Update translations

Translation cleanup

.env.development

@@ -1,7 +1,11 @@
 # ENV vars for the development environment
 # Override locally with `.env.development.local`
+#
+# You may also want to use this when testing other environments locally:
+#
+#     cp .env.development .env.local
 
-SECRET_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+SECRET_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
 
 OFN_REDIS_URL="redis://localhost:6379/1"
 OFN_REDIS_JOBS_URL="redis://localhost:6379/2"

.env.test

@@ -1,6 +1,8 @@
 # ENV vars for the test environment
 # Override locally with `.env.test.local`
 
-SECRET_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+SECRET_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+STRIPE_SECRET_TEST_API_KEY="bogus_key"
+STRIPE_CUSTOMER="bogus_customer"
 
 SITE_URL="test.host"

.github/FUNDING.yml

@@ -0,0 +1,13 @@
+# These are supported funding model platforms
+
+github: openfoodfoundation
+patreon: # Replace with a single Patreon username
+open_collective: #
+ko_fi: # Replace with a single Ko-fi username
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']

.github/ISSUE_TEMPLATE/release.md

@@ -10,7 +10,6 @@ assignees: ''
 ## Preparation on Thursday
 
 - [ ] Merge pull requests in the [Ready To Go] column
-- [ ] Merge [Transifex pull request]
 - [ ] Include translations: `tx pull --force`
 - [ ] [Draft new release]. Look at previous [releases] for inspiration.
 - [ ] Notify [#instance-managers] of user-facing changes.
@@ -18,24 +17,12 @@ assignees: ''
 ## Testing
 
 - [ ] [Find build] of the release commit and copy it below.
-- [ ] Move this issue to Test Ready and notify testers.
-- [ ] Test: :warning: link to the build of the release commit https://semaphoreci.com/openfoodfoundation/openfoodnetwork-2/branches/master
+- [ ] Move this issue to Test Ready.
+- [ ] Notify testers.
+- [ ] Test build: <!-- paste build link here, e.g. https://semaphore...builds/1234 -->
 
 ## Finish on Tuesday
 
-- [ ] Update translations unless content has been removed from config/locales/en.yml between this release draft and current master.
-  <details><summary>Command line instructions</summary>
-  <pre>
-  git checkout master # same version as the release draft
-  git fetch upstream
-  git diff upstream/master -- config/locales/en.yml
-  tx pull --force # if no changes or only additions in the locale
-  git checkout --detach # if we need to commit new translations
-  git commit -a -m "Update translations"
-  git tag vx.y.z # put the release number in here
-  git push upstream vx.y.z
-  </pre>
-  </details>
 - [ ] Publish and notify [#global-community]:
   > The next release is ready: https://github.com/openfoodfoundation/openfoodnetwork/releases/latest
 - [ ] Deploy the new release to all managed instances.

.github/workflows/build.yml

@@ -17,7 +17,7 @@ permissions:
 
 jobs:
   rspec:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-20.04
     services:
       postgres:
         image: postgres:10
@@ -36,13 +36,13 @@ jobs:
         specs:
           - "spec/controllers"
           - "spec/models"
-          - "spec/features/admin/[a-o0-9]*_spec.rb"
           - "spec/lib"
           - "spec/migrations"
           - "spec/serializers"
-          - "spec/system/admin/[a-o0-9]*_spec.rb"
-          - "spec/system/admin/[p-z]*_spec.rb"
-          - "spec/system/consumer"
+          - "spec/system/admin/[a-o0-9]*"
+          - "spec/system/admin/[p-z]*"
+          - "spec/system/consumer/[a-o0-9]*"
+          - "spec/system/consumer/[p-z]*"
           - "engines/*/spec"
       fail-fast: false
     steps:
@@ -78,7 +78,7 @@ jobs:
           if-no-files-found: ignore
 
   test-the-rest:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-20.04
     services:
       postgres:
         image: postgres:10

.github/workflows/linters.yml

@@ -1,5 +1,7 @@
 name: Linters
 on: [push, pull_request]
+permissions:
+  contents: read # to fetch code (actions/checkout)
 jobs:
   rubocop:
     name: runner / rubocop
@@ -16,3 +18,16 @@ jobs:
           reporter: github-pr-check
           level: error
           fail_on_error: true
+  prettier:
+    name: runner / prettier
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v2
+      - name: prettier
+        uses: EPMatt/reviewdog-action-prettier@v1
+        with:
+          github_token: ${{ secrets.github_token }}
+          reporter: github-pr-check
+          level: error
+          fail_on_error: true

.github/workflows/mapi.yml

@@ -1,7 +1,12 @@
 name: 'Mayhem for API'
-on: [push]
+on: workflow_dispatch
+permissions:
+  contents: read # to fetch code (actions/checkout)
 jobs:
   test:
+    permissions:
+      contents: read # to fetch code (actions/checkout)
+      security-events: write # to upload SARIF results (github/codeql-action/upload-sarif)
     if: ${{ github.repository_owner == 'openfoodfoundation' }}
     runs-on: ubuntu-latest
     strategy:

.gitignore

@@ -57,3 +57,6 @@ coverage
 /yarn-error.log
 yarn-debug.log*
 .yarn-integrity
+
+/config/credentials.yml.enc
+/config/master.key

.husky/pre-commit

@@ -0,0 +1,4 @@
+#!/usr/bin/env sh
+. "$(dirname -- "$0")/_/husky.sh"
+
+ yarn pretty-quick --check --staged

.prettierignore

@@ -0,0 +1,21 @@
+# Basically, ignore everythings expect app/webpacker/controllers/*.js and app/webpacker/packs/*.js
+*.css
+*.scss
+*.md
+*.yml
+*.yaml
+*.json
+*.html
+
+babel.config.js
+postcss.config.js
+
+.storybook/
+/app/assets/
+/config/
+/coverage/
+/engines/
+/public/
+/spec/
+/tmp/
+/vendor/

.prettierrc.json

@@ -0,0 +1 @@
+{}

.rubocop_styleguide.yml

@@ -23,7 +23,7 @@ Metrics:
   Enabled: true
 
 Metrics/BlockLength:
-  IgnoredMethods: [
+  AllowedMethods: [
     "class_eval",
     "collection",
     "context",
@@ -41,8 +41,14 @@ Metrics/BlockLength:
     "resources",
     "scenario",
     "shared_examples",
+    "xdescribe",
   ]
 
+Rails/ApplicationRecord:
+  Exclude:
+    # Migrations should not contain application code:
+    - "db/migrate/*.rb"
+
 Rails/SkipsModelValidations:
   AllowedMethods:
     - "touch"

.rubocop_todo.yml

@@ -1,13 +1,13 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --auto-gen-only-exclude --exclude-limit 1400`
-# on 2022-03-29 16:07:39 UTC using RuboCop version 1.22.2.
+# on 2022-08-29 05:26:26 UTC using RuboCop version 1.35.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
-# Offense count: 1
-# Cop supports --auto-correct.
+# Offense count: 2
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: TreatCommentsAsGroupSeparators, ConsiderPunctuation, Include.
 # Include: **/*.gemfile, **/Gemfile, **/gems.rb
 Bundler/OrderedGems:
@@ -25,20 +25,13 @@ Gemspec/RequiredRubyVersion:
     - 'engines/web/web.gemspec'
 
 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports safe autocorrection (--autocorrect).
 Layout/ClosingParenthesisIndentation:
   Exclude:
     - 'lib/reporting/queries/joins.rb'
 
 # Offense count: 2
-# Cop supports --auto-correct.
-# Configuration parameters: EmptyLineBetweenMethodDefs, EmptyLineBetweenClassDefs, EmptyLineBetweenModuleDefs, AllowAdjacentOneLineDefs, NumberOfEmptyLines.
-Layout/EmptyLineBetweenDefs:
-  Exclude:
-    - 'spec/lib/reports/report_loader_spec.rb'
-
-# Offense count: 2
-# Cop supports --auto-correct.
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: empty_lines, no_empty_lines
 Layout/EmptyLinesAroundBlockBody:
@@ -47,15 +40,15 @@ Layout/EmptyLinesAroundBlockBody:
     - 'spec/system/admin/order_cycles/list_spec.rb'
 
 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowDoxygenCommentStyle, AllowGemfileRubyComment.
 Layout/LeadingCommentSpace:
   Exclude:
     - 'spec/system/admin/enterprises_spec.rb'
 
-# Offense count: 856
-# Cop supports --auto-correct.
-# Configuration parameters: Max, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
+# Offense count: 862
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: Max, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns, IgnoredPatterns.
 # URISchemes: http, https
 Layout/LineLength:
   Exclude:
@@ -68,7 +61,6 @@ Layout/LineLength:
     - 'app/controllers/admin/subscriptions_controller.rb'
     - 'app/controllers/api/v0/order_cycles_controller.rb'
     - 'app/controllers/payment_gateways/paypal_controller.rb'
-    - 'app/controllers/spree/admin/reports_controller.rb'
     - 'app/controllers/spree/users_controller.rb'
     - 'app/controllers/user_confirmations_controller.rb'
     - 'app/helpers/angular_form_builder.rb'
@@ -85,7 +77,6 @@ Layout/LineLength:
     - 'app/models/concerns/variant_stock.rb'
     - 'app/models/customer.rb'
     - 'app/models/enterprise.rb'
-    - 'app/models/enterprise_group.rb'
     - 'app/models/product_import/entry_processor.rb'
     - 'app/models/product_import/spreadsheet_entry.rb'
     - 'app/models/product_import/unit_converter.rb'
@@ -111,23 +102,15 @@ Layout/LineLength:
     - 'engines/order_management/app/services/order_management/subscriptions/validator.rb'
     - 'engines/order_management/spec/services/order_management/order/updater_spec.rb'
     - 'engines/web/app/helpers/web/cookies_policy_helper.rb'
-    - 'engines/web/spec/features/consumer/cookies_spec.rb'
     - 'lib/discourse/single_sign_on.rb'
     - 'lib/open_food_network/enterprise_fee_applicator.rb'
     - 'lib/open_food_network/enterprise_fee_calculator.rb'
     - 'lib/open_food_network/enterprise_issue_validator.rb'
     - 'lib/open_food_network/order_cycle_form_applicator.rb'
+    - 'lib/open_food_network/order_cycle_permissions.rb'
     - 'lib/open_food_network/scope_variants_for_search.rb'
     - 'lib/reporting/line_items.rb'
-    - 'lib/reporting/reports/bulk_coop/bulk_coop_report.rb'
     - 'lib/reporting/reports/enterprise_fee_summary/report_data/enterprise_fee_type_total.rb'
-    - 'lib/reporting/reports/order_cycle_management/order_cycle_management_report.rb'
-    - 'lib/open_food_network/order_cycle_permissions.rb'
-    - 'lib/reporting/reports/orders_and_fulfillment/customer_totals_report.rb'
-    - 'lib/reporting/reports/orders_and_fulfillment/distributor_totals_by_supplier_report.rb'
-    - 'lib/reporting/reports/payments/payments_report.rb'
-    - 'lib/reporting/reports/products_and_inventory/lettuce_share_report.rb'
-    - 'lib/reporting/reports/sales_tax/sales_tax_report.rb'
     - 'lib/reporting/reports/xero_invoices/base.rb'
     - 'lib/spree/localized_number.rb'
     - 'lib/tasks/data.rake'
@@ -145,12 +128,10 @@ Layout/LineLength:
     - 'spec/controllers/admin/subscriptions_controller_spec.rb'
     - 'spec/controllers/admin/variant_overrides_controller_spec.rb'
     - 'spec/controllers/api/v0/base_controller_spec.rb'
-    - 'spec/controllers/api/v0/enterprises_controller_spec.rb'
     - 'spec/controllers/api/v0/exchange_products_controller_spec.rb'
     - 'spec/controllers/api/v0/logos_controller_spec.rb'
     - 'spec/controllers/api/v0/order_cycles_controller_spec.rb'
     - 'spec/controllers/api/v0/orders_controller_spec.rb'
-    - 'spec/controllers/api/v0/product_images_controller_spec.rb'
     - 'spec/controllers/api/v0/products_controller_spec.rb'
     - 'spec/controllers/api/v0/promo_images_controller_spec.rb'
     - 'spec/controllers/api/v0/terms_and_conditions_controller_spec.rb'
@@ -164,7 +145,6 @@ Layout/LineLength:
     - 'spec/controllers/spree/admin/orders/invoices_spec.rb'
     - 'spec/controllers/spree/admin/orders_controller_spec.rb'
     - 'spec/controllers/spree/admin/payment_methods_controller_spec.rb'
-    - 'spec/controllers/spree/admin/reports_controller_spec.rb'
     - 'spec/controllers/spree/admin/variants_controller_spec.rb'
     - 'spec/controllers/spree/credit_cards_controller_spec.rb'
     - 'spec/controllers/spree/orders_controller_spec.rb'
@@ -187,13 +167,9 @@ Layout/LineLength:
     - 'spec/lib/open_food_network/tag_rule_applicator_spec.rb'
     - 'spec/lib/reports/customers_report_spec.rb'
     - 'spec/lib/reports/order_cycle_management_report_spec.rb'
-    - 'spec/lib/reports/order_grouper_spec.rb'
-    - 'spec/lib/reports/orders_and_fulfillment/orders_and_fulfillment_report_spec.rb'
     - 'spec/lib/reports/packing/packing_report_spec.rb'
     - 'spec/lib/reports/products_and_inventory_report_spec.rb'
     - 'spec/lib/reports/users_and_enterprises_report_spec.rb'
-    - 'spec/lib/reports/xero_invoices_report_spec.rb'
-    - 'spec/lib/stripe/authorize_response_patcher_spec.rb'
     - 'spec/mailers/order_mailer_spec.rb'
     - 'spec/mailers/producer_mailer_spec.rb'
     - 'spec/mailers/subscription_mailer_spec.rb'
@@ -201,7 +177,6 @@ Layout/LineLength:
     - 'spec/models/concerns/calculated_adjustments_spec.rb'
     - 'spec/models/concerns/order_shipment_spec.rb'
     - 'spec/models/concerns/product_stock_spec.rb'
-    - 'spec/models/enterprise_group_spec.rb'
     - 'spec/models/enterprise_relationship_spec.rb'
     - 'spec/models/enterprise_spec.rb'
     - 'spec/models/exchange_spec.rb'
@@ -227,7 +202,6 @@ Layout/LineLength:
     - 'spec/models/tag_rule/filter_payment_methods_spec.rb'
     - 'spec/models/tag_rule/filter_products_spec.rb'
     - 'spec/models/tag_rule/filter_shipping_methods_spec.rb'
-    - 'spec/models/terms_of_service_file_spec.rb'
     - 'spec/models/variant_override_spec.rb'
     - 'spec/requests/api/orders_spec.rb'
     - 'spec/requests/checkout/failed_checkout_spec.rb'
@@ -287,6 +261,7 @@ Layout/LineLength:
     - 'spec/system/admin/variant_overrides_spec.rb'
     - 'spec/system/consumer/authentication_spec.rb'
     - 'spec/system/consumer/caching/shops_caching_spec.rb'
+    - 'spec/system/consumer/cookies_spec.rb'
     - 'spec/system/consumer/shopping/cart_spec.rb'
     - 'spec/system/consumer/shopping/checkout_auth_spec.rb'
     - 'spec/system/consumer/shopping/checkout_spec.rb'
@@ -300,35 +275,20 @@ Layout/LineLength:
     - 'spec/views/spree/admin/payment_methods/index.html.haml_spec.rb'
 
 # Offense count: 1
-# Cop supports --auto-correct.
-Layout/MultilineBlockLayout:
-  Exclude:
-    - 'spec/lib/reports/report_renderer_spec.rb'
-
-# Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: symmetrical, new_line, same_line
 Layout/MultilineMethodCallBraceLayout:
   Exclude:
     - 'lib/reporting/queries/joins.rb'
 
-# Offense count: 2
-# Cop supports --auto-correct.
-# Configuration parameters: EnforcedStyle, IndentationWidth.
-# SupportedStyles: aligned, indented, indented_relative_to_receiver
-Layout/MultilineMethodCallIndentation:
-  Exclude:
-    - 'lib/reporting/reports/customers/customers_report.rb'
-
-# Offense count: 20
-# Cop supports --auto-correct.
+# Offense count: 22
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowInHeredoc.
 Layout/TrailingWhitespace:
   Exclude:
     - 'app/controllers/spree/admin/shipping_methods_controller.rb'
     - 'spec/controllers/spree/admin/shipping_methods_controller_spec.rb'
-    - 'spec/system/admin/enterprises_spec.rb'
     - 'spec/system/admin/order_spec.rb'
     - 'spec/system/admin/shipping_methods_spec.rb'
     - 'spec/system/flatpickr_spec.rb'
@@ -357,6 +317,7 @@ Lint/DuplicateMethods:
     - 'lib/discourse/single_sign_on.rb'
 
 # Offense count: 1
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Lint/DuplicateRequire:
   Exclude:
     - 'spec/lib/open_food_network/scope_variants_to_search_spec.rb'
@@ -378,9 +339,8 @@ Lint/IneffectiveAccessModifier:
   Exclude:
     - 'app/models/spree/user.rb'
 
-
 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: AllowedMethods.
 # AllowedMethods: instance_of?, kind_of?, is_a?, eql?, respond_to?, equal?
 Lint/RedundantSafeNavigation:
@@ -388,6 +348,7 @@ Lint/RedundantSafeNavigation:
     - 'app/models/spree/payment.rb'
 
 # Offense count: 2
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowedMethods.
 # AllowedMethods: present?, blank?, presence, try, try!, in?
 Lint/SafeNavigationChain:
@@ -396,22 +357,21 @@ Lint/SafeNavigationChain:
     - 'app/models/spree/stock/availability_validator.rb'
 
 # Offense count: 2
-# Cop supports --auto-correct.
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowUnusedKeywordArguments, IgnoreEmptyMethods, IgnoreNotImplementedMethods.
 Lint/UnusedMethodArgument:
   Exclude:
     - 'lib/reporting/queries/query_interface.rb'
 
 # Offense count: 5
-# Cop supports --auto-correct.
-# Configuration parameters: AllowComments.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Lint/UselessMethodDefinition:
   Exclude:
     - 'app/controllers/spree/user_registrations_controller.rb'
     - 'app/models/spree/gateway.rb'
 
-# Offense count: 38
-# Configuration parameters: IgnoredMethods, CountRepeatedAttributes, Max.
+# Offense count: 28
+# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods, CountRepeatedAttributes, Max.
 Metrics/AbcSize:
   Exclude:
     - 'app/controllers/admin/enterprises_controller.rb'
@@ -433,20 +393,14 @@ Metrics/AbcSize:
     - 'app/models/spree/return_authorization.rb'
     - 'lib/discourse/single_sign_on.rb'
     - 'lib/open_food_network/order_cycle_form_applicator.rb'
-    - 'lib/reporting/reports/bulk_coop/bulk_coop_report.rb'
-    - 'lib/reporting/reports/customers/customers_report.rb'
     - 'lib/open_food_network/order_cycle_permissions.rb'
-    - 'lib/reporting/reports/orders_and_distributors/orders_and_distributors_report.rb'
-    - 'lib/reporting/reports/packing/customer.rb'
-    - 'lib/reporting/reports/payments/payments_report.rb'
-    - 'lib/reporting/reports/sales_tax/sales_tax_report.rb'
     - 'lib/spree/core/controller_helpers/order.rb'
     - 'lib/tasks/enterprises.rake'
     - 'spec/services/order_checkout_restart_spec.rb'
 
