Update all locales with the latest Transifex translations

Fixing 'unsaved' alert behaviour for order cycle edit forms

.dockerignore

@@ -2,3 +2,4 @@
 .gitignore
 log/*
 tmp/*
+node_modules/

.gitattributes

@@ -0,0 +1,11 @@
+# Set default behavior to automatically normalize line endings.
+* text=auto
+
+# Set line endings to LF, even on Windows. Otherwise, execution within Docker fails.
+# See https://docs.github.com/en/get-started/getting-started-with-git/configuring-git-to-handle-line-endings#per-repository-settings
+*.sh text eol=lf
+
+# Same thing for following files, but they don't have an sh extension
+pre-commit eol=lf
+webpack-dev-server eol=lf
+install-bundler eol=lf

.github/ISSUE_TEMPLATE/release.md

@@ -23,8 +23,7 @@ assignees: ''
 
 ## Finish on Tuesday
 
-- [ ] Publish and notify [#global-community]:
-  > The next release is ready: https://github.com/openfoodfoundation/openfoodnetwork/releases/latest
+- [ ] Publish and notify [#global-community] (this is automatically posted with a plugin)
 - [ ] Deploy the new release to all managed instances.
   <details><summary>Command line instructions</summary>
   <pre>

.github/dependabot.yml

@@ -6,10 +6,12 @@ updates:
     schedule:
       interval: "daily"
     open-pull-requests-limit: 10
+    # Only specific requirements are specified in Gemfile, so don't touch it.
     versioning-strategy: lockfile-only
 
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
       interval: "daily"
-    versioning-strategy: lockfile-only
+    # All versions are specified in package.json, so please update them.
+    versioning-strategy: increase

.github/workflows/brakeman-analysis.yml

@@ -33,7 +33,7 @@ jobs:
 
     - name: Setup Brakeman
       env:
-        BRAKEMAN_VERSION: '4.10' # SARIF support is provided in Brakeman version 4.10+
+        BRAKEMAN_VERSION: '5.4.0'
       run: |
         gem install brakeman --version $BRAKEMAN_VERSION
 

.github/workflows/build.yml

@@ -57,7 +57,7 @@ jobs:
 
       - uses: actions/setup-node@v3
         with:
-          node-version: 16
+          node-version-file: .node-version
 
       - name: Install JS dependencies
         run: yarn install --frozen-lockfile
@@ -126,7 +126,7 @@ jobs:
 
       - uses: actions/setup-node@v3
         with:
-          node-version: 16
+          node-version-file: .node-version
 
       - name: Install JS dependencies
         run: yarn install --frozen-lockfile
@@ -195,7 +195,7 @@ jobs:
 
       - uses: actions/setup-node@v3
         with:
-          node-version: 16
+          node-version-file: .node-version
 
       - name: Install JS dependencies
         run: yarn install --frozen-lockfile
@@ -273,7 +273,7 @@ jobs:
 
       - uses: actions/setup-node@v3
         with:
-          node-version: 16
+          node-version-file: .node-version
 
       - name: Install JS dependencies
         run: yarn install --frozen-lockfile
@@ -351,7 +351,7 @@ jobs:
 
       - uses: actions/setup-node@v3
         with:
-          node-version: 16
+          node-version-file: .node-version
 
       - name: Install JS dependencies
         run: yarn install --frozen-lockfile
@@ -429,7 +429,7 @@ jobs:
 
       - uses: actions/setup-node@v3
         with:
-          node-version: 16
+          node-version-file: .node-version
 
       - name: Install JS dependencies
         run: yarn install --frozen-lockfile
@@ -489,7 +489,7 @@ jobs:
 
       - uses: actions/setup-node@v3
         with:
-          node-version: 16
+          node-version-file: .node-version
 
       - name: Install JS dependencies
         run: yarn install --frozen-lockfile

.github/workflows/linters.yml

@@ -24,6 +24,14 @@ jobs:
     steps:
       - name: Check out code
         uses: actions/checkout@v3
+
+      - uses: actions/setup-node@v3
+        with:
+          node-version-file: .node-version
+
+      - name: Install JS dependencies
+        run: yarn install --frozen-lockfile
+
       - name: prettier
         uses: EPMatt/reviewdog-action-prettier@v1
         with:

.gitignore

@@ -50,7 +50,6 @@ vendor/bundle/
 coverage
 /reports/
 !/reports/README.md
-/spec/components/stories/**/*.stories.json
 
 /public/packs
 /public/packs-test

.node-version

@@ -1 +1 @@
-14.16.1
+17.9.1

.prettierignore

@@ -12,7 +12,6 @@
 babel.config.js
 postcss.config.js
 
-.storybook/
 /app/assets/
 /config/
 /coverage/

.rubocop_todo.yml

@@ -1,12 +1,12 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --auto-gen-only-exclude --exclude-limit 1400`
-# on 2022-08-29 05:26:26 UTC using RuboCop version 1.35.1.
+# on 2023-04-01 00:21:28 UTC using RuboCop version 1.47.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
-# Offense count: 2
+# Offense count: 4
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: TreatCommentsAsGroupSeparators, ConsiderPunctuation, Include.
 # Include: **/*.gemfile, **/Gemfile, **/gems.rb
@@ -15,7 +15,7 @@ Bundler/OrderedGems:
     - 'Gemfile'
 
 # Offense count: 4
-# Configuration parameters: Include.
+# Configuration parameters: Severity, Include.
 # Include: **/*.gemspec
 Gemspec/RequiredRubyVersion:
   Exclude:
@@ -24,11 +24,65 @@ Gemspec/RequiredRubyVersion:
     - 'engines/order_management/order_management.gemspec'
     - 'engines/web/web.gemspec'
 
+# Offense count: 28
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, IndentationWidth.
+# SupportedStyles: with_first_argument, with_fixed_indentation
+Layout/ArgumentAlignment:
+  Exclude:
+    - 'app/controllers/spree/users_controller.rb'
+    - 'app/controllers/user_confirmations_controller.rb'
+    - 'app/models/enterprise.rb'
+    - 'spec/lib/reports/packing/packing_report_spec.rb'
+    - 'spec/migrations/migrate_customer_names_spec.rb'
+    - 'spec/services/products_renderer_spec.rb'
+    - 'spec/system/admin/bulk_order_management_spec.rb'
+    - 'spec/system/admin/enterprise_fees_spec.rb'
+    - 'spec/system/admin/order_cycles/list_spec.rb'
+    - 'spec/system/admin/order_cycles/simple_spec.rb'
+    - 'spec/system/consumer/shopping/cart_spec.rb'
+    - 'spec/system/consumer/shopping/checkout_auth_spec.rb'
+    - 'spec/system/consumer/shopping/products_spec.rb'
+
+# Offense count: 4
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, IndentationWidth.
+# SupportedStyles: with_first_element, with_fixed_indentation
+Layout/ArrayAlignment:
+  Exclude:
+    - 'spec/system/admin/customers_spec.rb'
+    - 'spec/system/admin/order_spec.rb'
+    - 'spec/system/admin/orders_spec.rb'
+    - 'spec/system/consumer/shopping/cart_spec.rb'
+
 # Offense count: 1
 # This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyleAlignWith.
+# SupportedStylesAlignWith: either, start_of_block, start_of_line
+Layout/BlockAlignment:
+  Exclude:
+    - 'spec/services/products_renderer_spec.rb'
+
+# Offense count: 5
+# This cop supports safe autocorrection (--autocorrect).
+Layout/BlockEndNewline:
+  Exclude:
+    - 'app/controllers/admin/subscriptions_controller.rb'
+    - 'spec/lib/open_food_network/enterprise_fee_calculator_spec.rb'
+    - 'spec/system/admin/orders_spec.rb'
+
+# Offense count: 3
+# This cop supports safe autocorrection (--autocorrect).
 Layout/ClosingParenthesisIndentation:
   Exclude:
     - 'lib/reporting/queries/joins.rb'
+    - 'spec/system/admin/orders_spec.rb'
+
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+Layout/EmptyLines:
+  Exclude:
+    - 'app/models/spree/payment.rb'
 
 # Offense count: 2
 # This cop supports safe autocorrection (--autocorrect).
@@ -39,6 +93,71 @@ Layout/EmptyLinesAroundBlockBody:
     - 'spec/requests/checkout/concurrency_spec.rb'
     - 'spec/system/admin/order_cycles/list_spec.rb'
 
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowForAlignment, AllowBeforeTrailingComments, ForceEqualSignAlignment.
+Layout/ExtraSpacing:
+  Exclude:
+    - 'spec/spec_helper.rb'
+
+# Offense count: 3
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, IndentationWidth.
+# SupportedStyles: consistent, consistent_relative_to_receiver, special_for_inner_method_call, special_for_inner_method_call_in_parentheses
+Layout/FirstArgumentIndentation:
+  Exclude:
+    - 'spec/system/admin/orders_spec.rb'
+    - 'spec/system/admin/products_spec.rb'
+
+# Offense count: 2
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, IndentationWidth.
+# SupportedStyles: special_inside_parentheses, consistent, align_braces
+Layout/FirstHashElementIndentation:
+  Exclude:
+    - 'spec/services/products_renderer_spec.rb'
+
+# Offense count: 13
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowMultipleStyles, EnforcedHashRocketStyle, EnforcedColonStyle, EnforcedLastArgumentHashStyle.
+# SupportedHashRocketStyles: key, separator, table
+# SupportedColonStyles: key, separator, table
+# SupportedLastArgumentHashStyles: always_inspect, always_ignore, ignore_implicit, ignore_explicit
+Layout/HashAlignment:
+  Exclude:
+    - 'app/controllers/admin/subscriptions_controller.rb'
+    - 'app/controllers/spree/users_controller.rb'
+    - 'app/models/spree/image.rb'
+    - 'spec/migrations/migrate_customer_names_spec.rb'
+    - 'spec/models/enterprise_spec.rb'
+    - 'spec/support/request/stripe_stubs.rb'
+    - 'spec/system/admin/customers_spec.rb'
+    - 'spec/system/admin/order_spec.rb'
+    - 'spec/system/admin/orders_spec.rb'
+    - 'spec/system/admin/tag_rules_spec.rb'
+    - 'spec/system/consumer/shopping/cart_spec.rb'
+
+# Offense count: 18
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: normal, indented_internal_methods
+Layout/IndentationConsistency:
+  Exclude:
+    - 'spec/system/admin/order_cycles/complex_editing_spec.rb'
+    - 'spec/system/admin/order_cycles/complex_updating_specific_time_spec.rb'
+    - 'spec/system/admin/order_cycles/simple_spec.rb'
+    - 'spec/system/admin/order_spec.rb'
+    - 'spec/system/admin/orders_spec.rb'
+    - 'spec/system/admin/product_import_spec.rb'
+    - 'spec/system/consumer/split_checkout_spec.rb'
+
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: Width, AllowedPatterns.
+Layout/IndentationWidth:
+  Exclude:
+    - 'spec/services/products_renderer_spec.rb'
+
 # Offense count: 1
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowDoxygenCommentStyle, AllowGemfileRubyComment.
@@ -46,9 +165,9 @@ Layout/LeadingCommentSpace:
   Exclude:
     - 'spec/system/admin/enterprises_spec.rb'
 
-# Offense count: 862
+# Offense count: 603
 # This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: Max, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns, IgnoredPatterns.
+# Configuration parameters: Max, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns.
 # URISchemes: http, https
 Layout/LineLength:
   Exclude:
@@ -61,11 +180,8 @@ Layout/LineLength:
     - 'app/controllers/admin/subscriptions_controller.rb'
     - 'app/controllers/api/v0/order_cycles_controller.rb'
     - 'app/controllers/payment_gateways/paypal_controller.rb'
-    - 'app/controllers/spree/users_controller.rb'
-    - 'app/controllers/user_confirmations_controller.rb'
     - 'app/helpers/angular_form_builder.rb'
     - 'app/helpers/angular_form_helper.rb'
-    - 'app/helpers/checkout_helper.rb'
     - 'app/helpers/enterprises_helper.rb'
     - 'app/helpers/order_cycles_helper.rb'
     - 'app/helpers/spree/orders_helper.rb'
@@ -84,7 +200,6 @@ Layout/LineLength:
     - 'app/models/schedule.rb'
     - 'app/models/spree/app_configuration.rb'
     - 'app/models/spree/gateway/stripe_sca.rb'
-    - 'app/models/spree/image.rb'
     - 'app/models/spree/line_item.rb'
     - 'app/models/spree/order.rb'
     - 'app/models/spree/payment_method.rb'
@@ -119,7 +234,6 @@ Layout/LineLength:
     - 'spec/controllers/admin/bulk_line_items_controller_spec.rb'
     - 'spec/controllers/admin/column_preferences_controller_spec.rb'
     - 'spec/controllers/admin/enterprises_controller_spec.rb'
-    - 'spec/controllers/admin/manager_invitations_controller_spec.rb'
     - 'spec/controllers/admin/order_cycles_controller_spec.rb'
     - 'spec/controllers/admin/schedules_controller_spec.rb'
     - 'spec/controllers/admin/stripe_accounts_controller_spec.rb'
@@ -129,17 +243,13 @@ Layout/LineLength:
     - 'spec/controllers/admin/variant_overrides_controller_spec.rb'
     - 'spec/controllers/api/v0/base_controller_spec.rb'
     - 'spec/controllers/api/v0/exchange_products_controller_spec.rb'
-    - 'spec/controllers/api/v0/logos_controller_spec.rb'
     - 'spec/controllers/api/v0/order_cycles_controller_spec.rb'
     - 'spec/controllers/api/v0/orders_controller_spec.rb'
     - 'spec/controllers/api/v0/products_controller_spec.rb'
-    - 'spec/controllers/api/v0/promo_images_controller_spec.rb'
-    - 'spec/controllers/api/v0/terms_and_conditions_controller_spec.rb'
     - 'spec/controllers/cart_controller_spec.rb'
     - 'spec/controllers/checkout_controller_spec.rb'
     - 'spec/controllers/enterprises_controller_spec.rb'
     - 'spec/controllers/line_items_controller_spec.rb'
-    - 'spec/controllers/registration_controller_spec.rb'
     - 'spec/controllers/shops_controller_spec.rb'
     - 'spec/controllers/spree/admin/orders/customer_details_controller_spec.rb'
     - 'spec/controllers/spree/admin/orders/invoices_spec.rb'
@@ -148,12 +258,8 @@ Layout/LineLength:
     - 'spec/controllers/spree/admin/variants_controller_spec.rb'
     - 'spec/controllers/spree/credit_cards_controller_spec.rb'
     - 'spec/controllers/spree/orders_controller_spec.rb'
-    - 'spec/controllers/stripe/callbacks_controller_spec.rb'
     - 'spec/controllers/stripe/webhooks_controller_spec.rb'
-    - 'spec/controllers/user_confirmations_controller_spec.rb'
-    - 'spec/factories/order_factory.rb'
     - 'spec/factories/stock_location_factory.rb'
-    - 'spec/helpers/enterprises_helper_spec.rb'
     - 'spec/helpers/injection_helper_spec.rb'
     - 'spec/helpers/order_cycles_helper_spec.rb'
     - 'spec/helpers/spree/admin/base_helper_spec.rb'
@@ -167,13 +273,11 @@ Layout/LineLength:
     - 'spec/lib/open_food_network/tag_rule_applicator_spec.rb'
     - 'spec/lib/reports/customers_report_spec.rb'
     - 'spec/lib/reports/order_cycle_management_report_spec.rb'
-    - 'spec/lib/reports/packing/packing_report_spec.rb'
     - 'spec/lib/reports/products_and_inventory_report_spec.rb'
     - 'spec/lib/reports/users_and_enterprises_report_spec.rb'
     - 'spec/mailers/order_mailer_spec.rb'
     - 'spec/mailers/producer_mailer_spec.rb'
     - 'spec/mailers/subscription_mailer_spec.rb'
-    - 'spec/migrations/migrate_customer_names_spec.rb'
     - 'spec/models/concerns/calculated_adjustments_spec.rb'
     - 'spec/models/concerns/order_shipment_spec.rb'
     - 'spec/models/concerns/product_stock_spec.rb'
@@ -205,7 +309,6 @@ Layout/LineLength:
     - 'spec/models/variant_override_spec.rb'
     - 'spec/requests/api/orders_spec.rb'
     - 'spec/requests/checkout/failed_checkout_spec.rb'
-    - 'spec/routing/stripe_spec.rb'
     - 'spec/serializers/api/admin/exchange_serializer_spec.rb'
     - 'spec/serializers/api/admin/order_cycle_serializer_spec.rb'
     - 'spec/services/address_geocoder_spec.rb'
@@ -226,72 +329,82 @@ Layout/LineLength:
     - 'spec/support/features/datepicker_helper.rb'
     - 'spec/support/matchers/select2_matchers.rb'
     - 'spec/support/matchers/table_matchers.rb'
-    - 'spec/support/request/stripe_stubs.rb'
     - 'spec/support/request/web_helper.rb'
     - 'spec/system/admin/adjustments_spec.rb'
     - 'spec/system/admin/bulk_order_management_spec.rb'
     - 'spec/system/admin/bulk_product_update_spec.rb'
-    - 'spec/system/admin/configuration/content_spec.rb'
-    - 'spec/system/admin/customers_spec.rb'
-    - 'spec/system/admin/enterprise_fees_spec.rb'
-    - 'spec/system/admin/enterprise_relationships_spec.rb'
-    - 'spec/system/admin/enterprises/business_address_form_spec.rb'
-    - 'spec/system/admin/enterprises/images_spec.rb'
-    - 'spec/system/admin/enterprises/index_spec.rb'
-    - 'spec/system/admin/enterprises_spec.rb'
-    - 'spec/system/admin/multilingual_spec.rb'
-    - 'spec/system/admin/order_cycles/complex_editing_multiple_product_pages_spec.rb'
-    - 'spec/system/admin/order_cycles/complex_editing_spec.rb'
-    - 'spec/system/admin/order_cycles/complex_updating_specific_time_spec.rb'
-    - 'spec/system/admin/order_cycles/list_spec.rb'
-    - 'spec/system/admin/order_cycles/simple_spec.rb'
-    - 'spec/system/admin/order_spec.rb'
-    - 'spec/system/admin/orders_spec.rb'
-    - 'spec/system/admin/overview_spec.rb'
-    - 'spec/system/admin/payment_method_spec.rb'
-    - 'spec/system/admin/payments_stripe_spec.rb'
-    - 'spec/system/admin/product_import_spec.rb'
-    - 'spec/system/admin/products_spec.rb'
-    - 'spec/system/admin/reports/packing_report_spec.rb'
-    - 'spec/system/admin/schedules_spec.rb'
-    - 'spec/system/admin/shipping_methods_spec.rb'
-    - 'spec/system/admin/subscriptions_spec.rb'
-    - 'spec/system/admin/tag_rules_spec.rb'
-    - 'spec/system/admin/users_spec.rb'
-    - 'spec/system/admin/variant_overrides_spec.rb'
-    - 'spec/system/consumer/authentication_spec.rb'
-    - 'spec/system/consumer/caching/shops_caching_spec.rb'
-    - 'spec/system/consumer/cookies_spec.rb'
-    - 'spec/system/consumer/shopping/cart_spec.rb'
-    - 'spec/system/consumer/shopping/checkout_auth_spec.rb'
-    - 'spec/system/consumer/shopping/checkout_spec.rb'
-    - 'spec/system/consumer/shopping/checkout_stripe_spec.rb'
-    - 'spec/system/consumer/shopping/products_spec.rb'
-    - 'spec/system/consumer/shopping/shopping_spec.rb'
-    - 'spec/system/consumer/shopping/unit_price_spec.rb'
-    - 'spec/system/consumer/shopping/variant_overrides_spec.rb'
-    - 'spec/system/consumer/split_checkout_spec.rb'
-    - 'spec/system/support/precompile_assets.rb'
-    - 'spec/views/spree/admin/payment_methods/index.html.haml_spec.rb'
 
 # Offense count: 1
 # This cop supports safe autocorrection (--autocorrect).
+Layout/MultilineBlockLayout:
+  Exclude:
+    - 'engines/order_management/app/services/order_management/subscriptions/validator.rb'
+
+# Offense count: 7
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: symmetrical, new_line, same_line
 Layout/MultilineMethodCallBraceLayout:
   Exclude:
     - 'lib/reporting/queries/joins.rb'
+    - 'spec/system/admin/orders_spec.rb'
+    - 'spec/system/admin/products_spec.rb'
 
-# Offense count: 22
+# Offense count: 6
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, IndentationWidth.
+# SupportedStyles: aligned, indented, indented_relative_to_receiver
+Layout/MultilineMethodCallIndentation:
+  Exclude:
+    - 'spec/controllers/api/v0/orders_controller_spec.rb'
+    - 'spec/system/admin/order_cycles/complex_editing_spec.rb'
+    - 'spec/system/admin/overview_spec.rb'
+    - 'spec/system/admin/payment_method_spec.rb'
+    - 'spec/system/admin/variant_overrides_spec.rb'
+
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle, IndentationWidth.
+# SupportedStyles: aligned, indented
+Layout/MultilineOperationIndentation:
+  Exclude:
+    - 'app/models/spree/order.rb'
+
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: final_newline, final_blank_line
+Layout/TrailingEmptyLines:
+  Exclude:
+    - 'Rakefile'
+
+# Offense count: 69
 # This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowInHeredoc.
 Layout/TrailingWhitespace:
   Exclude:
-    - 'app/controllers/spree/admin/shipping_methods_controller.rb'
-    - 'spec/controllers/spree/admin/shipping_methods_controller_spec.rb'
+    - 'app/controllers/spree/users_controller.rb'
+    - 'app/controllers/user_confirmations_controller.rb'
+    - 'app/models/enterprise.rb'
+    - 'app/models/spree/image.rb'
+    - 'spec/controllers/spree/credit_cards_controller_spec.rb'
+    - 'spec/controllers/user_confirmations_controller_spec.rb'
+    - 'spec/factories/order_factory.rb'
+    - 'spec/lib/reports/packing/packing_report_spec.rb'
+    - 'spec/models/enterprise_spec.rb'
+    - 'spec/services/products_renderer_spec.rb'
+    - 'spec/support/request/stripe_stubs.rb'
+    - 'spec/system/admin/bulk_order_management_spec.rb'
+    - 'spec/system/admin/customers_spec.rb'
+    - 'spec/system/admin/enterprise_fees_spec.rb'
+    - 'spec/system/admin/flatpickr_spec.rb'
+    - 'spec/system/admin/order_cycles/complex_editing_spec.rb'
+    - 'spec/system/admin/order_cycles/list_spec.rb'
+    - 'spec/system/admin/order_cycles/simple_spec.rb'
     - 'spec/system/admin/order_spec.rb'
+    - 'spec/system/admin/product_import_spec.rb'
     - 'spec/system/admin/shipping_methods_spec.rb'
-    - 'spec/system/flatpickr_spec.rb'
+    - 'spec/system/consumer/split_checkout_spec.rb'
 
