
+    knapsack (1.22.0)
       rake
     launchy (2.4.3)
       addressable (~> 2.3)
     letter_opener (1.7.0)
       launchy (~> 2.2)
-    libv8 (7.3.492.27.1)
+    libv8-node (15.14.0.0)
     loofah (2.9.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
@@ -446,30 +331,32 @@ GEM
     method_source (1.0.0)
     mime-types (3.3.1)
       mime-types-data (~> 3.2015)
-    mime-types-data (3.2020.0512)
-    mini_mime (1.0.2)
-    mini_portile2 (2.4.0)
-    mini_racer (0.2.15)
-      libv8 (> 7.3)
-    minitest (5.14.3)
-    monetize (1.10.0)
+    mime-types-data (3.2020.1104)
+    mini_mime (1.0.3)
+    mini_portile2 (2.5.0)
+    mini_racer (0.4.0)
+      libv8-node (~> 15.14.0.0)
+    minitest (5.14.4)
+    monetize (1.11.0)
       money (~> 6.12)
-    money (6.14.0)
+    money (6.14.1)
       i18n (>= 0.6.4, <= 2)
     msgpack (1.4.2)
     multi_json (1.15.0)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
-    netrc (0.11.0)
-    nokogiri (1.10.10)
-      mini_portile2 (~> 2.4.0)
-    oauth2 (1.4.4)
+    mustermann (1.1.1)
+      ruby2_keywords (~> 0.0.1)
+    nio4r (2.5.2)
+    nokogiri (1.11.2)
+      mini_portile2 (~> 2.5.0)
+      racc (~> 1.4)
+    oauth2 (1.4.7)
       faraday (>= 0.8, < 2.0)
       jwt (>= 1.0, < 3.0)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
-    optimist (3.0.1)
     orm_adapter (0.5.0)
     paper_trail (10.3.1)
       activerecord (>= 4.2)
@@ -483,7 +370,7 @@ GEM
     parallel (1.20.1)
     paranoia (2.4.3)
       activerecord (>= 4.0, < 6.2)
-    parser (3.0.0.0)
+    parser (3.0.1.0)
       ast (~> 2.4.1)
     paypal-sdk-core (0.3.4)
       multi_json (~> 1.0)
@@ -491,6 +378,8 @@ GEM
     paypal-sdk-merchant (1.117.2)
       paypal-sdk-core (~> 0.3.0)
     pg (0.21.0)
+    polyamorous (2.3.0)
+      activerecord (>= 5.0)
     power_assert (2.0.0)
     pry (0.13.1)
       coderay (~> 1.1)
@@ -499,73 +388,68 @@ GEM
       byebug (~> 11.0)
       pry (~> 0.13.0)
     public_suffix (4.0.6)
-    rack (1.6.13)
+    racc (1.5.2)
+    rack (2.2.3)
     rack-mini-profiler (2.3.1)
       rack (>= 1.2.0)
-    rack-protection (1.5.5)
+    rack-protection (2.1.0)
       rack
     rack-rewrite (1.5.1)
     rack-ssl (1.4.1)
       rack
     rack-test (0.6.3)
       rack (>= 1.0)
-    rails (4.2.11.3)
-      actionmailer (= 4.2.11.3)
-      actionpack (= 4.2.11.3)
-      actionview (= 4.2.11.3)
-      activejob (= 4.2.11.3)
-      activemodel (= 4.2.11.3)
-      activerecord (= 4.2.11.3)
-      activesupport (= 4.2.11.3)
-      bundler (>= 1.3.0, < 2.0)
-      railties (= 4.2.11.3)
-      sprockets-rails
-    rails-deprecated_sanitizer (1.0.3)
-      activesupport (>= 4.2.0.alpha)
-    rails-dom-testing (1.0.9)
-      activesupport (>= 4.2.0, < 5.0)
-      nokogiri (~> 1.6)
-      rails-deprecated_sanitizer (>= 1.0.1)
+    rails (5.0.7.2)
+      actioncable (= 5.0.7.2)
+      actionmailer (= 5.0.7.2)
+      actionpack (= 5.0.7.2)
+      actionview (= 5.0.7.2)
+      activejob (= 5.0.7.2)
+      activemodel (= 5.0.7.2)
+      activerecord (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
+      bundler (>= 1.3.0)
+      railties (= 5.0.7.2)
+      sprockets-rails (>= 2.0.0)
+    rails-controller-testing (1.0.5)
+      actionpack (>= 5.0.1.rc1)
+      actionview (>= 5.0.1.rc1)
+      activesupport (>= 5.0.1.rc1)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
     rails-html-sanitizer (1.3.0)
       loofah (~> 2.3)
-    rails-i18n (4.0.9)
-      i18n (~> 0.7)
-      railties (~> 4.0)
+    rails-i18n (5.1.3)
+      i18n (>= 0.7, < 2)
+      railties (>= 5.0, < 6)
     rails_safe_tasks (1.0.0)
-    railties (4.2.11.3)
-      actionpack (= 4.2.11.3)
-      activesupport (= 4.2.11.3)
+    railties (5.0.7.2)
+      actionpack (= 5.0.7.2)
+      activesupport (= 5.0.7.2)
+      method_source
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     rainbow (3.0.0)
     raindrops (0.19.1)
     rake (13.0.3)
-    ransack (1.8.10)
-      actionpack (>= 3.0, < 5.2)
-      activerecord (>= 3.0, < 5.2)
-      activesupport (>= 3.0, < 5.2)
+    ransack (2.3.0)
+      actionpack (>= 5.0)
+      activerecord (>= 5.0)
+      activesupport (>= 5.0)
       i18n
+      polyamorous (= 2.3.0)
     rb-fsevent (0.10.4)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    rbvmomi (2.4.1)
-      builder (~> 3.0)
-      json (>= 1.8)
-      nokogiri (~> 1.5)
-      optimist (~> 3.0)
     redcarpet (3.5.1)
-    regexp_parser (1.8.2)
+    regexp_parser (2.1.1)
     request_store (1.5.0)
       rack (>= 1.4)
-    responders (2.4.1)
-      actionpack (>= 4.2.0, < 6.0)
-      railties (>= 4.2.0, < 6.0)
-    rest-client (2.1.0)
-      http-accept (>= 1.7.0, < 2.0)
-      http-cookie (>= 1.0.2, < 2.0)
-      mime-types (>= 1.16, < 4.0)
-      netrc (~> 0.8)
-    rexml (3.2.4)
+    responders (3.0.1)
+      actionpack (>= 5.0)
+      railties (>= 5.0)
+    rexml (3.2.5)
     roadie (3.5.1)
       css_parser (~> 1.4)
       nokogiri (~> 1.8)
@@ -584,10 +468,10 @@ GEM
     rspec-expectations (3.10.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.10.0)
-    rspec-mocks (3.10.0)
+    rspec-mocks (3.10.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.10.0)
-    rspec-rails (4.0.2)
+    rspec-rails (4.1.2)
       actionpack (>= 4.2)
       activesupport (>= 4.2)
       railties (>= 4.2)
@@ -597,21 +481,21 @@ GEM
       rspec-support (~> 3.10)
     rspec-retry (0.6.2)
       rspec-core (> 3.3)
-    rspec-support (3.10.1)
-    rswag (2.3.3)
-      rswag-api (= 2.3.3)
-      rswag-specs (= 2.3.3)
-      rswag-ui (= 2.3.3)
-    rswag-api (2.3.3)
+    rspec-support (3.10.2)
+    rswag (2.4.0)
+      rswag-api (= 2.4.0)
+      rswag-specs (= 2.4.0)
+      rswag-ui (= 2.4.0)
+    rswag-api (2.4.0)
       railties (>= 3.1, < 7.0)
-    rswag-specs (2.3.3)
+    rswag-specs (2.4.0)
       activesupport (>= 3.1, < 7.0)
       json-schema (~> 2.2)
       railties (>= 3.1, < 7.0)
-    rswag-ui (2.3.3)
+    rswag-ui (2.4.0)
       actionpack (>= 3.1, < 7.0)
       railties (>= 3.1, < 7.0)
-    rubocop (1.10.0)
+    rubocop (1.13.0)
       parallel (~> 1.10)
       parser (>= 3.0.0.0)
       rainbow (>= 2.2.2, < 4.0)
@@ -628,6 +512,7 @@ GEM
       rubocop (>= 0.90.0, < 2.0)
     ruby-progressbar (1.11.0)
     ruby-rc4 (0.1.5)
+    ruby2_keywords (0.0.2)
     rubyzip (2.3.0)
     sass (3.4.25)
     sass-rails (5.0.7)
@@ -644,26 +529,27 @@ GEM
       rubyzip (>= 1.2.2)
     shoulda-matchers (4.5.1)
       activesupport (>= 4.2.0)
-    simplecov (0.18.5)
+    simplecov (0.21.2)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
     simplecov-html (0.12.3)
-    sinatra (1.4.8)
-      rack (~> 1.5)
-      rack-protection (~> 1.4)
-      tilt (>= 1.3, < 3)
+    simplecov_json_formatter (0.1.2)
+    sinatra (2.1.0)
+      mustermann (~> 1.0)
+      rack (~> 2.2)
+      rack-protection (= 2.1.0)
+      tilt (~> 2.0)
     spring (2.1.1)
     spring-commands-rspec (1.0.4)
       spring (>= 0.9.1)
-    sprockets (2.12.5)
-      hike (~> 1.2)
-      multi_json (~> 1.0)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.3.3)
-      actionpack (>= 3.0)
-      activesupport (>= 3.0)
-      sprockets (>= 2.8, < 4.0)
+    sprockets (3.7.2)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.2)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
     state_machines (0.5.0)
     state_machines-activemodel (0.7.1)
       activemodel (>= 4.1)
@@ -672,51 +558,53 @@ GEM
       activerecord (>= 4.1)
       state_machines-activemodel (>= 0.5.0)
     stringex (2.8.5)
-    stripe (5.29.1)
+    stripe (5.30.0)
     temple (0.8.2)
-    test-prof (0.11.3)
-    test-unit (3.4.0)
+    test-prof (1.0.2)
+    test-unit (3.4.1)
       power_assert
-    test_after_commit (1.2.2)
-      activerecord (>= 3.2, < 5.0)
     thor (0.20.3)
     thread_safe (0.3.6)
-    tilt (1.4.1)
+    tilt (2.0.10)
     timecop (0.9.4)
     tzinfo (1.2.9)
       thread_safe (~> 0.1)
     uglifier (4.2.0)
       execjs (>= 0.3.0, < 3)
-    unf (0.1.4)
-      unf_ext
-    unf_ext (0.0.7.7)
     unicode-display_width (2.0.0)
-    unicorn (5.8.0)
+    unicorn (6.0.0)
       kgio (~> 2.6)
       raindrops (~> 0.7)
     unicorn-rails (2.2.1)
       rack
       unicorn
-    unicorn-worker-killer (0.4.4)
+    unicorn-worker-killer (0.4.5)
       get_process_mem (~> 0)
-      unicorn (>= 4, < 6)
-    warden (1.2.7)
-      rack (>= 1.0)
-    webdrivers (4.5.0)
+      unicorn (>= 4, < 7)
+    uniform_notifier (1.14.1)
+    view_component (2.28.0)
+      activesupport (>= 5.0.0, < 7.0)
+    view_component_storybook (0.8.0)
+      view_component (>= 2.2)
+    warden (1.2.9)
+      rack (>= 2.0.9)
+    webdrivers (4.6.0)
       nokogiri (~> 1.6)
       rubyzip (>= 1.3.0)
       selenium-webdriver (>= 3.0, < 4.0)
-    webmock (3.11.2)
+    webmock (3.12.2)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
+    websocket-driver (0.6.5)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.5)
     whenever (1.0.0)
       chronic (>= 0.6.3)
     wicked_pdf (2.1.0)
       activesupport
-    wkhtmltopdf-binary (0.12.5)
+    wkhtmltopdf-binary (0.12.6.5)
     xml-simple (1.1.8)
-    xmlrpc (0.3.0)
     xpath (3.2.0)
       nokogiri (~> 1.8)
 
@@ -726,26 +614,28 @@ PLATFORMS
 DEPENDENCIES
   actionpack-action_caching
   active_model_serializers (= 0.8.4)
-  activemerchant (~> 1.78.0)
+  activemerchant (>= 1.78.0)
   activerecord-import
   activerecord-postgresql-adapter
   activerecord-session_store
-  acts-as-taggable-on (~> 4.0)
-  acts_as_list (= 0.9.19)
+  acts-as-taggable-on (~> 7.0)
+  acts_as_list (= 1.0.4)
   andand
-  angular-rails-templates (~> 0.3.0)
+  angular-rails-templates (>= 0.3.0)
   angular_rails_csrf
   angularjs-file-upload-rails (~> 2.4.1)
   angularjs-rails (= 1.5.5)
   atomic
-  awesome_nested_set (~> 3.3.1)
+  awesome_nested_set
   awesome_print
   aws-sdk (= 1.67.0)
   bugsnag
+  bullet
   byebug
-  cancancan (~> 1.7.0)
+  cancancan (~> 1.15.0)
   capybara
   catalog!
+  codecov
   coffee-rails (~> 4.2.2)
   combine_pdf
   compass-rails
@@ -753,7 +643,7 @@ DEPENDENCIES
   daemons
   dalli
   database_cleaner
-  db2fog
+  db2fog!
   ddtrace
   debugger-linecache
   delayed_job_active_record
@@ -763,18 +653,23 @@ DEPENDENCIES
   devise-token_authenticatable
   dfc_provider!
   eventmachine (>= 1.2.3)
-  factory_bot_rails (= 5.2.0)
+  factory_bot_rails (= 6.1.0)
   ffaker
   figaro
+  flipper
+  flipper-active_record
+  flipper-ui
+  fog-aws (>= 0.6.0)
   foundation-icons-sass-rails
   foundation-rails (= 5.5.2.1)
   fuubar (~> 2.5.1)
   geocoder
   gmaps4rails
+  good_migrations
   haml
   highline (= 2.0.3)
   i18n
-  i18n-js (~> 3.8.0)
+  i18n-js (~> 3.8.2)
   immigrant
   jquery-migrate-rails
   jquery-rails (= 4.4.0)
@@ -785,10 +680,9 @@ DEPENDENCIES
   kaminari (~> 1.2.1)
   knapsack
   letter_opener (>= 1.4.1)
-  libv8 (< 8)
-  mini_racer (= 0.2.15)
-  monetize (~> 1.10)
-  oauth2 (~> 1.4.4)
+  mini_racer (= 0.4.0)
+  monetize (~> 1.11)
+  oauth2 (~> 1.4.7)
   ofn-qz!
   order_management!
   paper_trail (~> 10.3.1)
@@ -801,12 +695,13 @@ DEPENDENCIES
   rack-mini-profiler (< 3.0.0)
   rack-rewrite
   rack-ssl
-  rails (~> 4.2)
+  rails (~> 5.0.0)
+  rails-controller-testing
   rails-i18n
   rails_safe_tasks (~> 1.0)
-  ransack (~> 1.8.10)
+  ransack (= 2.3.0)
   redcarpet
-  responders (~> 2.0)
+  responders
   roadie-rails (~> 1.3.0)
   roo (~> 2.8.3)
   rspec-rails (>= 3.5.2)
@@ -827,12 +722,12 @@ DEPENDENCIES
   stripe
   test-prof
   test-unit (~> 3.4)
-  test_after_commit
   timecop
   uglifier (>= 1.0.3)
-  unicorn
   unicorn-rails
   unicorn-worker-killer
+  view_component
+  view_component_storybook
   web!
   webdrivers
   webmock
@@ -841,7 +736,7 @@ DEPENDENCIES
   wkhtmltopdf-binary
 