-# Offense count: 43
-# Configuration parameters: CountComments, Max, CountAsOne, ExcludedMethods, IgnoredMethods.
-# IgnoredMethods: refine
+# Offense count: 42
+# Configuration parameters: CountComments, Max, CountAsOne, ExcludedMethods, AllowedMethods, AllowedPatterns, IgnoredMethods.
+# AllowedMethods: refine
 Metrics/BlockLength:
   Exclude:
     - 'app/models/spree/order/checkout.rb'
@@ -474,7 +428,6 @@ Metrics/BlockLength:
     - 'spec/support/matchers/select2_matchers.rb'
     - 'spec/support/matchers/table_matchers.rb'
     - 'spec/swagger_helper.rb'
-    - 'spec/system/admin/order_cycles/complex_updating_specific_time_spec.rb'
     - 'spec/system/consumer/shopping/checkout_spec.rb'
 
 # Offense count: 1
@@ -483,7 +436,7 @@ Metrics/BlockNesting:
   Exclude:
     - 'app/models/spree/payment/processing.rb'
 
-# Offense count: 50
+# Offense count: 45
 # Configuration parameters: CountComments, Max, CountAsOne.
 Metrics/ClassLength:
   Exclude:
@@ -502,7 +455,6 @@ Metrics/ClassLength:
     - 'app/controllers/spree/admin/payment_methods_controller.rb'
     - 'app/controllers/spree/admin/payments_controller.rb'
     - 'app/controllers/spree/admin/products_controller.rb'
-    - 'app/controllers/spree/admin/reports_controller.rb'
     - 'app/controllers/spree/admin/users_controller.rb'
     - 'app/controllers/spree/orders_controller.rb'
     - 'app/models/enterprise.rb'
@@ -529,16 +481,13 @@ Metrics/ClassLength:
     - 'engines/order_management/app/services/order_management/order/updater.rb'
     - 'lib/open_food_network/enterprise_fee_calculator.rb'
     - 'lib/open_food_network/order_cycle_form_applicator.rb'
-    - 'lib/open_food_network/permissions.rb'
-    - 'lib/reporting/reports/bulk_coop/bulk_coop_report.rb'
-    - 'lib/reporting/reports/enterprise_fee_summary/scope.rb'
-    - 'lib/reporting/reports/order_cycle_management/order_cycle_management_report.rb'
     - 'lib/open_food_network/order_cycle_permissions.rb'
-    - 'lib/reporting/reports/payments/payments_report.rb'
+    - 'lib/open_food_network/permissions.rb'
+    - 'lib/reporting/reports/enterprise_fee_summary/scope.rb'
     - 'lib/reporting/reports/xero_invoices/base.rb'
 
-# Offense count: 39
-# Configuration parameters: IgnoredMethods, Max.
+# Offense count: 35
+# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods, Max.
 Metrics/CyclomaticComplexity:
   Exclude:
     - 'app/controllers/admin/enterprises_controller.rb'
@@ -565,18 +514,14 @@ Metrics/CyclomaticComplexity:
     - 'app/models/spree/zone.rb'
     - 'lib/discourse/single_sign_on.rb'
     - 'lib/open_food_network/enterprise_issue_validator.rb'
-    - 'lib/reporting/reports/bulk_coop/bulk_coop_report.rb'
-    - 'lib/reporting/reports/customers/customers_report.rb'
-    - 'lib/reporting/reports/orders_and_fulfillment/customer_totals_report.rb'
-    - 'lib/reporting/reports/payments/payments_report.rb'
     - 'lib/reporting/reports/xero_invoices/base.rb'
     - 'lib/spree/core/controller_helpers/order.rb'
     - 'lib/spree/core/controller_helpers/respond_with.rb'
     - 'lib/spree/localized_number.rb'
     - 'spec/models/product_importer_spec.rb'
 
-# Offense count: 32
-# Configuration parameters: CountComments, Max, CountAsOne, ExcludedMethods, IgnoredMethods.
+# Offense count: 26
+# Configuration parameters: CountComments, Max, CountAsOne, ExcludedMethods, AllowedMethods, AllowedPatterns, IgnoredMethods.
 Metrics/MethodLength:
   Exclude:
     - 'app/controllers/admin/enterprises_controller.rb'
@@ -593,15 +538,12 @@ Metrics/MethodLength:
     - 'app/models/spree/preferences/preferable_class_methods.rb'
     - 'lib/discourse/single_sign_on.rb'
     - 'lib/open_food_network/order_cycle_form_applicator.rb'
-    - 'lib/reporting/reports/bulk_coop/bulk_coop_report.rb'
-    - 'lib/reporting/reports/enterprise_fee_summary/scope.rb'
-    - 'lib/reporting/reports/order_cycle_management/order_cycle_management_report.rb'
     - 'lib/open_food_network/order_cycle_permissions.rb'
-    - 'lib/reporting/reports/payments/payments_report.rb'
+    - 'lib/reporting/reports/enterprise_fee_summary/scope.rb'
     - 'lib/reporting/reports/xero_invoices/base.rb'
     - 'lib/tasks/sample_data/product_factory.rb'
 
-# Offense count: 54
+# Offense count: 51
 # Configuration parameters: CountComments, Max, CountAsOne.
 Metrics/ModuleLength:
   Exclude:
@@ -641,9 +583,6 @@ Metrics/ModuleLength:
     - 'spec/lib/reports/customers_report_spec.rb'
     - 'spec/lib/reports/enterprise_fee_summary/authorizer_spec.rb'
     - 'spec/lib/reports/order_cycle_management_report_spec.rb'
-    - 'spec/lib/reports/order_grouper_spec.rb'
-    - 'spec/lib/reports/orders_and_fulfillment/customer_totals_report_spec.rb'
-    - 'spec/lib/reports/orders_and_fulfillment/orders_and_fulfillment_report_spec.rb'
     - 'spec/lib/reports/products_and_inventory_report_spec.rb'
     - 'spec/lib/reports/users_and_enterprises_report_spec.rb'
     - 'spec/models/spree/adjustment_spec.rb'
@@ -670,8 +609,8 @@ Metrics/ParameterLists:
     - 'spec/support/controller_requests_helper.rb'
     - 'spec/system/admin/reports_spec.rb'
 
-# Offense count: 7
-# Configuration parameters: IgnoredMethods, Max.
+# Offense count: 5
+# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods, Max.
 Metrics/PerceivedComplexity:
   Exclude:
     - 'app/controllers/spree/admin/taxons_controller.rb'
@@ -679,10 +618,8 @@ Metrics/PerceivedComplexity:
     - 'app/models/enterprise_relationship.rb'
     - 'app/models/spree/ability.rb'
     - 'app/models/spree/order/checkout.rb'
-    - 'lib/reporting/reports/bulk_coop/bulk_coop_report.rb'
-    - 'lib/reporting/reports/payments/payments_report.rb'
 
-# Offense count: 9
+# Offense count: 8
 Naming/AccessorMethodName:
   Exclude:
     - 'app/controllers/spree/admin/taxonomies_controller.rb'
@@ -716,8 +653,8 @@ Naming/MethodParameterName:
   Exclude:
     - 'app/services/process_payment_intent.rb'
 
-# Offense count: 30
-# Configuration parameters: EnforcedStyle, CheckMethodNames, CheckSymbols, AllowedIdentifiers.
+# Offense count: 28
+# Configuration parameters: EnforcedStyle, CheckMethodNames, CheckSymbols, AllowedIdentifiers, AllowedPatterns.
 # SupportedStyles: snake_case, normalcase, non_integer
 # AllowedIdentifiers: capture3, iso8601, rfc1123_date, rfc822, rfc2822, rfc3339
 Naming/VariableNumber:
@@ -725,7 +662,6 @@ Naming/VariableNumber:
     - 'app/controllers/spree/orders_controller.rb'
     - 'app/models/content_configuration.rb'
     - 'app/models/preference_sections/main_links_section.rb'
-    - 'lib/reporting/reports/orders_and_fulfillment/customer_totals_report.rb'
     - 'lib/spree/core/controller_helpers/common.rb'
     - 'spec/controllers/spree/admin/search_controller_spec.rb'
     - 'spec/factories/stock_location_factory.rb'
@@ -741,13 +677,13 @@ Rails/ActiveRecordOverride:
     - 'app/models/spree/product.rb'
 
 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/ApplicationController:
   Exclude:
     - 'engines/dfc_provider/app/controllers/dfc_provider/api/base_controller.rb'
 
 # Offense count: 6
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/ApplicationJob:
   Exclude:
     - 'app/jobs/bulk_invoice_job.rb'
@@ -758,19 +694,13 @@ Rails/ApplicationJob:
     - 'app/jobs/subscription_placement_job.rb'
 
 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/ApplicationMailer:
   Exclude:
     - 'app/mailers/spree/base_mailer.rb'
 
-# Offense count: 1
-# Cop supports --auto-correct.
-Rails/ApplicationRecord:
-  Exclude:
-    - 'lib/tasks/data/remove_transient_data.rb'
-
 # Offense count: 5
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: NilOrEmpty, NotPresent, UnlessPresent.
 Rails/Blank:
   Exclude:
@@ -796,7 +726,7 @@ Rails/FilePath:
     - 'spec/models/content_configuration_spec.rb'
     - 'spec/support/downloads_helper.rb'
 
-# Offense count: 11
+# Offense count: 12
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
 Rails/HasAndBelongsToMany:
@@ -804,6 +734,7 @@ Rails/HasAndBelongsToMany:
     - 'app/models/concerns/payment_method_distributors.rb'
     - 'app/models/enterprise.rb'
     - 'app/models/enterprise_group.rb'
+    - 'app/models/order_cycle.rb'
     - 'app/models/spree/line_item.rb'
     - 'app/models/spree/option_value.rb'
     - 'app/models/spree/role.rb'
@@ -812,7 +743,7 @@ Rails/HasAndBelongsToMany:
     - 'app/models/spree/variant.rb'
     - 'app/models/spree/zone.rb'
 
-# Offense count: 47
+# Offense count: 45
 # Configuration parameters: Include.
 # Include: app/models/**/*.rb
 Rails/HasManyOrHasOneDependent:
@@ -838,9 +769,8 @@ Rails/HasManyOrHasOneDependent:
     - 'app/models/spree/taxonomy.rb'
     - 'app/models/spree/user.rb'
     - 'app/models/spree/variant.rb'
-    - 'app/models/subscription.rb'
 
-# Offense count: 59
+# Offense count: 62
 # Configuration parameters: Include.
 # Include: app/helpers/**/*.rb
 Rails/HelperInstanceVariable:
@@ -881,7 +811,7 @@ Rails/InverseOf:
 
 # Offense count: 38
 # Configuration parameters: Include.
-# Include: app/controllers/**/*.rb
+# Include: app/controllers/**/*.rb, app/mailers/**/*.rb
 Rails/LexicallyScopedActionFilter:
   Exclude:
     - 'app/controllers/admin/enterprise_groups_controller.rb'
@@ -904,10 +834,9 @@ Rails/LexicallyScopedActionFilter:
     - 'app/controllers/spree/admin/zones_controller.rb'
     - 'app/controllers/spree/users_controller.rb'
 
-# Offense count: 19
+# Offense count: 18
 Rails/OutputSafety:
   Exclude:
-    - 'app/controllers/spree/admin/reports_controller.rb'
     - 'app/helpers/angular_form_helper.rb'
     - 'app/helpers/application_helper.rb'
     - 'app/helpers/reports_helper.rb'
@@ -922,7 +851,7 @@ Rails/OutputSafety:
     - 'spec/system/admin/order_print_ticket_spec.rb'
 
 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Rails/RelativeDateConstant:
   Exclude:
     - 'lib/tasks/data/remove_transient_data.rb'
@@ -936,7 +865,7 @@ Rails/SkipsModelValidations:
     - 'spec/models/spree/line_item_spec.rb'
 
 # Offense count: 5
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: strict, flexible
 Rails/TimeZone:
@@ -971,20 +900,20 @@ Security/Open:
     - 'app/services/image_importer.rb'
 
 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports safe autocorrection (--autocorrect).
 Style/BlockComments:
   Exclude:
     - 'spec/system/admin/tag_rules_spec.rb'
 
 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowOnConstant.
 Style/CaseEquality:
   Exclude:
     - 'spec/models/spree/payment_spec.rb'
 
 # Offense count: 3
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Style/CaseLikeIf:
   Exclude:
     - 'app/controllers/admin/order_cycles_controller.rb'
@@ -992,7 +921,7 @@ Style/CaseLikeIf:
     - 'app/models/spree/payment/processing.rb'
 
 # Offense count: 25
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: nested, compact
 Style/ClassAndModuleChildren:
@@ -1027,13 +956,14 @@ Style/ClassVars:
     - 'lib/spree/core/delegate_belongs_to.rb'
 
 # Offense count: 2
-# Configuration parameters: MaxUnannotatedPlaceholdersAllowed, IgnoredMethods.
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: MaxUnannotatedPlaceholdersAllowed, AllowedMethods, AllowedPatterns, IgnoredMethods.
 # SupportedStyles: annotated, template, unannotated
 Style/FormatStringToken:
   EnforcedStyle: unannotated
 
 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: always, always_true, never
 Style/FrozenStringLiteralComment:
@@ -1041,7 +971,7 @@ Style/FrozenStringLiteralComment:
     - '.simplecov'
 
 # Offense count: 6
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Style/GlobalStdStream:
   Exclude:
     - 'lib/tasks/data.rake'
@@ -1050,8 +980,8 @@ Style/GlobalStdStream:
     - 'lib/tasks/subscriptions/debug.rake'
     - 'lib/tasks/subscriptions/test.rake'
 
-# Offense count: 39
-# Configuration parameters: MinBodyLength.
+# Offense count: 40
+# Configuration parameters: MinBodyLength, AllowConsecutiveConditionals.
 Style/GuardClause:
   Exclude:
     - 'app/controllers/admin/enterprises_controller.rb'
@@ -1085,8 +1015,8 @@ Style/HashLikeCase:
     - 'app/models/enterprise.rb'
 
 # Offense count: 1
-# Cop supports --auto-correct.
-# Configuration parameters: IgnoredMethods.
+# This cop supports safe autocorrection (--autocorrect).
+# Configuration parameters: AllowedMethods, AllowedPatterns, IgnoredMethods.
 Style/MethodCallWithoutArgsParentheses:
   Exclude:
     - 'spec/system/flatpickr_spec.rb'
@@ -1098,22 +1028,8 @@ Style/MissingRespondToMissing:
     - 'app/models/spree/gateway.rb'
     - 'app/models/spree/preferences/configuration.rb'
 
-# Offense count: 1
-Style/MixinUsage:
-  Exclude:
-    - 'lib/reporting/reports/orders_and_fulfillment/orders_and_fulfillment_report.rb'
-
-# Offense count: 3
-# Cop supports --auto-correct.
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: literals, strict
-Style/MutableConstant:
-  Exclude:
-    - 'lib/reporting/report_template.rb'
-    - 'lib/reporting/reports/packing/base.rb'
-
 # Offense count: 22
-# Cop supports --auto-correct.
+# This cop supports safe autocorrection (--autocorrect).
 Style/NestedModifier:
   Exclude:
     - 'spec/controllers/admin/subscriptions_controller_spec.rb'
@@ -1127,7 +1043,7 @@ Style/NestedModifier:
     - 'spec/system/admin/payments_stripe_spec.rb'
     - 'spec/system/admin/reports_spec.rb'
 
-# Offense count: 26
+# Offense count: 17
 # Configuration parameters: AllowedMethods.
 # AllowedMethods: respond_to_missing?
 Style/OptionalBooleanParameter:
@@ -1139,7 +1055,6 @@ Style/OptionalBooleanParameter:
     - 'app/models/enterprise_relationship.rb'
     - 'app/models/product_import/entry_processor.rb'
     - 'app/models/spree/order_contents.rb'
-    - 'app/models/spree/preferences/file_configuration.rb'
     - 'app/models/spree/shipment.rb'
     - 'engines/order_management/app/services/order_management/stock/estimator.rb'
     - 'lib/spree/core/controller_helpers/order.rb'
@@ -1147,7 +1062,7 @@ Style/OptionalBooleanParameter:
     - 'spec/support/request/web_helper.rb'
 
 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: short, verbose
 Style/PreferredHashMethods:
@@ -1155,13 +1070,13 @@ Style/PreferredHashMethods:
     - 'app/controllers/api/v0/shipments_controller.rb'
 
 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports safe autocorrection (--autocorrect).
 # Configuration parameters: AllowMultipleReturnValues.
 Style/RedundantReturn:
   Exclude:
     - 'app/controllers/spree/admin/shipping_methods_controller.rb'
 
-# Offense count: 205
+# Offense count: 209
 Style/Send:
   Exclude:
     - 'app/controllers/split_checkout_controller.rb'
@@ -1195,17 +1110,16 @@ Style/Send:
     - 'spec/services/cart_service_spec.rb'
     - 'spec/services/products_renderer_spec.rb'
     - 'spec/services/variant_units/option_value_namer_spec.rb'
-    - 'spec/spec_helper.rb'
     - 'spec/support/localized_number_helper.rb'
 
 # Offense count: 1
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Style/SingleArgumentDig:
   Exclude:
     - 'app/services/checkout/form_data_adapter.rb'
 
 # Offense count: 4
-# Cop supports --auto-correct.
+# This cop supports unsafe autocorrection (--autocorrect-all).
 Style/SlicingWithRange:
   Exclude:
     - 'app/helpers/spree/admin/navigation_helper.rb'
@@ -1213,8 +1127,8 @@ Style/SlicingWithRange:
     - 'engines/order_management/app/services/order_management/subscriptions/validator.rb'
     - 'lib/discourse/single_sign_on.rb'
 
-# Offense count: 28
-# Cop supports --auto-correct.
+# Offense count: 29
+# This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: Mode.
 Style/StringConcatenation:
   Exclude:

Gemfile

@@ -97,14 +97,15 @@ gem 'redis', '>= 4.0', require: ['redis', 'redis/connection/hiredis']
 gem 'sidekiq'
 gem 'sidekiq-scheduler'
 
-gem "cable_ready", "5.0.0.pre3"
+gem "cable_ready", "5.0.0.pre9"
+gem "stimulus_reflex", "3.5.0.pre9"
 
 gem 'combine_pdf'
 gem 'wicked_pdf'
 gem 'wkhtmltopdf-binary'
 
 gem 'immigrant'
-gem 'roo', github: "roo-rb/roo" # master is currently needed for Ruby 3.x (awaiting new release)
+gem 'roo'
 gem 'spreadsheet_architect'
 
 gem 'whenever', require: false
@@ -115,7 +116,6 @@ gem 'coffee-rails', '~> 5.0.0'
 
 gem 'mini_racer', '0.4.0'
 