 # Offense count: 17
 # Configuration parameters: AllowedMethods.
@@ -363,15 +476,23 @@ Lint/UnusedMethodArgument:
   Exclude:
     - 'lib/reporting/queries/query_interface.rb'
 
-# Offense count: 5
+# Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Lint/UselessMethodDefinition:
   Exclude:
-    - 'app/controllers/spree/user_registrations_controller.rb'
     - 'app/models/spree/gateway.rb'
 
-# Offense count: 28
-# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods, CountRepeatedAttributes, Max.
+# Offense count: 13
+# Configuration parameters: CheckForMethodsWithNoSideEffects.
+Lint/Void:
+  Exclude:
+    - 'spec/system/admin/order_cycles/complex_editing_spec.rb'
+    - 'spec/system/admin/order_cycles/complex_updating_specific_time_spec.rb'
+    - 'spec/system/admin/order_cycles/simple_spec.rb'
+    - 'spec/system/admin/order_spec.rb'
+
+# Offense count: 27
+# Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes, Max.
 Metrics/AbcSize:
   Exclude:
     - 'app/controllers/admin/enterprises_controller.rb'
@@ -381,7 +502,6 @@ Metrics/AbcSize:
     - 'app/controllers/spree/admin/taxons_controller.rb'
     - 'app/controllers/spree/admin/variants_controller.rb'
     - 'app/controllers/spree/orders_controller.rb'
-    - 'app/helpers/checkout_helper.rb'
     - 'app/helpers/spree/admin/navigation_helper.rb'
     - 'app/models/enterprise_group.rb'
     - 'app/models/enterprise_relationship.rb'
@@ -398,8 +518,8 @@ Metrics/AbcSize:
     - 'lib/tasks/enterprises.rake'
     - 'spec/services/order_checkout_restart_spec.rb'
 
-# Offense count: 42
-# Configuration parameters: CountComments, Max, CountAsOne, ExcludedMethods, AllowedMethods, AllowedPatterns, IgnoredMethods.
+# Offense count: 41
+# Configuration parameters: CountComments, Max, CountAsOne, AllowedMethods, AllowedPatterns.
 # AllowedMethods: refine
 Metrics/BlockLength:
   Exclude:
@@ -423,7 +543,6 @@ Metrics/BlockLength:
     - 'spec/factories/user_factory.rb'
     - 'spec/factories/variant_factory.rb'
     - 'spec/requests/api/orders_spec.rb'
-    - 'spec/spec_helper.rb'
     - 'spec/support/cancan_helper.rb'
     - 'spec/support/matchers/select2_matchers.rb'
     - 'spec/support/matchers/table_matchers.rb'
@@ -436,12 +555,11 @@ Metrics/BlockNesting:
   Exclude:
     - 'app/models/spree/payment/processing.rb'
 
-# Offense count: 45
+# Offense count: 46
 # Configuration parameters: CountComments, Max, CountAsOne.
 Metrics/ClassLength:
   Exclude:
     - 'app/components/products_table_component.rb'
-    - 'app/controllers/admin/customers_controller.rb'
     - 'app/controllers/admin/enterprises_controller.rb'
     - 'app/controllers/admin/order_cycles_controller.rb'
     - 'app/controllers/admin/resource_controller.rb'
@@ -478,8 +596,8 @@ Metrics/ClassLength:
     - 'app/serializers/api/cached_enterprise_serializer.rb'
     - 'app/serializers/api/enterprise_shopfront_serializer.rb'
     - 'app/services/cart_service.rb'
-    - 'app/services/order_syncer.rb'
     - 'app/services/order_cycle_form.rb'
+    - 'app/services/order_syncer.rb'
     - 'engines/order_management/app/services/order_management/order/updater.rb'
     - 'lib/open_food_network/enterprise_fee_calculator.rb'
     - 'lib/open_food_network/order_cycle_form_applicator.rb'
@@ -489,7 +607,7 @@ Metrics/ClassLength:
     - 'lib/reporting/reports/xero_invoices/base.rb'
 
 # Offense count: 35
-# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods, Max.
+# Configuration parameters: AllowedMethods, AllowedPatterns, Max.
 Metrics/CyclomaticComplexity:
   Exclude:
     - 'app/controllers/admin/enterprises_controller.rb'
@@ -522,17 +640,15 @@ Metrics/CyclomaticComplexity:
     - 'lib/spree/localized_number.rb'
     - 'spec/models/product_importer_spec.rb'
 
-# Offense count: 26
-# Configuration parameters: CountComments, Max, CountAsOne, ExcludedMethods, AllowedMethods, AllowedPatterns, IgnoredMethods.
+# Offense count: 24
+# Configuration parameters: CountComments, Max, CountAsOne, AllowedMethods, AllowedPatterns.
 Metrics/MethodLength:
   Exclude:
     - 'app/controllers/admin/enterprises_controller.rb'
     - 'app/controllers/payment_gateways/paypal_controller.rb'
     - 'app/controllers/spree/admin/taxons_controller.rb'
     - 'app/controllers/spree/orders_controller.rb'
-    - 'app/helpers/checkout_helper.rb'
     - 'app/helpers/spree/admin/navigation_helper.rb'
-    - 'app/json_schemas/json_api_schema.rb'
     - 'app/models/spree/ability.rb'
     - 'app/models/spree/gateway/pay_pal_express.rb'
     - 'app/models/spree/order/checkout.rb'
@@ -545,7 +661,7 @@ Metrics/MethodLength:
     - 'lib/reporting/reports/xero_invoices/base.rb'
     - 'lib/tasks/sample_data/product_factory.rb'
 
-# Offense count: 51
+# Offense count: 50
 # Configuration parameters: CountComments, Max, CountAsOne.
 Metrics/ModuleLength:
   Exclude:
@@ -599,7 +715,6 @@ Metrics/ModuleLength:
     - 'spec/services/variant_units/option_value_namer_spec.rb'
     - 'spec/support/request/shop_workflow.rb'
     - 'spec/support/request/stripe_stubs.rb'
-    - 'spec/support/request/web_helper.rb'
 
 # Offense count: 7
 # Configuration parameters: Max, CountKeywordArgs, MaxOptionalParameters.
@@ -611,12 +726,11 @@ Metrics/ParameterLists:
     - 'spec/support/controller_requests_helper.rb'
     - 'spec/system/admin/reports_spec.rb'
 
-# Offense count: 5
-# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods, Max.
+# Offense count: 4
+# Configuration parameters: AllowedMethods, AllowedPatterns, Max.
 Metrics/PerceivedComplexity:
   Exclude:
     - 'app/controllers/spree/admin/taxons_controller.rb'
-    - 'app/helpers/checkout_helper.rb'
     - 'app/models/enterprise_relationship.rb'
     - 'app/models/spree/ability.rb'
     - 'app/models/spree/order/checkout.rb'
@@ -632,9 +746,15 @@ Naming/AccessorMethodName:
     - 'spec/support/request/shop_workflow.rb'
     - 'spec/support/request/web_helper.rb'
 
+# Offense count: 1
+# Configuration parameters: AsciiConstants.
+Naming/AsciiIdentifiers:
+  Exclude:
+    - 'spec/system/admin/products_spec.rb'
+
 # Offense count: 1
 # Configuration parameters: ForbiddenDelimiters.
-# ForbiddenDelimiters: (?-mix:(^|\s)(EO[A-Z]{1}|END)(\s|$))
+# ForbiddenDelimiters: (?i-mx:(^|\s)(EO[A-Z]{1}|END)(\s|$))
 Naming/HeredocDelimiterNaming:
   Exclude:
     - 'app/models/content_configuration.rb'
@@ -650,7 +770,7 @@ Naming/MemoizedInstanceVariableName:
 
 # Offense count: 1
 # Configuration parameters: MinNameLength, AllowNamesEndingInNumbers, AllowedNames, ForbiddenNames.
-# AllowedNames: at, by, db, id, in, io, ip, of, on, os, pp, to
+# AllowedNames: as, at, by, cc, db, id, if, in, io, ip, of, on, os, pp, to
 Naming/MethodParameterName:
   Exclude:
     - 'app/services/process_payment_intent.rb'
@@ -658,7 +778,7 @@ Naming/MethodParameterName:
 # Offense count: 28
 # Configuration parameters: EnforcedStyle, CheckMethodNames, CheckSymbols, AllowedIdentifiers, AllowedPatterns.
 # SupportedStyles: snake_case, normalcase, non_integer
-# AllowedIdentifiers: capture3, iso8601, rfc1123_date, rfc822, rfc2822, rfc3339
+# AllowedIdentifiers: capture3, iso8601, rfc1123_date, rfc822, rfc2822, rfc3339, x86_64
 Naming/VariableNumber:
   Exclude:
     - 'app/controllers/spree/orders_controller.rb'
@@ -672,7 +792,7 @@ Naming/VariableNumber:
     - 'spec/requests/api/orders_spec.rb'
 
 # Offense count: 1
-# Configuration parameters: Include.
+# Configuration parameters: Severity, Include.
 # Include: app/models/**/*.rb
 Rails/ActiveRecordOverride:
   Exclude:
@@ -684,16 +804,11 @@ Rails/ApplicationController:
   Exclude:
     - 'engines/dfc_provider/app/controllers/dfc_provider/base_controller.rb'
 
-# Offense count: 6
+# Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/ApplicationJob:
   Exclude:
-    - 'app/jobs/bulk_invoice_job.rb'
-    - 'app/jobs/heartbeat_job.rb'
-    - 'app/jobs/order_cycle_closing_job.rb'
-    - 'app/jobs/order_cycle_notification_job.rb'
-    - 'app/jobs/subscription_confirm_job.rb'
-    - 'app/jobs/subscription_placement_job.rb'
+    - 'app/jobs/report_job.rb'
 
 # Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
@@ -711,29 +826,22 @@ Rails/Blank:
     - 'engines/order_management/app/services/order_management/stock/package.rb'
     - 'lib/stripe/authorize_response_patcher.rb'
 
-# Offense count: 1
-# Configuration parameters: EnforcedStyle, AllowToTime.
-# SupportedStyles: strict, flexible
-Rails/Date:
-  Exclude:
-    - 'spec/system/flatpickr_spec.rb'
-
-# Offense count: 4
+# Offense count: 5
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: slashes, arguments
 Rails/FilePath:
   Exclude:
     - 'app/models/product_import/product_importer.rb'
     - 'lib/tasks/karma.rake'
+    - 'spec/base_spec_helper.rb'
     - 'spec/models/content_configuration_spec.rb'
     - 'spec/support/downloads_helper.rb'
 
-# Offense count: 12
+# Offense count: 11
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
 Rails/HasAndBelongsToMany:
   Exclude:
-    - 'app/models/concerns/payment_method_distributors.rb'
     - 'app/models/enterprise.rb'
     - 'app/models/enterprise_group.rb'
     - 'app/models/order_cycle.rb'
@@ -745,7 +853,7 @@ Rails/HasAndBelongsToMany:
     - 'app/models/spree/variant.rb'
     - 'app/models/spree/zone.rb'
 
-# Offense count: 45
+# Offense count: 47
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
 Rails/HasManyOrHasOneDependent:
@@ -772,7 +880,7 @@ Rails/HasManyOrHasOneDependent:
     - 'app/models/spree/user.rb'
     - 'app/models/spree/variant.rb'
 
-# Offense count: 62
+# Offense count: 59
 # Configuration parameters: Include.
 # Include: app/helpers/**/*.rb
 Rails/HelperInstanceVariable:
@@ -786,7 +894,7 @@ Rails/HelperInstanceVariable:
     - 'app/helpers/spree/admin/orders_helper.rb'
     - 'app/helpers/spree/orders_helper.rb'
 
-# Offense count: 36
+# Offense count: 37
 # Configuration parameters: IgnoreScopes, Include.
 # Include: app/models/**/*.rb
 Rails/InverseOf:
@@ -850,7 +958,6 @@ Rails/OutputSafety:
     - 'lib/reporting/queries/query_builder.rb'
     - 'lib/reporting/queries/query_interface.rb'
     - 'lib/spree/money.rb'
-    - 'spec/system/admin/order_print_ticket_spec.rb'
 
 # Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
@@ -866,7 +973,7 @@ Rails/SkipsModelValidations:
     - 'app/models/variant_override.rb'
     - 'spec/models/spree/line_item_spec.rb'
 
-# Offense count: 5
+# Offense count: 4
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: strict, flexible
@@ -876,7 +983,6 @@ Rails/TimeZone:
     - 'spec/controllers/spree/credit_cards_controller_spec.rb'
     - 'spec/models/spree/tax_rate_spec.rb'
     - 'spec/services/customer_order_cancellation_spec.rb'
-    - 'spec/system/admin/order_cycles/list_spec.rb'
 
 # Offense count: 5
 # Configuration parameters: Include.
@@ -890,7 +996,7 @@ Rails/UniqueValidationWithoutIndex:
     - 'app/models/spree/zone.rb'
 
 # Offense count: 1
-# Configuration parameters: Environments.
+# Configuration parameters: Severity, Environments.
 # Environments: development, test, production
 Rails/UnknownEnv:
   Exclude:
@@ -909,7 +1015,7 @@ Style/BlockComments:
 
 # Offense count: 1
 # This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowOnConstant.
+# Configuration parameters: AllowOnConstant, AllowOnSelfClass.
 Style/CaseEquality:
   Exclude:
     - 'spec/models/spree/payment_spec.rb'
@@ -959,8 +1065,9 @@ Style/ClassVars:
 
 # Offense count: 2
 # This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: MaxUnannotatedPlaceholdersAllowed, AllowedMethods, AllowedPatterns, IgnoredMethods.
+# Configuration parameters: MaxUnannotatedPlaceholdersAllowed, AllowedMethods, AllowedPatterns.
 # SupportedStyles: annotated, template, unannotated
+# AllowedMethods: redirect
 Style/FormatStringToken:
   EnforcedStyle: unannotated
 
@@ -982,7 +1089,8 @@ Style/GlobalStdStream:
     - 'lib/tasks/subscriptions/debug.rake'
     - 'lib/tasks/subscriptions/test.rake'
 
-# Offense count: 40
+# Offense count: 39
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: MinBodyLength, AllowConsecutiveConditionals.
 Style/GuardClause:
   Exclude:
@@ -992,7 +1100,6 @@ Style/GuardClause:
     - 'app/controllers/api/v0/shipments_controller.rb'
     - 'app/controllers/application_controller.rb'
     - 'app/controllers/home_controller.rb'
-    - 'app/controllers/spree/admin/shipping_methods_controller.rb'
     - 'app/controllers/spree/orders_controller.rb'
     - 'app/models/enterprise.rb'
     - 'app/models/enterprise_group.rb'
@@ -1016,12 +1123,21 @@ Style/HashLikeCase:
   Exclude:
     - 'app/models/enterprise.rb'
 
-# Offense count: 1
-# This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods.
-Style/MethodCallWithoutArgsParentheses:
+# Offense count: 11
+# This cop supports unsafe autocorrection (--autocorrect-all).
+# Configuration parameters: InverseMethods, InverseBlocks.
+Style/InverseMethods:
   Exclude:
-    - 'spec/system/flatpickr_spec.rb'
+    - 'app/controllers/admin/resource_controller.rb'
+    - 'app/models/calculator/weight.rb'
+    - 'app/models/product_import/spreadsheet_entry.rb'
+    - 'app/models/spree/order/checkout.rb'
+    - 'app/models/spree/order_contents.rb'
+    - 'app/models/spree/payment.rb'
+    - 'app/services/order_cart_reset.rb'
+    - 'engines/order_management/app/services/order_management/stock/estimator.rb'
+    - 'lib/spree/localized_number.rb'
+    - 'spec/support/matchers/table_matchers.rb'
 
 # Offense count: 3
 Style/MissingRespondToMissing:
@@ -1030,6 +1146,12 @@ Style/MissingRespondToMissing:
     - 'app/models/spree/gateway.rb'
     - 'app/models/spree/preferences/configuration.rb'
 
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+Style/MultilineTernaryOperator:
+  Exclude:
+    - 'spec/system/admin/subscriptions_spec.rb'
+
 # Offense count: 22
 # This cop supports safe autocorrection (--autocorrect).
 Style/NestedModifier:
@@ -1045,14 +1167,21 @@ Style/NestedModifier:
     - 'spec/system/admin/payments_stripe_spec.rb'
     - 'spec/system/admin/reports_spec.rb'
 
-# Offense count: 17
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowedMethods.
+# AllowedMethods: be, be_a, be_an, be_between, be_falsey, be_kind_of, be_instance_of, be_truthy, be_within, eq, eql, end_with, include, match, raise_error, respond_to, start_with
+Style/NestedParenthesizedCalls:
+  Exclude:
+    - 'spec/system/admin/products_spec.rb'
+
+# Offense count: 16
 # Configuration parameters: AllowedMethods.
 # AllowedMethods: respond_to_missing?
 Style/OptionalBooleanParameter:
   Exclude:
     - 'app/controllers/admin/subscriptions_controller.rb'
     - 'app/mailers/spree/order_mailer.rb'
-    - 'app/mailers/spree/shipment_mailer.rb'
     - 'app/models/concerns/calculated_adjustments.rb'
     - 'app/models/enterprise_relationship.rb'
     - 'app/models/product_import/entry_processor.rb'
@@ -1063,6 +1192,13 @@ Style/OptionalBooleanParameter:
     - 'lib/spree/core/delegate_belongs_to.rb'
     - 'spec/support/request/web_helper.rb'
 
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowSafeAssignment, AllowInMultilineConditions.
+Style/ParenthesesAroundCondition:
+  Exclude:
+    - 'spec/system/support/precompile_assets.rb'
+
 # Offense count: 1
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
@@ -1073,12 +1209,11 @@ Style/PreferredHashMethods:
 
 # Offense count: 1
 # This cop supports safe autocorrection (--autocorrect).
-# Configuration parameters: AllowMultipleReturnValues.
-Style/RedundantReturn:
+Style/RedundantRegexpEscape:
   Exclude:
-    - 'app/controllers/spree/admin/shipping_methods_controller.rb'
+    - 'app/models/spree/order.rb'
 
-# Offense count: 209
+# Offense count: 206
 Style/Send:
   Exclude:
     - 'app/controllers/split_checkout_controller.rb'
@@ -1102,7 +1237,6 @@ Style/Send:
     - 'spec/models/enterprise_spec.rb'
     - 'spec/models/exchange_spec.rb'
     - 'spec/models/spree/order_inventory_spec.rb'
-    - 'spec/models/spree/order_spec.rb'
     - 'spec/models/spree/payment_spec.rb'
     - 'spec/models/spree/return_authorization_spec.rb'
     - 'spec/models/tag_rule/filter_order_cycles_spec.rb'

.storybook/main.js

@@ -1,7 +0,0 @@
-module.exports = {
-  stories: ['../spec/components/stories/**/*.stories.json'],
-  addons: [
-    '@storybook/addon-docs',
-    '@storybook/addon-controls',
-  ],
-};

.storybook/preview-head.html

@@ -1,2 +0,0 @@
-<link href='https://fonts.googleapis.com/css?family=Roboto:400,300italic,400italic,300,700,700italic|Oswald:300,400,700' rel='stylesheet' type='text/css'>
-<link rel="stylesheet" media="screen" href="http://localhost:3000/assets/darkswarm/all.css" />

.storybook/preview.js

@@ -1,5 +0,0 @@
-export const parameters = {
-  server: {
-    url: `http://localhost:3000/rails/stories`,
-  },
-};

Dockerfile

@@ -28,14 +28,18 @@ RUN apt-get update && apt-get install -y \
   gnupg
 
 # Setup ENV variables
-ENV PATH /usr/local/src/rbenv/shims:/usr/local/src/rbenv/bin:$PATH
+ENV PATH /usr/local/src/rbenv/shims:/usr/local/src/rbenv/bin:/usr/local/src/nodenv/shims:/usr/local/src/nodenv/bin:$PATH
 ENV RBENV_ROOT /usr/local/src/rbenv
+ENV NODENV_ROOT /usr/local/src/nodenv
 ENV CONFIGURE_OPTS --disable-install-doc
 ENV BUNDLE_PATH /bundles
 ENV LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so
 
 WORKDIR /usr/src/app
-COPY .ruby-version .
+
+# trim spaces and line return from .ruby-version file
+COPY .ruby-version .ruby-version.raw
+RUN cat .ruby-version.raw | tr -d '\r\t ' > .ruby-version
 
 # Install Rbenv & Ruby
 RUN git clone --depth 1 https://github.com/rbenv/rbenv.git ${RBENV_ROOT} && \
@@ -50,10 +54,19 @@ RUN sh -c "echo 'deb http://apt.postgresql.org/pub/repos/apt/ `lsb_release -cs`-
     apt-get update && \
     apt-get install -yqq --no-install-recommends postgresql-client-10 libpq-dev
 
-# Install NodeJs and yarn
-RUN curl -sL https://deb.nodesource.com/setup_14.x | bash - \
-    && apt-get install --no-install-recommends -y nodejs \
-    && npm install -g yarn
+
+# trim spaces and line return from .node-version file
+COPY .node-version .node-version.raw
+RUN cat .node-version.raw | tr -d '\r\t ' > .node-version
+
+# Install Node and Yarn with Nodenv
+RUN git clone --depth 1 https://github.com/nodenv/nodenv.git ${NODENV_ROOT} && \
+    git clone --depth 1 https://github.com/nodenv/node-build.git ${NODENV_ROOT}/plugins/node-build && \
+    git clone --depth 1 https://github.com/pine/nodenv-yarn-install.git ${NODENV_ROOT}/plugins/nodenv-yarn-install && \
+    git clone --depth 1 https://github.com/nodenv/nodenv-package-rehash.git ${NODENV_ROOT}/plugins/nodenv-package-rehash && \
+    echo 'eval "$(nodenv init -)"' >> /etc/profile.d/nodenv.sh && \
+    nodenv install $(cat .node-version) && \
+    nodenv global $(cat .node-version)
 
 # Install Chrome
 RUN wget --quiet -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - && \

GETTING_STARTED.md

@@ -11,6 +11,9 @@ Head to our wiki on [Learning Rails](https://github.com/openfoodfoundation/openf
 The fastest way to make it work locally is to use Docker, you only need to setup git, see the [Docker setup guide](docker/README.md).
 Otherwise, for a local setup you will need:
 * Ruby and bundler (check current Ruby version in [.ruby-version](https://github.com/openfoodfoundation/openfoodnetwork/blob/master/.ruby-version) file)
+    - To manage versions, it's recommended to use [rbenv](https://github.com/rbenv/rbenv) or [RVM](https://rvm.io/)
+* Node and yarn (check current Node version in [.node-version](https://github.com/openfoodfoundation/openfoodnetwork/blob/master/.node-version) file)
+    - [nodevn](https://github.com/nodenv/nodenv) is recommended.
 * PostgreSQL database
 * Redis (for background jobs)
 * Chrome (for testing)
@@ -20,15 +23,13 @@ The following guides will provide OS-specific step-by-step instructions to get t
 - [Debian Setup Guide][debian]
 - [OSX Setup Guide][osx]
 
-If you are likely to need to manage multiple version of ruby on your local machine, we recommend version managers such as [rbenv](https://github.com/rbenv/rbenv) or [RVM](https://rvm.io/).
-
 For those new to Rails, the following tutorial will help get you up to speed with configuring a [Rails environment](http://guides.rubyonrails.org/getting_started.html).
 
