Merge pull request #12778 from chahmedejaz/bugfix/12596-fix-annoying-oc-warning-display

[BUU] Fix Messy flash notifications on new products page
12596: keep flash[:notice] check
2026-01-12 18:36:49 +00:00 · 2024-08-16 10:29:43 +10:00 · 2024-08-15 14:50:32 +05:00 · 2024-08-15 10:43:13 +02:00 · 2024-08-15 16:56:59 +10:00 · 2024-08-15 05:59:17 +05:00
1006 changed files with 14436 additions and 14263 deletions
--- a/.env
+++ b/.env
@@ -10,10 +10,10 @@ TIMEZONE="Melbourne"
 DEFAULT_COUNTRY_CODE="AU"

 # Locale for translation.
-LOCALE="en"
+LOCALE="en_AU"

 # For multilingual - ENV doesn't have array so pass it as string with commas
-AVAILABLE_LOCALES="en,es"
+AVAILABLE_LOCALES="en_AU,es"

 # Spree zone.
 CHECKOUT_ZONE="Australia"
@@ -42,14 +42,6 @@ SMTP_PASSWORD="f00d"
 # Javascript error reporting via Bugsnag.
 # BUGSNAG_JS_KEY=""

-# SingleSignOn login for Discourse
-#
-# DISCOURSE_SSO_SECRET should be a random string. It must be the same as provided to your Discourse instance.
-# DISCOURSE_SSO_SECRET=""
-#
-# DISCOURSE_URL must be the URL of your Discourse instance.
-# DISCOURSE_URL="https://noticeboard.openfoodnetwork.org.au"
-
 # see="https://developers.google.com/maps/documentation/javascript/get-api-key
 # GOOGLE_MAPS_API_KEY="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
 # see https://developers.google.com/maps/documentation/javascript/localization#Region
--- a/.env.development
+++ b/.env.development
@@ -5,6 +5,11 @@
 #
 #     cp .env.development .env.local

+# Locale for translation. Using a locale other than `en` tests the
+# successful fallback to `en`. You will also see up-to-date text used
+# in production
+LOCALE="en_AU"
+
 VERBOSE_QUERY_LOGS=true

 SECRET_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
--- a/.env.test
+++ b/.env.test
@@ -1,6 +1,9 @@
 # ENV vars for the test environment
 # Override locally with `.env.test.local`

+# Locale for translation.
+LOCALE="en_TEST"
+
 OFN_REDIS_JOBS_URL="redis://localhost:6379/2"

 SECRET_TOKEN="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
--- a/.github/workflows/auto-author-assign.yml
+++ b/.github/workflows/auto-author-assign.yml
@@ -0,0 +1,14 @@
+name: Auto Author Assign
+
+on:
+  pull_request_target:
+    types: [opened, reopened]
+
+permissions:
+  pull-requests: write
+
+jobs:
+  assign-author:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: toshimaru/auto-author-assign@v2.1.0
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -59,13 +59,14 @@ jobs:
      - uses: actions/setup-node@v3
        with:
          node-version-file: .node-version
+          cache: yarn

      - name: Install JS dependencies
        run: yarn install --frozen-lockfile

      - name: Set up database
        run: |
-          bundle exec rake db:create db:schema:load
+          bin/rake db:create db:schema:load

      - name: Run tests
        env:
@@ -83,7 +84,7 @@ jobs:
          KNAPSACK_PRO_TEST_FILE_PATTERN: "{spec/controllers/**/*_spec.rb}" 
        run: |
          git show --no-patch # the commit being tested (which is often a merge due to actions/checkout@v3)
-          bundle exec rake knapsack_pro:rspec
+          bin/rake knapsack_pro:rspec

  models:
    runs-on: ubuntu-22.04
@@ -106,10 +107,10 @@ jobs:
        # [n] - where the n is a number of parallel jobs you want to run your tests on.
        # Use a higher number if you have slow tests to split them between more parallel jobs.
        # Remember to update the value of the `ci_node_index` below to (0..n-1).
-        ci_node_total: [5]
+        ci_node_total: [4]
        # Indexes for parallel jobs (starting from zero).
        # E.g. use [0, 1] for 2 parallel jobs, [0, 1, 2] for 3 parallel jobs, etc.
-        ci_node_index: [0, 1, 2, 3, 4]
+        ci_node_index: [0, 1, 2, 3]
    steps:
      - uses: actions/checkout@v3

@@ -125,7 +126,7 @@ jobs:

      - name: Set up database
        run: |
-          bundle exec rake db:create db:schema:load
+          bin/rake db:create db:schema:load

      - name: Run tests
        env:
@@ -142,7 +143,7 @@ jobs:
          #KNAPSACK_PRO_RSPEC_SPLIT_BY_TEST_EXAMPLES: true
          KNAPSACK_PRO_TEST_FILE_PATTERN: "{spec/models/**/*_spec.rb}" 
        run: |
-          bundle exec rake knapsack_pro:rspec
+          bin/rake knapsack_pro:rspec

  system_admin:
    runs-on: ubuntu-22.04
@@ -165,10 +166,10 @@ jobs:
        # [n] - where the n is a number of parallel jobs you want to run your tests on.
        # Use a higher number if you have slow tests to split them between more parallel jobs.
        # Remember to update the value of the `ci_node_index` below to (0..n-1).
-        ci_node_total: [13]
+        ci_node_total: [14]
        # Indexes for parallel jobs (starting from zero).
        # E.g. use [0, 1] for 2 parallel jobs, [0, 1, 2] for 3 parallel jobs, etc.
-        ci_node_index: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12] 
+        ci_node_index: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13]
    steps:
      - uses: actions/checkout@v3

@@ -185,13 +186,14 @@ jobs:
      - uses: actions/setup-node@v3
        with:
          node-version-file: .node-version
+          cache: yarn

      - name: Install JS dependencies
        run: yarn install --frozen-lockfile

      - name: Set up database
        run: |
-          bundle exec rake db:create db:schema:load
+          bin/rake db:create db:schema:load

      - name: Run tests

@@ -210,13 +212,13 @@ jobs:
          KNAPSACK_PRO_TEST_FILE_PATTERN: "{spec/system/admin/**/*_spec.rb}" 

        run: |
-          bundle exec rake knapsack_pro:queue:rspec
+          bin/rake knapsack_pro:queue:rspec

      - name: Archive failed tests screenshots
        if: failure()
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
-          name: failed-tests-screenshots
+          name: failed-admin-tests-screenshots
          path: tmp/capybara/screenshots/*.png
          retention-days: 7
          if-no-files-found: ignore
@@ -262,13 +264,14 @@ jobs:
      - uses: actions/setup-node@v3
        with:
          node-version-file: .node-version
+          cache: yarn

      - name: Install JS dependencies
        run: yarn install --frozen-lockfile

      - name: Set up database
        run: |
-          bundle exec rake db:create db:schema:load
+          bin/rake db:create db:schema:load

      - name: Run tests

@@ -287,13 +290,13 @@ jobs:
          KNAPSACK_PRO_TEST_FILE_PATTERN: "{spec/system/consumer/**/*_spec.rb}" 

        run: |
-          bundle exec rake knapsack_pro:queue:rspec
+          bin/rake knapsack_pro:queue:rspec

      - name: Archive failed tests screenshots
        if: failure()
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
-          name: failed-tests-screenshots
+          name: failed-consumer-tests-screenshots
          path: tmp/capybara/screenshots/*.png
          retention-days: 7
          if-no-files-found: ignore
@@ -340,13 +343,14 @@ jobs:
      - uses: actions/setup-node@v3
        with:
          node-version-file: .node-version
+          cache: yarn

      - name: Install JS dependencies
        run: yarn install --frozen-lockfile

      - name: Set up database
        run: |
-          bundle exec rake db:create db:schema:load
+          bin/rake db:create db:schema:load

      - name: Run tests

@@ -365,16 +369,7 @@ jobs:
          KNAPSACK_PRO_TEST_FILE_PATTERN: "{spec/lib/**/*_spec.rb,spec/migrations/**/*_spec.rb,spec/serializers/**/*_spec.rb,engines/**/*_spec.rb}"

        run: |
-          bundle exec rake knapsack_pro:rspec
-
-      - name: Archive failed tests screenshots
-        if: failure()
-        uses: actions/upload-artifact@v3
-        with:
-          name: failed-tests-screenshots
-          path: tmp/capybara/screenshots/*.png
-          retention-days: 7
-          if-no-files-found: ignore
+          bin/rake knapsack_pro:rspec

  test_the_rest:
    runs-on: ubuntu-22.04
@@ -418,13 +413,14 @@ jobs:
      - uses: actions/setup-node@v3
        with:
          node-version-file: .node-version
+          cache: yarn

      - name: Install JS dependencies
        run: yarn install --frozen-lockfile

      - name: Set up database
        run: |
-          bundle exec rake db:create db:schema:load
+          bin/rake db:create db:schema:load

      - name: Run tests
        env:
@@ -441,7 +437,7 @@ jobs:
          #KNAPSACK_PRO_RSPEC_SPLIT_BY_TEST_EXAMPLES: true
          KNAPSACK_PRO_TEST_FILE_EXCLUDE_PATTERN: "{engines/**/*_spec.rb,spec/models/**/*_spec.rb,spec/controllers/**/*_spec.rb,spec/serializers/**/*_spec.rb,spec/lib/**/*_spec.rb,spec/migrations/**/*_spec.rb,spec/system/**/*_spec.rb}"
        run: |
-          bundle exec rake knapsack_pro:rspec
+          bin/rake knapsack_pro:rspec

  non_knapsack_jest_karma:
    runs-on: ubuntu-22.04
@@ -470,12 +466,13 @@ jobs:
      - uses: actions/setup-node@v3
        with:
          node-version-file: .node-version
+          cache: yarn

      - name: Install JS dependencies
        run: yarn install --frozen-lockfile

      - name: Run JS tests
-        run: bundle exec rake karma:run
+        run: bin/rake karma:run

      - name: Run jest tests
        run: yarn jest
--- a/.rubocop_styleguide.yml
+++ b/.rubocop_styleguide.yml
@@ -115,6 +115,11 @@ Rails/OutputSafety:
  Exclude:
    - spec/**/*

+Rails/RedundantActiveRecordAllMethod:
+  AllowedReceivers:
+    - ActionMailer::Preview
+    - ActiveSupport::TimeZone
+
 Rails/SkipsModelValidations:
  AllowedMethods:
    - touch
@@ -124,6 +129,13 @@ Rails/SkipsModelValidations:
    - update_column
    - update_columns

+Rails/UnknownEnv:
+  Environments:
+    - development
+    - production
+    - staging
+    - test
+
 Rails/WhereExists:
  EnforcedStyle: where # Cf. conversion https://github.com/openfoodfoundation/openfoodnetwork/pull/12363

--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@@ -1,15 +1,16 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config --auto-gen-only-exclude --exclude-limit 1400 --no-auto-gen-timestamp`
-# using RuboCop version 1.62.1.
+# using RuboCop version 1.64.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.

-# Offense count: 2
-Lint/DuplicateMethods:
+# Offense count: 1
+# This cop supports safe autocorrection (--autocorrect).
+Layout/EmptyLines:
  Exclude:
-    - 'lib/discourse/single_sign_on.rb'
+    - 'app/services/products_renderer.rb'

 # Offense count: 16
 # Configuration parameters: AllowComments, AllowEmptyLambdas.
@@ -27,11 +28,10 @@ Lint/EmptyBlock:
    - 'spec/jobs/subscription_placement_job_spec.rb'
    - 'spec/models/product_import/entry_validator_spec.rb'

-# Offense count: 6
+# Offense count: 4
 # Configuration parameters: AllowComments.
 Lint/EmptyClass:
  Exclude:
-    - 'spec/controllers/spree/admin/base_controller_spec.rb'
    - 'spec/lib/reports/report_loader_spec.rb'

 # Offense count: 1
@@ -85,7 +85,7 @@ Lint/UselessMethodDefinition:
  Exclude:
    - 'app/models/spree/gateway.rb'

-# Offense count: 26
+# Offense count: 24
 # Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes, Max.
 Metrics/AbcSize:
  Exclude:
@@ -104,11 +104,9 @@ Metrics/AbcSize:
    - 'app/models/spree/order/checkout.rb'
    - 'app/models/spree/preferences/preferable_class_methods.rb'
    - 'app/models/spree/return_authorization.rb'
-    - 'lib/discourse/single_sign_on.rb'
    - 'lib/open_food_network/order_cycle_form_applicator.rb'
    - 'lib/open_food_network/order_cycle_permissions.rb'
    - 'lib/spree/core/controller_helpers/order.rb'
-    - 'lib/tasks/enterprises.rake'
    - 'spec/services/orders/checkout_restart_service_spec.rb'

 # Offense count: 9
@@ -164,7 +162,7 @@ Metrics/ClassLength:
    - 'app/models/spree/user.rb'
    - 'app/models/spree/variant.rb'
    - 'app/models/spree/zone.rb'
-    - 'app/reflexes/products_reflex.rb'
+    - 'app/reflexes/admin/orders_reflex.rb'
    - 'app/serializers/api/cached_enterprise_serializer.rb'
    - 'app/serializers/api/enterprise_shopfront_serializer.rb'
    - 'app/services/cart_service.rb'
@@ -180,7 +178,7 @@ Metrics/ClassLength:
    - 'lib/reporting/reports/enterprise_fee_summary/scope.rb'
    - 'lib/reporting/reports/xero_invoices/base.rb'

-# Offense count: 34
+# Offense count: 32
 # Configuration parameters: AllowedMethods, AllowedPatterns, Max.
 Metrics/CyclomaticComplexity:
  Exclude:
@@ -190,7 +188,6 @@ Metrics/CyclomaticComplexity:
    - 'app/helpers/checkout_helper.rb'
    - 'app/helpers/order_cycles_helper.rb'
    - 'app/helpers/spree/admin/navigation_helper.rb'
-    - 'app/models/enterprise.rb'
    - 'app/models/enterprise_relationship.rb'
    - 'app/models/product_import/entry_validator.rb'
    - 'app/models/spree/ability.rb'
@@ -204,7 +201,6 @@ Metrics/CyclomaticComplexity:
    - 'app/models/spree/tax_rate.rb'
    - 'app/models/spree/variant.rb'
    - 'app/models/spree/zone.rb'
-    - 'lib/discourse/single_sign_on.rb'
    - 'lib/open_food_network/enterprise_issue_validator.rb'
    - 'lib/reporting/reports/xero_invoices/base.rb'
    - 'lib/spree/core/controller_helpers/order.rb'
@@ -212,7 +208,7 @@ Metrics/CyclomaticComplexity:
    - 'lib/spree/localized_number.rb'
    - 'spec/models/product_importer_spec.rb'

-# Offense count: 25
+# Offense count: 24
 # Configuration parameters: CountComments, Max, CountAsOne, AllowedMethods, AllowedPatterns.
 Metrics/MethodLength:
  Exclude:
@@ -226,7 +222,6 @@ Metrics/MethodLength:
    - 'app/models/spree/order/checkout.rb'
    - 'app/models/spree/payment/processing.rb'
    - 'app/models/spree/preferences/preferable_class_methods.rb'
-    - 'lib/discourse/single_sign_on.rb'
    - 'lib/open_food_network/order_cycle_form_applicator.rb'
    - 'lib/open_food_network/order_cycle_permissions.rb'
    - 'lib/reporting/reports/enterprise_fee_summary/scope.rb'
@@ -234,7 +229,7 @@ Metrics/MethodLength:
    - 'lib/spree/localized_number.rb'
    - 'lib/tasks/sample_data/product_factory.rb'

-# Offense count: 48
+# Offense count: 49
 # Configuration parameters: CountComments, Max, CountAsOne.
 Metrics/ModuleLength:
  Exclude:
@@ -264,6 +259,7 @@ Metrics/ModuleLength:
    - 'spec/controllers/payment_gateways/stripe_controller_spec.rb'
    - 'spec/controllers/spree/admin/adjustments_controller_spec.rb'
    - 'spec/controllers/spree/admin/payment_methods_controller_spec.rb'
+    - 'spec/controllers/spree/admin/variants_controller_spec.rb'
    - 'spec/lib/open_food_network/address_finder_spec.rb'
    - 'spec/lib/open_food_network/enterprise_fee_calculator_spec.rb'
    - 'spec/lib/open_food_network/order_cycle_form_applicator_spec.rb'
@@ -396,9 +392,7 @@ RSpecRails/HaveHttpStatus:
    - 'spec/controllers/stripe/webhooks_controller_spec.rb'
    - 'spec/controllers/user_passwords_controller_spec.rb'
    - 'spec/controllers/user_registrations_controller_spec.rb'
-    - 'spec/requests/admin/images_spec.rb'
    - 'spec/requests/api/routes_spec.rb'
-    - 'spec/requests/checkout/failed_checkout_spec.rb'
    - 'spec/requests/checkout/stripe_sca_spec.rb'
    - 'spec/requests/home_controller_spec.rb'
    - 'spec/requests/omniauth_callbacks_controller_spec.rb'
@@ -414,7 +408,7 @@ RSpecRails/HttpStatus:
    - 'spec/controllers/spree/admin/products_controller_spec.rb'
    - 'spec/requests/api/orders_spec.rb'

-# Offense count: 146
+# Offense count: 144
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: Inferences.
 RSpecRails/InferredSpecType:
@@ -518,7 +512,6 @@ RSpecRails/InferredSpecType:
    - 'spec/helpers/navigation_helper_spec.rb'
    - 'spec/helpers/order_cycles_helper_spec.rb'
    - 'spec/helpers/serializer_helper_spec.rb'
-    - 'spec/helpers/shared_helper_spec.rb'
    - 'spec/helpers/shop_helper_spec.rb'
    - 'spec/helpers/spree/admin/base_helper_spec.rb'
    - 'spec/helpers/spree/admin/general_settings_helper_spec.rb'
@@ -552,7 +545,6 @@ RSpecRails/InferredSpecType:
    - 'spec/requests/api/routes_spec.rb'
    - 'spec/requests/api/v1/customers_spec.rb'
    - 'spec/requests/api_docs_spec.rb'
-    - 'spec/requests/checkout/failed_checkout_spec.rb'
    - 'spec/requests/checkout/paypal_spec.rb'
    - 'spec/requests/checkout/routes_spec.rb'
    - 'spec/requests/checkout/stripe_sca_spec.rb'
@@ -609,65 +601,6 @@ Rails/LexicallyScopedActionFilter:
    - 'app/controllers/spree/admin/zones_controller.rb'
    - 'app/controllers/spree/users_controller.rb'