-gem 'uglifier', '>= 1.0.3'
 
 gem 'angular_rails_csrf'
 
@@ -131,7 +131,7 @@ gem 'flipper'
 gem 'flipper-active_record'
 gem 'flipper-ui'
 
-gem "view_component", require: "view_component/engine"
+gem "view_component"
 
 group :production, :staging do
   gem 'ddtrace'
@@ -140,8 +140,6 @@ group :production, :staging do
 end
 
 group :test, :development do
-  # Pretty printed test output
-  gem 'awesome_print'
   gem 'bullet'
   gem 'capybara'
   gem 'cuprite'
@@ -154,18 +152,17 @@ group :test, :development do
   gem 'rspec-rails', ">= 3.5.2"
   gem 'rspec-retry'
   gem 'rswag-specs'
-  gem 'selenium-webdriver'
   gem 'shoulda-matchers'
   gem 'timecop'
-  gem 'webdrivers'
+  gem 'debug', '>= 1.0.0'
 end
 
 group :test do
-  gem 'byebug'
   gem 'pdf-reader'
   gem 'rails-controller-testing'
   gem 'simplecov', require: false
   gem 'test-prof'
+  gem 'vcr'
   gem 'webmock'
   # See spec/spec_helper.rb for instructions
   # gem 'perftools.rb'
@@ -173,17 +170,17 @@ end
 
 group :development do
   gem 'debugger-linecache'
+  gem 'rails-erd'
   gem 'foreman'
   gem 'listen'
   gem 'pry', '~> 0.13.0'
-  gem 'pry-byebug', '~> 3.9.0'
   gem 'rubocop'
   gem 'rubocop-rails'
   gem 'spring'
   gem 'spring-commands-rspec'
   gem 'web-console'
 
-  gem "view_component_storybook", require: "view_component/storybook/engine"
+  gem "view_component_storybook"
 
   gem 'rack-mini-profiler', '< 3.0.0'
 end

Gemfile.lock

@@ -24,14 +24,6 @@ GIT
       sass-rails
       thor (>= 0.14)
 
-GIT
-  remote: https://github.com/roo-rb/roo.git
-  revision: 709464c77623be2bc09b2103405d90ded7604a75
-  specs:
-    roo (2.8.3)
-      nokogiri (~> 1)
-      rubyzip (>= 1.3.0, < 3.0.0)
-
 PATH
   remote: engines/catalog
   specs:
@@ -59,67 +51,67 @@ GEM
   remote: https://rubygems.org/
   specs:
     Ascii85 (1.1.0)
-    actioncable (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actioncable (6.1.7)
+      actionpack (= 6.1.7)
+      activesupport (= 6.1.7)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      activejob (= 6.1.4.4)
-      activerecord (= 6.1.4.4)
-      activestorage (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actionmailbox (6.1.7)
+      actionpack (= 6.1.7)
+      activejob (= 6.1.7)
+      activerecord (= 6.1.7)
+      activestorage (= 6.1.7)
+      activesupport (= 6.1.7)
       mail (>= 2.7.1)
-    actionmailer (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      actionview (= 6.1.4.4)
-      activejob (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actionmailer (6.1.7)
+      actionpack (= 6.1.7)
+      actionview (= 6.1.7)
+      activejob (= 6.1.7)
+      activesupport (= 6.1.7)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.4.4)
-      actionview (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actionpack (6.1.7)
+      actionview (= 6.1.7)
+      activesupport (= 6.1.7)
       rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
     actionpack-action_caching (1.2.2)
       actionpack (>= 4.0.0)
-    actiontext (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      activerecord (= 6.1.4.4)
-      activestorage (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actiontext (6.1.7)
+      actionpack (= 6.1.7)
+      activerecord (= 6.1.7)
+      activestorage (= 6.1.7)
+      activesupport (= 6.1.7)
       nokogiri (>= 1.8.5)
-    actionview (6.1.4.4)
-      activesupport (= 6.1.4.4)
+    actionview (6.1.7)
+      activesupport (= 6.1.7)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
     active_model_serializers (0.8.4)
       activemodel (>= 3.0)
-    active_storage_validations (0.9.7)
+    active_storage_validations (0.9.8)
       activejob (>= 5.2.0)
       activemodel (>= 5.2.0)
       activestorage (>= 5.2.0)
       activesupport (>= 5.2.0)
-    activejob (6.1.4.4)
-      activesupport (= 6.1.4.4)
+    activejob (6.1.7)
+      activesupport (= 6.1.7)
       globalid (>= 0.3.6)
     activemerchant (1.123.0)
       activesupport (>= 4.2)
       builder (>= 2.1.2, < 4.0.0)
       i18n (>= 0.6.9)
       nokogiri (~> 1.4)
-    activemodel (6.1.4.4)
-      activesupport (= 6.1.4.4)
-    activerecord (6.1.4.4)
-      activemodel (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
-    activerecord-import (1.3.0)
+    activemodel (6.1.7)
+      activesupport (= 6.1.7)
+    activerecord (6.1.7)
+      activemodel (= 6.1.7)
+      activesupport (= 6.1.7)
+    activerecord-import (1.4.0)
       activerecord (>= 4.2)
     activerecord-postgresql-adapter (0.0.1)
       pg
@@ -129,14 +121,14 @@ GEM
       multi_json (~> 1.11, >= 1.11.2)
       rack (>= 2.0.8, < 3)
       railties (>= 5.2.4.1)
-    activestorage (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      activejob (= 6.1.4.4)
-      activerecord (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
-      marcel (~> 1.0.0)
+    activestorage (6.1.7)
+      actionpack (= 6.1.7)
+      activejob (= 6.1.7)
+      activerecord (= 6.1.7)
+      activesupport (= 6.1.7)
+      marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (6.1.4.4)
+    activesupport (6.1.7)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -146,59 +138,63 @@ GEM
       activerecord (>= 5.0, < 6.2)
     acts_as_list (1.0.4)
       activerecord (>= 4.2)
-    addressable (2.8.0)
-      public_suffix (>= 2.0.2, < 5.0)
+    addressable (2.8.1)
+      public_suffix (>= 2.0.2, < 6.0)
     afm (0.2.2)
-    angular-rails-templates (1.1.0)
-      railties (>= 4.2, < 7)
+    angular-rails-templates (1.2.0)
+      railties (>= 5.0, < 7.1)
       sprockets (>= 3.0, < 5)
+      sprockets-rails
       tilt
-    angular_rails_csrf (4.5.0)
-      railties (>= 3, < 7)
+    angular_rails_csrf (5.0.0)
+      railties (>= 3, < 8)
     angularjs-file-upload-rails (2.4.1)
     angularjs-rails (1.8.0)
-    arel-helpers (2.12.1)
-      activerecord (>= 3.1.0, < 7)
+    arel-helpers (2.14.0)
+      activerecord (>= 3.1.0, < 8)
     ast (2.4.2)
-    awesome_nested_set (3.4.0)
-      activerecord (>= 4.0.0, < 7.0)
-    awesome_print (1.9.2)
+    awesome_nested_set (3.5.0)
+      activerecord (>= 4.0.0, < 7.1)
     aws-eventstream (1.2.0)
-    aws-partitions (1.570.0)
-    aws-sdk-core (3.130.0)
+    aws-partitions (1.601.0)
+    aws-sdk-core (3.131.2)
       aws-eventstream (~> 1, >= 1.0.2)
       aws-partitions (~> 1, >= 1.525.0)
       aws-sigv4 (~> 1.1)
-      jmespath (~> 1.0)
-    aws-sdk-kms (1.55.0)
+      jmespath (~> 1, >= 1.6.1)
+    aws-sdk-kms (1.57.0)
       aws-sdk-core (~> 3, >= 3.127.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.113.0)
+    aws-sdk-s3 (1.114.0)
       aws-sdk-core (~> 3, >= 3.127.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.4)
-    aws-sigv4 (1.4.0)
+    aws-sigv4 (1.5.0)
       aws-eventstream (~> 1, >= 1.0.2)
     axlsx_styler (1.1.0)
       activesupport (>= 3.1)
       caxlsx (>= 2.0.2)
-    bcrypt (3.1.16)
+    bcrypt (3.1.18)
     bigdecimal (3.0.2)
     bindex (0.8.1)
-    bootsnap (1.10.1)
+    bootsnap (1.13.0)
       msgpack (~> 1.2)
     bugsnag (6.24.2)
       concurrent-ruby (~> 1.0)
     builder (3.2.4)
-    bullet (6.1.5)
+    bullet (7.0.3)
       activesupport (>= 3.0.0)
       uniform_notifier (~> 1.11)
-    byebug (11.1.3)
-    cable_ready (5.0.0.pre3)
-      rails (>= 5.2)
+    cable_ready (5.0.0.pre9)
+      actioncable (>= 5.2)
+      actionpack (>= 5.2)
+      actionview (>= 5.2)
+      activerecord (>= 5.2)
+      activesupport (>= 5.2)
+      railties (>= 5.2)
       thread-local (>= 1.1.0)
     cancancan (1.15.0)
-    capybara (3.36.0)
+    capybara (3.37.1)
       addressable
       matrix
       mini_mime (>= 0.1.3)
@@ -212,7 +208,7 @@ GEM
       marcel (~> 1.0)
       nokogiri (~> 1.10, >= 1.10.4)
       rubyzip (>= 1.3.0, < 3)
-    childprocess (4.1.0)
+    choice (0.2.0)
     chronic (0.10.2)
     cliver (0.3.2)
     coderay (1.1.3)
@@ -223,14 +219,15 @@ GEM
       coffee-script-source
       execjs
     coffee-script-source (1.12.2)
-    combine_pdf (1.0.21)
+    combine_pdf (1.0.22)
+      matrix
       ruby-rc4 (>= 0.1.5)
     concurrent-ruby (1.1.10)
-    connection_pool (2.2.5)
+    connection_pool (2.3.0)
     crack (0.4.5)
       rexml
     crass (1.0.6)
-    css_parser (1.9.0)
+    css_parser (1.11.0)
       addressable
     cuprite (0.13)
       capybara (>= 2.1, < 4)
@@ -245,8 +242,11 @@ GEM
       debase-ruby_core_source (= 0.10.12)
       msgpack
     debase-ruby_core_source (0.10.12)
+    debug (1.6.2)
+      irb (>= 1.3.6)
+      reline (>= 0.3.1)
     debugger-linecache (1.2.0)
-    devise (4.8.0)
+    devise (4.8.1)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)
@@ -254,21 +254,20 @@ GEM
       warden (~> 1.2.3)
     devise-encryptable (0.2.0)
       devise (>= 2.1.0)
-    devise-i18n (1.10.0)
+    devise-i18n (1.10.2)
       devise (>= 4.8.0)
     devise-token_authenticatable (1.1.0)
       devise (>= 4.0.0, < 5.0.0)
-    diff-lcs (1.4.4)
+    diff-lcs (1.5.0)
     digest (3.1.0)
     docile (1.4.0)
-    dotenv (2.7.6)
-    dotenv-rails (2.7.6)
-      dotenv (= 2.7.6)
+    dotenv (2.8.1)
+    dotenv-rails (2.8.1)
+      dotenv (= 2.8.1)
       railties (>= 3.2)
     dry-inflector (0.2.1)
-    e2mmap (0.1.0)
-    erubi (1.10.0)
-    et-orbi (1.2.4)
+    erubi (1.11.0)
+    et-orbi (1.2.7)
       tzinfo
     excon (0.81.0)
     execjs (2.7.0)
@@ -277,15 +276,10 @@ GEM
     factory_bot_rails (6.2.0)
       factory_bot (~> 6.2.0)
       railties (>= 5.0.0)
-    faraday (1.4.1)
-      faraday-excon (~> 1.1)
-      faraday-net_http (~> 1.0)
-      faraday-net_http_persistent (~> 1.1)
-      multipart-post (>= 1.2, < 3)
+    faraday (2.3.0)
+      faraday-net_http (~> 2.0)
       ruby2_keywords (>= 0.0.4)
-    faraday-excon (1.1.0)
-    faraday-net_http (1.0.1)
-    faraday-net_http_persistent (1.1.0)
+    faraday-net_http (2.0.3)
     ferrum (0.11)
       addressable (~> 2.5)
       cliver (~> 0.3)
@@ -319,13 +313,13 @@ GEM
       nokogiri (>= 1.5.11, < 2.0.0)
     foreman (0.87.2)
     formatador (0.2.5)
-    fugit (1.4.5)
-      et-orbi (~> 1.1, >= 1.1.8)
+    fugit (1.5.3)
+      et-orbi (~> 1, >= 1.2.7)
       raabro (~> 1.4)
     fuubar (2.5.1)
       rspec-core (~> 3.0)
       ruby-progressbar (~> 1.4)
-    geocoder (1.7.0)
+    geocoder (1.8.1)
     globalid (1.0.0)
       activesupport (>= 5.0)
     gmaps4rails (2.1.2)
@@ -340,7 +334,7 @@ GEM
     highline (2.0.3)
     hiredis (0.6.3)
     htmlentities (4.3.4)
-    i18n (1.8.10)
+    i18n (1.12.0)
       concurrent-ruby (~> 1.0)
     i18n-js (3.9.2)
       i18n (>= 0.6.6)
@@ -349,7 +343,10 @@ GEM
       ruby-vips (>= 2.0.17, < 3)
     immigrant (0.3.6)
       activerecord (>= 3.0)
+    io-console (0.5.11)
     ipaddress (0.8.3)
+    irb (1.4.1)
+      reline (>= 0.3.0)
     jmespath (1.6.1)
     jquery-rails (4.4.0)
       rails-dom-testing (>= 1, < 3)
@@ -357,7 +354,7 @@ GEM
       thor (>= 0.14, < 2.0)
     jquery-ui-rails (4.2.1)
       railties (>= 3.2.16)
-    json (2.6.1)
+    json (2.6.2)
     json-schema (2.8.1)
       addressable (>= 2.4)
     json_spec (1.1.5)
@@ -365,13 +362,13 @@ GEM
       rspec (>= 2.0, < 4.0)
     jsonapi-serializer (2.2.0)
       activesupport (>= 4.2)
-    jwt (2.3.0)
+    jwt (2.5.0)
     knapsack (4.0.0)
       rake
     launchy (2.5.0)
       addressable (~> 2.7)
-    letter_opener (1.7.0)
-      launchy (~> 2.2)
+    letter_opener (1.8.1)
+      launchy (>= 2.2, < 3)
     libv8-node (15.14.0.1)
     listen (3.7.1)
       rb-fsevent (~> 0.10, >= 0.10.3)
@@ -395,41 +392,41 @@ GEM
     mini_portile2 (2.8.0)
     mini_racer (0.4.0)
       libv8-node (~> 15.14.0.0)
-    minitest (5.16.1)
+    minitest (5.16.3)
     monetize (1.12.0)
       money (~> 6.12)
     money (6.16.0)
       i18n (>= 0.6.4, <= 2)
-    msgpack (1.4.2)
+    msgpack (1.5.4)
     multi_json (1.15.0)
     multi_xml (0.6.0)
-    multipart-post (2.1.1)
     nio4r (2.5.8)
-    nokogiri (1.13.6)
+    nokogiri (1.13.8)
       mini_portile2 (~> 2.8.0)
       racc (~> 1.4)
-    oauth2 (1.4.7)
-      faraday (>= 0.8, < 2.0)
+    oauth2 (1.4.10)
+      faraday (>= 0.17.3, < 3.0)
       jwt (>= 1.0, < 3.0)
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
     orm_adapter (0.5.0)
-    pagy (5.1.2)
+    pagy (5.10.1)
+      activesupport
     paper_trail (12.1.0)
       activerecord (>= 5.2)
       request_store (~> 1.1)
-    parallel (1.21.0)
-    paranoia (2.4.3)
-      activerecord (>= 4.0, < 6.2)
-    parser (3.1.0.0)
+    parallel (1.22.1)
+    paranoia (2.6.0)
+      activerecord (>= 5.1, < 7.1)
+    parser (3.1.2.1)
       ast (~> 2.4.1)
     paypal-sdk-core (0.3.4)
       multi_json (~> 1.0)
       xml-simple
     paypal-sdk-merchant (1.117.2)
       paypal-sdk-core (~> 0.3.0)
-    pdf-reader (2.5.0)
+    pdf-reader (2.10.0)
       Ascii85 (~> 1.0)
       afm (~> 0.2.1)
       hashery (~> 2.0)
@@ -440,16 +437,13 @@ GEM
     pry (0.13.1)
       coderay (~> 1.1)
       method_source (~> 1.0)
-    pry-byebug (3.9.0)
-      byebug (~> 11.0)
-      pry (~> 0.13.0)
-    public_suffix (4.0.6)
-    puma (5.6.4)
+    public_suffix (5.0.0)
+    puma (5.6.5)
       nio4r (~> 2.0)
     raabro (1.4.0)
     racc (1.6.0)
-    rack (2.2.3.1)
-    rack-mini-profiler (2.3.3)
+    rack (2.2.4)
+    rack-mini-profiler (2.3.4)
       rack (>= 1.2.0)
     rack-protection (2.1.0)
       rack
@@ -458,23 +452,23 @@ GEM
     rack-rewrite (1.5.1)
     rack-ssl (1.4.1)
       rack
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
-    rack-timeout (0.6.0)
-    rails (6.1.4.4)
-      actioncable (= 6.1.4.4)
-      actionmailbox (= 6.1.4.4)
-      actionmailer (= 6.1.4.4)
-      actionpack (= 6.1.4.4)
-      actiontext (= 6.1.4.4)
-      actionview (= 6.1.4.4)
-      activejob (= 6.1.4.4)
-      activemodel (= 6.1.4.4)
-      activerecord (= 6.1.4.4)
-      activestorage (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    rack-test (2.0.2)
+      rack (>= 1.3)
+    rack-timeout (0.6.3)
+    rails (6.1.7)
+      actioncable (= 6.1.7)
+      actionmailbox (= 6.1.7)
+      actionmailer (= 6.1.7)
+      actionpack (= 6.1.7)
+      actiontext (= 6.1.7)
+      actionview (= 6.1.7)
+      activejob (= 6.1.7)
+      activemodel (= 6.1.7)
+      activerecord (= 6.1.7)
+      activestorage (= 6.1.7)
+      activesupport (= 6.1.7)
       bundler (>= 1.15.0)
-      railties (= 6.1.4.4)
+      railties (= 6.1.7)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
@@ -483,17 +477,22 @@ GEM
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
+    rails-erd (1.7.2)
+      activerecord (>= 4.2)
+      activesupport (>= 4.2)
+      choice (~> 0.2.0)
+      ruby-graphviz (~> 1.2)
     rails-html-sanitizer (1.4.3)
       loofah (~> 2.3)
-    rails-i18n (7.0.1)
+    rails-i18n (7.0.5)
       i18n (>= 0.7, < 2)
       railties (>= 6.0.0, < 8)
     rails_safe_tasks (1.0.0)
-    railties (6.1.4.4)
-      actionpack (= 6.1.4.4)
-      activesupport (= 6.1.4.4)
+    railties (6.1.7)
+      actionpack (= 6.1.7)
+      activesupport (= 6.1.7)
       method_source
-      rake (>= 0.13)
+      rake (>= 12.2)
       thor (~> 1.0)
     rainbow (3.1.1)
     rake (13.0.6)
@@ -505,37 +504,42 @@ GEM
     rb-inotify (0.10.1)
       ffi (~> 1.0)
     redcarpet (3.5.1)
-    redis (4.5.1)
-    regexp_parser (2.2.0)
+    redis (4.8.0)
+    regexp_parser (2.5.0)
+    reline (0.3.1)
+      io-console (~> 0.5)
     request_store (1.5.0)
       rack (>= 1.4)
     responders (3.0.1)
       actionpack (>= 5.0)
       railties (>= 5.0)
     rexml (3.2.5)
-    roadie (4.0.0)
+    roadie (5.0.1)
       css_parser (~> 1.4)
       nokogiri (~> 1.8)
-    roadie-rails (2.2.0)
-      railties (>= 5.1, < 6.2)
-      roadie (>= 3.1, < 5.0)
+    roadie-rails (3.0.0)
+      railties (>= 5.1, < 7.1)
+      roadie (~> 5.0)
     rodf (1.1.1)
       builder (>= 3.0)
       dry-inflector (~> 0.1)
       rubyzip (>= 1.0)
+    roo (2.9.0)
+      nokogiri (~> 1)
+      rubyzip (>= 1.3.0, < 3.0.0)
     rspec (3.10.0)
       rspec-core (~> 3.10.0)
       rspec-expectations (~> 3.10.0)
       rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.1)
+    rspec-core (3.10.2)
       rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.1)
+    rspec-expectations (3.10.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.10.0)
     rspec-mocks (3.10.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.10.0)
-    rspec-rails (5.0.2)
+    rspec-rails (5.1.2)
       actionpack (>= 5.2)
       activesupport (>= 5.2)
       railties (>= 5.2)
@@ -545,38 +549,41 @@ GEM
       rspec-support (~> 3.10)
     rspec-retry (0.6.2)
       rspec-core (> 3.3)
-    rspec-support (3.10.2)
-    rswag-api (2.4.0)
-      railties (>= 3.1, < 7.0)
-    rswag-specs (2.4.0)
-      activesupport (>= 3.1, < 7.0)
+    rspec-support (3.10.3)
+    rswag-api (2.6.0)
+      railties (>= 3.1, < 7.1)
+    rswag-specs (2.6.0)
+      activesupport (>= 3.1, < 7.1)
       json-schema (~> 2.2)
-      railties (>= 3.1, < 7.0)
-    rswag-ui (2.4.0)
-      actionpack (>= 3.1, < 7.0)
-      railties (>= 3.1, < 7.0)
-    rubocop (1.22.2)
+      railties (>= 3.1, < 7.1)
+    rswag-ui (2.6.0)
+      actionpack (>= 3.1, < 7.1)
+      railties (>= 3.1, < 7.1)
+    rubocop (1.36.0)
+      json (~> 2.3)
       parallel (~> 1.10)
-      parser (>= 3.0.0.0)
+      parser (>= 3.1.2.1)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
-      rexml
-      rubocop-ast (>= 1.12.0, < 2.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.20.1, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 3.0)
-    rubocop-ast (1.15.1)
-      parser (>= 3.0.1.1)
-    rubocop-rails (2.13.2)
+    rubocop-ast (1.21.0)
+      parser (>= 3.1.1.0)
+    rubocop-rails (2.16.1)
       activesupport (>= 4.2.0)
       rack (>= 1.1)
-      rubocop (>= 1.7.0, < 2.0)
+      rubocop (>= 1.33.0, < 2.0)
+    ruby-graphviz (1.2.5)
+      rexml
     ruby-progressbar (1.11.0)
     ruby-rc4 (0.1.5)
     ruby-vips (2.1.4)
       ffi (~> 1.12)
-    ruby2_keywords (0.0.4)
+    ruby2_keywords (0.0.5)
     rubyzip (2.3.2)
-    rufus-scheduler (3.7.0)
+    rufus-scheduler (3.8.1)
       fugit (~> 1.1, >= 1.1.6)
     sass (3.4.25)
     sass-rails (5.0.8)
@@ -586,23 +593,17 @@ GEM
       sprockets-rails (>= 2.0, < 4.0)
       tilt (>= 1.1, < 3)
     sd_notify (0.1.1)
-    selenium-webdriver (4.0.3)
-      childprocess (>= 0.5, < 5.0)
-      rexml (~> 3.2, >= 3.2.5)
-      rubyzip (>= 1.2.2)
     semantic_range (3.0.0)
-    shoulda-matchers (5.0.0)
+    shoulda-matchers (5.2.0)
       activesupport (>= 5.2.0)
-    sidekiq (6.3.1)
-      connection_pool (>= 2.2.2)
+    sidekiq (6.5.7)
+      connection_pool (>= 2.2.5)
       rack (~> 2.0)
+      redis (>= 4.5.0, < 5)
+    sidekiq-scheduler (4.0.2)
       redis (>= 4.2.0)
-    sidekiq-scheduler (3.1.0)
-      e2mmap
-      redis (>= 3, < 5)
       rufus-scheduler (~> 3.2)
-      sidekiq (>= 3)
-      thwait
+      sidekiq (>= 4)
       tilt (>= 1.4.0)
     simplecov (0.21.2)
       docile (~> 1.1)
@@ -614,7 +615,7 @@ GEM
       axlsx_styler (>= 1.0.0, < 2)
       caxlsx (>= 2.0.2, < 4)
       rodf (>= 1.0.0, < 2)
-    spring (3.0.0)
+    spring (4.1.0)
     spring-commands-rspec (1.0.4)
       spring (>= 0.9.1)
     sprockets (3.7.2)
@@ -631,45 +632,52 @@ GEM
     state_machines-activerecord (0.8.0)
       activerecord (>= 5.1)
       state_machines-activemodel (>= 0.8.0)
+    stimulus_reflex (3.5.0.pre9)
+      actioncable (>= 5.2)
+      actionpack (>= 5.2)
+      actionview (>= 5.2)
+      activesupport (>= 5.2)
+      cable_ready (>= 5.0.0.pre9)
+      nokogiri
+      rack
+      railties (>= 5.2)
+      redis
     stringex (2.8.5)
-    stripe (5.42.0)
+    stripe (7.1.0)
     temple (0.8.2)
-    test-prof (1.0.7)
-    test-unit (3.5.0)
+    test-prof (1.0.10)
+    test-unit (3.5.5)
       power_assert
     thor (1.2.1)
     thread-local (1.1.0)
-    thwait (0.2.0)
-      e2mmap
-    tilt (2.0.10)
-    timecop (0.9.4)
+    tilt (2.0.11)
+    timecop (0.9.5)
     ttfunk (1.7.0)
-    tzinfo (2.0.4)
+    tzinfo (2.0.5)
       concurrent-ruby (~> 1.0)
-    uglifier (4.2.0)
-      execjs (>= 0.3.0, < 3)
-    unicode-display_width (2.1.0)
-    uniform_notifier (1.14.2)
-    valid_email2 (4.0.0)
+    unicode-display_width (2.3.0)
+    uniform_notifier (1.16.0)
+    valid_email2 (4.0.4)
       activemodel (>= 3.2)
       mail (~> 2.5)
-    view_component (2.41.0)
+    vcr (6.1.0)
       activesupport (>= 5.0.0, < 8.0)
+      concurrent-ruby (~> 1.0)
       method_source (~> 1.0)
-    view_component_storybook (0.10.1)
+    view_component (2.74.0)
+      activesupport (>= 5.0.0, < 8.0)
+      concurrent-ruby (~> 1.0)
+      method_source (~> 1.0)
+    view_component_storybook (0.11.1)
       view_component (>= 2.36)
     warden (1.2.9)
       rack (>= 2.0.9)
-    web-console (4.1.0)
+    web-console (4.2.0)
       actionview (>= 6.0.0)
       activemodel (>= 6.0.0)
       bindex (>= 0.4.0)
       railties (>= 6.0.0)
-    webdrivers (5.0.0)
-      nokogiri (~> 1.6)
-      rubyzip (>= 1.3.0)
-      selenium-webdriver (~> 4.0)
-    webmock (3.14.0)
+    webmock (3.18.1)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
@@ -683,7 +691,7 @@ GEM
     websocket-extensions (0.1.5)
     whenever (1.0.0)
       chronic (>= 0.6.3)
-    wicked_pdf (2.1.0)
+    wicked_pdf (2.6.3)
       activesupport
     wkhtmltopdf-binary (0.12.6.5)
     xml-simple (1.1.8)
@@ -710,14 +718,12 @@ DEPENDENCIES
   angularjs-rails (= 1.8.0)
   arel-helpers (~> 2.12)
   awesome_nested_set
-  awesome_print
   aws-sdk-s3
   bigdecimal (= 3.0.2)
   bootsnap
   bugsnag
   bullet
-  byebug
-  cable_ready (= 5.0.0.pre3)
+  cable_ready (= 5.0.0.pre9)
   cancancan (~> 1.15.0)
   capybara
   catalog!
@@ -727,6 +733,7 @@ DEPENDENCIES
   database_cleaner
   db2fog!
   ddtrace
+  debug (>= 1.0.0)
   debugger-linecache
   devise
   devise-encryptable
@@ -776,7 +783,6 @@ DEPENDENCIES
   pdf-reader
   pg (~> 1.2.3)
   pry (~> 0.13.0)
-  pry-byebug (~> 3.9.0)
   puma
   rack-mini-profiler (< 3.0.0)
   rack-rewrite
@@ -784,6 +790,7 @@ DEPENDENCIES
   rack-timeout
   rails (>= 6.1.4)
   rails-controller-testing
+  rails-erd
   rails-i18n
   rails_safe_tasks (~> 1.0)
   ransack (= 2.4.2)
@@ -792,7 +799,7 @@ DEPENDENCIES
   responders
   rexml
   roadie-rails
-  roo!
+  roo
   rspec-rails (>= 3.5.2)
   rspec-retry
   rswag-api
@@ -802,7 +809,6 @@ DEPENDENCIES
   rubocop-rails
   sd_notify
   select2-rails!
-  selenium-webdriver
   shoulda-matchers
   sidekiq
   sidekiq-scheduler
@@ -811,18 +817,18 @@ DEPENDENCIES
   spring
   spring-commands-rspec
   state_machines-activerecord
+  stimulus_reflex (= 3.5.0.pre9)
   stringex (~> 2.8.5)
   stripe
   test-prof
   test-unit (~> 3.5)
   timecop
-  uglifier (>= 1.0.3)
   valid_email2
+  vcr
   view_component
   view_component_storybook
   web!
   web-console
-  webdrivers
   webmock
   webpacker (~> 5)
   whenever

