Merge pull request #9623 from mkllnk/fix-storybook

Load storybook only in development
Load storybook after view_component has been loaded automatically
2026-01-12 18:36:49 +00:00 · 2022-09-02 16:32:19 +10:00 · 2022-09-02 16:10:19 +10:00 · 2022-09-02 16:08:09 +10:00 · 2022-09-02 16:07:25 +10:00 · 2022-09-02 13:34:11 +10:00
688 changed files with 38489 additions and 14099 deletions
--- a/.env
+++ b/.env
@@ -61,10 +61,3 @@ SMTP_PASSWORD="f00d"
 # STRIPE_INSTANCE_PUBLISHABLE_KEY="pk_test_xxxx" # This can be a test key or a live key
 # STRIPE_CLIENT_ID="ca_xxxx" # This can be a development ID or a production ID
 # STRIPE_ENDPOINT_SECRET="whsec_xxxx"
-
-# Feature toggles
-#
-# Adding user emails separated by commas will enable them the use of certain features. See
-# config/initializers/feature_toggles.rb for details.
-#
-# BETA_TESTERS="ofn@example.com,superadmin@example.com"
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1,13 @@
+# These are supported funding model platforms
+
+github: openfoodfoundation
+patreon: # Replace with a single Patreon username
+open_collective: #
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
--- a/.github/ISSUE_TEMPLATE/release.md
+++ b/.github/ISSUE_TEMPLATE/release.md
@@ -10,7 +10,6 @@ assignees: ''
 ## Preparation on Thursday

 - [ ] Merge pull requests in the [Ready To Go] column
- [ ] Merge [Transifex pull request]
 - [ ] Include translations: `tx pull --force`
 - [ ] [Draft new release]. Look at previous [releases] for inspiration.
 - [ ] Notify [#instance-managers] of user-facing changes.
@@ -18,24 +17,12 @@ assignees: ''
 ## Testing

 - [ ] [Find build] of the release commit and copy it below.
- [ ] Move this issue to Test Ready and notify testers.
- [ ] Test: :warning: link to the build of the release commit https://semaphoreci.com/openfoodfoundation/openfoodnetwork-2/branches/master
+- [ ] Move this issue to Test Ready.
+- [ ] Notify testers.
+- [ ] Test build: <!-- paste build link here, e.g. https://semaphore...builds/1234 -->

 ## Finish on Tuesday

- [ ] Update translations unless content has been removed from config/locales/en.yml between this release draft and current master.
-  <details><summary>Command line instructions</summary>
-  <pre>
-  git checkout master # same version as the release draft
-  git fetch upstream
-  git diff upstream/master -- config/locales/en.yml
-  tx pull --force # if no changes or only additions in the locale
-  git checkout --detach # if we need to commit new translations
-  git commit -a -m "Update translations"
-  git tag vx.y.z # put the release number in here
-  git push upstream vx.y.z
-  </pre>
-  </details>
 - [ ] Publish and notify [#global-community]:
  > The next release is ready: https://github.com/openfoodfoundation/openfoodnetwork/releases/latest
 - [ ] Deploy the new release to all managed instances.
--- a/.github/workflows/brakeman-analysis.yml
+++ b/.github/workflows/brakeman-analysis.yml
@@ -10,8 +10,14 @@ on:
  pull_request:
    branches: [ "master" ]

+permissions:
+  contents: read
+
 jobs:
  brakeman-scan:
+    permissions:
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/upload-sarif to upload SARIF results
    name: Brakeman Scan
    runs-on: ubuntu-latest
    steps:
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -12,6 +12,9 @@ env:
  RSPEC_RETRY_RETRY_COUNT: 3
  RAILS_ENV: test

+permissions:
+  contents: read
+
 jobs:
  rspec:
    runs-on: ubuntu-18.04
@@ -33,7 +36,6 @@ jobs:
        specs:
          - "spec/controllers"
          - "spec/models"
-          - "spec/features/admin/[a-o0-9]*_spec.rb"
          - "spec/lib"
          - "spec/migrations"
          - "spec/serializers"
--- a/.github/workflows/linters.yml
+++ b/.github/workflows/linters.yml
@@ -16,3 +16,16 @@ jobs:
          reporter: github-pr-check
          level: error
          fail_on_error: true
+  prettier:
+    name: runner / prettier
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v2
+      - name: prettier
+        uses: EPMatt/reviewdog-action-prettier@v1
+        with:
+          github_token: ${{ secrets.github_token }}
+          reporter: github-pr-check
+          level: error
+          fail_on_error: true
--- a/.github/workflows/mapi.yml
+++ b/.github/workflows/mapi.yml
@@ -0,0 +1,46 @@
+name: 'Mayhem for API'
+on: workflow_dispatch
+jobs:
+  test:
+    if: ${{ github.repository_owner == 'openfoodfoundation' }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+    steps:
+    - uses: actions/checkout@v2
+    - run: docker/build
+    - run: docker-compose up --detach
+    - run: until curl -f -s http://localhost:3000; do echo "waiting for api server"; sleep 1; done
+    - run: docker-compose exec -T db psql postgresql://ofn:f00d@localhost:5432/open_food_network_dev --command="update spree_users set spree_api_key='testing' where login='ofn@example.com'"
+    # equivalent to Flipper.enable(:api_v1)
+    - run: docker-compose exec -T db psql postgresql://ofn:f00d@localhost:5432/open_food_network_dev --command="insert into flipper_features (key, created_at, updated_at) values ('api_v1', localtimestamp, localtimestamp)"
+    - run: docker-compose exec -T db psql postgresql://ofn:f00d@localhost:5432/open_food_network_dev --command="insert into flipper_gates (feature_key, key, value, created_at, updated_at) values ('api_v1', 'boolean', 'true', localtimestamp, localtimestamp)"
+
+    # Run Mayhem for API
+    - name: Run Mayhem for API
+      uses: ForAllSecure/mapi-action@v1
+      continue-on-error: true
+      with:
+        mapi-token: ${{ secrets.MAPI_TOKEN }}
+        api-url: http://localhost:3000
+        api-spec: swagger/v1/swagger.yaml
+        target: openfoodfoundation/openfoodnetwork
+        duration: 1min
+        sarif-report: mapi.sarif
+        html-report: mapi.html
+        run-args: |
+          --header-auth
+          X-Api-Token: testing
+
+    # Archive HTML report
+    - name: Archive Mayhem for API report
+      uses: actions/upload-artifact@v2
+      with:
+        name: mapi-report
+        path: mapi.html
+
+    # Upload SARIF file (only available on public repos or github enterprise)
+    - name: Upload SARIF file
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: mapi.sarif
--- a/.gitignore
+++ b/.gitignore
@@ -15,6 +15,7 @@ db/*.csv
 log/*.log
 log/*.log.lck
 log/*.log.*
+/storage
 tmp/
 .idea/*
 \#*
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
@@ -0,0 +1,4 @@
+#!/usr/bin/env sh
+. "$(dirname -- "$0")/_/husky.sh"
+
+ yarn pretty-quick --check --staged
--- a/.prettierignore
+++ b/.prettierignore
@@ -0,0 +1,21 @@
+# Basically, ignore everythings expect app/webpacker/controllers/*.js and app/webpacker/packs/*.js
+*.css
+*.scss
+*.md
+*.yml
+*.yaml
+*.json
+*.html
+
+babel.config.js
+postcss.config.js
+
+.storybook/
+/app/assets/
+/config/
+/coverage/
+/engines/
+/public/
+/spec/
+/tmp/
+/vendor/
--- a/.prettierrc.json
+++ b/.prettierrc.json
@@ -0,0 +1 @@
+{}
--- a/.rubocop_styleguide.yml
+++ b/.rubocop_styleguide.yml
@@ -23,7 +23,7 @@ Metrics:
  Enabled: true

 Metrics/BlockLength:
-  IgnoredMethods: [
+  AllowedMethods: [
    "class_eval",
    "collection",
    "context",
@@ -41,6 +41,7 @@ Metrics/BlockLength:
    "resources",
    "scenario",
    "shared_examples",
+    "xdescribe",
  ]

 Rails/SkipsModelValidations:
@@ -105,6 +106,10 @@ Lint/UselessAssignment:
  Exclude:
  - spec/**/*

+Lint/MissingSuper:
+  Exclude:
+    - 'app/components/**/*'
+
 Metrics/AbcSize:
  Max: 30 # default 17

--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@@ -1,13 +1,13 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --auto-gen-only-exclude --exclude-limit 1400`
-# on 2022-02-25 01:04:47 UTC using RuboCop version 1.22.2.
+# on 2022-08-29 05:26:26 UTC using RuboCop version 1.35.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.

-# Offense count: 1
-# Cop supports --auto-correct.
+# Offense count: 2
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: TreatCommentsAsGroupSeparators, ConsiderPunctuation, Include.
 # Include: **/*.gemfile, **/Gemfile, **/gems.rb
 Bundler/OrderedGems:
@@ -25,20 +25,13 @@ Gemspec/RequiredRubyVersion:
    - 'engines/web/web.gemspec'

 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports safe autocorrection (--autocorrect).
 Layout/ClosingParenthesisIndentation:
  Exclude:
    - 'lib/reporting/queries/joins.rb'

 # Offense count: 2
-# Cop supports --auto-correct.
-# Configuration parameters: EmptyLineBetweenMethodDefs, EmptyLineBetweenClassDefs, EmptyLineBetweenModuleDefs, AllowAdjacentOneLineDefs, NumberOfEmptyLines.
-Layout/EmptyLineBetweenDefs:
-  Exclude:
-    - 'spec/lib/reports/report_loader_spec.rb'
-
-# Offense count: 2
-# Cop supports --auto-correct.
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: empty_lines, no_empty_lines
 Layout/EmptyLinesAroundBlockBody:
@@ -47,15 +40,15 @@ Layout/EmptyLinesAroundBlockBody:
    - 'spec/system/admin/order_cycles/list_spec.rb'

 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowDoxygenCommentStyle, AllowGemfileRubyComment.
 Layout/LeadingCommentSpace:
  Exclude:
    - 'spec/system/admin/enterprises_spec.rb'

-# Offense count: 828
-# Cop supports --auto-correct.
-# Configuration parameters: Max, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
+# Offense count: 862
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: Max, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns, IgnoredPatterns.
 # URISchemes: http, https
 Layout/LineLength:
  Exclude:
@@ -68,7 +61,6 @@ Layout/LineLength:
    - 'app/controllers/admin/subscriptions_controller.rb'
    - 'app/controllers/api/v0/order_cycles_controller.rb'
    - 'app/controllers/payment_gateways/paypal_controller.rb'
-    - 'app/controllers/spree/admin/reports_controller.rb'
    - 'app/controllers/spree/users_controller.rb'
    - 'app/controllers/user_confirmations_controller.rb'
    - 'app/helpers/angular_form_builder.rb'
@@ -85,7 +77,6 @@ Layout/LineLength:
    - 'app/models/concerns/variant_stock.rb'
    - 'app/models/customer.rb'
    - 'app/models/enterprise.rb'
-    - 'app/models/enterprise_group.rb'
    - 'app/models/product_import/entry_processor.rb'
    - 'app/models/product_import/spreadsheet_entry.rb'
    - 'app/models/product_import/unit_converter.rb'
@@ -108,24 +99,19 @@ Layout/LineLength:
    - 'app/services/order_syncer.rb'
    - 'app/services/products_renderer.rb'
    - 'app/services/variant_units/variant_and_line_item_naming.rb'
-    - 'engines/order_management/app/services/order_management/reports/bulk_coop/bulk_coop_report.rb'
    - 'engines/order_management/app/services/order_management/subscriptions/validator.rb'
    - 'engines/order_management/spec/services/order_management/order/updater_spec.rb'
    - 'engines/web/app/helpers/web/cookies_policy_helper.rb'
-    - 'engines/web/spec/features/consumer/cookies_spec.rb'
    - 'lib/discourse/single_sign_on.rb'
    - 'lib/open_food_network/enterprise_fee_applicator.rb'
    - 'lib/open_food_network/enterprise_fee_calculator.rb'
    - 'lib/open_food_network/enterprise_issue_validator.rb'
-    - 'lib/open_food_network/lettuce_share_report.rb'
    - 'lib/open_food_network/order_cycle_form_applicator.rb'
-    - 'lib/open_food_network/order_cycle_management_report.rb'
    - 'lib/open_food_network/order_cycle_permissions.rb'
-    - 'lib/open_food_network/payments_report.rb'
-    - 'lib/open_food_network/reports/line_items.rb'
-    - 'lib/open_food_network/sales_tax_report.rb'
    - 'lib/open_food_network/scope_variants_for_search.rb'
-    - 'lib/open_food_network/xero_invoices_report.rb'
+    - 'lib/reporting/line_items.rb'
+    - 'lib/reporting/reports/enterprise_fee_summary/report_data/enterprise_fee_type_total.rb'
+    - 'lib/reporting/reports/xero_invoices/base.rb'
    - 'lib/spree/localized_number.rb'
    - 'lib/tasks/data.rake'
    - 'lib/tasks/enterprises.rake'
@@ -142,12 +128,10 @@ Layout/LineLength:
    - 'spec/controllers/admin/subscriptions_controller_spec.rb'
    - 'spec/controllers/admin/variant_overrides_controller_spec.rb'
    - 'spec/controllers/api/v0/base_controller_spec.rb'
-    - 'spec/controllers/api/v0/enterprises_controller_spec.rb'
    - 'spec/controllers/api/v0/exchange_products_controller_spec.rb'
    - 'spec/controllers/api/v0/logos_controller_spec.rb'
    - 'spec/controllers/api/v0/order_cycles_controller_spec.rb'
    - 'spec/controllers/api/v0/orders_controller_spec.rb'
-    - 'spec/controllers/api/v0/product_images_controller_spec.rb'
    - 'spec/controllers/api/v0/products_controller_spec.rb'
    - 'spec/controllers/api/v0/promo_images_controller_spec.rb'
    - 'spec/controllers/api/v0/terms_and_conditions_controller_spec.rb'
@@ -161,7 +145,6 @@ Layout/LineLength:
    - 'spec/controllers/spree/admin/orders/invoices_spec.rb'
    - 'spec/controllers/spree/admin/orders_controller_spec.rb'
    - 'spec/controllers/spree/admin/payment_methods_controller_spec.rb'
-    - 'spec/controllers/spree/admin/reports_controller_spec.rb'
    - 'spec/controllers/spree/admin/variants_controller_spec.rb'
    - 'spec/controllers/spree/credit_cards_controller_spec.rb'
    - 'spec/controllers/spree/orders_controller_spec.rb'
@@ -176,20 +159,17 @@ Layout/LineLength:
    - 'spec/helpers/spree/admin/base_helper_spec.rb'
    - 'spec/jobs/subscription_confirm_job_spec.rb'
    - 'spec/jobs/subscription_placement_job_spec.rb'
-    - 'spec/lib/open_food_network/customers_report_spec.rb'
    - 'spec/lib/open_food_network/enterprise_fee_calculator_spec.rb'
-    - 'spec/lib/open_food_network/group_buy_report_spec.rb'
    - 'spec/lib/open_food_network/order_cycle_form_applicator_spec.rb'
-    - 'spec/lib/open_food_network/order_cycle_management_report_spec.rb'
    - 'spec/lib/open_food_network/order_cycle_permissions_spec.rb'
-    - 'spec/lib/open_food_network/order_grouper_spec.rb'
    - 'spec/lib/open_food_network/permissions_spec.rb'
-    - 'spec/lib/open_food_network/products_and_inventory_report_spec.rb'
    - 'spec/lib/open_food_network/scope_variant_to_hub_spec.rb'
    - 'spec/lib/open_food_network/tag_rule_applicator_spec.rb'
-    - 'spec/lib/open_food_network/users_and_enterprises_report_spec.rb'
+    - 'spec/lib/reports/customers_report_spec.rb'
+    - 'spec/lib/reports/order_cycle_management_report_spec.rb'
    - 'spec/lib/reports/packing/packing_report_spec.rb'
-    - 'spec/lib/stripe/authorize_response_patcher_spec.rb'
+    - 'spec/lib/reports/products_and_inventory_report_spec.rb'
+    - 'spec/lib/reports/users_and_enterprises_report_spec.rb'
    - 'spec/mailers/order_mailer_spec.rb'
    - 'spec/mailers/producer_mailer_spec.rb'
    - 'spec/mailers/subscription_mailer_spec.rb'
@@ -197,7 +177,6 @@ Layout/LineLength:
    - 'spec/models/concerns/calculated_adjustments_spec.rb'
    - 'spec/models/concerns/order_shipment_spec.rb'
    - 'spec/models/concerns/product_stock_spec.rb'
-    - 'spec/models/enterprise_group_spec.rb'
    - 'spec/models/enterprise_relationship_spec.rb'
    - 'spec/models/enterprise_spec.rb'
    - 'spec/models/exchange_spec.rb'
@@ -223,7 +202,6 @@ Layout/LineLength:
    - 'spec/models/tag_rule/filter_payment_methods_spec.rb'
    - 'spec/models/tag_rule/filter_products_spec.rb'
    - 'spec/models/tag_rule/filter_shipping_methods_spec.rb'
-    - 'spec/models/terms_of_service_file_spec.rb'
    - 'spec/models/variant_override_spec.rb'
    - 'spec/requests/api/orders_spec.rb'
    - 'spec/requests/checkout/failed_checkout_spec.rb'
@@ -283,6 +261,7 @@ Layout/LineLength:
    - 'spec/system/admin/variant_overrides_spec.rb'
    - 'spec/system/consumer/authentication_spec.rb'
    - 'spec/system/consumer/caching/shops_caching_spec.rb'
+    - 'spec/system/consumer/cookies_spec.rb'
    - 'spec/system/consumer/shopping/cart_spec.rb'
    - 'spec/system/consumer/shopping/checkout_auth_spec.rb'
    - 'spec/system/consumer/shopping/checkout_spec.rb'
@@ -296,27 +275,20 @@ Layout/LineLength:
    - 'spec/views/spree/admin/payment_methods/index.html.haml_spec.rb'

 # Offense count: 1
-# Cop supports --auto-correct.
-Layout/MultilineBlockLayout:
-  Exclude:
-    - 'spec/lib/reports/report_renderer_spec.rb'
-
-# Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: symmetrical, new_line, same_line
 Layout/MultilineMethodCallBraceLayout:
  Exclude:
    - 'lib/reporting/queries/joins.rb'

-# Offense count: 17
-# Cop supports --auto-correct.
+# Offense count: 22
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowInHeredoc.
 Layout/TrailingWhitespace:
  Exclude:
    - 'app/controllers/spree/admin/shipping_methods_controller.rb'
    - 'spec/controllers/spree/admin/shipping_methods_controller_spec.rb'
-    - 'spec/system/admin/enterprises_spec.rb'
    - 'spec/system/admin/order_spec.rb'
    - 'spec/system/admin/shipping_methods_spec.rb'
    - 'spec/system/flatpickr_spec.rb'
@@ -331,7 +303,7 @@ Lint/ConstantDefinitionInBlock:
    - 'lib/tasks/users.rake'
    - 'spec/controllers/spree/admin/base_controller_spec.rb'
    - 'spec/helpers/serializer_helper_spec.rb'
-    - 'spec/lib/open_food_network/reports/line_items_spec.rb'
+    - 'spec/lib/reports/line_items_spec.rb'
    - 'spec/models/spree/ability_spec.rb'
    - 'spec/models/spree/gateway_spec.rb'
    - 'spec/models/spree/preferences/configuration_spec.rb'
@@ -345,6 +317,7 @@ Lint/DuplicateMethods:
    - 'lib/discourse/single_sign_on.rb'

 # Offense count: 1
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Lint/DuplicateRequire:
  Exclude:
    - 'spec/lib/open_food_network/scope_variants_to_search_spec.rb'
@@ -366,14 +339,8 @@ Lint/IneffectiveAccessModifier:
  Exclude:
    - 'app/models/spree/user.rb'

-# Offense count: 2
-Lint/MissingSuper:
-  Exclude:
-    - 'app/components/distributor_title_component.rb'
-    - 'app/components/example_component.rb'
-
 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: AllowedMethods.
 # AllowedMethods: instance_of?, kind_of?, is_a?, eql?, respond_to?, equal?
 Lint/RedundantSafeNavigation:
@@ -381,6 +348,7 @@ Lint/RedundantSafeNavigation:
    - 'app/models/spree/payment.rb'

 # Offense count: 2
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowedMethods.
 # AllowedMethods: present?, blank?, presence, try, try!, in?
 Lint/SafeNavigationChain:
@@ -389,22 +357,21 @@ Lint/SafeNavigationChain:
    - 'app/models/spree/stock/availability_validator.rb'

 # Offense count: 2
-# Cop supports --auto-correct.
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowUnusedKeywordArguments, IgnoreEmptyMethods, IgnoreNotImplementedMethods.
 Lint/UnusedMethodArgument:
  Exclude:
    - 'lib/reporting/queries/query_interface.rb'

 # Offense count: 5
-# Cop supports --auto-correct.
-# Configuration parameters: AllowComments.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Lint/UselessMethodDefinition:
  Exclude:
    - 'app/controllers/spree/user_registrations_controller.rb'
    - 'app/models/spree/gateway.rb'

-# Offense count: 39
-# Configuration parameters: IgnoredMethods, CountRepeatedAttributes, Max.
+# Offense count: 28
+# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods, CountRepeatedAttributes, Max.
 Metrics/AbcSize:
  Exclude:
    - 'app/controllers/admin/enterprises_controller.rb'
@@ -424,24 +391,16 @@ Metrics/AbcSize:
    - 'app/models/spree/order/checkout.rb'
    - 'app/models/spree/preferences/preferable_class_methods.rb'
    - 'app/models/spree/return_authorization.rb'
-    - 'engines/order_management/app/services/order_management/reports/bulk_coop/bulk_coop_report.rb'
    - 'lib/discourse/single_sign_on.rb'
-    - 'lib/open_food_network/customers_report.rb'
-    - 'lib/open_food_network/group_buy_report.rb'
-    - 'lib/open_food_network/order_and_distributor_report.rb'
    - 'lib/open_food_network/order_cycle_form_applicator.rb'
    - 'lib/open_food_network/order_cycle_permissions.rb'
-    - 'lib/open_food_network/payments_report.rb'
-    - 'lib/open_food_network/sales_tax_report.rb'
-    - 'lib/reporting/reports/packing/customer.rb'
    - 'lib/spree/core/controller_helpers/order.rb'
-    - 'lib/spree/core/s3_support.rb'
    - 'lib/tasks/enterprises.rake'
    - 'spec/services/order_checkout_restart_spec.rb'

-# Offense count: 45
-# Configuration parameters: CountComments, Max, CountAsOne, ExcludedMethods, IgnoredMethods.
-# IgnoredMethods: refine
+# Offense count: 42
+# Configuration parameters: CountComments, Max, CountAsOne, ExcludedMethods, AllowedMethods, AllowedPatterns, IgnoredMethods.
+# AllowedMethods: refine
 Metrics/BlockLength:
  Exclude:
    - 'app/models/spree/order/checkout.rb'
@@ -463,14 +422,12 @@ Metrics/BlockLength:
    - 'spec/factories/subscription_factory.rb'
    - 'spec/factories/user_factory.rb'
    - 'spec/factories/variant_factory.rb'
-    - 'spec/lib/open_food_network/group_buy_report_spec.rb'
    - 'spec/requests/api/orders_spec.rb'
    - 'spec/spec_helper.rb'
-    - 'spec/swagger_helper.rb'
    - 'spec/support/cancan_helper.rb'
    - 'spec/support/matchers/select2_matchers.rb'
    - 'spec/support/matchers/table_matchers.rb'
-    - 'spec/system/admin/order_cycles/complex_updating_specific_time_spec.rb'
+    - 'spec/swagger_helper.rb'
    - 'spec/system/consumer/shopping/checkout_spec.rb'

 # Offense count: 1
@@ -479,7 +436,7 @@ Metrics/BlockNesting:
  Exclude:
    - 'app/models/spree/payment/processing.rb'

-# Offense count: 49
+# Offense count: 45
 # Configuration parameters: CountComments, Max, CountAsOne.
 Metrics/ClassLength:
  Exclude:
@@ -498,7 +455,6 @@ Metrics/ClassLength:
    - 'app/controllers/spree/admin/payment_methods_controller.rb'
    - 'app/controllers/spree/admin/payments_controller.rb'
    - 'app/controllers/spree/admin/products_controller.rb'
-    - 'app/controllers/spree/admin/reports_controller.rb'
    - 'app/controllers/spree/admin/users_controller.rb'
    - 'app/controllers/spree/orders_controller.rb'
    - 'app/models/enterprise.rb'
@@ -523,19 +479,15 @@ Metrics/ClassLength:
    - 'app/services/cart_service.rb'
    - 'app/services/order_syncer.rb'
    - 'engines/order_management/app/services/order_management/order/updater.rb'
-    - 'engines/order_management/app/services/order_management/reports/bulk_coop/bulk_coop_report.rb'
-    - 'engines/order_management/app/services/order_management/reports/enterprise_fee_summary/scope.rb'
    - 'lib/open_food_network/enterprise_fee_calculator.rb'
    - 'lib/open_food_network/order_cycle_form_applicator.rb'
-    - 'lib/open_food_network/order_cycle_management_report.rb'
    - 'lib/open_food_network/order_cycle_permissions.rb'
-    - 'lib/open_food_network/payments_report.rb'
    - 'lib/open_food_network/permissions.rb'
-    - 'lib/open_food_network/users_and_enterprises_report.rb'
-    - 'lib/open_food_network/xero_invoices_report.rb'
+    - 'lib/reporting/reports/enterprise_fee_summary/scope.rb'
+    - 'lib/reporting/reports/xero_invoices/base.rb'