-# Offense count: 32
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Rails/Pluck:
-  Exclude:
-    - 'app/controllers/admin/variant_overrides_controller.rb'
-    - 'app/services/cart_service.rb'
-    - 'lib/reporting/report_headers_builder.rb'
-    - 'spec/controllers/admin/bulk_line_items_controller_spec.rb'
-    - 'spec/controllers/admin/subscriptions_controller_spec.rb'
-    - 'spec/controllers/api/v0/order_cycles_controller_spec.rb'
-    - 'spec/controllers/api/v0/orders_controller_spec.rb'
-    - 'spec/controllers/api/v0/products_controller_spec.rb'
-    - 'spec/controllers/api/v0/shops_controller_spec.rb'
-    - 'spec/controllers/api/v0/states_controller_spec.rb'
-    - 'spec/controllers/api/v0/taxons_controller_spec.rb'
-    - 'spec/helpers/spree/admin/orders_helper_spec.rb'
-    - 'spec/lib/reports/lettuce_share_report_spec.rb'
-    - 'spec/lib/reports/users_and_enterprises_report_spec.rb'
-    - 'spec/serializers/api/admin/for_order_cycle/supplied_product_serializer_spec.rb'
-    - 'spec/support/api_helper.rb'
-
-# Offense count: 1
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: conservative, aggressive
-Rails/PluckInWhere:
-  Exclude:
-    - 'app/models/spree/variant.rb'
-
-# Offense count: 4
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: AllowedReceivers.
-# AllowedReceivers: ActionMailer::Preview, ActiveSupport::TimeZone
-Rails/RedundantActiveRecordAllMethod:
-  Exclude:
-    - 'app/models/spree/tax_rate.rb'
-    - 'app/models/spree/user.rb'
-    - 'app/models/spree/variant.rb'
-    - 'spec/system/admin/product_import_spec.rb'
-
-# Offense count: 11
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Rails/RedundantPresenceValidationOnBelongsTo:
-  Exclude:
-    - 'app/models/spree/line_item.rb'
-    - 'app/models/spree/order.rb'
-    - 'app/models/spree/stock_item.rb'
-    - 'app/models/spree/stock_movement.rb'
-    - 'app/models/spree/tax_rate.rb'
-    - 'app/models/subscription_line_item.rb'
-    - 'app/models/tag_rule.rb'
-    - 'app/models/variant_override.rb'
-
-# Offense count: 1
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Rails/RelativeDateConstant:
-  Exclude:
-    - 'lib/tasks/data/remove_transient_data.rb'
-
 # Offense count: 56
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: Include.
@@ -688,26 +621,6 @@ Rails/ResponseParsedBody:
    - 'spec/controllers/spree/credit_cards_controller_spec.rb'
    - 'spec/controllers/user_registrations_controller_spec.rb'

-# Offense count: 1
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Rails/RootPathnameMethods:
-  Exclude:
-    - 'spec/lib/reports/orders_and_fulfillment/order_cycle_customer_totals_report_spec.rb'
-
-# Offense count: 1
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Rails/SelectMap:
-  Exclude:
-    - 'app/models/enterprise.rb'
-
-# Offense count: 4
-# Configuration parameters: ForbiddenMethods, AllowedMethods.
-# ForbiddenMethods: decrement!, decrement_counter, increment!, increment_counter, insert, insert!, insert_all, insert_all!, toggle!, touch, touch_all, update_all, update_attribute, update_column, update_columns, update_counters, upsert, upsert_all
-Rails/SkipsModelValidations:
-  Exclude:
-    - 'app/models/variant_override.rb'
-    - 'spec/models/spree/line_item_spec.rb'
-
 # Offense count: 7
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
@@ -736,24 +649,6 @@ Rails/UniqueValidationWithoutIndex:
    - 'app/models/spree/tax_category.rb'
    - 'app/models/spree/zone.rb'

-# Offense count: 1
-# Configuration parameters: Severity, Environments.
-# Environments: development, test, production
-Rails/UnknownEnv:
-  Exclude:
-    - 'app/models/spree/app_configuration.rb'
-
-# Offense count: 7
-# Configuration parameters: Severity.
-Rails/UnusedRenderContent:
-  Exclude:
-    - 'app/controllers/admin/bulk_line_items_controller.rb'
-    - 'app/controllers/admin/tag_rules_controller.rb'
-    - 'app/controllers/api/v0/enterprise_fees_controller.rb'
-    - 'app/controllers/api/v0/products_controller.rb'
-    - 'app/controllers/api/v0/taxons_controller.rb'
-    - 'app/controllers/api/v0/variants_controller.rb'
-
 # Offense count: 1
 Security/Open:
  Exclude:
@@ -778,7 +673,7 @@ Style/CaseEquality:
  Exclude:
    - 'spec/models/spree/payment_spec.rb'

-# Offense count: 25
+# Offense count: 23
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: EnforcedStyle.
 # SupportedStyles: nested, compact
@@ -805,7 +700,6 @@ Style/ClassAndModuleChildren:
    - 'app/serializers/api/taxon_serializer.rb'
    - 'app/serializers/api/variant_serializer.rb'
    - 'lib/open_food_network/locking.rb'
-    - 'spec/controllers/spree/admin/base_controller_spec.rb'
    - 'spec/models/spree/payment_method_spec.rb'

 # Offense count: 1
@@ -858,12 +752,6 @@ Style/HashEachMethods:
    - 'spec/models/product_importer_spec.rb'
    - 'spec/support/cancan_helper.rb'

-# Offense count: 1
-# Configuration parameters: MinBranchesCount.
-Style/HashLikeCase:
-  Exclude:
-    - 'app/models/enterprise.rb'
-
 # Offense count: 4
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/MapToHash:
@@ -952,19 +840,6 @@ Style/RedundantInitialize:
  Exclude:
    - 'spec/models/spree/gateway_spec.rb'

-# Offense count: 2
-# This cop supports unsafe autocorrection (--autocorrect-all).
-Style/RedundantInterpolation:
-  Exclude:
-    - 'lib/tasks/karma.rake'
-    - 'spec/base_spec_helper.rb'
-
-# Offense count: 8
-# This cop supports safe autocorrection (--autocorrect).
-Style/RedundantLineContinuation:
-  Exclude:
-    - 'lib/reporting/reports/enterprise_fee_summary/scope.rb'
-
 # Offense count: 19
 # This cop supports unsafe autocorrection (--autocorrect-all).
 # Configuration parameters: AllowedMethods, AllowedPatterns.
@@ -974,69 +849,10 @@ Style/ReturnNilInPredicateMethodDefinition:
    - 'app/serializers/api/admin/customer_serializer.rb'
    - 'engines/order_management/app/services/order_management/subscriptions/validator.rb'

-# Offense count: 204
-Style/Send:
-  Exclude:
-    - 'spec/controllers/admin/subscriptions_controller_spec.rb'
-    - 'spec/controllers/payment_gateways/paypal_controller_spec.rb'
-    - 'spec/controllers/spree/admin/base_controller_spec.rb'
-    - 'spec/controllers/spree/orders_controller_spec.rb'
-    - 'spec/helpers/order_cycles_helper_spec.rb'
-    - 'spec/jobs/subscription_confirm_job_spec.rb'
-    - 'spec/jobs/subscription_placement_job_spec.rb'
-    - 'spec/lib/open_food_network/address_finder_spec.rb'
-    - 'spec/lib/open_food_network/enterprise_fee_applicator_spec.rb'
-    - 'spec/lib/open_food_network/enterprise_fee_calculator_spec.rb'
-    - 'spec/lib/open_food_network/order_cycle_form_applicator_spec.rb'
-    - 'spec/lib/open_food_network/permissions_spec.rb'
-    - 'spec/lib/open_food_network/tag_rule_applicator_spec.rb'
-    - 'spec/lib/reports/xero_invoices_report_spec.rb'
-    - 'spec/lib/stripe/webhook_handler_spec.rb'
-    - 'spec/models/calculator/weight_spec.rb'
-    - 'spec/models/enterprise_spec.rb'
-    - 'spec/models/exchange_spec.rb'
-    - 'spec/models/spree/order_inventory_spec.rb'
-    - 'spec/models/spree/payment_spec.rb'
-    - 'spec/models/spree/return_authorization_spec.rb'
-    - 'spec/models/tag_rule/filter_order_cycles_spec.rb'
-    - 'spec/models/tag_rule/filter_payment_methods_spec.rb'
-    - 'spec/models/tag_rule/filter_products_spec.rb'
-    - 'spec/models/tag_rule/filter_shipping_methods_spec.rb'
-    - 'spec/services/cart_service_spec.rb'
-    - 'spec/services/products_renderer_spec.rb'
-    - 'spec/services/variant_units/option_value_namer_spec.rb'
-    - 'spec/support/localized_number_helper.rb'
-
-# Offense count: 4
+# Offense count: 3
 # This cop supports unsafe autocorrection (--autocorrect-all).
 Style/SlicingWithRange:
  Exclude:
    - 'app/helpers/spree/admin/navigation_helper.rb'
    - 'app/services/embedded_page_service.rb'
    - 'engines/order_management/app/services/order_management/subscriptions/validator.rb'
-    - 'lib/discourse/single_sign_on.rb'
-
-# Offense count: 25
-# This cop supports unsafe autocorrection (--autocorrect-all).
-# Configuration parameters: Mode.
-Style/StringConcatenation:
-  Exclude:
-    - 'app/controllers/admin/stripe_connect_settings_controller.rb'
-    - 'app/helpers/discourse_helper.rb'
-    - 'app/helpers/enterprises_helper.rb'
-    - 'app/helpers/spree/admin/base_helper.rb'
-    - 'app/mailers/spree/user_mailer.rb'
-    - 'app/models/enterprise.rb'
-    - 'app/models/spree/credit_card.rb'
-    - 'app/models/spree/payment_method.rb'
-    - 'app/serializers/api/cached_enterprise_serializer.rb'
-    - 'app/serializers/api/enterprise_shopfront_list_serializer.rb'
-    - 'app/services/embedded_page_service.rb'
-    - 'app/services/products_renderer.rb'
-    - 'lib/spree/api/controller_setup.rb'
-    - 'lib/spree/core/environment_extension.rb'
-    - 'spec/models/spree/line_item_spec.rb'
-    - 'spec/models/spree/product_spec.rb'
-    - 'spec/services/embedded_page_service_spec.rb'
-    - 'spec/support/features/datepicker_helper.rb'
-    - 'spec/system/admin/products_spec.rb'
--- a/10
+++ b/10
@@ -16,10 +16,8 @@ gem "image_processing"

 gem 'activemerchant', '>= 1.78.0'
 gem 'angular-rails-templates', '>= 0.3.0'
-gem 'awesome_nested_set'
 gem 'ransack', '~> 4.1.0'
 gem 'responders'
-gem 'rexml'
 gem 'webpacker', '~> 5'

 gem 'i18n'
@@ -103,8 +101,10 @@ gem 'redis'
 gem 'sidekiq'
 gem 'sidekiq-scheduler'

-gem "cable_ready", "5.0.1"
-gem "stimulus_reflex", "3.5.0.rc3"
+gem "cable_ready"
+gem "stimulus_reflex"
+
+gem "turbo-rails"

 gem 'combine_pdf'
 gem 'wicked_pdf'
@@ -164,7 +164,7 @@ group :test, :development do
  gem 'rspec-sql'
  gem 'rswag'
  gem 'shoulda-matchers'
-  gem 'stimulus_reflex_testing'
+  gem 'stimulus_reflex_testing', github: "podia/stimulus_reflex_testing", branch: :main
  gem 'timecop'
 end

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -17,6 +17,14 @@ GIT
      sass-rails
      thor (>= 0.14)

+GIT
+  remote: https://github.com/podia/stimulus_reflex_testing.git
+  revision: abac2ee34de347c589795b4d1a8e83e0baafb201
+  branch: main
+  specs:
+    stimulus_reflex_testing (0.3.1)
+      stimulus_reflex (>= 3.3.0)
+
 PATH
  remote: engines/catalog
  specs:
@@ -153,20 +161,18 @@ GEM
      activerecord (>= 3.1.0, < 8)
    ast (2.4.2)
    attr_required (1.0.2)
-    awesome_nested_set (3.6.0)
-      activerecord (>= 4.0.0, < 7.2)
    aws-eventstream (1.3.0)
-    aws-partitions (1.914.0)
-    aws-sdk-core (3.192.0)
+    aws-partitions (1.929.0)
+    aws-sdk-core (3.196.1)
      aws-eventstream (~> 1, >= 1.3.0)
      aws-partitions (~> 1, >= 1.651.0)
      aws-sigv4 (~> 1.8)
      jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.79.0)
-      aws-sdk-core (~> 3, >= 3.191.0)
+    aws-sdk-kms (1.81.0)
+      aws-sdk-core (~> 3, >= 3.193.0)
      aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.147.0)
-      aws-sdk-core (~> 3, >= 3.192.0)
+    aws-sdk-s3 (1.151.0)
+      aws-sdk-core (~> 3, >= 3.194.0)
      aws-sdk-kms (~> 1)
      aws-sigv4 (~> 1.8)
    aws-sigv4 (1.8.0)
@@ -185,10 +191,11 @@ GEM
    bullet (7.1.6)
      activesupport (>= 3.0.0)
      uniform_notifier (~> 1.11)
-    cable_ready (5.0.1)
+    cable_ready (5.0.5)
      actionpack (>= 5.2)
      actionview (>= 5.2)
      activesupport (>= 5.2)
+      observer (~> 0.1)
      railties (>= 5.2)
      thread-local (>= 1.1.0)
    cancancan (1.15.0)
@@ -221,14 +228,15 @@ GEM
    combine_pdf (1.0.26)
      matrix
      ruby-rc4 (>= 0.1.5)
-    concurrent-ruby (1.2.3)
+    concurrent-ruby (1.3.1)
    connection_pool (2.4.1)
    crack (1.0.0)
      bigdecimal
      rexml
    crass (1.0.6)
-    css_parser (1.16.0)
+    css_parser (1.17.1)
      addressable
+    csv (3.3.0)
    cuprite (0.15)
      capybara (~> 3.0)
      ferrum (~> 0.14.0)
@@ -253,14 +261,14 @@ GEM
      warden (~> 1.2.3)
    devise-encryptable (0.2.0)
      devise (>= 2.1.0)
-    devise-i18n (1.12.0)
+    devise-i18n (1.12.1)
      devise (>= 4.9.0)
    devise-token_authenticatable (1.1.0)
      devise (>= 4.0.0, < 5.0.0)
    diff-lcs (1.5.1)
    digest (3.1.1)
    docile (1.4.0)
-    dotenv (3.1.0)
+    dotenv (3.1.2)
    email_validator (2.2.4)
      activemodel
    erubi (1.12.0)
@@ -321,7 +329,9 @@ GEM
    fuubar (2.5.1)
      rspec-core (~> 3.0)
      ruby-progressbar (~> 1.4)
-    geocoder (1.8.2)
+    geocoder (1.8.3)
+      base64 (>= 0.1.0)
+      csv (>= 3.0.0)
    globalid (1.2.1)
      activesupport (>= 6.1)
    gmaps4rails (2.1.2)
@@ -337,7 +347,7 @@ GEM
    hashie (5.0.0)
    highline (2.0.3)
    htmlentities (4.3.4)
-    i18n (1.14.4)
+    i18n (1.14.5)
      concurrent-ruby (~> 1.0)
    i18n-js (3.9.2)
      i18n (>= 0.6.6)
@@ -346,7 +356,7 @@ GEM
      ruby-vips (>= 2.0.17, < 3)
    immigrant (0.3.6)
      activerecord (>= 3.0)
-    invisible_captcha (2.2.0)
+    invisible_captcha (2.3.0)
      rails (>= 5.2)
    io-console (0.7.2)
    ipaddress (0.8.3)
@@ -385,7 +395,7 @@ GEM
      activesupport (>= 4.2)
    jwt (2.8.1)
      base64
-    knapsack_pro (7.1.0)
+    knapsack_pro (7.4.0)
      rake
    language_server-protocol (3.17.0.3)
    launchy (3.0.0)
@@ -405,9 +415,9 @@ GEM
      net-imap
      net-pop
      net-smtp
-    marcel (1.0.2)
+    marcel (1.0.4)
    matrix (0.4.2)
-    method_source (1.0.0)
+    method_source (1.1.0)
    mime-types (3.5.2)
      mime-types-data (~> 3.2015)
    mime-types-data (3.2023.1205)
@@ -417,7 +427,7 @@ GEM
    mini_magick (4.11.0)
    mini_mime (1.1.5)
    mini_portile2 (2.8.6)
-    minitest (5.22.3)
+    minitest (5.23.1)
    monetize (1.13.0)
      money (~> 6.12)
    money (6.16.0)
@@ -437,21 +447,24 @@ GEM
    net-smtp (0.5.0)
      net-protocol
    newrelic_rpm (9.9.0)
-    nio4r (2.7.0)
-    nokogiri (1.16.4)
+    nio4r (2.7.1)
+    nokogiri (1.16.5)
      mini_portile2 (~> 2.8.2)
      racc (~> 1.4)
+    nokogiri-html5-inference (0.3.0)
+      nokogiri (~> 1.14)
    oauth2 (1.4.11)
      faraday (>= 0.17.3, < 3.0)
      jwt (>= 1.0, < 3.0)
      multi_json (~> 1.3)
      multi_xml (~> 0.5)
      rack (>= 1.2, < 4)
+    observer (0.1.2)
    omniauth (2.1.2)
      hashie (>= 3.4.6)
      rack (>= 2.2.3)
      rack-protection
-    omniauth-rails_csrf_protection (1.0.1)
+    omniauth-rails_csrf_protection (1.0.2)
      actionpack (>= 4.2)
      omniauth (~> 2.0)
    omniauth_openid_connect (0.7.1)
@@ -479,7 +492,7 @@ GEM
    parallel (1.24.0)
    paranoia (2.6.3)
      activerecord (>= 5.1, < 7.2)
-    parser (3.3.1.0)
+    parser (3.3.2.0)
      ast (~> 2.4.1)
      racc
    paypal-sdk-core (0.3.4)
@@ -500,14 +513,14 @@ GEM
      method_source (~> 1.0)
    psych (5.1.2)
      stringio
-    public_suffix (5.0.4)
+    public_suffix (5.0.5)
    puma (6.4.2)
      nio4r (~> 2.0)
    query_count (1.1.1)
      activerecord (>= 4.2)
      railties (>= 4.2)
    raabro (1.4.0)
-    racc (1.7.3)
+    racc (1.8.0)
    rack (2.2.9)
    rack-mini-profiler (2.3.4)
      rack (>= 1.2.0)
@@ -528,7 +541,7 @@ GEM
      rack (< 3)
    rack-test (2.1.0)
      rack (>= 1.3)
-    rack-timeout (0.6.3)
+    rack-timeout (0.7.0)
    rails (7.0.8)
      actioncable (= 7.0.8)
      actionmailbox (= 7.0.8)
@@ -589,7 +602,7 @@ GEM
      redis-client (>= 0.22.0)
    redis-client (0.22.1)
      connection_pool
-    regexp_parser (2.9.0)
+    regexp_parser (2.9.2)
    reline (0.5.0)
      io-console (~> 0.5)
    request_store (1.5.1)
@@ -597,11 +610,12 @@ GEM
    responders (3.1.1)
      actionpack (>= 5.2)
      railties (>= 5.2)
-    rexml (3.2.6)
-    roadie (5.2.0)
+    rexml (3.2.8)
+      strscan (>= 3.0.9)
+    roadie (5.2.1)
      css_parser (~> 1.4)
      nokogiri (~> 1.15)
-    roadie-rails (3.1.0)
+    roadie-rails (3.2.0)
      railties (>= 5.1, < 8.0)
      roadie (~> 5.0)
    rodf (1.2.0)
@@ -651,7 +665,7 @@ GEM
    rswag-ui (2.13.0)
      actionpack (>= 3.1, < 7.2)
      railties (>= 3.1, < 7.2)
-    rubocop (1.63.5)
+    rubocop (1.64.1)
      json (~> 2.3)
      language_server-protocol (>= 3.17.0)
      parallel (~> 1.10)
@@ -740,21 +754,21 @@ GEM
    state_machines-activerecord (0.9.0)
      activerecord (>= 6.0)
      state_machines-activemodel (>= 0.9.0)
-    stimulus_reflex (3.5.0.rc3)
+    stimulus_reflex (3.5.1)
      actioncable (>= 5.2, < 8)
      actionpack (>= 5.2, < 8)
      actionview (>= 5.2, < 8)
      activesupport (>= 5.2, < 8)
      cable_ready (~> 5.0)
      nokogiri (~> 1.0)
+      nokogiri-html5-inference (~> 0.3)
      rack (>= 2, < 4)
      railties (>= 5.2, < 8)
      redis (>= 4.0, < 6.0)
-    stimulus_reflex_testing (0.3.0)
-      stimulus_reflex (>= 3.3.0)
    stringex (2.8.6)
    stringio (3.1.0)
    stripe (11.1.0)
+    strscan (3.1.0)
    swd (2.0.3)
      activesupport (>= 3)
      attr_required (>= 0.0.5)
@@ -767,6 +781,10 @@ GEM
    timecop (0.9.8)
    timeout (0.4.1)
    ttfunk (1.7.0)
+    turbo-rails (2.0.5)
+      actionpack (>= 6.0.0)
+      activejob (>= 6.0.0)
+      railties (>= 6.0.0)
    tzinfo (2.0.6)
      concurrent-ruby (~> 1.0)
    unicode-display_width (2.5.0)
@@ -781,7 +799,7 @@ GEM
    validates_lengths_from_database (0.8.0)
      activerecord (>= 4)
    vcr (6.2.0)
-    view_component (3.12.0)
+    view_component (3.12.1)
      activesupport (>= 5.2.0, < 8.0)
      concurrent-ruby (~> 1.0)
      method_source (~> 1.0)
@@ -802,7 +820,7 @@ GEM
      activesupport
      faraday (~> 2.0)
      faraday-follow_redirects
-    webmock (3.23.0)
+    webmock (3.23.1)
      addressable (>= 2.8.0)
      crack (>= 0.3.2)
      hashdiff (>= 0.4.0, < 2.0.0)
@@ -819,11 +837,11 @@ GEM
      chronic (>= 0.6.3)
    wicked_pdf (2.6.3)
      activesupport
-    wkhtmltopdf-binary (0.12.6.6)
+    wkhtmltopdf-binary (0.12.6.7)
    xml-simple (1.1.8)
    xpath (3.2.0)
      nokogiri (~> 1.8)
-    zeitwerk (2.6.13)
+    zeitwerk (2.6.15)