 RUBY VERSION
-   ruby 2.4.4p296
+   ruby 2.5.8p224
 
 BUNDLED WITH
    1.17.3

Gemfile_next.lock

@@ -1,671 +0,0 @@
-GIT
-  remote: https://github.com/jeremydurham/custom-err-msg.git
-  revision: 3a8ec9dddc7a5b0aab7c69a6060596de300c68f4
-  specs:
-    custom_error_message (1.1.1)
-
-GIT
-  remote: https://github.com/openfoodfoundation/ofn-qz.git
-  revision: 467f6ea1c44529c7c91cac4c8211bbd863588c0b
-  branch: ofn-rails-4
-  specs:
-    ofn-qz (0.1.0)
-
-PATH
-  remote: engines/catalog
-  specs:
-    catalog (0.0.1)
-
-PATH
-  remote: engines/dfc_provider
-  specs:
-    dfc_provider (0.0.1)
-      active_model_serializers (~> 0.8.4)
-      jwt (~> 2.2)
-      rspec (~> 3.9)
-
-PATH
-  remote: engines/order_management
-  specs:
-    order_management (0.0.1)
-
-PATH
-  remote: engines/web
-  specs:
-    web (0.0.1)
-
-GEM
-  remote: https://rubygems.org/
-  specs:
-    actioncable (5.0.7.2)
-      actionpack (= 5.0.7.2)
-      nio4r (>= 1.2, < 3.0)
-      websocket-driver (~> 0.6.1)
-    actionmailer (5.0.7.2)
-      actionpack (= 5.0.7.2)
-      actionview (= 5.0.7.2)
-      activejob (= 5.0.7.2)
-      mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 2.0)
-    actionpack (5.0.7.2)
-      actionview (= 5.0.7.2)
-      activesupport (= 5.0.7.2)
-      rack (~> 2.0)
-      rack-test (~> 0.6.3)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionpack-action_caching (1.2.1)
-      actionpack (>= 4.0.0)
-    actionview (5.0.7.2)
-      activesupport (= 5.0.7.2)
-      builder (~> 3.1)
-      erubis (~> 2.7.0)
-      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    active_model_serializers (0.8.4)
-      activemodel (>= 3.0)
-    activejob (5.0.7.2)
-      activesupport (= 5.0.7.2)
-      globalid (>= 0.3.6)
-    activemerchant (1.107.4)
-      activesupport (>= 4.2)
-      builder (>= 2.1.2, < 4.0.0)
-      i18n (>= 0.6.9)
-      nokogiri (~> 1.4)
-    activemodel (5.0.7.2)
-      activesupport (= 5.0.7.2)
-    activerecord (5.0.7.2)
-      activemodel (= 5.0.7.2)
-      activesupport (= 5.0.7.2)
-      arel (~> 7.0)
-    activerecord-import (1.0.7)
-      activerecord (>= 3.2)
-    activerecord-postgresql-adapter (0.0.1)
-      pg
-    activerecord-session_store (1.1.3)
-      actionpack (>= 4.0)
-      activerecord (>= 4.0)
-      multi_json (~> 1.11, >= 1.11.2)
-      rack (>= 1.5.2, < 3)
-      railties (>= 4.0)
-    activesupport (5.0.7.2)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    acts-as-taggable-on (4.0.0)
-      activerecord (>= 4.0)
-    acts_as_list (0.9.19)
-      activerecord (>= 3.0)
-    addressable (2.7.0)
-      public_suffix (>= 2.0.2, < 5.0)
-    andand (1.3.3)
-    angular-rails-templates (1.0.2)
-      railties (>= 4.2, < 6)
-      sprockets (>= 3.0, < 5)
-      tilt
-    angular_rails_csrf (4.2.0)
-      railties (>= 3, < 7)
-    angularjs-file-upload-rails (2.4.1)
-    angularjs-rails (1.5.5)
-    arel (7.1.4)
-    ast (2.4.1)
-    atomic (1.1.101)
-    awesome_nested_set (3.2.1)
-      activerecord (>= 4.0.0, < 7.0)
-    awesome_print (1.8.0)
-    aws-sdk (1.67.0)
-      aws-sdk-v1 (= 1.67.0)
-    aws-sdk-v1 (1.67.0)
-      json (~> 1.4)
-      nokogiri (~> 1)
-    bcrypt (3.1.16)
-    bugsnag (6.18.0)
-      concurrent-ruby (~> 1.0)
-    builder (3.2.4)
-    byebug (11.0.1)
-    cancancan (1.7.1)
-    capybara (3.15.0)
-      addressable
-      mini_mime (>= 0.1.3)
-      nokogiri (~> 1.8)
-      rack (>= 1.6.0)
-      rack-test (>= 0.6.3)
-      regexp_parser (~> 1.2)
-      xpath (~> 3.2)
-    childprocess (3.0.0)
-    chronic (0.10.2)
-    chunky_png (1.3.14)
-    climate_control (0.2.0)
-    cocaine (0.5.8)
-      climate_control (>= 0.0.3, < 1.0)
-    coderay (1.1.3)
-    coffee-rails (4.2.2)
-      coffee-script (>= 2.2.0)
-      railties (>= 4.0.0)
-    coffee-script (2.4.1)
-      coffee-script-source
-      execjs
-    coffee-script-source (1.12.2)
-    combine_pdf (1.0.19)
-      ruby-rc4 (>= 0.1.5)
-    compass (1.0.3)
-      chunky_png (~> 1.2)
-      compass-core (~> 1.0.2)
-      compass-import-once (~> 1.0.5)
-      rb-fsevent (>= 0.9.3)
-      rb-inotify (>= 0.9)
-      sass (>= 3.3.13, < 3.5)
-    compass-core (1.0.3)
-      multi_json (~> 1.0)
-      sass (>= 3.3.0, < 3.5)
-    compass-import-once (1.0.5)
-      sass (>= 3.2, < 3.5)
-    compass-rails (2.0.1)
-      compass (~> 1.0.0)
-    concurrent-ruby (1.1.8)
-    crack (0.4.4)
-    crass (1.0.6)
-    css_parser (1.7.1)
-      addressable
-    daemons (1.3.1)
-    dalli (2.7.11)
-    database_cleaner (1.8.5)
-    ddtrace (0.43.0)
-      msgpack
-    debugger-linecache (1.2.0)
-    delayed_job (4.1.8)
-      activesupport (>= 3.0, < 6.1)
-    delayed_job_active_record (4.1.4)
-      activerecord (>= 3.0, < 6.1)
-      delayed_job (>= 3.0, < 5)
-    delayed_job_web (1.4.3)
-      activerecord (> 3.0.0)
-      delayed_job (> 2.0.3)
-      rack-protection (>= 1.5.5)
-      sinatra (>= 1.4.4)
-    devise (4.7.3)
-      bcrypt (~> 3.0)
-      orm_adapter (~> 0.1)
-      railties (>= 4.1.0)
-      responders
-      warden (~> 1.2.3)
-    devise-encryptable (0.2.0)
-      devise (>= 2.1.0)
-    devise-token_authenticatable (1.1.0)
-      devise (>= 4.0.0, < 5.0.0)
-    diff-lcs (1.4.4)
-    docile (1.3.2)
-    erubis (2.7.0)
-    eventmachine (1.2.7)
-    execjs (2.7.0)
-    factory_bot (5.2.0)
-      activesupport (>= 4.2.0)
-    factory_bot_rails (5.2.0)
-      factory_bot (~> 5.2.0)
-      railties (>= 4.2.0)
-    faraday (1.0.1)
-      multipart-post (>= 1.2, < 3)
-    ffaker (2.11.0)
-    ffi (1.13.1)
-    figaro (1.2.0)
-      thor (>= 0.14.0, < 2)
-    foundation-icons-sass-rails (3.0.0)
-      railties (>= 3.1.1)
-      sass-rails (>= 3.1.1)
-    foundation-rails (5.5.2.1)
-      railties (>= 3.1.0)
-      sass (>= 3.3.0, < 3.5)
-    fuubar (2.5.1)
-      rspec-core (~> 3.0)
-      ruby-progressbar (~> 1.4)
-    geocoder (1.6.4)
-    get_process_mem (0.2.7)
-      ffi (~> 1.0)
-    globalid (0.4.2)
-      activesupport (>= 4.2.0)
-    gmaps4rails (2.1.2)
-    haml (5.2.0)
-      temple (>= 0.8.0)
-      tilt
-    hashdiff (1.0.1)
-    highline (2.0.3)
-    i18n (1.8.7)
-      concurrent-ruby (~> 1.0)
-    i18n-js (3.8.0)
-      i18n (>= 0.6.6)
-    immigrant (0.3.6)
-      activerecord (>= 3.0)
-    jaro_winkler (1.5.4)
-    jquery-migrate-rails (1.2.1)
-    jquery-rails (4.4.0)
-      rails-dom-testing (>= 1, < 3)
-      railties (>= 4.2.0)
-      thor (>= 0.14, < 2.0)
-    jquery-ui-rails (4.2.1)
-      railties (>= 3.2.16)
-    json (1.8.6)
-    json-schema (2.8.1)
-      addressable (>= 2.4)
-    json_spec (1.1.5)
-      multi_json (~> 1.0)
-      rspec (>= 2.0, < 4.0)
-    jwt (2.2.2)
-    kaminari (1.2.1)
-      activesupport (>= 4.1.0)
-      kaminari-actionview (= 1.2.1)
-      kaminari-activerecord (= 1.2.1)
-      kaminari-core (= 1.2.1)
-    kaminari-actionview (1.2.1)
-      actionview
-      kaminari-core (= 1.2.1)
-    kaminari-activerecord (1.2.1)
-      activerecord
-      kaminari-core (= 1.2.1)
-    kaminari-core (1.2.1)
-    kgio (2.11.3)
-    knapsack (1.20.0)
-      rake
-    launchy (2.4.3)
-      addressable (~> 2.3)
-    letter_opener (1.7.0)
-      launchy (~> 2.2)
-    libv8 (7.3.492.27.1)
-    loofah (2.9.0)
-      crass (~> 1.0.2)
-      nokogiri (>= 1.5.9)
-    mail (2.7.1)
-      mini_mime (>= 0.1.1)
-    method_source (1.0.0)
-    mime-types (3.3.1)
-      mime-types-data (~> 3.2015)
-    mime-types-data (3.2020.1104)
-    mini_mime (1.0.2)
-    mini_portile2 (2.4.0)
-    mini_racer (0.2.15)
-      libv8 (> 7.3)
-    minitest (5.14.3)
-    monetize (1.10.0)
-      money (~> 6.12)
-    money (6.14.0)
-      i18n (>= 0.6.4, <= 2)
-    msgpack (1.3.3)
-    multi_json (1.15.0)
-    multi_xml (0.6.0)
-    multipart-post (2.1.1)
-    mustermann (1.1.1)
-      ruby2_keywords (~> 0.0.1)
-    nio4r (2.5.2)
-    nokogiri (1.10.10)
-      mini_portile2 (~> 2.4.0)
-    oauth2 (1.4.4)
-      faraday (>= 0.8, < 2.0)
-      jwt (>= 1.0, < 3.0)
-      multi_json (~> 1.3)
-      multi_xml (~> 0.5)
-      rack (>= 1.2, < 3)
-    orm_adapter (0.5.0)
-    paper_trail (10.3.1)
-      activerecord (>= 4.2)
-      request_store (~> 1.1)
-    paperclip (3.4.2)
-      activemodel (>= 3.0.0)
-      activerecord (>= 3.0.0)
-      activesupport (>= 3.0.0)
-      cocaine (~> 0.5.0)
-      mime-types
-    parallel (1.19.2)
-    paranoia (2.4.2)
-      activerecord (>= 4.0, < 6.1)
-    parser (2.7.2.0)
-      ast (~> 2.4.1)
-    paypal-sdk-core (0.3.4)
-      multi_json (~> 1.0)
-      xml-simple
-    paypal-sdk-merchant (1.117.2)
-      paypal-sdk-core (~> 0.3.0)
-    pg (0.21.0)
-    polyamorous (2.3.0)
-      activerecord (>= 5.0)
-    power_assert (1.2.0)
-    pry (0.13.1)
-      coderay (~> 1.1)
-      method_source (~> 1.0)
-    pry-byebug (3.9.0)
-      byebug (~> 11.0)
-      pry (~> 0.13.0)
-    public_suffix (4.0.6)
-    rack (2.2.3)
-    rack-mini-profiler (2.0.2)
-      rack (>= 1.2.0)
-    rack-protection (2.1.0)
-      rack
-    rack-rewrite (1.5.1)
-    rack-ssl (1.4.1)
-      rack
-    rack-test (0.6.3)
-      rack (>= 1.0)
-    rails (5.0.7.2)
-      actioncable (= 5.0.7.2)
-      actionmailer (= 5.0.7.2)
-      actionpack (= 5.0.7.2)
-      actionview (= 5.0.7.2)
-      activejob (= 5.0.7.2)
-      activemodel (= 5.0.7.2)
-      activerecord (= 5.0.7.2)
-      activesupport (= 5.0.7.2)
-      bundler (>= 1.3.0)
-      railties (= 5.0.7.2)
-      sprockets-rails (>= 2.0.0)
-    rails-controller-testing (1.0.5)
-      actionpack (>= 5.0.1.rc1)
-      actionview (>= 5.0.1.rc1)
-      activesupport (>= 5.0.1.rc1)
-    rails-dom-testing (2.0.3)
-      activesupport (>= 4.2.0)
-      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.3.0)
-      loofah (~> 2.3)
-    rails-i18n (5.1.3)
-      i18n (>= 0.7, < 2)
-      railties (>= 5.0, < 6)
-    rails_safe_tasks (1.0.0)
-    railties (5.0.7.2)
-      actionpack (= 5.0.7.2)
-      activesupport (= 5.0.7.2)
-      method_source
-      rake (>= 0.8.7)
-      thor (>= 0.18.1, < 2.0)
-    rainbow (3.0.0)
-    raindrops (0.19.1)
-    rake (13.0.3)
-    ransack (2.3.0)
-      actionpack (>= 5.0)
-      activerecord (>= 5.0)
-      activesupport (>= 5.0)
-      i18n
-      polyamorous (= 2.3.0)
-    rb-fsevent (0.10.4)
-    rb-inotify (0.10.1)
-      ffi (~> 1.0)
-    redcarpet (3.5.0)
-    regexp_parser (1.8.2)
-    request_store (1.5.0)
-      rack (>= 1.4)
-    responders (2.4.1)
-      actionpack (>= 4.2.0, < 6.0)
-      railties (>= 4.2.0, < 6.0)
-    rexml (3.2.4)
-    roadie (3.5.1)
-      css_parser (~> 1.4)
-      nokogiri (~> 1.8)
-    roadie-rails (1.3.0)
-      railties (>= 3.0, < 5.3)
-      roadie (~> 3.1)
-    roo (2.8.3)
-      nokogiri (~> 1)
-      rubyzip (>= 1.3.0, < 3.0.0)
-    rspec (3.10.0)
-      rspec-core (~> 3.10.0)
-      rspec-expectations (~> 3.10.0)
-      rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.0)
-      rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-mocks (3.10.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-rails (4.0.1)
-      actionpack (>= 4.2)
-      activesupport (>= 4.2)
-      railties (>= 4.2)
-      rspec-core (~> 3.9)
-      rspec-expectations (~> 3.9)
-      rspec-mocks (~> 3.9)
-      rspec-support (~> 3.9)
-    rspec-retry (0.6.2)
-      rspec-core (> 3.3)
-    rspec-support (3.10.0)
-    rswag (2.3.1)
-      rswag-api (= 2.3.1)
-      rswag-specs (= 2.3.1)
-      rswag-ui (= 2.3.1)
-    rswag-api (2.3.1)
-      railties (>= 3.1, < 7.0)
-    rswag-specs (2.3.1)
-      activesupport (>= 3.1, < 7.0)
-      json-schema (~> 2.2)
-      railties (>= 3.1, < 7.0)
-    rswag-ui (2.3.1)
-      actionpack (>= 3.1, < 7.0)
-      railties (>= 3.1, < 7.0)
-    rubocop (0.81.0)
-      jaro_winkler (~> 1.5.1)
-      parallel (~> 1.10)
-      parser (>= 2.7.0.1)
-      rainbow (>= 2.2.2, < 4.0)
-      rexml
-      ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-rails (2.5.2)
-      activesupport
-      rack (>= 1.1)
-      rubocop (>= 0.72.0)
-    ruby-progressbar (1.10.1)
-    ruby-rc4 (0.1.5)
-    ruby2_keywords (0.0.2)
-    rubyzip (1.3.0)
-    sass (3.4.25)
-    sass-rails (5.0.7)
-      railties (>= 4.0.0, < 6)
-      sass (~> 3.1)
-      sprockets (>= 2.8, < 4.0)
-      sprockets-rails (>= 2.0, < 4.0)
-      tilt (>= 1.1, < 3)
-    select2-rails (3.4.9)
-      sass-rails
-      thor (~> 0.14)
-    selenium-webdriver (3.142.7)
-      childprocess (>= 0.5, < 4.0)
-      rubyzip (>= 1.2.2)
-    shoulda-matchers (4.0.1)
-      activesupport (>= 4.2.0)
-    simplecov (0.17.1)
-      docile (~> 1.1)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
-    sinatra (2.1.0)
-      mustermann (~> 1.0)
-      rack (~> 2.2)
-      rack-protection (= 2.1.0)
-      tilt (~> 2.0)
-    spring (2.0.2)
-      activesupport (>= 4.2)
-    spring-commands-rspec (1.0.4)
-      spring (>= 0.9.1)
-    sprockets (3.7.2)
-      concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
-    sprockets-rails (3.2.2)
-      actionpack (>= 4.0)
-      activesupport (>= 4.0)
-      sprockets (>= 3.0.0)
-    state_machines (0.5.0)
-    state_machines-activemodel (0.7.1)
-      activemodel (>= 4.1)
-      state_machines (>= 0.5.0)
-    state_machines-activerecord (0.6.0)
-      activerecord (>= 4.1)
-      state_machines-activemodel (>= 0.5.0)
-    stringex (2.8.5)
-    stripe (5.28.0)
-    temple (0.8.2)
-    test-prof (0.7.5)
-    test-unit (3.3.7)
-      power_assert
-    thor (0.20.3)
-    thread_safe (0.3.6)
-    tilt (2.0.10)
-    timecop (0.9.2)
-    tzinfo (1.2.9)
-      thread_safe (~> 0.1)
-    uglifier (4.2.0)
-      execjs (>= 0.3.0, < 3)
-    unicode-display_width (1.7.0)
-    unicorn (5.7.0)
-      kgio (~> 2.6)
-      raindrops (~> 0.7)
-    unicorn-rails (2.2.1)
-      rack
-      unicorn
-    unicorn-worker-killer (0.4.4)
-      get_process_mem (~> 0)
-      unicorn (>= 4, < 6)
-    warden (1.2.9)
-      rack (>= 2.0.9)
-    webdrivers (4.2.0)
-      nokogiri (~> 1.6)
-      rubyzip (>= 1.3.0)
-      selenium-webdriver (>= 3.0, < 4.0)
-    webmock (3.10.0)
-      addressable (>= 2.3.6)
-      crack (>= 0.3.2)
-      hashdiff (>= 0.4.0, < 2.0.0)
-    websocket-driver (0.6.5)
-      websocket-extensions (>= 0.1.0)
-    websocket-extensions (0.1.5)
-    whenever (1.0.0)
-      chronic (>= 0.6.3)
-    wicked_pdf (2.1.0)
-      activesupport
-    wkhtmltopdf-binary (0.12.6.5)
-    xml-simple (1.1.8)
-    xpath (3.2.0)
-      nokogiri (~> 1.8)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  actionpack-action_caching
-  active_model_serializers (= 0.8.4)
-  activemerchant (>= 1.78.0)
-  activerecord-import
-  activerecord-postgresql-adapter
-  activerecord-session_store
-  acts-as-taggable-on (~> 4.0)
-  acts_as_list (= 0.9.19)
-  andand
-  angular-rails-templates (>= 0.3.0, < 1.1.0)
-  angular_rails_csrf
-  angularjs-file-upload-rails (~> 2.4.1)
-  angularjs-rails (= 1.5.5)
-  atomic
-  awesome_nested_set
-  awesome_print
-  aws-sdk (= 1.67.0)
-  bugsnag
-  byebug
-  cancancan (~> 1.7.0)
-  capybara
-  catalog!
-  coffee-rails (~> 4.2.2)
-  combine_pdf
-  compass-rails
-  custom_error_message!
-  daemons
-  dalli
-  database_cleaner
-  ddtrace
-  debugger-linecache
-  delayed_job_active_record
-  delayed_job_web
-  devise
-  devise-encryptable
-  devise-token_authenticatable
-  dfc_provider!
-  eventmachine (>= 1.2.3)
-  factory_bot_rails (= 5.2.0)
-  ffaker
-  figaro
-  foundation-icons-sass-rails
-  foundation-rails (= 5.5.2.1)
-  fuubar (~> 2.5.1)
-  geocoder
-  gmaps4rails
-  haml
-  highline (= 2.0.3)
-  i18n
-  i18n-js (~> 3.8.0)
-  immigrant
-  jquery-migrate-rails
-  jquery-rails (= 4.4.0)
-  jquery-ui-rails (~> 4.2)
-  json
-  json_spec (~> 1.1.4)
-  jwt (~> 2.2)
-  kaminari (~> 1.2.1)
-  knapsack
-  letter_opener (>= 1.4.1)
-  libv8 (< 8)
-  mini_racer (= 0.2.15)
-  monetize (~> 1.10)
-  oauth2 (~> 1.4.4)
-  ofn-qz!
-  order_management!
-  paper_trail (~> 10.3.1)
-  paperclip (~> 3.4.1)
-  paranoia (~> 2.4)
-  paypal-sdk-merchant (= 1.117.2)
-  pg (~> 0.21.0)
-  pry
-  pry-byebug
-  rack-mini-profiler (< 3.0.0)
-  rack-rewrite
-  rack-ssl
-  rails (> 5.0, < 5.1)
-  rails-controller-testing
-  rails-i18n
-  rails_safe_tasks (~> 1.0)
-  ransack (= 2.3.0)
-  redcarpet
-  responders
-  roadie-rails (~> 1.3.0)
-  roo (~> 2.8.3)
-  rspec-rails (>= 3.5.2)
-  rspec-retry
-  rswag
-  rubocop
-  rubocop-rails
-  sass (<= 4.7.1)
-  sass-rails (< 6.0.0)
-  select2-rails (~> 3.4.7)
-  selenium-webdriver
-  shoulda-matchers
-  simplecov
-  spring
-  spring-commands-rspec
-  state_machines-activerecord
-  stringex (~> 2.8.5)
-  stripe
-  test-prof
-  test-unit (~> 3.3)
-  timecop
-  uglifier (>= 1.0.3)
-  unicorn-rails
-  unicorn-worker-killer
-  web!
-  webdrivers
-  webmock
-  whenever
-  wicked_pdf
-  wkhtmltopdf-binary
-
-RUBY VERSION
-   ruby 2.4.4p296
-
-BUNDLED WITH
-   1.17.3