-# Offense count: 40
-# Configuration parameters: IgnoredMethods, Max.
+# Offense count: 35
+# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods, Max.
 Metrics/CyclomaticComplexity:
  Exclude:
    - 'app/controllers/admin/enterprises_controller.rb'
@@ -560,21 +512,16 @@ Metrics/CyclomaticComplexity:
    - 'app/models/spree/tax_rate.rb'
    - 'app/models/spree/variant.rb'
    - 'app/models/spree/zone.rb'
-    - 'engines/order_management/app/services/order_management/reports/bulk_coop/bulk_coop_report.rb'
    - 'lib/discourse/single_sign_on.rb'
-    - 'lib/open_food_network/customers_report.rb'
    - 'lib/open_food_network/enterprise_issue_validator.rb'
-    - 'lib/open_food_network/group_buy_report.rb'
-    - 'lib/open_food_network/orders_and_fulfillments_report/customer_totals_report.rb'
-    - 'lib/open_food_network/payments_report.rb'
-    - 'lib/open_food_network/xero_invoices_report.rb'
+    - 'lib/reporting/reports/xero_invoices/base.rb'
    - 'lib/spree/core/controller_helpers/order.rb'
    - 'lib/spree/core/controller_helpers/respond_with.rb'
    - 'lib/spree/localized_number.rb'
    - 'spec/models/product_importer_spec.rb'

-# Offense count: 31
-# Configuration parameters: CountComments, Max, CountAsOne, ExcludedMethods, IgnoredMethods.
+# Offense count: 26
+# Configuration parameters: CountComments, Max, CountAsOne, ExcludedMethods, AllowedMethods, AllowedPatterns, IgnoredMethods.
 Metrics/MethodLength:
  Exclude:
    - 'app/controllers/admin/enterprises_controller.rb'
@@ -583,20 +530,17 @@ Metrics/MethodLength:
    - 'app/controllers/spree/orders_controller.rb'
    - 'app/helpers/checkout_helper.rb'
    - 'app/helpers/spree/admin/navigation_helper.rb'
-    - "app/json_schemas/json_api_schema.rb"
+    - 'app/json_schemas/json_api_schema.rb'
    - 'app/models/spree/ability.rb'
    - 'app/models/spree/gateway/pay_pal_express.rb'
    - 'app/models/spree/order/checkout.rb'
    - 'app/models/spree/payment/processing.rb'
    - 'app/models/spree/preferences/preferable_class_methods.rb'
-    - 'engines/order_management/app/services/order_management/reports/bulk_coop/bulk_coop_report.rb'
-    - 'engines/order_management/app/services/order_management/reports/enterprise_fee_summary/scope.rb'
    - 'lib/discourse/single_sign_on.rb'
    - 'lib/open_food_network/order_cycle_form_applicator.rb'
-    - 'lib/open_food_network/order_cycle_management_report.rb'
    - 'lib/open_food_network/order_cycle_permissions.rb'
-    - 'lib/open_food_network/payments_report.rb'
-    - 'lib/open_food_network/xero_invoices_report.rb'
+    - 'lib/reporting/reports/enterprise_fee_summary/scope.rb'
+    - 'lib/reporting/reports/xero_invoices/base.rb'
    - 'lib/tasks/sample_data/product_factory.rb'

 # Offense count: 51
@@ -630,17 +574,17 @@ Metrics/ModuleLength:
    - 'spec/controllers/spree/admin/adjustments_controller_spec.rb'
    - 'spec/controllers/spree/admin/payment_methods_controller_spec.rb'
    - 'spec/lib/open_food_network/address_finder_spec.rb'
-    - 'spec/lib/open_food_network/customers_report_spec.rb'
    - 'spec/lib/open_food_network/enterprise_fee_calculator_spec.rb'
    - 'spec/lib/open_food_network/order_cycle_form_applicator_spec.rb'
-    - 'spec/lib/open_food_network/order_cycle_management_report_spec.rb'
    - 'spec/lib/open_food_network/order_cycle_permissions_spec.rb'
-    - 'spec/lib/open_food_network/order_grouper_spec.rb'
    - 'spec/lib/open_food_network/permissions_spec.rb'
-    - 'spec/lib/open_food_network/products_and_inventory_report_spec.rb'
    - 'spec/lib/open_food_network/scope_variant_to_hub_spec.rb'
    - 'spec/lib/open_food_network/tag_rule_applicator_spec.rb'
-    - 'spec/lib/open_food_network/users_and_enterprises_report_spec.rb'
+    - 'spec/lib/reports/customers_report_spec.rb'
+    - 'spec/lib/reports/enterprise_fee_summary/authorizer_spec.rb'
+    - 'spec/lib/reports/order_cycle_management_report_spec.rb'
+    - 'spec/lib/reports/products_and_inventory_report_spec.rb'
+    - 'spec/lib/reports/users_and_enterprises_report_spec.rb'
    - 'spec/models/spree/adjustment_spec.rb'
    - 'spec/models/spree/credit_card_spec.rb'
    - 'spec/models/spree/line_item_spec.rb'
@@ -661,12 +605,12 @@ Metrics/ParameterLists:
  Exclude:
    - 'app/helpers/angular_form_builder.rb'
    - 'app/models/product_import/entry_processor.rb'
-    - 'lib/open_food_network/xero_invoices_report.rb'
+    - 'lib/reporting/reports/xero_invoices/base.rb'
    - 'spec/support/controller_requests_helper.rb'
    - 'spec/system/admin/reports_spec.rb'

-# Offense count: 8
-# Configuration parameters: IgnoredMethods, Max.
+# Offense count: 5
+# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods, Max.
 Metrics/PerceivedComplexity:
  Exclude:
    - 'app/controllers/spree/admin/taxons_controller.rb'
@@ -674,11 +618,8 @@ Metrics/PerceivedComplexity:
    - 'app/models/enterprise_relationship.rb'
    - 'app/models/spree/ability.rb'
    - 'app/models/spree/order/checkout.rb'
-    - 'engines/order_management/app/services/order_management/reports/bulk_coop/bulk_coop_report.rb'
-    - 'lib/open_food_network/group_buy_report.rb'
-    - 'lib/open_food_network/payments_report.rb'

-# Offense count: 9
+# Offense count: 8
 Naming/AccessorMethodName:
  Exclude:
    - 'app/controllers/spree/admin/taxonomies_controller.rb'
@@ -712,8 +653,8 @@ Naming/MethodParameterName:
  Exclude:
    - 'app/services/process_payment_intent.rb'

-# Offense count: 30
-# Configuration parameters: EnforcedStyle, CheckMethodNames, CheckSymbols, AllowedIdentifiers.
+# Offense count: 28
+# Configuration parameters: EnforcedStyle, CheckMethodNames, CheckSymbols, AllowedIdentifiers, AllowedPatterns.
 # SupportedStyles: snake_case, normalcase, non_integer
 # AllowedIdentifiers: capture3, iso8601, rfc1123_date, rfc822, rfc2822, rfc3339
 Naming/VariableNumber:
@@ -721,7 +662,6 @@ Naming/VariableNumber:
    - 'app/controllers/spree/orders_controller.rb'
    - 'app/models/content_configuration.rb'
    - 'app/models/preference_sections/main_links_section.rb'
-    - 'lib/open_food_network/orders_and_fulfillments_report/customer_totals_report.rb'
    - 'lib/spree/core/controller_helpers/common.rb'
    - 'spec/controllers/spree/admin/search_controller_spec.rb'
    - 'spec/factories/stock_location_factory.rb'
@@ -737,13 +677,13 @@ Rails/ActiveRecordOverride:
    - 'app/models/spree/product.rb'

 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/ApplicationController:
  Exclude:
    - 'engines/dfc_provider/app/controllers/dfc_provider/api/base_controller.rb'

 # Offense count: 6
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/ApplicationJob:
  Exclude:
    - 'app/jobs/bulk_invoice_job.rb'
@@ -754,19 +694,19 @@ Rails/ApplicationJob:
    - 'app/jobs/subscription_placement_job.rb'

 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/ApplicationMailer:
  Exclude:
    - 'app/mailers/spree/base_mailer.rb'

 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/ApplicationRecord:
  Exclude:
    - 'lib/tasks/data/remove_transient_data.rb'

 # Offense count: 5
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: NilOrEmpty, NotPresent, UnlessPresent.
 Rails/Blank:
  Exclude:
@@ -808,7 +748,7 @@ Rails/HasAndBelongsToMany:
    - 'app/models/spree/variant.rb'
    - 'app/models/spree/zone.rb'

-# Offense count: 47
+# Offense count: 45
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
 Rails/HasManyOrHasOneDependent:
@@ -834,9 +774,8 @@ Rails/HasManyOrHasOneDependent:
    - 'app/models/spree/taxonomy.rb'
    - 'app/models/spree/user.rb'
    - 'app/models/spree/variant.rb'
-    - 'app/models/subscription.rb'

-# Offense count: 59
+# Offense count: 62
 # Configuration parameters: Include.
 # Include: app/helpers/**/*.rb
 Rails/HelperInstanceVariable:
@@ -877,7 +816,7 @@ Rails/InverseOf:

 # Offense count: 38
 # Configuration parameters: Include.
-# Include: app/controllers/**/*.rb
+# Include: app/controllers/**/*.rb, app/mailers/**/*.rb
 Rails/LexicallyScopedActionFilter:
  Exclude:
    - 'app/controllers/admin/enterprise_groups_controller.rb'
@@ -903,7 +842,6 @@ Rails/LexicallyScopedActionFilter:
 # Offense count: 18
 Rails/OutputSafety:
  Exclude:
-    - 'app/controllers/spree/admin/reports_controller.rb'
    - 'app/helpers/angular_form_helper.rb'
    - 'app/helpers/application_helper.rb'
    - 'app/helpers/reports_helper.rb'
@@ -918,7 +856,7 @@ Rails/OutputSafety:
    - 'spec/system/admin/order_print_ticket_spec.rb'

 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/RelativeDateConstant:
  Exclude:
    - 'lib/tasks/data/remove_transient_data.rb'
@@ -932,7 +870,7 @@ Rails/SkipsModelValidations:
    - 'spec/models/spree/line_item_spec.rb'

 # Offense count: 5
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: strict, flexible
 Rails/TimeZone:
@@ -967,20 +905,20 @@ Security/Open:
    - 'app/services/image_importer.rb'

 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports safe autocorrection (--autocorrect).
 Style/BlockComments:
  Exclude:
    - 'spec/system/admin/tag_rules_spec.rb'

 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowOnConstant.
 Style/CaseEquality:
  Exclude:
    - 'spec/models/spree/payment_spec.rb'

 # Offense count: 3
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Style/CaseLikeIf:
  Exclude:
    - 'app/controllers/admin/order_cycles_controller.rb'
@@ -988,7 +926,7 @@ Style/CaseLikeIf:
    - 'app/models/spree/payment/processing.rb'

 # Offense count: 25
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: nested, compact
 Style/ClassAndModuleChildren:
@@ -1023,13 +961,14 @@ Style/ClassVars:
    - 'lib/spree/core/delegate_belongs_to.rb'

 # Offense count: 2
-# Configuration parameters: MaxUnannotatedPlaceholdersAllowed, IgnoredMethods.
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: MaxUnannotatedPlaceholdersAllowed, AllowedMethods, AllowedPatterns, IgnoredMethods.
 # SupportedStyles: annotated, template, unannotated
 Style/FormatStringToken:
  EnforcedStyle: unannotated

 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: always, always_true, never
 Style/FrozenStringLiteralComment:
@@ -1037,7 +976,7 @@ Style/FrozenStringLiteralComment:
    - '.simplecov'

 # Offense count: 6
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Style/GlobalStdStream:
  Exclude:
    - 'lib/tasks/data.rake'
@@ -1046,8 +985,8 @@ Style/GlobalStdStream:
    - 'lib/tasks/subscriptions/debug.rake'
    - 'lib/tasks/subscriptions/test.rake'

-# Offense count: 39
-# Configuration parameters: MinBodyLength.
+# Offense count: 40
+# Configuration parameters: MinBodyLength, AllowConsecutiveConditionals.
 Style/GuardClause:
  Exclude:
    - 'app/controllers/admin/enterprises_controller.rb'
@@ -1081,8 +1020,8 @@ Style/HashLikeCase:
    - 'app/models/enterprise.rb'

 # Offense count: 1
-# Cop supports --auto-correct.
-# Configuration parameters: IgnoredMethods.
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods.
 Style/MethodCallWithoutArgsParentheses:
  Exclude:
    - 'spec/system/flatpickr_spec.rb'
@@ -1094,22 +1033,8 @@ Style/MissingRespondToMissing:
    - 'app/models/spree/gateway.rb'
    - 'app/models/spree/preferences/configuration.rb'

-# Offense count: 1
-Style/MixinUsage:
-  Exclude:
-    - 'lib/open_food_network/orders_and_fulfillments_report.rb'
-
-# Offense count: 2
-# Cop supports --auto-correct.
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: literals, strict
-Style/MutableConstant:
-  Exclude:
-    - 'lib/reporting/report_template.rb'
-    - 'lib/reporting/reports/packing/base.rb'
-
 # Offense count: 22
-# Cop supports --auto-correct.
+# This cop supports safe autocorrection (--autocorrect).
 Style/NestedModifier:
  Exclude:
    - 'spec/controllers/admin/subscriptions_controller_spec.rb'
@@ -1123,7 +1048,7 @@ Style/NestedModifier:
    - 'spec/system/admin/payments_stripe_spec.rb'
    - 'spec/system/admin/reports_spec.rb'

-# Offense count: 25
+# Offense count: 17
 # Configuration parameters: AllowedMethods.
 # AllowedMethods: respond_to_missing?
 Style/OptionalBooleanParameter:
@@ -1135,24 +1060,14 @@ Style/OptionalBooleanParameter:
    - 'app/models/enterprise_relationship.rb'
    - 'app/models/product_import/entry_processor.rb'
    - 'app/models/spree/order_contents.rb'
-    - 'app/models/spree/preferences/file_configuration.rb'
    - 'app/models/spree/shipment.rb'
-    - 'engines/order_management/app/services/order_management/reports/bulk_coop/bulk_coop_report.rb'
    - 'engines/order_management/app/services/order_management/stock/estimator.rb'
-    - 'lib/open_food_network/customers_report.rb'
-    - 'lib/open_food_network/order_and_distributor_report.rb'
-    - 'lib/open_food_network/order_cycle_management_report.rb'
-    - 'lib/open_food_network/orders_and_fulfillments_report.rb'
-    - 'lib/open_food_network/payments_report.rb'
-    - 'lib/open_food_network/products_and_inventory_report_base.rb'
-    - 'lib/open_food_network/users_and_enterprises_report.rb'
-    - 'lib/open_food_network/xero_invoices_report.rb'
    - 'lib/spree/core/controller_helpers/order.rb'
    - 'lib/spree/core/delegate_belongs_to.rb'
    - 'spec/support/request/web_helper.rb'

 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: short, verbose
 Style/PreferredHashMethods:
@@ -1160,17 +1075,16 @@ Style/PreferredHashMethods:
    - 'app/controllers/api/v0/shipments_controller.rb'

 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowMultipleReturnValues.
 Style/RedundantReturn:
  Exclude:
    - 'app/controllers/spree/admin/shipping_methods_controller.rb'

-# Offense count: 213
+# Offense count: 209
 Style/Send:
  Exclude:
    - 'app/controllers/split_checkout_controller.rb'
-    - 'engines/order_management/spec/services/order_management/reports/bulk_coop/bulk_coop_report_spec.rb'
    - 'spec/controllers/admin/subscriptions_controller_spec.rb'
    - 'spec/controllers/checkout_controller_spec.rb'
    - 'spec/controllers/payment_gateways/paypal_controller_spec.rb'
@@ -1182,13 +1096,10 @@ Style/Send:
    - 'spec/lib/open_food_network/address_finder_spec.rb'
    - 'spec/lib/open_food_network/enterprise_fee_applicator_spec.rb'
    - 'spec/lib/open_food_network/enterprise_fee_calculator_spec.rb'
-    - 'spec/lib/open_food_network/lettuce_share_report_spec.rb'
    - 'spec/lib/open_food_network/order_cycle_form_applicator_spec.rb'
    - 'spec/lib/open_food_network/permissions_spec.rb'
-    - 'spec/lib/open_food_network/products_and_inventory_report_spec.rb'
-    - 'spec/lib/open_food_network/sales_tax_report_spec.rb'
    - 'spec/lib/open_food_network/tag_rule_applicator_spec.rb'
-    - 'spec/lib/open_food_network/xero_invoices_report_spec.rb'
+    - 'spec/lib/reports/xero_invoices_report_spec.rb'
    - 'spec/lib/stripe/webhook_handler_spec.rb'
    - 'spec/models/calculator/weight_spec.rb'
    - 'spec/models/enterprise_spec.rb'
@@ -1204,27 +1115,25 @@ Style/Send:
    - 'spec/services/cart_service_spec.rb'
    - 'spec/services/products_renderer_spec.rb'
    - 'spec/services/variant_units/option_value_namer_spec.rb'
-    - 'spec/spec_helper.rb'
    - 'spec/support/localized_number_helper.rb'

 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Style/SingleArgumentDig:
  Exclude:
    - 'app/services/checkout/form_data_adapter.rb'

-# Offense count: 5
-# Cop supports --auto-correct.
+# Offense count: 4
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Style/SlicingWithRange:
  Exclude:
    - 'app/helpers/spree/admin/navigation_helper.rb'
    - 'app/services/embedded_page_service.rb'
    - 'engines/order_management/app/services/order_management/subscriptions/validator.rb'
    - 'lib/discourse/single_sign_on.rb'
-    - 'spec/lib/open_food_network/order_grouper_spec.rb'

-# Offense count: 31
-# Cop supports --auto-correct.
+# Offense count: 29
+# This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: Mode.
 Style/StringConcatenation:
  Exclude:
@@ -1240,11 +1149,8 @@ Style/StringConcatenation:
    - 'app/serializers/api/enterprise_shopfront_list_serializer.rb'
    - 'app/services/embedded_page_service.rb'
    - 'app/services/products_renderer.rb'
-    - 'engines/order_management/app/services/order_management/reports/bulk_coop/bulk_coop_report.rb'
-    - 'lib/open_food_network/orders_and_fulfillments_report/customer_totals_report.rb'
    - 'lib/spree/api/controller_setup.rb'
    - 'lib/spree/core/environment_extension.rb'
-    - 'spec/lib/open_food_network/order_grouper_spec.rb'
    - 'spec/models/spree/line_item_spec.rb'
    - 'spec/models/spree/product_spec.rb'
    - 'spec/models/spree/variant_spec.rb'
--- a/16
+++ b/16
@@ -23,7 +23,9 @@ RUN apt-get update && apt-get install -y \
  imagemagick \
  unzip \
  libjemalloc-dev \
-  libssl-dev
+  libssl-dev \
+  ca-certificates \
+  gnupg

 # Setup ENV variables
 ENV PATH /usr/local/src/rbenv/shims:/usr/local/src/rbenv/bin:$PATH
@@ -40,14 +42,13 @@ RUN git clone --depth 1 https://github.com/rbenv/rbenv.git ${RBENV_ROOT} && \
    git clone --depth 1 https://github.com/rbenv/ruby-build.git ${RBENV_ROOT}/plugins/ruby-build && \
    echo 'eval "$(rbenv init -)"' >> /etc/profile.d/rbenv.sh && \
    RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install $(cat .ruby-version) && \
-    rbenv global $(cat .ruby-version) && \
-    gem install bundler --version=1.17.3
+    rbenv global $(cat .ruby-version)

 # Install Postgres
-RUN sh -c "echo 'deb https://apt.postgresql.org/pub/repos/apt/ bionic-pgdg main' > /etc/apt/sources.list.d/pgdg.list" && \
-    wget --quiet -O - https://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | apt-key add - && \
+RUN sh -c "echo 'deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-pgdg main' >> /etc/apt/sources.list.d/pgdg.list" && \
+    curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor | tee /etc/apt/trusted.gpg.d/apt.postgresql.org.gpg >/dev/null && \
    apt-get update && \
-    apt-get install -yqq --no-install-recommends postgresql-client-9.5 libpq-dev
+    apt-get install -yqq --no-install-recommends postgresql-client-10 libpq-dev

 # Install NodeJs and yarn
 RUN curl -sL https://deb.nodesource.com/setup_14.x | bash - \
@@ -68,6 +69,9 @@ RUN wget https://chromedriver.storage.googleapis.com/2.41/chromedriver_linux64.z
 # Copy code and install app dependencies
 COPY . /usr/src/app/

+# Install Bundler
+RUN ./script/install-bundler
+
 # Install front-end dependencies
 RUN yarn install

--- a/21
+++ b/21
@@ -8,6 +8,11 @@ gem 'dotenv-rails', require: 'dotenv/rails-now' # Load ENV vars before other gem

 gem 'rails', '>= 6.1.4'

+# Active Storage
+gem "active_storage_validations"
+gem "aws-sdk-s3", require: false
+gem "image_processing"
+
 gem 'activemerchant', '>= 1.78.0'
 gem 'rexml'
 gem 'angular-rails-templates', '>= 0.3.0'
@@ -24,6 +29,7 @@ gem 'rails_safe_tasks', '~> 1.0'
 gem "activerecord-import"
 gem "db2fog", github: "openfoodfoundation/db2fog", branch: "rails-6"
 gem "fog-aws", "~> 2.0" # db2fog does not support v3
+gem "mime-types" # required by fog

 gem "valid_email2"

@@ -64,7 +70,6 @@ gem 'rswag-api'
 gem 'rswag-ui'

 gem 'angularjs-rails', '1.8.0'
-gem 'aws-sdk', '1.67.0'
 gem 'bugsnag'
 gem 'haml'
 gem 'redcarpet'
@@ -81,7 +86,6 @@ gem 'bootsnap', require: false
 gem 'geocoder'
 gem 'gmaps4rails'
 gem 'mimemagic', '> 0.3.5'
-gem 'paperclip', '~> 3.4.1'
 gem 'paper_trail', '~> 12.1.0'
 gem 'rack-rewrite'
 gem 'rack-ssl', require: 'rack/ssl'
@@ -100,7 +104,7 @@ gem 'wicked_pdf'
 gem 'wkhtmltopdf-binary'

 gem 'immigrant'
-gem 'roo', github: "roo-rb/roo" # master is currently needed for Ruby 3.x (awaiting new release)
+gem 'roo'
 gem 'spreadsheet_architect'

 gem 'whenever', require: false
@@ -127,7 +131,7 @@ gem 'flipper'
 gem 'flipper-active_record'
 gem 'flipper-ui'

-gem "view_component", require: "view_component/engine"
+gem "view_component"

 group :production, :staging do
  gem 'ddtrace'
@@ -136,8 +140,6 @@ group :production, :staging do
 end

 group :test, :development do
-  # Pretty printed test output
-  gem 'awesome_print'
  gem 'bullet'
  gem 'capybara'
  gem 'cuprite'
@@ -150,14 +152,12 @@ group :test, :development do
  gem 'rspec-rails', ">= 3.5.2"
  gem 'rspec-retry'
  gem 'rswag-specs'
-  gem 'selenium-webdriver'
  gem 'shoulda-matchers'
  gem 'timecop'
-  gem 'webdrivers'
+  gem 'debug', '>= 1.0.0'
 end

 group :test do
-  gem 'byebug'
  gem 'pdf-reader'
  gem 'rails-controller-testing'
  gem 'simplecov', require: false
@@ -172,14 +172,13 @@ group :development do
  gem 'foreman'
  gem 'listen'
  gem 'pry', '~> 0.13.0'
-  gem 'pry-byebug', '~> 3.9.0'
  gem 'rubocop'
  gem 'rubocop-rails'
  gem 'spring'
  gem 'spring-commands-rspec'
  gem 'web-console'

-  gem "view_component_storybook", require: "view_component/storybook/engine"
+  gem "view_component_storybook"

  gem 'rack-mini-profiler', '< 3.0.0'
 end
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -24,14 +24,6 @@ GIT
      sass-rails
      thor (>= 0.14)