 PLATFORMS
  ruby
@@ -843,13 +861,12 @@ DEPENDENCIES
  angularjs-file-upload-rails (~> 2.4.1)
  angularjs-rails (= 1.8.0)
  arel-helpers (~> 2.12)
-  awesome_nested_set
  aws-sdk-s3
  bigdecimal (= 3.0.2)
  bootsnap
  bugsnag
  bullet
-  cable_ready (= 5.0.1)
+  cable_ready
  cancancan (~> 1.15.0)
  capybara
  catalog!
@@ -928,7 +945,6 @@ DEPENDENCIES
  redcarpet
  redis
  responders
-  rexml
  roadie-rails
  roo
  rspec-rails (>= 3.5.2)
@@ -951,11 +967,12 @@ DEPENDENCIES
  spring-commands-rspec
  spring-commands-rubocop
  state_machines-activerecord
-  stimulus_reflex (= 3.5.0.rc3)
-  stimulus_reflex_testing
+  stimulus_reflex
+  stimulus_reflex_testing!
  stringex (~> 2.8.5)
  stripe
  timecop
+  turbo-rails
  valid_email2
  validates_lengths_from_database
  vcr
--- a/app/assets/javascripts/admin/all.js
+++ b/app/assets/javascripts/admin/all.js
@@ -10,7 +10,6 @@
 //= require jquery.ui.all
 //= require jquery.powertip
 //= require jquery.cookie
-//= require jquery.jstree/jquery.jstree
 //= require jquery.vAlign
 //= require angular
 //= require angular-resource
--- a/app/assets/javascripts/admin/bulk_product_update.js.coffee
+++ b/app/assets/javascripts/admin/bulk_product_update.js.coffee
@@ -47,7 +47,7 @@ angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout
    removeClearedValues()
    params = {
      'q[name_cont]': $scope.q.query,
-      'q[supplier_id_eq]': $scope.q.producerFilter,
+      'q[variants_supplier_id_eq]': $scope.q.producerFilter,
      'q[variants_primary_taxon_id_eq]': $scope.q.categoryFilter,
      'q[s]': $scope.sorting,
      import_date: $scope.q.importDateFilter,
@@ -126,8 +126,11 @@ angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout
    DisplayProperties.setShowVariants 0, showVariants

  $scope.addVariant = (product) ->
+    # Set new variant category to same as last product variant category to keep compactibility with deleted variant callback to set new variant category
+    newVariantId = $scope.nextVariantId();
+    newVariantCategoryId = product.variants[product.variants.length - 1]?.category_id
    product.variants.push
-      id: $scope.nextVariantId()
+      id: newVariantId
      unit_value: null
      unit_description: null
      on_demand: false
@@ -136,8 +139,9 @@ angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout
      on_hand: null
      price: null
      tax_category_id: null
-      category_id: null
+      category_id: newVariantCategoryId
    DisplayProperties.setShowVariants product.id, true
+    DirtyProducts.addVariantProperty(product.id, newVariantId, 'category_id', newVariantCategoryId)


  $scope.nextVariantId = ->
@@ -217,7 +221,7 @@ angular.module("ofn.admin").controller "AdminProductEditCtrl", ($scope, $timeout
        products: productsToSubmit
        filters:
          'q[name_cont]': $scope.q.query
-          'q[supplier_id_eq]': $scope.q.producerFilter
+          'q[variants_supplier_id_eq]': $scope.q.producerFilter
          'q[variants_primary_taxon_id_eq]': $scope.q.categoryFilter
          'q[s]': $scope.sorting
          import_date: $scope.q.importDateFilter
@@ -314,9 +318,6 @@ filterSubmitProducts = (productsToFilter) ->
        if product.hasOwnProperty("name")
          filteredProduct.name = product.name
          hasUpdatableProperty = true
-        if product.hasOwnProperty("producer_id")
-          filteredProduct.supplier_id = product.producer_id
-          hasUpdatableProperty = true
        if product.hasOwnProperty("price")
          filteredProduct.price = product.price
          hasUpdatableProperty = true
@@ -379,6 +380,9 @@ filterSubmitVariant = (variant) ->
    if variant.hasOwnProperty("display_as")
      filteredVariant.display_as = variant.display_as
      hasUpdatableProperty = true
+    if variant.hasOwnProperty("producer_id")
+      filteredVariant.supplier_id = variant.producer_id
+      hasUpdatableProperty = true
  {filteredVariant: filteredVariant, hasUpdatableProperty: hasUpdatableProperty}


--- a/app/assets/javascripts/admin/index_utils/filters/attr_filter.js.coffee
+++ b/app/assets/javascripts/admin/index_utils/filters/attr_filter.js.coffee
@@ -1,12 +1,16 @@
 # Used like a regular angular filter where an object is passed
 # Adds the additional special case that a value of 0 for the filter
 # acts as a bypass for that particular attribute
+
+# NOTE the name doesn't reflect what the filter does, it only fiters on the variant.producer_id
 angular.module("admin.indexUtils").filter "attrFilter", ($filter) ->
  return (objects, filters) ->
-    Object.keys(filters).reduce (filtered, attr) ->
-      filter = filters[attr]
-      return filtered if !filter? || filter == 0
-      return $filter('filter')(filtered, (object) ->
-        object[attr] == filter
-      )
-    , objects
+    filter = filters["producer_id"]
+
+    return objects if !filter? || filter == 0
+
+    return $filter('filter')(objects, (product) ->
+      for variant in product.variants
+        return true if variant["producer_id"] == filter
+      false
+    , true)
--- a/app/assets/javascripts/admin/index_utils/services/columns.js.coffee
+++ b/app/assets/javascripts/admin/index_utils/services/columns.js.coffee
@@ -31,7 +31,7 @@ angular.module("admin.indexUtils").factory 'Columns', ($rootScope, $http, $injec
    savePreferences: (action_name) =>
      $http
        method: "PUT"
-        url: "/admin/column_preferences/bulk_update"
+        url: "/admin/column_preferences/bulk_update.json"
        data:
          action_name: action_name
          column_preferences: (preference for column_name, preference of @columns)
--- a/app/assets/javascripts/admin/line_items/controllers/line_items_controller.js.coffee
+++ b/app/assets/javascripts/admin/line_items/controllers/line_items_controller.js.coffee
@@ -27,7 +27,7 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
    "order_bill_address_full_name_reversed",
    "order_bill_address_full_name_with_comma",
    "order_bill_address_full_name_with_comma_reversed",
-    "variant_product_supplier_name",
+    "variant_supplier_name",
    "order_email",
    "order_number",
    "product_name"].join("_or_") + "_cont"
@@ -81,7 +81,7 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
      "q[order_shipment_state_not_eq]": "shipped",
      "q[order_completed_at_not_null]": "true",
      "q[order_distributor_id_eq]": $scope.distributorFilter,
-      "q[variant_product_supplier_id_eq]": $scope.supplierFilter,
+      "q[variant_supplier_id_eq]": $scope.supplierFilter,
      "q[order_order_cycle_id_eq]": $scope.orderCycleFilter,
      "q[order_completed_at_gteq]": if formattedStartDate then formattedStartDate else undefined,
      "q[order_completed_at_lt]": if formattedEndDate then formattedEndDate else undefined,
@@ -105,7 +105,7 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
      Dereferencer.dereferenceAttr $scope.line_items, "supplier", Enterprises.byID
      $scope.loadOrders()
      RequestMonitor.load $q.all([$scope.orders.$promise]).then ->
-        Dereferencer.dereferenceAttr $scope.line_items, "order", Orders.byID  
+        Dereferencer.dereferenceAttr $scope.line_items, "order", Orders.byID
        Dereferencer.dereferenceAttr $scope.orders, "distributor", Enterprises.byID
        Dereferencer.dereferenceAttr $scope.orders, "order_cycle", OrderCycles.byID
        $scope.bulk_order_form.$setPristine()
@@ -133,7 +133,7 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
    return $http(
      method: 'GET'
      url: "/admin/orders/#{order.number}/fire?e=cancel&send_cancellation_email=#{sendEmailCancellation}&restock_items=#{restock_items}")
-  
+
  $scope.deleteLineItem = (lineItem) ->
    if lineItem.order.item_count == 1
      ofnCancelOrderAlert((confirm, sendEmailCancellation, restock_items) ->
@@ -167,7 +167,7 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
              $scope.cancelOrder(order, sendEmailCancellation, restock_items).then(-> $scope.refreshData())
            else
              Promise.all(LineItems.delete(item) for item in items).then(-> $scope.refreshData())
-      , "js.admin.deleting_item_will_cancel_order")   
+      , "js.admin.deleting_item_will_cancel_order")
    else
      ofnDeleteLineItemsAlert(() ->
        Promise.all(LineItems.delete(item) for item in lineItemsToDelete).then(-> $scope.refreshData())
@@ -199,7 +199,7 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
    $scope.refreshData()

  $scope.getLineItemScale = (lineItem) ->
-    if lineItem.units_product && lineItem.units_variant && (lineItem.units_product.variant_unit == "weight" || lineItem.units_product.variant_unit == "volume") 
+    if lineItem.units_product && lineItem.units_variant && (lineItem.units_product.variant_unit == "weight" || lineItem.units_product.variant_unit == "volume")
      lineItem.units_product.variant_unit_scale
    else
      1
@@ -252,7 +252,7 @@ angular.module("admin.lineItems").controller 'LineItemsCtrl', ($scope, $timeout,
    scale = $scope.getScale(unitsProduct, unitsVariant)
    if scale
      $scope.getFormattedValueWithUnitName(value, unitsProduct, unitsVariant, scale)
-    else 
+    else
      ''

  $scope.fulfilled = (sumOfUnitValues) ->
--- a/app/assets/javascripts/admin/order_cycles/controllers/edit.js.coffee
+++ b/app/assets/javascripts/admin/order_cycles/controllers/edit.js.coffee
@@ -3,6 +3,7 @@ angular.module('admin.orderCycles')
    $controller('AdminOrderCycleBasicCtrl', {$scope: $scope, ocInstance: ocInstance})

    order_cycle_id = $location.absUrl().match(/\/admin\/order_cycles\/(\d+)/)[1]
+    $scope.order_cycle_id = order_cycle_id
    $scope.order_cycle = OrderCycle.load(order_cycle_id)
    $scope.enterprises = Enterprise.index(order_cycle_id: order_cycle_id)
    $scope.enterprise_fees = EnterpriseFee.index(order_cycle_id: order_cycle_id)
@@ -18,6 +19,8 @@ angular.module('admin.orderCycles')

    $scope.submit = ($event, destination) ->
      $event.preventDefault()
+      $scope.order_cycle?.trigger_action = $($event.target).data('trigger-action');
+      $scope.order_cycle?.confirm = $($event.target).data('confirm');
      StatusMessage.display 'progress', t('js.saving')
      OrderCycle.update(destination, $scope.order_cycle_form)

@@ -25,4 +28,4 @@ angular.module('admin.orderCycles')
      if $scope.order_cycle_form?.$dirty
        t('admin.unsaved_confirm_leave')

-    NavigationCheck.register(warnAboutUnsavedChanges)
+    NavigationCheck.register(warnAboutUnsavedChanges)
--- a/app/assets/javascripts/admin/order_cycles/controllers/incoming_controller.js.coffee
+++ b/app/assets/javascripts/admin/order_cycles/controllers/incoming_controller.js.coffee
@@ -1,8 +1,9 @@
-angular.module('admin.orderCycles').controller 'AdminOrderCycleIncomingCtrl', ($scope, $rootScope, $controller, $location, Enterprise, OrderCycle, ExchangeProduct, ocInstance) ->
+angular.module('admin.orderCycles').controller 'AdminOrderCycleIncomingCtrl', ($scope, $rootScope, $controller, $location, Enterprise, EnterpriseFee, OrderCycle, ExchangeProduct, ocInstance) ->
  $controller('AdminOrderCycleExchangesCtrl', {$scope: $scope, ocInstance: ocInstance, $location: $location})

  $scope.view = 'incoming'
-
+  # NB: weirdly at this next line $scope.order_cycle.id comes out undefined so we use $scope.order_cycle_id instead
+  $scope.enterprise_fees = EnterpriseFee.index(order_cycle_id: $scope.order_cycle_id, per_item: true)
  $scope.exchangeTotalVariants = (exchange) ->
    return unless $scope.enterprises? && $scope.enterprises[exchange.enterprise_id]?