README.md

@@ -1,4 +1,5 @@
-[![Build Status](https://semaphoreci.com/api/v1/openfoodfoundation/openfoodnetwork-2/branches/master/badge.svg)](https://semaphoreci.com/openfoodfoundation/openfoodnetwork-2)
+[![Build](https://github.com/openfoodfoundation/openfoodnetwork/actions/workflows/build.yml/badge.svg)](https://github.com/openfoodfoundation/openfoodnetwork/actions/workflows/build.yml)
+[![codecov](https://codecov.io/gh/openfoodfoundation/openfoodnetwork/branch/master/graph/badge.svg?token=FBSOod4qiu)](https://codecov.io/gh/openfoodfoundation/openfoodnetwork)
 [![Code Climate](https://codeclimate.com/github/openfoodfoundation/openfoodnetwork.png)](https://codeclimate.com/github/openfoodfoundation/openfoodnetwork)
 
 # Open Food Network
@@ -33,7 +34,7 @@ We also have a [Super Admin Guide][super-admin-guide] to help with configuration
 
 ## Testing
 
-If you'd like to help out with testing, please introduce yourself on the #testing channel on [Slack][slack-invite] and download the [ZenHub browser extension][zenhub] to view the development pipeline.
+If you'd like to help out with testing, please introduce yourself on the #testing channel on [Slack][slack-invite] and download the [ZenHub browser extension][zenhub] to view the development pipeline. Also, do have a look in our [Welcome New QAs board](https://github.com/openfoodfoundation/openfoodnetwork/projects/31) for some good first issues, both on manual and automated testing (RSpec/Capybara).
 
 We use [BrowserStack](https://www.browserstack.com/) as a manual testing tool. BrowserStack provides open source projects with unlimited and free of charge accounts. A big thanks to them! 
 