 ### Get it
 
 So you have set up your local environment according to the requirements listed above. If you're planning on contributing code to the project (which we [LOVE](CONTRIBUTING.md)), it is a good idea to begin by forking this repo using the `Fork` button in the top-right corner of this screen. You should then be able to use `git clone` to copy your fork onto your local machine:
 
-    git clone https://github.com/YOUR_GITHUB_USERNAME_HERE/openfoodnetwork
+    git clone git@github.com:YOUR_GITHUB_USERNAME_HERE/openfoodnetwork.git
 
 Jump into your new local copy of the Open Food Network:
 
@@ -36,7 +37,7 @@ Jump into your new local copy of the Open Food Network:
 
 And then add an `upstream` remote that points to the main repo:
 
-    git remote add upstream https://github.com/openfoodfoundation/openfoodnetwork
+    git remote add upstream git@github.com:openfoodfoundation/openfoodnetwork.git
 
 Fetch the latest version of `master` from `upstream` (ie. the main repo):
 
@@ -47,14 +48,14 @@ Fetch the latest version of `master` from `upstream` (ie. the main repo):
 First, you need to create the database user the app will use by manually typing the following in your terminal:
 
 ```sh
-$ sudo -u postgres psql -c "CREATE USER ofn WITH SUPERUSER CREATEDB PASSWORD 'f00d'"
+sudo --login --user=postgres psql -c "CREATE USER ofn WITH SUPERUSER CREATEDB PASSWORD 'f00d'"
 ```
 
 This will create the "ofn" user as superuser and allowing it to create databases. If this command fails, check the [troubleshooting section](#creating-the-database) for an alternative.
 
 Next, it is _strongly recommended_ to run the setup script.
 ```sh
-$ script/setup
+./script/setup
 ```
 If the script succeeds you're ready to start developing. If not, take a look at the output as it should be informative enough to help you troubleshoot.
 
@@ -113,13 +114,13 @@ Below are fixes to potential issues that can happen during the installation proc
 
 #### Creating the database
 
-If the ```$ sudo -u postgres psql -c "CREATE USER ofn WITH SUPERUSER CREATEDB PASSWORD 'f00d'"``` command doesn't work, you can run the following commands instead:
+If the `sudo -u postgres psql -c "CREATE USER ofn WITH SUPERUSER CREATEDB PASSWORD 'f00d'"` command doesn't work, you can run the following commands instead:
 ```
-$ createuser --superuser --pwprompt ofn
-Enter password for new role: f00d
-Enter it again: f00d
-$ createdb open_food_network_dev --owner=ofn
-$ createdb open_food_network_test --owner=ofn
+createuser --superuser --pwprompt ofn
+# Enter password for new role: f00d
+# Enter it again: f00d
+createdb open_food_network_dev --owner=ofn
+createdb open_food_network_test --owner=ofn
 ```
 If these commands succeed, you should be able to [continue the setup process](#get-it-running).
 

Gemfile

@@ -6,7 +6,7 @@ git_source(:github) { |repo_name| "https://github.com/#{repo_name}.git" }
 
 gem 'dotenv-rails', require: 'dotenv/rails-now' # Load ENV vars before other gems
 
-gem 'rails', '>= 6.1.4'
+gem 'rails'
 
 # Active Storage
 gem "active_storage_validations"
@@ -17,7 +17,7 @@ gem 'activemerchant', '>= 1.78.0'
 gem 'rexml'
 gem 'angular-rails-templates', '>= 0.3.0'
 gem 'awesome_nested_set'
-gem 'ransack', '2.4.2'
+gem 'ransack', '~> 2.6.0'
 gem 'responders'
 gem 'webpacker', '~> 5'
 
@@ -27,7 +27,7 @@ gem 'rails-i18n'
 gem 'rails_safe_tasks', '~> 1.0'
 
 gem "activerecord-import"
-gem "db2fog", github: "openfoodfoundation/db2fog", branch: "rails-6"
+gem "db2fog", github: "openfoodfoundation/db2fog", branch: "rails-7"
 gem "fog-aws", "~> 2.0" # db2fog does not support v3
 gem "mime-types" # required by fog
 
@@ -69,7 +69,7 @@ gem 'pagy', '~> 5.1'
 gem 'rswag-api'
 gem 'rswag-ui'
 
-gem 'gitlab-omniauth-openid-connect', require: 'omniauth_openid_connect'
+gem 'omniauth_openid_connect'
 gem 'openid_connect', '~> 1.3'
 gem 'omniauth-rails_csrf_protection'
 
@@ -83,16 +83,15 @@ gem 'actionpack-action_caching'
 #   AMS is deprecated, we will introduce an alternative at some point
 gem "active_model_serializers", "0.8.4"
 gem 'activerecord-session_store'
-gem 'acts-as-taggable-on', '~> 8.1'
+gem 'acts-as-taggable-on'
 gem 'angularjs-file-upload-rails', '~> 2.4.1'
 gem 'bigdecimal', '3.0.2'
 gem 'bootsnap', require: false
 gem 'geocoder'
 gem 'gmaps4rails'
 gem 'mimemagic', '> 0.3.5'
-gem 'paper_trail', '~> 12.1.0'
+gem 'paper_trail', '~> 12.1'
 gem 'rack-rewrite'
-gem 'rack-ssl', require: 'rack/ssl'
 gem 'roadie-rails'
 
 gem 'hiredis'
@@ -101,16 +100,16 @@ gem 'redis', '>= 4.0', require: ['redis', 'redis/connection/hiredis']
 gem 'sidekiq'
 gem 'sidekiq-scheduler'
 
-gem "cable_ready", "5.0.0.pre9"
-gem "stimulus_reflex", "3.5.0.pre9"
+gem "cable_ready", "5.0.0.rc2"
+gem "stimulus_reflex", "3.5.0.rc2"
 
 gem 'combine_pdf'
 gem 'wicked_pdf'
 gem 'wkhtmltopdf-binary'
 
 gem 'immigrant'
-gem 'roo'
-gem 'spreadsheet_architect'
+gem 'roo' # read spreadsheets
+gem 'spreadsheet_architect' # write spreadsheets
 
 gem 'whenever', require: false
 
@@ -118,7 +117,7 @@ gem 'test-unit', '~> 3.5'
 
 gem 'coffee-rails', '~> 5.0.0'
 
-gem 'mini_racer', '0.4.0'
+gem 'mini_racer'
 
 gem 'angular_rails_csrf'
 
@@ -126,8 +125,6 @@ gem 'jquery-rails', '4.4.0'
 gem 'jquery-ui-rails', '~> 4.2'
 gem "select2-rails", github: "openfoodfoundation/select2-rails", branch: "v349_with_thor_v1"
 
-gem 'ofn-qz', github: 'openfoodfoundation/ofn-qz', branch: 'ofn-rails-4'
-
 gem 'good_migrations'
 
 gem 'flipper'
@@ -139,6 +136,9 @@ gem 'view_component_reflex', '3.1.14.pre9'
 
 gem 'mini_portile2', '~> 2.8'
 
+gem "faraday"
+gem "private_address_check"
+
 group :production, :staging do
   gem 'ddtrace'
   gem 'rack-timeout'
@@ -185,7 +185,5 @@ group :development do
   gem 'spring-commands-rspec'
   gem 'web-console'
 
-  gem "view_component_storybook"
-
   gem 'rack-mini-profiler', '< 3.0.0'
 end

Gemfile.lock

@@ -1,19 +1,12 @@
 GIT
   remote: https://github.com/openfoodfoundation/db2fog.git
-  revision: 5b63343847452f52aa42f7fc169d6ab3af57cda3
-  branch: rails-6
+  revision: 6e88c0ab9eeb23d7ad9964b27becb1c04a83141f
+  branch: rails-7
   specs:
     db2fog (0.9.2)
-      activerecord (>= 3.2.0, < 7.0)
+      activerecord (>= 3.2.0)
       fog-core (~> 1.0)
-      rails (>= 3.2.0, < 7.0)
-
-GIT
-  remote: https://github.com/openfoodfoundation/ofn-qz.git
-  revision: 467f6ea1c44529c7c91cac4c8211bbd863588c0b
-  branch: ofn-rails-4
-  specs:
-    ofn-qz (0.1.0)
+      rails (>= 3.2.0)
 