README.md

@@ -39,7 +39,7 @@ We use [BrowserStack](https://www.browserstack.com/) as a manual testing tool. B
 
 ## Licence
 
-Copyright (c) 2012 - 2021 Open Food Foundation, released under the AGPL licence.
+Copyright (c) 2012 - 2022 Open Food Foundation, released under the AGPL licence.
 
 [survey]: https://docs.google.com/a/eaterprises.com.au/forms/d/1zxR5vSiU9CigJ9cEaC8-eJLgYid8CR8er7PPH9Mc-30/edit#
 [slack-invite]: https://join.slack.com/t/openfoodnetwork/shared_invite/zt-9sjkjdlu-r02kUMP1zbrTgUhZhYPF~A

app/assets/javascripts/admin/all.js

@@ -105,6 +105,8 @@
 //= require moment/locale/tr.js
 //= require moment/locale/pl.js
 
+//= require js-big-decimal/dist/web/js-big-decimal.min.js
+
 // foundation
 //= require ../shared/mm-foundation-tpls-0.9.0-20180826174721.min.js
 

app/assets/javascripts/admin/bulk_product_update.js.coffee

@@ -256,10 +256,10 @@ angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout
 
   $scope.packVariant = (product, variant) ->
     if variant.hasOwnProperty("unit_value_with_description")
-      match = variant.unit_value_with_description.match(/^([\d\.]+(?= |$)|)( |)(.*)$/)
+      match = variant.unit_value_with_description.match(/^([\d\.\,]+(?= |$)|)( |)(.*)$/)
       if match
         product = BulkProducts.find product.id
-        variant.unit_value  = parseFloat(match[1])
+        variant.unit_value  = parseFloat(match[1].replace(",", "."))
         variant.unit_value  = null if isNaN(variant.unit_value)
         variant.unit_value *= product.variant_unit_scale if variant.unit_value && product.variant_unit_scale
         variant.unit_description = match[3]

app/assets/javascripts/admin/directives/display_as.js.coffee

@@ -39,9 +39,9 @@ angular.module("ofn.admin").directive "ofnDisplayAs", (OptionValueNamer) ->
       # get relevant variant properties
       variant = scope.$eval(attrs.ofnDisplayAs) # Like this so we can switch between 'master' and 'variant'
       if variant.unit_value_with_description?
-        match = variant.unit_value_with_description.match(/^([\d\.]+(?= |$)|)( |)(.*)$/)
+        match = variant.unit_value_with_description.match(/^([\d\.\,]+(?= |$)|)( |)(.*)$/)
         if match
-          unit_value  = parseFloat(match[1])
+          unit_value  = parseFloat(match[1].replace(",", "."))
           unit_value  = null if isNaN(unit_value)
           unit_value *= variant_unit_scale if unit_value && variant_unit_scale
           unit_description = match[3]

app/assets/javascripts/admin/dropdown/directives/dropdown.js.coffee

@@ -10,6 +10,7 @@
           scope.$emit "offClick"
 
     element.click (event) ->
+      return if event.target.closest(".ofn-drop-down").classList.contains "disabled" || event.target.classList.contains "disabled" 
       if !scope.expanded
         event.stopPropagation()
         scope.deregistrationCallback = scope.$on "offClick", ->

app/assets/javascripts/admin/enterprise_groups/controllers/side_menu_controller.js.coffee

@@ -1,15 +0,0 @@
-angular.module("admin.enterprise_groups")
-  .controller "sideMenuCtrl", ($scope, SideMenu) ->
-    $scope.menu = SideMenu
-    $scope.select = SideMenu.select
-
-    $scope.menu.setItems [
-      { name: 'primary_details', label: t('primary_details'), icon_class: "icon-user" }
-      { name: 'users', label: t('users'), icon_class: "icon-user" }
-      { name: 'about', label: t('about'), icon_class: "icon-pencil" }
-      { name: 'images', label: t('images'), icon_class: "icon-picture" }
-      { name: 'contact', label: t('admin_enterprise_groups_contact'), icon_class: "icon-phone" }
-      { name: 'web', label: t('admin_enterprise_groups_web'), icon_class: "icon-globe" }
-    ]
-
-    $scope.select(0)

app/assets/javascripts/admin/enterprises/controllers/country_controller.js.coffee

@@ -1,20 +0,0 @@
-# Used in enterprise new and edit forms to reset the state when the country is changed
-angular.module("admin.enterprises").controller 'countryCtrl', ($scope, $timeout, availableCountries) ->
-  $scope.address_type = "address"
-  $scope.countries = availableCountries
-
-  $scope.countriesById = $scope.countries.reduce (obj, country) ->
-    obj[country.id] = country
-    obj
-  , {}
-
-  $timeout ->
-    $scope.$watch 'Enterprise.' + $scope.address_type + '.country_id', (newID, oldID) ->
-      $scope.clearState() unless $scope.addressStateMatchesCountry()
-
-  $scope.clearState = ->
-    $scope.Enterprise[$scope.address_type].state_id = null
-
-  $scope.addressStateMatchesCountry = ->
-    $scope.countriesById[$scope.Enterprise[$scope.address_type].country_id].states.some (state) ->
-      state.id == $scope.Enterprise[$scope.address_type].state_id

app/assets/javascripts/admin/enterprises/controllers/enterprise_controller.js.coffee

@@ -1,9 +1,8 @@
 angular.module("admin.enterprises")
-  .controller "enterpriseCtrl", ($scope, $http, $window, NavigationCheck, enterprise, Enterprises, EnterprisePaymentMethods, EnterpriseShippingMethods, SideMenu, StatusMessage, RequestMonitor) ->
+  .controller "enterpriseCtrl", ($scope, $http, $window, NavigationCheck, enterprise, Enterprises, EnterprisePaymentMethods, SideMenu, StatusMessage, RequestMonitor) ->
     $scope.Enterprise = enterprise
     $scope.Enterprises = Enterprises
     $scope.PaymentMethods = EnterprisePaymentMethods.paymentMethods
-    $scope.ShippingMethods = EnterpriseShippingMethods.shippingMethods
     $scope.navClear = NavigationCheck.clear
     $scope.menu = SideMenu
     $scope.newManager = { id: null, email: (t('add_manager')) }

app/assets/javascripts/admin/enterprises/controllers/permalink_controller.js.coffee

@@ -1,27 +0,0 @@
-angular.module("admin.enterprises")
-  .controller "permalinkCtrl", ($scope, PermalinkChecker) ->
-    # locals
-    initialPermalink = $scope.Enterprise.permalink
-    pendingRequest = null
-
-    # variables on $scope
-    $scope.availablility = ""
-    $scope.checking = false
-
-    $scope.$watch "Enterprise.permalink", (newValue, oldValue) ->
-      if newValue == initialPermalink
-        $scope.availability = ""
-        return
-
-      $scope.checking = true
-      pendingRequest = PermalinkChecker.check(newValue)
-
-      pendingRequest.then (data) ->
-        if data.permalink == initialPermalink
-          $scope.availability = ""
-        else
-          $scope.availability = data.available
-        $scope.Enterprise.permalink = data.permalink
-        $scope.checking = false
-      , (data) ->
-        # Do nothing (this is hopefully an aborted request)

app/assets/javascripts/admin/enterprises/controllers/side_menu_controller.js.coffee