--- a/app/assets/javascripts/admin/order_cycles/controllers/simple_edit.js.coffee
+++ b/app/assets/javascripts/admin/order_cycles/controllers/simple_edit.js.coffee
@@ -22,6 +22,8 @@ angular.module('admin.orderCycles').controller "AdminSimpleEditOrderCycleCtrl",

  $scope.submit = ($event, destination) ->
    $event.preventDefault()
+    $scope.order_cycle?.trigger_action = $($event.target).data('trigger-action');
+    $scope.order_cycle?.confirm = $($event.target).data('confirm');
    StatusMessage.display 'progress', t('js.saving')
    OrderCycle.mirrorIncomingToOutgoingProducts()
    OrderCycle.update(destination, $scope.order_cycle_form) if OrderCycle.confirmNoDistributors()
--- a/app/assets/javascripts/admin/order_cycles/services/enterprise_fee.js.coffee
+++ b/app/assets/javascripts/admin/order_cycles/services/enterprise_fee.js.coffee
@@ -6,6 +6,8 @@ angular.module('admin.orderCycles').factory('EnterpriseFee', ($resource) ->
      params:
        order_cycle_id: '@order_cycle_id'
        coordinator_id: '@coordinator_id'
+        per_item: '@per_item'
+        per_order: '@per_order'
  })

  {
--- a/app/assets/javascripts/admin/order_cycles/services/order_cycle.js.coffee
+++ b/app/assets/javascripts/admin/order_cycles/services/order_cycle.js.coffee
@@ -161,7 +161,11 @@ angular.module('admin.orderCycles').factory 'OrderCycle', ($resource, $window, $
          StatusMessage.display('failure', t('js.order_cycles.create_failure'))

    update: (destination, form) ->
-      oc = new OrderCycleResource({order_cycle: this.dataForSubmit()})
+      oc = new OrderCycleResource({
+          order_cycle: this.dataForSubmit(),
+          confirm: this.order_cycle.confirm,
+          trigger_action: this.order_cycle.trigger_action
+        })
      oc.$update {order_cycle_id: this.order_cycle.id, reloading: (if destination? then 1 else 0)}, (data) =>
        form.$setPristine() if form
        if destination?
@@ -171,6 +175,8 @@ angular.module('admin.orderCycles').factory 'OrderCycle', ($resource, $window, $
      , (response) ->
        if response.data.errors?
          StatusMessage.display('failure', response.data.errors[0])
+        else if (response.data.trigger_action)
+          StatusMessage.display('notice', t('js.order_cycles.unsaved_changes'), response.data.trigger_action)
        else
          StatusMessage.display('failure', t('js.order_cycles.update_failure'))

--- a/app/assets/javascripts/admin/spree/taxons/taxon_tree_menu.js.coffee
+++ b/app/assets/javascripts/admin/spree/taxons/taxon_tree_menu.js.coffee
@@ -1,21 +0,0 @@
-root = exports ? this
-
-root.taxon_tree_menu = (obj, context) ->
-
-  base_url = Spree.url(Spree.routes.taxonomy_taxons)
-  admin_base_url = Spree.url(Spree.routes.admin_taxonomy_taxons)
-  edit_url = Spree.url(Spree.routes.admin_taxonomy_taxons + '/' + obj.attr("id") + "/edit");
-
-  create:
-    label: "<i class='icon-plus'></i> " + Spree.translations.add,
-    action: (obj) -> context.create(obj)
-  rename:
-    label: "<i class='icon-pencil'></i> " + Spree.translations.rename,
-    action: (obj) -> context.rename(obj)
-  remove:
-    label: "<i class='icon-trash'></i> " + Spree.translations.remove,
-    action: (obj) -> context.remove(obj)
-  edit:
-    separator_before: true,
-    label: "<i class='icon-edit'></i> " + Spree.translations.edit,
-    action: (obj) -> window.location = edit_url.toString()
--- a/app/assets/javascripts/admin/spree/taxons/taxonomy.js.coffee
+++ b/app/assets/javascripts/admin/spree/taxons/taxonomy.js.coffee
@@ -1,139 +0,0 @@
-handle_ajax_error = (XMLHttpRequest, textStatus, errorThrown) ->
-  $.jstree.rollback(last_rollback)
-  $("#ajax_error").show().html("<strong>" + server_error + "</strong><br />" + taxonomy_tree_error)
-
-handle_move = (e, data) ->
-  last_rollback = data.rlbk
-  position = data.rslt.cp
-  node = data.rslt.o
-  new_parent = data.rslt.np
-
-  url = new URL(Spree.routes.admin_taxonomy_taxons)
-  url.pathname = url.pathname + '/' + node.attr("id") 
-  data = {
-    _method: "put",
-    "taxon[position]": position,
-    "taxon[parent_id]": if !isNaN(new_parent.attr("id")) then new_parent.attr("id") else undefined
-  }
-  $.ajax
-    type: "POST",
-    dataType: "json",
-    url: url.toString(),
-    data: data,
-    error: handle_ajax_error
-
-  true
-
-handle_create = (e, data) ->
-  last_rollback = data.rlbk
-  node = data.rslt.obj
-  name = data.rslt.name
-  position = data.rslt.position
-  new_parent = data.rslt.parent
-
-  data = {
-    "taxon[name]": name,
-    "taxon[position]": position
-    "taxon[parent_id]": if !isNaN(new_parent.attr("id")) then new_parent.attr("id") else undefined
-  }
-  $.ajax
-    type: "POST",
-    dataType: "json",
-    url: base_url.toString(),
-    data: data,
-    error: handle_ajax_error,
-    success: (data,result) ->
-      node.attr('id', data.id)
-
-handle_rename = (e, data) ->
-  last_rollback = data.rlbk
-  node = data.rslt.obj
-  name = data.rslt.new_name
-  # change the name inside the main input field as well if taxon is the root one
-  document.getElementById("taxonomy_name").value = name if node.parents("[id]").attr("id") == "taxonomy_tree"
-
-  url = new URL(base_url)
-  url.pathname = url.pathname + '/' + node.attr("id")
-
-  $.ajax
-    type: "POST",
-    dataType: "json",
-    url: url.toString(),
-    data: {_method: "put", "taxon[name]": name },
-    error: handle_ajax_error
-
-handle_delete = (e, data) ->
-  last_rollback = data.rlbk
-  node = data.rslt.obj
-  delete_url = new URL(base_url)
-  delete_url.pathname = delete_url.pathname + '/' + node.attr("id")
-  if confirm(Spree.translations.are_you_sure_delete)
-    $.ajax
-      type: "POST",
-      dataType: "json",
-      url: delete_url.toString(),
-      data: {_method: "delete"},
-      error: handle_ajax_error
-  else
-    $.jstree.rollback(last_rollback)
-    last_rollback = null
-
-root = exports ? this
-root.setup_taxonomy_tree = (taxonomy_id) ->
-  if taxonomy_id != undefined
-    # this is defined within admin/taxonomies/edit
-    root.base_url = Spree.url(Spree.routes.taxonomy_taxons)
-
-    $.ajax
-      url: base_url.pathname.replace("/taxons", "/jstree"),
-      success: (taxonomy) ->
-        last_rollback = null
-
-        conf =
-          json_data:
-            data: taxonomy,
-            ajax:
-              url: (e) ->
-                base_url.pathname + '/' + e.attr('id') + '/jstree'
-          themes:
-            theme: "apple",
-            url: "/assets/jquery.jstree/themes/apple/style.css"
-          strings:
-            new_node: new_taxon,
-            loading: Spree.translations.loading + "..."
-          crrm:
-            move:
-              check_move: (m) ->
-                position = m.cp
-                node = m.o
-                new_parent = m.np
-
-                # no parent or cant drag and drop
-                if !new_parent || node.attr("rel") == "root"
-                  return false
-
-                # can't drop before root
-                if new_parent.attr("id") == "taxonomy_tree" && position == 0
-                  return false
-
-                true
-          contextmenu:
-            items: (obj) ->
-              taxon_tree_menu(obj, this)
-          plugins: ["themes", "json_data", "dnd", "crrm", "contextmenu"]
-
-        $("#taxonomy_tree").jstree(conf)
-          .bind("move_node.jstree", handle_move)
-          .bind("remove.jstree", handle_delete)
-          .bind("create.jstree", handle_create)
-          .bind("rename.jstree", handle_rename)
-          .bind "loaded.jstree", ->
-            $(this).jstree("core").toggle_node($('.jstree-icon').first())
-
-    $("#taxonomy_tree a").on "dblclick", (e) ->
-      $("#taxonomy_tree").jstree("rename", this)
-
-    # surpress form submit on enter/return
-    $(document).keypress (e) ->
-      if e.keyCode == 13
-        e.preventDefault()
--- a/app/assets/javascripts/admin/utils/services/status_message.js.coffee
+++ b/app/assets/javascripts/admin/utils/services/status_message.js.coffee
@@ -10,7 +10,9 @@ angular.module("admin.utils").factory "StatusMessage", ->

    statusMessage:
      text: ""
-      style: {}
+      style: {},
+      type: null,
+      actionName: null

    invalidMessage: ""

@@ -23,11 +25,15 @@ angular.module("admin.utils").factory "StatusMessage", ->
    active: ->
      @statusMessage.text != ''

-    display: (type, text) ->
+    display: (type, text, actionName = null) ->
      @statusMessage.text = text
+      @statusMessage.type = type
+      @statusMessage.actionName = actionName
      @statusMessage.style = @types[type].style
      null

    clear: ->
      @statusMessage.text = ''
      @statusMessage.style = {}
+      @statusMessage.type = null
+      @statusMessage.actionName = null
--- a/app/assets/javascripts/admin/variant_overrides/directives/track_inheritance.js.coffee
+++ b/app/assets/javascripts/admin/variant_overrides/directives/track_inheritance.js.coffee
@@ -2,10 +2,10 @@ angular.module("admin.variantOverrides").directive "trackInheritance", (VariantO
  require: "ngModel"
  link: (scope, element, attrs, ngModel) ->
    # This is a bit hacky, but it allows us to load the inherit property on the VO, but then not submit it
-    scope.inherit = angular.equals scope.variantOverrides[scope.hub_id][scope.variant.id], VariantOverrides.newFor scope.hub_id, scope.variant.id
+    scope.inherit = angular.equals scope.variantOverrides[scope.hub_id][scope.variant.id], VariantOverrides.newFor scope.hub_id, scope.variant

    ngModel.$parsers.push (viewValue) ->
      if ngModel.$dirty && viewValue
-        DirtyVariantOverrides.inherit scope.hub_id, scope.variant.id, scope.variantOverrides[scope.hub_id][scope.variant.id].id
+        DirtyVariantOverrides.inherit scope.hub_id, scope.variant, scope.variantOverrides[scope.hub_id][scope.variant.id].id
        scope.displayDirty()
      viewValue
--- a/app/assets/javascripts/admin/variant_overrides/filters/hub_permissions_filter.js.coffee
+++ b/app/assets/javascripts/admin/variant_overrides/filters/hub_permissions_filter.js.coffee
@@ -2,4 +2,8 @@ angular.module("admin.variantOverrides").filter "hubPermissions", ($filter) ->
  return (products, hubPermissions, hub_id) ->
    return [] if !hub_id
    return [] if !hubPermissions[hub_id]
-    return $filter('filter')(products, ((product) -> hubPermissions[hub_id].indexOf(product.producer_id) > -1), true)
+
+    return $filter('filter')(products, ((product) ->
+      for variant in product.variants
+        return hubPermissions[hub_id].indexOf(variant.producer_id) > -1
+     ), true)
--- a/app/assets/javascripts/admin/variant_overrides/services/dirty_variant_overrides.js.coffee
+++ b/app/assets/javascripts/admin/variant_overrides/services/dirty_variant_overrides.js.coffee
@@ -12,11 +12,11 @@ angular.module("admin.variantOverrides").factory "DirtyVariantOverrides", ($http
        @add(hub_id, variant_id, vo_id)
        @dirtyVariantOverrides[hub_id][variant_id][attr] = value

-    inherit: (hub_id, variant_id, vo_id) ->
-      @add(hub_id, variant_id, vo_id)
-      blankVo = angular.copy(VariantOverrides.inherit(hub_id, variant_id))
+    inherit: (hub_id, variant, vo_id) ->
+      @add(hub_id, variant.id, vo_id)
+      blankVo = angular.copy(VariantOverrides.inherit(hub_id, variant))
      delete blankVo[attr] for attr, value of blankVo when attr not in @requiredAttrs()
-      @dirtyVariantOverrides[hub_id][variant_id] = blankVo
+      @dirtyVariantOverrides[hub_id][variant.id] = blankVo

    count: ->
      count = 0
--- a/app/assets/javascripts/admin/variant_overrides/services/variant_overrides.js.coffee
+++ b/app/assets/javascripts/admin/variant_overrides/services/variant_overrides.js.coffee
@@ -13,17 +13,18 @@ angular.module("admin.variantOverrides").factory "VariantOverrides", (variantOve
        @variantOverrides[hub.id] ||= {}
        for product in products
          for variant in product.variants
-            @inherit(hub.id, variant.id) unless @variantOverrides[hub.id][variant.id]
+            @inherit(hub.id, variant) unless @variantOverrides[hub.id][variant.id]

-    inherit: (hub_id, variant_id) ->
+    inherit: (hub_id, variant) ->
      # This method is called from the trackInheritance directive, to reinstate inheritance
-      @variantOverrides[hub_id][variant_id] ||= {}
-      angular.extend @variantOverrides[hub_id][variant_id], @newFor hub_id, variant_id
+      @variantOverrides[hub_id][variant.id] ||= {}
+      angular.extend @variantOverrides[hub_id][variant.id], @newFor(hub_id, variant)

-    newFor: (hub_id, variant_id) ->
+    newFor: (hub_id, variant) ->
      # These properties need to match those checked in VariantOverrideSet.deletable?
      hub_id: hub_id
-      variant_id: variant_id
+      variant_id: variant.id
+      producer_id: variant.producer_id
      sku: null
      price: null
      count_on_hand: null
--- a/app/assets/javascripts/darkswarm/controllers/products_controller.js.coffee
+++ b/app/assets/javascripts/darkswarm/controllers/products_controller.js.coffee
@@ -4,15 +4,18 @@ angular.module('Darkswarm').controller "ProductsCtrl", ($scope, $sce, $filter, $
  $scope.query = ""
  $scope.taxonSelectors = FilterSelectorsService.createSelectors()
  $scope.propertySelectors = FilterSelectorsService.createSelectors()
+  $scope.producerPropertySelectors = FilterSelectorsService.createSelectors()
  $scope.filtersActive = true
  $scope.page = 1
  $scope.per_page = 10
  $scope.order_cycle = OrderCycle.order_cycle
  $scope.supplied_taxons = null
  $scope.supplied_properties = null
+  $scope.supplied_producer_properties = null
  $scope.showFilterSidebar = false
  $scope.activeTaxons = []
  $scope.activeProperties = []
+  $scope.activeProducerProperties = []

  # Update filters after initial load of shop tab
  $timeout =>
@@ -45,6 +48,12 @@ angular.module('Darkswarm').controller "ProductsCtrl", ($scope, $sce, $filter, $
        $scope.supplied_properties[property.id] = Properties.properties_by_id[property.id]
      )

+    OrderCycleResource.producerProperties params, (data)=>
+      $scope.supplied_producer_properties = {}
+      data.map( (property) ->
+        $scope.supplied_producer_properties[property.id] = Properties.properties_by_id[property.id]
+      )
+
  $scope.loadMore = ->
    if ($scope.page * $scope.per_page) <= Products.products.length
      $scope.loadMoreProducts()
@@ -52,6 +61,7 @@ angular.module('Darkswarm').controller "ProductsCtrl", ($scope, $sce, $filter, $
  $scope.$watch 'query', (newValue, oldValue) -> $scope.loadProducts() if newValue != oldValue
  $scope.$watchCollection 'activeTaxons', (newValue, oldValue) -> $scope.loadProducts() if newValue != oldValue
  $scope.$watchCollection 'activeProperties', (newValue, oldValue) -> $scope.loadProducts() if newValue != oldValue
+  $scope.$watchCollection 'activeProducerProperties', (newValue, oldValue) -> $scope.loadProducts() if newValue != oldValue

  $scope.loadProducts = ->
    $scope.page = 1
@@ -66,8 +76,9 @@ angular.module('Darkswarm').controller "ProductsCtrl", ($scope, $sce, $filter, $
      id: $scope.order_cycle.order_cycle_id,
      page: page || $scope.page,
      per_page: $scope.per_page,
-      'q[name_or_meta_keywords_or_variants_display_as_or_variants_display_name_or_supplier_name_cont]': $scope.query,
+      'q[name_or_meta_keywords_or_variants_display_as_or_variants_display_name_or_variants_supplier_name_cont]': $scope.query,
      'q[with_properties][]': $scope.activeProperties,
+      'q[with_variants_supplier_properties][]': $scope.activeProducerProperties,
      'q[variants_primary_taxon_id_in_any][]': $scope.activeTaxons
    }

@@ -86,6 +97,12 @@ angular.module('Darkswarm').controller "ProductsCtrl", ($scope, $sce, $filter, $
      Properties.properties_by_id[property_id].name
    ).join($scope.filtersJoinWord()) if $scope.activeProperties?