Rakefile

@@ -8,4 +8,6 @@ require_relative 'config/application'
 
 Openfoodnetwork::Application.load_tasks
 
-Knapsack.load_tasks if defined?(Knapsack)
+unless ENV['DISABLE_KNAPSACK']
+  Knapsack.load_tasks if defined?(Knapsack)
+end

app/assets/images/question-mark-icon.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 50 50"><circle cx="24.87" cy="24.87" r="24" fill="#f4f9fd" stroke="#cfe1f3" stroke-miterlimit="10"/><path d="M36.31 18.13c0 7.51-8.11 7.63-8.11 10.4v.71c0 .74-.6 1.34-1.34 1.34h-5.11c-.74 0-1.34-.6-1.34-1.34v-.97c0-4 3.04-5.61 5.33-6.89 1.97-1.1 3.17-1.85 3.17-3.31 0-1.93-2.46-3.21-4.46-3.21-2.6 0-3.8 1.23-5.48 3.36-.45.57-1.28.68-1.87.24l-3.12-2.36a1.35 1.35 0 01-.3-1.83c2.65-3.89 6.02-6.07 11.27-6.07 5.49-.02 11.36 4.27 11.36 9.93zM29 36.86c0 2.59-2.11 4.71-4.71 4.71s-4.71-2.11-4.71-4.71c0-2.59 2.11-4.71 4.71-4.71S29 34.27 29 36.86z" fill="#81b2e1"/></svg>

app/assets/javascripts/admin/all.js

@@ -52,6 +52,9 @@
 //= require admin/spree/handlebar_extensions
 
 // OFN specific
+//= require ../shared/shared
+//= require_tree ../shared/directives
+//= require_tree ../templates/shared
 //= require_tree ../templates/admin
 //= require ./admin_ofn
 //= require ./customers/customers

app/assets/javascripts/admin/bulk_product_update.js.coffee

@@ -147,7 +147,7 @@ angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout
     if confirm("Are you sure?")
       $http(
         method: "DELETE"
-        url: "/api/products/" + product.id
+        url: "/api/v0/products/" + product.id
       ).success (data) ->
         $scope.products.splice $scope.products.indexOf(product), 1
         DirtyProducts.deleteProduct product.id
@@ -162,7 +162,7 @@ angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout
         if confirm(t("are_you_sure"))
           $http(
             method: "DELETE"
-            url: "/api/products/" + product.permalink_live + "/variants/" + variant.id
+            url: "/api/v0/products/" + product.permalink_live + "/variants/" + variant.id
           ).success (data) ->
             $scope.removeVariant(product, variant)
     else

app/assets/javascripts/admin/enterprise_fees/directives/delete_resource.js.coffee

@@ -1,7 +1,7 @@
 angular.module('admin.enterpriseFees').directive 'spreeDeleteResource', ->
   (scope, element, attrs) ->
     if scope.enterprise_fee.id
-      url = '/api/enterprise_fees/' + scope.enterprise_fee.id
+      url = '/api/v0/enterprise_fees/' + scope.enterprise_fee.id
       html = '<a href="' + url + '" class="delete-resource icon_link icon-trash no-text" data-action="remove" data-confirm="' + t('are_you_sure') + '" url="' + url + '"></a>'
       #var html = '<a href="'+url+'" class="delete-resource" data-confirm="Are you sure?"><img alt="Delete" src="/assets/admin/icons/delete.png" /> Delete</a>';
       element.append html

app/assets/javascripts/admin/index_utils/services/resources.js.coffee

@@ -1,5 +1,5 @@
 angular.module("admin.indexUtils").factory "resources", ($resource) ->
-  LineItem = $resource '/api/orders/:order_number/line_items/:line_item_id.json',
+  LineItem = $resource '/api/v0/orders/:order_number/line_items/:line_item_id.json',
     { order_number: '@order_number', line_item_id: '@line_item_id'},
     'update': { method: 'PUT' }
   Customer = $resource '/admin/customers/:customer_id.json',

app/assets/javascripts/admin/order_cycles/services/exchange_product.js.coffee

@@ -1,5 +1,5 @@
 angular.module('admin.orderCycles').factory('ExchangeProduct', ($resource) ->
-  ExchangeProductResource = $resource('/api/exchanges/:exchange_id/products.json', {}, {
+  ExchangeProductResource = $resource('/api/v0/exchanges/:exchange_id/products.json', {}, {
     'index': { method: 'GET' }
     'variant_count': { method: 'GET', params: { action_name: "variant_count" }}
   })

app/assets/javascripts/admin/products/controllers/edit_units_controller.js.coffee

@@ -9,7 +9,7 @@ angular.module("admin.products").controller "editUnitsCtrl", ($scope, VariantUni
   if $scope.product.variant_unit == 'items'
     $scope.variant_unit_with_scale = 'items'
   else
-    $scope.variant_unit_with_scale = $scope.product.variant_unit + '_' + $scope.product.variant_unit_scale
+    $scope.variant_unit_with_scale = $scope.product.variant_unit + '_' + $scope.product.variant_unit_scale.replace(/\.0$/, '');
 
   $scope.setFields = ->
     if $scope.variant_unit_with_scale == 'items'

app/assets/javascripts/admin/products/controllers/units_controller.js.coffee

@@ -1,12 +1,13 @@
 angular.module("admin.products")
-  .controller "unitsCtrl", ($scope, VariantUnitManager, OptionValueNamer) ->
+  .controller "unitsCtrl", ($scope, VariantUnitManager, OptionValueNamer, UnitPrices) ->
     $scope.product = { master: {} }
     $scope.product.master.product = $scope.product
     $scope.placeholder_text = ""
 
-    $scope.$watchCollection '[product.variant_unit_with_scale, product.master.unit_value_with_description]', ->
+    $scope.$watchCollection '[product.variant_unit_with_scale, product.master.unit_value_with_description, product.price, product.variant_unit_name]', ->
       $scope.processVariantUnitWithScale()
       $scope.processUnitValueWithDescription()
+      $scope.processUnitPrice()
       $scope.placeholder_text = new OptionValueNamer($scope.product.master).name()
 
     $scope.variant_unit_options = VariantUnitManager.variantUnitOptions()
@@ -32,6 +33,14 @@ angular.module("admin.products")
           $scope.product.master.unit_value *= $scope.product.variant_unit_scale if $scope.product.master.unit_value && $scope.product.variant_unit_scale
           $scope.product.master.unit_description = match[3]
 
+    $scope.processUnitPrice = ->
+      price = $scope.product.price
+      scale = $scope.product.variant_unit_scale
+      unit_type = $scope.product.variant_unit
+      unit_value = $scope.product.master.unit_value
+      variant_unit_name = $scope.product.variant_unit_name
+      $scope.unit_price = UnitPrices.displayableUnitPrice(price, scale, unit_type, unit_value, variant_unit_name)
+
     $scope.hasVariants = (product) ->
       Object.keys(product.variants).length > 0
 

app/assets/javascripts/admin/products/controllers/variant_units_controller.js.coffee

@@ -1,8 +1,24 @@
-angular.module("admin.products").controller "variantUnitsCtrl", ($scope, VariantUnitManager, $timeout) ->
+angular.module("admin.products").controller "variantUnitsCtrl", ($scope, VariantUnitManager, $timeout, UnitPrices) ->
 
   $scope.unitName = (scale, type) ->
     VariantUnitManager.getUnitName(scale, type)
 
+  $scope.$watchCollection "[unit_value_human, variant.price]", ->
+    $scope.processUnitPrice()
+  
+  $scope.processUnitPrice = ->
+    if ($scope.variant)
+      price = $scope.variant.price
+      scale = $scope.scale
+      unit_type = angular.element("#product_variant_unit").val()
+      if (unit_type != "items")
+        $scope.updateValue()
+        unit_value = $scope.unit_value
+      else 
+        unit_value = 1
+      variant_unit_name = angular.element("#product_variant_unit_name").val()
+      $scope.unit_price = UnitPrices.displayableUnitPrice(price, scale, unit_type, unit_value, variant_unit_name)
+
   $scope.scale = angular.element('#product_variant_unit_scale').val()
 
   $scope.updateValue = ->
@@ -11,4 +27,6 @@ angular.module("admin.products").controller "variantUnitsCtrl", ($scope, Variant
 
   variant_unit_value = angular.element('#variant_unit_value').val()
   $scope.unit_value_human = variant_unit_value / $scope.scale
+
+  $timeout -> $scope.processUnitPrice()
   $timeout -> $scope.updateValue()

app/assets/javascripts/admin/products/products.js.coffee

@@ -1 +1 @@
-angular.module("admin.products", ["textAngular", "admin.utils"])
+angular.module("admin.products", ["textAngular", "admin.utils", "OFNShared"])

app/assets/javascripts/admin/products/services/product_image_service.js.coffee

@@ -8,7 +8,7 @@ angular.module("ofn.admin").factory "ProductImageService", (FileUploader, SpreeA
       autoUpload: true
 
     configure: (product) =>
-      @imageUploader.url = "/api/product_images/#{product.id}"
+      @imageUploader.url = "/api/v0/product_images/#{product.id}"
       @imagePreview = product.image_url
       @imageUploader.onSuccessItem = (image, response) =>
         product.thumb_url = response.thumb_url

app/assets/javascripts/admin/products/services/unit_prices.js.coffee

@@ -0,0 +1,32 @@
+angular.module("admin.products").factory "UnitPrices", (VariantUnitManager, localizeCurrencyFilter) ->
+  class UnitPrices
+    @displayableUnitPrice: (price, scale, unit_type, unit_value, variant_unit_name) ->
+      if price && !isNaN(price) && unit_type && unit_value
+        value = localizeCurrencyFilter(UnitPrices.price(price, scale, unit_type, unit_value, variant_unit_name))
+        unit = UnitPrices.unit(scale, unit_type, variant_unit_name)
+        return value + " / " + unit
+      return null
+
+    @price: (price, scale, unit_type, unit_value) ->
+      price / @denominator(scale, unit_type, unit_value)
+
+    @denominator: (scale, unit_type, unit_value) ->
+      unit = @unit(scale, unit_type)
+      if unit == "lb"
+        unit_value / 453.6
+      else if unit == "kg"
+        unit_value / 1000
+      else
+        unit_value
+
+    @unit: (scale, unit_type, variant_unit_name = '') ->
+      if variant_unit_name.length > 0
+        variant_unit_name
+      else if unit_type == "items"
+        "item"
+      else if VariantUnitManager.systemOfMeasurement(scale, unit_type) == "imperial"
+        "lb"
+      else if unit_type == "weight"
+        "kg"
+      else if unit_type == "volume"
+        "L"

app/assets/javascripts/admin/products/services/variant_unit_manager.js.coffee

@@ -67,3 +67,9 @@ angular.module("admin.products").factory "VariantUnitManager", (availableUnits)
       scaleSystem = @units[unitType][scale]['system']
       (parseFloat(scale) for scale, scaleInfo of @units[unitType] when scaleInfo['system'] == scaleSystem).sort (a, b) ->
          a - b
+
+    @systemOfMeasurement: (scale, unitType) ->
+      if @units[unitType][scale]
+        @units[unitType][scale]['system']
+      else
+        'custom'

app/assets/javascripts/admin/resources/resources/enterprise_resource.js.coffee

@@ -9,12 +9,12 @@ angular.module("admin.resources").factory 'EnterpriseResource', ($resource) ->
     'update':
       method: 'PUT'
     'removeLogo':
-      url: '/api/enterprises/:id/logo.json'
+      url: '/api/v0/enterprises/:id/logo.json'
       method: 'DELETE'
     'removePromoImage':
-      url: '/api/enterprises/:id/promo_image.json'
+      url: '/api/v0/enterprises/:id/promo_image.json'
       method: 'DELETE'
     'removeTermsAndConditions':
-      url: '/api/enterprises/:id/terms_and_conditions.json'
+      url: '/api/v0/enterprises/:id/terms_and_conditions.json'
       method: 'DELETE'
   })

app/assets/javascripts/admin/resources/resources/order_resource.js.coffee

@@ -1,17 +1,17 @@
 angular.module("admin.resources").factory 'OrderResource', ($resource) ->
   $resource('/admin/orders/:id/:action.json', {}, {
     'index':
-      url: '/api/orders.json'
+      url: '/api/v0/orders.json'
       method: 'GET'
     'update':
       method: 'PUT'
     'capture':
-      url: '/api/orders/:id/capture.json'
+      url: '/api/v0/orders/:id/capture.json'
       method: 'PUT'
       params:
         id: '@id'
     'ship':
-      url: '/api/orders/:id/ship.json'
+      url: '/api/v0/orders/:id/ship.json'
       method: 'PUT'
       params:
         id: '@id'

app/assets/javascripts/admin/resources/resources/product_resource.js.coffee

@@ -1,6 +1,6 @@
 angular.module("admin.resources").factory 'ProductResource', ($resource) ->
   $resource('/admin/product/:id/:action.json', {}, {
     'index':
-      url: '/api/products/bulk_products.json'
+      url: '/api/v0/products/bulk_products.json'
       method: 'GET'
   })

app/assets/javascripts/admin/services/bulk_products.js.coffee

@@ -10,8 +10,8 @@ angular.module("ofn.admin").factory "BulkProducts", (ProductResource, dataFetche
         angular.extend(@pagination, data.pagination)
 
     cloneProduct: (product) ->
-      $http.post("/api/products/" + product.id + "/clone").success (data) =>
-        dataFetcher("/api/products/" + data.id + "?template=bulk_show").then (newProduct) =>
+      $http.post("/api/v0/products/" + product.id + "/clone").success (data) =>
+        dataFetcher("/api/v0/products/" + data.id + "?template=bulk_show").then (newProduct) =>
           @unpackProduct newProduct
           @insertProductAfter(product, newProduct)
 

app/assets/javascripts/admin/tag_rules/controllers/tag_rules_controller.js.coffee