@@ -1,49 +0,0 @@
-angular.module("admin.enterprises")
-  .controller "sideMenuCtrl", ($scope, $parse, enterprise, SideMenu, enterprisePermissions) ->
-    $scope.Enterprise = enterprise
-    $scope.menu = SideMenu
-    $scope.select = SideMenu.select
-
-    $scope.menu.setItems [
-      { name: 'primary_details', label: t('primary_details'), icon_class: "icon-home" }
-      { name: 'address', label: t('address'), icon_class: "icon-map-marker" }
-      { name: 'contact', label: t('contact'), icon_class: "icon-phone" }
-      { name: 'social', label: t('social'), icon_class: "icon-twitter" }
-      { name: 'about', label: t('about'), icon_class: "icon-pencil" }
-      { name: 'business_details', label: t('business_details'), icon_class: "icon-briefcase" }
-      { name: 'images', label: t('images'), icon_class: "icon-picture" }
-      { name: 'properties', label: t('properties'), icon_class: "icon-tags", show: "showProperties()" }
-      { name: 'shipping_methods', label: t('shipping_methods'), icon_class: "icon-truck", show: "showShippingMethods()" }
-      { name: 'payment_methods', label: t('payment_methods'), icon_class: "icon-money", show: "showPaymentMethods()" }
-      { name: 'enterprise_fees', label: t('enterprise_fees'), icon_class: "icon-tasks", show: "showEnterpriseFees()" }
-      { name: 'enterprise_permissions', label: t('enterprise_permissions'), icon_class: "icon-plug" }
-      { name: 'inventory_settings', label: t('inventory_settings'), icon_class: "icon-list-ol", show: "enterpriseIsShop()" }
-      { name: 'tag_rules', label: t('tag_rules'), icon_class: "icon-random", show: "enterpriseIsShop()" }
-      { name: 'shop_preferences', label: t('shop_preferences'), icon_class: "icon-shopping-cart", show: "enterpriseIsShop()" }
-      { name: 'users', label: t('users'), icon_class: "icon-user" }
-    ]
-
-    SideMenu.init()
-
-    $scope.showItem = (item) ->
-      if item.show?
-        $parse(item.show)($scope)
-      else
-        true
-
-    $scope.showProperties = ->
-      !!$scope.Enterprise.is_primary_producer
-
-    $scope.showShippingMethods = ->
-      enterprisePermissions.can_manage_shipping_methods && $scope.Enterprise.sells != "none"
-
-    $scope.showPaymentMethods = ->
-      enterprisePermissions.can_manage_payment_methods && $scope.Enterprise.sells != "none"
-
-    $scope.showEnterpriseFees = ->
-      enterprisePermissions.can_manage_enterprise_fees && ($scope.Enterprise.sells != "none" || $scope.Enterprise.is_primary_producer)
-
-    $scope.enterpriseIsShop = ->
-      $scope.Enterprise.sells != "none"
-
-    $scope.menu.redirect_function('enterprise_permissions', '/admin/enterprise_relationships')

app/assets/javascripts/admin/enterprises/services/enterprise_shipping_methods.js.coffee

@@ -1,20 +0,0 @@
-angular.module("admin.enterprises")
-  .factory "EnterpriseShippingMethods", (enterprise, ShippingMethods) ->
-    new class EnterpriseShippingMethods
-      shippingMethods: ShippingMethods.all
-
-      constructor: ->
-        for shipping_method in @shippingMethods
-          shipping_method.selected = shipping_method.id in enterprise.shipping_method_ids
-
-      displayColor: ->
-        if @shippingMethods.length > 0 && @selectedCount() > 0
-          "blue"
-        else
-          "red"
-
-      selectedCount: ->
-        @shippingMethods.reduce (count, shipping_method) ->
-          count++ if shipping_method.selected
-          count
-        , 0

app/assets/javascripts/admin/orders/controllers/bulk_cancel_controller.js.coffee

@@ -0,0 +1,14 @@
+angular.module("admin.orders").controller "bulkCancelCtrl", ($scope, $http, $timeout) ->
+
+  $scope.cancelOrder = (orderIds, sendEmailCancellation, restock_items) ->
+    $http(
+      method: 'post'
+      url: "/admin/orders/bulk_cancel?order_ids=#{orderIds}&send_cancellation_email=#{sendEmailCancellation}&restock_items=#{restock_items}" ).then(->
+        window.location.reload()
+      )
+
+  $scope.cancelSelectedOrders = ->
+    ofnCancelOrderAlert((confirm, sendEmailCancellation, restock_items) ->
+      if confirm
+        $scope.cancelOrder $scope.selected_orders, sendEmailCancellation, restock_items
+    )

app/assets/javascripts/admin/orders/controllers/order_controller.js.coffee

@@ -20,7 +20,7 @@ angular.module("admin.orders").controller "orderCtrl", ($scope, shops, orderCycl
     $scope.distributor_id && $scope.order_cycle_id
 
   for oc in $scope.orderCycles
-    oc.name_and_status = "#{oc.name} (#{oc.status})"
+    oc.name_and_status = "#{oc.name} (#{t("admin.order_cycles.status.#{oc.status}")})"
 
   for shop in $scope.shops
     shop.disabled = !$scope.distributorHasOrderCycles(shop)

app/assets/javascripts/admin/products/controllers/units_controller.js.coffee

@@ -32,7 +32,7 @@ angular.module("admin.products")
         if match
           $scope.product.master.unit_value  = PriceParser.parse(match[1])
           $scope.product.master.unit_value  = null if isNaN($scope.product.master.unit_value)
-          $scope.product.master.unit_value *= $scope.product.variant_unit_scale if $scope.product.master.unit_value && $scope.product.variant_unit_scale
+          $scope.product.master.unit_value = window.bigDecimal.multiply($scope.product.master.unit_value, $scope.product.variant_unit_scale, 2) if $scope.product.master.unit_value && $scope.product.variant_unit_scale
           $scope.product.master.unit_description = match[3]
       else
         value = $scope.product.master.unit_value

app/assets/javascripts/admin/products/controllers/variant_units_controller.js.coffee

@@ -23,10 +23,10 @@ angular.module("admin.products").controller "variantUnitsCtrl", ($scope, Variant
 
   $scope.updateValue = ->
     unit_value_human = angular.element('#unit_value_human').val()
-    $scope.unit_value = PriceParser.parse(unit_value_human) * $scope.scale
+    $scope.unit_value = bigDecimal.multiply(PriceParser.parse(unit_value_human), $scope.scale, 2)
 
   variant_unit_value = angular.element('#variant_unit_value').val()
-  $scope.unit_value_human = variant_unit_value / $scope.scale
+  $scope.unit_value_human = parseFloat(bigDecimal.divide(variant_unit_value, $scope.scale, 2))
 
   $timeout -> $scope.processUnitPrice()
   $timeout -> $scope.updateValue()

app/assets/javascripts/admin/products/services/product_image_service.js.coffee

@@ -13,3 +13,9 @@ angular.module("ofn.admin").factory "ProductImageService", (FileUploader, SpreeA
       @imageUploader.onSuccessItem = (image, response) =>
         product.thumb_url = response.thumb_url
         product.image_url = response.image_url
+      @imageUploader.onErrorItem = (image, response) =>
+        if Array.isArray(response.errors)
+          message = response.errors.join("\n")
+        else
+          message = response.error.toString()
+        alert(message)

app/assets/javascripts/admin/shipping_methods/controllers/shipping_methods_controller.js.coffee

@@ -1,3 +0,0 @@
-angular.module("admin.shippingMethods").controller "shippingMethodsCtrl", ($scope, ShippingMethods) ->
-  $scope.findShippingMethodByID = (id) ->
-    $scope.ShippingMethod = ShippingMethods.byID[id]

app/assets/javascripts/admin/spree/orders/shipments.js.erb

@@ -39,25 +39,94 @@ $(document).ready(function() {
   }
   $('[data-hook=admin_order_edit_form] a.save-method').click(handle_shipping_method_save);
 
-  //handle tracking edit click
+  //handle tracking info edit/delete
+
+  // Show the input field to edit the tracking info
+  // And hide the input field when cancel is clicked
   $('a.edit-tracking').click(toggleTrackingEdit);
   $('a.cancel-tracking').click(toggleTrackingEdit);
 
-  handle_tracking_save = function(){
-    var link = $(this);
-    var shipment_number = link.data('shipment-number');
-    var tracking = link.parents('tbody').find('input#tracking').val();
-    var url = Spree.url( Spree.routes.orders_api + "/" + order_number + "/shipments/" + shipment_number + ".json");
+  saveTrackingInfo = function(){
+    let shipmentNumber = $(this).data('shipment-number');
+    let tracking = document.getElementById('tracking').value
 
+    makeApiCall(trackingUrl(shipmentNumber), { shipment: { tracking: tracking } } )
+  }
+
+  deleteTrackingInfo = function(){
+    let shipmentNumber = $(this).data('shipment-number');
+    let tracking = ''
+
+    confirmDelete(trackingUrl(shipmentNumber), { shipment: { tracking: tracking } })
+  }
+
+  trackingUrl = function(shipmentNumber){
+    return Spree.url( Spree.routes.orders_api + "/" + order_number + "/shipments/" + shipmentNumber + ".json");
+  }
+
+  $('[data-hook=admin_order_edit_form] a.save-tracking').click(saveTrackingInfo);
+  $('[data-hook=admin_order_edit_form] a.delete-tracking').click(deleteTrackingInfo);
+
+  // handle note edit/delete
+
+  // Show the input field to edit the note
+  // And hide the input field when cancel is clicked
+  $('a.edit-note.icon-edit').click(toggleNoteEdit);
+  $('a.cancel-note').click(toggleNoteEdit);
+
+  saveNote = function(){
+    let note = document.getElementById('note').value
+    makeApiCall(getNoteUrl(), { note: note })
+  }
+
+  deleteNote = function(){
+    let note = ''
+    confirmDelete(getNoteUrl(), { note: note })
+  }
+
+  getNoteUrl = function(){
+    return Spree.url( Spree.routes.orders_api + "/" + order_number);
+  }
+
+  confirmDelete = function(url, params){
+    displayDeleteAlert(function(confirmation) {
+      if (confirmation) {
+        makeApiCall(url, params)
+      }
+    }); 
+  }
+
+  $('[data-hook=admin_order_edit_form] a.save-note').click(saveNote);
+  $('[data-hook=admin_order_edit_form] a.delete-note').click(deleteNote);
+
+  // Makes API call for notes/tracking info
+  makeApiCall = function(url, params) {
     $.ajax({
       type: "PUT",
       url: url,
-      data: { shipment: { tracking: tracking } }
+      data: params
     }).done(function( msg ) {
       window.location.reload();
     }).error(function( msg ) {
       console.log(msg);
     });
   }
-  $('[data-hook=admin_order_edit_form] a.save-tracking').click(handle_tracking_save);
+
+  displayDeleteAlert = function(callback) {
+    i18nKey = "are_you_sure";
+    $('#custom-confirm .message').html(
+      ` ${t(i18nKey)}
+              <div class="form">
+              </div>`);
+    $('#custom-confirm button.confirm').unbind( "click" ).click(() => {
+      $('#custom-confirm').hide();
+      callback(true);
+    });
+    $('#custom-confirm button.cancel').click(() => {
+      $('#custom-confirm').hide();
+      callback(false)
+    });
+    $('#custom-confirm').show();
+  }
+
 });

app/assets/javascripts/admin/spree/orders/variant_autocomplete.js.erb

@@ -141,8 +141,26 @@ doAdjustItems = function(shipment_number, variant_id, quantity, inventory_units,
 
 toggleTrackingEdit = function(){
   var link = $(this);
-  link.parents('tbody').find('tr.edit-tracking').toggle();
-  link.parents('tbody').find('tr.show-tracking').toggle();
+  var parent_node = link.parents('tbody')
+  let input = parent_node.find('#tracking')[0]
+  parent_node.find('tr.edit-tracking').toggle();
+  // Set focus on input and
+  // put cursor at it's end
+  input.focus()
+  input.setSelectionRange(-1, -1)
+  parent_node.find('tr.show-tracking').toggle();
+}
+
+toggleNoteEdit = function(){
+  var link = $(this);
+  var parent_node = link.parents('tbody')
+  let input = parent_node.find('#note')[0]
+  parent_node.find('tr.edit-note').toggle();
+  // Set focus on input and
+  // put cursor at it's end
+  input.focus()
+  input.setSelectionRange(-1, -1)
+  parent_node.find('tr.show-note').toggle();
 }
 
 toggleMethodEdit = function(){

app/assets/javascripts/admin/subscriptions/directives/new_subscription_dialog.js.coffee

@@ -1,29 +0,0 @@
-angular.module("admin.subscriptions").directive 'newSubscriptionDialog', ($rootScope, $compile, $window, $templateCache, DialogDefaults, shops) ->
-  restrict: 'A'
-  scope: true
-  link: (scope, element, attr) ->
-    scope.submitted = false
-    scope.shops = shops
-    scope.shop_id = null
-
-    scope.newSubscription = ->
-      scope.new_subscription_form.$setPristine()
-      scope.submitted = true
-      if scope.shop_id?
-        $window.location.href = "/admin/subscriptions/new?subscription[shop_id]=#{scope.shop_id}"
-      return
-
-    # Compile modal template
-    template = $compile($templateCache.get('admin/new_subscription_dialog.html'))(scope)
-
-    # Set Dialog options
-    template.dialog(DialogDefaults)
-
-    # Link opening of dialog to click event on element
-    element.bind 'click', (e) ->
-      if shops.length == 1
-        scope.shop_id = shops[0].id
-        scope.newSubscription()
-      else
-        template.dialog('open')
-        $rootScope.$evalAsync()

app/assets/javascripts/admin/utils/directives/tags_with_translation.js.coffee

@@ -3,6 +3,7 @@ angular.module("admin.utils").directive "tagsWithTranslation", ($timeout) ->
   templateUrl: "admin/tags_input.html"
   scope:
     object: "="
+    form: "="
     tagsAttr: "@?"
     tagListAttr: "@?"
     findTags: "&"
@@ -18,7 +19,15 @@ angular.module("admin.utils").directive "tagsWithTranslation", ($timeout) ->
       scope.limitReached = scope.object[scope.tagsAttr].length >= scope.max if scope.max != undefined
       scope.object[scope.tagListAttr] = (tag.text for tag in scope.object[scope.tagsAttr]).join(",")
 
+    scope.$watch "object", (newObject) -> 
+      scope.object = newObject
+      init()
+
     $timeout ->
+      init()
+    
+    init = ->
+      return unless scope.object
       # Initialize properties if necessary
       scope.tagsAttr ||= "tags"
       scope.tagListAttr ||= "tag_list"

app/assets/javascripts/admin/utils/services/errors_parser.js.coffee

@@ -5,15 +5,16 @@ angular.module("admin.utils").factory "ErrorsParser", ->
       return defaultContent unless errors?
 
       errorsString = ""
-      if errors.length > 0
+      if Array.isArray(errors)
         # it is an array of errors
         errorsString = errors.join("\n") + "\n"
-      else
+      else if typeof errors == "object"
         # it is a hash of errors
         keys = Object.keys(errors)
         for key in keys
           errorsString += errors[key].join("\n") + "\n"
-
+      else # string
+        errorsString = errors
       this.defaultIfEmpty(errorsString, defaultContent)
 
     defaultIfEmpty: (content, defaultContent) =>

app/assets/javascripts/darkswarm/controllers/credit_cards_controller.js.coffee

@@ -20,3 +20,6 @@ angular.module('Darkswarm').controller "CreditCardsCtrl", ($scope, $http, Credit
     ).finally ->
       window.location.reload()
 
+
+  $scope.hasOneDefaultSavedCards = () ->
+    $scope.savedCreditCards.some((card) -> card.is_default)

app/assets/javascripts/darkswarm/directives/off_canvas_wrap.js.coffee

@@ -26,4 +26,8 @@ angular.module('mm.foundation.offcanvas').directive 'offCanvasWrap', ($window) -
       # Bind hiding of the off-canvas that only happens when screen width is over 1024px.
       win.bind 'resize.body', ->
         isolatedScope.hide() if $(window).width() > 1024
+
+      win.bind 'click.body', (e) ->
+        if e.target.closest(".left-off-canvas-menu") == null && e.target.closest(".left-off-canvas-toggle") == null
+          isolatedScope.hide()
   }

app/assets/javascripts/templates/admin/new_subscription_dialog.html.haml

@@ -1,14 +0,0 @@
-#new-subscription-dialog
-  .text-normal.margin-bottom-30.text-center
-    = t('js.admin.subscriptions.new.please_select_a_shop')
-
-  %form{ name: 'new_subscription_form', novalidate: true, ng: { submit: "newSubscription()" }}
-
-    .text-center.margin-bottom-30
-      %input.ofn-select2.fullwidth#new_subscription_shop_id{ ng: { model: 'shop_id' }, required: true, name: 'shop_id', data: 'shops' }
-      %div{ ng: { show: "submitted && new_subscription_form.$pristine" } }
-        .error{ ng: { show: "new_subscription_form.shop_id.$error.required" } }
-          = t('js.admin.subscriptions.new.please_select_a_shop')
-
-    .text-center
-      %input.button.red.icon-plus{ type: 'submit', value: t('continue') }

app/assets/javascripts/templates/partials/contact.html.haml

@@ -1,8 +1,12 @@
 %div.contact-container
-  %div.modal-centered{"ng-if" => "::enterprise.email_address || enterprise.website || enterprise.phone"}
+  %div.modal-centered{"ng-if" => "::enterprise.email_address || enterprise.website || enterprise.phone || enterprise.whatsapp_phone"}
     %p.modal-header {{'contact' | t}}
     %p{"ng-if" => "::enterprise.phone", "ng-bind" => "::enterprise.phone"}
 
+    %p{"ng-if" => "::enterprise.whatsapp_phone"}
+      %img{ src: image_path("/map_icons/social-logos/whatsapp.svg") }
+      %a{"ng-href" => "{{::enterprise.whatsapp_url}}", target: "_blank", "ng-bind" => "::enterprise.whatsapp_phone"}
+
     %p{"ng-if" => "::enterprise.email_address"}
       %a{"ng-href" => "{{::enterprise.email_address | stripUrl}}", target: "_blank", mailto: true}
         %span.obfuscatedEmail.email{"ng-bind" => "::enterprise.email_address | stripUrl"}

app/assets/javascripts/templates/price_breakdown.html.haml

@@ -9,19 +9,19 @@
         %span{"ng-bind" => "::'item_cost' | t"}
       %li{"ng-if" => "::variant.fees.admin"}
         .right {{ ::variant.fees.admin | localizeCurrency }}
-        %span{"ng-bind" => "::'admin_fee' | t"}
+        %span{"ng-bind" => "::variant.fees_name.admin"}
       %li{"ng-if" => "::variant.fees.sales"}
         .right {{ ::variant.fees.sales | localizeCurrency }}
-        %span{"ng-bind" => "::'sales_fee' | t"}
+        %span{"ng-bind" => "::variant.fees_name.sales"}
       %li{"ng-if" => "::variant.fees.packing"}
         .right {{ ::variant.fees.packing | localizeCurrency }}
-        %span{"ng-bind" => "::'packing_fee' | t"}
+        %span{"ng-bind" => "::variant.fees_name.packing"}
       %li{"ng-if" => "::variant.fees.transport"}
         .right {{ ::variant.fees.transport | localizeCurrency }}
-        %span{"ng-bind" => "::'transport_fee' | t"}
+        %span{"ng-bind" => "::variant.fees_name.transport"}
       %li{"ng-if" => "::variant.fees.fundraising"}
         .right {{ ::variant.fees.fundraising | localizeCurrency }}
-        %span{"ng-bind" => "::'fundraising_fee' | t"}
+        %span{"ng-bind" => "::variant.fees_name.fundraising"}
       %li
         %strong
           .right = {{ ::variant.price_with_fees | localizeCurrency }}

app/channels/application_cable/channel.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module ApplicationCable
+  class Channel < ActionCable::Channel::Base
+  end
+end

app/channels/application_cable/connection.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module ApplicationCable
+  class Connection < ActionCable::Connection::Base
+    identified_by :session_id, :current_user
+
+    def connect
+      # initializes Warden after a cold start, in case you're visitor #1
+      env["warden"].authenticated?
+      # the problem with only using session is that users often login on multiple devices
+      self.current_user = env["warden"].user
+      # the problem with only using user is that sometimes you might want to use SR before you login
+      self.session_id = request.session.id
+      # and so, we recommend using both
+
+      # this assumes that you want to enable SR for unauthenticated users
+      reject_unauthorized_connection unless current_user || session_id
+
+      # if you want to disable SR for unauthenticated users,
+      # comment out the line above and uncomment the line below
+      # reject_unauthorized_connection unless current_user
+    end
+  end
+end

app/controllers/admin/enterprises_controller.rb

@@ -7,6 +7,7 @@ require 'open_food_network/order_cycle_permissions'
 module Admin
   class EnterprisesController < Admin::ResourceController
     include GeocodeEnterpriseAddress
+    include CablecarResponses
 