-GIT
-  remote: https://github.com/roo-rb/roo.git
-  revision: 709464c77623be2bc09b2103405d90ded7604a75
-  specs:
-    roo (2.8.3)
-      nokogiri (~> 1)
-      rubyzip (>= 1.3.0, < 3.0.0)
-
 PATH
  remote: engines/catalog
  specs:
@@ -59,62 +51,67 @@ GEM
  remote: https://rubygems.org/
  specs:
    Ascii85 (1.1.0)
-    actioncable (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actioncable (6.1.6.1)
+      actionpack (= 6.1.6.1)
+      activesupport (= 6.1.6.1)
      nio4r (~> 2.0)
      websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      activejob (= 6.1.4.4)
-      activerecord (= 6.1.4.4)
-      activestorage (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actionmailbox (6.1.6.1)
+      actionpack (= 6.1.6.1)
+      activejob (= 6.1.6.1)
+      activerecord (= 6.1.6.1)
+      activestorage (= 6.1.6.1)
+      activesupport (= 6.1.6.1)
      mail (>= 2.7.1)
-    actionmailer (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      actionview (= 6.1.4.4)
-      activejob (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actionmailer (6.1.6.1)
+      actionpack (= 6.1.6.1)
+      actionview (= 6.1.6.1)
+      activejob (= 6.1.6.1)
+      activesupport (= 6.1.6.1)
      mail (~> 2.5, >= 2.5.4)
      rails-dom-testing (~> 2.0)
-    actionpack (6.1.4.4)
-      actionview (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actionpack (6.1.6.1)
+      actionview (= 6.1.6.1)
+      activesupport (= 6.1.6.1)
      rack (~> 2.0, >= 2.0.9)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.2.0)
    actionpack-action_caching (1.2.2)
      actionpack (>= 4.0.0)
-    actiontext (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      activerecord (= 6.1.4.4)
-      activestorage (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actiontext (6.1.6.1)
+      actionpack (= 6.1.6.1)
+      activerecord (= 6.1.6.1)
+      activestorage (= 6.1.6.1)
+      activesupport (= 6.1.6.1)
      nokogiri (>= 1.8.5)
-    actionview (6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actionview (6.1.6.1)
+      activesupport (= 6.1.6.1)
      builder (~> 3.1)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.1, >= 1.2.0)
    active_model_serializers (0.8.4)
      activemodel (>= 3.0)
-    activejob (6.1.4.4)
-      activesupport (= 6.1.4.4)
+    active_storage_validations (0.9.8)
+      activejob (>= 5.2.0)
+      activemodel (>= 5.2.0)
+      activestorage (>= 5.2.0)
+      activesupport (>= 5.2.0)
+    activejob (6.1.6.1)
+      activesupport (= 6.1.6.1)
      globalid (>= 0.3.6)
    activemerchant (1.123.0)
      activesupport (>= 4.2)
      builder (>= 2.1.2, < 4.0.0)
      i18n (>= 0.6.9)
      nokogiri (~> 1.4)
-    activemodel (6.1.4.4)
-      activesupport (= 6.1.4.4)
-    activerecord (6.1.4.4)
-      activemodel (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
-    activerecord-import (1.3.0)
+    activemodel (6.1.6.1)
+      activesupport (= 6.1.6.1)
+    activerecord (6.1.6.1)
+      activemodel (= 6.1.6.1)
+      activesupport (= 6.1.6.1)
+    activerecord-import (1.4.0)
      activerecord (>= 4.2)
    activerecord-postgresql-adapter (0.0.1)
      pg
@@ -124,14 +121,14 @@ GEM
      multi_json (~> 1.11, >= 1.11.2)
      rack (>= 2.0.8, < 3)
      railties (>= 5.2.4.1)
-    activestorage (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      activejob (= 6.1.4.4)
-      activerecord (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
-      marcel (~> 1.0.0)
+    activestorage (6.1.6.1)
+      actionpack (= 6.1.6.1)
+      activejob (= 6.1.6.1)
+      activerecord (= 6.1.6.1)
+      activesupport (= 6.1.6.1)
+      marcel (~> 1.0)
      mini_mime (>= 1.1.0)
-    activesupport (6.1.4.4)
+    activesupport (6.1.6.1)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (>= 1.6, < 2)
      minitest (>= 5.1)
@@ -144,45 +141,55 @@ GEM
    addressable (2.8.0)
      public_suffix (>= 2.0.2, < 5.0)
    afm (0.2.2)
-    angular-rails-templates (1.1.0)
-      railties (>= 4.2, < 7)
+    angular-rails-templates (1.2.0)
+      railties (>= 5.0, < 7.1)
      sprockets (>= 3.0, < 5)
+      sprockets-rails
      tilt
-    angular_rails_csrf (4.5.0)
-      railties (>= 3, < 7)
+    angular_rails_csrf (5.0.0)
+      railties (>= 3, < 8)
    angularjs-file-upload-rails (2.4.1)
    angularjs-rails (1.8.0)
-    arel-helpers (2.12.1)
-      activerecord (>= 3.1.0, < 7)
+    arel-helpers (2.14.0)
+      activerecord (>= 3.1.0, < 8)
    ast (2.4.2)
-    awesome_nested_set (3.4.0)
-      activerecord (>= 4.0.0, < 7.0)
-    awesome_print (1.9.2)
-    aws-sdk (1.67.0)
-      aws-sdk-v1 (= 1.67.0)
-    aws-sdk-v1 (1.67.0)
-      json (~> 1.4)
-      nokogiri (~> 1)
+    awesome_nested_set (3.5.0)
+      activerecord (>= 4.0.0, < 7.1)
+    aws-eventstream (1.2.0)
+    aws-partitions (1.601.0)
+    aws-sdk-core (3.131.2)
+      aws-eventstream (~> 1, >= 1.0.2)
+      aws-partitions (~> 1, >= 1.525.0)
+      aws-sigv4 (~> 1.1)
+      jmespath (~> 1, >= 1.6.1)
+    aws-sdk-kms (1.57.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-s3 (1.114.0)
+      aws-sdk-core (~> 3, >= 3.127.0)
+      aws-sdk-kms (~> 1)
+      aws-sigv4 (~> 1.4)
+    aws-sigv4 (1.5.0)
+      aws-eventstream (~> 1, >= 1.0.2)
    axlsx_styler (1.1.0)
      activesupport (>= 3.1)
      caxlsx (>= 2.0.2)
-    bcrypt (3.1.16)
+    bcrypt (3.1.18)
    bigdecimal (3.0.2)
    bindex (0.8.1)
-    bootsnap (1.10.1)
+    bootsnap (1.13.0)
      msgpack (~> 1.2)
-    bugsnag (6.24.1)
+    bugsnag (6.24.2)
      concurrent-ruby (~> 1.0)
    builder (3.2.4)
-    bullet (6.1.5)
+    bullet (7.0.3)
      activesupport (>= 3.0.0)
      uniform_notifier (~> 1.11)
-    byebug (11.1.3)
    cable_ready (5.0.0.pre3)
      rails (>= 5.2)
      thread-local (>= 1.1.0)
    cancancan (1.15.0)
-    capybara (3.36.0)
+    capybara (3.37.1)
      addressable
      matrix
      mini_mime (>= 0.1.3)
@@ -196,12 +203,8 @@ GEM
      marcel (~> 1.0)
      nokogiri (~> 1.10, >= 1.10.4)
      rubyzip (>= 1.3.0, < 3)
-    childprocess (4.1.0)
    chronic (0.10.2)
-    climate_control (0.2.0)
    cliver (0.3.2)
-    cocaine (0.5.8)
-      climate_control (>= 0.0.3, < 1.0)
    coderay (1.1.3)
    coffee-rails (5.0.0)
      coffee-script (>= 2.2.0)
@@ -210,14 +213,15 @@ GEM
      coffee-script-source
      execjs
    coffee-script-source (1.12.2)
-    combine_pdf (1.0.21)
+    combine_pdf (1.0.22)
+      matrix
      ruby-rc4 (>= 0.1.5)
-    concurrent-ruby (1.1.9)
+    concurrent-ruby (1.1.10)
    connection_pool (2.2.5)
    crack (0.4.5)
      rexml
    crass (1.0.6)
-    css_parser (1.9.0)
+    css_parser (1.11.0)
      addressable
    cuprite (0.13)
      capybara (>= 2.1, < 4)
@@ -232,8 +236,11 @@ GEM
      debase-ruby_core_source (= 0.10.12)
      msgpack
    debase-ruby_core_source (0.10.12)
+    debug (1.6.2)
+      irb (>= 1.3.6)
+      reline (>= 0.3.1)
    debugger-linecache (1.2.0)
-    devise (4.8.0)
+    devise (4.8.1)
      bcrypt (~> 3.0)
      orm_adapter (~> 0.1)
      railties (>= 4.1.0)
@@ -241,21 +248,20 @@ GEM
      warden (~> 1.2.3)
    devise-encryptable (0.2.0)
      devise (>= 2.1.0)
-    devise-i18n (1.10.0)
+    devise-i18n (1.10.2)
      devise (>= 4.8.0)
    devise-token_authenticatable (1.1.0)
      devise (>= 4.0.0, < 5.0.0)
-    diff-lcs (1.4.4)
+    diff-lcs (1.5.0)
    digest (3.1.0)
    docile (1.4.0)
-    dotenv (2.7.6)
-    dotenv-rails (2.7.6)
-      dotenv (= 2.7.6)
+    dotenv (2.8.1)
+    dotenv-rails (2.8.1)
+      dotenv (= 2.8.1)
      railties (>= 3.2)
    dry-inflector (0.2.1)
-    e2mmap (0.1.0)
-    erubi (1.10.0)
-    et-orbi (1.2.4)
+    erubi (1.11.0)
+    et-orbi (1.2.7)
      tzinfo
    excon (0.81.0)
    execjs (2.7.0)
@@ -264,21 +270,16 @@ GEM
    factory_bot_rails (6.2.0)
      factory_bot (~> 6.2.0)
      railties (>= 5.0.0)
-    faraday (1.4.1)
-      faraday-excon (~> 1.1)
-      faraday-net_http (~> 1.0)
-      faraday-net_http_persistent (~> 1.1)
-      multipart-post (>= 1.2, < 3)
+    faraday (2.3.0)
+      faraday-net_http (~> 2.0)
      ruby2_keywords (>= 0.0.4)
-    faraday-excon (1.1.0)
-    faraday-net_http (1.0.1)
-    faraday-net_http_persistent (1.1.0)
+    faraday-net_http (2.0.3)
    ferrum (0.11)
      addressable (~> 2.5)
      cliver (~> 0.3)
      concurrent-ruby (~> 1.1)
      websocket-driver (>= 0.6, < 0.8)
-    ffaker (2.20.0)
+    ffaker (2.21.0)
    ffi (1.15.5)
    flipper (0.20.4)
    flipper-active_record (0.20.4)
@@ -306,17 +307,17 @@ GEM
      nokogiri (>= 1.5.11, < 2.0.0)
    foreman (0.87.2)
    formatador (0.2.5)
-    fugit (1.4.5)
-      et-orbi (~> 1.1, >= 1.1.8)
+    fugit (1.5.3)
+      et-orbi (~> 1, >= 1.2.7)
      raabro (~> 1.4)
    fuubar (2.5.1)
      rspec-core (~> 3.0)
      ruby-progressbar (~> 1.4)
-    geocoder (1.7.0)
+    geocoder (1.8.0)
    globalid (1.0.0)
      activesupport (>= 5.0)
    gmaps4rails (2.1.2)
-    good_migrations (0.1.0)
+    good_migrations (0.2.1)
      activerecord (>= 3.1)
      railties (>= 3.1)
    haml (5.2.2)
@@ -327,20 +328,27 @@ GEM
    highline (2.0.3)
    hiredis (0.6.3)
    htmlentities (4.3.4)
-    i18n (1.8.10)
+    i18n (1.12.0)
      concurrent-ruby (~> 1.0)
-    i18n-js (3.9.0)
+    i18n-js (3.9.2)
      i18n (>= 0.6.6)
+    image_processing (1.12.2)
+      mini_magick (>= 4.9.5, < 5)
+      ruby-vips (>= 2.0.17, < 3)
    immigrant (0.3.6)
      activerecord (>= 3.0)
+    io-console (0.5.11)
    ipaddress (0.8.3)
+    irb (1.4.1)
+      reline (>= 0.3.0)
+    jmespath (1.6.1)
    jquery-rails (4.4.0)
      rails-dom-testing (>= 1, < 3)
      railties (>= 4.2.0)
      thor (>= 0.14, < 2.0)
    jquery-ui-rails (4.2.1)
      railties (>= 3.2.16)
-    json (2.6.1)
+    json (2.6.2)
    json-schema (2.8.1)
      addressable (>= 2.4)
    json_spec (1.1.5)
@@ -348,18 +356,18 @@ GEM
      rspec (>= 2.0, < 4.0)
    jsonapi-serializer (2.2.0)
      activesupport (>= 4.2)
-    jwt (2.3.0)
+    jwt (2.5.0)
    knapsack (4.0.0)
      rake
    launchy (2.5.0)
      addressable (~> 2.7)
-    letter_opener (1.7.0)
-      launchy (~> 2.2)
+    letter_opener (1.8.1)
+      launchy (>= 2.2, < 3)
    libv8-node (15.14.0.1)
    listen (3.7.1)
      rb-fsevent (~> 0.10, >= 0.10.3)
      rb-inotify (~> 0.9, >= 0.9.10)
-    loofah (2.13.0)
+    loofah (2.18.0)
      crass (~> 1.0.2)
      nokogiri (>= 1.5.9)
    mail (2.7.1)
@@ -367,57 +375,52 @@ GEM
    marcel (1.0.2)
    matrix (0.4.2)
    method_source (1.0.0)
-    mime-types (3.3.1)
+    mime-types (3.4.1)
      mime-types-data (~> 3.2015)
    mime-types-data (3.2021.0225)
    mimemagic (0.4.3)
      nokogiri (~> 1)
      rake
+    mini_magick (4.11.0)
    mini_mime (1.1.2)
    mini_portile2 (2.8.0)
    mini_racer (0.4.0)
      libv8-node (~> 15.14.0.0)
-    minitest (5.15.0)
+    minitest (5.16.3)
    monetize (1.12.0)
      money (~> 6.12)
    money (6.16.0)
      i18n (>= 0.6.4, <= 2)
-    msgpack (1.4.2)
+    msgpack (1.5.4)
    multi_json (1.15.0)
    multi_xml (0.6.0)
-    multipart-post (2.1.1)
    nio4r (2.5.8)
-    nokogiri (1.13.3)
+    nokogiri (1.13.8)
      mini_portile2 (~> 2.8.0)
      racc (~> 1.4)
-    oauth2 (1.4.7)
-      faraday (>= 0.8, < 2.0)
+    oauth2 (1.4.10)
+      faraday (>= 0.17.3, < 3.0)
      jwt (>= 1.0, < 3.0)
      multi_json (~> 1.3)
      multi_xml (~> 0.5)
      rack (>= 1.2, < 3)
    orm_adapter (0.5.0)
-    pagy (5.1.2)
+    pagy (5.10.1)
+      activesupport
    paper_trail (12.1.0)
      activerecord (>= 5.2)
      request_store (~> 1.1)
-    paperclip (3.4.2)
-      activemodel (>= 3.0.0)
-      activerecord (>= 3.0.0)
-      activesupport (>= 3.0.0)
-      cocaine (~> 0.5.0)
-      mime-types
-    parallel (1.21.0)
-    paranoia (2.4.3)
-      activerecord (>= 4.0, < 6.2)
-    parser (3.1.0.0)
+    parallel (1.22.1)
+    paranoia (2.6.0)
+      activerecord (>= 5.1, < 7.1)
+    parser (3.1.2.1)
      ast (~> 2.4.1)
    paypal-sdk-core (0.3.4)
      multi_json (~> 1.0)
      xml-simple
    paypal-sdk-merchant (1.117.2)
      paypal-sdk-core (~> 0.3.0)
-    pdf-reader (2.5.0)
+    pdf-reader (2.10.0)
      Ascii85 (~> 1.0)
      afm (~> 0.2.1)
      hashery (~> 2.0)
@@ -428,16 +431,13 @@ GEM
    pry (0.13.1)
      coderay (~> 1.1)
      method_source (~> 1.0)
-    pry-byebug (3.9.0)
-      byebug (~> 11.0)
-      pry (~> 0.13.0)
-    public_suffix (4.0.6)
-    puma (5.6.2)
+    public_suffix (4.0.7)
+    puma (5.6.5)
      nio4r (~> 2.0)
    raabro (1.4.0)
    racc (1.6.0)
-    rack (2.2.3)
-    rack-mini-profiler (2.3.3)
+    rack (2.2.4)
+    rack-mini-profiler (2.3.4)
      rack (>= 1.2.0)
    rack-protection (2.1.0)
      rack
@@ -446,23 +446,23 @@ GEM
    rack-rewrite (1.5.1)
    rack-ssl (1.4.1)
      rack
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
-    rack-timeout (0.6.0)
-    rails (6.1.4.4)
-      actioncable (= 6.1.4.4)
-      actionmailbox (= 6.1.4.4)
-      actionmailer (= 6.1.4.4)
-      actionpack (= 6.1.4.4)
-      actiontext (= 6.1.4.4)
-      actionview (= 6.1.4.4)
-      activejob (= 6.1.4.4)
-      activemodel (= 6.1.4.4)
-      activerecord (= 6.1.4.4)
-      activestorage (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    rack-test (2.0.2)
+      rack (>= 1.3)
+    rack-timeout (0.6.3)
+    rails (6.1.6.1)
+      actioncable (= 6.1.6.1)
+      actionmailbox (= 6.1.6.1)
+      actionmailer (= 6.1.6.1)
+      actionpack (= 6.1.6.1)
+      actiontext (= 6.1.6.1)
+      actionview (= 6.1.6.1)
+      activejob (= 6.1.6.1)
+      activemodel (= 6.1.6.1)
+      activerecord (= 6.1.6.1)
+      activestorage (= 6.1.6.1)
+      activesupport (= 6.1.6.1)
      bundler (>= 1.15.0)
-      railties (= 6.1.4.4)
+      railties (= 6.1.6.1)
      sprockets-rails (>= 2.0.0)
    rails-controller-testing (1.0.5)
      actionpack (>= 5.0.1.rc1)
@@ -471,17 +471,17 @@ GEM
    rails-dom-testing (2.0.3)
      activesupport (>= 4.2.0)
      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.2)
+    rails-html-sanitizer (1.4.3)
      loofah (~> 2.3)
-    rails-i18n (7.0.1)
+    rails-i18n (7.0.5)
      i18n (>= 0.7, < 2)
      railties (>= 6.0.0, < 8)
    rails_safe_tasks (1.0.0)
-    railties (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    railties (6.1.6.1)
+      actionpack (= 6.1.6.1)
+      activesupport (= 6.1.6.1)
      method_source
-      rake (>= 0.13)
+      rake (>= 12.2)
      thor (~> 1.0)
    rainbow (3.1.1)
    rake (13.0.6)
@@ -493,37 +493,42 @@ GEM
    rb-inotify (0.10.1)
      ffi (~> 1.0)
    redcarpet (3.5.1)
-    redis (4.5.1)
-    regexp_parser (2.2.0)
+    redis (4.8.0)
+    regexp_parser (2.5.0)
+    reline (0.3.1)
+      io-console (~> 0.5)
    request_store (1.5.0)
      rack (>= 1.4)
    responders (3.0.1)
      actionpack (>= 5.0)
      railties (>= 5.0)
    rexml (3.2.5)
-    roadie (4.0.0)
+    roadie (5.0.1)
      css_parser (~> 1.4)
      nokogiri (~> 1.8)
-    roadie-rails (2.2.0)
-      railties (>= 5.1, < 6.2)
-      roadie (>= 3.1, < 5.0)
+    roadie-rails (3.0.0)
+      railties (>= 5.1, < 7.1)
+      roadie (~> 5.0)
    rodf (1.1.1)
      builder (>= 3.0)
      dry-inflector (~> 0.1)
      rubyzip (>= 1.0)
+    roo (2.9.0)
+      nokogiri (~> 1)
+      rubyzip (>= 1.3.0, < 3.0.0)
    rspec (3.10.0)
      rspec-core (~> 3.10.0)
      rspec-expectations (~> 3.10.0)
      rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.1)
+    rspec-core (3.10.2)
      rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.1)
+    rspec-expectations (3.10.2)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.10.0)
    rspec-mocks (3.10.2)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.10.0)
-    rspec-rails (5.0.2)
+    rspec-rails (5.1.2)
      actionpack (>= 5.2)
      activesupport (>= 5.2)
      railties (>= 5.2)
@@ -533,36 +538,39 @@ GEM
      rspec-support (~> 3.10)
    rspec-retry (0.6.2)
      rspec-core (> 3.3)
-    rspec-support (3.10.2)
-    rswag-api (2.4.0)
-      railties (>= 3.1, < 7.0)
-    rswag-specs (2.4.0)
-      activesupport (>= 3.1, < 7.0)
+    rspec-support (3.10.3)
+    rswag-api (2.5.1)
+      railties (>= 3.1, < 7.1)
+    rswag-specs (2.5.1)
+      activesupport (>= 3.1, < 7.1)
      json-schema (~> 2.2)
-      railties (>= 3.1, < 7.0)
-    rswag-ui (2.4.0)
-      actionpack (>= 3.1, < 7.0)
-      railties (>= 3.1, < 7.0)
-    rubocop (1.22.2)
+      railties (>= 3.1, < 7.1)
+    rswag-ui (2.5.1)
+      actionpack (>= 3.1, < 7.1)
+      railties (>= 3.1, < 7.1)
+    rubocop (1.35.1)
+      json (~> 2.3)
      parallel (~> 1.10)
-      parser (>= 3.0.0.0)
+      parser (>= 3.1.2.1)
      rainbow (>= 2.2.2, < 4.0)
      regexp_parser (>= 1.8, < 3.0)
-      rexml
-      rubocop-ast (>= 1.12.0, < 2.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.20.1, < 2.0)
      ruby-progressbar (~> 1.7)
      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.15.1)
-      parser (>= 3.0.1.1)
-    rubocop-rails (2.13.2)
+    rubocop-ast (1.21.0)
+      parser (>= 3.1.1.0)
+    rubocop-rails (2.15.2)
      activesupport (>= 4.2.0)
      rack (>= 1.1)
      rubocop (>= 1.7.0, < 2.0)
    ruby-progressbar (1.11.0)
    ruby-rc4 (0.1.5)
-    ruby2_keywords (0.0.4)
+    ruby-vips (2.1.4)
+      ffi (~> 1.12)
+    ruby2_keywords (0.0.5)
    rubyzip (2.3.2)
-    rufus-scheduler (3.7.0)
+    rufus-scheduler (3.8.1)
      fugit (~> 1.1, >= 1.1.6)
    sass (3.4.25)
    sass-rails (5.0.8)
@@ -572,23 +580,17 @@ GEM
      sprockets-rails (>= 2.0, < 4.0)
      tilt (>= 1.1, < 3)
    sd_notify (0.1.1)
-    selenium-webdriver (4.0.3)
-      childprocess (>= 0.5, < 5.0)
-      rexml (~> 3.2, >= 3.2.5)
-      rubyzip (>= 1.2.2)
    semantic_range (3.0.0)
-    shoulda-matchers (5.0.0)
+    shoulda-matchers (5.1.0)
      activesupport (>= 5.2.0)
-    sidekiq (6.3.1)
+    sidekiq (6.5.4)
      connection_pool (>= 2.2.2)
      rack (~> 2.0)
+      redis (>= 4.5.0)
+    sidekiq-scheduler (4.0.2)
      redis (>= 4.2.0)
-    sidekiq-scheduler (3.1.0)
-      e2mmap
-      redis (>= 3, < 5)
      rufus-scheduler (~> 3.2)
-      sidekiq (>= 3)
-      thwait
+      sidekiq (>= 4)
      tilt (>= 1.4.0)
    simplecov (0.21.2)
      docile (~> 1.1)
@@ -600,7 +602,7 @@ GEM
      axlsx_styler (>= 1.0.0, < 2)
      caxlsx (>= 2.0.2, < 4)
      rodf (>= 1.0.0, < 2)
-    spring (3.0.0)
+    spring (4.0.0)
    spring-commands-rspec (1.0.4)
      spring (>= 0.9.1)
    sprockets (3.7.2)
@@ -618,44 +620,39 @@ GEM
      activerecord (>= 5.1)
      state_machines-activemodel (>= 0.8.0)
    stringex (2.8.5)
-    stripe (5.42.0)
+    stripe (7.1.0)
    temple (0.8.2)
-    test-prof (1.0.7)
-    test-unit (3.5.0)
+    test-prof (1.0.10)
+    test-unit (3.5.3)
      power_assert
    thor (1.2.1)
    thread-local (1.1.0)
-    thwait (0.2.0)
-      e2mmap
-    tilt (2.0.10)
-    timecop (0.9.4)
+    tilt (2.0.11)
+    timecop (0.9.5)
    ttfunk (1.7.0)
-    tzinfo (2.0.4)
+    tzinfo (2.0.5)
      concurrent-ruby (~> 1.0)
    uglifier (4.2.0)
      execjs (>= 0.3.0, < 3)
-    unicode-display_width (2.1.0)
-    uniform_notifier (1.14.2)
-    valid_email2 (4.0.0)
+    unicode-display_width (2.2.0)
+    uniform_notifier (1.16.0)
+    valid_email2 (4.0.4)
      activemodel (>= 3.2)
      mail (~> 2.5)
-    view_component (2.41.0)
+    view_component (2.69.0)
      activesupport (>= 5.0.0, < 8.0)
+      concurrent-ruby (~> 1.0)
      method_source (~> 1.0)
-    view_component_storybook (0.10.1)
+    view_component_storybook (0.11.1)
      view_component (>= 2.36)
    warden (1.2.9)
      rack (>= 2.0.9)
-    web-console (4.1.0)
+    web-console (4.2.0)
      actionview (>= 6.0.0)
      activemodel (>= 6.0.0)
      bindex (>= 0.4.0)
      railties (>= 6.0.0)
-    webdrivers (5.0.0)
-      nokogiri (~> 1.6)
-      rubyzip (>= 1.3.0)
-      selenium-webdriver (~> 4.0)
-    webmock (3.14.0)
+    webmock (3.18.1)
      addressable (>= 2.8.0)
      crack (>= 0.3.2)
      hashdiff (>= 0.4.0, < 2.0.0)
@@ -669,13 +666,13 @@ GEM
    websocket-extensions (0.1.5)
    whenever (1.0.0)
      chronic (>= 0.6.3)
-    wicked_pdf (2.1.0)
+    wicked_pdf (2.6.3)
      activesupport
    wkhtmltopdf-binary (0.12.6.5)
    xml-simple (1.1.8)
    xpath (3.2.0)
      nokogiri (~> 1.8)
-    zeitwerk (2.5.3)
+    zeitwerk (2.6.0)