 GIT
   remote: https://github.com/openfoodfoundation/select2-rails.git
@@ -51,42 +44,49 @@ GEM
   remote: https://rubygems.org/
   specs:
     Ascii85 (1.1.0)
-    actioncable (6.1.7)
-      actionpack (= 6.1.7)
-      activesupport (= 6.1.7)
+    actioncable (7.0.4.3)
+      actionpack (= 7.0.4.3)
+      activesupport (= 7.0.4.3)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.7)
-      actionpack (= 6.1.7)
-      activejob (= 6.1.7)
-      activerecord (= 6.1.7)
-      activestorage (= 6.1.7)
-      activesupport (= 6.1.7)
+    actionmailbox (7.0.4.3)
+      actionpack (= 7.0.4.3)
+      activejob (= 7.0.4.3)
+      activerecord (= 7.0.4.3)
+      activestorage (= 7.0.4.3)
+      activesupport (= 7.0.4.3)
       mail (>= 2.7.1)
-    actionmailer (6.1.7)
-      actionpack (= 6.1.7)
-      actionview (= 6.1.7)
-      activejob (= 6.1.7)
-      activesupport (= 6.1.7)
+      net-imap
+      net-pop
+      net-smtp
+    actionmailer (7.0.4.3)
+      actionpack (= 7.0.4.3)
+      actionview (= 7.0.4.3)
+      activejob (= 7.0.4.3)
+      activesupport (= 7.0.4.3)
       mail (~> 2.5, >= 2.5.4)
+      net-imap
+      net-pop
+      net-smtp
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.7)
-      actionview (= 6.1.7)
-      activesupport (= 6.1.7)
-      rack (~> 2.0, >= 2.0.9)
+    actionpack (7.0.4.3)
+      actionview (= 7.0.4.3)
+      activesupport (= 7.0.4.3)
+      rack (~> 2.0, >= 2.2.0)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
     actionpack-action_caching (1.2.2)
       actionpack (>= 4.0.0)
-    actiontext (6.1.7)
-      actionpack (= 6.1.7)
-      activerecord (= 6.1.7)
-      activestorage (= 6.1.7)
-      activesupport (= 6.1.7)
+    actiontext (7.0.4.3)
+      actionpack (= 7.0.4.3)
+      activerecord (= 7.0.4.3)
+      activestorage (= 7.0.4.3)
+      activesupport (= 7.0.4.3)
+      globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (6.1.7)
-      activesupport (= 6.1.7)
+    actionview (7.0.4.3)
+      activesupport (= 7.0.4.3)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
@@ -98,19 +98,19 @@ GEM
       activemodel (>= 5.2.0)
       activestorage (>= 5.2.0)
       activesupport (>= 5.2.0)
-    activejob (6.1.7)
-      activesupport (= 6.1.7)
+    activejob (7.0.4.3)
+      activesupport (= 7.0.4.3)
       globalid (>= 0.3.6)
     activemerchant (1.123.0)
       activesupport (>= 4.2)
       builder (>= 2.1.2, < 4.0.0)
       i18n (>= 0.6.9)
       nokogiri (~> 1.4)
-    activemodel (6.1.7)
-      activesupport (= 6.1.7)
-    activerecord (6.1.7)
-      activemodel (= 6.1.7)
-      activesupport (= 6.1.7)
+    activemodel (7.0.4.3)
+      activesupport (= 7.0.4.3)
+    activerecord (7.0.4.3)
+      activemodel (= 7.0.4.3)
+      activesupport (= 7.0.4.3)
     activerecord-import (1.4.1)
       activerecord (>= 4.2)
     activerecord-postgresql-adapter (0.0.1)
@@ -121,24 +121,23 @@ GEM
       multi_json (~> 1.11, >= 1.11.2)
       rack (>= 2.0.8, < 3)
       railties (>= 5.2.4.1)
-    activestorage (6.1.7)
-      actionpack (= 6.1.7)
-      activejob (= 6.1.7)
-      activerecord (= 6.1.7)
-      activesupport (= 6.1.7)
+    activestorage (7.0.4.3)
+      actionpack (= 7.0.4.3)
+      activejob (= 7.0.4.3)
+      activerecord (= 7.0.4.3)
+      activesupport (= 7.0.4.3)
       marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (6.1.7)
+    activesupport (7.0.4.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
-      zeitwerk (~> 2.3)
-    acts-as-taggable-on (8.1.0)
-      activerecord (>= 5.0, < 6.2)
+    acts-as-taggable-on (9.0.1)
+      activerecord (>= 6.0, < 7.1)
     acts_as_list (1.0.4)
       activerecord (>= 4.2)
-    addressable (2.8.1)
+    addressable (2.8.2)
       public_suffix (>= 2.0.2, < 6.0)
     aes_key_wrap (1.1.0)
     afm (0.2.2)
@@ -158,16 +157,16 @@ GEM
     awesome_nested_set (3.5.0)
       activerecord (>= 4.0.0, < 7.1)
     aws-eventstream (1.2.0)
-    aws-partitions (1.669.0)
-    aws-sdk-core (3.168.2)
+    aws-partitions (1.739.0)
+    aws-sdk-core (3.171.0)
       aws-eventstream (~> 1, >= 1.0.2)
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.5)
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.60.0)
+    aws-sdk-kms (1.63.0)
       aws-sdk-core (~> 3, >= 3.165.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.117.2)
+    aws-sdk-s3 (1.120.0)
       aws-sdk-core (~> 3, >= 3.165.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.4)
@@ -175,26 +174,24 @@ GEM
       aws-eventstream (~> 1, >= 1.0.2)
     bcrypt (3.1.18)
     bigdecimal (3.0.2)
-    bindata (2.4.12)
+    bindata (2.4.15)
     bindex (0.8.1)
-    bootsnap (1.15.0)
+    bootsnap (1.16.0)
       msgpack (~> 1.2)
-    bugsnag (6.25.0)
+    bugsnag (6.25.2)
       concurrent-ruby (~> 1.0)
     builder (3.2.4)
-    bullet (7.0.4)
+    bullet (7.0.7)
       activesupport (>= 3.0.0)
       uniform_notifier (~> 1.11)
-    cable_ready (5.0.0.pre9)
-      actioncable (>= 5.2)
+    cable_ready (5.0.0.rc2)
       actionpack (>= 5.2)
       actionview (>= 5.2)
-      activerecord (>= 5.2)
       activesupport (>= 5.2)
       railties (>= 5.2)
       thread-local (>= 1.1.0)
     cancancan (1.15.0)
-    capybara (3.38.0)
+    capybara (3.39.0)
       addressable
       matrix
       mini_mime (>= 0.1.3)
@@ -218,10 +215,10 @@ GEM
       coffee-script-source
       execjs
     coffee-script-source (1.12.2)
-    combine_pdf (1.0.22)
+    combine_pdf (1.0.23)
       matrix
       ruby-rc4 (>= 0.1.5)
-    concurrent-ruby (1.1.10)
+    concurrent-ruby (1.2.2)
     connection_pool (2.3.0)
     crack (0.4.5)
       rexml
@@ -231,21 +228,24 @@ GEM
     cuprite (0.14.3)
       capybara (~> 3.0)
       ferrum (~> 0.13.0)
-    database_cleaner (2.0.1)
-      database_cleaner-active_record (~> 2.0.0)
-    database_cleaner-active_record (2.0.0)
+    database_cleaner (2.0.2)
+      database_cleaner-active_record (>= 2, < 3)
+    database_cleaner-active_record (2.1.0)
       activerecord (>= 5.a)
       database_cleaner-core (~> 2.0.0)
     database_cleaner-core (2.0.1)
-    ddtrace (0.54.1)
-      debase-ruby_core_source (= 0.10.12)
+    date (3.3.3)
+    ddtrace (1.10.1)
+      debase-ruby_core_source (>= 0.10.16, <= 3.2.0)
+      libdatadog (~> 2.0.0.1.0)
+      libddwaf (~> 1.6.2.0.0)
       msgpack
-    debase-ruby_core_source (0.10.12)
-    debug (1.7.0)
+    debase-ruby_core_source (3.2.0)
+    debug (1.7.2)
       irb (>= 1.5.0)
       reline (>= 0.3.1)
     debugger-linecache (1.2.0)
-    devise (4.8.1)
+    devise (4.9.2)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)
@@ -253,8 +253,8 @@ GEM
       warden (~> 1.2.3)
     devise-encryptable (0.2.0)
       devise (>= 2.1.0)
-    devise-i18n (1.10.2)
-      devise (>= 4.8.0)
+    devise-i18n (1.11.0)
+      devise (>= 4.9.0)
     devise-token_authenticatable (1.1.0)
       devise (>= 4.0.0, < 5.0.0)
     diff-lcs (1.5.0)
@@ -264,7 +264,7 @@ GEM
     dotenv-rails (2.8.1)
       dotenv (= 2.8.1)
       railties (>= 3.2)
-    erubi (1.11.0)
+    erubi (1.12.0)
     et-orbi (1.2.7)
       tzinfo
     excon (0.81.0)
@@ -274,12 +274,12 @@ GEM
     factory_bot_rails (6.2.0)
       factory_bot (~> 6.2.0)
       railties (>= 5.0.0)
-    faraday (2.6.0)
+    faraday (2.7.4)
       faraday-net_http (>= 2.0, < 3.1)
       ruby2_keywords (>= 0.0.4)
     faraday-follow_redirects (0.3.0)
       faraday (>= 1, < 3)
-    faraday-net_http (3.0.1)
+    faraday-net_http (3.0.2)
     ferrum (0.13)
       addressable (~> 2.5)
       concurrent-ruby (~> 1.1)
@@ -287,15 +287,17 @@ GEM
       websocket-driver (>= 0.6, < 0.8)
     ffaker (2.21.0)
     ffi (1.15.5)
-    flipper (0.20.4)
-    flipper-active_record (0.20.4)
-      activerecord (>= 5.0, < 7)
-      flipper (~> 0.20.4)
-    flipper-ui (0.20.4)
+    flipper (0.26.2)
+      concurrent-ruby (< 2)
+    flipper-active_record (0.26.2)
+      activerecord (>= 4.2, < 8)
+      flipper (~> 0.26.2)
+    flipper-ui (0.26.2)
       erubi (>= 1.0.0, < 2.0.0)
-      flipper (~> 0.20.4)
+      flipper (~> 0.26.2)
       rack (>= 1.4, < 3)
-      rack-protection (>= 1.5.3, < 2.2.0)
+      rack-protection (>= 1.5.3, <= 4.0.0)
+      sanitize (< 7)
     fog-aws (2.0.1)
       fog-core (~> 1.38)
       fog-json (~> 1.0)
@@ -313,18 +315,14 @@ GEM
       nokogiri (>= 1.5.11, < 2.0.0)
     foreman (0.87.2)
     formatador (0.2.5)
-    fugit (1.7.1)
+    fugit (1.8.1)
       et-orbi (~> 1, >= 1.2.7)
       raabro (~> 1.4)
     fuubar (2.5.1)
       rspec-core (~> 3.0)
       ruby-progressbar (~> 1.4)
     geocoder (1.8.1)
-    gitlab-omniauth-openid-connect (0.10.0)
-      addressable (~> 2.7)
-      omniauth (>= 1.9, < 3)
-      openid_connect (~> 1.2)
-    globalid (1.0.0)
+    globalid (1.1.0)
       activesupport (>= 5.0)
     gmaps4rails (2.1.2)
     good_migrations (0.2.1)
@@ -349,9 +347,9 @@ GEM
       ruby-vips (>= 2.0.17, < 3)
     immigrant (0.3.6)
       activerecord (>= 3.0)
-    io-console (0.5.11)
+    io-console (0.6.0)
     ipaddress (0.8.3)
-    irb (1.5.1)
+    irb (1.6.3)
       reline (>= 0.3.0)
     jmespath (1.6.2)
     jquery-rails (4.4.0)
@@ -361,7 +359,7 @@ GEM
     jquery-ui-rails (4.2.1)
       railties (>= 3.2.16)
     json (2.6.3)
-    json-jwt (1.16.0)
+    json-jwt (1.16.3)
       activesupport (>= 4.2)
       aes_key_wrap
       bindata
@@ -374,22 +372,28 @@ GEM
       rspec (>= 2.0, < 4.0)
     jsonapi-serializer (2.2.0)
       activesupport (>= 4.2)
-    jwt (2.5.0)
-    knapsack_pro (3.6.0)
+    jwt (2.7.0)
+    knapsack_pro (3.9.0)
       rake
     launchy (2.5.0)
       addressable (~> 2.7)
     letter_opener (1.8.1)
       launchy (>= 2.2, < 3)
-    libv8-node (15.14.0.1)
-    listen (3.7.1)
+    libdatadog (2.0.0.1.0)
+    libddwaf (1.6.2.0.0)
+      ffi (~> 1.0)
+    libv8-node (16.10.0.0)
+    listen (3.8.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
-    loofah (2.19.1)
+    loofah (2.20.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
-    mail (2.7.1)
+    mail (2.8.1)
       mini_mime (>= 0.1.1)
+      net-imap
+      net-pop
+      net-smtp
     marcel (1.0.2)
     matrix (0.4.2)
     method_source (1.0.0)
@@ -401,23 +405,28 @@ GEM
       rake
     mini_magick (4.11.0)
     mini_mime (1.1.2)
-    mini_portile2 (2.8.0)
-    mini_racer (0.4.0)
-      libv8-node (~> 15.14.0.0)
-    minitest (5.16.3)
+    mini_portile2 (2.8.1)
+    mini_racer (0.6.3)
+      libv8-node (~> 16.10.0.0)
+    minitest (5.18.0)
     monetize (1.12.0)
       money (~> 6.12)
     money (6.16.0)
       i18n (>= 0.6.4, <= 2)
-    msgpack (1.6.0)
+    msgpack (1.6.1)
     multi_json (1.15.0)
     multi_xml (0.6.0)
-    net-protocol (0.1.3)
+    net-imap (0.3.4)
+      date
+      net-protocol
+    net-pop (0.1.2)
+      net-protocol
+    net-protocol (0.2.1)
       timeout
-    net-smtp (0.3.2)
+    net-smtp (0.3.3)
       net-protocol
     nio4r (2.5.8)
-    nokogiri (1.13.10)
+    nokogiri (1.14.2)
       mini_portile2 (~> 2.8.0)
       racc (~> 1.4)
     oauth2 (1.4.11)
@@ -426,13 +435,16 @@ GEM
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 4)
-    omniauth (2.1.0)
+    omniauth (2.1.1)
       hashie (>= 3.4.6)
       rack (>= 2.2.3)
       rack-protection
     omniauth-rails_csrf_protection (1.0.1)
       actionpack (>= 4.2)
       omniauth (~> 2.0)
+    omniauth_openid_connect (0.6.1)
+      omniauth (>= 1.9, < 3)
+      openid_connect (~> 1.1)
     openid_connect (1.4.2)
       activemodel
       attr_required (>= 1.0.0)
@@ -447,13 +459,13 @@ GEM
     orm_adapter (0.5.0)
     pagy (5.10.1)
       activesupport
-    paper_trail (12.1.0)
+    paper_trail (12.3.0)
       activerecord (>= 5.2)
       request_store (~> 1.1)
     parallel (1.22.1)
     paranoia (2.6.1)
       activerecord (>= 5.1, < 7.1)
-    parser (3.1.3.0)
+    parser (3.2.2.0)
       ast (~> 2.4.1)
     paypal-sdk-core (0.3.4)
       multi_json (~> 1.0)
@@ -468,15 +480,16 @@ GEM
       ttfunk
     pg (1.2.3)
     power_assert (2.0.2)
+    private_address_check (0.5.0)
     pry (0.13.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    public_suffix (5.0.0)
-    puma (5.6.5)
+    public_suffix (5.0.1)
+    puma (6.2.1)
       nio4r (~> 2.0)
     raabro (1.4.0)
-    racc (1.6.1)
-    rack (2.2.4)
+    racc (1.6.2)
+    rack (2.2.6.4)
     rack-mini-profiler (2.3.4)
       rack (>= 1.2.0)
     rack-oauth2 (1.21.3)
@@ -485,31 +498,28 @@ GEM
       httpclient
       json-jwt (>= 1.11.0)
       rack (>= 2.1.0)
-    rack-protection (2.1.0)
+    rack-protection (3.0.5)
       rack
-    rack-proxy (0.7.0)
+    rack-proxy (0.7.6)
       rack
     rack-rewrite (1.5.1)
-    rack-ssl (1.4.1)
-      rack
-    rack-test (2.0.2)
+    rack-test (2.1.0)
       rack (>= 1.3)
     rack-timeout (0.6.3)
-    rails (6.1.7)
-      actioncable (= 6.1.7)
-      actionmailbox (= 6.1.7)
-      actionmailer (= 6.1.7)
-      actionpack (= 6.1.7)
-      actiontext (= 6.1.7)
-      actionview (= 6.1.7)
-      activejob (= 6.1.7)
-      activemodel (= 6.1.7)
-      activerecord (= 6.1.7)
-      activestorage (= 6.1.7)
-      activesupport (= 6.1.7)
+    rails (7.0.4.3)
+      actioncable (= 7.0.4.3)
+      actionmailbox (= 7.0.4.3)
+      actionmailer (= 7.0.4.3)
+      actionpack (= 7.0.4.3)
+      actiontext (= 7.0.4.3)
+      actionview (= 7.0.4.3)
+      activejob (= 7.0.4.3)
+      activemodel (= 7.0.4.3)
+      activerecord (= 7.0.4.3)
+      activestorage (= 7.0.4.3)
+      activesupport (= 7.0.4.3)
       bundler (>= 1.15.0)
-      railties (= 6.1.7)
-      sprockets-rails (>= 2.0.0)
+      railties (= 7.0.4.3)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
       actionview (>= 5.0.1.rc1)
@@ -522,37 +532,40 @@ GEM
       activesupport (>= 4.2)
       choice (~> 0.2.0)
       ruby-graphviz (~> 1.2)
-    rails-html-sanitizer (1.4.4)
+    rails-html-sanitizer (1.5.0)
       loofah (~> 2.19, >= 2.19.1)
     rails-i18n (7.0.6)
       i18n (>= 0.7, < 2)
       railties (>= 6.0.0, < 8)
     rails_safe_tasks (1.0.0)
-    railties (6.1.7)
-      actionpack (= 6.1.7)
-      activesupport (= 6.1.7)
+    railties (7.0.4.3)
+      actionpack (= 7.0.4.3)
+      activesupport (= 7.0.4.3)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
+      zeitwerk (~> 2.5)
     rainbow (3.1.1)
     rake (13.0.6)
-    ransack (2.4.2)
-      activerecord (>= 5.2.4)
-      activesupport (>= 5.2.4)
+    ransack (2.6.0)
+      activerecord (>= 6.0.4)
+      activesupport (>= 6.0.4)
       i18n
-    rb-fsevent (0.11.0)
+    rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    redcarpet (3.5.1)
-    redis (4.8.0)
-    regexp_parser (2.6.1)
-    reline (0.3.1)
+    redcarpet (3.6.0)
+    redis (4.8.1)
+    redis-client (0.14.0)
+      connection_pool
+    regexp_parser (2.7.0)
+    reline (0.3.3)
       io-console (~> 0.5)
-    request_store (1.5.0)
+    request_store (1.5.1)
       rack (>= 1.4)
-    responders (3.0.1)
-      actionpack (>= 5.0)
-      railties (>= 5.0)
+    responders (3.1.0)
+      actionpack (>= 5.2)
+      railties (>= 5.2)
     rexml (3.2.5)
     roadie (5.0.1)
       css_parser (~> 1.4)
@@ -563,32 +576,32 @@ GEM
     rodf (1.2.0)
       builder (>= 3.0)
       rubyzip (>= 1.0)
-    roo (2.9.0)
+    roo (2.10.0)
       nokogiri (~> 1)
       rubyzip (>= 1.3.0, < 3.0.0)
-    rspec (3.10.0)
-      rspec-core (~> 3.10.0)
-      rspec-expectations (~> 3.10.0)
-      rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.2)
-      rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.2)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.1)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.2)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-mocks (3.10.2)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.3)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-rails (5.1.2)
-      actionpack (>= 5.2)
-      activesupport (>= 5.2)
-      railties (>= 5.2)
-      rspec-core (~> 3.10)
-      rspec-expectations (~> 3.10)
-      rspec-mocks (~> 3.10)
-      rspec-support (~> 3.10)
+      rspec-support (~> 3.12.0)
+    rspec-rails (6.0.1)
+      actionpack (>= 6.1)
+      activesupport (>= 6.1)
+      railties (>= 6.1)
+      rspec-core (~> 3.11)
+      rspec-expectations (~> 3.11)
+      rspec-mocks (~> 3.11)
+      rspec-support (~> 3.11)
     rspec-retry (0.6.2)
       rspec-core (> 3.3)
-    rspec-support (3.10.3)
+    rspec-support (3.12.0)
     rswag-api (2.8.0)
       railties (>= 3.1, < 7.1)
     rswag-specs (2.8.0)
@@ -599,25 +612,25 @@ GEM
     rswag-ui (2.8.0)
       actionpack (>= 3.1, < 7.1)
       railties (>= 3.1, < 7.1)
-    rubocop (1.41.0)
+    rubocop (1.49.0)
       json (~> 2.3)
       parallel (~> 1.10)
-      parser (>= 3.1.2.1)
+      parser (>= 3.2.0.0)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.23.0, < 2.0)
+      rubocop-ast (>= 1.28.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.24.0)
-      parser (>= 3.1.1.0)
-    rubocop-rails (2.17.3)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.28.0)
+      parser (>= 3.2.1.0)
+    rubocop-rails (2.18.0)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
       rubocop (>= 1.33.0, < 2.0)
     ruby-graphviz (1.2.5)
       rexml
-    ruby-progressbar (1.11.0)
+    ruby-progressbar (1.13.0)
     ruby-rc4 (0.1.5)
     ruby-vips (2.1.4)
       ffi (~> 1.12)
@@ -625,6 +638,9 @@ GEM
     rubyzip (2.3.2)
     rufus-scheduler (3.8.2)
       fugit (~> 1.1, >= 1.1.6)
+    sanitize (6.0.1)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.12.0)
     sass (3.4.25)
     sass-rails (5.0.8)
       railties (>= 5.2.0)
@@ -636,25 +652,25 @@ GEM
     semantic_range (3.0.0)
     shoulda-matchers (5.3.0)
       activesupport (>= 5.2.0)
-    sidekiq (6.5.8)
-      connection_pool (>= 2.2.5, < 3)
-      rack (~> 2.0)
-      redis (>= 4.5.0, < 5)
-    sidekiq-scheduler (4.0.3)
-      redis (>= 4.2.0)
+    sidekiq (7.0.7)
+      concurrent-ruby (< 2)
+      connection_pool (>= 2.3.0)
+      rack (>= 2.2.4)
+      redis-client (>= 0.11.0)
+    sidekiq-scheduler (5.0.2)
       rufus-scheduler (~> 3.2)
-      sidekiq (>= 4, < 7)
+      sidekiq (>= 6, < 8)
       tilt (>= 1.4.0)
-    simplecov (0.21.2)
+    simplecov (0.22.0)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
       simplecov_json_formatter (~> 0.1)
     simplecov-html (0.12.3)
-    simplecov_json_formatter (0.1.3)
+    simplecov_json_formatter (0.1.4)
     spreadsheet_architect (5.0.0)
       caxlsx (>= 3.3.0, < 4)
       rodf (>= 1.0.0, < 2)
-    spring (4.1.0)
+    spring (4.1.1)
     spring-commands-rspec (1.0.4)
       spring (>= 0.9.1)
     sprockets (3.7.2)
@@ -671,18 +687,18 @@ GEM
     state_machines-activerecord (0.8.0)
       activerecord (>= 5.1)
       state_machines-activemodel (>= 0.8.0)
-    stimulus_reflex (3.5.0.pre9)
-      actioncable (>= 5.2)
-      actionpack (>= 5.2)
-      actionview (>= 5.2)
-      activesupport (>= 5.2)
-      cable_ready (>= 5.0.0.pre9)
-      nokogiri
-      rack
-      railties (>= 5.2)
-      redis
+    stimulus_reflex (3.5.0.rc2)
+      actioncable (>= 5.2, < 8)
+      actionpack (>= 5.2, < 8)
+      actionview (>= 5.2, < 8)
+      activesupport (>= 5.2, < 8)
+      cable_ready (>= 5.0.0.rc2)
+      nokogiri (~> 1.0)
+      rack (>= 2, < 4)
+      railties (>= 5.2, < 8)
+      redis (>= 4.0, < 6.0)
     stringex (2.8.5)
-    stripe (8.0.0)
+    stripe (8.3.0)
     swd (1.3.0)
       activesupport (>= 3)
       attr_required (>= 0.0.5)
@@ -692,15 +708,15 @@ GEM
       power_assert
     thor (1.2.1)
     thread-local (1.1.0)
-    tilt (2.0.11)
+    tilt (2.1.0)
     timecop (0.9.6)
-    timeout (0.3.0)
+    timeout (0.3.2)
     ttfunk (1.7.0)
-    tzinfo (2.0.5)
+    tzinfo (2.0.6)
       concurrent-ruby (~> 1.0)
-    unicode-display_width (2.3.0)
+    unicode-display_width (2.4.2)
     uniform_notifier (1.16.0)
-    valid_email2 (4.0.4)
+    valid_email2 (4.0.6)
       activemodel (>= 3.2)
       mail (~> 2.5)
     validate_email (0.1.6)
@@ -710,16 +726,14 @@ GEM
       activemodel (>= 3.0.0)
       public_suffix
     vcr (6.1.0)
-    view_component (2.79.0)
-      activesupport (>= 5.0.0, < 8.0)
+    view_component (2.82.0)
+      activesupport (>= 5.2.0, < 8.0)
       concurrent-ruby (~> 1.0)
       method_source (~> 1.0)
     view_component_reflex (3.1.14.pre9)
       rails (>= 5.2, < 8.0)
       stimulus_reflex (>= 3.5.0.pre2)
       view_component (>= 2.28.0)
-    view_component_storybook (0.11.1)
-      view_component (>= 2.36)
     warden (1.2.9)
       rack (>= 2.0.9)
     web-console (4.2.0)
@@ -734,7 +748,7 @@ GEM
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
-    webpacker (5.4.3)
+    webpacker (5.4.4)
       activesupport (>= 5.2)
       rack-proxy (>= 0.6.1)
       railties (>= 5.2)
@@ -751,7 +765,7 @@ GEM
     xml-simple (1.1.8)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    zeitwerk (2.6.6)
+    zeitwerk (2.6.7)
 
 PLATFORMS
   ruby
@@ -764,7 +778,7 @@ DEPENDENCIES
   activerecord-import
   activerecord-postgresql-adapter
   activerecord-session_store
-  acts-as-taggable-on (~> 8.1)
+  acts-as-taggable-on
   acts_as_list (= 1.0.4)
   angular-rails-templates (>= 0.3.0)
   angular_rails_csrf
@@ -777,7 +791,7 @@ DEPENDENCIES
   bootsnap
   bugsnag
   bullet
-  cable_ready (= 5.0.0.pre9)
+  cable_ready (= 5.0.0.rc2)
   cancancan (~> 1.15.0)
   capybara
   catalog!
@@ -797,6 +811,7 @@ DEPENDENCIES
   digest
   dotenv-rails
   factory_bot_rails (= 6.2.0)
+  faraday
   ffaker
   flipper
   flipper-active_record
@@ -805,7 +820,6 @@ DEPENDENCIES
   foreman
   fuubar (~> 2.5.1)
   geocoder
-  gitlab-omniauth-openid-connect
   gmaps4rails
   good_migrations
   haml
@@ -827,31 +841,31 @@ DEPENDENCIES
   mime-types
   mimemagic (> 0.3.5)
   mini_portile2 (~> 2.8)
-  mini_racer (= 0.4.0)
+  mini_racer
   monetize (~> 1.11)
   oauth2 (~> 1.4.7)
-  ofn-qz!
   omniauth-rails_csrf_protection
+  omniauth_openid_connect
   openid_connect (~> 1.3)
   order_management!
   pagy (~> 5.1)
-  paper_trail (~> 12.1.0)
+  paper_trail (~> 12.1)
   paranoia (~> 2.4)
   paypal-sdk-merchant (= 1.117.2)
   pdf-reader
   pg (~> 1.2.3)
+  private_address_check
   pry (~> 0.13.0)
   puma
   rack-mini-profiler (< 3.0.0)
   rack-rewrite
-  rack-ssl
   rack-timeout
-  rails (>= 6.1.4)
+  rails
   rails-controller-testing
   rails-erd
   rails-i18n
   rails_safe_tasks (~> 1.0)
-  ransack (= 2.4.2)
+  ransack (~> 2.6.0)
   redcarpet
   redis (>= 4.0)
   responders
@@ -875,7 +889,7 @@ DEPENDENCIES
   spring
   spring-commands-rspec
   state_machines-activerecord
-  stimulus_reflex (= 3.5.0.pre9)
+  stimulus_reflex (= 3.5.0.rc2)
   stringex (~> 2.8.5)
   stripe
   test-unit (~> 3.5)
@@ -884,7 +898,6 @@ DEPENDENCIES
   vcr
   view_component
   view_component_reflex (= 3.1.14.pre9)
-  view_component_storybook
   web!
   web-console
   webmock
@@ -897,4 +910,4 @@ RUBY VERSION
    ruby 3.0.3p157
 
 BUNDLED WITH
-   2.1.4
+   2.4.3

README.md

@@ -33,7 +33,7 @@ We also have a [Super Admin Guide][super-admin-guide] to help with configuration
 
 ## Testing
 
-If you'd like to help out with testing, please introduce yourself on the #testing channel on [Slack][slack-invite] and download the [ZenHub browser extension][zenhub] to view the development pipeline. Also, do have a look in our [Welcome New QAs board](https://github.com/orgs/openfoodfoundation/projects/1) for some good first issues, both on manual and automated testing (RSpec/Capybara).
+If you'd like to help out with testing, please introduce yourself on the #testing channel on [Slack][slack-invite] and download the [ZenHub browser extension][zenhub] to view the development pipeline. Also, do have a look in our [Welcome New QAs board][welcome-qa] for some good first issues, both on manual and automated testing (RSpec/Capybara).
 
 We use [BrowserStack](https://www.browserstack.com/) as a manual testing tool. BrowserStack provides open source projects with unlimited and free of charge accounts. A big thanks to them!
 