     # These need to run before #load_resource so that @object is initialised with sanitised values
     prepend_before_action :override_owner, only: :create
@@ -44,7 +45,12 @@ module Admin
     def edit
       @object = Enterprise.where(permalink: params[:id]).
         includes(users: [:ship_address, :bill_address]).first
-      super
+      if params[:stimulus]
+        @enterprise.is_primary_producer = params[:is_primary_producer]
+        @enterprise.sells = params[:enterprise_sells]
+        render operations: cable_car.morph("#side_menu", partial("admin/shared/side_menu"))
+          .morph("#permalink", partial("admin/enterprises/form/permalink"))
+      end
     end
 
     def welcome

app/controllers/admin/invoice_settings_controller.rb

@@ -19,6 +19,7 @@ module Admin
         :enable_invoices?,
         :invoice_style2?,
         :enable_receipt_printing?,
+        :enterprise_number_required_on_invoices?,
       )
     end
   end

app/controllers/admin/order_cycles_controller.rb

@@ -2,10 +2,10 @@
 
 module Admin
   class OrderCyclesController < Admin::ResourceController
-    include OrderCyclesHelper
+    include ::OrderCyclesHelper
     include PaperTrailLogging
 
-    prepend_before_action :set_order_cycle_id, only: [:incoming, :outgoing]
+    prepend_before_action :set_order_cycle_id, only: [:incoming, :outgoing, :checkout_options]
     before_action :load_data_for_index, only: :index
     before_action :require_coordinator, only: :new
     before_action :remove_protected_attrs, only: [:update]
@@ -67,10 +67,12 @@ module Admin
         update_nil_subscription_line_items_price_estimate(@order_cycle)
         respond_to do |format|
           flash[:notice] = I18n.t(:order_cycles_update_notice) if params[:reloading] == '1'
-          format.html { redirect_back(fallback_location: root_path) }
+          format.html { redirect_to_after_update_path }
           format.json { render json: { success: true } }
         end
-      else
+      elsif request.format.html?
+        render :checkout_options
+      elsif request.format.json?
         render json: { errors: @order_cycle.errors.full_messages }, status: :unprocessable_entity
       end
     end
@@ -190,6 +192,16 @@ module Admin
       end
     end
 
+    def redirect_to_after_update_path
+      if params[:context] == "checkout_options" && params[:save]
+        redirect_to main_app.admin_order_cycle_checkout_options_path(@order_cycle)
+      elsif params[:context] == "checkout_options" && params[:save_and_back_to_list]
+        redirect_to main_app.admin_order_cycles_path
+      else
+        redirect_back(fallback_location: root_path)
+      end
+    end
+
     def require_coordinator
       @order_cycle.coordinator =
         permitted_coordinating_enterprises_for(@order_cycle).find_by(id: params[:coordinator_id])

app/controllers/api/v0/orders_controller.rb

@@ -26,6 +26,13 @@ module Api
         }
       end
 
+      def update
+        authorize! :admin, order
+
+        order.update!(order_params)
+        render json: order, serializer: Api::OrderDetailedSerializer, current_order: order
+      end
+
       def ship
         authorize! :admin, order
 
@@ -72,6 +79,10 @@ module Api
           includes(line_items: { variant: [:product, :stock_items, :default_price] }).
           first!
       end
+
+      def order_params
+        params.permit(:note)
+      end
     end
   end
 end

app/controllers/api/v0/product_images_controller.rb

@@ -6,20 +6,21 @@ module Api
       respond_to :json
 
       def update_product_image
-        @product = Spree::Product.find(params[:product_id])
-        authorize! :update, @product
+        product = Spree::Product.find(params[:product_id])
+        authorize! :update, product
 
-        if @product.images.first.nil?
-          @image = Spree::Image.create(
-            attachment: params[:file],
-            viewable_id: @product.master.id,
-            viewable_type: 'Spree::Variant'
-          )
-          render json: @image, serializer: ImageSerializer, status: :created
+        image = product.images.first || Spree::Image.new(
+          viewable_id: product.master.id,
+          viewable_type: 'Spree::Variant'
+        )
+
+        success_status = image.persisted? ? :ok : :created
+
+        if image.update(attachment: params[:file])
+          render json: image, serializer: ImageSerializer, status: success_status
         else
-          @image = @product.images.first
-          @image.update(attachment: params[:file])
-          render json: @image, serializer: ImageSerializer, status: :ok
+          error_json = { errors: image.errors.full_messages }
+          render json: error_json, status: :unprocessable_entity
         end
       end
     end

app/controllers/api/v1/customers_controller.rb

@@ -5,9 +5,10 @@ require 'open_food_network/permissions'
 module Api
   module V1
     class CustomersController < Api::V1::BaseController
+      include AddressTransformation
+
       skip_authorization_check only: :index
 
-      before_action :set_customer, only: [:show, :update, :destroy]
       before_action :authorize_action, only: [:show, :update, :destroy]
 
       def index
@@ -17,44 +18,44 @@ module Api
       end
 
       def show
-        render json: Api::V1::CustomerSerializer.new(@customer, include_options)
+        render json: Api::V1::CustomerSerializer.new(customer, include_options)
       end
 
       def create
         authorize! :update, Enterprise.find(customer_params[:enterprise_id])
-        @customer = Customer.new(customer_params)
+        customer = Customer.new(customer_params)
 
-        if @customer.save
-          render json: Api::V1::CustomerSerializer.new(@customer), status: :created
+        if customer.save
+          render json: Api::V1::CustomerSerializer.new(customer), status: :created
         else
-          invalid_resource! @customer
+          invalid_resource! customer
         end
       end
 
       def update
-        if @customer.update(customer_params)
-          render json: Api::V1::CustomerSerializer.new(@customer)
+        if customer.update(customer_params)
+          render json: Api::V1::CustomerSerializer.new(customer)
         else
-          invalid_resource! @customer
+          invalid_resource! customer
         end
       end
 
       def destroy
-        if @customer.destroy
-          render json: Api::V1::CustomerSerializer.new(@customer)
+        if customer.destroy
+          render json: Api::V1::CustomerSerializer.new(customer)
         else
-          invalid_resource! @customer
+          invalid_resource! customer
         end
       end
 
       private
 
-      def set_customer
-        @customer = Customer.find(params[:id])
+      def customer
+        @customer ||= Customer.find(params[:id])
       end
 
       def authorize_action
-        authorize! action_name.to_sym, @customer
+        authorize! action_name.to_sym, customer
       end
 
       def search_customers
@@ -77,7 +78,8 @@ module Api
             :phone, :latitude, :longitude,
             :first_name, :last_name,
             :street_address_1, :street_address_2,
-            :postal_code, :locality, :region, :country,
+            :postal_code, :locality,
+            { region: [:name, :code], country: [:name, :code] },
           ]
         ).to_h
 
@@ -89,39 +91,6 @@ module Api
         attributes
       end
 
-      def transform_address!(attributes, from, to)
-        return unless attributes.key?(from)
-
-        address = attributes.delete(from)
-
-        if address.nil?
-          attributes[to] = nil
-          return
-        end
-
-        address.transform_keys! do |key|
-          {
-            phone: :phone, latitude: :latitude, longitude: :longitude,
-            first_name: :firstname, last_name: :lastname,
-            street_address_1: :address1, street_address_2: :address2,
-            postal_code: :zipcode,
-            locality: :city,
-            region: :state_name,
-            country: :country,
-          }.with_indifferent_access[key]
-        end
-
-        if address[:state_name].present?
-          address[:state] = Spree::State.find_by(name: address[:state_name])
-        end
-
-        if address[:country].present?
-          address[:country] = Spree::Country.find_by(name: address[:country])
-        end
-
-        attributes["#{to}_attributes"] = address
-      end
-
       def editable_enterprises
         OpenFoodNetwork::Permissions.new(current_api_user).editable_enterprises.select(:id)
       end

app/controllers/application_controller.rb

@@ -165,8 +165,9 @@ class ApplicationController < ActionController::Base
     return unless current_spree_user.disabled
 
     flash[:success] = nil
-    flash.now[:error] = I18n.t("devise.failure.disabled")
+    flash[:error] = I18n.t("devise.failure.disabled")
     sign_out current_spree_user
+    redirect_to main_app.root_path
   end
 end
 

app/controllers/base_controller.rb

@@ -16,12 +16,7 @@ class BaseController < ApplicationController
   private
 
   def set_order_cycles
-    unless @distributor.ready_for_checkout?
-      @order_cycles = OrderCycle.where('false')
-      return
-    end
-
-    @order_cycles = Shop::OrderCyclesList.new(@distributor, current_customer).call
+    @order_cycles = Shop::OrderCyclesList.ready_for_checkout_for(@distributor, current_customer)
 
     set_order_cycle
   end

app/controllers/concerns/address_transformation.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+# Our internal data structures are different to the API data strurctures.
+module AddressTransformation
+  extend ActiveSupport::Concern
+
+  def transform_address!(attributes, from, to)
+    return unless attributes.key?(from)
+
+    address = attributes.delete(from)
+
+    if address.nil?
+      attributes[to] = nil
+      return
+    end
+
+    address.transform_keys! do |key|
+      {
+        phone: :phone, latitude: :latitude, longitude: :longitude,
+        first_name: :firstname, last_name: :lastname,
+        street_address_1: :address1, street_address_2: :address2,
+        postal_code: :zipcode,
+        locality: :city,
+        region: :state,
+        country: :country,
+      }.with_indifferent_access[key]
+    end
+
+    address[:state] = find_state(address) if address[:state].present?
+    address[:country] = find_country(address) if address[:country].present?
+
+    attributes["#{to}_attributes"] = address
+  end
+
+  private
+
+  def find_state(address)
+    Spree::State.find_by("LOWER(abbr) = ? OR LOWER(name) = ?",
+                         address.dig(:state, :code)&.downcase,
+                         address.dig(:state, :name)&.downcase)
+  end
+
+  def find_country(address)
+    Spree::Country.find_by("LOWER(iso) = ? OR LOWER(name) = ?",
+                           address.dig(:country, :code)&.downcase,
+                           address.dig(:country, :name)&.downcase)
+  end
+end

app/controllers/concerns/order_stock_check.rb

@@ -26,7 +26,10 @@ module OrderStockCheck
     current_order.set_order_cycle! nil
 
     flash[:info] = I18n.t('order_cycle_closed')
-    redirect_to main_app.shop_path
+    respond_to do |format|
+      format.json { render json: { path: main_app.shop_path }, status: :see_other }
+      format.html { redirect_to main_app.shop_path, status: :see_other }
+    end
   end
 
   private

app/controllers/errors_controller.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class ErrorsController < ApplicationController
+  layout "errors"
+
+  def not_found
+    render status: :not_found
+  end
+
+  def internal_server_error
+    render status: :internal_server_error
+  end
+
+  def unprocessable_entity
+    render status: :unprocessable_entity
+  end
+end

app/controllers/split_checkout_controller.rb

@@ -21,6 +21,10 @@ class SplitCheckoutController < ::BaseController
 
   def edit
     redirect_to_step_based_on_order unless params[:step]
+    check_step if params[:step]
+    recalculate_tax if params[:step] == "summary"
+
+    flash_error_when_no_shipping_method_available if available_shipping_methods.none?
   end
 
   def update
@@ -45,6 +49,10 @@ class SplitCheckoutController < ::BaseController
 
   private
 
+  def flash_error_when_no_shipping_method_available
+    flash[:error] = I18n.t('split_checkout.errors.no_shipping_methods_available')
+  end
+
   def clear_invalid_payments
     @order.payments.with_state(:invalid).delete_all
   end
@@ -145,4 +153,18 @@ class SplitCheckoutController < ::BaseController
     end
     redirect_to_step_based_on_order
   end
+
+  def check_step
+    case @order.state
+    when "cart", "address", "delivery"
+      redirect_to checkout_step_path(:details) unless params[:step] == "details"
+    when "payment"
+      redirect_to checkout_step_path(:payment) if params[:step] == "summary"
+    end
+  end
+
+  def recalculate_tax
+    @order.create_tax_charge!
+    @order.update_order!
+  end
 end

app/controllers/spree/admin/orders_controller.rb

@@ -42,6 +42,10 @@ module Spree
           @order.update_order!
         end
 
+        if params[:set_distribution_step] && @order.update(order_params)
+          return redirect_to spree.admin_order_customer_path(@order)
+        end
+
         unless order_params.present? && @order.update(order_params) && @order.line_items.present?
           if @order.line_items.empty? && !params[:suppress_error_msg]
             @order.errors.add(:line_items, Spree.t('errors.messages.blank'))
@@ -55,7 +59,7 @@ module Spree
           redirect_to spree.edit_admin_order_path(@order)
         else
           # Jump to next step if order is not complete
-          redirect_to spree.admin_order_customer_path(@order)
+          redirect_to spree.admin_order_payments_path(@order)
         end
       end
 
@@ -63,6 +67,18 @@ module Spree
         load_spree_api_key
       end
 
+      def bulk_cancel
+        order_ids = params[:order_ids].split(',')
+
+        Spree::Order.where(id: order_ids).find_each do |order|
+          order.send_cancellation_email = params[:send_cancellation_email] != "false"
+          order.restock_items = params.fetch(:restock_items, "true") == "true"
+          order.cancel
+        end
+
+        flash[:success] = Spree.t(:order_updated)
+      end
+
       def fire
         event = params[:e]
         @order.send_cancellation_email = params[:send_cancellation_email] != "false"
@@ -126,7 +142,7 @@ module Spree
       end
 
       def require_distributor_abn
-        return if @order.distributor.abn.present?
+        return if @order.distributor.can_invoice?
 
         flash[:error] = t(:must_have_valid_business_number,
                           enterprise_name: @order.distributor.name)

app/controllers/spree/admin/search_controller.rb

@@ -18,19 +18,28 @@ module Spree
       end
 
       def customers
-        @customers = []
-        if spree_current_user.enterprises.pluck(:id).include? search_params[:distributor_id].to_i
-          @customers = Customer.
-            ransack(m: 'or', email_start: search_params[:q], first_name_start: search_params[:q],
-                    last_name_start: search_params[:q]).
-            result.
-            where(enterprise_id: search_params[:distributor_id].to_i)
-        end
-        render json: @customers, each_serializer: ::Api::Admin::CustomerSerializer
+        render json: load_customers, each_serializer: ::Api::Admin::CustomerSerializer
       end
 
       private
 
+      def load_customers
+        return [] unless valid_enterprise_given?
+
+        Customer.ransack(
+          m: 'or', email_start: search_params[:q],
+          first_name_start: search_params[:q], last_name_start: search_params[:q]
+        ).result.where(enterprise_id: search_params[:distributor_id].to_i)
+      end
+
+      def valid_enterprise_given?
+        return true if spree_current_user.admin?
+
+        spree_current_user.enterprises.where(
+          id: search_params[:distributor_id].to_i
+        ).present?
+      end
+
       def ransack_hash
         {
           m: 'or',

app/controllers/spree/admin/users_controller.rb

@@ -48,30 +48,11 @@ module Spree
             @user.spree_roles = roles.reject(&:blank?).collect{ |r| Spree::Role.find(r) }
           end
 
-          message = if new_email_unconfirmed?
-                      Spree.t(:email_updated)
-                    else
-                      Spree.t(:account_updated)
-                    end
-          flash.now[:success] = message
+          flash.now[:success] = update_message
         end
         render :edit
       end
 
-      def generate_api_key
-        if @user.generate_spree_api_key!
-          flash[:success] = t('spree.api.key_generated')
-        end
-        redirect_to spree.edit_admin_user_path(@user)
-      end
-
-      def clear_api_key
-        if @user.clear_spree_api_key!
-          flash[:success] = t('spree.api.key_cleared')
-        end
-        redirect_to spree.edit_admin_user_path(@user)
-      end
-
       protected
 
       def collection
@@ -100,6 +81,16 @@ module Spree
 
       private
 
+      def update_message
+        return Spree.t(:show_api_key_view_toggled) if @user.show_api_key_view_previously_changed?
+
+        if new_email_unconfirmed?
+          Spree.t(:email_updated)
+        else
+          Spree.t(:account_updated)
+        end
+      end
+
       # handling raise from Admin::ResourceController#destroy
       def user_destroy_with_orders_error
         render status: :forbidden, text: Spree.t(:error_user_destroy_with_orders)
@@ -137,7 +128,9 @@ module Spree
       end
 
       def user_params
-        ::PermittedAttributes::User.new(params).call([:enterprise_limit])
+        ::PermittedAttributes::User.new(params).call(
+          %i[enterprise_limit show_api_key_view]
+        )
       end
     end
   end

app/controllers/spree/api_keys_controller.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+
+module Spree
+  class ApiKeysController < ::BaseController
+    include Spree::Core::ControllerHelpers
+    include I18nHelper
+
+    prepend_before_action :load_object
+
+    def create
+      @user.generate_api_key
+
+      if @user.save
+        flash[:success] = t('spree.api.key_generated')
+      end
+
+      redirect_to redirect_path
+    end
+
+    def destroy
+      @user.spree_api_key = nil
+
+      if @user.save
+        flash[:success] = t('spree.api.key_cleared')
+      end
+
+      redirect_to redirect_path
+    end
+
+    private
+
+    def load_object
+      @user ||= find_user
+      if @user
+        authorize! params[:action].to_sym, @user
+      else
+        redirect_to main_app.login_path
+      end
+    end
+
+    def find_user
+      Spree::User.find_by(id: params[:id]) || spree_current_user
+    end
+
+    def redirect_path
+      if request.referer.blank? || request.referer.include?(spree.account_path)
+        developer_settings_path
+      else
+        request.referer
+      end
+    end
+
+    def developer_settings_path
+      "#{spree.account_path}#/developer_settings"
+    end
+  end
+end

app/controllers/spree/credit_cards_controller.rb

@@ -49,7 +49,10 @@ module Spree
 
       # Using try because we may not have a card here
       if @credit_card.try(:destroy)
-        remove_shop_authorizations if @credit_card.is_default
+        if @credit_card.is_default
+          remove_shop_authorizations
+          mark_as_default_next_credit_card if credit_cards_with_payment_profile.count > 0
+        end
         flash[:success] = I18n.t(:card_has_been_removed, number: "x-#{@credit_card.last_digits}")
       else
         flash[:error] = I18n.t(:card_could_not_be_removed)
@@ -67,6 +70,14 @@ module Spree
       @credit_card.user.customers.update_all(allow_charges: false)
     end
 