@@ -23,8 +23,6 @@ angular.module("admin.tagRules").controller "TagRulesCtrl", ($scope, $http, $fil
         preferred_customer_tags: (tag.text for tag in tagGroup.tags).join(",")
         type: "TagRule::#{ruleType}"
     switch ruleType
-      when "DiscountOrder"
-        newRule.calculator = { preferred_flat_percent: 0 }
       when "FilterShippingMethods"
         newRule.peferred_shipping_method_tags = []
         newRule.preferred_matched_shipping_methods_visibility = "visible"

app/assets/javascripts/admin/tag_rules/directives/new_rule_dialog.js.coffee

@@ -8,7 +8,6 @@ angular.module("admin.tagRules").directive 'newTagRuleDialog', ($compile, $templ
     template = $compile($templateCache.get('admin/new_tag_rule_dialog.html'))(scope)
 
     scope.ruleTypes = [
-      # { id: "DiscountOrder", name: 'Apply a discount to orders' }
       { id: "FilterProducts", name: t('js.tag_rules.show_hide_variants') }
       { id: "FilterShippingMethods", name: t('js.tag_rules.show_hide_shipping') }
       { id: "FilterPaymentMethods", name: t('js.tag_rules.show_hide_payment') }

app/assets/javascripts/admin/utils/services/status_message.js.coffee

@@ -1,11 +1,11 @@
-angular.module("admin.utils").factory "StatusMessage", ($timeout) ->
+angular.module("admin.utils").factory "StatusMessage", ->
   new class StatusMessage
     types:
-      progress: {timeout: false, style: {color: '#ff9906'}}
-      alert:    {timeout: 5000,  style: {color: 'grey'}}
-      notice:   {timeout: false, style: {color: 'grey'}}
-      success:  {timeout: 5000,  style: {color: '#9fc820'}}
-      failure:  {timeout: false, style: {color: '#da5354'}}
+      progress: {style: {color: '#ff9906'}}
+      alert:    {style: {color: 'grey'}}
+      notice:   {style: {color: 'grey'}}
+      success:  {style: {color: '#9fc820'}}
+      failure:  {style: {color: '#da5354'}}
 
     statusMessage:
       text: ""
@@ -25,13 +25,7 @@ angular.module("admin.utils").factory "StatusMessage", ($timeout) ->
     display: (type, text) ->
       @statusMessage.text = text
       @statusMessage.style = @types[type].style
-      $timeout.cancel @statusMessage.timeout  if @statusMessage.timeout
-      timeout = @types[type].timeout
-      if timeout
-        @statusMessage.timeout = $timeout =>
-          @clear()
-        , timeout, true
-      null # So we don't return weird timeouts
+      null
 
     clear: ->
       @statusMessage.text = ''

app/assets/javascripts/admin/variant_overrides/controllers/variant_overrides_controller.js.coffee

@@ -42,7 +42,7 @@ angular.module("admin.variantOverrides").controller "AdminVariantOverridesCtrl",
     $scope.fetchProducts()
 
   $scope.fetchProducts = ->
-    url = "/api/products/overridable?page=::page::;per_page=100"
+    url = "/api/v0/products/overridable?page=::page::;per_page=100"
     PagedFetcher.fetch url, $scope.addProducts
 
   $scope.addProducts = (data) ->

app/assets/javascripts/darkswarm/all.js.coffee

@@ -19,6 +19,8 @@
 #= require ../shared/ng-infinite-scroll.min.js
 #= require ../shared/angular-local-storage.js
 #= require ../shared/angular-slideables.js
+#= require ../shared/shared
+#= require_tree ../shared/directives
 #= require angularjs-file-upload
 #= require i18n/translations
 

app/assets/javascripts/darkswarm/controllers/edit_bought_order_controller.js.coffee

@@ -1,12 +1,20 @@
-Darkswarm.controller "EditBoughtOrderController", ($scope, $resource, Cart) ->
+Darkswarm.controller "EditBoughtOrderController", ($scope, $resource, $timeout, Cart, Messages) ->
   $scope.showBought = false
+  $scope.removeEnabled = true
 
   $scope.deleteLineItem = (id) ->
-    params = {id: id}
-    success = (response) ->
-      $(".line-item-" + id).remove()
-      Cart.removeFinalisedLineItem(id)
-    fail = (error) ->
-      console.log error
+    if Cart.has_one_line_item()
+      Messages.error(t 'orders_cannot_remove_the_final_item')
+      $scope.removeEnabled = false
+      $timeout (->
+        $scope.removeEnabled = true
+      ), 10000
+    else
+      params = {id: id}
+      success = (response) ->
+        $(".line-item-" + id).remove()
+        Cart.removeFinalisedLineItem(id)
+      fail = (error) ->
+        console.log error
 
-    $resource("/line_items/:id").delete(params, success, fail)
+      $resource("/line_items/:id").delete(params, success, fail)

app/assets/javascripts/darkswarm/controllers/hub_node_controller.js.coffee

@@ -24,7 +24,7 @@ Darkswarm.controller "HubNodeCtrl", ($scope, HashNavigation, CurrentHub, $http,
     $scope.shopfront_loading = true
     $scope.toggle_tab(event)
 
-    $http.get("/api/shops/" + $scope.hub.id)
+    $http.get("/api/v0/shops/" + $scope.hub.id)
       .success (data) ->
         $scope.shopfront_loading = false
         $scope.hub = data

app/assets/javascripts/darkswarm/controllers/producer_node_controller.js.coffee

@@ -24,7 +24,7 @@ Darkswarm.controller "ProducerNodeCtrl", ($scope, HashNavigation, $anchorScroll,
     $scope.shopfront_loading = true
     $scope.toggle_tab(event)
 
-    $http.get("/api/shops/" + $scope.producer.id)
+    $http.get("/api/v0/shops/" + $scope.producer.id)
       .success (data) ->
         $scope.shopfront_loading = false
         $scope.producer = data

app/assets/javascripts/darkswarm/darkswarm.js.coffee

@@ -10,7 +10,8 @@ window.Darkswarm = angular.module("Darkswarm", [
   'uiGmapgoogle-maps',
   'duScroll',
   'angularFileUpload',
-  'angularSlideables'
+  'angularSlideables',
+  'OFNShared'
 ]).config ($httpProvider, $tooltipProvider, $locationProvider, $anchorScrollProvider) ->
   $httpProvider.defaults.headers['common']['X-Requested-With'] = 'XMLHttpRequest'
   $httpProvider.defaults.headers.common['Accept'] = "application/json, text/javascript, */*"

app/assets/javascripts/darkswarm/directives/body_scroll.js.coffee

@@ -3,7 +3,15 @@ Darkswarm.directive "bodyScroll", ($rootScope, BodyScroll) ->
   scope: true
   link: (scope, elem, attrs) ->
     $rootScope.$on "toggleBodyScroll", ->
-      if BodyScroll.disabled
-        elem.addClass "disable-scroll"
+      if BodyScroll.disabled && document.body.scrollHeight > document.body.clientHeight
+        document.body.style.top = "-#{window.scrollY}px"
+        document.body.style.position = 'fixed'
+        document.body.style.overflowY = 'scroll'
+        document.body.style.width = '100%'
       else
-        elem.removeClass "disable-scroll"
+        scrollY = parseInt(document.body.style.top) * -1
+        document.body.style.position = ''
+        document.body.style.top = ''
+        document.body.style.overflowY = ''
+        document.body.style.width = ''
+        window.scrollTo(0, scrollY) if scrollY

app/assets/javascripts/darkswarm/directives/shop_variant_with_unit_price.js.coffee

@@ -4,4 +4,5 @@ Darkswarm.directive "shopVariantWithUnitPrice", ->
   templateUrl: 'shop_variant_with_unit_price.html'
   scope:
     variant: '='
+    show_unit_price: '=showunitprice'
   controller: 'ShopVariantCtrl'

app/assets/javascripts/darkswarm/services/cart.js.coffee

@@ -115,6 +115,9 @@ Darkswarm.factory 'Cart', (CurrentOrder, Variants, $timeout, $http, $modal, $roo
       @line_items = []
       localStorageService.clearAll() # One day this will have to be moar GRANULAR
 
+    has_one_line_item: =>
+      @line_items_finalised.length == 1
+
     removeFinalisedLineItem: (id) =>
       @line_items_finalised = @line_items_finalised.filter (item) ->
         item.id != id

app/assets/javascripts/darkswarm/services/customer.js.coffee

@@ -1,5 +1,5 @@
 angular.module("Darkswarm").factory 'Customer', ($resource, $injector, Messages) ->
-  Customer = $resource('/api/customers/:id/:action.json', {}, {
+  Customer = $resource('/api/v0/customers/:id/:action.json', {}, {
     'index':
       method: 'GET'
       isArray: true

app/assets/javascripts/darkswarm/services/enterprise_image_service.js.coffee

@@ -8,5 +8,5 @@ Darkswarm.factory "EnterpriseImageService", (FileUploader, spreeApiKey) ->
       autoUpload: true
 
     configure: (enterprise) =>
-      @imageUploader.url = "/api/enterprises/#{enterprise.id}/update_image"
+      @imageUploader.url = "/api/v0/enterprises/#{enterprise.id}/update_image"
       @imageUploader.onSuccessItem = (image, response) => @imageSrc = response

app/assets/javascripts/darkswarm/services/enterprise_modal.js.coffee

@@ -5,7 +5,7 @@ Darkswarm.factory "EnterpriseModal", ($modal, $rootScope, $http)->
       scope = $rootScope.$new(true) # Spawn an isolate to contain the enterprise
       scope.embedded_layout = window.location.search.indexOf("embedded_shopfront=true") != -1
 
-      $http.get("/api/shops/" + enterprise.id).success (data) ->
+      $http.get("/api/v0/shops/" + enterprise.id).success (data) ->
         scope.enterprise = data
         $modal.open(templateUrl: "enterprise_modal.html", scope: scope)
       .error (data) ->

app/assets/javascripts/darkswarm/services/enterprise_registration_service.js.coffee

@@ -18,7 +18,7 @@ Darkswarm.factory "EnterpriseRegistrationService", ($http, RegistrationService,
       Loading.message = t('creating') + " " + @enterprise.name
       $http(
         method: "POST"
-        url: "/api/enterprises"
+        url: "/api/v0/enterprises"
         data:
           enterprise: @prepare()
         params:
@@ -42,7 +42,7 @@ Darkswarm.factory "EnterpriseRegistrationService", ($http, RegistrationService,
       Loading.message = t('updating') + " " + @enterprise.name
       $http(
         method: "PUT"
-        url: "/api/enterprises/#{@enterprise.id}"
+        url: "/api/v0/enterprises/#{@enterprise.id}"
         data:
           enterprise: @prepare()
         params:

app/assets/javascripts/darkswarm/services/map_configuration.js.erb.coffee

@@ -4,11 +4,10 @@ Darkswarm.factory "MapConfiguration", ->
       center:
         latitude: -37.4713077
         longitude: 144.7851531
-      cluster_icon: "<%= image_path('map_009-cluster.svg') %>"
+      cluster_icon: "/map_icons/map_009-cluster.svg"
       zoom: 12
       additional_options:
         # mapTypeId: 'satellite'
         mapTypeControl: false
         streetViewControl: false
       styles: [{"featureType":"landscape","stylers":[{"saturation":-100},{"lightness":65},{"visibility":"on"}]},{"featureType":"poi","stylers":[{"saturation":-100},{"lightness":51},{"visibility":"simplified"}]},{"featureType":"road.highway","stylers":[{"saturation":-100},{"visibility":"simplified"}]},{"featureType":"road.arterial","stylers":[{"saturation":-100},{"lightness":30},{"visibility":"on"}]},{"featureType":"road.local","stylers":[{"saturation":-100},{"lightness":40},{"visibility":"on"}]},{"featureType":"transit","stylers":[{"saturation":-100},{"visibility":"simplified"}]},{"featureType":"administrative.province","stylers":[{"visibility":"off"}]},{"featureType":"water","elementType":"labels","stylers":[{"visibility":"on"},{"lightness":-25},{"saturation":-100}]},{"featureType":"water","elementType":"geometry","stylers":[{"hue":"#ffff00"},{"lightness":-25},{"saturation":-97}]},{"featureType":"road","elementType": "labels.icon","stylers":[{"visibility":"off"}]}]
-

app/assets/javascripts/darkswarm/services/order_cycle_resource.js.coffee

@@ -1,21 +1,21 @@
 Darkswarm.factory 'OrderCycleResource', ($resource) ->
-  $resource('/api/order_cycles/:id.json', {}, {
+  $resource('/api/v0/order_cycles/:id.json', {}, {
     'products':
       method: 'GET'
       isArray: true
-      url: '/api/order_cycles/:id/products.json'
+      url: '/api/v0/order_cycles/:id/products.json'
       params:
         id: '@id'
     'taxons':
       method: 'GET'
       isArray: true
-      url: '/api/order_cycles/:id/taxons.json'
+      url: '/api/v0/order_cycles/:id/taxons.json'
       params:
         id: '@id'
     'properties':
       method: 'GET'
       isArray: true
-      url: '/api/order_cycles/:id/properties.json'
+      url: '/api/v0/order_cycles/:id/properties.json'
       params:
         id: '@id'
   })

app/assets/javascripts/darkswarm/services/shops_resource.js.coffee

@@ -1,7 +1,7 @@
 Darkswarm.factory 'ShopsResource', ($resource) ->
-  $resource('/api/shops/:id.json', {}, {
+  $resource('/api/v0/shops/:id.json', {}, {
     'closed_shops':
       method: 'GET'
       isArray: true
-      url: '/api/shops/closed_shops.json'
+      url: '/api/v0/shops/closed_shops.json'
   })

app/assets/javascripts/shared/directives/question_mark_tooltip.js.coffee

@@ -1,17 +1,19 @@
-Darkswarm.directive "questionMarkWithTooltip", ($tooltip)->
+
+OFNShared.directive "questionMarkWithTooltip", ($tooltip)->
   # We use the $tooltip service from Angular foundation to give us boilerplate
   # Subsequently we patch the scope, template and restrictions
   tooltip = $tooltip 'questionMarkWithTooltip', 'questionMarkWithTooltip', 'click'
   tooltip.scope =
-    variant: "="
-  tooltip.templateUrl = "question_mark_with_tooltip_icon.html"
+    context: "="
+    key: "="
+  tooltip.templateUrl = "shared/question_mark_with_tooltip_icon.html"
   tooltip.replace = true
   tooltip.restrict = 'E'
   tooltip
 
 # This is automatically referenced via naming convention in $tooltip
-Darkswarm.directive 'questionMarkWithTooltipPopup', ->
+OFNShared.directive 'questionMarkWithTooltipPopup', ->
   restrict: 'EA'
   replace: true
-  templateUrl: 'question_mark_with_tooltip.html'
+  templateUrl: 'shared/question_mark_with_tooltip.html'
   scope: false

app/assets/javascripts/shared/shared.js.coffee

@@ -0,0 +1,4 @@
+window.OFNShared = angular.module("OFNShared", [
+  "mm.foundation"
+]).config ($httpProvider) ->
+  $httpProvider.defaults.headers.common["Accept"] = "application/json, text/javascript, */*"

app/assets/javascripts/templates/bulk_buy_modal.html.haml

@@ -2,12 +2,21 @@
   .columns.small-12
     %h3{"ng-bind" => "::variant.extended_name"}
 