 PLATFORMS
  ruby
@@ -683,6 +680,7 @@ PLATFORMS
 DEPENDENCIES
  actionpack-action_caching
  active_model_serializers (= 0.8.4)
+  active_storage_validations
  activemerchant (>= 1.78.0)
  activerecord-import
  activerecord-postgresql-adapter
@@ -695,13 +693,11 @@ DEPENDENCIES
  angularjs-rails (= 1.8.0)
  arel-helpers (~> 2.12)
  awesome_nested_set
-  awesome_print
-  aws-sdk (= 1.67.0)
+  aws-sdk-s3
  bigdecimal (= 3.0.2)
  bootsnap
  bugsnag
  bullet
-  byebug
  cable_ready (= 5.0.0.pre3)
  cancancan (~> 1.15.0)
  capybara
@@ -712,6 +708,7 @@ DEPENDENCIES
  database_cleaner
  db2fog!
  ddtrace
+  debug (>= 1.0.0)
  debugger-linecache
  devise
  devise-encryptable
@@ -736,6 +733,7 @@ DEPENDENCIES
  hiredis
  i18n
  i18n-js (~> 3.9.0)
+  image_processing
  immigrant
  jquery-rails (= 4.4.0)
  jquery-ui-rails (~> 4.2)
@@ -746,6 +744,7 @@ DEPENDENCIES
  knapsack
  letter_opener (>= 1.4.1)
  listen
+  mime-types
  mimemagic (> 0.3.5)
  mini_racer (= 0.4.0)
  monetize (~> 1.11)
@@ -754,13 +753,11 @@ DEPENDENCIES
  order_management!
  pagy (~> 5.1)
  paper_trail (~> 12.1.0)
-  paperclip (~> 3.4.1)
  paranoia (~> 2.4)
  paypal-sdk-merchant (= 1.117.2)
  pdf-reader
  pg (~> 1.2.3)
  pry (~> 0.13.0)
-  pry-byebug (~> 3.9.0)
  puma
  rack-mini-profiler (< 3.0.0)
  rack-rewrite
@@ -776,7 +773,7 @@ DEPENDENCIES
  responders
  rexml
  roadie-rails
-  roo!
+  roo
  rspec-rails (>= 3.5.2)
  rspec-retry
  rswag-api
@@ -786,7 +783,6 @@ DEPENDENCIES
  rubocop-rails
  sd_notify
  select2-rails!
-  selenium-webdriver
  shoulda-matchers
  sidekiq
  sidekiq-scheduler
@@ -806,7 +802,6 @@ DEPENDENCIES
  view_component_storybook
  web!
  web-console
-  webdrivers
  webmock
  webpacker (~> 5)
  whenever
--- a/README.md
+++ b/README.md
@@ -39,7 +39,7 @@ We use [BrowserStack](https://www.browserstack.com/) as a manual testing tool. B

 ## Licence

-Copyright (c) 2012 - 2021 Open Food Foundation, released under the AGPL licence.
+Copyright (c) 2012 - 2022 Open Food Foundation, released under the AGPL licence.

 [survey]: https://docs.google.com/a/eaterprises.com.au/forms/d/1zxR5vSiU9CigJ9cEaC8-eJLgYid8CR8er7PPH9Mc-30/edit#
 [slack-invite]: https://join.slack.com/t/openfoodnetwork/shared_invite/zt-9sjkjdlu-r02kUMP1zbrTgUhZhYPF~A
--- a/app/assets/javascripts/admin/directives/select2_no_search.js.coffee
+++ b/app/assets/javascripts/admin/directives/select2_no_search.js.coffee
@@ -1,6 +0,0 @@
-angular.module("ofn.admin").directive "select2NoSearch", ($timeout) ->
-  restrict: 'CA'
-  link: (scope, element, attrs) ->
-    $timeout ->
-      element.select2
-        minimumResultsForSearch: Infinity
--- a/app/assets/javascripts/admin/dropdown/directives/dropdown.js.coffee
+++ b/app/assets/javascripts/admin/dropdown/directives/dropdown.js.coffee
@@ -10,6 +10,7 @@
          scope.$emit "offClick"

    element.click (event) ->
+      return if event.target.closest(".ofn-drop-down").classList.contains "disabled" || event.target.classList.contains "disabled" 
      if !scope.expanded
        event.stopPropagation()
        scope.deregistrationCallback = scope.$on "offClick", ->
--- a/app/assets/javascripts/admin/enterprise_fees/directives/ensure_calculator_preferences_match_type.js.coffee
+++ b/app/assets/javascripts/admin/enterprise_fees/directives/ensure_calculator_preferences_match_type.js.coffee
@@ -9,9 +9,9 @@ angular.module("admin.enterpriseFees").directive 'spreeEnsureCalculatorPreferenc
      settings = element.parent().parent().find('div.calculator-settings')
      if value == orig_calculator_type
        settings.show()
-        settings.find('input').prop 'disabled', false
+        settings.find('input, select').prop 'disabled', false
      else
        settings.hide()
-        settings.find('input').prop 'disabled', true
+        settings.find('input, select').prop 'disabled', true
      return
    return
--- a/app/assets/javascripts/admin/enterprise_groups/controllers/side_menu_controller.js.coffee
+++ b/app/assets/javascripts/admin/enterprise_groups/controllers/side_menu_controller.js.coffee
@@ -1,15 +0,0 @@
-angular.module("admin.enterprise_groups")
-  .controller "sideMenuCtrl", ($scope, SideMenu) ->
-    $scope.menu = SideMenu
-    $scope.select = SideMenu.select
-
-    $scope.menu.setItems [
-      { name: 'primary_details', label: t('primary_details'), icon_class: "icon-user" }
-      { name: 'users', label: t('users'), icon_class: "icon-user" }
-      { name: 'about', label: t('about'), icon_class: "icon-pencil" }
-      { name: 'images', label: t('images'), icon_class: "icon-picture" }
-      { name: 'contact', label: t('admin_enterprise_groups_contact'), icon_class: "icon-phone" }
-      { name: 'web', label: t('admin_enterprise_groups_web'), icon_class: "icon-globe" }
-    ]
-
-    $scope.select(0)
--- a/app/assets/javascripts/admin/enterprises/controllers/side_menu_controller.js.coffee
+++ b/app/assets/javascripts/admin/enterprises/controllers/side_menu_controller.js.coffee
@@ -1,46 +0,0 @@
-angular.module("admin.enterprises")
-  .controller "sideMenuCtrl", ($scope, $parse, enterprise, SideMenu, enterprisePermissions) ->
-    $scope.Enterprise = enterprise
-    $scope.menu = SideMenu
-    $scope.select = SideMenu.select
-
-    $scope.menu.setItems [
-      { name: 'primary_details', label: t('primary_details'), icon_class: "icon-home" }
-      { name: 'address', label: t('address'), icon_class: "icon-map-marker" }
-      { name: 'contact', label: t('contact'), icon_class: "icon-phone" }
-      { name: 'social', label: t('social'), icon_class: "icon-twitter" }
-      { name: 'about', label: t('about'), icon_class: "icon-pencil" }
-      { name: 'business_details', label: t('business_details'), icon_class: "icon-briefcase" }
-      { name: 'images', label: t('images'), icon_class: "icon-picture" }
-      { name: 'properties', label: t('properties'), icon_class: "icon-tags", show: "showProperties()" }
-      { name: 'shipping_methods', label: t('shipping_methods'), icon_class: "icon-truck", show: "showShippingMethods()" }
-      { name: 'payment_methods', label: t('payment_methods'), icon_class: "icon-money", show: "showPaymentMethods()" }
-      { name: 'enterprise_fees', label: t('enterprise_fees'), icon_class: "icon-tasks", show: "showEnterpriseFees()" }
-      { name: 'inventory_settings', label: t('inventory_settings'), icon_class: "icon-list-ol", show: "enterpriseIsShop()" }
-      { name: 'tag_rules', label: t('tag_rules'), icon_class: "icon-random", show: "enterpriseIsShop()" }
-      { name: 'shop_preferences', label: t('shop_preferences'), icon_class: "icon-shopping-cart", show: "enterpriseIsShop()" }
-      { name: 'users', label: t('users'), icon_class: "icon-user" }
-    ]
-
-    SideMenu.init()
-
-    $scope.showItem = (item) ->
-      if item.show?
-        $parse(item.show)($scope)
-      else
-        true
-
-    $scope.showProperties = ->
-      !!$scope.Enterprise.is_primary_producer
-
-    $scope.showShippingMethods = ->
-      enterprisePermissions.can_manage_shipping_methods && $scope.Enterprise.sells != "none"
-
-    $scope.showPaymentMethods = ->
-      enterprisePermissions.can_manage_payment_methods && $scope.Enterprise.sells != "none"
-
-    $scope.showEnterpriseFees = ->
-      enterprisePermissions.can_manage_enterprise_fees && ($scope.Enterprise.sells != "none" || $scope.Enterprise.is_primary_producer)
-
-    $scope.enterpriseIsShop = ->
-      $scope.Enterprise.sells != "none"
--- a/app/assets/javascripts/admin/line_items/controllers/line_items_controller.js.coffee
+++ b/app/assets/javascripts/admin/line_items/controllers/line_items_controller.js.coffee
@@ -104,15 +104,21 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
    else
      StatusMessage.display 'failure', t "unsaved_changes_error"

-  $scope.cancelOrder = (order) ->
+  $scope.cancelOrder = (order, sendEmailCancellation) ->
    return $http(
      method: 'GET'
-      url: "/admin/orders/#{order.number}/fire?e=cancel")
+      url: "/admin/orders/#{order.number}/fire?e=cancel&send_cancellation_email=#{sendEmailCancellation}")
  
  $scope.deleteLineItem = (lineItem) ->
    if lineItem.order.item_count == 1
-      if confirm(t('js.admin.deleting_item_will_cancel_order'))
-        $scope.cancelOrder(lineItem.order).then(-> $scope.refreshData())
+      ofnCancelOrderAlert((confirm, sendEmailCancellation) ->
+        if confirm
+          $scope.cancelOrder(lineItem.order, sendEmailCancellation).then(->
+            $scope.refreshData()
+          )
+        else
+          $scope.refreshData()
+      , "js.admin.deleting_item_will_cancel_order")
    else if ($scope.confirmDelete && confirm(t "are_you_sure")) || !$scope.confirmDelete
      LineItems.delete(lineItem, () -> $scope.refreshData())

@@ -129,13 +135,14 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
      willCancelOrders = true if (order.item_count == itemsPerOrder.get(order).length)

    if willCancelOrders
-      return unless confirm(t("js.admin.deleting_item_will_cancel_order"))
-
-    itemsPerOrder.forEach (items, order) =>
-      if order.item_count == items.length
-        $scope.cancelOrder(order).then(-> $scope.refreshData())
-      else
-        Promise.all(LineItems.delete(item) for item in items).then(-> $scope.refreshData())
+      ofnCancelOrderAlert((confirm, sendEmailCancellation) ->
+        if confirm
+          itemsPerOrder.forEach (items, order) =>
+            if order.item_count == items.length
+              $scope.cancelOrder(order, sendEmailCancellation).then(-> $scope.refreshData())
+            else
+              Promise.all(LineItems.delete(item) for item in items).then(-> $scope.refreshData())
+      , "js.admin.deleting_item_will_cancel_order")   

  $scope.allBoxesChecked = ->
    checkedCount = $scope.filteredLineItems.reduce (count,lineItem) ->
@@ -159,12 +166,18 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,

  $scope.sumUnitValues = ->
    sum = $scope.filteredLineItems?.reduce (sum, lineItem) ->
-      sum + $scope.roundToThreeDecimals(lineItem.final_weight_volume / $scope.getLineItemScale(lineItem))
+      if lineItem.units_product.variant_unit == "items"
+        sum + lineItem.quantity
+      else
+        sum + $scope.roundToThreeDecimals(lineItem.final_weight_volume / $scope.getLineItemScale(lineItem))
    , 0

  $scope.sumMaxUnitValues = ->
    sum = $scope.filteredLineItems?.reduce (sum,lineItem) ->
-      sum + lineItem.max_quantity * $scope.roundToThreeDecimals(lineItem.units_variant.unit_value / $scope.getLineItemScale(lineItem))
+      if lineItem.units_product.variant_unit == "items"
+        sum + lineItem.max_quantity
+      else
+        sum + lineItem.max_quantity * $scope.roundToThreeDecimals(lineItem.units_variant.unit_value / $scope.getLineItemScale(lineItem))
    , 0

  $scope.roundToThreeDecimals = (value) ->
@@ -178,6 +191,8 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
  $scope.getScale = (unitsProduct, unitsVariant) ->
    if unitsProduct.hasOwnProperty("variant_unit") && (unitsProduct.variant_unit == "weight" || unitsProduct.variant_unit == "volume")
      unitsProduct.variant_unit_scale
+    else if unitsProduct.hasOwnProperty("variant_unit") && unitsProduct.variant_unit == "items"
+      1
    else
      null

@@ -202,11 +217,11 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,

  $scope.fulfilled = (sumOfUnitValues) ->
    # A Units Variant is an API object which holds unit properies of a variant
-    if $scope.selectedUnitsProduct.hasOwnProperty("group_buy_unit_size") && $scope.selectedUnitsProduct.group_buy_unit_size > 0 &&
-      $scope.selectedUnitsProduct.hasOwnProperty("variant_unit") &&
-      ( $scope.selectedUnitsProduct.variant_unit == "weight" || $scope.selectedUnitsProduct.variant_unit == "volume" )
-        scale = $scope.selectedUnitsProduct.variant_unit_scale
-        sumOfUnitValues = sumOfUnitValues * scale unless scale == 28.35 || scale == 453.6
+    if $scope.selectedUnitsProduct.hasOwnProperty("group_buy_unit_size")&& $scope.selectedUnitsProduct.group_buy_unit_size > 0 &&
+      $scope.selectedUnitsProduct.hasOwnProperty("variant_unit")
+        if $scope.selectedUnitsProduct.variant_unit == "weight" || $scope.selectedUnitsProduct.variant_unit == "volume"
+          scale = $scope.selectedUnitsProduct.variant_unit_scale
+          sumOfUnitValues = sumOfUnitValues * scale unless scale == 28.35 || scale == 453.6
        $scope.roundToThreeDecimals(sumOfUnitValues / $scope.selectedUnitsProduct.group_buy_unit_size)
    else
      ''
--- a/app/assets/javascripts/admin/order_cycles/services/order_cycle.js.coffee
+++ b/app/assets/javascripts/admin/order_cycles/services/order_cycle.js.coffee
@@ -1,4 +1,4 @@
-angular.module('admin.orderCycles').factory 'OrderCycle', ($resource, $window, $timeout, StatusMessage, Panels) ->
+angular.module('admin.orderCycles').factory 'OrderCycle', ($resource, $window, $timeout, StatusMessage, Panels, Enterprise) ->
  OrderCycleResource = $resource '/admin/order_cycles/:action_name/:order_cycle_id.json', {}, {
    'index':  { method: 'GET', isArray: true}
    'new'   : { method: 'GET', params: { action_name: "new" } }
@@ -50,7 +50,14 @@ angular.module('admin.orderCycles').factory 'OrderCycle', ($resource, $window, $
        (callback || angular.noop)()

    addDistributor: (new_distributor_id, callback) ->
-      this.order_cycle.outgoing_exchanges.push({ enterprise_id: new_distributor_id, incoming: false, active: true, variants: {}, enterprise_fees: [] })
+      exchange = { enterprise_id: new_distributor_id, incoming: false, active: true, variants: {}, enterprise_fees: [] }
+      if (Enterprise.hub_enterprises.length == 1)
+        editable = this.order_cycle["editable_variants_for_outgoing_exchanges"][new_distributor_id] || []
+        variants = this.incomingExchangesVariants()
+        for variant in variants when variant in editable
+          exchange.variants[variant] = true
+
+      this.order_cycle.outgoing_exchanges.push(exchange)
      $timeout ->
        (callback || angular.noop)()

--- a/app/assets/javascripts/admin/orders/controllers/order_controller.js.coffee
+++ b/app/assets/javascripts/admin/orders/controllers/order_controller.js.coffee
@@ -20,7 +20,7 @@ angular.module("admin.orders").controller "orderCtrl", ($scope, shops, orderCycl
    $scope.distributor_id && $scope.order_cycle_id

  for oc in $scope.orderCycles
-    oc.name_and_status = "#{oc.name} (#{oc.status})"
+    oc.name_and_status = "#{oc.name} (#{t("admin.order_cycles.status.#{oc.status}")})"

  for shop in $scope.shops
    shop.disabled = !$scope.distributorHasOrderCycles(shop)
--- a/app/assets/javascripts/admin/orders/directives/customer_search_override.js.coffee
+++ b/app/assets/javascripts/admin/orders/directives/customer_search_override.js.coffee
@@ -1,62 +0,0 @@
-angular.module("admin.orders").directive 'customerSearchOverride', ->
-  restrict: 'C'
-  scope:
-    distributorId: '@'
-  link: (scope, element, attr) ->
-    if $('#customer_autocomplete_template').length > 0
-      customerTemplate = Handlebars.compile($('#customer_autocomplete_template').text())
-
-    formatCustomerResult = (customer) ->
-      customerTemplate
-        customer: customer
-        bill_address: customer.bill_address
-        ship_address: customer.ship_address
-
-    element.select2
-      placeholder: Spree.translations.choose_a_customer
-      minimumInputLength: 3
-      ajax:
-        url: '/admin/search/customers.json'
-        datatype: 'json'
-        data: (term, page) ->
-          {
-            q: term
-            distributor_id: scope.distributorId  # modified
-          }
-        results: (data, page) ->
-          { results: data }
-      dropdownCssClass: 'customer_search'
-      formatResult: formatCustomerResult
-      formatSelection: (customer) ->
-        _.each [
-          'bill_address'
-          'ship_address'
-        ], (address) ->
-          data = customer[address]
-          address_parts = [
-            'firstname'
-            'lastname'
-            'company'
-            'address1'
-            'address2'
-            'city'
-            'zipcode'
-            'phone'
-          ]
-          attribute_wrapper = '#order_' + address + '_attributes_'
-          if data  # modified
-            _.each address_parts, (part) ->
-              $(attribute_wrapper + part).val data[part]
-              return
-            $(attribute_wrapper + 'state_id').select2 'val', data['state_id']
-            $(attribute_wrapper + 'country_id').select2 'val', data['country_id']
-          else
-            _.each address_parts, (part) ->
-              $(attribute_wrapper + part).val ''
-              return
-            $(attribute_wrapper + 'state_id').select2 'val', ''
-            $(attribute_wrapper + 'country_id').select2 'val', ''
-          return
-        $('#order_email').val customer.email
-        $('#user_id').val customer.user_id  # modified
-        customer.email
--- a/app/assets/javascripts/admin/products/controllers/units_controller.js.coffee
+++ b/app/assets/javascripts/admin/products/controllers/units_controller.js.coffee
@@ -8,7 +8,7 @@ angular.module("admin.products")
      $scope.processVariantUnitWithScale()
      $scope.processUnitValueWithDescription()
      $scope.processUnitPrice()
-      $scope.placeholder_text = new OptionValueNamer($scope.product.master).name()
+      $scope.placeholder_text = new OptionValueNamer($scope.product.master).name() if $scope.product.variant_unit_scale

    $scope.variant_unit_options = VariantUnitManager.variantUnitOptions()

@@ -21,6 +21,8 @@ angular.module("admin.products")
        else
          $scope.product.variant_unit = $scope.product.variant_unit_with_scale
          $scope.product.variant_unit_scale = null
+      else if $scope.product.variant_unit && $scope.product.variant_unit_scale
+        $scope.product.variant_unit_with_scale = VariantUnitManager.getUnitWithScale($scope.product.variant_unit, parseFloat($scope.product.variant_unit_scale))
      else
        $scope.product.variant_unit = $scope.product.variant_unit_scale = null

@@ -32,6 +34,10 @@ angular.module("admin.products")
          $scope.product.master.unit_value  = null if isNaN($scope.product.master.unit_value)
          $scope.product.master.unit_value *= $scope.product.variant_unit_scale if $scope.product.master.unit_value && $scope.product.variant_unit_scale
          $scope.product.master.unit_description = match[3]
+      else
+        value = $scope.product.master.unit_value
+        value /= $scope.product.variant_unit_scale if $scope.product.master.unit_value && $scope.product.variant_unit_scale
+        $scope.product.master.unit_value_with_description = value + " " + $scope.product.master.unit_description

    $scope.processUnitPrice = ->
      price = $scope.product.price
--- a/app/assets/javascripts/admin/products/services/product_image_service.js.coffee
+++ b/app/assets/javascripts/admin/products/services/product_image_service.js.coffee
@@ -13,3 +13,9 @@ angular.module("ofn.admin").factory "ProductImageService", (FileUploader, SpreeA
      @imageUploader.onSuccessItem = (image, response) =>
        product.thumb_url = response.thumb_url
        product.image_url = response.image_url
+      @imageUploader.onErrorItem = (image, response) =>
+        if Array.isArray(response.errors)
+          message = response.errors.join("\n")
+        else
+          message = response.error.toString()
+        alert(message)
--- a/app/assets/javascripts/admin/products/services/variant_unit_manager.js.coffee
+++ b/app/assets/javascripts/admin/products/services/variant_unit_manager.js.coffee
@@ -27,16 +27,22 @@ angular.module("admin.products").factory "VariantUnitManager", (availableUnits)
        1000.0:
          name: 'kL'
          system: 'metric'
+      'items':
+        1:
+          name: 'items'

    @variantUnitOptions: ->
      available = availableUnits.split(",")
      options = for unit_type, _ of @units
        for scale in @unitScales(unit_type, available)
          name = @getUnitName(scale, unit_type)
-          ["#{I18n.t(unit_type)} (#{name})", "#{unit_type}_#{scale}"]
+          ["#{I18n.t(unit_type)} (#{name})", @getUnitWithScale(unit_type, scale)]
      options.push [[I18n.t('items'), 'items']]
      options = [].concat options...