+    def mark_as_default_next_credit_card
+      credit_cards_with_payment_profile.first.update(is_default: true)
+    end
+
+    def credit_cards_with_payment_profile
+      spree_current_user.credit_cards.with_payment_profile
+    end
+
     def create_customer(token)
       Stripe::Customer.create(email: spree_current_user.email, source: token)
     end

app/controllers/spree/orders_controller.rb

@@ -4,6 +4,7 @@ module Spree
   class OrdersController < ::BaseController
     include OrderCyclesHelper
     include Rails.application.routes.url_helpers
+    include CablecarResponses
 
     layout 'darkswarm'
 
@@ -99,7 +100,8 @@ module Spree
       else
         flash[:error] = I18n.t(:orders_could_not_cancel)
       end
-      redirect_to request.referer || main_app.order_path(@order)
+      render status: :found,
+             operations: cable_car.redirect_to(url: request.referer || main_app.order_path(@order))
     end
 
     private

app/controllers/spree/user_sessions_controller.rb

@@ -16,6 +16,7 @@ module Spree
     prepend_before_action :handle_unconfirmed_email
     before_action :set_checkout_redirect, only: :create
     after_action :ensure_valid_locale_persisted, only: :create
+    skip_before_action :check_disabled_user
 
     def create
       authenticate_spree_user!

app/controllers/spree/users_controller.rb

@@ -78,7 +78,7 @@ module Spree
 
     def load_object
       @user ||= spree_current_user
-      if @user
+      if @user && !@user.disabled
         authorize! params[:action].to_sym, @user
       else
         redirect_to main_app.login_path

app/helpers/admin/enterprise_groups_helper.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Admin
+  module EnterpriseGroupsHelper
+    def enterprise_group_side_menu_items
+      [
+        { name: 'primary_details', icon_class: "icon-user", selected: "selected" },
+        { name: 'users', icon_class: "icon-user" },
+        { name: 'about', icon_class: "icon-pencil" },
+        { name: 'images', icon_class: "icon-picture" },
+        { name: 'contact', icon_class: "icon-phone" },
+        { name: 'web', icon_class: "icon-globe" },
+      ]
+    end
+  end
+end

app/helpers/admin/enterprises_helper.rb

@@ -13,5 +13,34 @@ module Admin
     def select_only_item(producers)
       producers.size == 1 ? producers.first.id : nil
     end
+
+    def enterprise_side_menu_items(enterprise)
+      is_shop = enterprise.sells != "none"
+      show_properties = !!enterprise.is_primary_producer
+      show_shipping_methods = can?(:manage_shipping_methods, enterprise) && is_shop
+      show_payment_methods = can?(:manage_payment_methods, enterprise) && is_shop
+      show_enterprise_fees = can?(:manage_enterprise_fees,
+                                  enterprise) && (is_shop || enterprise.is_primary_producer)
+
+      [
+        { name: 'primary_details', icon_class: "icon-home", show: true, selected: 'selected' },
+        { name: 'address', icon_class: "icon-map-marker", show: true },
+        { name: 'contact', icon_class: "icon-phone", show: true },
+        { name: 'social',  icon_class: "icon-twitter", show: true },
+        { name: 'about',   icon_class: "icon-pencil", show: true, form_name: "about_us" },
+        { name: 'business_details', icon_class: "icon-briefcase", show: true },
+        { name: 'images', icon_class: "icon-picture", show: true },
+        { name: 'properties', icon_class: "icon-tags", show: show_properties },
+        { name: 'shipping_methods', icon_class: "icon-truck", show: show_shipping_methods },
+        { name: 'payment_methods',  icon_class: "icon-money", show: show_payment_methods },
+        { name: 'enterprise_fees',  icon_class: "icon-tasks", show: show_enterprise_fees },
+        { name: 'enterprise_permissions', icon_class: "icon-plug", show: true,
+          href: admin_enterprise_relationships_path },
+        { name: 'inventory_settings', icon_class: "icon-list-ol", show: is_shop },
+        { name: 'tag_rules', icon_class: "icon-random", show: is_shop },
+        { name: 'shop_preferences', icon_class: "icon-shopping-cart", show: is_shop },
+        { name: 'users', icon_class: "icon-user", show: true }
+      ]
+    end
   end
 end

app/helpers/checkout_helper.rb

@@ -70,10 +70,13 @@ module CheckoutHelper
   def display_checkout_taxes_hash(order)
     totals = OrderTaxAdjustmentsFetcher.new(order).totals
 
-    totals.each_with_object({}) do |(tax_rate, tax_amount), hash|
-      hash[number_to_percentage(tax_rate.amount * 100, precision: 1)] =
-        Spree::Money.new tax_amount, currency: order.currency
-    end
+    totals.map do |tax_rate, tax_amount|
+      {
+        amount: Spree::Money.new(tax_amount, currency: order.currency),
+        percentage: number_to_percentage(tax_rate.amount * 100, precision: 1),
+        rate_amount: tax_rate.amount,
+      }
+    end.sort_by { |tax| tax[:rate_amount] }
   end
 
   def display_line_item_tax_rates(line_item)

app/helpers/enterprises_helper.rb

@@ -14,15 +14,7 @@ module EnterprisesHelper
   end
 
   def available_shipping_methods
-    return [] if current_distributor.blank?
-
-    shipping_methods = current_distributor.shipping_methods.display_on_checkout.to_a
-
-    applicator = OpenFoodNetwork::TagRuleApplicator.new(current_distributor,
-                                                        "FilterShippingMethods", current_customer&.tag_list)
-    applicator.filter!(shipping_methods)
-
-    shipping_methods.uniq
+    OrderAvailableShippingMethods.new(current_order, current_customer).to_a
   end
 
   def available_payment_methods

app/helpers/order_cycles_helper.rb

@@ -56,10 +56,6 @@ module OrderCyclesHelper
     @simple_index ||= !OpenFoodNetwork::Permissions.new(spree_current_user).can_manage_complex_order_cycles?
   end
 
-  def order_cycles_simple_form
-    @order_cycles_simple_form ||= @order_cycle.coordinator.sells == 'own'
-  end
-
   def pickup_time(order_cycle = current_order_cycle)
     order_cycle.exchanges.to_enterprises(current_distributor).outgoing.first.pickup_time
   end

app/helpers/spree/admin/orders_helper.rb

@@ -44,6 +44,14 @@ module Spree
         end
       end
 
+      def print_invoice_link
+        if @order.distributor.can_invoice?
+          print_invoice_link_with_url
+        else
+          notify_about_required_enterprise_number
+        end
+      end
+
       def ticket_links
         return [] unless Spree::Config[:enable_receipt_printing?]
 
@@ -78,13 +86,20 @@ module Spree
           confirm: t(:must_have_valid_business_number, enterprise_name: @order.distributor.name) }
       end
 
-      def print_invoice_link
+      def print_invoice_link_with_url
         { name: t(:print_invoice),
           url: spree.print_admin_order_path(@order),
           icon: 'icon-print',
           target: "_blank" }
       end
 
+      def notify_about_required_enterprise_number
+        { name: t(:print_invoice),
+          url: "#",
+          icon: 'icon-print',
+          confirm: t(:must_have_valid_business_number, enterprise_name: @order.distributor.name) }
+      end
+
       def print_ticket_link
         { name: t(:print_ticket),
           url: print_ticket_admin_order_path(@order),

app/json_schemas/customer_schema.rb

@@ -41,8 +41,8 @@ class CustomerSchema < JsonApiSchema
       street_address_2: "",
       postal_code: "1234",
       locality: "Melbourne",
-      region: "Victoria",
-      country: "Australia",
+      region: { code: "Vic", name: "Victoria" },
+      country: { code: "AU", name: "Australia" },
     }
   end
 

app/models/customer.rb

@@ -1,5 +1,12 @@
 # frozen_string_literal: true
 
+# A customer record is created the first time a person orders from a shop.
+#
+# It's a relationship between a user and an enterprise but for guest orders it
+# can also be between an email address and an enterprise.
+#
+# The main purpose is tagging of customers to access private shops, receive
+# discounts et cetera. A customer record is also needed for subscriptions.
 class Customer < ApplicationRecord
   include SetUnusedAddressFields
 
@@ -7,10 +14,10 @@ class Customer < ApplicationRecord
 
   searchable_attributes :first_name, :last_name, :email, :code
 
-  belongs_to :enterprise
+  belongs_to :enterprise, optional: false
   belongs_to :user, class_name: "Spree::User"
   has_many :orders, class_name: "Spree::Order"
-  before_destroy :check_for_orders
+  before_destroy :update_orders_and_delete_canceled_subscriptions
 
   belongs_to :bill_address, class_name: "Spree::Address"
   alias_attribute :billing_address, :bill_address
@@ -26,7 +33,6 @@ class Customer < ApplicationRecord
   validates :code, uniqueness: { scope: :enterprise_id, allow_nil: true }
   validates :email, presence: true, 'valid_email_2/email': true,
                     uniqueness: { scope: :enterprise_id, message: I18n.t('validation_msg_is_associated_with_an_exising_customer') }
-  validates :enterprise, presence: true
 
   scope :of, ->(enterprise) { where(enterprise_id: enterprise) }
 
@@ -52,10 +58,12 @@ class Customer < ApplicationRecord
     self.user = user || Spree::User.find_by(email: email)
   end
 
-  def check_for_orders
-    return true unless orders.any?
-
-    errors.add(:base, I18n.t('admin.customers.destroy.has_associated_orders'))
-    throw :abort
+  def update_orders_and_delete_canceled_subscriptions
+    if Subscription.where(customer_id: id).not_canceled.any?
+      errors.add(:base, I18n.t('admin.customers.destroy.has_associated_subscriptions'))
+      throw :abort
+    end
+    Subscription.where(customer_id: id).destroy_all
+    orders.update_all(customer_id: nil)
   end
 end

app/models/enterprise.rb

@@ -84,8 +84,8 @@ class Enterprise < ApplicationRecord
   has_one_attached :promo_image
   has_one_attached :terms_and_conditions
 
-  validates :logo, content_type: %r{\Aimage/.*\Z}
-  validates :promo_image, content_type: %r{\Aimage/.*\Z}
+  validates :logo, content_type: %r{\Aimage/(png|jpeg|gif|jpg|svg\+xml|webp)\Z}
+  validates :promo_image, content_type: %r{\Aimage/(png|jpeg|gif|jpg|svg\+xml|webp)\Z}
   validates :terms_and_conditions, content_type: {
     in: "application/pdf",
     message: I18n.t(:enterprise_terms_and_conditions_type_error),
@@ -120,6 +120,7 @@ class Enterprise < ApplicationRecord
     joins(:shipping_methods).
       joins(:payment_methods).
       merge(Spree::PaymentMethod.available).
+      merge(Spree::ShippingMethod.frontend).
       select('DISTINCT enterprises.*')
   }
   scope :not_ready_for_checkout, lambda {
@@ -312,6 +313,10 @@ class Enterprise < ApplicationRecord
     correct_instagram_url self[:instagram]
   end
 
+  def whatsapp_url
+    correct_whatsapp_url self[:whatsapp_phone]
+  end
+
   def inventory_variants
     if prefers_product_selection_from_inventory_only?
       Spree::Variant.visible_for(self)
@@ -383,7 +388,7 @@ class Enterprise < ApplicationRecord
   end
 
   def ready_for_checkout?
-    shipping_methods.any? && payment_methods.available.any?
+    shipping_methods.frontend.any? && payment_methods.available.any?
   end
 
   def self.find_available_permalink(test_permalink)
@@ -408,6 +413,8 @@ class Enterprise < ApplicationRecord
   end
 
   def can_invoice?
+    return true unless Spree::Config.enterprise_number_required_on_invoices?
+
     abn.present?
   end
 
@@ -446,6 +453,10 @@ class Enterprise < ApplicationRecord
     url&.sub(%r{(https?://)?}, '')
   end
 
+  def correct_whatsapp_url(phone_number)
+    phone_number && "https://wa.me/" + phone_number.tr('+ ', '')
+  end
+
   def correct_instagram_url(url)
     url && strip_url(url).sub(%r{www.instagram.com/}, '').delete("@")
   end

app/models/enterprise_group.rb

@@ -28,8 +28,8 @@ class EnterpriseGroup < ApplicationRecord
   has_one_attached :logo
   has_one_attached :promo_image
 
-  validates :logo, content_type: %r{\Aimage/.*\Z}
-  validates :promo_image, content_type: %r{\Aimage/.*\Z}
+  validates :logo, content_type: %r{\Aimage/(png|jpeg|gif|jpg|svg\+xml|webp)\Z}
+  validates :promo_image, content_type: %r{\Aimage/(png|jpeg|gif|jpg|svg\+xml|webp)\Z}
 
   scope :by_position, -> { order('position ASC') }
   scope :on_front_page, -> { where(on_front_page: true) }

app/models/order_cycle.rb

@@ -22,9 +22,11 @@ class OrderCycle < ApplicationRecord
 
   has_many :suppliers, -> { distinct }, source: :sender, through: :cached_incoming_exchanges
   has_many :distributors, -> { distinct }, source: :receiver, through: :cached_outgoing_exchanges
-
   has_many :order_cycle_schedules
   has_many :schedules, through: :order_cycle_schedules
+  has_and_belongs_to_many :selected_distributor_shipping_methods,
+                          class_name: 'DistributorShippingMethod',
+                          join_table: 'order_cycles_distributor_shipping_methods'
   has_paper_trail meta: { custom_data: proc { |order_cycle| order_cycle.schedule_ids.to_s } }
 
   attr_accessor :incoming_exchanges, :outgoing_exchanges
@@ -150,6 +152,20 @@ class OrderCycle < ApplicationRecord
     ]
   end
 
+  def attachable_payment_methods
+    Spree::PaymentMethod.available(:both).
+      joins("INNER JOIN distributors_payment_methods
+             ON payment_method_id = spree_payment_methods.id").
+      where("distributor_id IN (?)", distributor_ids).
+      distinct
+  end
+
+  def attachable_distributor_shipping_methods
+    DistributorShippingMethod.joins(:shipping_method).
+      merge(Spree::ShippingMethod.frontend).
+      where("distributor_id IN (?)", distributor_ids)
+  end
+
   def clone!
     oc = dup
     oc.name = I18n.t("models.order_cycle.cloned_order_cycle_name", order_cycle: oc.name)
@@ -161,6 +177,9 @@ class OrderCycle < ApplicationRecord
     oc.schedule_ids = schedule_ids
     oc.save!
     exchanges.each { |e| e.clone!(oc) }
+    oc.selected_distributor_shipping_method_ids = (
+      attachable_distributor_shipping_methods.map(&:id) & selected_distributor_shipping_method_ids
+    )
     sync_subscriptions
     oc.reload
   end
@@ -274,6 +293,22 @@ class OrderCycle < ApplicationRecord
     items.each { |li| scoper.scope(li.variant) }
   end
 
+  def distributor_shipping_methods
+    if simple? || selected_distributor_shipping_methods.none?
+      attachable_distributor_shipping_methods
+    else
+      attachable_distributor_shipping_methods.where(
+        "distributors_shipping_methods.id IN (?) OR distributor_id NOT IN (?)",
+        selected_distributor_shipping_methods.map(&:id),
+        selected_distributor_shipping_methods.map(&:distributor_id)
+      )
+    end
+  end
+
+  def simple?
+    coordinator.sells == 'own'
+  end
+
   private
 
   def opening?

app/models/proxy_order.rb

@@ -5,7 +5,7 @@
 # This reduces the need to keep Orders in sync with their parent Subscriptions
 
 class ProxyOrder < ApplicationRecord
-  belongs_to :order, class_name: 'Spree::Order', dependent: :destroy
+  belongs_to :order, class_name: 'Spree::Order'
   belongs_to :subscription
   belongs_to :order_cycle
 

app/models/spree/ability.rb

@@ -99,7 +99,7 @@ module Spree
           item.order.changes_allowed?
       end
 
-      can [:cancel], Spree::Order do |order|
+      can [:cancel, :bulk_cancel], Spree::Order do |order|
         order.user == user
       end
 
@@ -243,7 +243,9 @@ module Spree
     end
 
     def add_order_cycle_management_abilities(user)
-      can [:admin, :index, :read, :edit, :update, :incoming, :outgoing], OrderCycle do |order_cycle|
+      can [
+        :admin, :index, :read, :edit, :update, :incoming, :outgoing, :checkout_options
+      ], OrderCycle do |order_cycle|
         OrderCycle.visible_by(user).include? order_cycle
       end
       can [:admin, :index, :create], Schedule

app/models/spree/app_configuration.rb

@@ -129,6 +129,7 @@ module Spree
     preference :enable_invoices?, :boolean, default: true
     preference :invoice_style2?, :boolean, default: false
     preference :enable_receipt_printing?, :boolean, default: false
+    preference :enterprise_number_required_on_invoices?, :boolean, default: true
 
     # Stripe payments
     preference :stripe_connect_enabled, :boolean, default: false

app/models/spree/image.rb

@@ -11,15 +11,19 @@ module Spree
 
     has_one_attached :attachment
 
-    validates :attachment, attached: true, content_type: %r{\Aimage/.*\Z}
+    validates :attachment, attached: true, content_type: %r{\Aimage/(png|jpeg|gif|jpg|svg\+xml|webp)\Z}
     validate :no_attachment_errors
 
     def variant(name)
-      attachment.variant(SIZES[name])
+      if attachment.variable?
+        attachment.variant(SIZES[name])
+      else
+        attachment
+      end
     end
 
     def url(size)
-      return unless attachment.variable?
+      return unless attachment.attached?
 