-.row.variant-bulk-buy-price-summary
-  .columns.small-6
-    .variant-unit {{ ::variant.unit_to_display }}
-  .columns.small-6
+.flex.variant-bulk-buy-price-summary{style: "justify-content: space-around;"}
+  .variant-unit
+    {{ ::variant.unit_to_display }}
+  .div
     {{ variant.line_item.total_price | localizeCurrency }}
 
+  .unit-price{"ng-if": "show_unit_price"}
+    %question-mark-with-tooltip{"question-mark-with-tooltip": "_",
+    "question-mark-with-tooltip-append-to-body": "true",
+    "question-mark-with-tooltip-placement": "top",
+    "question-mark-with-tooltip-animation": true,
+    style: "margin-right: 5px",
+    key: "'js.shopfront.unit_price_tooltip'"} 
+    {{ variant.unit_price_price | localizeCurrency }} / {{ variant.unit_price_unit }}
+
 .row
   .columns.small-12.medium-6
     .variant-bulk-buy-quantity-label

app/assets/javascripts/templates/question_mark_with_tooltip.html.haml

@@ -1,6 +0,0 @@
-.joyride-tip-guide.question-mark-tooltip{ng: {class: "{ in: tt_isOpen, fade: tt_animation }", show: "tt_isOpen"}}
-  .background{ng: {click: "tt_isOpen = false"}}
-  .joyride-content-wrapper
-    {{ "js.shopfront.unit_price_tooltip" | t }}
-  %span.joyride-nub.bottom
-  

app/assets/javascripts/templates/shared/question_mark_with_tooltip.html.haml

@@ -0,0 +1,6 @@
+.joyride-tip-guide.question-mark-tooltip{class: "{{ context }}", ng: {class: "{ in: tt_isOpen, fade: tt_animation }", show: "tt_isOpen"}}
+  .background{ng: {click: "tt_isOpen = false"}}
+  .joyride-content-wrapper
+    {{ key  | t }}
+  %span.joyride-nub.bottom
+  

app/assets/javascripts/templates/shop_variant_with_unit_price.html.haml

@@ -8,12 +8,13 @@
       "price-breakdown-placement" => "bottom",
       "price-breakdown-animation" => true}
     {{ variant.price_with_fees | localizeCurrency }}
-    .variant-unit-price
+    .unit-price.variant-unit-price
       %question-mark-with-tooltip{"question-mark-with-tooltip" => "_",
       "question-mark-with-tooltip-append-to-body" => "true",
       "question-mark-with-tooltip-placement" => "top",
-      "question-mark-with-tooltip-animation" => true}
-      {{ variant.unit_price_price | localizeCurrency }} / {{ variant.unit_price_unit }}
+      "question-mark-with-tooltip-animation" => true,
+      key: "'js.shopfront.unit_price_tooltip'"}
+      {{ variant.unit_price_price | localizeCurrency }} / {{ variant.unit_price_unit }}
         
   .medium-2.large-2.columns.total-price
     %span{"ng-class" => "{filled: variant.line_item.total_price}"}

app/assets/stylesheets/admin/all.scss

@@ -48,3 +48,6 @@
 @import 'components/*';
 @import 'pages/*';
 @import '*';
+
+@import "../shared/question-mark-icon";
+@import "question-mark-tooltip";

app/assets/stylesheets/admin/question-mark-tooltip.scss

@@ -0,0 +1,18 @@
+.joyride-tip-guide {
+  background: $color-3;
+  color: $white;
+  font-family: inherit;
+  font-weight: $font-weight-normal;
+  position: absolute;
+  z-index: 101;
+  padding: 5px 15px;
+
+  .joyride-nub.bottom {
+    border: 10px solid;
+    display: block;
+    height: 0;
+    position: absolute;
+    width: 0;
+  }
+}
+

app/assets/stylesheets/darkswarm/_shop-inputs.scss

@@ -117,6 +117,13 @@ button.bulk-buy-add.variant-quantity {
   }
 }
 
+// Hide number arrows on Chrome, Safari, Edge, Opera
+.variant-quantity::-webkit-outer-spin-button,
+.variant-quantity::-webkit-inner-spin-button {
+  -webkit-appearance: none;
+  margin: 0;
+}
+
 .variant-bulk-buy-price-summary {
   color: $disabled-med;
   margin-bottom: 1em;

app/assets/stylesheets/darkswarm/_shop-product-rows.scss

@@ -67,8 +67,10 @@
 
         .variant-unit-price {
           color: $grey-700;
-          font-size: 0.9rem;
+          font-size: 0.85rem;
           margin-top: 15px;
+          position: relative;
+          left: -1px;
         }
 
         // Total price

app/assets/stylesheets/darkswarm/account.scss

@@ -99,7 +99,6 @@
   .transaction-group {}
 
   table {
-    width: 100%;
     border-radius: $radius-medium $radius-medium 0 0;
 
     tr:nth-of-type(even) {
@@ -143,3 +142,29 @@
     width: 10%;
   }
 }
+
+table {
+  &.full {
+    width: 100%;
+  }
+
+  &.top-rounded {
+    border-radius: $radius-medium $radius-medium 0 0;
+  }
+}
+
+// Note this relies on the <th> using `.show-for-large-up` as well.
+.requiring-authorization tr {
+  position: relative;
+
+  th:last-child {
+    position: absolute;
+    // The following calculation is the equivalent of:
+    //
+    // $table-cell-padding + 2 * browser's default border-spacing + 2 * table border
+    //
+    // Unfortunately we can't use Scss's interpolation
+    // https://sass-lang.com/documentation/interpolation. We're using a too old version perhaps?
+    right: calc(12px + 2*2px + 2*1px);
+  }
+}

app/assets/stylesheets/darkswarm/all.scss

@@ -21,3 +21,5 @@
 ofn-modal {
   display: block;
 }
+
+@import "../shared/question-mark-icon";

app/assets/stylesheets/darkswarm/cart-dropdown.scss

@@ -52,6 +52,11 @@
         font-size: 1.5em;
       }
     }
+
+    .unit-price {
+      justify-content: flex-end;
+    }
+
   }
 
   .go-shopping {
@@ -82,7 +87,8 @@
           padding: 0.5em 0 0.5em 1em;
         }
 
-        span {
+        span,
+        .total-price {
           color: $grey-800;
           font-size: 16px;
           line-height: 1.4em;

app/assets/stylesheets/darkswarm/cart-page.scss

@@ -44,6 +44,12 @@
     }
   }
 
+  .unit-price {
+    color: $grey-500;
+    font-size: $text-xs;
+  }
+
+
   input {
     &.ng-invalid-stock,
     &.ng-invalid-number {

app/assets/stylesheets/darkswarm/footer.scss

@@ -4,8 +4,8 @@
 
 footer {
   .row {
-    p a {
-      font-size: 0.875rem;
+    p {
+      font-size: 1rem;
     }
 
     a, a * {
@@ -107,9 +107,14 @@ footer {
         color: rgba($disabled-med, 0.35);
       }
 
+      p.text-big {
+        font-size: 1.5rem;
+        font-weight: 300;
+      }
+
       .social-icons {
-        margin-bottom: 0.25rem;
-        margin-top: 0.75rem;
+        margin-bottom: 0.9rem;
+        padding-top: 0.1rem;
 
         a {
           i {
@@ -128,5 +133,9 @@ footer {
         }
       }
     }
+
+    .legal p {
+      font-size: 0.875rem;
+    }
   }
 }

app/assets/stylesheets/darkswarm/tables.scss

@@ -1,9 +1,11 @@
+$table-cell-padding: 12px;
+
 table {
   thead tr, tbody tr {
     th, td {
       box-sizing: border-box;
-      padding-left: 12px;
-      padding-right: 12px;
+      padding-left: $table-cell-padding;
+      padding-right: $table-cell-padding;
       overflow: hidden;
     }
   }

app/assets/stylesheets/darkswarm/ui.scss

@@ -61,6 +61,13 @@
   @include border-radius(0.5em);
 
   outline: none;
+
+  &.x-small {
+    padding: 0.5rem 0.75rem;
+    font-size: $text-xs;
+    font-weight: 600;
+    margin: 0;
+  }
 }
 
 .button.primary, button.primary {
@@ -158,7 +165,3 @@ a.button.large {
 .flex {
   display: flex;
 }
-
-.disable-scroll {
-  overflow: hidden;
-}

app/assets/stylesheets/darkswarm/variables.scss

@@ -45,3 +45,5 @@ $shop-sidebar-overlay: rgba(0, 0, 0, 0.5);
 $transition-sidebar: 250ms ease-in-out 0s;
 
 $padding-small: 0.5rem;
+
+$text-xs: 0.75rem;

app/assets/stylesheets/mail/email.scss

@@ -63,6 +63,12 @@ p.notice {
   margin-top: 20px;
 }
 
+.powered-by-ofn {
+  background-color: #ebebeb;
+  padding: .5em;
+  text-align: center;
+}
+
 table.social {
   background-color: #ebebeb;
 

app/assets/stylesheets/shared/question-mark-icon.scss

@@ -1,11 +1,21 @@
+@import "variables/variables";
+
+.unit-price {
+  display: flex;
+  align-items: center;
+}
+
 .question-mark-icon {
-  position: relative;
-  top: 1px;
+  background-image: image-url("question-mark-icon.svg");
+  background-size: cover;
+  background-repeat: no-repeat;
+  border-radius: 50%;
 
   // Reset button element css attributes
   padding: 0;
   margin: 0;
   width: 20px;
+  min-width: 20px;
   height: 20px;
   background-color: transparent;
 
@@ -14,29 +24,49 @@
     background-color: transparent;
   }
 
-  &::before {
-    content: "?";
-    padding-left: 1px;
-    display: inline-block;
-    color: $tiny-blue;
-    border: 1px solid $grey-250;
-    border-radius: 50%;
-    text-align: center;
-    background-color: $grey-075;
-    width: 20px;
-    height: 20px;
-    font-weight: bold;
-    font-size: 1rem;
+  &.open {
+    background-image: none;
+    background-color: $teal-500;
+
+    &:focus {
+      outline: 0;
+    }
+
+    &::before {
+      @include icon-font;
+      content: "";
+      color: $white;
+      vertical-align: super;
+    }
   }
 }
 
+// Question mark icon into a field
+.field .question-mark-icon {
+  width: 15px;
+  min-width: 15px;
+  height: 15px;
+  margin-left: 2px;
+}
+
 .joyride-tip-guide.question-mark-tooltip {
   width: 16rem;
   max-width: 65%;
   // JS needs to be tweaked to adjust for left alignment - this is dynamic can't rewrite in CSS
   margin-left: -7.4rem;
-  margin-top: 0.1rem;
+  margin-top: -0.1rem;
   background-color: transparent;
+  z-index: $modal-zIndex + 1;
+
+  .background {
+    position: fixed;
+    top: 0;
+    left: 0;
+    width: 100%;
+    height: 100%;
+    z-index: -1;
+    cursor: pointer;
+  }
 
   .joyride-content-wrapper {
     background-color: $dynamic-blue;
@@ -56,4 +86,14 @@
     left: 7.4rem;
     z-index: -1;
   }
+
+  &.cart-sidebar {
+    // Small size (used in the cart sidebar)
+    width: 13rem;
+    margin-left: -10.4rem;
+
+    .joyride-nub.bottom {
+      left: 10.4rem;
+    }
+  }
 }

app/assets/stylesheets/shared/variables/variables.scss

@@ -0,0 +1,28 @@
+$padding-small: 0.5rem;
+$radius-small: 0.25em;
+$white: #fff;
+$dynamic-blue: #3d8dd1;
+$teal-500: #0096ad;
+
+/* Defined in foundation-rails components/_reveal.scss */
+$modal-zIndex: 1005;
+
+@font-face {
+	font-family: 'OFN';
+	src: font-url('OFN-v2.eot');
+	src: font-url('OFN-v2.eot') format('embedded-opentype'),
+		font-url('OFN-v2.woff') format('woff'),
+		font-url('OFN-v2.ttf') format('truetype'),
+		font-url('OFN-v2.svg') format('svg');
+	font-weight: normal;
+	font-style: normal;
+}
+
+@mixin icon-font {
+  font-family: "OFN";
+  display: inline-block;
+  font-weight: normal;
+  font-style: normal;
+  font-variant: normal;
+  text-transform: none;
+}

app/components/distributor_title_component.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class DistributorTitleComponent < ViewComponent::Base
+  def initialize(name:)
+    @name = name
+  end
+end

app/components/distributor_title_component/distributor_title_component.html.haml

@@ -0,0 +1 @@
+%h3= @name

app/components/example_component.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class ExampleComponent < ViewComponent::Base
+  def initialize(title:)
+    @title = title
+  end
+end

app/components/example_component/example_component.html.haml

@@ -0,0 +1 @@
+%h1 #{@title}

app/controllers/admin/bulk_line_items_controller.rb

@@ -36,7 +36,7 @@ module Admin
           order.update_line_item_fees! @line_item
           order.update_order_fees!
           order.update!
-          render nothing: true, status: :no_content # No Content, does not trigger ng resource auto-update
+          render body: nil, status: :no_content # No Content, does not trigger ng resource auto-update
         else
           render json: { errors: @line_item.errors }, status: :precondition_failed
         end
@@ -50,7 +50,7 @@ module Admin
       authorize! :update, order
 