+  $scope.appliedProducerPropertiesList = ->
+    $scope.activeProducerProperties.map( (property_id) ->
+      Properties.properties_by_id[property_id].name
+    ).join($scope.filtersJoinWord()) if $scope.activeProducerProperties?
+
+
  $scope.filtersJoinWord = ->
    $sce.trustAsHtml(" <span class='join-word'>#{t('products_or')}</span> ")

@@ -99,6 +116,7 @@ angular.module('Darkswarm').controller "ProductsCtrl", ($scope, $sce, $filter, $
  $scope.clearFilters = ->
    $scope.taxonSelectors.clearAll()
    $scope.propertySelectors.clearAll()
+    $scope.producerPropertySelectors.clearAll()

  $scope.refreshStaleData = ->
    # If the products template has already been loaded but the controller is being initialized
@@ -109,7 +127,7 @@ angular.module('Darkswarm').controller "ProductsCtrl", ($scope, $sce, $filter, $
      $scope.loadProducts()

  $scope.filtersCount = () ->
-    $scope.taxonSelectors.totalActive() + $scope.propertySelectors.totalActive()
+    $scope.taxonSelectors.totalActive() + $scope.propertySelectors.totalActive() + $scope.producerPropertySelectors.totalActive()

  $scope.toggleFilterSidebar = ->
    $scope.showFilterSidebar = !$scope.showFilterSidebar
--- a/app/assets/javascripts/darkswarm/controllers/registration/registration_controller.js.coffee
+++ b/app/assets/javascripts/darkswarm/controllers/registration/registration_controller.js.coffee
@@ -42,8 +42,17 @@ angular.module('Darkswarm').controller "RegistrationCtrl", ($scope, Registration
  $scope.toggleAddressConfirmed = ->
    $scope.addressConfirmed = !$scope.addressConfirmed
    if $scope.addressConfirmed
+      $scope.setLatLongIfUsingOpenStreetMap()
      $scope.enterprise.address.latitude = $scope.latLong.latitude
      $scope.enterprise.address.longitude = $scope.latLong.longitude
    else
      $scope.enterprise.address.latitude = null
      $scope.enterprise.address.longitude = null
+
+  # When OpenStreetMaps is enabled the latitude and longitude are calculated via a Stimulus
+  # controller, so they need to be read from data properties to be accessible here.
+  $scope.setLatLongIfUsingOpenStreetMap = ->
+    openStreetMap = document.getElementById("open-street-map")
+    if !$scope.latLong && openStreetMap && openStreetMap.dataset.latitude && openStreetMap.dataset.longitude
+      $scope.latLong = { latitude: openStreetMap.dataset.latitude, longitude: openStreetMap.dataset.longitude }
+
--- a/app/assets/javascripts/darkswarm/services/order_cycle_resource.js.coffee
+++ b/app/assets/javascripts/darkswarm/services/order_cycle_resource.js.coffee
@@ -18,4 +18,11 @@ angular.module('Darkswarm').factory 'OrderCycleResource', ($resource) ->
      url: '/api/v0/order_cycles/:id/properties.json'
      params:
        id: '@id'
+    'producerProperties':
+      method: 'GET'
+      isArray: true
+      url: '/api/v0/order_cycles/:id/producer_properties.json'
+      params:
+        id: '@id'
+
  })
--- a/app/assets/javascripts/darkswarm/services/products.js.coffee
+++ b/app/assets/javascripts/darkswarm/services/products.js.coffee
@@ -39,7 +39,7 @@ angular.module('Darkswarm').factory 'Products', (OrderCycleResource, OrderCycle,

    dereference: ->
      for product in @fetched_products
-        product.supplier = Shopfront.producers_by_id[product.supplier.id]
+        product.supplier = Shopfront.producers_by_id[product.variants[0].supplier.id]
        Dereferencer.dereference product.taxons, Taxons.taxons_by_id

        product.properties = angular.copy(product.properties_with_values)
--- a/app/assets/javascripts/templates/admin/columns_dropdown.html.haml
+++ b/app/assets/javascripts/templates/admin/columns_dropdown.html.haml
@@ -5,8 +5,9 @@
  %div.menu{ 'ng-show' => "expanded" }
    .menu_items
      .menu_item{ "ng-repeat": "column in columns", "ng-click": "toggle(column);" }
-        %input.redesigned-input{ type: "checkbox", "ng-checked": "column.visible" }
-        {{ column.name }}
+        %input{ type: "checkbox", "ng-checked": "column.visible" }
+        %span
+          {{ column.name }}
      %hr
      %div.menu_item.text-center
        %input.fullwidth.orange{ type: "button", "ng-value": "saved() ? 'Saved': 'Saving'", "ng-show": "saved() || saving", "ng-disabled": "saved()" }
--- a/app/assets/javascripts/templates/admin/save_bar.html.haml
+++ b/app/assets/javascripts/templates/admin/save_bar.html.haml
@@ -1,7 +1,7 @@
 #save-bar.animate-show{ "ng-show": 'dirty || persist || StatusMessage.active()' }
  .container
    .seven.columns.alpha
-      %h5#status-message{ "ng-show": "StatusMessage.invalidMessage == ''", "ng-style": 'StatusMessage.statusMessage.style' }
+      %h5#status-message{ "ng-show": "StatusMessage.invalidMessage == ''", "ng-style": 'StatusMessage.statusMessage.style', data: { 'order-cycle-form-target': 'statusMessage' }, "ng-attr-data-type": "{{StatusMessage.statusMessage.type}}", "ng-attr-data-action-name": "{{StatusMessage.statusMessage.actionName}}" }
        {{ StatusMessage.statusMessage.text || "&nbsp;" }}
      %h5#status-message{ style: 'color: #C85136', "ng-show": "StatusMessage.invalidMessage !== ''" }
        {{ StatusMessage.invalidMessage || "&nbsp;" }}
--- a/app/components/help_modal_component.rb
+++ b/app/components/help_modal_component.rb
@@ -2,6 +2,6 @@

 class HelpModalComponent < ModalComponent
  def initialize(id:, close_button: true)
-    super(id:, close_button:)
+    super
  end
 end
--- a/app/components/modal_component/modal_component.scss
+++ b/app/components/modal_component/modal_component.scss
@@ -24,6 +24,19 @@
    max-width: 100%;
    height: auto;
  }
+
+  .flex-column {
+    display: flex;
+    flex-direction: column;
+  }
+
+  .gap-1 {
+    gap: 1rem;
+  }
+
+  .gap-2 {
+    gap: 2rem;
+  }
 }

 /* prevent arrow on selected admin menu item appearing above modal */
--- a/app/components/multiple_checked_select_component/multiple_checked_select_component.html.haml
+++ b/app/components/multiple_checked_select_component/multiple_checked_select_component.html.haml
@@ -9,5 +9,5 @@
    %div.menu_items
      - @options.each do |option|
        %label.menu_item{ "data-multiple-checked-select-target": "option", "data-value": option[1], "data-label": option[0] }
-          %input.redesigned-input{ type: "checkbox", checked: @selected.include?(option[1]), name: "#{@name}[]", value: option[1] }
-          = option[0]
+          %input{ type: "checkbox", checked: @selected.include?(option[1]), name: "#{@name}[]", value: option[1] }
+          %span= option[0]
--- a/app/controllers/admin/bulk_line_items_controller.rb
+++ b/app/controllers/admin/bulk_line_items_controller.rb
@@ -35,7 +35,7 @@ module Admin
      order.with_lock do
        if order.contents.update_item(@line_item, line_item_params)
          # No Content, does not trigger ng resource auto-update
-          render body: nil, status: :no_content
+          head :no_content
        else
          render json: { errors: @line_item.errors }, status: :precondition_failed
        end
@@ -49,7 +49,7 @@ module Admin
      authorize! :update, order

      order.contents.remove(@line_item.variant)
-      render body: nil, status: :no_content # No Content, does not trigger ng resource auto-update
+      head :no_content # No Content, does not trigger ng resource auto-update
    end

    private
--- a/app/controllers/admin/column_preferences_controller.rb
+++ b/app/controllers/admin/column_preferences_controller.rb
@@ -4,17 +4,25 @@ module Admin
  class ColumnPreferencesController < Admin::ResourceController
    before_action :load_collection, only: [:bulk_update]

-    respond_to :json
-
    def bulk_update
      @cp_set.collection.each { |cp| authorize! :bulk_update, cp }

-      if @cp_set.save
-        render json: @cp_set.collection, each_serializer: Api::Admin::ColumnPreferenceSerializer
-      elsif @cp_set.errors.present?
-        render json: { errors: @cp_set.errors }, status: :bad_request
-      else
-        render body: nil, status: :internal_server_error
+      respond_to do |format|
+        if @cp_set.save
+          format.json {
+            render json: @cp_set.collection, each_serializer: Api::Admin::ColumnPreferenceSerializer
+          }
+          format.turbo_stream {
+            flash.now[:success] = t('.success')
+            render :bulk_update, locals: { action: permitted_params[:action_name] }
+          }
+        else
+          format.json { render json: { errors: @cp_set.errors }, status: :bad_request }
+          format.turbo_stream {
+            flash.now[:error] = @cp_set.errors.full_messages.to_sentence
+            render :bulk_update, locals: { action: permitted_params[:action_name] }
+          }
+        end
      end
    end

@@ -28,11 +36,26 @@ module Admin
    end

    def load_collection
-      collection_hash = Hash[permitted_params[:column_preferences].
-        each_with_index.map { |cp, i| [i, cp] }]
-      collection_hash.select!{ |_i, cp| cp[:action_name] == permitted_params[:action_name] }
-      @cp_set = Sets::ColumnPreferenceSet.new(@column_preferences,
-                                              collection_attributes: collection_hash)
+      collection_attributes = nil
+
+      respond_to do |format|
+        format.json do
+          collection_attributes = Hash[permitted_params[:column_preferences].
+            each_with_index.map { |cp, i| [i, cp] }]
+          collection_attributes.select!{ |_i, cp|
+            cp[:action_name] == permitted_params[:action_name]
+          }
+        end
+        format.all do
+          # Inject action name and user ID for each column_preference
+          collection_attributes = permitted_params[:column_preferences].to_h.each_value { |cp|
+            cp[:action_name] = permitted_params[:action_name]
+            cp[:user_id] = spree_current_user.id
+          }
+        end
+      end
+
+      @cp_set = Sets::ColumnPreferenceSet.new(@column_preferences, collection_attributes:)
    end

    def collection
--- a/app/controllers/admin/connected_app_settings_controller.rb
+++ b/app/controllers/admin/connected_app_settings_controller.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Admin
+  class ConnectedAppSettingsController < Spree::Admin::BaseController
+    def update
+      Spree::Config.set(connected_apps_enabled:)
+
+      respond_to do |format|
+        format.html {
+          flash[:success] = t(:successfully_updated, resource: t('.resource'))
+          redirect_to main_app.edit_admin_connected_app_settings_path
+        }
+      end
+    end
+
+    private
+
+    def connected_apps_enabled
+      params.require(:preferences).require(:connected_apps_enabled).compact_blank.join(",")
+    end
+  end
+end
--- a/app/controllers/admin/connected_apps_controller.rb
+++ b/app/controllers/admin/connected_apps_controller.rb
@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module Admin
+  class ConnectedAppsController < ApplicationController
+    def create
+      authorize! :admin, enterprise
+
+      attributes = {}
+      attributes[:type] = connected_app_params[:type] if connected_app_params[:type]
+
+      app = ConnectedApp.create!(enterprise_id: enterprise.id, **attributes)
+      app.connect(api_key: spree_current_user.spree_api_key,
+                  channel: SessionChannel.for_request(request))
+
+      render_panel
+    end
+
+    def destroy
+      authorize! :admin, enterprise
+
+      app = enterprise.connected_apps.find(params.require(:id))
+      app.destroy
+
+      render_panel
+    end
+
+    private
+
+    def enterprise
+      @enterprise ||= Enterprise.find(params.require(:enterprise_id))
+    end
+
+    def render_panel
+      redirect_to "#{edit_admin_enterprise_path(enterprise)}#/connected_apps_panel"
+    end
+
+    def connected_app_params
+      params.permit(:type)
+    end
+  end
+end
--- a/app/controllers/admin/dfc_product_imports_controller.rb
+++ b/app/controllers/admin/dfc_product_imports_controller.rb
@@ -20,7 +20,7 @@ module Admin

      catalog_url = params.require(:catalog_url)

-      json_catalog = DfcRequest.new(spree_current_user).get(catalog_url)
+      json_catalog = fetch_catalog(catalog_url)
      graph = DfcIo.import(json_catalog)

      # * First step: import all products for given enterprise.
@@ -34,6 +34,10 @@ module Admin

    private

+    def fetch_catalog(url)
+      DfcRequest.new(spree_current_user).call(url)
+    end
+
    # Most of this code is the same as in the DfcProvider::SuppliedProductsController.
    def import_product(subject, enterprise)
      return unless subject.is_a? DataFoodConsortium::Connector::SuppliedProduct
--- a/app/controllers/admin/enterprise_fees_controller.rb
+++ b/app/controllers/admin/enterprise_fees_controller.rb
@@ -65,7 +65,9 @@ module Admin
        order_cycle ||= OrderCycle.new(coordinator:) if coordinator.present?
        enterprises = OpenFoodNetwork::OrderCyclePermissions.new(spree_current_user,
                                                                 order_cycle).visible_enterprises
-        EnterpriseFee.for_enterprises(enterprises).order('enterprise_id', 'fee_type', 'name')
+
+        fees = EnterpriseFee.for_enterprises(enterprises).order('enterprise_id', 'fee_type', 'name')
+        filter_fees(fees)
      else
        collection = EnterpriseFee.managed_by(spree_current_user).order('enterprise_id',
                                                                        'fee_type', 'name')
@@ -74,6 +76,12 @@ module Admin
      end
    end

+    def filter_fees(fees)
+      fees = fees.per_item if params[:per_item]
+      fees = fees.per_order if params[:per_order]
+      fees
+    end
+
    def collection_actions
      [:index, :for_order_cycle, :bulk_update]
    end
--- a/app/controllers/admin/enterprises_controller.rb
+++ b/app/controllers/admin/enterprises_controller.rb
@@ -189,10 +189,7 @@ module Admin
          .visible_enterprises

        if enterprises.present?
-          enterprises.includes(
-            supplied_products:
-              [:supplier, :variants, :image]
-          )
+          enterprises.includes(supplied_products: [:variants, :image])
        end
      when :index
        if spree_current_user.admin?
--- a/app/controllers/admin/order_cycles_controller.rb
+++ b/app/controllers/admin/order_cycles_controller.rb
@@ -11,6 +11,7 @@ module Admin
    before_action :remove_protected_attrs, only: [:update]
    before_action :require_order_cycle_set_params, only: [:bulk_update]
    around_action :protect_invalid_destroy, only: :destroy
+    before_action :verify_datetime_change, only: :update

    def index
      respond_to do |format|
@@ -235,7 +236,7 @@ module Admin
      else
        begin
          yield
-        rescue ActiveRecord::InvalidForeignKey
+        rescue ActiveRecord::InvalidForeignKey, ActiveRecord::DeleteRestrictionError
          redirect_to main_app.admin_order_cycles_url
          flash[:error] = I18n.t('admin.order_cycles.destroy_errors.orders_present')
        end
@@ -294,5 +295,22 @@ module Admin
        collection_attributes: [:id] + PermittedAttributes::OrderCycle.basic_attributes
      ).to_h.with_indifferent_access
    end
+
+    # Check that order cycle datetime values changed if it has existing orders
+    def verify_datetime_change
+      return unless params[:order_cycle][:confirm]
+      return unless @order_cycle.orders.exists?
+      return if same_dates(@order_cycle.orders_open_at, order_cycle_params[:orders_open_at]) &&
+                same_dates(@order_cycle.orders_close_at, order_cycle_params[:orders_close_at])
+
+      render json: { trigger_action: params[:order_cycle][:trigger_action] },
+             status: :unprocessable_entity
+    end
+
+    def same_dates(date, string)
+      false unless date && string
+
+      DateTime.parse(string).to_fs(:short) == date.to_fs(:short)
+    end
  end
 end
--- a/app/controllers/admin/product_import_controller.rb
+++ b/app/controllers/admin/product_import_controller.rb
@@ -4,6 +4,8 @@ require 'roo'

 module Admin
  class ProductImportController < Spree::Admin::BaseController
+    TMPDIR_PREFIX = "product_import-"
+
    before_action :validate_upload_presence, except: %i[index guide validate_data]

    def index
@@ -101,8 +103,7 @@ module Admin

    def save_uploaded_file(upload)
      extension = File.extname(upload.original_filename)
-      directory = Dir.mktmpdir 'product_import'
-      File.open(File.join(directory, "import#{extension}"), 'wb') do |f|
+      File.open(File.join(mktmpdir, "import#{extension}"), 'wb') do |f|
        data = UploadSanitizer.new(upload.read).call
        f.write(data)
        f.path
@@ -126,6 +127,14 @@ module Admin
      ProductImport::ProductImporter
    end

+    def mktmpdir
+      Dir::Tmpname.create(TMPDIR_PREFIX, Rails.root.join('tmp') ) { |tmpname| Dir.mkdir(tmpname) }
+    end
+
+    def tmpdir_base
+      Rails.root.join('tmp', TMPDIR_PREFIX).to_s
+    end
+
    def file_path
      @file_path ||= validate_file_path(sanitize_file_path(params[:filepath]))
    end
@@ -134,8 +143,9 @@ module Admin
      FilePathSanitizer.new.sanitize(file_path, on_error: method(:raise_invalid_file_path))
    end

+    # Ensure file is under the safe tmp directory
    def validate_file_path(file_path)
-      return file_path if file_path.to_s.match?(TEMP_FILE_PATH_REGEX)
+      return file_path if file_path.to_s.match?(%r{^#{tmpdir_base}[A-Za-z0-9-]*/import\.csv$})

      raise_invalid_file_path
    end
@@ -145,6 +155,5 @@ module Admin
                  notice: I18n.t(:product_import_no_data_in_spreadsheet_notice)
      raise 'Invalid File Path'
    end
-    TEMP_FILE_PATH_REGEX = %r{^/tmp/product_import[A-Za-z0-9-]*/import\.csv$}
  end
 end
--- a/app/controllers/admin/products_v3_controller.rb
+++ b/app/controllers/admin/products_v3_controller.rb
@@ -1,13 +1,18 @@
 # frozen_string_literal: true