+    @getUnitWithScale: (unit_type, scale) ->
+      "#{unit_type}_#{scale}"
+
    @getUnitName: (scale, unitType) ->
      if @units[unitType][scale]
        @units[unitType][scale]['name']
--- a/app/assets/javascripts/admin/side_menu/services/side_menu.js.coffee
+++ b/app/assets/javascripts/admin/side_menu/services/side_menu.js.coffee
@@ -30,3 +30,14 @@ angular.module("admin.side_menu")
        for item in @items when item.name is name
          return item
        null
+
+      redirect_function: (elementID , href) =>
+        window.addEventListener 'load', ->
+          element = document.getElementById(elementID)
+          if !element
+            return
+          element.addEventListener 'click', ->
+            window.location.replace(href)
+            return
+          return
+
--- a/app/assets/javascripts/admin/spree/calculator.js
+++ b/app/assets/javascripts/admin/spree/calculator.js
@@ -7,11 +7,11 @@ $(function() {
    if (calculator_select.val() === original_calc_type) {
      $('div.calculator-settings').show();
      $('.calculator-settings-warning').hide();
-      $('.calculator-settings').find('input,textarea').prop("disabled", false);
+      $('.calculator-settings').find('input,textarea,select').prop("disabled", false);
    } else {
      $('div.calculator-settings').hide();
      $('.calculator-settings-warning').show();
-      $('.calculator-settings').find('input,textarea').prop("disabled", true);
+      $('.calculator-settings').find('input,textarea,select').prop("disabled", true);
    }
  });
 })
--- a/app/assets/javascripts/admin/spree/orders/address_states.js
+++ b/app/assets/javascripts/admin/spree/orders/address_states.js
@@ -1,17 +0,0 @@
-var update_state = function(region) {
-  var country        = $('span#' + region + 'country .select2').select2('val');
-  var state_select   = $('span#' + region + 'state select.select2');
-
-  $.get(Spree.routes.states_search + "?country_id=" + country, function(states) {
-    state_select.html('');
-    var states_with_blank = [{name: '', id: ''}].concat(states);
-    $.each(states_with_blank, function(pos,state) {
-      var opt = $(document.createElement('option'))
-                .attr('value', state.id)
-                .html(state.name);
-      state_select.append(opt);
-    });
-    state_select.prop("disabled", false).show();
-    state_select.select2();
-  })
-};
--- a/app/assets/javascripts/admin/spree/orders/shipments.js.erb
+++ b/app/assets/javascripts/admin/spree/orders/shipments.js.erb
@@ -25,13 +25,12 @@ $(document).ready(function() {
    var link = $(this);
    var shipment_number = link.data('shipment-number');
    var selected_shipping_rate_id = link.parents('tbody').find("select#selected_shipping_rate_id[data-shipment-number='" + shipment_number + "']").val();
-    var unlock = link.parents('tbody').find("input[name='open_adjustment'][data-shipment-number='" + shipment_number + "']:checked").val();
    var url = Spree.url( Spree.routes.orders_api + "/" + order_number + "/shipments/" + shipment_number + ".json");

    $.ajax({
      type: "PUT",
      url: url,
-      data: { shipment: { selected_shipping_rate_id: selected_shipping_rate_id, unlock: unlock  } }
+      data: { shipment: { selected_shipping_rate_id: selected_shipping_rate_id  } }
    }).done(function( msg ) {
      window.location.reload();
    }).error(function( msg ) {
@@ -40,25 +39,94 @@ $(document).ready(function() {
  }
  $('[data-hook=admin_order_edit_form] a.save-method').click(handle_shipping_method_save);

-  //handle tracking edit click
+  //handle tracking info edit/delete
+
+  // Show the input field to edit the tracking info
+  // And hide the input field when cancel is clicked
  $('a.edit-tracking').click(toggleTrackingEdit);
  $('a.cancel-tracking').click(toggleTrackingEdit);

-  handle_tracking_save = function(){
-    var link = $(this);
-    var shipment_number = link.data('shipment-number');
-    var tracking = link.parents('tbody').find('input#tracking').val();
-    var url = Spree.url( Spree.routes.orders_api + "/" + order_number + "/shipments/" + shipment_number + ".json");
+  saveTrackingInfo = function(){
+    let shipmentNumber = $(this).data('shipment-number');
+    let tracking = document.getElementById('tracking').value

+    makeApiCall(trackingUrl(shipmentNumber), { shipment: { tracking: tracking } } )
+  }
+
+  deleteTrackingInfo = function(){
+    let shipmentNumber = $(this).data('shipment-number');
+    let tracking = ''
+
+    confirmDelete(trackingUrl(shipmentNumber), { shipment: { tracking: tracking } })
+  }
+
+  trackingUrl = function(shipmentNumber){
+    return Spree.url( Spree.routes.orders_api + "/" + order_number + "/shipments/" + shipmentNumber + ".json");
+  }
+
+  $('[data-hook=admin_order_edit_form] a.save-tracking').click(saveTrackingInfo);
+  $('[data-hook=admin_order_edit_form] a.delete-tracking').click(deleteTrackingInfo);
+
+  // handle note edit/delete
+
+  // Show the input field to edit the note
+  // And hide the input field when cancel is clicked
+  $('a.edit-note.icon-edit').click(toggleNoteEdit);
+  $('a.cancel-note').click(toggleNoteEdit);
+
+  saveNote = function(){
+    let note = document.getElementById('note').value
+    makeApiCall(getNoteUrl(), { note: note })
+  }
+
+  deleteNote = function(){
+    let note = ''
+    confirmDelete(getNoteUrl(), { note: note })
+  }
+
+  getNoteUrl = function(){
+    return Spree.url( Spree.routes.orders_api + "/" + order_number);
+  }
+
+  confirmDelete = function(url, params){
+    displayDeleteAlert(function(confirmation) {
+      if (confirmation) {
+        makeApiCall(url, params)
+      }
+    }); 
+  }
+
+  $('[data-hook=admin_order_edit_form] a.save-note').click(saveNote);
+  $('[data-hook=admin_order_edit_form] a.delete-note').click(deleteNote);
+
+  // Makes API call for notes/tracking info
+  makeApiCall = function(url, params) {
    $.ajax({
      type: "PUT",
      url: url,
-      data: { shipment: { tracking: tracking } }
+      data: params
    }).done(function( msg ) {
      window.location.reload();
    }).error(function( msg ) {
      console.log(msg);
    });
  }
-  $('[data-hook=admin_order_edit_form] a.save-tracking').click(handle_tracking_save);
+
+  displayDeleteAlert = function(callback) {
+    i18nKey = "are_you_sure";
+    $('#custom-confirm .message').html(
+      ` ${t(i18nKey)}
+              <div class="form">
+              </div>`);
+    $('#custom-confirm button.confirm').unbind( "click" ).click(() => {
+      $('#custom-confirm').hide();
+      callback(true);
+    });
+    $('#custom-confirm button.cancel').click(() => {
+      $('#custom-confirm').hide();
+      callback(false)
+    });
+    $('#custom-confirm').show();
+  }
+
 });
--- a/app/assets/javascripts/admin/spree/orders/variant_autocomplete.js.erb
+++ b/app/assets/javascripts/admin/spree/orders/variant_autocomplete.js.erb
@@ -4,6 +4,7 @@ $(document).ready(function() {

  initAlert()
  initConfirm()
+  initCancelOrder()

  if ($('#variant_autocomplete_template').length > 0) {
    window.variantTemplate = Handlebars.compile($('#variant_autocomplete_template').text());
@@ -52,12 +53,12 @@ $(document).ready(function() {
      }
      toggleItemEdit();

-      adjustItems(shipment_number, variant_id, quantity);
+      adjustItems(shipment_number, variant_id, quantity, true);
      return false;
    }
    $('a.save-item').click(handle_save_click);

-    handle_delete_click = function(elementSelector){
+    handle_delete_click = function(elementSelector, restock_item){
      var del = $(elementSelector);
      del.hide()
      var shipment_number = del.data('shipment-number');
@@ -65,26 +66,37 @@ $(document).ready(function() {

      toggleItemEdit();

-      adjustItems(shipment_number, variant_id, 0);
+      adjustItems(shipment_number, variant_id, 0, restock_item);
    }

    $('a.delete-item').click((event) => {
-      ofnConfirm(() => {
-        handle_delete_click('#custom-confirm');
-      });
+     try {
+         var del = $('a.delete-item');
+         var shipment_number = del.data('shipment-number');
+         var variant_id = del.data('variant-id');
+         var shipment = _.findWhere(shipments, {number: shipment_number + ''});
+         var inventory_units = _.where(shipment.inventory_units, {variant_id: variant_id});
+         if (inventory_units.length !== shipment.inventory_units.length) {
+             ofnConfirm((reStockItem) => {
+                 handle_delete_click('#custom-confirm', reStockItem);
+             });
+         } else {
+             adjustItems(shipment_number, variant_id, 0);
+         }
+     } catch (e) {
+     }
    });
-
  }
 });

-adjustItems = function(shipment_number, variant_id, quantity){
+adjustItems = function(shipment_number, variant_id, quantity, restock_item){
  var shipment = _.findWhere(shipments, {number: shipment_number + ''});
  var inventory_units = _.where(shipment.inventory_units, {variant_id: variant_id});

-  if (quantity == 0 && inventory_units.length == shipment.inventory_units.length) {
-    ofnCancelOrderAlert((confirm, sendEmailCancellation) => {
+  if (quantity === 0 && inventory_units.length === shipment.inventory_units.length) {
+    ofnCancelOrderAlert((confirm, sendEmailCancellation, restock_item) => {
      if (confirm) {
-        doAdjustItems(shipment_number, variant_id, quantity, inventory_units, () => {
+        doAdjustItems(shipment_number, variant_id, quantity, inventory_units, restock_item, () => {
          var redirectTo = new URL(Spree.routes.cancel_order.toString());
          redirectTo.searchParams.append("send_cancellation_email", sendEmailCancellation);
          window.location.href = redirectTo.toString();
@@ -93,23 +105,26 @@ adjustItems = function(shipment_number, variant_id, quantity){
    });
    return;
  }
-  doAdjustItems(shipment_number, variant_id, quantity, inventory_units, () => {
+  doAdjustItems(shipment_number, variant_id, quantity, inventory_units, restock_item, () => {
    window.location.reload();
  });
 }

-doAdjustItems = function(shipment_number, variant_id, quantity, inventory_units, callback) {
+doAdjustItems = function(shipment_number, variant_id, quantity, inventory_units, restock_item, callback) {
  var url = Spree.routes.orders_api + "/" + order_number + "/shipments/" + shipment_number;

  var new_quantity = 0;
+  var data = { variant_id: variant_id };
  if (inventory_units.length < quantity) {
    url += "/add";
    new_quantity = (quantity - inventory_units.length);
  } else if (inventory_units.length > quantity) {
    url += "/remove"
    new_quantity = (inventory_units.length - quantity);
+    data.restock_item = restock_item;
  }
  url += '.json';
+  data.quantity = new_quantity;

  if (new_quantity == 0) {
    ofnAlert(t("js.admin.orders.quantity_unchanged"));
@@ -117,7 +132,7 @@ doAdjustItems = function(shipment_number, variant_id, quantity, inventory_units,
    $.ajax({
      type: "PUT",
      url: Spree.url(url),
-      data: { variant_id: variant_id, quantity: new_quantity }
+      data: data
    }).done(function( msg ) {
      callback();
    });
@@ -126,8 +141,26 @@ doAdjustItems = function(shipment_number, variant_id, quantity, inventory_units,

 toggleTrackingEdit = function(){
  var link = $(this);
-  link.parents('tbody').find('tr.edit-tracking').toggle();
-  link.parents('tbody').find('tr.show-tracking').toggle();
+  var parent_node = link.parents('tbody')
+  let input = parent_node.find('#tracking')[0]
+  parent_node.find('tr.edit-tracking').toggle();
+  // Set focus on input and
+  // put cursor at it's end
+  input.focus()
+  input.setSelectionRange(-1, -1)
+  parent_node.find('tr.show-tracking').toggle();
+}
+
+toggleNoteEdit = function(){
+  var link = $(this);
+  var parent_node = link.parents('tbody')
+  let input = parent_node.find('#note')[0]
+  parent_node.find('tr.edit-note').toggle();
+  // Set focus on input and
+  // put cursor at it's end
+  input.focus()
+  input.setSelectionRange(-1, -1)
+  parent_node.find('tr.show-note').toggle();
 }

 toggleMethodEdit = function(){
@@ -171,7 +204,7 @@ addVariantFromStockLocation = function() {
    });
  }else{
    //add to existing shipment
-    adjustItems(shipment.number, variant_id, quantity);
+    adjustItems(shipment.number, variant_id, quantity, true);
  }
  return 1
 }
@@ -194,16 +227,21 @@ ofnAlert = function(message) {
  $('#custom-alert').show();
 }

-ofnCancelOrderAlert = function(callback) {
+ofnCancelOrderAlert = function(callback, i18nKey) {
+  if (i18nKey == undefined) {
+    i18nKey = "js.admin.orders.cancel_the_order_html";
+  }
  $('#custom-confirm .message').html(
-    ` ${t("js.admin.orders.cancel_the_order_html")}
+    ` ${t(i18nKey)}
      <div class="form">
-        <input type="checkbox" name="send_cancellation_email" value="1" id="send_cancellation_email" />
-        <label for="send_cancellation_email">${t("js.admin.orders.cancel_the_order_send_cancelation_email")}</label>
+        <input type="checkbox" name="send_cancellation_email" value="1" id="send_cancellation_email" checked="true" />
+        <label for="send_cancellation_email">${t("js.admin.orders.cancel_the_order_send_cancelation_email")}</label><br />
+        <input type="checkbox" name="restock_items"  id="restock_items" checked="checked"/>
+        <label for="restock_items">${t("js.admin.orders.restock_items")}</label>
      </div>`);
  $('#custom-confirm button.confirm').unbind( "click" ).click(() => {
    $('#custom-confirm').hide();
-    callback(true, $('#send_cancellation_email').is(':checked'));
+    callback(true, $('#send_cancellation_email').is(':checked'), $('#restock_items').is(':checked'));
  });
  $('#custom-confirm button.cancel').click(() => {
    $('#custom-confirm').hide();
@@ -213,7 +251,30 @@ ofnCancelOrderAlert = function(callback) {
 }

 ofnConfirm = function(callback) {
+  $('#custom-confirm .message').html(
+      ` ${t("are_you_sure")}
+    <div class="form">
+      <input type="checkbox" name="restock_items"  id="restock_items" checked="checked"/>
+      <label for="restock_items">${t("js.admin.orders.restock_item")}</label>
+    </div>`);
  $('#custom-confirm').data($(event.target).data());
-  $('#custom-confirm button.confirm').click(callback);
+  $('#custom-confirm button.confirm').click(() => {
+      callback($('#restock_items').is(':checked'));
+  });
  $('#custom-confirm').show();
 }
+
+initCancelOrder = function() {
+    $('#cancel_order_form').submit(function(e){
+        ofnCancelOrderAlert((confirm, sendEmailCancellation, restock_items) => {
+            if (confirm) {
+                var redirectTo = new URL(Spree.routes.cancel_order.toString());
+                redirectTo.searchParams.append("send_cancellation_email", sendEmailCancellation);
+                redirectTo.searchParams.append("restock_items", restock_items);
+                window.location.href = redirectTo.toString();
+            }
+        });
+        e.preventDefault();
+        return false;
+    });
+}
--- a/app/assets/javascripts/admin/spree/taxons/taxonomy.js.coffee
+++ b/app/assets/javascripts/admin/spree/taxons/taxonomy.js.coffee
@@ -8,13 +8,18 @@ handle_move = (e, data) ->
  node = data.rslt.o
  new_parent = data.rslt.np

-  url = Spree.url(base_url).clone()
-  url.pathname = url.pathname + '/' + node.attr("id")
+  url = new URL(base_url)
+  url.pathname = url.pathname + '/' + node.attr("id") 
+  data = {
+    _method: "put",
+    "taxon[position]": position,
+    "taxon[parent_id]": if !isNaN(new_parent.attr("id")) then new_parent.attr("id") else undefined
+  }
  $.ajax
    type: "POST",
    dataType: "json",
    url: url.toString(),
-    data: ({_method: "put", "taxon[parent_id]": new_parent.attr("id"), "taxon[position]": position }),
+    data: data,
    error: handle_ajax_error

  true
@@ -26,11 +31,16 @@ handle_create = (e, data) ->
  position = data.rslt.position
  new_parent = data.rslt.parent

+  data = {
+    "taxon[name]": name,
+    "taxon[position]": position
+    "taxon[parent_id]": if !isNaN(new_parent.attr("id")) then new_parent.attr("id") else undefined
+  }
  $.ajax
    type: "POST",
    dataType: "json",
    url: base_url.toString(),
-    data: ({"taxon[name]": name, "taxon[parent_id]": new_parent.attr("id"), "taxon[position]": position }),
+    data: data,
    error: handle_ajax_error,
    success: (data,result) ->
      node.attr('id', data.id)
@@ -39,8 +49,10 @@ handle_rename = (e, data) ->
  last_rollback = data.rlbk
  node = data.rslt.obj
  name = data.rslt.new_name
+  # change the name inside the main input field as well if taxon is the root one
+  document.getElementById("taxonomy_name").value = name if node.parents("[id]").attr("id") == "taxonomy_tree"

-  url = Spree.url(base_url).clone()
+  url = new URL(base_url)
  url.pathname = url.pathname + '/' + node.attr("id")

  $.ajax
@@ -53,8 +65,8 @@ handle_rename = (e, data) ->
 handle_delete = (e, data) ->
  last_rollback = data.rlbk
  node = data.rslt.obj
-  delete_url = base_url.clone()
-  delete_url.setPath delete_url.path() + '/' + node.attr("id")
+  delete_url = new URL(base_url)
+  delete_url.pathname = delete_url.pathname + '/' + node.attr("id")
  if confirm(Spree.translations.are_you_sure_delete)
    $.ajax
      type: "POST",
--- a/app/assets/javascripts/admin/utils/directives/help-modal.js.coffee
+++ b/app/assets/javascripts/admin/utils/directives/help-modal.js.coffee
@@ -1,20 +0,0 @@
-angular.module("admin.utils").directive 'helpModal', ($rootScope, $compile, $templateCache, $window, DialogDefaults) ->
-  restrict: 'C'
-  scope:
-    template: '@'
-  link: (scope, element, attr) ->
-    # Compile modal template
-    template = $compile($templateCache.get(scope.template))(scope)
-
-    # Load Dialog Options
-    template.dialog(DialogDefaults)
-
-    # Link opening of dialog to click event on element
-    element.bind 'click', (e) ->
-      template.dialog('open')
-      $rootScope.$evalAsync()
-
-    scope.close = ->
-      template.dialog('close')
-      $rootScope.$evalAsync()
-      return
--- a/app/assets/javascripts/admin/utils/directives/tags_with_translation.js.coffee
+++ b/app/assets/javascripts/admin/utils/directives/tags_with_translation.js.coffee
@@ -3,6 +3,7 @@ angular.module("admin.utils").directive "tagsWithTranslation", ($timeout) ->
  templateUrl: "admin/tags_input.html"
  scope:
    object: "="
+    form: "="
    tagsAttr: "@?"
    tagListAttr: "@?"
    findTags: "&"
@@ -18,7 +19,15 @@ angular.module("admin.utils").directive "tagsWithTranslation", ($timeout) ->
      scope.limitReached = scope.object[scope.tagsAttr].length >= scope.max if scope.max != undefined
      scope.object[scope.tagListAttr] = (tag.text for tag in scope.object[scope.tagsAttr]).join(",")

+    scope.$watch "object", (newObject) -> 
+      scope.object = newObject
+      init()
+
    $timeout ->
+      init()
+    
+    init = ->
+      return unless scope.object
      # Initialize properties if necessary
      scope.tagsAttr ||= "tags"
      scope.tagListAttr ||= "tag_list"
--- a/app/assets/javascripts/admin/utils/services/errors_parser.js.coffee
+++ b/app/assets/javascripts/admin/utils/services/errors_parser.js.coffee
@@ -5,15 +5,16 @@ angular.module("admin.utils").factory "ErrorsParser", ->
      return defaultContent unless errors?

      errorsString = ""
-      if errors.length > 0
+      if Array.isArray(errors)
        # it is an array of errors
        errorsString = errors.join("\n") + "\n"
-      else
+      else if typeof errors == "object"
        # it is a hash of errors
        keys = Object.keys(errors)
        for key in keys
          errorsString += errors[key].join("\n") + "\n"
-
+      else # string
+        errorsString = errors
      this.defaultIfEmpty(errorsString, defaultContent)

    defaultIfEmpty: (content, defaultContent) =>
--- a/app/assets/javascripts/darkswarm/controllers/credit_cards_controller.js.coffee
+++ b/app/assets/javascripts/darkswarm/controllers/credit_cards_controller.js.coffee
@@ -20,3 +20,6 @@ angular.module('Darkswarm').controller "CreditCardsCtrl", ($scope, $http, Credit
    ).finally ->
      window.location.reload()

+
+  $scope.hasOneDefaultSavedCards = () ->
+    $scope.savedCreditCards.some((card) -> card.is_default)
--- a/app/assets/javascripts/darkswarm/controllers/shop_variant_controller.js.coffee
+++ b/app/assets/javascripts/darkswarm/controllers/shop_variant_controller.js.coffee
@@ -1,4 +1,4 @@
-angular.module('Darkswarm').controller "ShopVariantCtrl", ($scope, $modal, Cart) ->
+angular.module('Darkswarm').controller "ShopVariantCtrl", ($scope, $modal, Cart, Shopfront) ->
  $scope.updateCart = (line_item) ->
    Cart.adjust($scope.variant.line_item)

@@ -69,3 +69,6 @@ angular.module('Darkswarm').controller "ShopVariantCtrl", ($scope, $modal, Cart)
  $scope.addBulk = (quantity) ->
    $scope.add(quantity)
    $modal.open(templateUrl: "bulk_buy_modal.html", scope: $scope, windowClass: "product-bulk-modal")
+
+  $scope.displayRemainingInStock = ->
+    Shopfront.shopfront.preferred_product_low_stock_display && $scope.available() <= 3 && !$scope.variant.line_item.quantity
--- a/app/assets/javascripts/darkswarm/directives/help_modal.js.coffee
+++ b/app/assets/javascripts/darkswarm/directives/help_modal.js.coffee
@@ -1,13 +0,0 @@
-angular.module('Darkswarm').directive "helpModal", ($modal, $compile, $templateCache)->
-  restrict: 'A'
-  scope:
-    helpText: "@helpModal"
-
-  link: (scope, elem, attrs, ctrl)->
-    compiled = $compile($templateCache.get('help-modal.html'))(scope)
-
-    elem.on "click", =>
-      $modal.open(controller: ctrl, template: compiled, scope: scope, windowClass: 'help-modal small')
-
-    scope.$on "$destroy", ->
-      elem.off("click")
--- a/app/assets/javascripts/darkswarm/directives/map_search.js.coffee
+++ b/app/assets/javascripts/darkswarm/directives/map_search.js.coffee
@@ -3,7 +3,7 @@ angular.module('Darkswarm').directive 'mapSearch', ($timeout, Search) ->
  restrict: 'E'
  require: ['^uiGmapGoogleMap', 'ngModel']
  replace: true
-  template: '<input id="pac-input" ng-model="query" placeholder="' + t('location_placeholder') + '"></input>'
+  template: '<input id="pac-input" ng-model="query" placeholder="' + t('location_placeholder') + '" onfocus="this.select()"></input>'
  scope: {}

  controller: ($scope) ->
--- a/app/assets/javascripts/darkswarm/directives/off_canvas_wrap.js.coffee
+++ b/app/assets/javascripts/darkswarm/directives/off_canvas_wrap.js.coffee
@@ -26,4 +26,8 @@ angular.module('mm.foundation.offcanvas').directive 'offCanvasWrap', ($window) -
      # Bind hiding of the off-canvas that only happens when screen width is over 1024px.
      win.bind 'resize.body', ->
        isolatedScope.hide() if $(window).width() > 1024
+
+      win.bind 'click.body', (e) ->
+        if e.target.closest(".left-off-canvas-menu") == null && e.target.closest(".left-off-canvas-toggle") == null
+          isolatedScope.hide()
  }
--- a/app/assets/javascripts/templates/admin/modals/business_address_info.html.haml
+++ b/app/assets/javascripts/templates/admin/modals/business_address_info.html.haml
@@ -1,7 +0,0 @@
-%div
-  .margin-bottom-30
-    %p
-      {{ 'js.admin.modals.business_address_info.message' | t }}
-
-  .text-center
-    %input.button.red.icon-plus{ type: 'button', value: '{{ "js.admin.modals.got_it" | t }}', ng: { click: 'close()' } }
--- a/app/assets/javascripts/templates/admin/modals/invite_manager.html.haml
+++ b/app/assets/javascripts/templates/admin/modals/invite_manager.html.haml
@@ -1,19 +0,0 @@
-#invite-manager-modal{ng: {app: 'admin.enterprises', controller: 'enterpriseCtrl'}}
-
-  .margin-bottom-30.text-center
-    .text-big
-      = t('js.admin.modals.invite_title')
-
-  %p.alert-box.ok{ng: {show: 'invite_success'}}
-    {{invite_success}}
-
-  %p.alert-box.error{ng: {show: 'invite_errors'}}
-    {{invite_errors}}
-
-  %input#invite_email.fullwidth.margin-bottom-20{ng: {model: 'newUser'}}
-
-  .margin-bottom-20.text-center
-    %button.text-center.margin-top-10{ng: {show: '!invite_success', click: 'inviteManager()'}}
-      = t('js.admin.modals.invite')
-    %button.text-center.margin-top-10{ng: {show: 'invite_success', click: 'resetModal(); close()'}}
-      = t('js.admin.modals.close')
--- a/app/assets/javascripts/templates/admin/modals/tag_rule_help.html.haml
+++ b/app/assets/javascripts/templates/admin/modals/tag_rule_help.html.haml
@@ -1,25 +0,0 @@
-#tag-rule-help
-  .margin-bottom-30.text-center
-    .text-big
-      {{ 'js.admin.modals.tag_rule_help.title' | t }}
-
-  .margin-bottom-30
-    .text-normal
-      {{ 'js.admin.modals.tag_rule_help.overview' | t }}
-    %p
-      {{ 'js.admin.modals.tag_rule_help.overview_text' | t }}
-
-  .margin-bottom-30
-    .text-normal
-      {{ 'js.admin.modals.tag_rule_help.by_default_rules' | t }}
-    %p
-      {{ 'js.admin.modals.tag_rule_help.by_default_rules_text' | t }}
-
-  .margin-bottom-30
-    .text-normal
-      {{ 'js.admin.modals.tag_rule_help.customer_tagged_rules' | t }}
-    %p
-      {{ 'js.admin.modals.tag_rule_help.customer_tagged_rules_text' | t }}
-
-  .text-center
-    %input.button.red.icon-plus{ type: 'button', value: t('js.admin.modals.got_it'), ng: { click: 'close()' } }
--- a/app/assets/javascripts/templates/admin/modals/terms_and_conditions_info.html.haml
+++ b/app/assets/javascripts/templates/admin/modals/terms_and_conditions_info.html.haml
@@ -1,13 +0,0 @@
-%div
-  .margin-bottom-30.text-center
-    .text-big
-      {{ 'js.admin.modals.terms_and_conditions_info.title' | t }}
-  .margin-bottom-30
-    %p
-      {{ 'js.admin.modals.terms_and_conditions_info.message_1' | t }}
-  .margin-bottom-30
-    %p
-      {{ 'js.admin.modals.terms_and_conditions_info.message_2' | t }}
-
-  .text-center
-    %input.button.red.icon-plus{ type: 'button', value: t('js.admin.modals.got_it'), ng: { click: 'close()' } }
--- a/app/assets/javascripts/templates/partials/contact.html.haml
+++ b/app/assets/javascripts/templates/partials/contact.html.haml
@@ -1,8 +1,12 @@
 %div.contact-container
-  %div.modal-centered{"ng-if" => "::enterprise.email_address || enterprise.website || enterprise.phone"}
+  %div.modal-centered{"ng-if" => "::enterprise.email_address || enterprise.website || enterprise.phone || enterprise.whatsapp_phone"}
    %p.modal-header {{'contact' | t}}
    %p{"ng-if" => "::enterprise.phone", "ng-bind" => "::enterprise.phone"}