@@ -52,5 +52,6 @@ Copyright (c) 2012 - 2022 Open Food Foundation, released under the AGPL licence.
 [ofn-handbook]: https://ofn-user-guide.gitbook.io/ofn-handbook/
 [ofn-install]: https://github.com/openfoodfoundation/ofn-install
 [super-admin-guide]: https://ofn-user-guide.gitbook.io/ofn-super-admin-guide
-[welcome-dev]: https://github.com/orgs/openfoodfoundation/projects/2
+[welcome-dev]: https://github.com/orgs/openfoodfoundation/projects/5
+[welcome-qa]: https://github.com/orgs/openfoodfoundation/projects/6
 [zenhub]: https://www.zenhub.com/extension

app/assets/javascripts/admin/enterprises/controllers/enterprise_controller.js.coffee

@@ -55,28 +55,12 @@ angular.module("admin.enterprises")
         else
           alert ("#{manager.email}" + " " + t("is_already_manager"))
 
-    $scope.inviteManager = ->
-      $scope.invite_errors = $scope.invite_success = null
-      email = $scope.newUser
-
-      $http.post("/admin/manager_invitations", {email: email, enterprise_id: $scope.Enterprise.id}).then (response)->
-          $scope.addManager({id: response.data.user, email: email})
-          $scope.invite_success = t('user_invited', email: email)
-        .catch (response) ->
-          $scope.invite_errors = response.data.errors
-
-    $scope.resetModal = ->
-      $scope.newUser = $scope.invite_errors = $scope.invite_success = null
-
     $scope.removeLogo = ->
       $scope.performEnterpriseAction("removeLogo", "immediate_logo_removal_warning", "removed_logo_successfully")
 
     $scope.removePromoImage = ->
       $scope.performEnterpriseAction("removePromoImage", "immediate_promo_image_removal_warning", "removed_promo_image_successfully")
 
-    $scope.removeTermsAndConditions = ->
-      $scope.performEnterpriseAction("removeTermsAndConditions", "immediate_terms_and_conditions_removal_warning", "removed_terms_and_conditions_successfully")
-
     $scope.performEnterpriseAction = (enterpriseActionName, warning_message_key, success_message_key) ->
       return unless confirm($scope.translation(warning_message_key))
 

app/assets/javascripts/admin/enterprises/directives/terms_and_conditions_warning.js.coffee

@@ -1,32 +0,0 @@
-angular.module("admin.enterprises").directive 'termsAndConditionsWarning', ($rootScope, $compile, $templateCache, DialogDefaults, $timeout) ->
-  restrict: 'A'
-  scope: true
-
-  link: (scope, element, attr) ->
-    # This file input click handler will hold the browser file input dialog and show a warning modal
-    scope.hold_file_input_and_show_warning_modal = (event) ->
-      event.preventDefault()
-      scope.template = $compile($templateCache.get('admin/modals/terms_and_conditions_warning.html'))(scope)
-      if scope.template.dialog
-        scope.template.dialog(DialogDefaults)
-        scope.template.dialog('open')
-      $rootScope.$evalAsync()
-
-    element.bind 'click', scope.hold_file_input_and_show_warning_modal
-
-    # When the user presses continue in the warning modal, we open the browser file input dialog
-    scope.continue = ->
-      scope.template.dialog('close')
-      $rootScope.$evalAsync()
-
-      # unbind warning modal handler and click file input again to open the browser file input dialog
-      element.unbind('click').trigger('click')
-      # afterwards, bind warning modal handler again so that the warning is shown the next time
-      $timeout ->
-        element.bind 'click', scope.hold_file_input_and_show_warning_modal
-      return
-
-    scope.close = ->
-      scope.template.dialog('close')
-      $rootScope.$evalAsync()
-      return

app/assets/javascripts/admin/index_utils/directives/show_more.js.coffee

@@ -1,12 +0,0 @@
-angular.module("admin.indexUtils").component 'showMore',
-  templateUrl: 'admin/show_more.html'
-  bindings:
-    data: "="
-    limit: "="
-    increment: "="
-
-# For now, this component is not being used.
-# Something about binding "data" to a variable on the parent scope that is continually refreshed by
-# being assigned within an ng-repeat means that we get $digest iteration errors. Seems to be solved
-# by using the new "as" syntax for ng-repeat to assign and alias the outcome of the filters, but this
-# has the limitation of not being able to be limited AFTER the assignment has been made, which we need

app/assets/javascripts/admin/line_items/controllers/line_items_controller.js.coffee

@@ -3,16 +3,28 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
   $scope.RequestMonitor = RequestMonitor
   $scope.line_items = LineItems.all
   $scope.confirmDelete = true
-  $scope.startDate = moment().startOf('day').subtract(7, 'days').format('YYYY-MM-DD')
-  $scope.endDate = moment().startOf('day').format('YYYY-MM-DD')
-  $scope.previousDates = { startDate: $scope.startDate, endDate: $scope.endDate }
-  $scope.datesChangedOnCancelEvent = false
   $scope.bulkActions = [ { name: t("admin.orders.bulk_management.actions_delete"), callback: 'deleteLineItems' } ]
   $scope.selectedUnitsProduct = {}
   $scope.selectedUnitsVariant = {}
   $scope.sharedResource = false
   $scope.columns = Columns.columns
   $scope.sorting = SortOptions
+  $scope.pagination = LineItems.pagination
+  $scope.per_page_options = [
+    {id: 15, name: t('js.admin.orders.index.per_page', results: 15)},
+    {id: 50, name: t('js.admin.orders.index.per_page', results: 50)},
+    {id: 100, name: t('js.admin.orders.index.per_page', results: 100)}
+  ]
+  $scope.page = 1
+  $scope.per_page = $scope.per_page_options[0].id
+  searchThrough = ["order_distributor_name",
+    "order_bill_address_phone",
+    "order_bill_address_firstname",
+    "order_bill_address_lastname",
+    "variant_product_supplier_name",
+    "order_email",
+    "order_number",
+    "product_name"].join("_or_") + "_cont"
 
   $scope.confirmRefresh = ->
     LineItems.allSaved() || confirm(t("unsaved_changes_warning"))
@@ -21,101 +33,73 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
     $scope.distributorFilter = ''
     $scope.supplierFilter = ''
     $scope.orderCycleFilter = ''
-    $scope.quickSearch = ''
+    $scope.query = ''
+    $scope.startDate = undefined
+    $scope.endDate = undefined
+    event = new CustomEvent('flatpickr:clear')
+    window.dispatchEvent(event)
 
   $scope.resetSelectFilters = ->
     $scope.resetFilters()
     $scope.refreshData()
 
-  $scope.$watchCollection "[startDate, endDate]", (newValues, oldValues) ->
-    if newValues != oldValues && !$scope.datesChangedOnCancelEvent
-        state = $scope.refreshData()
-        if (state == "cancel")
-          $scope.datesChangedOnCancelEvent = true
-          $scope.cancelDateChange()
-  
-  $scope.cancelDateChange = ->
-    # Reset the date filters to the previous values
-    $scope.startDate = $scope.previousDates.startDate
-    $scope.endDate = $scope.previousDates.endDate
-    # throw a flatpickr:change event to change the date back in the datepicker
-    event = new CustomEvent('flatpickr:change', {
-      detail: { 
-        startDate: $scope.previousDates.startDate,
-        endDate: $scope.previousDates.endDate
-      }
-    })
-    window.dispatchEvent(event)
-    $timeout ->
-      $scope.datesChangedOnCancelEvent = false
- 
+  $scope.fetchResults = ->
+    # creates indirection in order to factorize the code between orders and bulk orders
+    # used in app/views/admin/shared/_angular_per_page_controls.html.haml
+    $scope.refreshData()
+
   $scope.refreshData = ->
-    unless !$scope.orderCycleFilter? || $scope.orderCycleFilter == ''
-      $scope.setOrderCycleDateRange()
-
-    $scope.formattedStartDate = moment($scope.startDate).format()
-    $scope.formattedEndDate = moment($scope.endDate).add(1,'day').format()
-
-    return unless moment($scope.formattedStartDate).isValid() and moment($scope.formattedEndDate).isValid()
-
     return "cancel" unless $scope.confirmRefresh()
 
-    $scope.loadOrders()
     $scope.loadLineItems()
 
     unless $scope.initialized
       $scope.loadAssociatedData()
 
     $scope.dereferenceLoadedData()
-    
-    $timeout ->
-      # update the previous dates with the current ones since loading was successful
-      $scope.previousDates.startDate = $scope.startDate
-      $scope.previousDates.endDate = $scope.endDate
-
-  $scope.setOrderCycleDateRange = ->
-    start_date = OrderCycles.byID[$scope.orderCycleFilter].orders_open_at
-    end_date = OrderCycles.byID[$scope.orderCycleFilter].orders_close_at
-    format = "YYYY-MM-DD HH:mm:ss Z"
-    $scope.startDate = moment(start_date, format).format('YYYY-MM-DD')
-    $scope.endDate = moment(end_date, format).startOf('day').format('YYYY-MM-DD')
 
   $scope.loadOrders = ->
     RequestMonitor.load $scope.orders = Orders.index(
-      "q[state_not_eq]": "canceled",
-      "q[shipment_state_not_eq]": "shipped",
-      "q[completed_at_not_null]": "true",
-      "q[distributor_id_eq]": $scope.distributorFilter,
-      "q[order_cycle_id_eq]": $scope.orderCycleFilter,
-      "q[completed_at_gteq]": $scope.formattedStartDate,
-      "q[completed_at_lt]": $scope.formattedEndDate
+      "q[id_in][]": $scope.line_items.map((line_item) -> line_item.order.id)
     )
 
   $scope.loadLineItems = ->
+    [formattedStartDate, formattedEndDate] = $scope.formatDates($scope.startDate, $scope.endDate)
+
     RequestMonitor.load LineItems.index(
+      "q[#{searchThrough}]": $scope.query,
       "q[order_state_not_eq]": "canceled",
       "q[order_shipment_state_not_eq]": "shipped",
       "q[order_completed_at_not_null]": "true",
       "q[order_distributor_id_eq]": $scope.distributorFilter,
       "q[variant_product_supplier_id_eq]": $scope.supplierFilter,
       "q[order_order_cycle_id_eq]": $scope.orderCycleFilter,
-      "q[order_completed_at_gteq]": $scope.formattedStartDate,
-      "q[order_completed_at_lt]": $scope.formattedEndDate
+      "q[order_completed_at_gteq]": if formattedStartDate then formattedStartDate else undefined,
+      "q[order_completed_at_lt]": if formattedEndDate then formattedEndDate else undefined,
+      "page": $scope.page,
+      "per_page": $scope.per_page
     )
 
+  $scope.formatDates = (startDate, endDate) ->
+    formattedStartDate = moment(startDate).format('YYYY-MM-DD') if startDate
+    formattedEndDate = moment(endDate).add(1,'day').format('YYYY-MM-DD') if endDate
+    return [formattedStartDate, formattedEndDate]
+
   $scope.loadAssociatedData = ->
     RequestMonitor.load $scope.distributors = Enterprises.index(action: "visible", ams_prefix: "basic", "q[sells_in][]": ["own", "any"])
     RequestMonitor.load $scope.orderCycles = OrderCycles.index(ams_prefix: "basic", as: "distributor", "q[orders_close_at_gt]": "#{moment().subtract(90,'days').format()}")
     RequestMonitor.load $scope.suppliers = Enterprises.index(action: "visible", ams_prefix: "basic", "q[is_primary_producer_eq]": "true")
 
   $scope.dereferenceLoadedData = ->
-    RequestMonitor.load $q.all([$scope.orders.$promise, $scope.distributors.$promise, $scope.orderCycles.$promise, $scope.suppliers.$promise, $scope.line_items.$promise]).then ->
-      Dereferencer.dereferenceAttr $scope.orders, "distributor", Enterprises.byID
-      Dereferencer.dereferenceAttr $scope.orders, "order_cycle", OrderCycles.byID
+    RequestMonitor.load $q.all([$scope.distributors.$promise, $scope.orderCycles.$promise, $scope.suppliers.$promise, $scope.line_items.$promise]).then ->
       Dereferencer.dereferenceAttr $scope.line_items, "supplier", Enterprises.byID
-      Dereferencer.dereferenceAttr $scope.line_items, "order", Orders.byID
-      $scope.bulk_order_form.$setPristine()
-      StatusMessage.clear()
+      $scope.loadOrders()
+      RequestMonitor.load $q.all([$scope.orders.$promise]).then ->
+        Dereferencer.dereferenceAttr $scope.line_items, "order", Orders.byID  
+        Dereferencer.dereferenceAttr $scope.orders, "distributor", Enterprises.byID
+        Dereferencer.dereferenceAttr $scope.orders, "order_cycle", OrderCycles.byID
+        $scope.bulk_order_form.$setPristine()
+        StatusMessage.clear()
 
       unless $scope.initialized
         $scope.initialized = true
@@ -174,6 +158,10 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
             else
               Promise.all(LineItems.delete(item) for item in items).then(-> $scope.refreshData())
       , "js.admin.deleting_item_will_cancel_order")   
+    else
+      ofnDeleteLineItemsAlert(() ->
+        Promise.all(LineItems.delete(item) for item in lineItemsToDelete).then(-> $scope.refreshData())
+      , lineItemsToDelete.length)
 
   $scope.allBoxesChecked = ->
     checkedCount = $scope.filteredLineItems.reduce (count,lineItem) ->
@@ -233,7 +221,7 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
 
   $scope.getGroupBySizeFormattedValueWithUnitName = (value, unitsProduct, unitsVariant) ->
     scale = $scope.getScale(unitsProduct, unitsVariant)
-    if scale
+    if scale && value
       value = value / scale if scale != 28.35 && scale != 1 && scale != 453.6 # divide by scale if not smallest unit
       $scope.getFormattedValueWithUnitName(value, unitsProduct, unitsVariant, scale)
     else
@@ -277,5 +265,8 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
       lineItem.final_weight_volume = LineItems.pristineByID[lineItem.id].final_weight_volume * lineItem.quantity / LineItems.pristineByID[lineItem.id].quantity
       $scope.weightAdjustedPrice(lineItem)
 
-  $scope.resetFilters()
-  $scope.refreshData()
+  $scope.changePage = (newPage) ->
+    $scope.page = newPage
+    $scope.refreshData()
+
+  $scope.resetSelectFilters()

app/assets/javascripts/admin/order_cycles/controllers/edit.js.coffee

@@ -18,7 +18,6 @@ angular.module('admin.orderCycles')
 
     $scope.submit = ($event, destination) ->
       $event.preventDefault()
-      NavigationCheck.clear()
       StatusMessage.display 'progress', t('js.saving')
       OrderCycle.update(destination, $scope.order_cycle_form)
 

app/assets/javascripts/admin/order_cycles/controllers/order_cycle_exchanges_controller.js.coffee

@@ -35,7 +35,11 @@ angular.module('admin.orderCycles')
       OrderCycle.removeExchangeFee(exchange, index)
       $scope.order_cycle_form.$dirty = true
 
-    $scope.setPickupTimeFieldDirty = (index) ->
+    $scope.setPickupTimeFieldDirty = (index, pickup_time) ->
+      # if the pickup_time is already set we are in edit mode, so no need to set pickup_time field as dirty
+      # to show it is required (it has a red border when set to dirty)
+      return if pickup_time
+
       $timeout ->
         pickup_time_field_name = "order_cycle_outgoing_exchange_" + index + "_pickup_time"
         $scope.order_cycle_form[pickup_time_field_name].$setDirty()

app/assets/javascripts/admin/order_cycles/controllers/order_cycles_controller.js.coffee

@@ -33,9 +33,11 @@ angular.module("admin.orderCycles").controller "OrderCyclesCtrl", ($scope, $q, C
     StatusMessage.display 'notice', "You have unsaved changes" if newVal
 
   $scope.showMore = (days) ->
+    orderCycles = OrderCycles.index(ams_prefix: "index", 
+    "q[orders_close_at_gt]": "#{daysFromToday($scope.ordersCloseAtLimit - days)}", 
+    "q[orders_close_at_lteq]": "#{daysFromToday($scope.ordersCloseAtLimit)}"
+    )
     $scope.ordersCloseAtLimit -= days
-    existingIDs = Object.keys(OrderCycles.byID)
-    orderCycles = OrderCycles.index(ams_prefix: "index", "q[orders_close_at_gt]": "#{daysFromToday($scope.ordersCloseAtLimit)}", "q[id_not_in][]": existingIDs)
     orderCycles.$promise.then ->
       $scope.orderCycles.push(orderCycle) for orderCycle in orderCycles
       compileData()

app/assets/javascripts/admin/orders/controllers/bulk_cancel_controller.js.coffee

@@ -1,14 +0,0 @@
-angular.module("admin.orders").controller "bulkCancelCtrl", ($scope, $http, $timeout) ->
-
-  $scope.cancelOrder = (orderIds, sendEmailCancellation, restock_items) ->
-    $http(
-      method: 'post'
-      url: "/admin/orders/bulk_cancel?order_ids=#{orderIds}&send_cancellation_email=#{sendEmailCancellation}&restock_items=#{restock_items}" ).then(->
-        window.location.reload()
-      )
-
-  $scope.cancelSelectedOrders = ->
-    ofnCancelOrderAlert((confirm, sendEmailCancellation, restock_items) ->
-      if confirm
-        $scope.cancelOrder $scope.selected_orders, sendEmailCancellation, restock_items
-    )

app/assets/javascripts/admin/products/controllers/units_controller.js.coffee

@@ -21,8 +21,14 @@ angular.module("admin.products")
         else
           $scope.product.variant_unit = $scope.product.variant_unit_with_scale
           $scope.product.variant_unit_scale = null
-      else if $scope.product.variant_unit && $scope.product.variant_unit_scale
-        $scope.product.variant_unit_with_scale = VariantUnitManager.getUnitWithScale($scope.product.variant_unit, parseFloat($scope.product.variant_unit_scale))
+      else if $scope.product.variant_unit
+        # Preserves variant_unit_with_scale when form validation fails and reload triggers
+        if $scope.product.variant_unit_scale
+          $scope.product.variant_unit_with_scale = VariantUnitManager.getUnitWithScale(
+            $scope.product.variant_unit, parseFloat($scope.product.variant_unit_scale)
+          )
+        else
+          $scope.product.variant_unit_with_scale = $scope.product.variant_unit
       else
         $scope.product.variant_unit = $scope.product.variant_unit_scale = null
 

app/assets/javascripts/admin/resources/resources/enterprise_resource.js.coffee

@@ -14,7 +14,4 @@ angular.module("admin.resources").factory 'EnterpriseResource', ($resource) ->
     'removePromoImage':
       url: '/api/v0/enterprises/:id/promo_image.json'
       method: 'DELETE'
-    'removeTermsAndConditions':
-      url: '/api/v0/enterprises/:id/terms_and_conditions.json'
-      method: 'DELETE'
   })

app/assets/javascripts/admin/resources/services/enterprises.js.coffee

@@ -63,4 +63,3 @@ angular.module("admin.resources").factory 'Enterprises', ($q, $filter, Enterpris
 
     removeLogo: performActionOnEnterpriseResource(EnterpriseResource.removeLogo)
     removePromoImage: performActionOnEnterpriseResource(EnterpriseResource.removePromoImage)
-    removeTermsAndConditions: performActionOnEnterpriseResource(EnterpriseResource.removeTermsAndConditions)

app/assets/javascripts/admin/spree/orders/variant_autocomplete.js.erb

@@ -250,6 +250,18 @@ ofnCancelOrderAlert = function(callback, i18nKey) {
   $('#custom-confirm').show();
 }
 
+ofnDeleteLineItemsAlert = function(callback, count) {
+  $('#custom-confirm .message').html(`${t("js.admin.orders.delete_line_items_html", {count: count})}`);
+  $('#custom-confirm button.confirm').click(() => {
+    $('#custom-confirm').hide();
+    callback();
+  });
+  $('#custom-confirm button.cancel').click(() => {
+    $('#custom-confirm').hide();
+  });
+  $('#custom-confirm').show();
+}
+
 ofnConfirm = function(callback) {
   $('#custom-confirm .message').html(
       ` ${t("are_you_sure")}

app/assets/javascripts/admin/spree/taxons/taxonomy.js.coffee

@@ -8,7 +8,7 @@ handle_move = (e, data) ->
   node = data.rslt.o
   new_parent = data.rslt.np
 
-  url = new URL(base_url)
+  url = new URL(Spree.routes.admin_taxonomy_taxons)
   url.pathname = url.pathname + '/' + node.attr("id") 
   data = {
     _method: "put",

app/assets/javascripts/admin/utils/utils.js.coffee

@@ -1,2 +1,3 @@
-angular.module("admin.utils", ["templates", "ngSanitize"]).config ($httpProvider) ->
+angular.module("admin.utils", ["templates", "ngSanitize"]).config ($httpProvider, $locationProvider) ->
+ $locationProvider.hashPrefix('')
  $httpProvider.defaults.headers.common["Accept"] = "application/json, text/javascript, */*"

app/assets/javascripts/darkswarm/controllers/registration/registration_form_controller.js.coffee

@@ -7,8 +7,12 @@ angular.module('Darkswarm').controller "RegistrationFormCtrl", ($scope, Registra
     form.$valid
 
   $scope.create = (form) ->
-    $scope.disableButton()
-    EnterpriseRegistrationService.create($scope.enableButton) if $scope.valid(form)
+    if ($scope.valid(form)) 
+      $scope.disableButton()
+      EnterpriseRegistrationService.create().then(() ->
+        $scope.enableButton()
+      )
+    end
 
   $scope.update = (nextStep, form) ->
     EnterpriseRegistrationService.update(nextStep) if $scope.valid(form)

app/assets/javascripts/darkswarm/directives/fill_vertical.js.coffee

@@ -1,9 +0,0 @@
-angular.module('Darkswarm').directive "fillVertical", ($window)->
-  # Makes something fill the window vertically. Used on the Google Map.
-  restrict: 'A'
-  link: (scope, element, attrs)->
-    setSize = ->
-      element.css "height", ($window.innerHeight - element.offset().top)
-    setSize()
-    angular.element($window).bind "resize", ->
-      setSize()

app/assets/javascripts/darkswarm/directives/flash.js.coffee

@@ -17,9 +17,12 @@ angular.module('Darkswarm').directive "ofnFlash", (flash, $timeout, RailsFlashLo
     
     # Callback when a new flash message is pushed to flash service
     show = (message, type)=>
-      if message
-        $scope.flashes.push({message: message, type: typePairings[type]})
-        $timeout($scope.delete, 10000)
+      return unless message
+      # if same message already exists, don't add it again
+      return if $scope.flashes.some((flash) -> flash.message == message)
+
+      $scope.flashes.push({message: message, type: typePairings[type]})
+      $timeout($scope.delete, 10000)
 