+# rubocop:disable Metrics/ClassLength
 module Admin
  class ProductsV3Controller < Spree::Admin::BaseController
+    helper ProductsHelper
+
    before_action :init_filters_params
    before_action :init_pagination_params

    def index
      fetch_products
      render "index", locals: { producers:, categories:, tax_category_options:, flash: }
+
+      session[:products_return_to_url] = request.url
    end

    def bulk_update
@@ -29,6 +34,67 @@ module Admin
      end
    end

+    def destroy
+      @record = ProductScopeQuery.new(
+        spree_current_user,
+        { id: params[:id] }
+      ).find_product
+
+      @record.destroyed_by = spree_current_user
+      status = :ok
+
+      if @record.destroy
+        flash.now[:success] = t('.delete_product.success')
+      else
+        flash.now[:error] = t('.delete_product.error')
+        status = :internal_server_error
+      end
+
+      respond_with do |format|
+        format.turbo_stream { render :destroy_product_variant, status: }
+      end
+    end
+
+    def destroy_variant
+      @record = Spree::Variant.active.find(params[:id])
+      authorize! :delete, @record
+
+      status = :ok
+      if VariantDeleter.new.delete(@record)
+        flash.now[:success] = t('.delete_variant.success')
+      else
+        flash.now[:error] = t('.delete_variant.error')
+        status = :internal_server_error
+      end
+
+      respond_with do |format|
+        format.turbo_stream { render :destroy_product_variant, status: }
+      end
+    end
+
+    def clone
+      @product = Spree::Product.find(params[:id])
+      status = :ok
+
+      begin
+        @cloned_product = @product.duplicate
+        flash.now[:success] = t('.success')
+
+        @product_index = "-#{@cloned_product.id}"
+        @producer_options = producers
+        @category_options = categories
+        @tax_category_options = tax_category_options
+      rescue ActiveRecord::ActiveRecordError => _e
+        flash.now[:error] = t('.error')
+        status = :unprocessable_entity
+        @product_index = "-1" # Create a unique enough index
+      end
+
+      respond_with do |format|
+        format.turbo_stream { render :clone, status: }
+      end
+    end
+
    def index_url(params)
      "/admin/products?#{params.to_query}" # todo: fix routing so this can be automaticly generated
    end
@@ -48,6 +114,7 @@ module Admin
      # prority is given to element dataset (if present) over url params
      @page = params[:page].presence || 1
      @per_page = params[:per_page].presence || 15
+      @q = params.permit(q: {})[:q] || { s: 'name asc' }
    end

    def producers
@@ -84,11 +151,13 @@ module Admin

    def ransack_query
      query = {}
-      query.merge!(supplier_id_in: @producer_id) if @producer_id.present?
+      query.merge!(variants_supplier_id_in: @producer_id) if @producer_id.present?
      if @search_term.present?
        query.merge!(Spree::Variant::SEARCH_KEY => @search_term)
      end
      query.merge!(variants_primary_taxon_id_in: @category_id) if @category_id.present?
+      query.merge!(@q) if @q
+
      query
    end

@@ -96,13 +165,13 @@ module Admin
    def product_query_includes
      [
        :image,
-        :supplier,
        { variants: [
          :default_price,
          :primary_taxon,
          :product,
          :stock_items,
          :tax_category,
+          :supplier,
        ] },
      ]
    end
@@ -142,3 +211,4 @@ module Admin
    end
  end
 end
+# rubocop:enable Metrics/ClassLength
--- a/app/controllers/admin/reports_controller.rb
+++ b/app/controllers/admin/reports_controller.rb
@@ -61,6 +61,9 @@ module Admin
    def render_in_background
      cable_ready[ScopedChannel.for_id(params[:uuid])]
        .inner_html(
+          selector: "#report-go",
+          html: helpers.button(t(:go), "report__submit-btn", "submit", disabled: true)
+        ).inner_html(
          selector: "#report-table",
          html: render_to_string(partial: "admin/reports/loading")
        ).scroll_into_view(
--- a/app/controllers/admin/resource_controller.rb
+++ b/app/controllers/admin/resource_controller.rb
@@ -146,7 +146,7 @@ module Admin
      return nil if parent_data.blank?

      @parent ||= parent_data[:model_class].
-        public_send("find_by", parent_data[:find_by] => params["#{model_name}_id"])
+        find_by(parent_data[:find_by] => params["#{model_name}_id"])
      instance_variable_set("@#{model_name}", @parent)
    end

--- a/app/controllers/admin/stripe_connect_settings_controller.rb
+++ b/app/controllers/admin/stripe_connect_settings_controller.rb
@@ -37,7 +37,7 @@ module Admin

    def obfuscated_secret_key
      key = Stripe.api_key
-      key.first(8) + "****" + key.last(4)
+      "#{key.first(8)}****#{key.last(4)}"
    end

    def settings_params
--- a/app/controllers/admin/tag_rules_controller.rb
+++ b/app/controllers/admin/tag_rules_controller.rb
@@ -5,7 +5,7 @@ module Admin
    respond_to :json

    respond_override destroy: { json: {
-      success: lambda { render body: nil, status: :no_content }
+      success: lambda { head :no_content }
    } }

    def map_by_tag
--- a/app/controllers/admin/variant_overrides_controller.rb
+++ b/app/controllers/admin/variant_overrides_controller.rb
@@ -88,7 +88,7 @@ module Admin
    end

    def modified_variant_overrides_ids
-      variant_overrides_params.map { |vo| vo[:id] }
+      variant_overrides_params.pluck(:id)
    end

    def collection_actions
--- a/app/controllers/api/v0/enterprise_fees_controller.rb
+++ b/app/controllers/api/v0/enterprise_fees_controller.rb
@@ -9,7 +9,7 @@ module Api
        authorize! :destroy, enterprise_fee

        if enterprise_fee.destroy
-          render plain: I18n.t(:successfully_removed), status: :no_content
+          head :no_content
        else
          render plain: enterprise_fee.errors.full_messages.first, status: :forbidden
        end
--- a/app/controllers/api/v0/order_cycles_controller.rb
+++ b/app/controllers/api/v0/order_cycles_controller.rb
@@ -7,9 +7,11 @@ module Api
      include ApiActionCaching

      skip_authorization_check
-      skip_before_action :authenticate_user, :ensure_api_key, only: [:taxons, :properties]
+      skip_before_action :authenticate_user, :ensure_api_key, only: [
+        :taxons, :properties, :producer_properties
+      ]

-      caches_action :taxons, :properties,
+      caches_action :taxons, :properties, :producer_properties,
                    expires_in: CacheService::FILTERS_EXPIRY,
                    cache_path: proc { |controller| controller.request.url }

@@ -41,7 +43,13 @@ module Api

      def properties
        render plain: ActiveModel::ArraySerializer.new(
-          product_properties | producer_properties, each_serializer: Api::PropertySerializer
+          product_properties, each_serializer: Api::PropertySerializer
+        ).to_json
+      end
+
+      def producer_properties
+        render plain: ActiveModel::ArraySerializer.new(
+          load_producer_properties, each_serializer: Api::PropertySerializer
        ).to_json
      end

@@ -58,7 +66,7 @@ module Api
          select('DISTINCT spree_properties.*')
      end

-      def producer_properties
+      def load_producer_properties
        producers = Enterprise.
          joins(:supplied_products).
          where(spree_products: { id: distributed_products })
@@ -86,8 +94,9 @@ module Api
      end

      def distributed_products
-        OrderCycles::DistributedProductsService.new(distributor, order_cycle,
-                                                    customer).products_relation
+        OrderCycles::DistributedProductsService.new(
+          distributor, order_cycle, customer
+        ).products_relation.pluck(:id)
      end
    end
  end
--- a/app/controllers/api/v0/products_controller.rb
+++ b/app/controllers/api/v0/products_controller.rb
@@ -42,8 +42,9 @@ module Api
        authorize! :delete, Spree::Product
        @product = product_finder.find_product
        authorize! :delete, @product
+        @product.destroyed_by = current_api_user
        @product.destroy
-        render json: @product, serializer: Api::Admin::ProductSerializer, status: :no_content
+        head :no_content
      end

      def bulk_products
@@ -53,7 +54,7 @@ module Api
      end

      def overridable
-        @products = product_finder.paged_products_for_producers
+        @products = product_finder.products_for_producers

        render_paged_products @products, ::Api::Admin::ProductSimpleSerializer
      end
--- a/app/controllers/api/v0/taxonomies_controller.rb
+++ b/app/controllers/api/v0/taxonomies_controller.rb
@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-
-module Api
-  module V0
-    class TaxonomiesController < Api::V0::BaseController
-      respond_to :json
-
-      skip_authorization_check only: :jstree
-
-      def jstree
-        @taxonomy = Spree::Taxonomy.find(params[:id])
-        render json: @taxonomy.root, serializer: Api::TaxonJstreeSerializer
-      end
-    end
-  end
-end
--- a/app/controllers/api/v0/taxons_controller.rb
+++ b/app/controllers/api/v0/taxons_controller.rb
@@ -5,12 +5,10 @@ module Api
    class TaxonsController < Api::V0::BaseController
      respond_to :json

-      skip_authorization_check only: [:index, :show, :jstree]
+      skip_authorization_check only: [:index, :show]

      def index
-        @taxons = if taxonomy
-                    taxonomy.root.children
-                  elsif params[:ids]
+        @taxons = if params[:ids]
                    Spree::Taxon.where(id: raw_params[:ids].split(","))
                  else
                    Spree::Taxon.ransack(raw_params[:q]).result
@@ -18,23 +16,9 @@ module Api
        render json: @taxons, each_serializer: Api::TaxonSerializer
      end

-      def jstree
-        @taxon = taxon
-        render json: @taxon.children, each_serializer: Api::TaxonJstreeSerializer
-      end
-
      def create
        authorize! :create, Spree::Taxon
        @taxon = Spree::Taxon.new(taxon_params)
-        @taxon.taxonomy_id = params[:taxonomy_id]
-        taxonomy = Spree::Taxonomy.find_by(id: params[:taxonomy_id])
-
-        if taxonomy.nil?
-          @taxon.errors.add(:taxonomy_id, I18n.t(:invalid_taxonomy_id, scope: 'spree.api'))
-          invalid_resource!(@taxon) && return
-        end
-
-        @taxon.parent_id = taxonomy.root.id unless params.dig(:taxon, :parent_id)

        if @taxon.save
          render json: @taxon, serializer: Api::TaxonSerializer, status: :created
@@ -55,25 +39,19 @@ module Api
      def destroy
        authorize! :delete, Spree::Taxon
        taxon.destroy
-        render json: taxon, serializer: Api::TaxonSerializer, status: :no_content
+        head :no_content
      end

      private

-      def taxonomy
-        return if params[:taxonomy_id].blank?
-
-        @taxonomy ||= Spree::Taxonomy.find(params[:taxonomy_id])
-      end
-
      def taxon
-        @taxon ||= taxonomy.taxons.find(params[:id])
+        @taxon = Spree::Taxon.find(params[:id])
      end

      def taxon_params
        return if params[:taxon].blank?

-        params.require(:taxon).permit([:name, :parent_id, :position])
+        params.require(:taxon).permit([:name, :position])
      end
    end
  end
--- a/app/controllers/api/v0/variants_controller.rb
+++ b/app/controllers/api/v0/variants_controller.rb
@@ -44,7 +44,7 @@ module Api
        authorize! :delete, @variant

        VariantDeleter.new.delete(@variant)
-        render json: @variant, serializer: Api::VariantSerializer, status: :no_content
+        head :no_content
      end

      private
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -28,7 +28,6 @@ class ApplicationController < ActionController::Base
  helper 'injection'
  helper 'markdown'
  helper 'footer_links'
-  helper 'discourse'
  helper 'checkout'
  helper 'link'
  helper 'terms_and_conditions'
@@ -61,7 +60,7 @@ class ApplicationController < ActionController::Base
    rescue StandardError
      'unknown'
    end}")
-    super(options, response_status)
+    super
  end

  def set_checkout_redirect
--- a/app/controllers/discourse_sso_controller.rb
+++ b/app/controllers/discourse_sso_controller.rb
@@ -1,52 +0,0 @@
-# frozen_string_literal: true
-
-require 'discourse/single_sign_on'
-
-class DiscourseSsoController < ApplicationController
-  include SharedHelper
-  include DiscourseHelper
-
-  before_action :require_config
-
-  def login
-    if require_activation?
-      redirect_to discourse_url
-    else
-      redirect_to discourse_login_url
-    end
-  end
-
-  def sso
-    if spree_current_user
-      begin
-        redirect_to sso_url
-      rescue TypeError
-        render plain: "Bad SingleSignOn request.", status: :bad_request
-      end
-    else
-      redirect_to login_path
-    end
-  end
-
-  private
-
-  def sso_url
-    secret = discourse_sso_secret!
-    sso = Discourse::SingleSignOn.parse(request.query_string, secret)
-    sso.email = spree_current_user.email
-    sso.username = spree_current_user.login
-    sso.external_id = spree_current_user.id
-    sso.sso_secret = secret
-    sso.admin = admin_user?
-    sso.require_activation = require_activation?
-    sso.to_url(discourse_sso_url)
-  end
-
-  def require_config
-    raise ActionController::RoutingError, 'Not Found' unless discourse_configured?
-  end
-
-  def require_activation?
-    !admin_user? && !spree_current_user.confirmed?
-  end
-end
--- a/app/controllers/spree/admin/base_controller.rb
+++ b/app/controllers/spree/admin/base_controller.rb
@@ -19,15 +19,18 @@ module Spree

      before_action :authorize_admin
      before_action :set_locale
-      before_action :warn_invalid_order_cycles, if: :html_request?
+      before_action :warn_invalid_order_cycles, if: :page_load_request?

      # Warn the user when they have an active order cycle with hubs that are not ready
      # for checkout (ie. does not have valid shipping and payment methods).
      def warn_invalid_order_cycles
-        return if flash[:notice].present?
+        return if flash[:notice].present? || session[:displayed_order_cycle_warning]

        warning = OrderCycles::WarningService.new(spree_current_user).call
-        flash[:notice] = warning if warning.present?
+        return if warning.blank?
+
+        flash.now[:notice] = warning
+        session[:displayed_order_cycle_warning] = true
      end

      protected
@@ -81,6 +84,12 @@ module Spree

      private

+      def page_load_request?
+        return false if request.format.include?('turbo')
+
+        html_request?
+      end
+
      def html_request?
        request.format.html?
      end
--- a/app/controllers/spree/admin/images_controller.rb
+++ b/app/controllers/spree/admin/images_controller.rb
@@ -3,6 +3,8 @@
 module Spree
  module Admin
    class ImagesController < ::Admin::ResourceController
+      helper ::Admin::ProductsHelper
+
      # This will make resource controller redirect correctly after deleting product images.
      # This can be removed after upgrading to Spree 2.1.
      # See here https://github.com/spree/spree/commit/334a011d2b8e16355e4ae77ae07cd93f7cbc8fd1
@@ -17,7 +19,10 @@ module Spree
      def new
        @url_filters = ::ProductFilters.new.extract(request.query_parameters)

-        render layout: !request.xhr?
+        respond_with do |format|
+          format.turbo_stream { render :edit }
+          format.all { render layout: !request.xhr? }
+        end
      end

      def edit
@@ -32,13 +37,14 @@ module Spree

        if @object.save
          flash[:success] = flash_message_for(@object, :successfully_created)
-          redirect_to location_after_save
+
+          respond_to do |format|
+            format.html { redirect_to location_after_save }
+            format.turbo_stream { render :update }
+          end
        else
-          respond_with(@object)
+          respond_with_error(@object.errors)
        end
-      rescue ActiveStorage::IntegrityError
-        @object.errors.add :attachment, :integrity_error
-        respond_with(@object)
      end

      def update
@@ -47,13 +53,14 @@ module Spree

        if @object.update(permitted_resource_params)
          flash[:success] = flash_message_for(@object, :successfully_updated)
-          redirect_to location_after_save
+
+          respond_to do |format|
+            format.html { redirect_to location_after_save }
+            format.turbo_stream
+          end
        else
-          respond_with(@object)
+          respond_with_error(@object.errors)
        end
-      rescue ActiveStorage::IntegrityError
-        @object.errors.add :attachment, :integrity_error
-        respond_with(@object)
      end

      def destroy
@@ -103,6 +110,14 @@ module Spree
          :attachment, :viewable_id, :alt
        )
      end
+
+      def respond_with_error(errors)
+        @errors = errors.map(&:full_message)
+        respond_to do |format|
+          format.html { respond_with(@object) }
+          format.turbo_stream { render :edit }
+        end
+      end
    end
  end
 end
--- a/app/controllers/spree/admin/invoices_controller.rb
+++ b/app/controllers/spree/admin/invoices_controller.rb
@@ -15,6 +15,8 @@ module Spree
        invoice_pdf = filepath(invoice_id)

        send_file(invoice_pdf, type: 'application/pdf', disposition: :inline)
+      rescue ActionController::MissingFile
+        render "errors/not_found", status: :not_found, formats: :html
      end

      def generate
--- a/app/controllers/spree/admin/product_properties_controller.rb
+++ b/app/controllers/spree/admin/product_properties_controller.rb
@@ -8,6 +8,7 @@ module Spree
      before_action :setup_property, only: [:index]

      def index
+        @supplier = @product.variants.first.supplier
        @url_filters = ::ProductFilters.new.extract(request.query_parameters)
      end

--- a/app/controllers/spree/admin/products_controller.rb
+++ b/app/controllers/spree/admin/products_controller.rb
@@ -10,8 +10,10 @@ module Spree
      include OpenFoodNetwork::SpreeApiKeyLoader
      include OrderCyclesHelper
      include EnterprisesHelper
+      helper ::Admin::ProductsHelper

      before_action :load_data
+      before_action :load_producers, only: [:index, :new]
      before_action :load_form_data, only: [:index, :new, :create, :edit, :update]
      before_action :load_spree_api_key, only: [:index, :variant_overrides]
      before_action :strip_new_properties, only: [:create, :update]
@@ -41,6 +43,7 @@ module Spree
            flash[:success] = flash_message_for(@object, :successfully_created)
            redirect_after_save
          else
+            load_producers
            # Re-fill the form with deleted params on product
            @on_hand = request.params[:product][:on_hand]
            @on_demand = request.params[:product][:on_demand]
@@ -52,14 +55,9 @@ module Spree
      def update
        @url_filters = ::ProductFilters.new.extract(request.query_parameters)

-        original_supplier_id = @product.supplier_id
        delete_stock_params_and_set_after do
          params[:product] ||= {} if params[:clear_product_properties]
          if @object.update(permitted_resource_params)
-            if original_supplier_id != @product.supplier_id
-              ExchangeVariantDeleter.new.delete(@product)
-            end
-
            flash[:success] = flash_message_for(@object, :successfully_updated)
          end
          redirect_to spree.edit_admin_product_url(@object, @url_filters)
@@ -157,12 +155,15 @@ module Spree
      end

      def load_form_data
-        @producers = OpenFoodNetwork::Permissions.new(spree_current_user).
-          managed_product_enterprises.is_primary_producer.by_name
        @taxons = Spree::Taxon.order(:name)
        @import_dates = product_import_dates.uniq.to_json
      end