+    %p{"ng-if" => "::enterprise.whatsapp_phone"}
+      %img{ src: image_path("/map_icons/social-logos/whatsapp.svg") }
+      %a{"ng-href" => "{{::enterprise.whatsapp_url}}", target: "_blank", "ng-bind" => "::enterprise.whatsapp_phone"}
+
    %p{"ng-if" => "::enterprise.email_address"}
      %a{"ng-href" => "{{::enterprise.email_address | stripUrl}}", target: "_blank", mailto: true}
        %span.obfuscatedEmail.email{"ng-bind" => "::enterprise.email_address | stripUrl"}
--- a/app/assets/javascripts/templates/price_breakdown.html.haml
+++ b/app/assets/javascripts/templates/price_breakdown.html.haml
@@ -9,19 +9,19 @@
        %span{"ng-bind" => "::'item_cost' | t"}
      %li{"ng-if" => "::variant.fees.admin"}
        .right {{ ::variant.fees.admin | localizeCurrency }}
-        %span{"ng-bind" => "::'admin_fee' | t"}
+        %span{"ng-bind" => "::variant.fees_name.admin"}
      %li{"ng-if" => "::variant.fees.sales"}
        .right {{ ::variant.fees.sales | localizeCurrency }}
-        %span{"ng-bind" => "::'sales_fee' | t"}
+        %span{"ng-bind" => "::variant.fees_name.sales"}
      %li{"ng-if" => "::variant.fees.packing"}
        .right {{ ::variant.fees.packing | localizeCurrency }}
-        %span{"ng-bind" => "::'packing_fee' | t"}
+        %span{"ng-bind" => "::variant.fees_name.packing"}
      %li{"ng-if" => "::variant.fees.transport"}
        .right {{ ::variant.fees.transport | localizeCurrency }}
-        %span{"ng-bind" => "::'transport_fee' | t"}
+        %span{"ng-bind" => "::variant.fees_name.transport"}
      %li{"ng-if" => "::variant.fees.fundraising"}
        .right {{ ::variant.fees.fundraising | localizeCurrency }}
-        %span{"ng-bind" => "::'fundraising_fee' | t"}
+        %span{"ng-bind" => "::variant.fees_name.fundraising"}
      %li
        %strong
          .right = {{ ::variant.price_with_fees | localizeCurrency }}
--- a/app/components/help_modal_component.rb
+++ b/app/components/help_modal_component.rb
@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+class HelpModalComponent < ViewComponent::Base
+  def initialize(id:, close_button: true)
+    @id = id
+    @close_button = close_button
+  end
+
+  private
+
+  def close_button_class
+    if namespace == "admin"
+      "red"
+    else
+      "primary"
+    end
+  end
+
+  def close_button?
+    !!@close_button
+  end
+
+  def namespace
+    helpers.controller_path.split("/").first
+  end
+end
--- a/app/components/help_modal_component/help_modal_component.html.haml
+++ b/app/components/help_modal_component/help_modal_component.html.haml
@@ -0,0 +1,8 @@
+%div{ id: @id, "data-controller": "help-modal", "data-action": "keyup@document->help-modal#closeIfEscapeKey" }
+  .reveal-modal-bg.fade{ "data-help-modal-target": "background", "data-action": "click->help-modal#close" }
+  .reveal-modal.fade.small.help-modal{ "data-help-modal-target": "modal" }
+    = content
+
+    - if close_button?
+      .text-center
+        %input{ class: "button icon-plus #{close_button_class}", type: 'button', value: t('js.admin.modals.got_it'), "data-action": "click->help-modal#close" }
--- a/app/components/help_modal_component/help_modal_component.scss
+++ b/app/components/help_modal_component/help_modal_component.scss
@@ -0,0 +1,10 @@
+.help-modal {
+  visibility: visible;
+  position: fixed;
+  top: 3em;
+}
+
+/* prevent arrow on selected admin menu item appearing above modal */
+body.modal-open #admin-menu li.selected a::after {
+  z-index: 0;
+}
--- a/app/controllers/admin/contents_controller.rb
+++ b/app/controllers/admin/contents_controller.rb
@@ -10,14 +10,14 @@ module Admin

    def update
      params.each do |name, value|
-        if ContentConfig.has_preference?(name) || ContentConfig.has_attachment?(name)
-          ContentConfig.public_send("#{name}=", value)
+        if value.is_a?(ActionDispatch::Http::UploadedFile)
+          blob = store_file(value)
+          update_preference("#{name}_blob_id", blob.id)
+        else
+          update_preference(name, value)
        end
      end

-      # Save any uploaded images
-      ContentConfig.save
-
      flash[:success] =
        t(:successfully_updated, resource: I18n.t('admin.contents.edit.your_content'))

@@ -26,6 +26,22 @@ module Admin

    private

+    def store_file(attachable)
+      ActiveStorage::Blob.create_and_upload!(
+        io: attachable.open,
+        filename: attachable.original_filename,
+        content_type: attachable.content_type,
+        service_name: :local,
+        identify: false,
+      )
+    end
+
+    def update_preference(name, value)
+      return unless ContentConfig.has_preference?(name)
+
+      ContentConfig.public_send("#{name}=", value)
+    end
+
    def preference_sections
      [
        PreferenceSections::HeaderSection.new,
--- a/app/controllers/admin/enterprises_controller.rb
+++ b/app/controllers/admin/enterprises_controller.rb
@@ -7,6 +7,7 @@ require 'open_food_network/order_cycle_permissions'
 module Admin
  class EnterprisesController < Admin::ResourceController
    include GeocodeEnterpriseAddress
+    include CablecarResponses

    # These need to run before #load_resource so that @object is initialised with sanitised values
    prepend_before_action :override_owner, only: :create
@@ -44,7 +45,11 @@ module Admin
    def edit
      @object = Enterprise.where(permalink: params[:id]).
        includes(users: [:ship_address, :bill_address]).first
-      super
+      if params[:stimulus]
+        @enterprise.is_primary_producer = params[:is_primary_producer]
+        @enterprise.sells = params[:enterprise_sells]
+        render operations: cable_car.morph("#side_menu", partial("admin/shared/side_menu"))
+      end
    end

    def welcome
--- a/app/controllers/admin/invoice_settings_controller.rb
+++ b/app/controllers/admin/invoice_settings_controller.rb
@@ -19,6 +19,7 @@ module Admin
        :enable_invoices?,
        :invoice_style2?,
        :enable_receipt_printing?,
+        :enterprise_number_required_on_invoices?,
      )
    end
  end
--- a/app/controllers/admin/order_cycles_controller.rb
+++ b/app/controllers/admin/order_cycles_controller.rb
@@ -64,6 +64,7 @@ module Admin
      @order_cycle_form = OrderCycleForm.new(@order_cycle, order_cycle_params, spree_current_user)

      if @order_cycle_form.save
+        update_nil_subscription_line_items_price_estimate(@order_cycle)
        respond_to do |format|
          flash[:notice] = I18n.t(:order_cycles_update_notice) if params[:reloading] == '1'
          format.html { redirect_back(fallback_location: root_path) }
@@ -76,6 +77,7 @@ module Admin

    def bulk_update
      if order_cycle_set&.save
+        bulk_update_nil_subscription_line_items_price_estimate
        render_as_json @order_cycles,
                       ams_prefix: 'index',
                       current_user: spree_current_user,
@@ -86,6 +88,27 @@ module Admin
      end
    end

+    def bulk_update_nil_subscription_line_items_price_estimate
+      @collection.upcoming.each do |order_cycle|
+        update_nil_subscription_line_items_price_estimate(order_cycle)
+      end
+    end
+
+    def update_nil_subscription_line_items_price_estimate(order_cycle)
+      order_cycle.schedules.each do |schedule|
+        Subscription.where(schedule_id: schedule.id).each do |subscription|
+          shop = Enterprise.managed_by(spree_current_user).find_by(id: subscription.shop_id)
+          subscription.subscription_line_items.nil_price_estimate.each do |line_item|
+            variant = OrderManagement::Subscriptions::
+                VariantsList.eligible_variants(shop).find_by(id: line_item.variant_id)
+            fee_calculator = OpenFoodNetwork::EnterpriseFeeCalculator.new(shop, order_cycle)
+            price = variant.price + fee_calculator.indexed_fees_for(variant)
+            line_item.update_column(:price_estimate, price)
+          end
+        end
+      end
+    end
+
    def clone
      @order_cycle = OrderCycle.find params[:id]
      @order_cycle.clone!
--- a/app/controllers/admin/reports_controller.rb
+++ b/app/controllers/admin/reports_controller.rb
@@ -5,14 +5,23 @@ module Admin
    include ReportsActions
    helper ReportsHelper

-    before_action :authorize_report
+    before_action :authorize_report, only: [:show]
+
+    # Define model class for Can? permissions
+    def model_class
+      Admin::ReportsController
+    end
+
+    def index
+      @reports = reports.select do |report_type, _description|
+        can? report_type, :report
+      end
+    end

    def show
-      render_report && return if ransack_params.blank?
+      @report = report_class.new(spree_current_user, params, request)

-      @report = report_class.new(spree_current_user, ransack_params, report_options)
-
-      if export_spreadsheet?
+      if report_format.present?
        export_report
      else
        render_report
@@ -22,33 +31,31 @@ module Admin
    private

    def export_report
-      render report_format.to_sym => @report.public_send("to_#{report_format}"),
-             :filename => report_filename
+      send_data @report.render_as(report_format, controller: self), filename: report_filename
    end

    def render_report
      assign_view_data
-      load_form_options
-
-      render report_type
+      render "show"
    end

    def assign_view_data
      @report_type = report_type
-      @report_subtype = report_subtype || report_loader.default_report_subtype
-      @report_subtypes = report_class.report_subtypes.map do |subtype|
-        [t("packing.#{subtype}_report", scope: i18n_scope), subtype]
+      @report_subtypes = report_subtypes
+      @report_subtype = report_subtype
+
+      # Initialize data
+      params[:display_summary_row] = true if request.get?
+      if OpenFoodNetwork::FeatureToggle.enabled?(:report_inverse_columns_logic,
+                                                 spree_current_user)
+        @params_fields_to_show = if request.get?
+                                   @report.columns.keys
+                                 else
+                                   params[:fields_to_show]
+                                 end
      end
-    end

-    def load_form_options
-      return unless form_options_required?
-
-      form_options = Reporting::FrontendData.new(spree_current_user)
-
-      @distributors = form_options.distributors.to_a
-      @suppliers = form_options.suppliers.to_a
-      @order_cycles = form_options.order_cycles.to_a
+      @data = Reporting::FrontendData.new(spree_current_user)
    end
  end
 end
--- a/app/controllers/api/v0/enterprise_attachment_controller.rb
+++ b/app/controllers/api/v0/enterprise_attachment_controller.rb
@@ -14,7 +14,7 @@ module Api
      respond_to :json

      def destroy
-        unless @enterprise.public_send("#{attachment_name}?")
+        unless @enterprise.public_send(attachment_name).attached?
          return respond_with_conflict(error: destroy_attachment_does_not_exist_error_message)
        end

--- a/app/controllers/api/v0/enterprises_controller.rb
+++ b/app/controllers/api/v0/enterprises_controller.rb
@@ -44,9 +44,9 @@ module Api
        authorize! :update, @enterprise

        if params[:logo] && @enterprise.update( logo: params[:logo] )
-          render html: @enterprise.logo.url(:medium), status: :ok
-        elsif params[:promo] && @enterprise.update( promo_image: params[:promo] )
-          render html: @enterprise.promo_image.url(:medium), status: :ok
+          render(html: @enterprise.logo_url(:medium), status: :ok)
+        elsif params[:promo] && @enterprise.update!( promo_image: params[:promo] )
+          render(html: @enterprise.promo_image_url(:medium), status: :ok)
        else
          invalid_resource!(@enterprise)
        end
--- a/app/controllers/api/v0/orders_controller.rb
+++ b/app/controllers/api/v0/orders_controller.rb
@@ -26,6 +26,13 @@ module Api
        }
      end

+      def update
+        authorize! :admin, order
+
+        order.update!(order_params)
+        render json: order, serializer: Api::OrderDetailedSerializer, current_order: order
+      end
+
      def ship
        authorize! :admin, order

@@ -72,6 +79,10 @@ module Api
          includes(line_items: { variant: [:product, :stock_items, :default_price] }).
          first!
      end
+
+      def order_params
+        params.permit(:note)
+      end
    end
  end
 end
--- a/app/controllers/api/v0/product_images_controller.rb
+++ b/app/controllers/api/v0/product_images_controller.rb
@@ -6,20 +6,21 @@ module Api
      respond_to :json

      def update_product_image
-        @product = Spree::Product.find(params[:product_id])
-        authorize! :update, @product
+        product = Spree::Product.find(params[:product_id])
+        authorize! :update, product

-        if @product.images.first.nil?
-          @image = Spree::Image.create(
-            attachment: params[:file],
-            viewable_id: @product.master.id,
-            viewable_type: 'Spree::Variant'
-          )
-          render json: @image, serializer: ImageSerializer, status: :created
+        image = product.images.first || Spree::Image.new(
+          viewable_id: product.master.id,
+          viewable_type: 'Spree::Variant'
+        )
+
+        success_status = image.persisted? ? :ok : :created
+
+        if image.update(attachment: params[:file])
+          render json: image, serializer: ImageSerializer, status: success_status
        else
-          @image = @product.images.first
-          @image.update(attachment: params[:file])
-          render json: @image, serializer: ImageSerializer, status: :ok
+          error_json = { errors: image.errors.full_messages }
+          render json: error_json, status: :unprocessable_entity
        end
      end
    end
--- a/app/controllers/api/v0/reports_controller.rb
+++ b/app/controllers/api/v0/reports_controller.rb
@@ -10,7 +10,8 @@ module Api
      before_action :validate_report, :authorize_report, :validate_query

      def show
-        @report = report_class.new(current_api_user, ransack_params, report_options)
+        params[:report_format] = 'json'
+        @report = report_class.new(current_api_user, params)

        render_report
      end
--- a/app/controllers/api/v0/shipments_controller.rb
+++ b/app/controllers/api/v0/shipments_controller.rb
@@ -28,19 +28,14 @@ module Api
        authorize! :read, Spree::Shipment
        @shipment = @order.shipments.find_by!(number: params[:id])
        params[:shipment] ||= []
-        unlock = params[:shipment].delete(:unlock)

-        if unlock == 'yes'
-          @shipment.fee_adjustment.fire_events(:open)
-        end
+        @shipment.fee_adjustment.fire_events(:open)

        if @shipment.update(shipment_params)
          @order.updater.update_totals_and_states
        end

-        if unlock == 'yes'
-          @shipment.fee_adjustment.close
-        end
+        @shipment.fee_adjustment.close

        render json: @shipment.reload, serializer: Api::ShipmentSerializer, status: :ok
      end
@@ -79,8 +74,9 @@ module Api
      def remove
        variant = scoped_variant(params[:variant_id])
        quantity = params[:quantity].to_i
+        restock_item = params.fetch(:restock_item, "true") == "true"

-        @order.contents.remove(variant, quantity, @shipment)
+        @order.contents.remove(variant, quantity, @shipment, restock_item)
        @shipment.reload if @shipment.persisted?

        render json: @shipment, serializer: Api::ShipmentSerializer, status: :ok
--- a/app/controllers/api/v0/taxons_controller.rb
+++ b/app/controllers/api/v0/taxons_controller.rb
@@ -73,7 +73,7 @@ module Api
      def taxon_params
        return if params[:taxon].blank?

-        params.require(:taxon).permit([:name, :parent_id])
+        params.require(:taxon).permit([:name, :parent_id, :position])
      end
    end
  end
--- a/app/controllers/api/v1/base_controller.rb
+++ b/app/controllers/api/v1/base_controller.rb
@@ -14,6 +14,7 @@ module Api
      attr_accessor :current_api_user

      before_action :authenticate_user
+      before_action :restrict_feature

      rescue_from StandardError, with: :error_during_processing
      rescue_from CanCan::AccessDenied, with: :unauthorized
@@ -38,6 +39,10 @@ module Api
        invalid_api_key
      end

+      def restrict_feature
+        not_found unless Flipper.enabled?(:api_v1, @current_api_user)
+      end
+
      def current_ability
        Spree::Ability.new(current_api_user)
      end
--- a/app/controllers/api/v1/customers_controller.rb
+++ b/app/controllers/api/v1/customers_controller.rb
@@ -5,9 +5,10 @@ require 'open_food_network/permissions'
 module Api
  module V1
    class CustomersController < Api::V1::BaseController
+      include AddressTransformation
+
      skip_authorization_check only: :index

-      before_action :set_customer, only: [:show, :update, :destroy]
      before_action :authorize_action, only: [:show, :update, :destroy]

      def index
@@ -17,44 +18,44 @@ module Api
      end

      def show
-        render json: Api::V1::CustomerSerializer.new(@customer, include_options)
+        render json: Api::V1::CustomerSerializer.new(customer, include_options)
      end

      def create
        authorize! :update, Enterprise.find(customer_params[:enterprise_id])
-        @customer = Customer.new(customer_params)
+        customer = Customer.new(customer_params)

-        if @customer.save
-          render json: Api::V1::CustomerSerializer.new(@customer), status: :created
+        if customer.save
+          render json: Api::V1::CustomerSerializer.new(customer), status: :created
        else
-          invalid_resource! @customer
+          invalid_resource! customer
        end
      end

      def update
-        if @customer.update(customer_params)
-          render json: Api::V1::CustomerSerializer.new(@customer)
+        if customer.update(customer_params)
+          render json: Api::V1::CustomerSerializer.new(customer)
        else
-          invalid_resource! @customer
+          invalid_resource! customer
        end
      end

      def destroy
-        if @customer.destroy
-          render json: Api::V1::CustomerSerializer.new(@customer)
+        if customer.destroy
+          render json: Api::V1::CustomerSerializer.new(customer)
        else
-          invalid_resource! @customer
+          invalid_resource! customer
        end
      end

      private

-      def set_customer
-        @customer = Customer.find(params[:id])
+      def customer
+        @customer ||= Customer.find(params[:id])
      end

      def authorize_action
-        authorize! action_name.to_sym, @customer
+        authorize! action_name.to_sym, customer
      end

      def search_customers
@@ -77,7 +78,8 @@ module Api
            :phone, :latitude, :longitude,
            :first_name, :last_name,
            :street_address_1, :street_address_2,
-            :postal_code, :locality, :region, :country,
+            :postal_code, :locality,
+            { region: [:name, :code], country: [:name, :code] },
          ]
        ).to_h

@@ -89,39 +91,6 @@ module Api
        attributes
      end

-      def transform_address!(attributes, from, to)
-        return unless attributes.key?(from)
-
-        address = attributes.delete(from)
-
-        if address.nil?
-          attributes[to] = nil
-          return
-        end
-
-        address.transform_keys! do |key|
-          {
-            phone: :phone, latitude: :latitude, longitude: :longitude,
-            first_name: :firstname, last_name: :lastname,
-            street_address_1: :address1, street_address_2: :address2,
-            postal_code: :zipcode,
-            locality: :city,
-            region: :state_name,
-            country: :country,
-          }.with_indifferent_access[key]
-        end
-
-        if address[:state_name].present?
-          address[:state] = Spree::State.find_by(name: address[:state_name])
-        end
-
-        if address[:country].present?
-          address[:country] = Spree::Country.find_by(name: address[:country])
-        end
-
-        attributes["#{to}_attributes"] = address
-      end
-
      def editable_enterprises
        OpenFoodNetwork::Permissions.new(current_api_user).editable_enterprises.select(:id)
      end
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -29,6 +29,7 @@ class ApplicationController < ActionController::Base
  helper 'footer_links'
  helper 'discourse'
  helper 'checkout'
+  helper 'link'
  helper 'terms_and_conditions'

  protect_from_forgery
@@ -38,6 +39,7 @@ class ApplicationController < ActionController::Base
  include Spree::Core::ControllerHelpers::Common

  before_action :set_cache_headers # prevent cart emptying via cache when using back button #1213
+  before_action :check_disabled_user, if: :spree_user_signed_in?
  before_action :set_after_login_url

  include RawParams
@@ -158,6 +160,15 @@ class ApplicationController < ActionController::Base
    response.headers["Pragma"] = "no-cache"
    response.headers["Expires"] = "Fri, 01 Jan 1990 00:00:00 GMT"
  end
+
+  def check_disabled_user
+    return unless current_spree_user.disabled
+
+    flash[:success] = nil
+    flash[:error] = I18n.t("devise.failure.disabled")
+    sign_out current_spree_user
+    redirect_to main_app.root_path
+  end
 end

 require 'spree/i18n/initializer'
--- a/app/controllers/concerns/address_transformation.rb
+++ b/app/controllers/concerns/address_transformation.rb
@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+# Our internal data structures are different to the API data strurctures.
+module AddressTransformation
+  extend ActiveSupport::Concern
+
+  def transform_address!(attributes, from, to)
+    return unless attributes.key?(from)
+
+    address = attributes.delete(from)
+
+    if address.nil?
+      attributes[to] = nil
+      return
+    end
+
+    address.transform_keys! do |key|
+      {
+        phone: :phone, latitude: :latitude, longitude: :longitude,
+        first_name: :firstname, last_name: :lastname,
+        street_address_1: :address1, street_address_2: :address2,
+        postal_code: :zipcode,
+        locality: :city,
+        region: :state,
+        country: :country,
+      }.with_indifferent_access[key]
+    end
+
+    address[:state] = find_state(address) if address[:state].present?
+    address[:country] = find_country(address) if address[:country].present?
+
+    attributes["#{to}_attributes"] = address
+  end
+
+  private
+
+  def find_state(address)
+    Spree::State.find_by("LOWER(abbr) = ? OR LOWER(name) = ?",
+                         address.dig(:state, :code)&.downcase,
+                         address.dig(:state, :name)&.downcase)
+  end
+
+  def find_country(address)
+    Spree::Country.find_by("LOWER(iso) = ? OR LOWER(name) = ?",
+                           address.dig(:country, :code)&.downcase,
+                           address.dig(:country, :name)&.downcase)
+  end
+end
--- a/app/controllers/concerns/checkout_callbacks.rb
+++ b/app/controllers/concerns/checkout_callbacks.rb
@@ -47,7 +47,7 @@ module CheckoutCallbacks
  end

  def load_shipping_methods
-    @shipping_methods = available_shipping_methods
+    @shipping_methods = available_shipping_methods.sort { |a, b| a.name.casecmp(b.name) }
  end

  def redirect_to_shop?
--- a/app/controllers/concerns/reports_actions.rb
+++ b/app/controllers/concerns/reports_actions.rb
@@ -3,10 +3,14 @@
 module ReportsActions
  extend ActiveSupport::Concern

+  def reports
+    Reporting::Reports::List.all
+  end
+
  private

  def authorize_report
-    authorize! report_type&.to_sym, :report
+    authorize! report_type.to_sym, :report
  end

  def report_class
@@ -23,31 +27,26 @@ module ReportsActions
    params[:report_type]
  end

+  def report_subtypes
+    reports[report_type.to_sym] || []
+  end
+
+  def report_subtypes_codes
+    report_subtypes.map(&:second).map(&:to_s)
+  end
+
  def report_subtype
-    params[:report_subtype]
+    params[:report_subtype] || report_subtypes_codes.first
  end

  def ransack_params
    raw_params[:q]
  end

-  def report_options
-    raw_params[:options]
-  end
-
  def report_format
    params[:report_format]
  end