       @line_item.destroy
-      render nothing: true, status: :no_content # No Content, does not trigger ng resource auto-update
+      render body: nil, status: :no_content # No Content, does not trigger ng resource auto-update
     end
 
     private

app/controllers/admin/column_preferences_controller.rb

@@ -12,7 +12,7 @@ module Admin
       elsif @cp_set.errors.present?
         render json: { errors: @cp_set.errors }, status: :bad_request
       else
-        render nothing: true, status: :internal_server_error
+        render body: nil, status: :internal_server_error
       end
     end
 

app/controllers/admin/customers_controller.rb

@@ -18,21 +18,13 @@ module Admin
         format.html
         format.json do
           render json: @collection,
-                 each_serializer: index_each_serializer,
+                 each_serializer: ::Api::Admin::CustomerWithBalanceSerializer,
                  tag_rule_mapping: tag_rule_mapping,
                  customer_tags: customer_tags_by_id
         end
       end
     end
 
-    def index_each_serializer
-      if OpenFoodNetwork::FeatureToggle.enabled?(:customer_balance, spree_current_user)
-        ::Api::Admin::CustomerWithBalanceSerializer
-      else
-        ::Api::Admin::CustomerWithCalculatedBalanceSerializer
-      end
-    end
-
     def show
       render_as_json @customer, ams_prefix: params[:ams_prefix]
     end
@@ -53,15 +45,12 @@ module Admin
 
     # copy of Admin::ResourceController without flash notice
     def destroy
-      invoke_callbacks(:destroy, :before)
       if @object.destroy
-        invoke_callbacks(:destroy, :after)
         respond_with(@object) do |format|
           format.html { redirect_to location_after_destroy }
           format.js   { render partial: "spree/admin/shared/destroy" }
         end
       else
-        invoke_callbacks(:destroy, :fails)
         respond_with(@object) do |format|
           format.html { redirect_to location_after_destroy }
           format.json { render json: { errors: @object.errors.full_messages }, status: :conflict }
@@ -73,21 +62,18 @@ module Admin
 
     def collection
       if json_request? && params[:enterprise_id].present?
-        customers_relation.
-          includes(:bill_address, :ship_address, user: :credit_cards)
+        CustomersWithBalance.new(managed_enterprise_id).query.
+          includes(
+            :enterprise,
+            { bill_address: [:state, :country] },
+            { ship_address: [:state, :country] },
+            user: :credit_cards
+          )
       else
         Customer.where('1=0')
       end
     end
 
-    def customers_relation
-      if OpenFoodNetwork::FeatureToggle.enabled?(:customer_balance, spree_current_user)
-        CustomersWithBalance.new(managed_enterprise_id).query
-      else
-        Customer.of(managed_enterprise_id)
-      end
-    end
-
     def managed_enterprise_id
       @managed_enterprise_id ||= Enterprise.managed_by(spree_current_user).
         select('enterprises.id').find_by(id: params[:enterprise_id])

app/controllers/admin/enterprise_fees_controller.rb

@@ -10,6 +10,8 @@ module Admin
 
       blank_enterprise_fee = EnterpriseFee.new
       blank_enterprise_fee.enterprise = current_enterprise
+
+      @collection = @collection.to_a
       3.times { @collection << blank_enterprise_fee }
 
       respond_to do |format|

app/controllers/admin/enterprise_groups_controller.rb

@@ -25,15 +25,14 @@ module Admin
 
     protected
 
-    def build_resource_with_address
-      enterprise_group = build_resource_without_address
+    def build_resource
+      enterprise_group = super
       enterprise_group.address = Spree::Address.new
       enterprise_group.address.country = Spree::Country.find_by(
         id: Spree::Config[:default_country_id]
       )
       enterprise_group
     end
-    alias_method_chain :build_resource, :address
 
     # Overriding method on Spree's resource controller,
     # so that resources are found using permalink.

app/controllers/admin/enterprise_relationships_controller.rb

@@ -14,7 +14,7 @@ module Admin
       @enterprise_relationship = EnterpriseRelationship.new enterprise_relationship_params
 
       if @enterprise_relationship.save
-        render text: Api::Admin::EnterpriseRelationshipSerializer.new(@enterprise_relationship).to_json
+        render plain: Api::Admin::EnterpriseRelationshipSerializer.new(@enterprise_relationship).to_json
       else
         render status: :bad_request, json: { errors: @enterprise_relationship.errors.full_messages.join(', ') }
       end
@@ -23,7 +23,7 @@ module Admin
     def destroy
       @enterprise_relationship = EnterpriseRelationship.find params[:id]
       @enterprise_relationship.destroy
-      render nothing: true
+      render body: nil
     end
 
     private

app/controllers/admin/enterprise_roles_controller.rb

@@ -10,7 +10,7 @@ module Admin
       @enterprise_role = EnterpriseRole.new enterprise_role_params
 
       if @enterprise_role.save
-        render text: Api::Admin::EnterpriseRoleSerializer.new(@enterprise_role).to_json
+        render plain: Api::Admin::EnterpriseRoleSerializer.new(@enterprise_role).to_json
 
       else
         render status: :bad_request, json: { errors: @enterprise_role.errors.full_messages.join(', ') }
@@ -20,7 +20,7 @@ module Admin
     def destroy
       @enterprise_role = EnterpriseRole.find params[:id]
       @enterprise_role.destroy
-      render nothing: true
+      render body: nil
     end
 
     private

app/controllers/admin/enterprises_controller.rb

@@ -43,12 +43,11 @@ module Admin
     end
 
     def update
-      invoke_callbacks(:update, :before)
       tag_rules_attributes = params[object_name].delete :tag_rules_attributes
       update_tag_rules(tag_rules_attributes) if tag_rules_attributes.present?
       update_enterprise_notifications
+
       if @object.update(enterprise_params)
-        invoke_callbacks(:update, :after)
         flash[:success] = flash_message_for(@object, :successfully_updated)
         respond_with(@object) do |format|
           format.html { redirect_to location_after_save }
@@ -56,7 +55,6 @@ module Admin
           format.json { render_as_json @object, ams_prefix: 'index', spree_current_user: spree_current_user }
         end
       else
-        invoke_callbacks(:update, :fails)
         respond_with(@object) do |format|
           format.json { render json: { errors: @object.errors.messages }, status: :unprocessable_entity }
         end
@@ -64,12 +62,14 @@ module Admin
     end
 
     def register
-      if params[:sells] == 'unspecified'
+      register_params = params.permit(:sells)
+
+      if register_params[:sells] == 'unspecified'
         flash[:error] = I18n.t(:enterprise_register_package_error)
         return render :welcome, layout: "spree/layouts/bare_admin"
       end
 
-      attributes = { sells: params[:sells], visible: true }
+      attributes = { sells: register_params[:sells], visible: true }
 
       if @enterprise.update(attributes)
         flash[:success] = I18n.t(:enterprise_register_success_notice, enterprise: @enterprise.name)
@@ -112,13 +112,12 @@ module Admin
 
     protected
 
-    def build_resource_with_address
-      enterprise = build_resource_without_address
+    def build_resource
+      enterprise = super
       enterprise.address ||= Spree::Address.new
       enterprise.address.country ||= Spree::Country.find_by(id: Spree::Config[:default_country_id])
       enterprise
     end
-    alias_method_chain :build_resource, :address
 
     # Overriding method on Spree's resource controller,
     # so that resources are found using permalink
@@ -213,7 +212,6 @@ module Admin
         tag_rules_attributes.select{ |_i, attrs| attrs[:type].present? }.each do |_i, attrs|
           rule = @object.tag_rules.find_by(id: attrs.delete(:id)) ||
                  attrs[:type].constantize.new(enterprise: @object)
-          create_calculator_for(rule, attrs) if rule.type == "TagRule::DiscountOrder" && rule.calculator.nil?
 
           rule.update(attrs.permit(PermittedAttributes::TagRules.attributes))
         end
@@ -245,31 +243,31 @@ module Admin
 
     def check_can_change_sells
       unless spree_current_user.admin? || spree_current_user == @enterprise.owner
-        params[:enterprise].delete :sells
+        enterprise_params.delete :sells
       end
     end
 
     def override_owner
-      params[:enterprise][:owner_id] = spree_current_user.id unless spree_current_user.admin?
+      enterprise_params[:owner_id] = spree_current_user.id unless spree_current_user.admin?
     end
 
     def override_sells
       unless spree_current_user.admin?
         has_hub = spree_current_user.owned_enterprises.is_hub.any?
         new_enterprise_is_producer = Enterprise.new(enterprise_params).is_primary_producer
-        params[:enterprise][:sells] = has_hub && !new_enterprise_is_producer ? 'any' : 'none'
+        enterprise_params[:sells] = has_hub && !new_enterprise_is_producer ? 'any' : 'none'
       end
     end
 
     def check_can_change_owner
       unless ( spree_current_user == @enterprise.owner ) || spree_current_user.admin?
-        params[:enterprise].delete :owner_id
+        enterprise_params.delete :owner_id
       end
     end
 
     def check_can_change_bulk_owner
       unless spree_current_user.admin?
-        params[:sets_enterprise_set][:collection_attributes].each do |_i, enterprise_params|
+        bulk_params[:collection_attributes].each do |_i, enterprise_params|
           enterprise_params.delete :owner_id
         end
       end
@@ -277,15 +275,15 @@ module Admin
 
     def check_can_change_managers
       unless ( spree_current_user == @enterprise.owner ) || spree_current_user.admin?
-        params[:enterprise].delete :user_ids
+        enterprise_params.delete :user_ids
       end
     end
 
     def strip_new_properties
-      unless spree_current_user.admin? || params[:enterprise][:producer_properties_attributes].nil?
+      unless spree_current_user.admin? || params.dig(:enterprise, :producer_properties_attributes).nil?
         names = Spree::Property.pluck(:name)
-        params[:enterprise][:producer_properties_attributes].each do |key, property|
-          params[:enterprise][:producer_properties_attributes].delete key unless names.include? property[:property_name]
+        enterprise_params[:producer_properties_attributes].each do |key, property|
+          enterprise_params[:producer_properties_attributes].delete key unless names.include? property[:property_name]
         end
       end
     end
@@ -317,13 +315,14 @@ module Admin
     end
 
     def enterprise_params
-      PermittedAttributes::Enterprise.new(params).call
+      @enterprise_params ||= PermittedAttributes::Enterprise.new(params).call.
+        to_h.with_indifferent_access
     end
 
     def bulk_params
-      params.require(:sets_enterprise_set).permit(
+      @bulk_params ||= params.require(:sets_enterprise_set).permit(
         collection_attributes: PermittedAttributes::Enterprise.attributes
-      )
+      ).to_h.with_indifferent_access
     end
 
     # Used in Admin::ResourceController#create

app/controllers/admin/invoice_settings_controller.rb

@@ -1,7 +1,7 @@
 module Admin
   class InvoiceSettingsController < Spree::Admin::BaseController
     def update
-      Spree::Config.set(params[:preferences])
+      Spree::Config.set(preferences_params.to_h)
 
       respond_to do |format|
         format.html {
@@ -9,5 +9,15 @@ module Admin
         }
       end
     end
+
+    private
+
+    def preferences_params
+      params.require(:preferences).permit(
+        :enable_invoices?,
+        :invoice_style2?,
+        :enable_receipt_printing?,
+      )
+    end
   end
 end

app/controllers/admin/matomo_settings_controller.rb

@@ -1,7 +1,7 @@
 module Admin
   class MatomoSettingsController < Spree::Admin::BaseController
     def update
-      Spree::Config.set(params[:preferences])
+      Spree::Config.set(preferences_params.to_h)
 
       respond_to do |format|
         format.html {
@@ -9,5 +9,15 @@ module Admin
         }
       end
     end
+
+    private
+
+    def preferences_params
+      params.require(:preferences).permit(
+        :matomo_url,
+        :matomo_site_id,
+        :matomo_tag_manager_url,
+      )
+    end
   end
 end

app/controllers/admin/order_cycles_controller.rb

@@ -101,7 +101,7 @@ module Admin
 
     def collection
       return Enterprise.where("1=0") unless json_request?
-      return order_cycles_from_set if params[:order_cycle_set]
+      return order_cycles_from_set if params[:order_cycle_set].present?
 
       ocs = order_cycles
       ocs.undated | ocs.soonest_closing | ocs.soonest_opening | ocs.closed
@@ -126,7 +126,7 @@ module Admin
     def order_cycles_as_distributor
       OrderCycle.
         preload(:schedules).
-        ransack(params[:q]).
+        ransack(raw_params[:q]).
         result.
         involving_managed_distributors_of(spree_current_user).
         order('updated_at DESC')
@@ -135,7 +135,7 @@ module Admin
     def order_cycles_as_producer
       OrderCycle.
         preload(:schedules).
-        ransack(params[:q]).
+        ransack(raw_params[:q]).
         result.
         involving_managed_producers_of(spree_current_user).
         order('updated_at DESC')
@@ -144,7 +144,7 @@ module Admin
     def order_cycles_as_both
       OrderCycle.
         preload(:schedules).
-        ransack(params[:q]).
+        ransack(raw_params[:q]).
         result.
         visible_by(spree_current_user)
     end
@@ -153,9 +153,9 @@ module Admin
       if json_request?
         # Split ransack params into all those that currently exist and new ones
         #   to limit returned ocs to recent or undated
-        orders_close_at_gt = params[:q].andand.delete(:orders_close_at_gt) || 31.days.ago
-        params[:q] = {
-          g: [params.delete(:q) || {}, { m: 'or',
+        orders_close_at_gt = raw_params[:q].andand.delete(:orders_close_at_gt) || 31.days.ago
+        raw_params[:q] = {
+          g: [raw_params.delete(:q) || {}, { m: 'or',
                                          orders_close_at_gt: orders_close_at_gt,
                                          orders_close_at_null: true }]
         }
@@ -199,27 +199,30 @@ module Admin
     end
 
     def remove_protected_attrs
-      params[:order_cycle].delete :coordinator_id
+      return if order_cycle_params.blank?
+
+      order_cycle_params.delete :coordinator_id
 
       unless Enterprise.managed_by(spree_current_user).include?(@order_cycle.coordinator)
-        params[:order_cycle].delete_if do |k, _v|
+        order_cycle_params.delete_if do |k, _v|
           [:name, :orders_open_at, :orders_close_at].include? k.to_sym
         end
       end
     end
 