+      def load_producers
+        @producers = OpenFoodNetwork::Permissions.new(spree_current_user).
+          managed_product_enterprises.is_primary_producer.by_name
+      end
+
      def product_import_dates
        options = [{ id: '0', name: '' }]
        product_import_dates_query.collect(&:import_date).
@@ -173,12 +174,10 @@ module Spree

      def product_import_dates_query
        Spree::Variant.
-          select('DISTINCT spree_variants.import_date').
-          joins(:product).
-          where(spree_products: { supplier_id: editable_enterprises.collect(&:id) }).
+          select('import_date').distinct.
+          where(supplier_id: editable_enterprises.collect(&:id)).
          where.not(spree_variants: { import_date: nil }).
-          where(spree_variants: { deleted_at: nil }).
-          order('spree_variants.import_date DESC')
+          order('import_date DESC')
      end

      def strip_new_properties
--- a/app/controllers/spree/admin/taxonomies_controller.rb
+++ b/app/controllers/spree/admin/taxonomies_controller.rb
@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-
-module Spree
-  module Admin
-    class TaxonomiesController < ::Admin::ResourceController
-      respond_to :json, only: [:get_children]
-
-      def get_children
-        @taxons = Taxon.find(params[:parent_id]).children
-      end
-
-      private
-
-      def location_after_save
-        if @taxonomy.created_at == @taxonomy.updated_at
-          spree.edit_admin_taxonomy_url(@taxonomy)
-        else
-          spree.admin_taxonomies_url
-        end
-      end
-
-      def permitted_resource_params
-        params.require(:taxonomy).permit(:name)
-      end
-    end
-  end
-end
--- a/app/controllers/spree/admin/taxons_controller.rb
+++ b/app/controllers/spree/admin/taxons_controller.rb
@@ -2,122 +2,70 @@

 module Spree
  module Admin
-    class TaxonsController < Spree::Admin::BaseController
-      respond_to :html, :json, :js
+    class TaxonsController < ::Admin::ResourceController
+      before_action :set_taxon, except: %i[create index new]

-      def edit
-        @taxonomy = Taxonomy.find(params[:taxonomy_id])
-        @taxon = @taxonomy.taxons.find(params[:id])
-        @permalink_part = @taxon.permalink.split("/").last
+      def index
+        @taxons = Taxon.order(:name)
      end

+      def new
+        @taxon = Taxon.new
+      end
+
+      def edit; end
+
      def create
-        @taxonomy = Taxonomy.find(params[:taxonomy_id])
-        @taxon = @taxonomy.taxons.build(params[:taxon])
+        @taxon = Spree::Taxon.new(taxon_params)
        if @taxon.save
-          respond_with(@taxon) do |format|
-            format.json { render json: @taxon.to_json }
-          end
+          flash[:success] = flash_message_for(@taxon, :successfully_created)
+          redirect_to edit_admin_taxon_path(@taxon.id)
        else
-          flash[:error] = Spree.t('errors.messages.could_not_create_taxon')
-          respond_with(@taxon) do |format|
-            format.html do
-              if redirect_to @taxonomy
-                spree.edit_admin_taxonomy_url(@taxonomy)
-              else
-                spree.admin_taxonomies_url
-              end
-            end
-          end
+          render :new, status: :unprocessable_entity
        end
      end

      def update
-        @taxonomy = Taxonomy.find(params[:taxonomy_id])
-        @taxon = @taxonomy.taxons.find(params[:id])
-        parent_id = params[:taxon][:parent_id]
-        new_position = params[:taxon][:position]
-
-        if parent_id || new_position # taxon is being moved
-          new_parent = parent_id.nil? ? @taxon.parent : Taxon.find(parent_id.to_i)
-          new_position = new_position.nil? ? -1 : new_position.to_i
-
-          # Bellow is a very complicated way of finding where in nested set we
-          # should actually move the taxon to achieve sane results,
-          # JS is giving us the desired position, which was awesome for previous setup,
-          # but now it's quite complicated to find where we should put it as we have
-          # to differenciate between moving to the same branch, up down and into
-          # first position.
-          new_siblings = new_parent.children
-          if new_position <= 0 && new_siblings.empty?
-            @taxon.move_to_child_of(new_parent)
-          elsif new_parent.id != @taxon.parent_id
-            if new_position.zero?
-              @taxon.move_to_left_of(new_siblings.first)
-            else
-              @taxon.move_to_right_of(new_siblings[new_position - 1])
-            end
-          elsif new_position < new_siblings.index(@taxon)
-            @taxon.move_to_left_of(new_siblings[new_position]) # we move up
-          else
-            @taxon.move_to_right_of(new_siblings[new_position - 1]) # we move down
-          end
-          # Reset legacy position, if any extensions still rely on it
-          new_parent.children.reload.each do |t|
-            t.update_columns(
-              position: t.position,
-              updated_at: Time.zone.now
-            )
-          end
-
-          if parent_id
-            @taxon.reload
-            @taxon.set_permalink
-            @taxon.save!
-            @update_children = true
-          end
-        end
-
-        if params.key? "permalink_part"
-          parent_permalink = @taxon.permalink.split("/")[0...-1].join("/")
-          parent_permalink += "/" if parent_permalink.present?
-          params[:taxon][:permalink] = parent_permalink + params[:permalink_part]
-        end
-        # check if we need to rename child taxons if parent name or permalink changes
-        if params[:taxon][:name] != @taxon.name || params[:taxon][:permalink] != @taxon.permalink
-          @update_children = true
-        end
-
        if @taxon.update(taxon_params)
          flash[:success] = flash_message_for(@taxon, :successfully_updated)
-        end
-
-        # rename child taxons
-        if @update_children
-          @taxon.descendants.each do |taxon|
-            taxon.reload
-            taxon.set_permalink
-            taxon.save!
-          end
-        end
-
-        respond_with(@taxon) do |format|
-          format.html { redirect_to spree.edit_admin_taxonomy_url(@taxonomy) }
-          format.json { render json: @taxon.to_json }
+          redirect_to edit_admin_taxon_path(@taxon.id)
+        else
+          render :edit, status: :unprocessable_entity
        end
      end

      def destroy
-        @taxon = Taxon.find(params[:id])
-        @taxon.destroy
-        respond_with(@taxon) { |format| format.json { render json: '' } }
+        status = if @taxon.destroy
+                   flash_message = t('.delete_taxon.success')
+                   status = :ok
+                 else
+                   flash_message = t('.delete_taxon.error')
+                   status = :unprocessable_entity
+                 end
+
+        respond_to do |format|
+          format.html {
+            flash[:success] = flash_message if status == :ok
+            flash[:error] = flash_message if status == :unprocessable_entity
+            redirect_to admin_taxons_path
+          }
+          format.turbo_stream {
+            flash[:success] = flash_message if status == :ok
+            flash[:error] = flash_message if status == :unprocessable_entity
+            render :destroy_taxon, status:
+          }
+        end
      end

      private

+      def set_taxon
+        @taxon = Taxon.find(params[:id])
+      end
+
      def taxon_params
        params.require(:taxon).permit(
-          :name, :parent_id, :position, :icon, :description, :permalink, :taxonomy_id,
+          :name, :position, :icon, :description, :permalink,
          :meta_description, :meta_keywords, :meta_title, :dfc_id
        )
      end
--- a/app/controllers/spree/admin/variants_controller.rb
+++ b/app/controllers/spree/admin/variants_controller.rb
@@ -46,7 +46,13 @@ module Spree
      def update
        @url_filters = ::ProductFilters.new.extract(request.query_parameters)

+        original_supplier_id = @object.supplier_id
+
        if @object.update(permitted_resource_params)
+          if original_supplier_id != @object.supplier_id
+            ExchangeVariantDeleter.new.delete(@object)
+          end
+
          flash[:success] = flash_message_for(@object, :successfully_updated)
          redirect_to spree.admin_product_variants_url(params[:product_id], @url_filters)
        else
@@ -113,6 +119,8 @@ module Spree
      private

      def load_data
+        @producers = OpenFoodNetwork::Permissions.new(spree_current_user).
+          managed_product_enterprises.is_primary_producer.by_name
        @tax_categories = TaxCategory.order(:name)
        @shipping_categories = ShippingCategory.order(:name)
      end
--- a/app/controllers/spree/users_controller.rb
+++ b/app/controllers/spree/users_controller.rb
@@ -47,14 +47,8 @@ module Spree
      @user = Spree::User.new(user_params)

      if @user.save
-        render cable_ready: cable_car.inner_html(
-          "#signup-feedback",
-          partial("layouts/alert",
-                  locals: {
-                    type: "success",
-                    message: t('devise.user_registrations.spree_user.signed_up_but_unconfirmed')
-                  })
-        )
+        flash[:success] = t('devise.user_registrations.spree_user.signed_up_but_unconfirmed')
+        render cable_ready: cable_car.redirect_to(url: main_app.root_path)
      else
        render status: :unprocessable_entity, cable_ready: cable_car.morph(
          "#signup-tab",
--- a/app/helpers/admin/enterprises_helper.rb
+++ b/app/helpers/admin/enterprises_helper.rb
@@ -14,6 +14,10 @@ module Admin
      producers.size == 1 ? producers.first.id : nil
    end

+    def managed_by_user?(enterprise)
+      enterprise.in?(spree_current_user.enterprises)
+    end
+
    def enterprise_side_menu_items(enterprise)
      is_shop = enterprise.sells != "none"
      show_properties = !!enterprise.is_primary_producer
@@ -22,7 +26,8 @@ module Admin
      show_enterprise_fees = can?(:manage_enterprise_fees,
                                  enterprise) && (is_shop || enterprise.is_primary_producer)
      show_connected_apps = can?(:manage_connected_apps, enterprise) &&
-                            feature?(:connected_apps, spree_current_user, enterprise)
+                            feature?(:connected_apps, spree_current_user, enterprise) &&
+                            Spree::Config.connected_apps_enabled.present?

      build_enterprise_side_menu_items(
        is_shop:,
@@ -34,6 +39,11 @@ module Admin
      )
    end

+    def connected_apps_enabled
+      connected_apps_enabled = Spree::Config.connected_apps_enabled&.split(',') || []
+      ConnectedApp::TYPES & connected_apps_enabled
+    end
+
    private

    def build_enterprise_side_menu_items(
@@ -62,8 +72,8 @@ module Admin
        { name: 'inventory_settings', icon_class: "icon-list-ol", show: is_shop },
        { name: 'tag_rules', icon_class: "icon-random", show: is_shop },
        { name: 'shop_preferences', icon_class: "icon-shopping-cart", show: is_shop },
-        { name: 'users', icon_class: "icon-user", show: true },
        { name: 'white_label', icon_class: "icon-leaf", show: true },
+        { name: 'users', icon_class: "icon-user", show: true },
        { name: 'connected_apps', icon_class: "icon-puzzle-piece", show: show_connected_apps },
      ]
    end
--- a/app/helpers/admin/orders_helper.rb
+++ b/app/helpers/admin/orders_helper.rb
@@ -11,9 +11,25 @@ module Admin
    def order_adjustments_for_display(order)
      order.adjustments +
        voucher_included_tax_representations(order) +
+        additional_tax_total_representation(order) +
        order.all_adjustments.payment_fee.eligible
    end

+    def additional_tax_total_representation(order)
+      adjustment = Spree::Adjustment.additional.tax.where(
+        order_id: order.id, adjustable_type: 'Spree::Adjustment'
+      ).sum(:amount)
+
+      return [] unless adjustment != 0
+
+      [
+        AdjustmentData.new(
+          I18n.t("admin.orders.edit.tax_on_fees"),
+          adjustment
+        )
+      ]
+    end
+
    def voucher_included_tax_representations(order)
      return [] unless VoucherAdjustmentsService.new(order).voucher_included_tax.negative?

--- a/app/helpers/admin/products_helper.rb
+++ b/app/helpers/admin/products_helper.rb
@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module Admin
+  module ProductsHelper
+    def product_image_form_path(product)
+      if product.image.present?
+        edit_admin_product_image_path(product.id, product.image.id)
+      else
+        new_admin_product_image_path(product.id)
+      end
+    end
+
+    def prepare_new_variant(product)
+      product.variants.build
+    end
+
+    def unit_value_with_description(variant)
+      precised_unit_value = nil
+
+      if variant.unit_value
+        scaled_unit_value = variant.unit_value / (variant.product.variant_unit_scale || 1)
+        precised_unit_value = number_with_precision(
+          scaled_unit_value,
+          precision: nil,
+          strip_insignificant_zeros: true,
+          significant: false,
+        )
+      end
+
+      [precised_unit_value, variant.unit_description].compact_blank.join(" ")
+    end
+
+    def products_return_to_url(url_filters)
+      if feature?(:admin_style_v3, spree_current_user)
+        return session[:products_return_to_url] || admin_products_url
+      end
+
+      "#{admin_products_path}#{url_filters.empty? ? '' : "#?#{url_filters.to_query}"}"
+    end
+  end
+end
--- a/app/helpers/bulk_form_builder.rb
+++ b/app/helpers/bulk_form_builder.rb
@@ -8,6 +8,6 @@ class BulkFormBuilder < ActionView::Helpers::FormBuilder
      opts[:class] = "#{opts[:class]} changed".strip
    end

-    super(field, **opts)
+    super
  end
 end
--- a/app/helpers/discourse_helper.rb
+++ b/app/helpers/discourse_helper.rb
@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-
-module DiscourseHelper
-  def discourse_configured?
-    discourse_url.present?
-  end
-
-  def discourse_url
-    ENV.fetch('DISCOURSE_URL', nil)
-  end
-
-  def discourse_login_url
-    discourse_url + '/login'
-  end
-
-  def discourse_sso_url
-    discourse_url + '/session/sso_login'
-  end
-
-  def discourse_url!
-    discourse_url || raise('Missing Discourse URL')
-  end
-
-  def discourse_sso_secret!
-    ENV['DISCOURSE_SSO_SECRET'] || raise('Missing SSO secret')
-  end
-end
--- a/app/helpers/enterprises_helper.rb
+++ b/app/helpers/enterprises_helper.rb
@@ -31,7 +31,7 @@ module EnterprisesHelper

  def enterprises_options(enterprises)
    enterprises.map { |enterprise|
-      [enterprise.name + ": " + enterprise.address.address1 + ", " + enterprise.address.city,
+      ["#{enterprise.name}: #{enterprise.address.address1}, #{enterprise.address.city}",
       enterprise.id.to_i]
    }
  end
--- a/app/helpers/i18n_helper.rb
+++ b/app/helpers/i18n_helper.rb
@@ -2,7 +2,7 @@

 module I18nHelper
  def locale_options
-    OpenFoodNetwork::I18nConfig.available_locales.map do |locale|
+    OpenFoodNetwork::I18nConfig.selectable_locales.map do |locale|
      [t('language_name', locale:), locale]
    end
  end
--- a/app/helpers/mailer_helper.rb
+++ b/app/helpers/mailer_helper.rb
@@ -10,4 +10,8 @@ module MailerHelper
      link_to ofn, "https://www.openfoodnetwork.org"
    end
  end
+
+  def order_reply_email(order)
+    order.distributor.email_address.presence || order.distributor.contact.email
+  end
 end
--- a/app/helpers/map_helper.rb
+++ b/app/helpers/map_helper.rb
@@ -2,7 +2,9 @@

 module MapHelper
  def using_google_maps?
-    ENV["GOOGLE_MAPS_API_KEY"].present? || google_maps_configured_with_geocoder_api_key?
+    !ContentConfig.open_street_map_enabled && (
+      ENV["GOOGLE_MAPS_API_KEY"].present? || google_maps_configured_with_geocoder_api_key?
+    )
  end

  private
--- a/app/helpers/spree/admin/base_helper.rb
+++ b/app/helpers/spree/admin/base_helper.rb
@@ -108,7 +108,7 @@ module Spree

        object.preferences.keys.map { |key|
          preference_label = form.label("preferred_#{key}",
-                                        Spree.t(key.to_s.gsub("_from_list", "")) + ": ")
+                                        "#{Spree.t(key.to_s.gsub('_from_list', ''))}: ")
          preference_field = preference_field_for(
            form,
            "preferred_#{key}",
@@ -120,7 +120,7 @@ module Spree

      def link_to_add_fields(name, target, options = {})
        name = '' if options[:no_text]
-        css_classes = options[:class] ? options[:class] + " spree_add_fields" : "spree_add_fields"
+        css_classes = options[:class] ? "#{options[:class]} spree_add_fields" : "spree_add_fields"
        link_to_with_icon('icon-plus',
                          name,
                          'javascript:',
--- a/app/helpers/spree/admin/orders_helper.rb
+++ b/app/helpers/spree/admin/orders_helper.rb
@@ -34,6 +34,10 @@ module Spree
        links
      end