     $scope.delete = ->
       $scope.flashes.shift()

app/assets/javascripts/darkswarm/directives/on_hand.js.coffee

@@ -1,4 +1,4 @@
-angular.module('Darkswarm').directive "ofnOnHand", (StockQuantity) ->
+angular.module('Darkswarm').directive "ofnOnHand", (StockQuantity, Messages) ->
   restrict: 'A'
   require: "ngModel"
   scope: true
@@ -16,7 +16,7 @@ angular.module('Darkswarm').directive "ofnOnHand", (StockQuantity) ->
     ngModel.$parsers.push (viewValue) ->
       available_quantity = scope.available_quantity()
       if parseInt(viewValue) > available_quantity
-        alert t("js.insufficient_stock", {on_hand: available_quantity})
+        Messages.flash({error: t("js.insufficient_stock", {on_hand: available_quantity})})
         viewValue = available_quantity
         ngModel.$setViewValue viewValue
         ngModel.$render()

app/assets/javascripts/darkswarm/directives/single_line_selectors.coffee

@@ -1,82 +0,0 @@
-angular.module('Darkswarm').directive 'singleLineSelectors', ($timeout, $filter) ->
-  restrict: 'E'
-  templateUrl: "single_line_selectors.html"
-  scope:
-    selectors: "="
-    objects: "&"
-    activeSelectors: "="
-    selectorName: "@activeSelectors"
-  link: (scope, element, attrs) ->
-    scope.fitting = false
-
-    scope.refit = ->
-      if scope.allSelectors?
-        scope.fitting = true
-        selector.fits = true for selector in scope.allSelectors
-        $timeout(loadWidths, 0, true).then ->
-          $timeout fit, 0, true
-
-    fit = ->
-      used = $(element).find("li.more").outerWidth(true)
-      used += selector.width for selector in scope.allSelectors when selector.fits
-      available = $(element).parent(".filter-shopfront").innerWidth() - used
-      if available > 0
-        for selector in scope.allSelectors when !selector.fits
-          available -= selector.width
-          selector.fits = true if available > 0
-      else
-        if scope.allSelectors.length > 0
-          for i in [scope.allSelectors.length-1..0]
-            selector = scope.allSelectors[i]
-            if !selector.fits
-              continue
-            else
-              if available < 0
-                selector.fits = false
-                available += selector.width
-      scope.fitting = false
-
-    loadWidths = ->
-      $(element).find("li").not(".more").each (i) ->
-        if i < scope.allSelectors.length
-          scope.allSelectors[i].width = $(this).outerWidth(true)
-        return null # So we don't exit the loop weirdly
-
-    scope.overFlowSelectors = ->
-      return [] unless scope.allSelectors?
-      $filter('filter')(scope.allSelectors, { fits: false })
-
-    scope.selectedOverFlowSelectors = ->
-      $filter('filter')(scope.overFlowSelectors(), { active: true })
-
-    # had to duplicate this to make overflow selectors work
-    scope.emit = ->
-      scope.activeSelectors = scope.allSelectors.filter (selector)->
-        selector.active
-      .map (selector) ->
-        selector.object.id
-
-    # From: http://stackoverflow.com/questions/4298612/jquery-how-to-call-resize-event-only-once-its-finished-resizing
-    debouncer = (func, timeout) ->
-      timeoutID = undefined
-      timeout = timeout or 50
-      ->
-        subject = this
-        args = arguments
-        clearTimeout timeoutID
-        timeoutID = setTimeout(->
-          func.apply subject, Array::slice.call(args)
-        , timeout)
-
-
-    # -- Event management
-    scope.$watchCollection "allSelectors", ->
-      scope.refit()
-
-    scope.$on "filtersToggled", ->
-      scope.refit()
-
-    $(window).resize debouncer (e) ->
-      scope.fitting = true
-      if scope.allSelectors?
-        $timeout fit, 0, true

app/assets/javascripts/darkswarm/services/enterprise_registration_service.js.coffee

@@ -55,6 +55,10 @@ angular.module('Darkswarm').factory "EnterpriseRegistrationService", ($http, Reg
       ).catch((response) ->
         Loading.clear()
         alert(t('failed_to_update_enterprise_unknown'))
+        if response.data.errors.instagram
+          igErr = document.querySelector("#instagram-error")
+          igErr.style.display = 'block'
+          igErr.textContent = response.data.errors.instagram[0]
       )
 
     prepare: =>

app/assets/javascripts/iehack.js

@@ -1,5 +0,0 @@
-$( document ).ready(function() {
-  $("#closeie").click(function() {
-    $("#ie-warning").hide(); 
-  });
-})

app/assets/javascripts/templates/admin/columns_dropdown.html.haml

@@ -1,11 +1,13 @@
-.ofn-drop-down.right#columns-dropdown{ ng: { controller: 'ColumnsDropdownCtrl' } }
-  %span{ :class => 'icon-reorder' }= "  #{t('admin.columns')}".html_safe
-  %span{ 'ng-class' => "expanded && 'icon-caret-up' || !expanded && 'icon-caret-down'" }
+.ofn-drop-down.ofn-drop-down-v2.right#columns-dropdown{ ng: { controller: 'ColumnsDropdownCtrl' } }
+  .ofn-drop-down-label
+    = "  #{t('admin.columns')}".html_safe
+    %span{ 'ng-class' => "expanded && 'icon-caret-up' || !expanded && 'icon-caret-down'" }
   %div.menu{ 'ng-show' => "expanded" }
-    %div.menu_item{ ng: { repeat: "column in columns", click: "toggle(column)", class: "{selected: column.visible}" } }
-      %span.check
-      %span.name {{ column.name }}
-    %hr
-    %div.menu_item.text-center
-      %input.fullwidth.orange{ type: "button", ng: { value: "saved() ? 'Saved': 'Saving'", show: "saved() || saving", disabled: "saved()" } }
-      %input.fullwidth.red{ type: "button", :value => t('admin.column_save_as_default').html_safe, ng: { show: "!saved() && !saving", click: "saveColumnPreferences(action)"} }
+    .menu_items
+      .menu_item{ ng: { repeat: "column in columns", click: "toggle(column);" } }
+        %input.redesigned-input{ type: "checkbox", ng: { checked: "column.visible" } }
+        {{ column.name }}
+      %hr
+      %div.menu_item.text-center
+        %input.fullwidth.orange{ type: "button", ng: { value: "saved() ? 'Saved': 'Saving'", show: "saved() || saving", disabled: "saved()" } }
+        %input.fullwidth.red{ type: "button", :value => t('admin.column_save_as_default').html_safe, ng: { show: "!saved() && !saving", click: "saveColumnPreferences(action)"} }

app/assets/javascripts/templates/admin/modals/terms_and_conditions_warning.html.haml

@@ -1,14 +0,0 @@
-%div
-  .margin-bottom-30.text-center
-    .text-big
-      {{ 'js.admin.modals.terms_and_conditions_warning.title' | t }}
-  .margin-bottom-30
-    %p
-      {{ 'js.admin.modals.terms_and_conditions_warning.message_1' | t }}
-  .margin-bottom-30
-    %p
-      {{ 'js.admin.modals.terms_and_conditions_warning.message_2' | t }}
-
-  .text-center
-    %input.button.red{ type: 'button', value: t('js.admin.modals.close'), ng: { click: 'close()' } }
-    %input.button.red{ type: 'button', value: t('js.admin.modals.continue'), ng: { click: 'continue()' } }

app/assets/javascripts/templates/admin/show_more.html.haml

@@ -1,3 +0,0 @@
-%div{ ng: { show: "data.length > limit" } }
-  %input{ type: 'button', value: t(:show_more), ng: { click: 'limit = limit + increment' } }
-  %input{ type: 'button', value: t(:show_all_with_more, num: '{{ data.length - limit }}'), ng: { click: 'limit = data.length' } }

app/assets/javascripts/templates/single_line_selectors.html.haml

@@ -1,14 +0,0 @@
--# In order for the single-line-selector scope to have access to the available selectors,
-%filter-selector{"selector-set" => "selectors", objects: "objects()", "active-selectors" => "activeSelectors", "all-selectors" => "allSelectors" }
-
-%ul{ ng: { if: "overFlowSelectors().length > 0 || fitting" } }
-  %li.more
-    %a.dropdown{ data: { dropdown: "{{ 'show-more-' + selectorName }}" }, ng: { class: "{active: selectedOverFlowSelectors().length > 0}" } }
-      %span
-        {{ 'js.more_items' | t:{ count: overFlowSelectors().length } }}
-      %i.ofn-i_052-point-down
-    .f-dropdown.text-right.content{ ng: { attr: { id: "{{ 'show-more-' + selectorName }}" } } }
-      %ul
-        %active-selector{ ng: { repeat: "selector in overFlowSelectors()", hide: "selector.fits" } }
-          %render-svg{path: "{{selector.object.icon}}", ng: { if: "selector.object.icon"}}
-          %span {{ selector.object.name }}

app/components/confirm_modal_component.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+class ConfirmModalComponent < ModalComponent
+  def initialize(id:, confirm_actions: nil, controllers: nil, message: nil)
+    super(id: id, close_button: true)
+    @confirm_actions = confirm_actions
+    @controllers = controllers
+    @message = message
+  end
+
+  private
+
+  def close_button_class
+    "secondary"
+  end
+end

app/components/confirm_modal_component/confirm_modal_component.html.haml

@@ -0,0 +1,10 @@
+%div{ id: @id, "data-controller": "modal #{@controllers}", "data-action": "keyup@document->modal#closeIfEscapeKey" }
+  .reveal-modal-bg.fade{ "data-modal-target": "background", "data-action": "click->modal#close" }
+  .reveal-modal.fade.tiny.help-modal{ "data-modal-target": "modal" }
+    = content
+
+    = render @message if @message
+
+    .modal-actions
+      %input{ class: "button icon-plus #{close_button_class}", type: 'button', value: t('js.admin.modals.cancel'), "data-action": "click->modal#close" }
+      %input{ class: "button icon-plus primary", type: 'button', value: t('js.admin.modals.confirm'), "data-action": @confirm_actions }

app/components/confirm_modal_component/confirm_modal_component.scss

@@ -0,0 +1,4 @@
+.modal-actions {
+  display: flex;
+  justify-content: space-around;
+}

app/components/help_modal_component.rb

@@ -1,26 +1,7 @@
 # frozen_string_literal: true
 
-class HelpModalComponent < ViewComponent::Base
+class HelpModalComponent < ModalComponent
   def initialize(id:, close_button: true)
-    @id = id
-    @close_button = close_button
-  end
-
-  private
-
-  def close_button_class
-    if namespace == "admin"
-      "red"
-    else
-      "primary"
-    end
-  end
-
-  def close_button?
-    !!@close_button
-  end
-
-  def namespace
-    helpers.controller_path.split("/").first
+    super(id: id, close_button: close_button)
   end
 end

app/components/modal_component.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+class ModalComponent < ViewComponent::Base
+  def initialize(id:, close_button: true)
+    @id = id
+    @close_button = close_button
+  end
+
+  private
+
+  def close_button_class
+    if namespace == "admin"
+      "red"
+    else
+      "primary"
+    end
+  end
+
+  def close_button?
+    !!@close_button
+  end
+
+  def namespace
+    helpers.controller_path.split("/").first
+  end
+end

app/components/product_component.rb

@@ -1,18 +1,26 @@
 # frozen_string_literal: true
 
 class ProductComponent < ViewComponentReflex::Component
+  DATETIME_FORMAT = '%F %T'
+
   def initialize(product:, columns:)
     super
     @product = product
     @image = @product.images[0] if product.images.any?
-    @columns = columns.map { |c|
+    @columns = columns.map do |c|
       {
         id: c[:value],
         value: column_value(c[:value])
       }
-    }
+    end
   end
 
+  # This must be define when using ProductComponent.with_collection()
+  def collection_key
+    @product.id
+  end
+
+  # rubocop:disable Metrics/CyclomaticComplexity, Metrics/MethodLength
   def column_value(column)
     case column
     when 'name'
@@ -25,6 +33,27 @@ class ProductComponent < ViewComponentReflex::Component
       @product.supplier.name
     when 'category'
       @product.taxons.map(&:name).join(', ')
+    when 'sku'
+      @product.sku
+    when 'on_hand'
+      @product.on_hand || 0
+    when 'on_demand'
+      @product.on_demand
+    when 'tax_category'
+      @product.tax_category.name
+    when 'inherits_properties'
+      @product.inherits_properties
+    when 'available_on'
+      format_date(@product.available_on)
+    when 'import_date'
+      format_date(@product.import_date)
     end
   end
+  # rubocop:enable Metrics/CyclomaticComplexity, Metrics/MethodLength
+
+  private
+
+  def format_date(date)
+    date&.strftime(DATETIME_FORMAT) || ''
+  end
 end

app/components/products_table_component.rb

@@ -3,27 +3,37 @@
 class ProductsTableComponent < ViewComponentReflex::Component
   include Pagy::Backend
 
-  SORTABLE_COLUMNS = ["name"].freeze
-  SELECTABLE_COMUMNS = [{ label: I18n.t("admin.products_page.columns_selector.price"),
-                          value: "price" },
-                        { label: I18n.t("admin.products_page.columns_selector.unit"),
-                          value: "unit" },
-                        { label: I18n.t("admin.products_page.columns_selector.producer"),
-                          value: "producer" },
-                        { label: I18n.t("admin.products_page.columns_selector.category"),
-                          value: "category" }].sort { |a, b|
+  SORTABLE_COLUMNS = ['name', 'import_date'].freeze
+  SELECTABLE_COLUMNS = [
+    { label: I18n.t("admin.products_page.columns_selector.price"), value: "price" },
+    { label: I18n.t("admin.products_page.columns_selector.unit"), value: "unit" },
+    { label: I18n.t("admin.products_page.columns_selector.producer"), value: "producer" },
+    { label: I18n.t("admin.products_page.columns_selector.category"), value: "category" },
+    { label: I18n.t("admin.products_page.columns_selector.sku"), value: "sku" },
+    { label: I18n.t("admin.products_page.columns_selector.on_hand"), value: "on_hand" },
+    { label: I18n.t("admin.products_page.columns_selector.on_demand"), value: "on_demand" },
+    { label: I18n.t("admin.products_page.columns_selector.tax_category"), value: "tax_category" },
+    {
+      label: I18n.t("admin.products_page.columns_selector.inherits_properties"),
+      value: "inherits_properties"
+    },
+    { label: I18n.t("admin.products_page.columns_selector.available_on"), value: "available_on" },
+    { label: I18n.t("admin.products_page.columns_selector.import_date"), value: "import_date" }
+  ].sort do |a, b|
     a[:label] <=> b[:label]
-  }.freeze
+  end.freeze
+
   PER_PAGE_VALUE = [10, 25, 50, 100].freeze
   PER_PAGE = PER_PAGE_VALUE.map { |value| { label: value, value: value } }
-  NAME_COLUMN = { label: I18n.t("admin.products_page.columns.name"), value: "name",
-                  sortable: true }.freeze
+  NAME_COLUMN = {
+    label: I18n.t("admin.products_page.columns.name"), value: "name", sortable: true
+  }.freeze
 
   def initialize(user:)
     super
     @user = user
-    @selectable_columns = SELECTABLE_COMUMNS
-    @columns_selected = ["price", "unit"]
+    @selectable_columns = SELECTABLE_COLUMNS
+    @columns_selected = ['unit', 'price', 'on_hand', 'category', 'import_date']
     @per_page = PER_PAGE
     @per_page_selected = [10]
     @categories = [{ label: "All", value: "all" }] +
@@ -40,16 +50,20 @@ class ProductsTableComponent < ViewComponentReflex::Component
     @search_term = ""
   end
 
+  # any change on a "reflex_data_attributes" (defined in the template) will trigger a re render
   def before_render
     fetch_products
     refresh_columns
   end
 
+  # Element refers to the component the data is set on
   def search_term
+    # Element is SearchInputComponent
     @search_term = element.dataset['value']
   end
 
   def toggle_column
+    # Element is SelectorComponent
     column = element.dataset['value']
     @columns_selected = if @columns_selected.include?(column)
                           @columns_selected - [column]
@@ -59,26 +73,33 @@ class ProductsTableComponent < ViewComponentReflex::Component
   end
 
   def click_sort
-    @sort = { column: element.dataset['sort-value'],
-              direction: element.dataset['sort-direction'] == "asc" ? "desc" : "asc" }
+    # Element is TableHeaderComponent
+    @sort = {
+      column: element.dataset['sort-value'],
+      direction: element.dataset['sort-direction'] == "asc" ? "desc" : "asc"
+    }
   end
 
   def toggle_per_page
+    # Element is SelectorComponent
     selected = element.dataset['value'].to_i
     @per_page_selected = [selected] if PER_PAGE_VALUE.include?(selected)
   end
 
   def toggle_category
+    # Element is SelectorWithFilterComponent
     category_clicked = element.dataset['value']
     @categories_selected = toggle_selector_with_filter(category_clicked, @categories_selected)
   end
 
   def toggle_producer
+    # Element is SelectorWithFilterComponent
     producer_clicked = element.dataset['value']
     @producers_selected = toggle_selector_with_filter(producer_clicked, @producers_selected)
   end
 
   def change_page
+    # Element is PaginationComponent
     page = element.dataset['page'].to_i
     @page = page if page > 0
   end
@@ -86,10 +107,13 @@ class ProductsTableComponent < ViewComponentReflex::Component
   private
 
   def refresh_columns
-    @columns = @columns_selected.map { |column|
-      { label: I18n.t("admin.products_page.columns.#{column}"), value: column,
-        sortable: SORTABLE_COLUMNS.include?(column) }
-    }.sort! { |a, b| a[:label] <=> b[:label] }
+    @columns = @columns_selected.map do |column|
+      {
+        label: I18n.t("admin.products_page.columns.#{column}"),
+        value: column,
+        sortable: SORTABLE_COLUMNS.include?(column)
+      }
+    end.sort! { |a, b| a[:label] <=> b[:label] }
     @columns.unshift(NAME_COLUMN)
   end
 
@@ -145,8 +169,13 @@ class ProductsTableComponent < ViewComponentReflex::Component
   def product_query_includes
     [
       master: [:images],
-      variants: [:default_price, :stock_locations, :stock_items, :variant_overrides,
-                 { option_values: :option_type }]
+      variants: [
+        :default_price,
+        :stock_locations,
+        :stock_items,
+        :variant_overrides,
+        { option_values: :option_type }
+      ]
     ]
   end
 end

app/constraints/feature_toggle_constraint.rb

@@ -3,11 +3,16 @@
 require "open_food_network/feature_toggle"
 
 class FeatureToggleConstraint
-  def initialize(feature_name)
+  def initialize(feature_name, negate: false)
     @feature = feature_name
+    @negate = negate
   end
 
   def matches?(request)
+    enabled?(request) ^ @negate
+  end
+
+  def enabled?(request)
     OpenFoodNetwork::FeatureToggle.enabled?(@feature, current_user(request))
   end
 

app/controllers/admin/customers_controller.rb

@@ -67,7 +67,7 @@ module Admin
 
     def collection
       if json_request? && params[:enterprise_id].present?
-        CustomersWithBalance.new(managed_enterprise_id).query.
+        CustomersWithBalance.new(Customer.of(managed_enterprise_id)).query.
           includes(
             :enterprise,
             { bill_address: [:state, :country] },

app/controllers/admin/enterprises_controller.rb

@@ -8,12 +8,12 @@ module Admin
   class EnterprisesController < Admin::ResourceController
     include GeocodeEnterpriseAddress
     include CablecarResponses
+    include Pagy::Backend
 
     # These need to run before #load_resource so that @object is initialised with sanitised values
     prepend_before_action :override_owner, only: :create
     prepend_before_action :override_sells, only: :create
 
-    before_action :load_enterprise_set, only: :index
     before_action :load_countries, except: [:index, :register, :check_permalink]
     before_action :load_methods_and_fees, only: [:edit, :update]
     before_action :load_groups, only: [:new, :edit, :update, :create]
@@ -33,6 +33,8 @@ module Admin
     include OrderCyclesHelper
 
     def index
+      load_enterprise_set_on_index
+
       respond_to do |format|
         format.html
         format.json {
@@ -48,7 +50,7 @@ module Admin
       if params[:stimulus]
         @enterprise.is_primary_producer = params[:is_primary_producer]
         @enterprise.sells = params[:enterprise_sells]
-        render operations: cable_car.morph("#side_menu", partial("admin/shared/side_menu"))
+        render cable_ready: cable_car.morph("#side_menu", partial("admin/shared/side_menu"))
           .morph("#permalink", partial("admin/enterprises/form/permalink"))
       end
     end
@@ -100,7 +102,8 @@ module Admin
     end
 
     def bulk_update
-      @enterprise_set = Sets::EnterpriseSet.new(collection, bulk_params)
+      load_enterprise_set_with_params(bulk_params)
+
       if @enterprise_set.save
         flash[:success] = I18n.t(:enterprise_bulk_update_success_notice)
 