-  def export_spreadsheet?
-    ['xlsx', 'ods', 'csv'].include?(report_format)
-  end
-
-  def form_options_required?
-    [:packing, :customers, :products_and_inventory, :order_cycle_management].
-      include? report_type.to_sym
-  end
-
  def report_filename
    "#{report_type || action_name}_#{file_timestamp}.#{report_format}"
  end
--- a/app/controllers/errors_controller.rb
+++ b/app/controllers/errors_controller.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class ErrorsController < ApplicationController
+  layout "errors"
+
+  def not_found
+    render status: :not_found
+  end
+
+  def internal_server_error
+    render status: :internal_server_error
+  end
+
+  def unprocessable_entity
+    render status: :unprocessable_entity
+  end
+end
--- a/app/controllers/split_checkout_controller.rb
+++ b/app/controllers/split_checkout_controller.rb
@@ -21,6 +21,7 @@ class SplitCheckoutController < ::BaseController

  def edit
    redirect_to_step_based_on_order unless params[:step]
+    check_step if params[:step]
  end

  def update
@@ -31,12 +32,16 @@ class SplitCheckoutController < ::BaseController
      advance_order_state
      redirect_to_step
    else
-      flash.now[:error] = I18n.t('split_checkout.errors.global')
+      flash.now[:error] ||= I18n.t('split_checkout.errors.global')

      render status: :unprocessable_entity, operations: cable_car.
        replace("#checkout", partial("split_checkout/checkout")).
        replace("#flashes", partial("shared/flashes", locals: { flashes: flash }))
    end
+  rescue Spree::Core::GatewayError => e
+    flash[:error] = I18n.t(:spree_gateway_error_flash_for_checkout, error: e.message)
+    @order.update_column(:state, "payment")
+    render operations: cable_car.redirect_to(url: checkout_step_path(:payment))
  end

  private
@@ -128,7 +133,7 @@ class SplitCheckoutController < ::BaseController
    when "confirmation"
      redirect_to checkout_step_path(:summary)
    else
-      redirect_to order_path(@order)
+      redirect_to order_path(@order, order_token: @order.token)
    end
  end

@@ -141,4 +146,13 @@ class SplitCheckoutController < ::BaseController
    end
    redirect_to_step_based_on_order
  end
+
+  def check_step
+    case @order.state
+    when "cart", "address", "delivery"
+      redirect_to checkout_step_path(:details) unless params[:step] == "details"
+    when "payment"
+      redirect_to checkout_step_path(:payment) if params[:step] == "summary"
+    end
+  end
 end
--- a/app/controllers/spree/admin/orders_controller.rb
+++ b/app/controllers/spree/admin/orders_controller.rb
@@ -42,6 +42,10 @@ module Spree
          @order.update_order!
        end

+        if params[:set_distribution_step] && @order.update(order_params)
+          return redirect_to spree.admin_order_customer_path(@order)
+        end
+
        unless order_params.present? && @order.update(order_params) && @order.line_items.present?
          if @order.line_items.empty? && !params[:suppress_error_msg]
            @order.errors.add(:line_items, Spree.t('errors.messages.blank'))
@@ -55,7 +59,7 @@ module Spree
          redirect_to spree.edit_admin_order_path(@order)
        else
          # Jump to next step if order is not complete
-          redirect_to spree.admin_order_customer_path(@order)
+          redirect_to spree.admin_order_payments_path(@order)
        end
      end

@@ -65,7 +69,9 @@ module Spree

      def fire
        event = params[:e]
-        @order.send_cancellation_email = params[:send_cancellation_email] == "true"
+        @order.send_cancellation_email = params[:send_cancellation_email] != "false"
+        @order.restock_items = params.fetch(:restock_items, "true") == "true"
+
        if @order.public_send(event.to_s)
          flash[:success] = Spree.t(:order_updated)
        else
@@ -124,7 +130,7 @@ module Spree
      end

      def require_distributor_abn
-        return if @order.distributor.abn.present?
+        return if @order.distributor.can_invoice?

        flash[:error] = t(:must_have_valid_business_number,
                          enterprise_name: @order.distributor.name)
--- a/app/controllers/spree/admin/products_controller.rb
+++ b/app/controllers/spree/admin/products_controller.rb
@@ -30,18 +30,14 @@ module Spree
          @object.attributes = permitted_resource_params
          if @object.save
            flash[:success] = flash_message_for(@object, :successfully_created)
-            if params[:button] == "add_another"
-              redirect_to spree.new_admin_product_path
-            else
-              redirect_to spree.admin_products_path
-            end
+            redirect_after_save
          else
+            # Re-fill the form with deleted params on product
+            @on_hand = request.params[:product][:on_hand]
+            @on_demand = request.params[:product][:on_demand]
            render :new
          end
        end
-      rescue Paperclip::Errors::NotIdentifiedByImageMagickError
-        @object.errors.add(:base, t('spree.admin.products.image_upload_error'))
-        respond_with(@object)
      end

      def show
@@ -141,6 +137,14 @@ module Spree

      private

+      def redirect_after_save
+        if params[:button] == "add_another"
+          redirect_to spree.new_admin_product_path
+        else
+          redirect_to spree.admin_products_path
+        end
+      end
+
      def product_set_from_params
        collection_hash = Hash[products_bulk_params[:products].each_with_index.map { |p, i|
                                 [i, p]
--- a/app/controllers/spree/admin/reports_controller.rb
+++ b/app/controllers/spree/admin/reports_controller.rb
@@ -1,310 +0,0 @@
-# frozen_string_literal: true
-
-require 'csv'
-
-require 'open_food_network/reports/list'
-require 'open_food_network/order_and_distributor_report'
-require 'open_food_network/products_and_inventory_report'
-require 'open_food_network/lettuce_share_report'
-require 'open_food_network/group_buy_report'
-require 'open_food_network/order_grouper'
-require 'open_food_network/customers_report'
-require 'open_food_network/users_and_enterprises_report'
-require 'open_food_network/order_cycle_management_report'
-require 'open_food_network/sales_tax_report'
-require 'open_food_network/xero_invoices_report'
-require 'open_food_network/payments_report'
-require 'open_food_network/orders_and_fulfillments_report'
-
-module Spree
-  module Admin
-    class ReportsController < Spree::Admin::BaseController
-      include Spree::ReportsHelper
-      helper ::ReportsHelper
-
-      ORDER_MANAGEMENT_ENGINE_REPORTS = [
-        :bulk_coop,
-        :enterprise_fee_summary
-      ].freeze
-
-      helper_method :render_content?
-
-      before_action :cache_search_state
-      # Fetches user's distributors, suppliers and order_cycles
-      before_action :load_basic_data, only: [:customers, :products_and_inventory, :order_cycle_management]
-      before_action :load_associated_data, only: [:orders_and_fulfillment]
-
-      respond_to :html
-
-      def report_types
-        OpenFoodNetwork::Reports::List.all
-      end
-
-      def index
-        @reports = authorized_reports
-        respond_with(@reports)
-      end
-
-      def customers
-        @report_types = report_types[:customers]
-        @report_type = params[:report_type]
-        @report = OpenFoodNetwork::CustomersReport.new spree_current_user, raw_params,
-                                                       render_content?
-        render_report(@report.header, @report.table, params[:csv], "customers_#{timestamp}.csv")
-      end
-
-      def order_cycle_management
-        raw_params[:q] ||= {}
-
-        @report_types = report_types[:order_cycle_management]
-        @report_type = params[:report_type]
-
-        # -- Build Report with Order Grouper
-        @report = OpenFoodNetwork::OrderCycleManagementReport.new spree_current_user,
-                                                                  raw_params,
-                                                                  render_content?
-        @table = @report.table_items
-
-        render_report(@report.header, @table, params[:csv],
-                      "order_cycle_management_#{timestamp}.csv")
-      end
-
-      def orders_and_distributors
-        @report = OpenFoodNetwork::OrderAndDistributorReport.new spree_current_user,
-                                                                 raw_params,
-                                                                 render_content?
-        @search = @report.search
-        csv_file_name = "orders_and_distributors_#{timestamp}.csv"
-        render_report(@report.header, @report.table, params[:csv], csv_file_name)
-      end
-
-      def sales_tax
-        @distributors = my_distributors
-        @report_type = params[:report_type]
-        @report = OpenFoodNetwork::SalesTaxReport.new spree_current_user, raw_params,
-                                                      render_content?
-        render_report(@report.header, @report.table, params[:csv], "sales_tax.csv")
-      end
-
-      def payments
-        # -- Prepare Form Options
-        @distributors = my_distributors
-        @report_type = params[:report_type]
-
-        # -- Build Report with Order Grouper
-        @report = OpenFoodNetwork::PaymentsReport.new spree_current_user, raw_params,
-                                                      render_content?
-        @table = order_grouper_table
-        csv_file_name = "payments_#{timestamp}.csv"
-
-        render_report(@report.header, @table, params[:csv], csv_file_name)
-      end
-
-      def orders_and_fulfillment
-        raw_params[:q] ||= orders_and_fulfillment_default_filters
-
-        @report_types = report_types[:orders_and_fulfillment]
-        @report_type = params[:report_type]
-
-        @include_blank = I18n.t(:all)
-
-        # -- Build Report with Order Grouper
-        @report = OpenFoodNetwork::OrdersAndFulfillmentsReport.new spree_current_user,
-                                                                   raw_params,
-                                                                   render_content?
-        @table = order_grouper_table
-        csv_file_name = "#{params[:report_type]}_#{timestamp}.csv"
-
-        render_report(@report.header, @table, params[:csv], csv_file_name)
-      end
-
-      def products_and_inventory
-        @report_types = report_types[:products_and_inventory]
-        @report = if params[:report_type] != 'lettuce_share'
-                    OpenFoodNetwork::ProductsAndInventoryReport.new spree_current_user,
-                                                                    raw_params,
-                                                                    render_content?
-                  else
-                    OpenFoodNetwork::LettuceShareReport.new spree_current_user,
-                                                            raw_params,
-                                                            render_content?
-                  end
-
-        render_report @report.header,
-                      @report.table,
-                      params[:csv],
-                      "products_and_inventory_#{timestamp}.csv"
-      end
-
-      def users_and_enterprises
-        @report = OpenFoodNetwork::UsersAndEnterprisesReport.new raw_params, render_content?
-        render_report(@report.header, @report.table, params[:csv],
-                      "users_and_enterprises_#{timestamp}.csv")
-      end
-
-      def xero_invoices
-        raw_params[:q] ||= {}
-
-        @distributors = my_distributors
-        @order_cycles = my_order_cycles
-
-        @report = OpenFoodNetwork::XeroInvoicesReport.new(spree_current_user,
-                                                          raw_params,
-                                                          render_content?)
-        render_report(@report.header, @report.table, params[:csv], "xero_invoices_#{timestamp}.csv")
-      end
-
-      private
-
-      def model_class
-        Spree::Admin::ReportsController
-      end
-
-      # Some actions are changing the `params` object. That is unfortunate Spree
-      # behavior and we are building on it. So we have to look at `params` early
-      # to check if we are searching or just displaying a report search form.
-      def cache_search_state
-        search_keys = [
-          # search parameter for ransack
-          :q,
-          # common in all reports, only set for CSV rendering
-          :csv,
-          # `button` is included in all forms. It's not important for searching,
-          # but the Users & Enterprises report doesn't have any other parameter
-          # for an empty search. So we use this one to display data.
-          :button,
-          # Some reports use filtering by enterprise or order cycle
-          :distributor_id,
-          :supplier_id,
-          :order_cycle_id,
-          # Xero Invoices can be filtered by date
-          :invoice_date,
-          :due_date
-        ]
-        @searching = search_keys.any? { |key| raw_params.key? key }
-      end
-
-      # We don't want to render data unless search params are supplied.
-      # Compiling data can take a long time.
-      def render_content?
-        @searching
-      end
-
-      def render_report(header, table, create_csv, csv_file_name)
-        send_data csv_report(header, table), filename: csv_file_name if create_csv
-        @header = header
-        @table = table
-        # Rendering HTML is the default.
-      end
-
-      def load_associated_data
-        form_options = Reporting::FrontendData.new(spree_current_user)
-
-        @distributors = form_options.distributors
-        @suppliers = form_options.suppliers
-        @order_cycles = form_options.order_cycles
-      end
-
-      def csv_report(header, table)
-        CSV.generate do |csv|
-          csv << header
-          table.each { |row| csv << row }
-        end
-      end
-
-      def load_basic_data
-        @distributors = my_distributors
-        @suppliers = my_suppliers | suppliers_of_products_distributed_by(@distributors)
-        @order_cycles = my_order_cycles
-      end
-
-      # Load managed distributor enterprises of current user
-      def my_distributors
-        Enterprise.is_distributor.managed_by(spree_current_user)
-      end
-
-      # Load managed producer enterprises of current user
-      def my_suppliers
-        Enterprise.is_primary_producer.managed_by(spree_current_user)
-      end
-
-      def suppliers_of_products_distributed_by(distributors)
-        supplier_ids = Spree::Product.in_distributors(distributors.select('enterprises.id')).
-          select('spree_products.supplier_id')
-
-        Enterprise.where(id: supplier_ids)
-      end
-
-      # Load order cycles the current user has access to
-      def my_order_cycles
-        OrderCycle.
-          active_or_complete.
-          visible_by(spree_current_user).
-          order('orders_close_at DESC')
-      end
-
-      def order_grouper_table
-        order_grouper = OpenFoodNetwork::OrderGrouper.new @report.rules, @report.columns, @report
-        order_grouper.table(@report.table_items)
-      end
-
-      def authorized_reports
-        all_reports = [
-          :orders_and_distributors,
-          :bulk_coop,
-          :payments,
-          :orders_and_fulfillment,
-          :customers,
-          :products_and_inventory,
-          :users_and_enterprises,
-          :enterprise_fee_summary,
-          :order_cycle_management,
-          :sales_tax,
-          :xero_invoices,
-          :packing
-        ]
-        reports = all_reports.select { |action| can? action, Spree::Admin::ReportsController }
-        reports.map { |report| [report, describe_report(report)] }.to_h
-      end
-
-      def describe_report(report)
-        name = I18n.t(:name, scope: [:admin, :reports, report])
-        description = begin
-          I18n.t!(:description, scope: [:admin, :reports, report])
-        rescue I18n::MissingTranslationData
-          render_to_string(
-            partial: "#{report}_description",
-            layout: false,
-            locals: { report_types: report_types[report] }
-          ).html_safe
-        end
-        { name: name, url: url_for_report(report), description: description }
-      end
-
-      def url_for_report(report)
-        if report_in_order_management_engine?(report)
-          main_app.public_send("new_order_management_reports_#{report}_url".to_sym)
-        else
-          spree.public_send("#{report}_admin_reports_url".to_sym)
-        end
-      rescue NoMethodError
-        main_app.admin_reports_url(report_type: report)
-      end
-
-      # List of reports that have been moved to the Order Management engine
-      def report_in_order_management_engine?(report)
-        ORDER_MANAGEMENT_ENGINE_REPORTS.include?(report)
-      end
-
-      def timestamp
-        Time.zone.now.strftime("%Y%m%d")
-      end
-
-      def orders_and_fulfillment_default_filters
-        now = Time.zone.now
-        { completed_at_gt: (now - 1.month).beginning_of_day,
-          completed_at_lt: (now + 1.day).beginning_of_day }
-      end
-    end
-  end
-end
--- a/app/controllers/spree/admin/users_controller.rb
+++ b/app/controllers/spree/admin/users_controller.rb
@@ -48,30 +48,11 @@ module Spree
            @user.spree_roles = roles.reject(&:blank?).collect{ |r| Spree::Role.find(r) }
          end

-          message = if new_email_unconfirmed?
-                      Spree.t(:email_updated)
-                    else
-                      Spree.t(:account_updated)
-                    end
-          flash.now[:success] = message
+          flash.now[:success] = update_message
        end
        render :edit
      end

-      def generate_api_key
-        if @user.generate_spree_api_key!
-          flash[:success] = t('spree.api.key_generated')
-        end
-        redirect_to spree.edit_admin_user_path(@user)
-      end
-
-      def clear_api_key
-        if @user.clear_spree_api_key!
-          flash[:success] = t('spree.api.key_cleared')
-        end
-        redirect_to spree.edit_admin_user_path(@user)
-      end
-
      protected

      def collection
@@ -100,6 +81,16 @@ module Spree

      private

+      def update_message
+        return Spree.t(:show_api_key_view_toggled) if @user.show_api_key_view_previously_changed?
+
+        if new_email_unconfirmed?
+          Spree.t(:email_updated)
+        else
+          Spree.t(:account_updated)
+        end
+      end
+
      # handling raise from Admin::ResourceController#destroy
      def user_destroy_with_orders_error
        render status: :forbidden, text: Spree.t(:error_user_destroy_with_orders)
@@ -137,7 +128,9 @@ module Spree
      end

      def user_params
-        ::PermittedAttributes::User.new(params).call([:enterprise_limit])
+        ::PermittedAttributes::User.new(params).call(
+          %i[enterprise_limit show_api_key_view]
+        )
      end
    end
  end
--- a/app/controllers/spree/api_keys_controller.rb
+++ b/app/controllers/spree/api_keys_controller.rb
@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module Spree
+  class ApiKeysController < ::BaseController
+    include Spree::Core::ControllerHelpers
+    include I18nHelper
+
+    prepend_before_action :load_object
+
+    def create
+      @user.generate_api_key
+
+      if @user.save
+        flash[:success] = t('spree.api.key_generated')
+      end
+
+      redirect_to redirect_path
+    end
+
+    def destroy
+      @user.spree_api_key = nil
+
+      if @user.save
+        flash[:success] = t('spree.api.key_cleared')
+      end
+
+      redirect_to redirect_path
+    end
+
+    private
+
+    def load_object
+      @user ||= find_user
+      if @user
+        authorize! params[:action].to_sym, @user
+      else
+        redirect_to main_app.login_path
+      end
+    end
+
+    def find_user
+      Spree::User.find_by(id: params[:id]) || spree_current_user
+    end
+
+    def redirect_path
+      if request.referer.blank? || request.referer.include?(spree.account_path)
+        developer_settings_path
+      else
+        request.referer
+      end
+    end
+
+    def developer_settings_path
+      "#{spree.account_path}#/developer_settings"
+    end
+  end
+end
--- a/app/controllers/spree/credit_cards_controller.rb
+++ b/app/controllers/spree/credit_cards_controller.rb
@@ -49,7 +49,10 @@ module Spree

      # Using try because we may not have a card here
      if @credit_card.try(:destroy)
-        remove_shop_authorizations if @credit_card.is_default
+        if @credit_card.is_default
+          remove_shop_authorizations
+          mark_as_default_next_credit_card if credit_cards_with_payment_profile.count > 0
+        end
        flash[:success] = I18n.t(:card_has_been_removed, number: "x-#{@credit_card.last_digits}")
      else
        flash[:error] = I18n.t(:card_could_not_be_removed)
@@ -67,6 +70,14 @@ module Spree
      @credit_card.user.customers.update_all(allow_charges: false)
    end

+    def mark_as_default_next_credit_card
+      credit_cards_with_payment_profile.first.update(is_default: true)
+    end
+
+    def credit_cards_with_payment_profile
+      spree_current_user.credit_cards.with_payment_profile
+    end
+
    def create_customer(token)
      Stripe::Customer.create(email: spree_current_user.email, source: token)
    end
--- a/app/controllers/spree/orders_controller.rb
+++ b/app/controllers/spree/orders_controller.rb
@@ -4,6 +4,7 @@ module Spree
  class OrdersController < ::BaseController
    include OrderCyclesHelper
    include Rails.application.routes.url_helpers
+    include CablecarResponses

    layout 'darkswarm'

@@ -99,7 +100,8 @@ module Spree
      else
        flash[:error] = I18n.t(:orders_could_not_cancel)
      end
-      redirect_to request.referer || main_app.order_path(@order)
+      render status: :found,
+             operations: cable_car.redirect_to(url: request.referer || main_app.order_path(@order))
    end

    private
--- a/app/controllers/spree/user_sessions_controller.rb
+++ b/app/controllers/spree/user_sessions_controller.rb
@@ -16,6 +16,7 @@ module Spree
    prepend_before_action :handle_unconfirmed_email
    before_action :set_checkout_redirect, only: :create
    after_action :ensure_valid_locale_persisted, only: :create
+    skip_before_action :check_disabled_user

    def create
      authenticate_spree_user!
--- a/app/controllers/spree/users_controller.rb
+++ b/app/controllers/spree/users_controller.rb
@@ -78,7 +78,7 @@ module Spree

    def load_object
      @user ||= spree_current_user
-      if @user
+      if @user && !@user.disabled
        authorize! params[:action].to_sym, @user
      else
        redirect_to main_app.login_path
--- a/app/helpers/admin/enterprise_groups_helper.rb
+++ b/app/helpers/admin/enterprise_groups_helper.rb
@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Admin
+  module EnterpriseGroupsHelper
+    def enterprise_group_side_menu_items
+      [
+        { name: 'primary_details', label: 'primary_details', icon_class: "icon-user",
+          selected: "selected" },
+        { name: 'users', label: 'users', icon_class: "icon-user" },
+        { name: 'about', label: 'about', icon_class: "icon-pencil" },
+        { name: 'images', label: 'images', icon_class: "icon-picture" },
+        { name: 'contact', label: 'admin_enterprise_groups_contact', icon_class: "icon-phone" },
+        { name: 'web', label: 'admin_enterprise_groups_web', icon_class: "icon-globe" },
+      ]
+    end
+  end
+end
--- a/app/helpers/admin/enterprises_helper.rb
+++ b/app/helpers/admin/enterprises_helper.rb
@@ -13,5 +13,34 @@ module Admin
    def select_only_item(producers)
      producers.size == 1 ? producers.first.id : nil
    end
+
+    def enterprise_side_menu_items(enterprise)
+      is_shop = enterprise.sells != "none"
+      show_properties = !!enterprise.is_primary_producer
+      show_shipping_methods = can?(:manage_shipping_methods, enterprise) && is_shop
+      show_payment_methods = can?(:manage_payment_methods, enterprise) && is_shop
+      show_enterprise_fees = can?(:manage_enterprise_fees,
+                                  enterprise) && (is_shop || enterprise.is_primary_producer)
+
+      [
+        { name: 'primary_details', icon_class: "icon-home", show: true, selected: 'selected' },
+        { name: 'address', icon_class: "icon-map-marker", show: true },
+        { name: 'contact', icon_class: "icon-phone", show: true },
+        { name: 'social',  icon_class: "icon-twitter", show: true },
+        { name: 'about',   icon_class: "icon-pencil", show: true, form_name: "about_us" },
+        { name: 'business_details', icon_class: "icon-briefcase", show: true },
+        { name: 'images', icon_class: "icon-picture", show: true },
+        { name: 'properties', icon_class: "icon-tags", show: show_properties },
+        { name: 'shipping_methods', icon_class: "icon-truck", show: show_shipping_methods },
+        { name: 'payment_methods',  icon_class: "icon-money", show: show_payment_methods },
+        { name: 'enterprise_fees',  icon_class: "icon-tasks", show: show_enterprise_fees },
+        { name: 'enterprise_permissions', icon_class: "icon-plug", show: true,
+          href: admin_enterprise_relationships_path },
+        { name: 'inventory_settings', icon_class: "icon-list-ol", show: is_shop },
+        { name: 'tag_rules', icon_class: "icon-random", show: is_shop },
+        { name: 'shop_preferences', icon_class: "icon-shopping-cart", show: is_shop },
+        { name: 'users', icon_class: "icon-user", show: true }
+      ]
+    end
  end
 end
--- a/app/helpers/groups_helper.rb
+++ b/app/helpers/groups_helper.rb
@@ -1,6 +1,6 @@
 # frozen_string_literal: true

-module GroupsHelper
+module LinkHelper
  def link_to_service(baseurl, name, html_options = {}, &block)
    return if name.blank?