-    def remove_unauthorized_bulk_attrs
-      params[:order_cycle_set][:collection_attributes].each do |i, hash|
+    def authorized_order_cycles
+      managed_ids = managed_enterprises.map(&:id)
+
+      (order_cycle_bulk_params[:collection_attributes] || []).keep_if do |_index, hash|
         order_cycle = OrderCycle.find(hash[:id])
-        unless Enterprise.managed_by(spree_current_user).include?(order_cycle.andand.coordinator)
-          params[:order_cycle_set][:collection_attributes].delete i
-        end
+        managed_ids.include?(order_cycle.andand.coordinator_id)
       end
     end
 
     def order_cycles_from_set
-      remove_unauthorized_bulk_attrs
-      OrderCycle.where(id: params[:order_cycle_set][:collection_attributes].map{ |_k, v| v[:id] })
+      return if authorized_order_cycles.blank?
+
+      OrderCycle.where(id: authorized_order_cycles.map{ |_k, v| v[:id] })
     end
 
     def order_cycle_set
@@ -227,7 +230,7 @@ module Admin
     end
 
     def require_order_cycle_set_params
-      return if params[:order_cycle_set]
+      return if params[:order_cycle_set].present?
 
       render json: { errors: t('admin.order_cycles.bulk_update.no_data') },
              status: :unprocessable_entity
@@ -238,13 +241,14 @@ module Admin
     end
 
     def order_cycle_params
-      PermittedAttributes::OrderCycle.new(params).call
+      @order_cycle_params ||= PermittedAttributes::OrderCycle.new(params).call.
+        to_h.with_indifferent_access
     end
 
     def order_cycle_bulk_params
       params.require(:order_cycle_set).permit(
         collection_attributes: [:id] + PermittedAttributes::OrderCycle.basic_attributes
-      )
+      ).to_h.with_indifferent_access
     end
   end
 end

app/controllers/admin/resource_controller.rb

@@ -1,5 +1,3 @@
-require 'action_callbacks'
-
 module Admin
   class ResourceController < Spree::Admin::BaseController
     helper_method :new_object_url, :edit_object_url, :object_url, :collection_url
@@ -11,7 +9,6 @@ module Admin
     respond_to :js, except: [:show, :index]
 
     def new
-      invoke_callbacks(:new_action, :before)
       respond_with(@object) do |format|
         format.html { render layout: !request.xhr? }
         format.js   { render layout: false }
@@ -26,32 +23,26 @@ module Admin
     end
 
     def update
-      invoke_callbacks(:update, :before)
       if @object.update(permitted_resource_params)
-        invoke_callbacks(:update, :after)
         flash[:success] = flash_message_for(@object, :successfully_updated)
         respond_with(@object) do |format|
           format.html { redirect_to location_after_save }
           format.js   { render layout: false }
         end
       else
-        invoke_callbacks(:update, :fails)
         respond_with(@object)
       end
     end
 
     def create
-      invoke_callbacks(:create, :before)
       @object.attributes = permitted_resource_params
       if @object.save
-        invoke_callbacks(:create, :after)
         flash[:success] = flash_message_for(@object, :successfully_created)
         respond_with(@object) do |format|
           format.html { redirect_to location_after_save }
           format.js   { render layout: false }
         end
       else
-        invoke_callbacks(:create, :fails)
         respond_with(@object)
       end
     end
@@ -62,21 +53,18 @@ module Admin
       end
 
       respond_to do |format|
-        format.js { render text: 'Ok' }
+        format.js { render plain: 'Ok' }
       end
     end
 
     def destroy
-      invoke_callbacks(:destroy, :before)
       if @object.destroy
-        invoke_callbacks(:destroy, :after)
         flash[:success] = flash_message_for(@object, :successfully_removed)
         respond_with(@object) do |format|
           format.html { redirect_to collection_url }
           format.js   { render partial: "spree/admin/shared/destroy" }
         end
       else
-        invoke_callbacks(:destroy, :fails)
         respond_with(@object) do |format|
           format.html { redirect_to collection_url }
         end
@@ -92,7 +80,6 @@ module Admin
 
     class << self
       attr_accessor :parent_data
-      attr_accessor :callbacks
 
       def belongs_to(model_name, options = {})
         @parent_data ||= {}
@@ -100,26 +87,6 @@ module Admin
         @parent_data[:model_class] = model_name.to_s.classify.constantize
         @parent_data[:find_by] = options[:find_by] || :id
       end
-
-      def new_action
-        @callbacks ||= {}
-        @callbacks[:new_action] ||= ActionCallbacks.new
-      end
-
-      def create
-        @callbacks ||= {}
-        @callbacks[:create] ||= ActionCallbacks.new
-      end
-
-      def update
-        @callbacks ||= {}
-        @callbacks[:update] ||= ActionCallbacks.new
-      end
-
-      def destroy
-        @callbacks ||= {}
-        @callbacks[:destroy] ||= ActionCallbacks.new
-      end
     end
 
     def model_class
@@ -212,17 +179,6 @@ module Admin
       collection_url
     end
 
-    def invoke_callbacks(action, callback_type)
-      callbacks = self.class.callbacks || {}
-      return if callbacks[action].nil?
-
-      case callback_type.to_sym
-      when :before then callbacks[action].before_methods.each { |method| __send__ method }
-      when :after  then callbacks[action].after_methods.each  { |method| __send__ method }
-      when :fails  then callbacks[action].fails_methods.each  { |method| __send__ method }
-      end
-    end
-
     # URL helpers
     def new_object_url(options = {})
       if parent_data.present?

app/controllers/admin/schedules_controller.rb

@@ -9,7 +9,8 @@ module Admin
     before_action :editable_order_cycle_ids_for_create, only: [:create]
     before_action :editable_order_cycle_ids_for_update, only: [:update]
     before_action :check_dependent_subscriptions, only: [:destroy]
-    update.after :sync_subscriptions_for_update
+
+    after_action :sync_subscriptions_for_update, only: :update
 
     respond_to :json
 
@@ -120,7 +121,7 @@ module Admin
     end
 
     def sync_subscriptions_for_update
-      return unless params[:schedule][:order_cycle_ids]
+      return unless params[:schedule][:order_cycle_ids] && @object.errors.blank?
 
       sync_subscriptions
     end

app/controllers/admin/stripe_accounts_controller.rb

@@ -3,7 +3,7 @@ require 'stripe/account_connector'
 module Admin
   class StripeAccountsController < Spree::Admin::BaseController
     def connect
-      payload = params.slice(:enterprise_id)
+      payload = params.permit(:enterprise_id).to_h
       key = Openfoodnetwork::Application.config.secret_token
       url_params = { state: JWT.encode(payload, key, 'HS256'), scope: "read_write" }
       redirect_to Stripe::OAuth.authorize_url(url_params)

app/controllers/admin/stripe_connect_settings_controller.rb

@@ -17,7 +17,7 @@ module Admin
     end
 
     def update
-      Spree::Config.set(params[:settings])
+      Spree::Config.set(settings_params.to_h)
       resource = t('admin.controllers.stripe_connect_settings.resource')
       flash[:success] = t(:successfully_updated, resource: resource)
       redirect_to_edit
@@ -37,5 +37,11 @@ module Admin
       key = Stripe.api_key
       key.first(8) + "****" + key.last(4)
     end
+
+    def settings_params
+      params.require(:settings).permit(
+        :stripe_connect_enabled,
+      )
+    end
   end
 end

app/controllers/admin/subscriptions_controller.rb

@@ -57,14 +57,13 @@ module Admin
     end
 
     def unpause
-      params[:subscription][:paused_at] = nil
-      save_form_and_render
+      save_form_and_render(true, unpause: true)
     end
 
     private
 
-    def save_form_and_render(render_issues = true)
-      form = OrderManagement::Subscriptions::Form.new(@subscription, subscription_params)
+    def save_form_and_render(render_issues = true, options = {})
+      form = OrderManagement::Subscriptions::Form.new(@subscription, subscription_params, options)
       unless form.save
         render json: { errors: form.json_errors }, status: :unprocessable_entity
         return
@@ -106,22 +105,22 @@ module Admin
 
     # Wrap :subscription_line_items_attributes in :subscription root
     def wrap_nested_attrs
-      if params[:subscription_line_items].is_a? Array
-        attributes = params[:subscription_line_items].map do |sli|
+      if raw_params[:subscription_line_items].is_a? Array
+        attributes = raw_params[:subscription_line_items].map do |sli|
           sli.slice(*SubscriptionLineItem.attribute_names + ["_destroy"])
         end
-        params[:subscription][:subscription_line_items_attributes] = attributes
+        subscription_params[:subscription_line_items_attributes] = attributes
       end
       wrap_bill_address_attrs if params[:bill_address]
       wrap_ship_address_attrs if params[:ship_address]
     end
 
     def wrap_bill_address_attrs
-      params[:subscription][:bill_address_attributes] = params[:bill_address].slice(*Spree::Address.attribute_names)
+      subscription_params[:bill_address_attributes] = raw_params[:bill_address].slice(*Spree::Address.attribute_names)
     end
 
     def wrap_ship_address_attrs
-      params[:subscription][:ship_address_attributes] = params[:ship_address].slice(*Spree::Address.attribute_names)
+      subscription_params[:ship_address_attributes] = raw_params[:ship_address].slice(*Spree::Address.attribute_names)
     end
 
     def check_for_open_orders
@@ -141,8 +140,8 @@ module Admin
     end
 
     def strip_banned_attrs
-      params[:subscription].delete :schedule_id
-      params[:subscription].delete :customer_id
+      subscription_params.delete :schedule_id
+      subscription_params.delete :customer_id
     end
 
     # Overriding Spree method to load data from params here so that
@@ -156,7 +155,8 @@ module Admin
     end
 
     def subscription_params
-      PermittedAttributes::Subscription.new(params).call
+      @subscription_params ||= PermittedAttributes::Subscription.new(params).call.
+        to_h.with_indifferent_access
     end
   end
 end

app/controllers/admin/tag_rules_controller.rb

@@ -3,7 +3,7 @@ module Admin
     respond_to :json
 
     respond_override destroy: { json: {
-      success: lambda { render nothing: true, status: :no_content }
+      success: lambda { render body: nil, status: :no_content }
     } }
 
     def map_by_tag

app/controllers/admin/variant_overrides_controller.rb

@@ -21,7 +21,7 @@ module Admin
       elsif @vo_set.errors.present?
         render json: { errors: @vo_set.errors }, status: :bad_request
       else
-        render nothing: true, status: :internal_server_error
+        render body: nil, status: :internal_server_error
       end
     end
 
@@ -103,13 +103,13 @@ module Admin
     end
 
     def variant_overrides_params
-      params.require(:variant_overrides).map do |variant_override|
-        variant_override.permit(
+      params.permit(
+        variant_overrides: [
           :id, :variant_id, :hub_id,
           :price, :count_on_hand, :sku, :on_demand,
           :default_stock, :resettable, :tag_list
-        )
-      end
+        ]
+      ).to_h[:variant_overrides]
     end
   end
 end

app/controllers/api/base_controller.rb

@@ -1,102 +0,0 @@
-# Base controller for OFN's API
-require_dependency 'spree/api/controller_setup'
-require "spree/core/controller_helpers/ssl"
-
-module Api
-  class BaseController < ActionController::Metal
-    include ActionController::StrongParameters
-    include ActionController::RespondWith
-    include Spree::Api::ControllerSetup
-    include Spree::Core::ControllerHelpers::SSL
-    include ::ActionController::Head
-    include ::ActionController::ConditionalGet
-    include ActionView::Layouts
-
-    layout false
-
-    attr_accessor :current_api_user
-
-    before_action :set_content_type
-    before_action :authenticate_user
-
-    rescue_from Exception, with: :error_during_processing
-    rescue_from CanCan::AccessDenied, with: :unauthorized
-    rescue_from ActiveRecord::RecordNotFound, with: :not_found
-
-    helper Spree::Api::ApiHelpers
-
-    ssl_allowed
-
-    # Include these because we inherit from ActionController::Metal
-    #   rather than ActionController::Base and these are required for AMS
-    include ActionController::Serialization
-    include ActionController::UrlFor
-    include Rails.application.routes.url_helpers
-
-    use_renderers :json
-    check_authorization
-
-    def respond_with_conflict(json_hash)
-      render json: json_hash, status: :conflict
-    end
-
-    private
-
-    # Use logged in user (spree_current_user) for API authentication (current_api_user)
-    def authenticate_user
-      return if @current_api_user = spree_current_user
-
-      if api_key.blank?
-        # An anonymous user
-        @current_api_user = Spree.user_class.new
-        return
-      end
-
-      return if @current_api_user = Spree.user_class.find_by(spree_api_key: api_key.to_s)
-
-      invalid_api_key
-    end
-
-    def set_content_type
-      headers["Content-Type"] = "application/json"
-    end
-
-    def error_during_processing(exception)
-      Bugsnag.notify(exception)
-
-      render(json: { exception: exception.message },
-             status: :unprocessable_entity) && return
-    end
-
-    def current_ability
-      Spree::Ability.new(current_api_user)
-    end
-
-    def api_key
-      request.headers["X-Spree-Token"] || params[:token]
-    end
-    helper_method :api_key
-
-    def invalid_resource!(resource)
-      @resource = resource
-      render(json: { error: I18n.t(:invalid_resource, scope: "spree.api"),
-                     errors: @resource.errors },
-             status: :unprocessable_entity)
-    end
-
-    def invalid_api_key
-      render(json: { error: I18n.t(:invalid_api_key, key: api_key, scope: "spree.api") },
-             status: :unauthorized) && return
-    end
-
-    def unauthorized
-      render(json: { error: I18n.t(:unauthorized, scope: "spree.api") },
-             status: :unauthorized) && return
-    end
-
-    def not_found
-      render(json: { error: I18n.t(:resource_not_found, scope: "spree.api") },
-             status: :not_found) && return
-    end
-  end
-end