@@ -148,8 +151,15 @@ module Admin
 
     private
 
-    def load_enterprise_set
-      @enterprise_set = Sets::EnterpriseSet.new(collection) if spree_current_user.admin?
+    def load_enterprise_set_on_index
+      return unless spree_current_user.admin?
+
+      load_enterprise_set_with_params
+    end
+
+    def load_enterprise_set_with_params(params = {})
+      @pagy, @paginated_collection = pagy(@collection)
+      @enterprise_set = Sets::EnterpriseSet.new(@paginated_collection, params)
     end
 
     def load_countries

app/controllers/admin/invoice_settings_controller.rb

@@ -18,7 +18,6 @@ module Admin
       params.require(:preferences).permit(
         :enable_invoices?,
         :invoice_style2?,
-        :enable_receipt_printing?,
         :enterprise_number_required_on_invoices?,
       )
     end

app/controllers/admin/manager_invitations_controller.rb

@@ -1,47 +0,0 @@
-# frozen_string_literal: true
-
-module Admin
-  class ManagerInvitationsController < Spree::Admin::BaseController
-    authorize_resource class: false
-
-    def create
-      @email = params[:email]
-      @enterprise = Enterprise.find(params[:enterprise_id])
-
-      authorize! :edit, @enterprise
-
-      existing_user = Spree::User.find_by(email: @email)
-
-      if existing_user
-        render json: { errors: t('admin.enterprises.invite_manager.user_already_exists') },
-               status: :unprocessable_entity
-        return
-      end
-
-      new_user = create_new_manager
-
-      if new_user
-        render json: { user: new_user.id }, status: :ok
-      else
-        render json: { errors: t('admin.enterprises.invite_manager.error') },
-               status: :internal_server_error
-      end
-    end
-
-    private
-
-    def create_new_manager
-      password = Devise.friendly_token
-      new_user = Spree::User.create(email: @email, unconfirmed_email: @email, password: password)
-      new_user.reset_password_token = Devise.friendly_token
-      # Same time as used in Devise's lib/devise/models/recoverable.rb.
-      new_user.reset_password_sent_at = Time.now.utc
-      new_user.save!
-
-      @enterprise.users << new_user
-      EnterpriseMailer.manager_invitation(@enterprise, new_user).deliver_later
-
-      new_user
-    end
-  end
-end

app/controllers/admin/order_cycles_controller.rb

@@ -100,10 +100,13 @@ module Admin
       order_cycle.schedules.each do |schedule|
         Subscription.where(schedule_id: schedule.id).each do |subscription|
           shop = Enterprise.managed_by(spree_current_user).find_by(id: subscription.shop_id)
+          fee_calculator = OpenFoodNetwork::EnterpriseFeeCalculator.new(shop, order_cycle)
           subscription.subscription_line_items.nil_price_estimate.each do |line_item|
             variant = OrderManagement::Subscriptions::
                 VariantsList.eligible_variants(shop).find_by(id: line_item.variant_id)
-            fee_calculator = OpenFoodNetwork::EnterpriseFeeCalculator.new(shop, order_cycle)
+            # If the variant is not available in the shop, the price estimate will be nil
+            next if variant.nil?
+
             price = variant.price + fee_calculator.indexed_fees_for(variant)
             line_item.update_column(:price_estimate, price)
           end

app/controllers/admin/reports_controller.rb

@@ -19,22 +19,22 @@ module Admin
     end
 
     def show
-      @report = report_class.new(spree_current_user, params, request)
+      @report = report_class.new(spree_current_user, params, render: render_data?)
 
       if report_format.present?
         export_report
       else
-        render_report
+        show_report
       end
     end
 
     private
 
     def export_report
-      send_data @report.render_as(report_format, controller: self), filename: report_filename
+      send_data render_report_as(report_format), filename: report_filename
     end
 
-    def render_report
+    def show_report
       assign_view_data
       render "show"
     end
@@ -43,13 +43,28 @@ module Admin
       @report_type = report_type
       @report_subtypes = report_subtypes
       @report_subtype = report_subtype
-      @report_title = if report_subtype
-                        report_subtype_title
-                      else
-                        I18n.t(:name, scope: [:admin, :reports, @report_type])
-                      end
+      @report_title = report_title
       @rendering_options = rendering_options
+      @table = render_report_as(:html) if render_data?
       @data = Reporting::FrontendData.new(spree_current_user)
     end
+
+    def render_data?
+      request.post?
+    end
+
+    def render_report_as(format)
+      if OpenFoodNetwork::FeatureToggle.enabled?(:background_reports, spree_current_user)
+        job = ReportJob.perform_later(
+          report_class, spree_current_user, params, format
+        )
+        sleep 1 until job.done?
+
+        # This result has been rendered by Rails in safe mode already.
+        job.result.html_safe # rubocop:disable Rails/OutputSafety
+      else
+        @report.render_as(format)
+      end
+    end
   end
 end

app/controllers/admin/subscriptions_controller.rb

@@ -16,7 +16,8 @@ module Admin
       respond_to do |format|
         format.html do
           if view_context.subscriptions_setup_complete?(@shops)
-            @order_cycles = OrderCycle.joins(:schedules).managed_by(spree_current_user).includes([:distributors, :cached_incoming_exchanges])
+            @order_cycles = OrderCycle.joins(:schedules).managed_by(spree_current_user)
+              .includes([:distributors, :cached_incoming_exchanges])
             @payment_methods = Spree::PaymentMethod.managed_by(spree_current_user).includes(:taggings)
             @payment_method_tags = payment_method_tags_by_id
             @shipping_methods = Spree::ShippingMethod.managed_by(spree_current_user)
@@ -25,7 +26,10 @@ module Admin
             render :setup_explanation
           end
         end
-        format.json { render_as_json @collection, ams_prefix: params[:ams_prefix], payment_method_tags: payment_method_tags_by_id }
+        format.json {
+          render_as_json @collection, ams_prefix: params[:ams_prefix],
+                                      payment_method_tags: payment_method_tags_by_id
+        }
       end
     end
 

app/controllers/admin/vouchers_controller.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module Admin
+  class VouchersController < ResourceController
+    before_action :load_enterprise
+
+    def new
+      @voucher = Voucher.new
+    end
+
+    def create
+      voucher_params = permitted_resource_params.merge(enterprise: @enterprise)
+      @voucher = Voucher.create(voucher_params)
+
+      if @voucher.save
+        redirect_to(
+          "#{edit_admin_enterprise_path(@enterprise)}#vouchers_panel",
+          flash: { success: flash_message_for(@voucher, :successfully_created) }
+        )
+      else
+        flash[:error] = @voucher.errors.full_messages.to_sentence
+        render :new
+      end
+    end
+
+    private
+
+    def load_enterprise
+      @enterprise = Enterprise.find_by permalink: params[:enterprise_id]
+    end
+
+    def permitted_resource_params
+      params.require(:voucher).permit(:code)
+    end
+  end
+end

app/controllers/api/v1/base_controller.rb

@@ -106,7 +106,9 @@ module Api
       end
 
       def json_api_error(message, **options)
-        { errors: [{ detail: message }] }.merge(options)
+        error_options = options.delete(:error_options) || {}
+
+        { errors: [{ detail: message }.merge(error_options)] }.merge(options)
       end
 
       def json_api_invalid(message, errors)

app/controllers/api/v1/customers_controller.rb

@@ -6,11 +6,17 @@ module Api
   module V1
     class CustomersController < Api::V1::BaseController
       include AddressTransformation
+      include ExtraFields
 
       skip_authorization_check only: :index
 
       before_action :authorize_action, only: [:show, :update, :destroy]
 
+      # Query parameters
+      before_action only: [:index] do
+        @extra_customer_fields = extra_fields :customer, [:balance]
+      end
+
       def index
         @pagy, customers = pagy(search_customers, pagy_options)
 
@@ -51,7 +57,11 @@ module Api
       private
 
       def customer
-        @customer ||= Customer.find(params[:id])
+        @customer ||= if action_name == "show"
+                        CustomersWithBalance.new(Customer.where(id: params[:id])).query.first!
+                      else
+                        Customer.find(params[:id])
+                      end
       end
 
       def authorize_action
@@ -61,7 +71,12 @@ module Api
       def search_customers
         customers = visible_customers.includes(:bill_address, :ship_address)
         customers = customers.where(enterprise_id: params[:enterprise_id]) if params[:enterprise_id]
-        customers.ransack(params[:q]).result
+
+        if @extra_customer_fields.include?(:balance)
+          customers = CustomersWithBalance.new(customers).query
+        end
+
+        customers.ransack(params[:q]).result.order(:id)
       end
 
       def visible_customers

app/controllers/checkout_controller.rb

@@ -5,6 +5,7 @@ require 'open_food_network/address_finder'
 class CheckoutController < ::BaseController
   include OrderStockCheck
   include OrderCompletion
+  include WhiteLabel
 
   layout 'darkswarm'
 
@@ -27,6 +28,8 @@ class CheckoutController < ::BaseController
   before_action :associate_user
   before_action :check_authorization
 
+  before_action :hide_ofn_navigation, only: :edit
+
   helper 'spree/orders'
 
   def edit; end

app/controllers/concerns/extra_fields.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+# To be included in api controllers for handeling query params
+module ExtraFields
+  extend ActiveSupport::Concern
+
+  def invalid_query_param(name, status, msg)
+    render status: status, json: json_api_error(msg, error_options:
+      {
+        title: I18n.t("api.query_param.error.title"),
+        source: { parameter: name },
+        status: status,
+        code: Rack::Utils::SYMBOL_TO_STATUS_CODE[status]
+      })
+  end
+
+  def extra_fields(type, available_fields)
+    fields = params.dig(:extra_fields, type)&.split(',')&.compact&.map(&:to_sym)
+    return [] if fields.blank?
+
+    unknown_fields = fields - available_fields
+
+    if unknown_fields.present?
+      invalid_query_param(
+        "extra_fields[#{type}]", :unprocessable_entity,
+        I18n.t("api.query_param.error.extra_fields", fields: unknown_fields.join(', '))
+      )
+    end
+
+    fields
+  end
+end

app/controllers/concerns/manager_invitations.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module ManagerInvitations
+  extend ActiveSupport::Concern
+
+  def create_new_manager(email, enterprise)
+    password = Devise.friendly_token
+    new_user = Spree::User.create(email: email, unconfirmed_email: email, password: password)
+    new_user.reset_password_token = Devise.friendly_token
+    # Same time as used in Devise's lib/devise/models/recoverable.rb.
+    new_user.reset_password_sent_at = Time.now.utc
+    if new_user.save
+      enterprise.users << new_user
+      EnterpriseMailer.manager_invitation(enterprise, new_user).deliver_later
+    end
+
+    new_user
+  end
+end

app/controllers/concerns/order_stock_check.rb

@@ -31,7 +31,7 @@ module OrderStockCheck
     flash[:info] = I18n.t('order_cycle_closed')
     respond_to do |format|
       format.cable_ready {
-        render status: :see_other, operations: cable_car.redirect_to(url: main_app.shop_path)
+        render status: :see_other, cable_ready: cable_car.redirect_to(url: main_app.shop_path)
       }
       format.json { render json: { path: main_app.shop_path }, status: :see_other }
       format.html { redirect_to main_app.shop_path, status: :see_other }

app/controllers/concerns/reports_actions.rb

@@ -39,6 +39,14 @@ module ReportsActions
     params[:report_subtype] || report_subtypes_codes.first
   end
 
+  def report_title
+    if report_subtype
+      report_subtype_title
+    else
+      I18n.t(:name, scope: [:admin, :reports, report_type])
+    end
+  end
+
   def report_subtype_title
     report_subtypes.select { |_name, key| key.to_sym == report_subtype.to_sym }.first[0]
   end

app/controllers/concerns/white_label.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module WhiteLabel
+  extend ActiveSupport::Concern
+  include EnterprisesHelper
+
+  def hide_ofn_navigation(distributor = current_distributor)
+    return false unless OpenFoodNetwork::FeatureToggle.enabled?(:white_label)
+
+    # if the distributor has the hide_ofn_navigation preference set to true
+    # then we should hide the OFN navigation
+    @hide_ofn_navigation = distributor.hide_ofn_navigation
+  end
+end

app/controllers/enterprises_controller.rb

@@ -7,6 +7,7 @@ class EnterprisesController < BaseController
   helper Spree::ProductsHelper
   include OrderCyclesHelper
   include SerializerHelper
+  include WhiteLabel
 
   protect_from_forgery except: :check_permalink
 
@@ -14,6 +15,7 @@ class EnterprisesController < BaseController
   prepend_before_action :set_order_cycles, :require_distributor_chosen, :reset_order, only: :shop
 
   before_action :clean_permalink, only: :check_permalink
+  before_action :hide_ofn_navigation, only: :shop
 
   respond_to :js, only: :permalink_checker
 

app/controllers/errors_controller.rb

@@ -4,6 +4,11 @@ class ErrorsController < ApplicationController
   layout "errors"
 
   def not_found
+    Bugsnag.notify("404") do |event|
+      event.severity = "info"
+
+      event.add_metadata(:request, request.env)
+    end
     render status: :not_found
   end
 

app/controllers/split_checkout_controller.rb

@@ -10,6 +10,7 @@ class SplitCheckoutController < ::BaseController
   include CheckoutCallbacks
   include OrderCompletion
   include CablecarResponses
+  include WhiteLabel
 
   helper 'terms_and_conditions'
   helper 'checkout'
@@ -18,6 +19,7 @@ class SplitCheckoutController < ::BaseController
   helper OrderHelper
 
   before_action :set_checkout_redirect
+  before_action :hide_ofn_navigation, only: [:edit, :update]
 
   def edit
     redirect_to_step_based_on_order unless params[:step]
@@ -36,20 +38,71 @@ class SplitCheckoutController < ::BaseController
       advance_order_state
       redirect_to_step
     else
-      flash.now[:error] ||= I18n.t('split_checkout.errors.global')
-
-      render status: :unprocessable_entity, operations: cable_car.
-        replace("#checkout", partial("split_checkout/checkout")).
-        replace("#flashes", partial("shared/flashes", locals: { flashes: flash }))
+      render_error
     end
   rescue Spree::Core::GatewayError => e
     flash[:error] = I18n.t(:spree_gateway_error_flash_for_checkout, error: e.message)
     @order.update_column(:state, "payment")
-    render operations: cable_car.redirect_to(url: checkout_step_path(:payment))
+    render cable_ready: cable_car.redirect_to(url: checkout_step_path(:payment))
   end
 
   private
 
+  def render_error
+    flash.now[:error] ||= I18n.t(
+      'split_checkout.errors.saving_failed',
+      messages: order_error_messages
+    )
+
+    render status: :unprocessable_entity, cable_ready: cable_car.
+      replace("#checkout", partial("split_checkout/checkout")).
+      replace("#flashes", partial("shared/flashes", locals: { flashes: flash }))
+  end
+
+  def order_error_messages
+    # Remove ship_address.* errors if no shipping method is not selected
+    remove_ship_address_errors if no_ship_address_needed?
+
+    # Reorder errors to make sure the most important ones are shown first
+    # and finally, return the error messages to sentence
+    reorder_errors.map(&:full_message).to_sentence
+  end
+
+  def no_ship_address_needed?
+    @order.errors[:shipping_method].present? || params[:ship_address_same_as_billing] == "1"
+  end
+
+  def remove_ship_address_errors
+    @order.errors.delete("ship_address.firstname")
+    @order.errors.delete("ship_address.address1")
+    @order.errors.delete("ship_address.city")
+    @order.errors.delete("ship_address.phone")
+    @order.errors.delete("ship_address.lastname")
+    @order.errors.delete("ship_address.zipcode")
+  end
+
+  def reorder_errors
+    @order.errors.sort_by do |e|
+      case e.attribute
+      when /email/i then 0
+      when /phone/i then 1
+      when /bill_address/i then 2 + bill_address_error_order(e)
+      else 20
+      end
+    end
+  end
+
+  def bill_address_error_order(error)
+    case error.attribute
+    when /firstname/i then 0
+    when /lastname/i then 1
+    when /address1/i then 2
+    when /city/i then 3
+    when /zipcode/i then 4
+    else 5
+    end
+  end
+
   def flash_error_when_no_shipping_method_available
     flash[:error] = I18n.t('split_checkout.errors.no_shipping_methods_available')
   end
@@ -79,7 +132,7 @@ class SplitCheckoutController < ::BaseController
     return unless selected_payment_method&.external_gateway?
     return unless (redirect_url = selected_payment_method.external_payment_url(order: @order))
 
-    render operations: cable_car.redirect_to(url: redirect_url)
+    render cable_ready: cable_car.redirect_to(url: redirect_url)
     true
   end
 
@@ -90,6 +143,10 @@ class SplitCheckoutController < ::BaseController
   def update_order
     return if params[:confirm_order] || @order.errors.any?
 
+    # If we have "pick up" shipping method (require_ship_address is set to false), use the
+    # distributor address as shipping address
+    use_shipping_address_from_distributor if shipping_method_ship_address_not_required?
+
     @order.select_shipping_method(params[:shipping_method_id])
     @order.update(order_params)
     @order.updater.update_totals_and_states
@@ -99,6 +156,29 @@ class SplitCheckoutController < ::BaseController
     @order.errors.empty?
   end
 
+  def use_shipping_address_from_distributor
+    @order.ship_address = @order.address_from_distributor
+
+    # Add the missing data
+    bill_address = params[:order][:bill_address_attributes]
+    @order.ship_address.firstname = bill_address[:firstname]
+    @order.ship_address.lastname = bill_address[:lastname]
+    @order.ship_address.phone = bill_address[:phone]
+
+    # Remove shipping address from parameter so we don't override the address we just set
+    params[:order].delete(:ship_address_attributes)
+  end
+
+  def shipping_method_ship_address_not_required?
+    selected_shipping_method = available_shipping_methods&.select do |sm|
+      sm.id.to_s == params[:shipping_method_id]
+    end
+
+    return false if selected_shipping_method.empty?
+
+    selected_shipping_method.first.require_ship_address == false
+  end
+
   def summary_step?
     params[:step] == "summary"
   end

app/controllers/spree/admin/general_settings_controller.rb

@@ -6,7 +6,6 @@ module Spree
       def edit
         @preferences_general = [:site_name, :default_seo_title, :default_meta_keywords,
                                 :default_meta_description, :site_url]
-        @preferences_security = [:allow_ssl_in_production, :allow_ssl_in_staging]
         @preferences_currency = [:display_currency, :hide_cents]
       end
 

app/controllers/spree/admin/orders_controller.rb

@@ -9,15 +9,13 @@ module Spree
       helper CheckoutHelper
 
       before_action :load_order, only: [:edit, :update, :fire, :resend,
-                                        :invoice, :print, :print_ticket]
+                                        :invoice, :print]
       before_action :load_distribution_choices, only: [:new, :edit, :update]
 
       # Ensure that the distributor is set for an order when
       before_action :ensure_distribution, only: :new
       before_action :require_distributor_abn, only: :invoice
 
-      content_security_policy false, only: :print_ticket
-
       respond_to :html, :json
 
       def new
@@ -67,18 +65,6 @@ module Spree
         load_spree_api_key
       end
 
-      def bulk_cancel
-        order_ids = params[:order_ids].split(',')
-
-        Spree::Order.where(id: order_ids).find_each do |order|
-          order.send_cancellation_email = params[:send_cancellation_email] != "false"
-          order.restock_items = params.fetch(:restock_items, "true") == "true"
-          order.cancel
-        end
-
-        flash[:success] = Spree.t(:order_updated)
-      end
-
       def fire
         event = params[:e]
         @order.send_cancellation_email = params[:send_cancellation_email] != "false"
@@ -117,10 +103,6 @@ module Spree
         render_with_wicked_pdf InvoiceRenderer.new.args(@order)
       end
 
-      def print_ticket
-        render template: "spree/admin/orders/ticket", layout: false
-      end
-
       private
 
       def order_params

app/controllers/spree/admin/zones_controller.rb

@@ -13,7 +13,7 @@ module Spree
 
       def collection
         params[:q] ||= {}
-        params[:q][:s] ||= "ascend_by_name"
+        params[:q][:s] ||= "name asc"
         @search = super.ransack(params[:q])
         @pagy, @zones = pagy(@search.result, items: Spree::Config[:orders_per_page])
         @zones

app/controllers/spree/orders_controller.rb

@@ -5,6 +5,7 @@ module Spree
     include OrderCyclesHelper
     include Rails.application.routes.url_helpers
     include CablecarResponses
+    include WhiteLabel
 
     layout 'darkswarm'
 
@@ -14,7 +15,8 @@ module Spree
     respond_to :html, :json
 
     before_action :check_authorization
-    before_action :set_current_order, only: :update
+    before_action :set_order_from_params, only: :show
+    before_action :set_current_order, only: [:edit, :update]
     before_action :filter_order_params, only: :update
 
     prepend_before_action :require_order_authentication, only: :show
@@ -23,10 +25,12 @@ module Spree
     before_action :check_hub_ready_for_checkout, only: :edit
     before_action :check_at_least_one_line_item, only: :update
 
-    def show
-      @order = Spree::Order.find_by!(number: params[:id])
+    before_action only: [:show, :edit] do
+      hide_ofn_navigation(@order.distributor)
     end
 
+    def show; end
+
     def empty
       if @order = current_order
         @order.empty!
@@ -37,7 +41,6 @@ module Spree
 
     # Patching to redirect to shop if order is empty
     def edit
-      @order = current_order(true)
       @insufficient_stock_lines = @order.insufficient_stock_lines
       @unavailable_order_variants = OrderCycleDistributedVariants.
         new(current_order_cycle, current_distributor).unavailable_order_variants(@order)
@@ -101,11 +104,15 @@ module Spree
         flash[:error] = I18n.t(:orders_could_not_cancel)
       end
       render status: :found,
-             operations: cable_car.redirect_to(url: request.referer || main_app.order_path(@order))
+             cable_ready: cable_car.redirect_to(url: request.referer || main_app.order_path(@order))
     end
 
     private
 
+    def set_order_from_params
+      @order = Spree::Order.find_by!(number: params[:id])
+    end
+
     def set_current_order
       @order = current_order(true)
     end

app/controllers/spree/user_sessions_controller.rb

@@ -24,11 +24,11 @@ module Spree
       if spree_user_signed_in?
         flash[:success] = t('devise.success.logged_in_succesfully')
 
-        render operations: cable_car.redirect_to(
+        render cable_ready: cable_car.redirect_to(
           url: return_url_or_default(after_sign_in_path_for(spree_current_user))
         )
       else
-        render status: :unauthorized, operations: cable_car.inner_html(
+        render status: :unauthorized, cable_ready: cable_car.inner_html(
           "#login-feedback",
           partial("layouts/alert", locals: { type: "alert", message: t('devise.failure.invalid') })
         )
@@ -60,7 +60,7 @@ module Spree
     end
 
     def render_unconfirmed_response
-      render status: :unprocessable_entity, operations: cable_car.inner_html(
+      render status: :unprocessable_entity, cable_ready: cable_car.inner_html(
         "#login-feedback",
         partial("layouts/alert", locals: { type: "alert", message: t(:email_unconfirmed),
                                            unconfirmed: true, tab: "login" })

app/controllers/spree/users_controller.rb

@@ -30,10 +30,11 @@ module Spree
       registered = Spree::User.find_by(email: params[:email]).present?
 