@@ -15,8 +15,4 @@ module GroupsHelper
      prefix + url
    end
  end
-
-  def strip_url(url)
-    url&.sub(%r{^https?://}i, '')
-  end
 end
--- a/app/helpers/reports_helper.rb
+++ b/app/helpers/reports_helper.rb
@@ -9,7 +9,24 @@ module ReportsHelper
    end
  end

-  def report_subtypes(report)
-    Reporting::ReportLoader.new(report).report_subtypes
+  def report_payment_method_options(orders)
+    orders.map do |order|
+      payment_method = order.payments.last&.payment_method
+
+      next unless payment_method
+
+      [payment_method.name, payment_method.id]
+    end.compact.uniq
+  end
+
+  def report_shipping_method_options(orders)
+    orders.map do |o|
+      sm = o.shipping_method
+      [sm&.name, sm&.id]
+    end.uniq
+  end
+
+  def currency_symbol
+    Spree::Money.currency_symbol
  end
 end
--- a/app/helpers/spree/admin/navigation_helper.rb
+++ b/app/helpers/spree/admin/navigation_helper.rb
@@ -77,7 +77,7 @@ module Spree
        klass = EnterpriseGroup if klass == :group
        klass = VariantOverride if klass == :Inventory
        klass = ProductImport::ProductImporter if klass == :import
-        klass = Spree::Admin::ReportsController if klass == :report
+        klass = ::Admin::ReportsController if klass == :report
        klass
      end

@@ -115,7 +115,7 @@ module Spree
        if html_options[:method] &&
           html_options[:method].to_s.downcase != 'get' &&
           !html_options[:remote]
-          form_tag(url, method: html_options.delete(:method)) do
+          form_tag(url, method: html_options.delete(:method), id: html_options.delete(:form_id)) do
            button(text, html_options.delete(:icon), nil, html_options)
          end
        else
--- a/app/helpers/spree/admin/orders_helper.rb
+++ b/app/helpers/spree/admin/orders_helper.rb
@@ -5,8 +5,8 @@ module Spree
    module OrdersHelper
      def event_links
        links = []
-        links << event_link("cancel") if @order.can_cancel?
-        links << event_link("resume") if @order.can_resume?
+        links << cancel_event_link if @order.can_cancel?
+        links << resume_event_link if @order.can_resume?
        links.join('&nbsp;').html_safe
      end

@@ -44,6 +44,14 @@ module Spree
        end
      end

+      def print_invoice_link
+        if @order.distributor.can_invoice?
+          print_invoice_link_with_url
+        else
+          notify_about_required_enterprise_number
+        end
+      end
+
      def ticket_links
        return [] unless Spree::Config[:enable_receipt_printing?]

@@ -78,13 +86,20 @@ module Spree
          confirm: t(:must_have_valid_business_number, enterprise_name: @order.distributor.name) }
      end

-      def print_invoice_link
+      def print_invoice_link_with_url
        { name: t(:print_invoice),
          url: spree.print_admin_order_path(@order),
          icon: 'icon-print',
          target: "_blank" }
      end

+      def notify_about_required_enterprise_number
+        { name: t(:print_invoice),
+          url: "#",
+          icon: 'icon-print',
+          confirm: t(:must_have_valid_business_number, enterprise_name: @order.distributor.name) }
+      end
+
      def print_ticket_link
        { name: t(:print_ticket),
          url: print_ticket_admin_order_path(@order),
@@ -114,12 +129,19 @@ module Spree
          confirm: t(:are_you_sure) }
      end

-      def event_link(event)
-        event_label = I18n.t(event, scope: "actions")
+      def cancel_event_link
+        event_label = I18n.t("cancel", scope: "actions")
+        button_link_to(event_label,
+                       fire_admin_order_url(@order, e: "cancel"),
+                       method: :put, icon: "icon-cancel", form_id: "cancel_order_form")
+      end
+
+      def resume_event_link
+        event_label = I18n.t("resume", scope: "actions")
        confirm_message = I18n.t("admin.orders.edit.order_sure_want_to", event: event_label)
        button_link_to(event_label,
-                       fire_admin_order_url(@order, e: event),
-                       method: :put, icon: "icon-#{event}",
+                       fire_admin_order_url(@order, e: "resume"),
+                       method: :put, icon: "icon-resume",
                       data: { confirm: confirm_message })
      end

--- a/app/helpers/spree/reports_helper.rb
+++ b/app/helpers/spree/reports_helper.rb
@@ -1,33 +0,0 @@
-# frozen_string_literal: true
-
-require 'spree/money'
-
-module Spree
-  module ReportsHelper
-    def report_payment_method_options(orders)
-      orders.map do |order|
-        payment_method = order.payments.last&.payment_method
-
-        next unless payment_method
-
-        [payment_method.name, payment_method.id]
-      end.compact.uniq
-    end
-
-    def report_shipping_method_options(orders)
-      orders.map do |o|
-        sm = o.shipping_method
-        [sm&.name, sm&.id]
-      end.uniq
-    end
-
-    def xero_report_types
-      [[I18n.t(:summary), 'summary'],
-       [I18n.t(:detailed), 'detailed']]
-    end
-
-    def currency_symbol
-      Spree::Money.currency_symbol
-    end
-  end
-end
--- a/app/json_schemas/customer_schema.rb
+++ b/app/json_schemas/customer_schema.rb
@@ -14,7 +14,7 @@ class CustomerSchema < JsonApiSchema
      code: { type: :string, nullable: true, example: "BUYER1" },
      email: { type: :string, example: "alice@example.com" },
      allow_charges: { type: :boolean, example: false },
-      tags: { type: :array, example: ["staff", "discount"] },
+      tags: { type: :array, items: { type: :string }, example: ["staff", "discount"] },
      terms_and_conditions_accepted_at: {
        type: :string, format: "date-time", nullable: true,
        example: "2022-03-12T15:55:00.000+11:00",
@@ -41,8 +41,8 @@ class CustomerSchema < JsonApiSchema
      street_address_2: "",
      postal_code: "1234",
      locality: "Melbourne",
-      region: "Victoria",
-      country: "Australia",
+      region: { code: "Vic", name: "Victoria" },
+      country: { code: "AU", name: "Australia" },
    }
  end

--- a/app/models/concerns/file_preferences.rb
+++ b/app/models/concerns/file_preferences.rb
@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+module FilePreferences
+  extend ActiveSupport::Concern
+
+  included do
+    @default_urls = {}
+  end
+
+  class_methods do
+    def file_preference(name, default_url: nil)
+      preference "#{name}_blob_id", :integer
+      @default_urls[name] = default_url if default_url
+    end
+
+    def default_url(name)
+      @default_urls[name]
+    end
+  end
+
+  def preference_type(key)
+    if has_preference?("#{key}_blob_id")
+      :file
+    else
+      super(key)
+    end
+  end
+
+  def url_for(name)
+    blob = blob_for(name)
+
+    if blob
+      Rails.application.routes.url_helpers.url_for(blob)
+    else
+      self.class.default_url(name)
+    end
+  end
+
+  def blob_for(name)
+    blob_id = get_preference("#{name}_blob_id")
+    ActiveStorage::Blob.find_by(id: blob_id) if blob_id
+  end
+end
--- a/app/models/content_configuration.rb
+++ b/app/models/content_configuration.rb
@@ -1,23 +1,17 @@
 # frozen_string_literal: true

-require 'open_food_network/paperclippable'
-
-class ContentConfiguration < Spree::Preferences::FileConfiguration
-  include OpenFoodNetwork::Paperclippable
+class ContentConfiguration < Spree::Preferences::Configuration
+  include FilePreferences

  # Header
-  preference :logo, :file
-  preference :logo_mobile, :file
-  preference :logo_mobile_svg, :file
-  has_attached_file :logo, default_url: "/default_images/ofn-logo.png"
-  has_attached_file :logo_mobile
-  has_attached_file :logo_mobile_svg, default_url: "/default_images/ofn-logo-mobile.svg"
+  file_preference :logo, default_url: "/default_images/ofn-logo.png"
+  file_preference :logo_mobile
+  file_preference :logo_mobile_svg, default_url: "/default_images/ofn-logo-mobile.svg"

  # Home page
  preference :home_page_alert_html, :text
-  preference :home_hero, :file
+  file_preference :home_hero, default_url: "/default_images/home.jpg"
  preference :home_show_stats, :boolean, default: true
-  has_attached_file :home_hero, default_url: "/default_images/home.jpg"

  # Map
  preference :open_street_map_enabled, :boolean, default: false
@@ -66,8 +60,7 @@ class ContentConfiguration < Spree::Preferences::FileConfiguration
  preference :menu_7_icon_name, :string, default: "ofn-i_013-help"

  # Footer
-  preference :footer_logo, :file
-  has_attached_file :footer_logo, default_url: "/default_images/ofn-logo-footer.png"
+  file_preference :footer_logo, default_url: "/default_images/ofn-logo-footer.png"

  # Other
  preference :footer_facebook_url, :string, default: "https://www.facebook.com/OpenFoodNet"
--- a/app/models/customer.rb
+++ b/app/models/customer.rb
@@ -10,7 +10,7 @@ class Customer < ApplicationRecord
  belongs_to :enterprise
  belongs_to :user, class_name: "Spree::User"
  has_many :orders, class_name: "Spree::Order"
-  before_destroy :check_for_orders
+  before_destroy :update_orders_and_delete_canceled_subscriptions

  belongs_to :bill_address, class_name: "Spree::Address"
  alias_attribute :billing_address, :bill_address
@@ -52,10 +52,12 @@ class Customer < ApplicationRecord
    self.user = user || Spree::User.find_by(email: email)
  end

-  def check_for_orders
-    return true unless orders.any?
-
-    errors.add(:base, I18n.t('admin.customers.destroy.has_associated_orders'))
-    throw :abort
+  def update_orders_and_delete_canceled_subscriptions
+    if Subscription.where(customer_id: id).not_canceled.any?
+      errors.add(:base, I18n.t('admin.customers.destroy.has_associated_subscriptions'))
+      throw :abort
+    end
+    Subscription.where(customer_id: id).destroy_all
+    orders.update_all(customer_id: nil)
  end
 end
--- a/app/models/enterprise.rb
+++ b/app/models/enterprise.rb
@@ -1,12 +1,20 @@
 # frozen_string_literal: false

-require 'spree/core/s3_support'
-
 class Enterprise < ApplicationRecord
-  include Spree::Core::S3Support
-
  SELLS = %w(unspecified none own any).freeze
  ENTERPRISE_SEARCH_RADIUS = 100
+  # The next Rails version will have named variants but we need to store them
+  # ourselves for now.
+  LOGO_SIZES = {
+    thumb: { resize_to_limit: [100, 100] },
+    small: { resize_to_limit: [180, 180] },
+    medium: { resize_to_limit: [300, 300] },
+  }.freeze
+  PROMO_IMAGE_SIZES = {
+    thumb: { resize_to_limit: [100, 100] },
+    medium: { resize_to_fill: [720, 156] },
+    large: { resize_to_fill: [1200, 260] },
+  }.freeze

  searchable_attributes :sells, :is_primary_producer
  searchable_associations :properties
@@ -19,6 +27,8 @@ class Enterprise < ApplicationRecord
  preference :shopfront_producer_order, :string, default: ""
  preference :shopfront_order_cycle_order, :string, default: "orders_close_at"
  preference :shopfront_product_sorting_method, :string, default: "by_category"
+  preference :invoice_order_by_supplier, :boolean, default: false
+  preference :product_low_stock_display, :boolean, default: false

  # Allow hubs to restrict visible variants to only those in their inventory
  preference :product_selection_from_inventory_only, :boolean, default: false
@@ -70,31 +80,16 @@ class Enterprise < ApplicationRecord
                                              tag_rule[:preferred_customer_tags].blank?
                                            }

-  has_attached_file :logo,
-                    styles: { medium: "300x300>", small: "180x180>", thumb: "100x100>" },
-                    url: '/images/enterprises/logos/:id/:style/:basename.:extension',
-                    path: 'public/images/enterprises/logos/:id/:style/:basename.:extension'
+  has_one_attached :logo
+  has_one_attached :promo_image
+  has_one_attached :terms_and_conditions

-  has_attached_file :promo_image,
-                    styles: {
-                      large: ["1200x260#", :jpg],
-                      medium: ["720x156#", :jpg],
-                      thumb: ["100x100>", :jpg]
-                    },
-                    url: '/images/enterprises/promo_images/:id/:style/:basename.:extension',
-                    path: 'public/images/enterprises/promo_images/:id/:style/:basename.:extension'
-  validates_attachment_content_type :logo, content_type: %r{\Aimage/.*\Z}
-  validates_attachment_content_type :promo_image, content_type: %r{\Aimage/.*\Z}
-
-  has_attached_file :terms_and_conditions,
-                    url: '/files/enterprises/terms_and_conditions/:id/:basename.:extension',
-                    path: 'public/files/enterprises/terms_and_conditions/:id/:basename.:extension'
-  validates_attachment_content_type :terms_and_conditions,
-                                    content_type: "application/pdf",
-                                    message: I18n.t(:enterprise_terms_and_conditions_type_error)
-
-  supports_s3 :logo
-  supports_s3 :promo_image
+  validates :logo, content_type: %r{\Aimage/(png|jpeg|gif|jpg|svg\+xml|webp)\Z}
+  validates :promo_image, content_type: %r{\Aimage/(png|jpeg|gif|jpg|svg\+xml|webp)\Z}
+  validates :terms_and_conditions, content_type: {
+    in: "application/pdf",
+    message: I18n.t(:enterprise_terms_and_conditions_type_error),
+  }

  validates :name, presence: true
  validate :name_is_unique
@@ -118,7 +113,8 @@ class Enterprise < ApplicationRecord
  after_rollback :restore_permalink

  scope :by_name, -> { order('name') }
-  scope :visible, -> { where(visible: true) }
+  scope :visible, -> { where(visible: "public") }
+  scope :not_hidden, -> { where.not(visible: "hidden") }
  scope :activated, -> { where("sells != 'unspecified'") }
  scope :ready_for_checkout, lambda {
    joins(:shipping_methods).
@@ -265,7 +261,7 @@ class Enterprise < ApplicationRecord

  def plus_relatives_and_oc_producers(order_cycles)
    oc_producer_ids = Exchange.in_order_cycle(order_cycles).incoming.pluck :sender_id
-    Enterprise.is_primary_producer.relatives_of_one_union_others(id, oc_producer_ids | [id])
+    Enterprise.not_hidden.is_primary_producer.relatives_of_one_union_others(id, oc_producer_ids | [id])
  end

  def relatives_including_self
@@ -280,6 +276,22 @@ class Enterprise < ApplicationRecord
    relatives_including_self.is_primary_producer
  end

+  def logo_url(name)
+    return unless logo.variable?
+
+    Rails.application.routes.url_helpers.url_for(
+      logo.variant(LOGO_SIZES[name])
+    )
+  end
+
+  def promo_image_url(name)
+    return unless promo_image.variable?
+
+    Rails.application.routes.url_helpers.url_for(
+      promo_image.variant(PROMO_IMAGE_SIZES[name])
+    )
+  end
+
  def website
    strip_url self[:website]
  end
@@ -300,6 +312,10 @@ class Enterprise < ApplicationRecord
    correct_instagram_url self[:instagram]
  end

+  def whatsapp_url
+    correct_whatsapp_url self[:whatsapp_phone]
+  end
+
  def inventory_variants
    if prefers_product_selection_from_inventory_only?
      Spree::Variant.visible_for(self)
@@ -396,9 +412,15 @@ class Enterprise < ApplicationRecord
  end

  def can_invoice?
+    return true unless Spree::Config.enterprise_number_required_on_invoices?
+
    abn.present?
  end

+  def public?
+    visible == "public"
+  end
+
  protected

  def devise_mailer
@@ -430,6 +452,10 @@ class Enterprise < ApplicationRecord
    url&.sub(%r{(https?://)?}, '')
  end

+  def correct_whatsapp_url(phone_number)
+    phone_number && "https://wa.me/" + phone_number.tr('+ ', '')
+  end
+
  def correct_instagram_url(url)
    url && strip_url(url).sub(%r{www.instagram.com/}, '').delete("@")
  end
--- a/app/models/enterprise_group.rb
+++ b/app/models/enterprise_group.rb
@@ -1,11 +1,9 @@
 # frozen_string_literal: true

 require 'open_food_network/locking'
-require 'spree/core/s3_support'

 class EnterpriseGroup < ApplicationRecord
  include PermalinkGenerator
-  include Spree::Core::S3Support

  acts_as_list

@@ -27,21 +25,11 @@ class EnterpriseGroup < ApplicationRecord

  delegate :phone, :address1, :address2, :city, :zipcode, :state, :country, to: :address

-  has_attached_file :logo,
-                    styles: { medium: "100x100" },
-                    url: '/images/enterprise_groups/logos/:id/:style/:basename.:extension',
-                    path: 'public/images/enterprise_groups/logos/:id/:style/:basename.:extension'
+  has_one_attached :logo
+  has_one_attached :promo_image

-  has_attached_file :promo_image,
-                    styles: { large: ["1200x260#", :jpg] },
-                    url: '/images/enterprise_groups/promo_images/:id/:style/:basename.:extension',
-                    path: 'public/images/enterprise_groups/promo_images/:id/:style/:basename.:extension'
-
-  validates_attachment_content_type :logo, content_type: %r{\Aimage/.*\Z}
-  validates_attachment_content_type :promo_image, content_type: %r{\Aimage/.*\Z}
-
-  supports_s3 :logo
-  supports_s3 :promo_image
+  validates :logo, content_type: %r{\Aimage/(png|jpeg|gif|jpg|svg\+xml|webp)\Z}
+  validates :promo_image, content_type: %r{\Aimage/(png|jpeg|gif|jpg|svg\+xml|webp)\Z}

  scope :by_position, -> { order('position ASC') }
  scope :on_front_page, -> { where(on_front_page: true) }
--- a/app/models/order_cycle.rb
+++ b/app/models/order_cycle.rb
@@ -10,7 +10,8 @@ class OrderCycle < ApplicationRecord
  belongs_to :coordinator, class_name: 'Enterprise'

  has_many :coordinator_fee_refs, class_name: 'CoordinatorFee'
-  has_many :coordinator_fees, through: :coordinator_fee_refs, source: :enterprise_fee
+  has_many :coordinator_fees, through: :coordinator_fee_refs, source: :enterprise_fee,
+                              dependent: :destroy

  has_many :exchanges, dependent: :destroy

--- a/app/models/proxy_order.rb
+++ b/app/models/proxy_order.rb
@@ -5,7 +5,7 @@
 # This reduces the need to keep Orders in sync with their parent Subscriptions

 class ProxyOrder < ApplicationRecord
-  belongs_to :order, class_name: 'Spree::Order', dependent: :destroy
+  belongs_to :order, class_name: 'Spree::Order'
  belongs_to :subscription
  belongs_to :order_cycle

--- a/app/models/spree/ability.rb
+++ b/app/models/spree/ability.rb
@@ -236,12 +236,10 @@ module Spree
           :validate_data, :reset_absent_products], ProductImport::ProductImporter

      # Reports page
-      can [:admin, :index, :customers, :orders_and_distributors, :group_buys, :payments,
-           :orders_and_fulfillment, :products_and_inventory, :order_cycle_management, :packing],
-          Spree::Admin::ReportsController
-      can [:admin, :show, :packing], :report
-      add_bulk_coop_abilities
-      add_enterprise_fee_summary_abilities
+      can [:admin, :index, :show], ::Admin::ReportsController
+      can [:admin, :show, :customers, :orders_and_distributors, :group_buys, :payments,
+           :orders_and_fulfillment, :products_and_inventory, :order_cycle_management,
+           :packing, :enterprise_fee_summary, :bulk_coop], :report
    end

    def add_order_cycle_management_abilities(user)
@@ -317,11 +315,10 @@ module Spree
      end

      # Reports page
-      can [:admin, :index, :customers, :group_buys, :sales_tax, :payments,
+      can [:admin, :index, :show], ::Admin::ReportsController
+      can [:admin, :customers, :group_buys, :sales_tax, :payments,
           :orders_and_distributors, :orders_and_fulfillment, :products_and_inventory,
-           :order_cycle_management, :xero_invoices], Spree::Admin::ReportsController
-      add_bulk_coop_abilities
-      add_enterprise_fee_summary_abilities
+           :order_cycle_management, :xero_invoices, :enterprise_fee_summary, :bulk_coop], :report

      can [:create], Customer
      can [:admin, :index, :update,
@@ -346,19 +343,5 @@ module Spree
          user.enterprises.include?(enterprise_relationship.child)
      end
    end
-
-    def add_bulk_coop_abilities
-      # Reveal the report link in spree/admin/reports#index
-      can [:bulk_coop], Spree::Admin::ReportsController
-      # Allow direct access to the report resource
-      can [:admin, :new, :create], :bulk_coop
-    end
-
-    def add_enterprise_fee_summary_abilities
-      # Reveal the report link in spree/admin/reports#index
-      can [:enterprise_fee_summary], Spree::Admin::ReportsController
-      # Allow direct access to the report resource
-      can [:admin, :new, :create], :enterprise_fee_summary
-    end
  end
 end
--- a/app/models/spree/address.rb
+++ b/app/models/spree/address.rb
@@ -105,6 +105,10 @@ module Spree
      render_address([city, zipcode, state&.name])
    end

+    def address_and_city
+      [address1, address2, city].select(&:present?).join(' ')
+    end
+
    private

    def require_zipcode?
--- a/app/models/spree/app_configuration.rb
+++ b/app/models/spree/app_configuration.rb
@@ -129,6 +129,7 @@ module Spree
    preference :enable_invoices?, :boolean, default: true
    preference :invoice_style2?, :boolean, default: false
    preference :enable_receipt_printing?, :boolean, default: false
+    preference :enterprise_number_required_on_invoices?, :boolean, default: true

    # Stripe payments
    preference :stripe_connect_enabled, :boolean, default: false
--- a/app/models/spree/image.rb
+++ b/app/models/spree/image.rb
@@ -1,101 +1,43 @@
 # frozen_string_literal: true

-require 'spree/core/s3_support'
-
 module Spree
  class Image < Asset
-    validates_attachment_presence :attachment
+    SIZES = {
+      mini: { resize_to_fill: [48, 48] },
+      small: { resize_to_fill: [227, 227] },
+      product: { resize_to_limit: [240, 240] },
+      large: { resize_to_limit: [600, 600] },
+    }.freeze
+
+    has_one_attached :attachment
+
+    validates :attachment, attached: true, content_type: %r{\Aimage/(png|jpeg|gif|jpg|svg\+xml|webp)\Z}
    validate :no_attachment_errors

-    # This is where the styles are used in the app:
-    # - mini: used in the BackOffice: Bulk Product Edit page and Order Cycle edit page
-    # - small: used in the FrontOffice: Product List page
-    # - product: used in the BackOffice: Product Image upload modal in the Bulk Product Edit page
-    #                                      and Product image edit page
-    # - large: used in the FrontOffice: product modal
-    has_attached_file :attachment,
-                      styles: { mini: "48x48#", small: "227x227#",
-                                product: "240x240>", large: "600x600>" },
-                      default_style: :product,
-                      url: '/spree/products/:id/:style/:basename.:extension',
-                      path: ':rails_root/public/spree/products/:id/:style/:basename.:extension',
-                      convert_options: { all: '-strip -auto-orient -colorspace sRGB' }
-
-    # save the w,h of the original image (from which others can be calculated)
-    # we need to look at the write-queue for images which have not been saved yet
-    after_post_process :find_dimensions
-
-    include Spree::Core::S3Support
-    supports_s3 :attachment
-
-    # used by admin products autocomplete
-    def mini_url
-      attachment.url(:mini, false)
-    end
-
-    def find_dimensions
-      return if attachment.errors.present?
-
-      geometry = Paperclip::Geometry.from_file(local_filename_of_original)
-
-      self.attachment_width  = geometry.width
-      self.attachment_height = geometry.height
-    end
-
-    def local_filename_of_original
-      temporary = attachment.queued_for_write[:original]
-
-      if temporary&.path.present?
-        temporary.path
+    def variant(name)
+      if attachment.variable?
+        attachment.variant(SIZES[name])
      else
-        attachment.path
+        attachment
      end
    end

+    def url(size)
+      return unless attachment.attached?
+
+      Rails.application.routes.url_helpers.url_for(variant(size))
+    end
+
    # if there are errors from the plugin, then add a more meaningful message
    def no_attachment_errors
-      return if attachment.errors.empty?
+      return if errors[:attachment].empty?

-      if errors.all? { |e| e.type == "Paperclip::Errors::NotIdentifiedByImageMagickError" }
+      if errors.all? { |e| e.type == :content_type_invalid }
        attachment.errors.clear
        errors.add :base, I18n.t('spree.admin.products.image_upload_error')
-      else
-        errors.add :attachment,
-                   I18n.t('spree.admin.products.paperclip_image_error', attachment_file_name: attachment_file_name)
      end
+
      false
    end
-
-    def self.set_attachment_attribute(attribute_name, attribute_value)
-      attachment_definitions[:attachment][attribute_name] = attribute_value
-    end
-
-    def self.set_storage_attachment_attributes
-      if Spree::Config[:use_s3]
-        set_s3_attachment_attributes
-      else
-        attachment_definitions[:attachment].delete(:storage)
-      end
-    end
-
-    def self.set_s3_attachment_attributes
-      set_attachment_attribute(:storage, :s3)
-      set_attachment_attribute(:s3_credentials, s3_credentials)
-      set_attachment_attribute(:s3_headers,
-                               ActiveSupport::JSON.decode(Spree::Config[:s3_headers]))
-      set_attachment_attribute(:bucket, Spree::Config[:s3_bucket])
-
-      # We use :s3_alias_url (virtual host url style) and set the URL on property s3_host_alias
-      set_attachment_attribute(:s3_host_alias, attachment_definitions[:attachment][:url])
-      set_attachment_attribute(:url, ":s3_alias_url")
-    end
-    private_class_method :set_s3_attachment_attributes
-
-    def self.s3_credentials
-      { access_key_id: Spree::Config[:s3_access_key],
-        secret_access_key: Spree::Config[:s3_secret],
-        bucket: Spree::Config[:s3_bucket] }
-    end
-    private_class_method :s3_credentials
  end
 end
--- a/Show More
+++ b/Show More