       Rails.application.routes.url_helpers.url_for(variant(size))
     end

app/models/spree/order.rb

@@ -433,7 +433,7 @@ module Spree
       all_adjustments.destroy_all
       payments.clear
       shipments.destroy_all
-      restart_checkout_flow if state == "payment"
+      restart_checkout_flow if state.in?(["payment", "confirmation"])
     end
 
     def state_changed(name)
@@ -704,43 +704,12 @@ module Spree
     end
 
     def require_customer?
-      return false if new_record? || state == 'cart'
-
-      true
-    end
-
-    def customer_is_valid?
-      return true unless require_customer?
-
-      customer.present? && customer.enterprise_id == distributor_id && customer.email == email_for_customer
-    end
-
-    def email_for_customer
-      (user&.email || email)&.downcase
-    end
-
-    def associate_customer
-      return customer if customer.present?
-
-      Customer.of(distributor).find_by(email: email_for_customer)
-    end
-
-    def create_customer
-      return if customer_is_valid?
-
-      Customer.create(
-        enterprise: distributor,
-        email: email_for_customer,
-        user: user,
-        first_name: bill_address&.first_name.to_s,
-        last_name: bill_address&.last_name.to_s,
-        bill_address: bill_address&.clone,
-        ship_address: ship_address&.clone
-      )
+      persisted? && state != "cart"
     end
 
     def ensure_customer
-      self.customer = associate_customer || create_customer
+      self.customer ||= CustomerSyncer.find_and_update_customer(self)
+      self.customer ||= CustomerSyncer.create_customer(self) if require_customer?
     end
 
     def update_adjustment!(adjustment)

app/models/spree/shipping_method.rb

@@ -3,7 +3,10 @@
 module Spree
   class ShippingMethod < ApplicationRecord
     include CalculatedAdjustments
-    DISPLAY = [:both, :front_end, :back_end].freeze
+    DISPLAY_ON_OPTIONS = {
+      both: "",
+      back_end: "back_end"
+    }.freeze
 
     acts_as_paranoid
     acts_as_taggable
@@ -27,6 +30,7 @@ module Spree
     validates :name, presence: true
     validate :distributor_validation
     validate :at_least_one_shipping_category
+    validates :display_on, inclusion: { in: DISPLAY_ON_OPTIONS.values }, allow_nil: true
 
     after_save :touch_distributors
 
@@ -51,9 +55,6 @@ module Spree
     }
 
     scope :by_name, -> { order('spree_shipping_methods.name ASC') }
-    scope :display_on_checkout, -> {
-      where("spree_shipping_methods.display_on is null OR spree_shipping_methods.display_on = ''")
-    }
 
     # Here we allow checkout with shipping methods without zones (see issue #3928 for details)
     #   and also checkout with addresses outside of the zones of the selected shipping method
@@ -101,16 +102,26 @@ module Spree
       ]
     end
 
-    def self.on_backend_query
-      "#{table_name}.display_on != 'front_end' OR #{table_name}.display_on IS NULL"
+    def self.backend
+      where(display_on: DISPLAY_ON_OPTIONS[:back_end])
     end
 
-    def self.on_frontend_query
-      "#{table_name}.display_on != 'back_end' OR #{table_name}.display_on IS NULL"
+    def self.frontend
+      where(display_on: [nil, ""])
     end
 
     private
 
+    def no_active_or_upcoming_order_cycle_distributors_with_only_one_shipping_method?
+      return true if new_record?
+
+      distributors.
+        with_order_cycles_as_distributor_outer.
+        merge(OrderCycle.active.or(OrderCycle.upcoming)).none? do |distributor|
+        distributor.shipping_method_ids.one?
+      end
+    end
+
     def at_least_one_shipping_category
       return unless shipping_categories.empty?
 

app/models/spree/shipping_rate.rb

@@ -8,14 +8,7 @@ module Spree
     scope :frontend,
           -> {
             includes(:shipping_method).
-              where(ShippingMethod.on_frontend_query).
-              references(:shipping_method).
-              order("cost ASC")
-          }
-    scope :backend,
-          -> {
-            includes(:shipping_method).
-              where(ShippingMethod.on_backend_query).
+              merge(ShippingMethod.frontend).
               references(:shipping_method).
               order("cost ASC")
           }

app/models/spree/user.rb

@@ -71,6 +71,10 @@ module Spree
       set_reset_password_token
     end
 
+    def generate_api_key
+      self.spree_api_key = SecureRandom.hex(24)
+    end
+
     def known_users
       if admin?
         Spree::User.where(nil)
@@ -132,16 +136,6 @@ module Spree
       end
     end
 
-    def generate_spree_api_key!
-      self.spree_api_key = SecureRandom.hex(24)
-      save!
-    end
-
-    def clear_spree_api_key!
-      self.spree_api_key = nil
-      save!
-    end
-
     def last_incomplete_spree_order
       spree_orders.incomplete.where(created_by_id: id).order('created_at DESC').first
     end

app/models/spree/variant.rb

@@ -172,6 +172,11 @@ module Spree
       OpenFoodNetwork::EnterpriseFeeCalculator.new(distributor, order_cycle).fees_by_type_for self
     end
 
+    def fees_name_by_type_for(distributor, order_cycle)
+      OpenFoodNetwork::EnterpriseFeeCalculator.new(distributor,
+                                                   order_cycle).fees_name_by_type_for self
+    end
+
     def option_value(opt_name)
       option_values.detect { |o| o.option_type.name == opt_name }.try(:presentation)
     end

app/models/subscription.rb

@@ -17,9 +17,9 @@ class Subscription < ApplicationRecord
   belongs_to :payment_method, class_name: 'Spree::PaymentMethod'
   belongs_to :bill_address, class_name: "Spree::Address"
   belongs_to :ship_address, class_name: "Spree::Address"
-  has_many :subscription_line_items, inverse_of: :subscription
+  has_many :subscription_line_items, inverse_of: :subscription, dependent: :destroy
   has_many :order_cycles, through: :schedule
-  has_many :proxy_orders
+  has_many :proxy_orders, dependent: :destroy
   has_many :orders, through: :proxy_orders
 
   alias_attribute :billing_address, :bill_address

app/reflexes/application_reflex.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class ApplicationReflex < StimulusReflex::Reflex
+  # Put application-wide Reflex behavior and callbacks in this file.
+  #
+  # Learn more at: https://docs.stimulusreflex.com/rtfm/reflex-classes
+  #
+  # If your ActionCable connection is: `identified_by :current_user`
+  #   delegate :current_user, to: :connection
+  #
+  # If you need to localize your Reflexes, you can set the I18n locale here:
+  #
+  #   before_reflex do
+  #     I18n.locale = :fr
+  #   end
+  #
+  # For code examples, considerations and caveats, see:
+  # https://docs.stimulusreflex.com/rtfm/patterns#internationalization
+end

app/serializers/api/cached_enterprise_serializer.rb

@@ -14,9 +14,9 @@ module Api
 
     attributes :name, :id, :description, :latitude, :longitude,
                :long_description, :website, :instagram, :linkedin, :twitter,
-               :facebook, :is_primary_producer, :is_distributor, :phone, :visible,
-               :email_address, :hash, :logo, :promo_image, :path, :pickup, :delivery,
-               :icon, :icon_font, :producer_icon_font, :category
+               :facebook, :is_primary_producer, :is_distributor, :phone, :whatsapp_phone,
+               :whatsapp_url, :visible, :email_address, :hash, :logo, :promo_image, :path, :pickup,
+               :delivery, :icon, :icon_font, :producer_icon_font, :category
 
     attributes :taxons, :supplied_taxons
 

app/serializers/api/enterprise_shopfront_serializer.rb

@@ -7,9 +7,9 @@ module Api
 
     attributes :name, :id, :description, :latitude, :longitude, :long_description, :website,
                :instagram, :linkedin, :twitter, :facebook, :is_primary_producer, :is_distributor,
-               :phone, :visible, :email_address, :hash, :logo, :promo_image, :path, :category,
-               :active, :producers, :orders_close_at, :hubs, :taxons, :supplied_taxons, :pickup,
-               :delivery, :preferred_product_low_stock_display
+               :phone, :whatsapp_phone, :whatsapp_url, :visible, :email_address, :hash, :logo,
+               :promo_image, :path, :category, :active, :producers, :orders_close_at, :hubs,
+               :taxons, :supplied_taxons, :pickup, :delivery, :preferred_product_low_stock_display
 
     has_one :address, serializer: Api::AddressSerializer
     has_many :supplied_properties, serializer: Api::PropertySerializer

app/serializers/api/v1/address_serializer.rb

@@ -11,8 +11,18 @@ module Api
       attribute :street_address_2, &:address2
       attribute :postal_code, &:zipcode
       attribute :locality, &:city
-      attribute :region, &:state_name
-      attribute :country, ->(object, _) { object.country.name }
+      attribute :region do |object|
+        {
+          name: object.state.name,
+          code: object.state.abbr,
+        }
+      end
+      attribute :country do |object|
+        {
+          name: object.country.name,
+          code: object.country.iso,
+        }
+      end
     end
   end
 end

app/serializers/api/variant_serializer.rb

@@ -4,7 +4,8 @@ class Api::VariantSerializer < ActiveModel::Serializer
   attributes :id, :is_master, :product_name, :sku,
              :options_text, :unit_value, :unit_description, :unit_to_display,
              :display_as, :display_name, :name_to_display,
-             :price, :on_demand, :on_hand, :fees, :price_with_fees,
+             :price, :on_demand, :on_hand,
+             :fees, :fees_name, :price_with_fees,
              :tag_list, :thumb_url,
              :unit_price_price, :unit_price_unit
 
@@ -15,6 +16,10 @@ class Api::VariantSerializer < ActiveModel::Serializer
       object.fees_by_type_for(options[:current_distributor], options[:current_order_cycle])
   end
 
+  def fees_name
+    object.fees_name_by_type_for(options[:current_distributor], options[:current_order_cycle])
+  end
+
   def price_with_fees
     if options[:enterprise_fee_calculator]
       object.price + options[:enterprise_fee_calculator].indexed_fees_for(object)

app/services/customer_syncer.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+# Create, find and update customer records.
+#
+# P.S.: I almost couldn't resist to call this CustomerService.
+class CustomerSyncer
+  def self.find_and_update_customer(order)
+    find_customer(order).tap { |customer| synchronise_email(order, customer) }
+  end
+
+  def self.find_customer(order)
+    order.user&.customers&.of(order.distributor)&.first ||
+      Customer.of(order.distributor).find_by(email: customer_email(order))
+  end
+
+  def self.synchronise_email(order, customer)
+    email = order.user&.email
+
+    return unless email && customer && email != customer.email
+
+    duplicate = Customer.find_by(email: email, enterprise: order.distributor)
+
+    if duplicate.present?
+      Spree::Order.where(customer_id: duplicate.id).update_all(customer_id: customer.id)
+      Subscription.where(customer_id: duplicate.id).update_all(customer_id: customer.id)
+
+      duplicate.destroy
+    end
+
+    customer.update(email: email)
+  end
+
+  def self.create_customer(order)
+    Customer.create(
+      enterprise: order.distributor,
+      email: customer_email(order),
+      user: order.user,
+      first_name: order.bill_address&.first_name.to_s,
+      last_name: order.bill_address&.last_name.to_s,
+      bill_address: order.bill_address&.clone,
+      ship_address: order.ship_address&.clone
+    )
+  end
+
+  def self.customer_email(order)
+    (order.user&.email || order.email)&.downcase
+  end
+end

app/services/embedded_page_service.rb

@@ -68,12 +68,12 @@ class EmbeddedPageService
   end
 
   def current_referer
-    return if @request.referer.blank?
-
-    uri = URI(@request.referer)
-    return if uri.host.blank?
+    uri = URI.parse(@request.referer)
+    return unless uri.is_a?(URI::HTTP) && uri.host.present?
 
     uri.host.downcase
+  rescue URI::InvalidURIError
+    false
   end
 
   def current_referer_without_www

app/services/order_available_shipping_methods.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+class OrderAvailableShippingMethods
+  attr_reader :order, :customer
+
+  delegate :distributor,
+           :order_cycle,
+           to: :order
+
+  def initialize(order, customer = nil)
+    @order, @customer = order, customer
+  end
+
+  def to_a
+    return [] if distributor.blank?
+
+    shipping_methods = shipping_methods_before_tag_rules_applied
+
+    applicator = OpenFoodNetwork::TagRuleApplicator.new(distributor,
+                                                        "FilterShippingMethods", customer&.tag_list)
+    applicator.filter!(shipping_methods)
+
+    shipping_methods.uniq
+  end
+
+  private
+
+  def shipping_methods_before_tag_rules_applied
+    if order_cycle.nil? || order_cycle.simple?
+      distributor.shipping_methods
+    else
+      distributor.shipping_methods.where(
+        id: order_cycle.distributor_shipping_methods.select(:shipping_method_id)
+      )
+    end.frontend.to_a
+  end
+end

app/services/order_cart_reset.rb

@@ -30,11 +30,10 @@ class OrderCartReset
     return unless current_user
 
     order.associate_user!(current_user) if order.user.blank? || order.email.blank?
-    order.__send__(:associate_customer) if order.customer.nil? # Only associates existing customers
   end
 
   def reset_order_cycle(current_customer)
-    listed_order_cycles = Shop::OrderCyclesList.new(distributor, current_customer).call
+    listed_order_cycles = Shop::OrderCyclesList.active_for(distributor, current_customer)
 
     if order_cycle_not_listed?(order.order_cycle, listed_order_cycles)
       order.order_cycle = nil

app/services/order_cycle_form.rb

@@ -8,9 +8,13 @@ class OrderCycleForm
   def initialize(order_cycle, order_cycle_params, user)
     @order_cycle = order_cycle
     @order_cycle_params = order_cycle_params
+    @specified_params = order_cycle_params.keys
     @user = user
     @permissions = OpenFoodNetwork::Permissions.new(user)
     @schedule_ids = order_cycle_params.delete(:schedule_ids)
+    @selected_distributor_shipping_method_ids = order_cycle_params.delete(
+      :selected_distributor_shipping_method_ids
+    )
   end
 
   def save
@@ -20,13 +24,15 @@ class OrderCycleForm
 
     order_cycle.transaction do
       order_cycle.save!
-      order_cycle.schedule_ids = schedule_ids
+      order_cycle.schedule_ids = schedule_ids if parameter_specified?(:schedule_ids)
       order_cycle.save!
       apply_exchange_changes
+      attach_selected_distributor_shipping_methods
       sync_subscriptions
       true
     end
-  rescue ActiveRecord::RecordInvalid
+  rescue ActiveRecord::RecordInvalid => e
+    add_exception_to_order_cycle_errors(e)
     false
   end
 
@@ -34,24 +40,50 @@ class OrderCycleForm
 
   attr_accessor :order_cycle, :order_cycle_params, :user, :permissions
 
+  def add_exception_to_order_cycle_errors(exception)
+    error = exception.message.split(":").last.strip
+    order_cycle.errors.add(:base, error) if order_cycle.errors.to_a.exclude?(error)
+  end
+
   def apply_exchange_changes
     return if exchanges_unchanged?
 
     OpenFoodNetwork::OrderCycleFormApplicator.new(order_cycle, user).go!
   end
 
+  def attach_selected_distributor_shipping_methods
+    return if @selected_distributor_shipping_method_ids.nil?
+
+    order_cycle.reload # so outgoing exchanges are up-to-date for shipping method validations
+    order_cycle.selected_distributor_shipping_method_ids = selected_distributor_shipping_method_ids
+    order_cycle.save!
+  end
+
+  def attachable_distributor_shipping_method_ids
+    @attachable_distributor_shipping_method_ids ||= order_cycle.attachable_distributor_shipping_methods.map(&:id)
+  end
+
   def exchanges_unchanged?
     [:incoming_exchanges, :outgoing_exchanges].all? do |direction|
       order_cycle_params[direction].nil?
     end
   end
 
-  def schedule_ids?
-    @schedule_ids.present?
+  def selected_distributor_shipping_method_ids
+    @selected_distributor_shipping_method_ids = (
+      attachable_distributor_shipping_method_ids &
+      @selected_distributor_shipping_method_ids.reject(&:blank?).map(&:to_i)
+    )
+
+    if attachable_distributor_shipping_method_ids.sort == @selected_distributor_shipping_method_ids.sort
+      @selected_distributor_shipping_method_ids = []
+    end
+
+    @selected_distributor_shipping_method_ids
   end
 
   def build_schedule_ids
-    return unless schedule_ids?
+    return unless parameter_specified?(:schedule_ids)
 
     result = existing_schedule_ids
     result |= (requested_schedule_ids & permitted_schedule_ids) # Add permitted and requested
@@ -60,7 +92,7 @@ class OrderCycleForm
   end
 
   def sync_subscriptions
-    return unless schedule_ids?
+    return unless parameter_specified?(:schedule_ids)
     return unless schedule_sync_required?
 
     OrderManagement::Subscriptions::ProxyOrderSyncer.new(subscriptions_to_sync).sync!
@@ -78,6 +110,10 @@ class OrderCycleForm
     @schedule_ids.map(&:to_i)
   end
 
+  def parameter_specified?(key)
+    @specified_params.map(&:to_s).include?(key.to_s)
+  end
+
   def permitted_schedule_ids
     Schedule.where(id: requested_schedule_ids | existing_schedule_ids)
       .merge(permissions.editable_schedules).pluck(:id)

app/services/permitted_attributes/checkout.rb

@@ -12,9 +12,9 @@ module PermittedAttributes
           :email, :special_instructions,
           :existing_card_id, :shipping_method_id,
           { payments_attributes: [
-            :payment_method_id,
-            { source_attributes: PermittedAttributes::PaymentSource.attributes }
-          ],
+              :payment_method_id,
+              { source_attributes: PermittedAttributes::PaymentSource.attributes }
+            ],
             ship_address_attributes: PermittedAttributes::Address.attributes,
             bill_address_attributes: PermittedAttributes::Address.attributes }
         ],

app/services/permitted_attributes/enterprise.rb

@@ -25,10 +25,10 @@ module PermittedAttributes
     def self.basic_permitted_attributes
       [
         :id, :name, :visible, :permalink, :owner_id, :contact_name, :email_address, :phone,
-        :is_primary_producer, :sells, :website, :facebook, :instagram, :linkedin, :twitter,
-        :description, :long_description, :logo, :promo_image, :terms_and_conditions,
-        :allow_guest_orders, :allow_order_changes, :require_login, :enable_subscriptions,
-        :abn, :acn, :charges_sales_tax, :display_invoice_logo, :invoice_text,
+        :whatsapp_phone, :is_primary_producer, :sells, :website, :facebook, :instagram, :linkedin,
+        :twitter, :description, :long_description, :logo, :promo_image, :terms_and_conditions,
+        :allow_guest_orders, :allow_order_changes, :require_login, :enable_subscriptions, :abn,
+        :acn, :charges_sales_tax, :display_invoice_logo, :invoice_text,
         :preferred_product_selection_from_inventory_only, :preferred_shopfront_message,
         :preferred_shopfront_closed_message, :preferred_shopfront_taxon_order,
         :preferred_shopfront_producer_order, :preferred_shopfront_order_cycle_order,

app/services/permitted_attributes/order_cycle.rb

@@ -17,7 +17,7 @@ module PermittedAttributes
         :name, :orders_open_at, :orders_close_at, :coordinator_id,
         :preferred_product_selection_from_coordinator_inventory_only,
         :automatic_notifications,
-        { schedule_ids: [], coordinator_fee_ids: [] }
+        { schedule_ids: [], selected_distributor_shipping_method_ids: [], coordinator_fee_ids: [] }
       ]
     end
 

app/services/sets/product_set.rb

@@ -97,6 +97,7 @@ module Sets
       variants_attributes.each do |attributes|
         create_or_update_variant(product, attributes)
       end
+      product.errors.empty?
     end
 
     def create_or_update_variant(product, variant_attributes)
@@ -114,6 +115,11 @@ module Sets
 
       variant = product.variants.create(variant_attributes)
 
+      if variant.errors.present?
+        product.errors.merge!(variant.errors)
+        return false
+      end
+
       begin
         variant.on_demand = on_demand if on_demand.present?
         variant.on_hand = on_hand.to_i if on_hand.present?

app/services/shop/order_cycles_list.rb

@@ -3,6 +3,16 @@
 # Lists available order cycles for a given customer in a given distributor
 module Shop
   class OrderCyclesList
+    def self.active_for(distributor, customer)
+      new(distributor, customer).call
+    end
+
+    def self.ready_for_checkout_for(distributor, customer)
+      return OrderCycle.none unless distributor.ready_for_checkout?
+
+      new(distributor, customer).call
+    end
+
     def initialize(distributor, customer)
       @distributor = distributor
       @customer = customer