       if registered
-        render status: :ok, operations: cable_car.
+        render status: :ok, cable_ready: cable_car.
           inner_html(
             "#login-feedback",
-            partial("layouts/alert", locals: { type: "alert", message: t('devise.failure.already_registered') })
+            partial("layouts/alert", 
+              locals: { type: "alert", message: t('devise.failure.already_registered') })
           ).
           dispatch_event(name: "login:modal:open")
       else
@@ -45,12 +46,14 @@ module Spree
       @user = Spree::User.new(user_params)
 
       if @user.save
-        render operations: cable_car.inner_html(
+        render cable_ready: cable_car.inner_html(
           "#signup-feedback",
-          partial("layouts/alert", locals: { type: "success", message: t('devise.user_registrations.spree_user.signed_up_but_unconfirmed') })
+          partial("layouts/alert", 
+            locals: { type: "success",
+            message: t('devise.user_registrations.spree_user.signed_up_but_unconfirmed') })
         )
       else
-        render status: :unprocessable_entity, operations: cable_car.morph(
+        render status: :unprocessable_entity, cable_ready: cable_car.morph(
           "#signup-tab",
           partial("layouts/signup_tab", locals: { signup_form_user: @user })
         )

app/controllers/user_confirmations_controller.rb

@@ -22,9 +22,10 @@ class UserConfirmationsController < DeviseController
         set_flash_message(:error, :confirmation_not_sent)
       end
     else
-      render operations: cable_car.inner_html(
+      render cable_ready: cable_car.inner_html(
         "##{params[:tab] || 'forgot'}-feedback",
-        partial("layouts/alert", locals: { type: "success", message: t("devise.confirmations.send_instructions") })
+        partial("layouts/alert", 
+          locals: { type: "success", message: t("devise.confirmations.send_instructions") })
       )
       return
     end

app/controllers/user_passwords_controller.rb

@@ -11,12 +11,12 @@ class UserPasswordsController < Spree::UserPasswordsController
     self.resource = resource_class.send_reset_password_instructions(raw_params[resource_name])
 
     if resource.errors.empty?
-      render operations: cable_car.inner_html(
+      render cable_ready: cable_car.inner_html(
         "#forgot-feedback",
         partial("layouts/alert", locals: { type: "success", message: t(:password_reset_sent) })
       )
     else
-      render status: :not_found, operations: cable_car.inner_html(
+      render status: :not_found, cable_ready: cable_car.inner_html(
         "#forgot-feedback",
         partial("layouts/alert", locals: { type: "alert", message: t(:email_not_found) })
       )
@@ -26,7 +26,7 @@ class UserPasswordsController < Spree::UserPasswordsController
   private
 
   def render_unconfirmed_response
-    render status: :unprocessable_entity, operations: cable_car.inner_html(
+    render status: :unprocessable_entity, cable_ready: cable_car.inner_html(
       "#forgot-feedback",
       partial("layouts/alert",
               locals: { type: "alert", message: t(:email_unconfirmed),

app/controllers/webhook_endpoints_controller.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+class WebhookEndpointsController < ::BaseController
+  before_action :load_resource, only: :destroy
+
+  def create
+    webhook_endpoint = spree_current_user.webhook_endpoints.new(webhook_endpoint_params)
+
+    if webhook_endpoint.save
+      flash[:success] = t('.success')
+    else
+      flash[:error] = t('.error')
+    end
+
+    redirect_to redirect_path
+  end
+
+  def destroy
+    if @webhook_endpoint.destroy
+      flash[:success] = t('.success')
+    else
+      flash[:error] = t('.error')
+    end
+
+    redirect_to redirect_path
+  end
+
+  def load_resource
+    @webhook_endpoint = spree_current_user.webhook_endpoints.find(params[:id])
+  end
+
+  def webhook_endpoint_params
+    params.require(:webhook_endpoint).permit(:url)
+  end
+
+  def redirect_path
+    if request.referer.blank? || request.referer.include?(spree.account_path)
+      developer_settings_path
+    else
+      request.referer
+    end
+  end
+
+  def developer_settings_path
+    "#{spree.account_path}#/developer_settings"
+  end
+end

app/helpers/admin/enterprises_helper.rb

@@ -14,6 +14,7 @@ module Admin
       producers.size == 1 ? producers.first.id : nil
     end
 
+    # rubocop:disable Metrics/MethodLength
     def enterprise_side_menu_items(enterprise)
       is_shop = enterprise.sells != "none"
       show_properties = !!enterprise.is_primary_producer
@@ -22,6 +23,14 @@ module Admin
       show_enterprise_fees = can?(:manage_enterprise_fees,
                                   enterprise) && (is_shop || enterprise.is_primary_producer)
 
+      build_enterprise_side_menu_items(is_shop, show_properties, show_shipping_methods,
+                                       show_payment_methods, show_enterprise_fees)
+    end
+
+    private
+
+    def build_enterprise_side_menu_items(is_shop, show_properties, show_shipping_methods,
+                                         show_payment_methods, show_enterprise_fees)
       [
         { name: 'primary_details', icon_class: "icon-home", show: true, selected: 'selected' },
         { name: 'address', icon_class: "icon-map-marker", show: true },
@@ -34,13 +43,21 @@ module Admin
         { name: 'shipping_methods', icon_class: "icon-truck", show: show_shipping_methods },
         { name: 'payment_methods',  icon_class: "icon-money", show: show_payment_methods },
         { name: 'enterprise_fees',  icon_class: "icon-tasks", show: show_enterprise_fees },
+        { name: 'vouchers', icon_class: "icon-ticket", show: true },
         { name: 'enterprise_permissions', icon_class: "icon-plug", show: true,
           href: admin_enterprise_relationships_path },
         { name: 'inventory_settings', icon_class: "icon-list-ol", show: is_shop },
         { name: 'tag_rules', icon_class: "icon-random", show: is_shop },
         { name: 'shop_preferences', icon_class: "icon-shopping-cart", show: is_shop },
-        { name: 'users', icon_class: "icon-user", show: true }
-      ]
+        { name: 'users', icon_class: "icon-user", show: true },
+      ] + [add_white_label_if_feature_activated].compact
     end
+
+    def add_white_label_if_feature_activated
+      return nil unless OpenFoodNetwork::FeatureToggle.enabled?(:white_label)
+
+      { name: 'white_label', icon_class: "icon-leaf", show: true }
+    end
+    # rubocop:enable Metrics/MethodLength
   end
 end

app/helpers/angular_form_builder.rb

@@ -29,7 +29,8 @@ class AngularFormBuilder < ActionView::Helpers::FormBuilder
                          @template.ng_options_for_select(choices, angular_field), options
   end
 
-  def ng_collection_select(method, collection, value_method, text_method, angular_field, options = {})
+  def ng_collection_select(method, collection, value_method,
+                           text_method, angular_field, options = {})
     options.reverse_merge!('id' => angular_id(method), 'ng-model' => angular_model(method).to_s)
 
     @template.select_tag angular_name(method),

app/helpers/checkout_helper.rb

@@ -11,6 +11,7 @@ module CheckoutHelper
 
   def checkout_adjustments_for(order, opts = {})
     exclude = opts[:exclude] || {}
+    reject_zero_amount = opts.fetch(:reject_zero_amount, true)
 
     adjustments = order.all_adjustments.eligible.to_a
 
@@ -32,6 +33,10 @@ module CheckoutHelper
       }
     end
 
+    if reject_zero_amount
+      adjustments.reject! { |a| a.amount == 0 }
+    end
+
     adjustments
   end
 
@@ -134,8 +139,8 @@ module CheckoutHelper
   def stripe_card_options(cards)
     cards.map do |cc|
       [
-        "#{cc.brand} #{cc.last_digits} #{I18n.t(:card_expiry_abbreviation)}:#{cc.month.to_s.rjust(2, '0')}/#{cc.year}",
-        cc.id
+        "#{cc.brand} #{cc.last_digits} #{I18n.t(:card_expiry_abbreviation)}:"\
+        "#{cc.month.to_s.rjust(2, '0')}/#{cc.year}", cc.id
       ]
     end
   end

app/helpers/reports_helper.rb

@@ -26,6 +26,12 @@ module ReportsHelper
     end.uniq
   end
 
+  def customer_email_options(order_customers)
+    order_customers.map do |customer|
+      [customer&.email, customer&.id]
+    end
+  end
+
   def currency_symbol
     Spree::Money.currency_symbol
   end

app/helpers/spree/admin/orders_helper.rb

@@ -27,7 +27,7 @@ module Spree
       private
 
       def complete_order_links
-        [resend_confirmation_link] + invoice_links + ticket_links
+        [resend_confirmation_link] + invoice_links
       end
 
       def invoice_links
@@ -52,12 +52,6 @@ module Spree
         end
       end
 
-      def ticket_links
-        return [] unless Spree::Config[:enable_receipt_printing?]
-
-        [print_ticket_link, select_ticket_printer_link]
-      end
-
       def edit_order_link
         { name: t(:edit_order),
           url: spree.edit_admin_order_path(@order),
@@ -100,20 +94,6 @@ module Spree
           confirm: t(:must_have_valid_business_number, enterprise_name: @order.distributor.name) }
       end
 
-      def print_ticket_link
-        { name: t(:print_ticket),
-          url: print_ticket_admin_order_path(@order),
-          icon: 'icon-print',
-          target: "_blank" }
-      end
-
-      def select_ticket_printer_link
-        { name: t(:select_ticket_printer),
-          url: "#{print_ticket_admin_order_path(@order)}#select-printer",
-          icon: 'icon-print',
-          target: "_blank" }
-      end
-
       def ship_order_link
         { name: t(:ship_order),
           url: spree.fire_admin_order_path(@order, e: 'ship'),
@@ -133,7 +113,7 @@ module Spree
         event_label = I18n.t("cancel", scope: "actions")
         button_link_to(event_label,
                        fire_admin_order_url(@order, e: "cancel"),
-                       method: :put, icon: "icon-cancel", form_id: "cancel_order_form")
+                       method: :put, icon: "icon-remove", form_id: "cancel_order_form")
       end
 
       def resume_event_link

app/helpers/tax_helper.rb

@@ -12,6 +12,16 @@ module TaxHelper
     end
   end
 
+  def display_line_items_taxes(line_item, display_zero: true)
+    if line_item.included_tax.positive?
+      Spree::Money.new(line_item.included_tax, currency: line_item.currency)
+    elsif line_item.added_tax.positive?
+      Spree::Money.new(line_item.added_tax, currency: line_item.currency)
+    elsif display_zero
+      Spree::Money.new(0.00, currency: line_item.currency)
+    end
+  end
+
   def display_total_with_tax(taxable)
     total = taxable.amount + taxable.additional_tax_total
     Spree::Money.new(total, currency: taxable.currency)

app/jobs/application_job.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# Rails standard class for common job code.
+class ApplicationJob < ActiveJob::Base
+  # Automatically retry jobs that encountered a deadlock
+  # retry_on ActiveRecord::Deadlocked
+
+  # Most jobs are safe to ignore if the underlying records are no longer available
+  # discard_on ActiveJob::DeserializationError
+end

app/jobs/bulk_invoice_job.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class BulkInvoiceJob < ActiveJob::Base
+class BulkInvoiceJob < ApplicationJob
   def perform(order_ids, filepath)
     pdf = CombinePDF.new
 

app/jobs/heartbeat_job.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class HeartbeatJob < ActiveJob::Base
+class HeartbeatJob < ApplicationJob
   def perform
     Spree::Config.last_job_queue_heartbeat_at = Time.now.in_time_zone
   end

app/jobs/order_cycle_closing_job.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-class OrderCycleClosingJob < ActiveJob::Base
+class OrderCycleClosingJob < ApplicationJob
   def perform
     return if recently_closed_order_cycles.empty?
 

app/jobs/order_cycle_notification_job.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # Delivers an email with a report of the order cycle to each of its suppliers
-class OrderCycleNotificationJob < ActiveJob::Base
+class OrderCycleNotificationJob < ApplicationJob
   def perform(order_cycle_id)
     order_cycle = OrderCycle.find(order_cycle_id)
     order_cycle.suppliers.each do |supplier|

app/jobs/order_cycle_opened_job.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+# Trigger jobs for any order cycles that recently opened
+class OrderCycleOpenedJob < ApplicationJob
+  def perform
+    ActiveRecord::Base.transaction do
+      recently_opened_order_cycles.find_each do |order_cycle|
+        OrderCycleWebhookService.create_webhook_job(order_cycle, 'order_cycle.opened')
+      end
+      mark_as_opened(recently_opened_order_cycles)
+    end
+  end
+
+  private
+
+  def recently_opened_order_cycles
+    @recently_opened_order_cycles ||= OrderCycle
+      .where(opened_at: nil)
+      .where(orders_open_at: 1.hour.ago..Time.zone.now)
+      .lock.order(:id)
+  end
+
+  def mark_as_opened(order_cycles)
+    now = Time.zone.now
+    order_cycles.update_all(opened_at: now, updated_at: now)
+  end
+end

app/jobs/report_job.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+# Renders a report and saves it to a temporary file.
+class ReportJob < ActiveJob::Base
+  def perform(report_class, user, params, format)
+    report = report_class.new(user, params, render: true)
+    result = report.render_as(format)
+    write(result)
+  end
+
+  def done?
+    @done ||= File.file?(filename)
+  end
+
+  def result
+    @result ||= read_result
+  end
+
+  private
+
+  def write(result)
+    File.write(filename, result, mode: "wb")
+  end
+
+  def read_result
+    File.read(filename)
+  ensure
+    File.unlink(filename)
+  end
+
+  def filename
+    Rails.root.join("tmp/report-#{job_id}")
+  end
+end

app/jobs/subscription_confirm_job.rb

@@ -3,7 +3,7 @@
 require 'order_management/subscriptions/summarizer'
 
 # Confirms orders of unconfirmed proxy orders in recently closed Order Cycles
-class SubscriptionConfirmJob < ActiveJob::Base
+class SubscriptionConfirmJob < ApplicationJob
   def perform
     confirm_proxy_orders!
   end

app/jobs/subscription_placement_job.rb

@@ -2,7 +2,7 @@
 
 require 'order_management/subscriptions/summarizer'
 
-class SubscriptionPlacementJob < ActiveJob::Base
+class SubscriptionPlacementJob < ApplicationJob
   def perform
     proxy_orders.each do |proxy_order|
       place_order_for(proxy_order)

app/jobs/webhook_delivery_job.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require "faraday"
+require "private_address_check"
+require "private_address_check/tcpsocket_ext"
+
+# Deliver a webhook payload
+# As a delayed job, it can run asynchronously and handle retries.
+class WebhookDeliveryJob < ApplicationJob
+  # General failed request error that we're going to use to signal
+  # the job runner to retry our webhook worker.
+  class FailedWebhookRequestError < StandardError; end
+
+  queue_as :default
+
+  def perform(url, event, payload)
+    body = {
+      id: job_id,
+      at: Time.zone.now.to_s,
+      event: event,
+      data: payload,
+    }
+
+    # Request user-submitted url, preventing any private connections being made
+    # (SSRF).
+    # This method may allow the socket to open, but is necessary in order to
+    # protect from TOC/TOU.
+    # Note that private_address_check provides some methods for pre-validating,
+    # but they're not as comprehensive and so unnecessary here. Simply
+    # momentarily opening sockets probably can't cause DoS or other damage.
+    PrivateAddressCheck.only_public_connections do
+      notify_endpoint(url, body)
+    end
+  end
+
+  def notify_endpoint(url, body)
+    connection = Faraday.new(
+      request: { timeout: 30 },
+      headers: {
+        'User-Agent' => 'openfoodnetwork_webhook/1.0',
+        'Content-Type' => 'application/json',
+      }
+    )
+    response = connection.post(url, body.to_json)
+
+    # Raise a failed request error and let job runner handle retrying.
+    # In theory, only 5xx errors should be retried, but who knows.
+    raise FailedWebhookRequestError, response.status.to_s unless response.success?
+  end
+end

app/json_schemas/customer_schema.rb

@@ -61,4 +61,9 @@ class CustomerSchema < JsonApiSchema
   def self.relationships
     [:enterprise]
   end
+
+  # Optional attributes included with eg: CustomerSchema.schema(extra_fields: :balance)
+  def self.balance
+    { balance: { type: :number, format: :double } }
+  end
 end

app/json_schemas/json_api_schema.rb

@@ -19,84 +19,77 @@ class JsonApiSchema
     end
 
     def schema(options = {})
-      {
-        type: :object,
-        properties: {
-          data: {
-            type: :object,
-            properties: data_properties(**options)
-          },
-          meta: { type: :object },
-          links: { type: :object }
-        },
-        required: [:data]
-      }
+      Structure.schema(data_properties(**options))
     end
 
     def collection(options)
-      {
-        type: :object,
-        properties: {
-          data: {
-            type: :array,
-            items: {
-              type: :object,
-              properties: data_properties(**options)
-            }
-          },
-          meta: {
-            type: :object,
-            properties: {
-              pagination: {
-                type: :object,
-                properties: {
-                  results: { type: :integer, example: 250 },
-                  pages: { type: :integer, example: 5 },
-                  page: { type: :integer, example: 2 },
-                  per_page: { type: :integer, example: 50 },
-                }
-              }
-            },
-            required: [:pagination]
-          },
-          links: {
-            type: :object,
-            properties: {
-              self: { type: :string },
-              first: { type: :string },
-              prev: { type: :string, nullable: true },
-              next: { type: :string, nullable: true },
-              last: { type: :string }
-            }
-          }
-        },
-        required: [:data, :meta, :links]
-      }
+      Structure.collection(data_properties(**options))
     end
 
     private
 
-    def data_properties(require_all: false)
+    def data_properties(require_all: false, extra_fields: nil)
+      extra_fields_result = get_extra_fields(extra_fields)
+      attributes = get_attributes(extra_fields_result)
+      required = get_required(require_all, extra_fields, extra_fields_result)
+
+      Structure.data_properties(object_name, attributes, required, relationship_properties)
+    end
+
+    def relationship_properties
+      relationships.to_h { |name| [name, relationship_schema(name)] }
+    end
+
+    # Example
+    # MySchema.schema(extra_fields: :my_method)
+    # => extra_fields_result = MySchema.my_method
+    # => attributes = attributes.merge(extra_fields_result)
+    #
+    # MySchema.schema(extra_fields: {name: :my_method, required: true, opts: {method_opt: true}})
+    # => extra_fields_result = MySchema.my_method(method_opt: true)
+    # => attributes = attributes.merge(extra_fields_result)
+    # => required += extra_fields_result.keys
+    #
+    # MySchema.schema(extra_fields: [:my_method, :another_method])
+    # => extra_fields_result = MySchema.my_method.merge(another_method)
+    # => attributes = attribtues.merge(extra_fields_result)
+    #
+    # To test use eg:
+    # MySchema.schema(extra_fields: :my_method)
+    #   .dig(:properties, :data, :properties, :attributes)
+    def get_extra_fields(extra_fields)
+      case extra_fields
+      when Symbol
+        public_send(extra_fields)
+      when Hash
+        public_send(extra_fields[:name], **extra_fields[:opts].to_h)
+      when Array
+        obj = {}
+
+        extra_fields.each do |w|
+          obj.merge!(get_extra_fields(w))
+        end
+
+        obj
+      end
+    end
+
+    def get_required(require_all, extra_fields, extra_fields_result)
       required = require_all ? all_attributes : required_attributes
 
-      {
-        id: { type: :string, example: "1" },
-        type: { type: :string, example: object_name },
-        attributes: {
-          type: :object,
-          properties: attributes,
-          required: required
-        },
-        relationships: {
-          type: :object,
-          properties: relationships.to_h do |name|
-            [
-              name,
-              relationship_schema(name)
-            ]
-          end
-        }
-      }
+      if extra_fields.is_a?(Hash) && extra_fields[:required] == true && extra_fields_result.present?
+        required += extra_fields_result.keys
+      end
+
+      required
+    end
+
+    def get_attributes(extra_fields_result)
+      if [extra_fields_result, attributes].all?{ |obj| obj.respond_to?(:merge) }
+        attributes.merge(extra_fields_result)
+      else
+        attributes
+      end
     end
 
     def relationship_schema(name)

app/json_schemas/json_api_schema/structure.rb

@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+# rubocop:disable Metrics/MethodLength
+
+class JsonApiSchema
+  module Structure
+    extend self
+
+    def schema(data_properties)
+      {
+        type: :object,
+        properties: {
+          data: {
+            type: :object,
+            properties: data_properties
+          },
+          meta: { type: :object },
+          links: { type: :object }
+        },
+        required: [:data]
+      }
+    end
+
+    def collection(data_properties)
+      {
+        type: :object,
+        properties: {
+          data: {
+            type: :array,
+            items: {
+              type: :object,
+              properties: data_properties
+            }
+          },
+          meta: {
+            type: :object,
+            properties: {
+              pagination: {
+                type: :object,
+                properties: {
+                  results: { type: :integer, example: 250 },
+                  pages: { type: :integer, example: 5 },
+                  page: { type: :integer, example: 2 },
+                  per_page: { type: :integer, example: 50 },
+                }
+              }
+            },
+            required: [:pagination]
+          },
+          links: {
+            type: :object,
+            properties: {
+              self: { type: :string },
+              first: { type: :string },
+              prev: { type: :string, nullable: true },
+              next: { type: :string, nullable: true },
+              last: { type: :string }
+            }
+          }
+        },
+        required: [:data, :meta, :links]
+      }
+    end
+
+    def data_properties(object_name, attributes, required, relationship_properties)
+      {
+        id: { type: :string, example: "1" },
+        type: { type: :string, example: object_name },
+        attributes: {
+          type: :object,
+          properties: attributes,
+          required: required
+        },
+        relationships: {
+          type: :object,
+          properties: relationship_properties
+        }
+      }
+    end
+  end
+end
+
+# rubocop:enable Metrics/MethodLength