+      def order_shipment_ready?(order)
+        order.ready_to_ship?
+      end
+
      private

      def complete_order_links(order)
--- a/app/helpers/spree/admin/taxons_helper.rb
+++ b/app/helpers/spree/admin/taxons_helper.rb
@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-
-module Spree
-  module Admin
-    module TaxonsHelper
-      def taxon_path(taxon)
-        taxon.ancestors.reverse.collect(&:name).join( " >> ")
-      end
-    end
-  end
-end
--- a/app/jobs/connect_app_job.rb
+++ b/app/jobs/connect_app_job.rb
@@ -17,10 +17,10 @@ class ConnectAppJob < ApplicationJob

    return unless channel

-    selector = "#edit_enterprise_#{enterprise.id} #connected-app-discover-regen"
+    selector = "#connected-app-discover-regen.enterprise_#{enterprise.id}"
    html = ApplicationController.render(
-      partial: "admin/enterprises/form/connected_apps",
-      locals: { enterprise: },
+      partial: "admin/enterprises/form/connected_apps/discover_regen",
+      locals: { enterprise:, connected_app: enterprise.connected_apps.discover_regen.first },
    )

    cable_ready[channel].morph(selector:, html:).broadcast
--- a/app/jobs/report_job.rb
+++ b/app/jobs/report_job.rb
@@ -39,10 +39,14 @@ class ReportJob < ApplicationJob
  end

  def broadcast_result(channel, format, blob)
-    cable_ready[channel].inner_html(
-      selector: "#report-table",
-      html: actioncable_content(format, blob)
-    ).broadcast
+    cable_ready[channel]
+      .inner_html(
+        selector: "#report-go",
+        html: Spree::Admin::BaseController.helpers.button(I18n.t(:go), "report__submit-btn")
+      ).inner_html(
+        selector: "#report-table",
+        html: actioncable_content(format, blob)
+      ).broadcast
  end

  def broadcast_error(channel)
@@ -53,7 +57,14 @@ class ReportJob < ApplicationJob
  end

  def actioncable_content(format, blob)
-    return blob.result if format.to_sym == :html
+    if format.to_sym == :html
+      return blob.result if blob.byte_size < 10**6 # 1 MB
+
+      return render(
+        partial: "admin/reports/display",
+        locals: { file_url: blob.expiring_service_url }
+      )
+    end

    render(partial: "admin/reports/download", locals: { file_url: blob.expiring_service_url })
  end
--- a/app/mailers/producer_mailer.rb
+++ b/app/mailers/producer_mailer.rb
@@ -60,11 +60,12 @@ class ProducerMailer < ApplicationMailer

  def line_items_from(order_cycle, producer)
    @line_items ||= Spree::LineItem.
-      includes(variant: [:product]).
+      includes(variant: :product).
+      joins(variant: :product).
      from_order_cycle(order_cycle).
-      sorted_by_name_and_unit_value.
-      merge(Spree::Product.with_deleted.in_supplier(producer)).
-      merge(Spree::Order.by_state(["complete", "resumed"]))
+      merge(Spree::Variant.with_deleted.where(supplier: producer)).
+      merge(Spree::Order.by_state(["complete", "resumed"])).
+      sorted_by_name_and_unit_value
  end

  def total_from_line_items(line_items)
@@ -81,7 +82,7 @@ class ProducerMailer < ApplicationMailer
    line_items.map do |line_item|
      {
        sku: line_item.variant.sku,
-        supplier_name: line_item.product.supplier.name,
+        supplier_name: line_item.variant.supplier.name,
        product_and_full_name: line_item.product_and_full_name,
        quantity: line_item.quantity,
        first_name: line_item.order.billing_address.first_name,
--- a/app/mailers/spree/user_mailer.rb
+++ b/app/mailers/spree/user_mailer.rb
@@ -25,7 +25,7 @@ module Spree
      @user = user
      I18n.with_locale valid_locale(@user) do
        mail(to: user.email,
-             subject: t(:welcome_to) + ' ' + Spree::Config[:site_name])
+             subject: "#{t(:welcome_to)} #{Spree::Config[:site_name]}")
      end
    end

--- a/app/models/concerns/file_preferences.rb
+++ b/app/models/concerns/file_preferences.rb
@@ -22,7 +22,7 @@ module FilePreferences
    if has_preference?("#{key}_blob_id")
      :file
    else
-      super(key)
+      super
    end
  end

--- a/app/models/concerns/line_item_stock_changes.rb
+++ b/app/models/concerns/line_item_stock_changes.rb
@@ -1,19 +0,0 @@
-# frozen_string_literal: true
-
-# Rails 5 introduced some breaking changes to these built-in methods, and the new versions
-# no longer work correctly in relation to decrementing stock with LineItems / VariantOverrides.
-# The following methods re-instate the pre-Rails-5 versions, which work as expected.
-# https://apidock.com/rails/v4.2.9/ActiveRecord/Persistence/increment%21
-# https://apidock.com/rails/v4.2.9/ActiveRecord/Persistence/decrement%21
-
-module LineItemStockChanges
-  extend ActiveSupport::Concern
-
-  def increment!(attribute, by = 1)
-    increment(attribute, by).update_attribute(attribute, self[attribute])
-  end
-
-  def decrement!(attribute, by = 1)
-    decrement(attribute, by).update_attribute(attribute, self[attribute])
-  end
-end
--- a/app/models/concerns/log_destroy_performer.rb
+++ b/app/models/concerns/log_destroy_performer.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'active_support/concern'
+
+module LogDestroyPerformer
+  extend ActiveSupport::Concern
+  included do
+    attr_accessor :destroyed_by
+
+    after_destroy :log_who_destroyed
+
+    def log_who_destroyed
+      message = if destroyed_by.nil?
+                  "#{self.class} #{id} deleted"
+                else
+                  "#{self.class} #{id} deleted by #{destroyed_by.id} <#{destroyed_by.email}>"
+                end
+      Rails.logger.info message
+    end
+  end
+end
--- a/app/models/connected_app.rb
+++ b/app/models/connected_app.rb
@@ -4,8 +4,34 @@
 #
 # Here we store keys and links to access the app.
 class ConnectedApp < ApplicationRecord
+  TYPES = ['discover_regen', 'affiliate_sales_data'].freeze
+
  belongs_to :enterprise
+  after_destroy :disconnect
+
+  scope :discover_regen, -> { where(type: "ConnectedApp") }
+  scope :affiliate_sales_data, -> { where(type: "ConnectedApps::AffiliateSalesData") }

  scope :connecting, -> { where(data: nil) }
  scope :ready, -> { where.not(data: nil) }
+
+  def connecting?
+    data.nil?
+  end
+
+  def ready?
+    !connecting?
+  end
+
+  def connect(api_key:, channel:)
+    ConnectAppJob.perform_later(self, api_key, channel:)
+  end
+
+  def disconnect
+    WebhookDeliveryJob.perform_later(
+      data["destroy"],
+      "disconnect-app",
+      nil
+    )
+  end
 end
--- a/app/models/connected_apps/affiliate_sales_data.rb
+++ b/app/models/connected_apps/affiliate_sales_data.rb
@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+# An enterprise can opt-in for their data to be included in the affiliate_sales_data endpoint
+#
+module ConnectedApps
+  class AffiliateSalesData < ConnectedApp
+    def connect(_opts)
+      update! data: true # not-nil value indicates it is ready
+    end
+
+    def disconnect; end
+  end
+end
--- a/app/models/custom_tab.rb
+++ b/app/models/custom_tab.rb
@@ -4,4 +4,14 @@ class CustomTab < ApplicationRecord
  belongs_to :enterprise

  validates :title, presence: true, length: { maximum: 20 }
+
+  # Remove any unsupported HTML.
+  def content
+    HtmlSanitizer.sanitize(super)
+  end
+
+  # Remove any unsupported HTML.
+  def content=(html)
+    super(HtmlSanitizer.sanitize(html))
+  end
 end
--- a/app/models/enterprise.rb
+++ b/app/models/enterprise.rb
@@ -1,5 +1,7 @@
 # frozen_string_literal: false

+require "mini_magick"
+
 class Enterprise < ApplicationRecord
  SELLS = %w(unspecified none own any).freeze
  ENTERPRISE_SEARCH_RADIUS = 100
@@ -39,13 +41,13 @@ class Enterprise < ApplicationRecord
                                   class_name: 'EnterpriseGroup'
  has_many :producer_properties, foreign_key: 'producer_id', dependent: :destroy
  has_many :properties, through: :producer_properties
-  has_many :supplied_products, class_name: 'Spree::Product',
-                               foreign_key: 'supplier_id',
-                               dependent: :destroy
-  has_many :supplied_variants, through: :supplied_products, source: :variants
+  has_many :supplied_variants,
+           class_name: 'Spree::Variant', foreign_key: 'supplier_id', dependent: :destroy
+  has_many :supplied_products, through: :supplied_variants, source: :product
  has_many :distributed_orders, class_name: 'Spree::Order',
                                foreign_key: 'distributor_id',
                                dependent: :restrict_with_exception
+
  belongs_to :address, class_name: 'Spree::Address'
  belongs_to :business_address, optional: true, class_name: 'Spree::Address', dependent: :destroy
  has_many :enterprise_fees, dependent: :restrict_with_exception
@@ -167,7 +169,7 @@ class Enterprise < ApplicationRecord
  scope :is_distributor, -> { where.not(sells: 'none') }
  scope :is_hub, -> { where(sells: 'any') }
  scope :supplying_variant_in, lambda { |variants|
-    joins(supplied_products: :variants).
+    joins(:supplied_variants).
      where(spree_variants: { id: variants }).
      select('DISTINCT enterprises.*')
  }
@@ -205,14 +207,14 @@ class Enterprise < ApplicationRecord
      select('DISTINCT enterprises.*')
  }

-  scope :distributing_products, lambda { |product_ids|
+  scope :distributing_variants, lambda { |variants_ids|
    exchanges = joins("
        INNER JOIN exchanges
-          ON (exchanges.receiver_id = enterprises.id AND exchanges.incoming = 'f')
+          ON (exchanges.receiver_id = enterprises.id AND exchanges.incoming = false)
      ").
      joins('INNER JOIN exchange_variants ON (exchange_variants.exchange_id = exchanges.id)').
      joins('INNER JOIN spree_variants ON (spree_variants.id = exchange_variants.variant_id)').
-      where(spree_variants: { product_id: product_ids }).select('DISTINCT enterprises.id')
+      where(spree_variants: { id: variants_ids }).select('DISTINCT enterprises.id')

    where(id: exchanges)
  }
@@ -247,6 +249,16 @@ class Enterprise < ApplicationRecord
    count(distinct: true)
  end

+  # Remove any unsupported HTML.
+  def long_description
+    HtmlSanitizer.sanitize(super)
+  end
+
+  # Remove any unsupported HTML.
+  def long_description=(html)
+    super(HtmlSanitizer.sanitize(html))
+  end
+
  def contact
    contact = users.where(enterprise_roles: { receives_notifications: true }).first
    contact || owner
@@ -366,7 +378,7 @@ class Enterprise < ApplicationRecord
  def category
    # Make this crazy logic human readable so we can argue about it sanely.
    cat = is_primary_producer ? "producer_" : "non_producer_"
-    cat << ("sells_" + sells)
+    cat << ("sells_#{sells}")

    # Map backend cases to front end cases.
    case cat
@@ -417,10 +429,9 @@ class Enterprise < ApplicationRecord
    test_permalink = UrlGenerator.to_url(test_permalink)
    test_permalink = "my-enterprise" if test_permalink.blank?
    existing = Enterprise.
-      select(:permalink).
      order(:permalink).
      where("permalink LIKE ?", "#{test_permalink}%").
-      map(&:permalink)
+      pluck(:permalink)

    if existing.include?(test_permalink)
      used_indices = existing.map do |p|
@@ -500,7 +511,7 @@ class Enterprise < ApplicationRecord
  end

  def correct_whatsapp_url(phone_number)
-    phone_number && ("https://wa.me/" + phone_number.tr('+ ', ''))
+    phone_number && "https://wa.me/#{phone_number.tr('+ ', '')}"
  end

  def correct_instagram_url(url)
@@ -588,7 +599,7 @@ class Enterprise < ApplicationRecord
  # Touch distributors without them touching their distributors.
  # We avoid an infinite loop and don't need to touch the whole distributor tree.
  def touch_distributors
-    Enterprise.distributing_products(supplied_products.select(:id)).
+    Enterprise.distributing_variants(supplied_variants.select(:id)).
      where.not(enterprises: { id: }).
      update_all(updated_at: Time.zone.now)
  end
--- a/app/models/enterprise_group.rb
+++ b/app/models/enterprise_group.rb
@@ -74,6 +74,16 @@ class EnterpriseGroup < ApplicationRecord
    permalink
  end

+  # Remove any unsupported HTML.
+  def long_description
+    HtmlSanitizer.sanitize(super)
+  end
+
+  # Remove any unsupported HTML.
+  def long_description=(html)
+    super(HtmlSanitizer.sanitize(html))
+  end
+
  private

  def sanitize_permalink
--- a/app/models/enterprise_relationship.rb
+++ b/app/models/enterprise_relationship.rb
@@ -108,6 +108,6 @@ class EnterpriseRelationship < ApplicationRecord

  def child_variant_overrides
    VariantOverride.unscoped.for_hubs(child)
-      .joins(variant: :product).where(spree_products: { supplier_id: parent })
+      .joins(:variant).where(spree_variants: { supplier_id: parent } )
  end
 end
--- a/app/models/order_cycle.rb
+++ b/app/models/order_cycle.rb
@@ -24,6 +24,7 @@ class OrderCycle < ApplicationRecord
                                         where incoming: false
                                       }, class_name: "Exchange", dependent: :destroy

+  has_many :orders, class_name: 'Spree::Order', dependent: :restrict_with_exception
  has_many :suppliers, -> { distinct }, source: :sender, through: :cached_incoming_exchanges
  has_many :distributors, -> { distinct }, source: :receiver, through: :cached_outgoing_exchanges
  has_many :order_cycle_schedules, dependent: :destroy
@@ -253,7 +254,7 @@ class OrderCycle < ApplicationRecord
  end

  def pickup_time_for(distributor)
-    exchange_for_distributor(distributor)&.pickup_time || distributor.next_collection_at
+    exchange_for_distributor(distributor)&.pickup_time
  end

  def pickup_instructions_for(distributor)
--- a/app/models/product_import/entry_processor.rb
+++ b/app/models/product_import/entry_processor.rb
@@ -54,10 +54,7 @@ module ProductImport
          if settings.importing_into_inventory?
            VariantOverride.for_hubs([enterprise_id]).count
          else
-            Spree::Variant.
-              joins(:product).
-              where(spree_products: { supplier_id: enterprise_id }).
-              count
+            Spree::Variant.where(supplier_id: enterprise_id).count
          end

        @enterprise_products[enterprise_id] = products_count
@@ -165,11 +162,10 @@ module ProductImport
        return
      end

-      product = Spree::Product.new
+      product = Spree::Product.new(supplier_id: entry.enterprise_id)
      product.assign_attributes(
        entry.assignable_attributes.except('id', 'on_hand', 'on_demand', 'display_name')
      )
-      product.supplier_id = entry.producer_id

      if product.save
        ensure_variant_updated(product, entry)
@@ -228,10 +224,13 @@ module ProductImport
      # Ensure attributes are correctly copied to a new product's variant
      variant = product.variants.first
      variant.display_name = entry.display_name if entry.display_name
+      variant.import_date = @import_time
+      variant.supplier_id = entry.producer_id
+      variant.save
+
+      # on_demand and on_hand require a stock level, which is created after the variant is created
      variant.on_demand = entry.on_demand if entry.on_demand
      variant.on_hand = entry.on_hand if entry.on_hand
-      variant.import_date = @import_time
-      variant.save
    end
  end
 end
--- a/app/models/product_import/entry_validator.rb
+++ b/app/models/product_import/entry_validator.rb
@@ -73,6 +73,7 @@ module ProductImport
      # Variant needs a product. Product needs to be assigned first in order for
      # delegate to work. name= will fail otherwise.
      new_variant = Spree::Variant.new(product_id:, **variant_attributes)
+      new_variant.supplier_id = entry.producer_id

      new_variant.save
      if new_variant.persisted?
@@ -287,9 +288,7 @@ module ProductImport
    end

    def inventory_validation(entry)
-      products = Spree::Product.where(supplier_id: entry.producer_id,
-                                      name: entry.name,
-                                      deleted_at: nil)
+      products = Spree::Product.in_supplier(entry.producer_id).where(name: entry.name)

      if products.empty?
        mark_as_invalid(entry, attribute: 'name',
@@ -358,9 +357,7 @@ module ProductImport
    end

    def product_validation(entry)
-      products = Spree::Product.where(supplier_id: entry.enterprise_id,
-                                      name: entry.name,
-                                      deleted_at: nil)
+      products = Spree::Product.in_supplier(entry.enterprise_id).where(name: entry.name)

      if products.empty?
        mark_as_new_product(entry)
@@ -380,11 +377,10 @@ module ProductImport
    end

    def mark_as_new_product(entry)
-      new_product = Spree::Product.new
+      new_product = Spree::Product.new(supplier_id: entry.enterprise_id)
      new_product.assign_attributes(
        entry.assignable_attributes.except('id', 'on_hand', 'on_demand', 'display_name')
      )
-      new_product.supplier_id = entry.producer_id
      entry.on_hand = 0 if entry.on_hand.nil?

      if new_product.valid?
--- a/app/models/product_import/product_importer.rb
+++ b/app/models/product_import/product_importer.rb
@@ -287,8 +287,6 @@ module ProductImport
    end

    def delete_uploaded_file
-      return unless @file.path == Rails.root.join("tmp/product_import").to_s
-
      File.delete(@file)
    end

--- a/app/models/spree/ability.rb
+++ b/app/models/spree/ability.rb
@@ -39,7 +39,6 @@ module Spree
        can [:index, :read], StockLocation
        can [:index, :read], StockMovement
        can [:index, :read], Taxon
-        can [:index, :read], Taxonomy
        can [:index, :read], Variant
        can [:index, :read], Zone
      end
@@ -189,20 +188,22 @@ module Spree
           :seo, :group_buy_options,
           :bulk_update, :clone, :delete,
           :destroy], Spree::Product do |product|
-        OpenFoodNetwork::Permissions.new(user).managed_product_enterprises.include? product.supplier
+        OpenFoodNetwork::Permissions.new(user).managed_product_enterprises.include?(
+          product.variants.first.supplier
+        )
      end

-      can [:admin, :index, :bulk_update], :products_v3
+      can [:admin, :index, :bulk_update, :destroy, :destroy_variant, :clone], :products_v3

      can [:create], Spree::Variant
      can [:admin, :index, :read, :edit,
           :update, :search, :delete, :destroy], Spree::Variant do |variant|
        OpenFoodNetwork::Permissions.new(user).
-          managed_product_enterprises.include? variant.product.supplier
+          managed_product_enterprises.include? variant.supplier
      end

      can [:admin, :index, :read, :update, :bulk_update, :bulk_reset], VariantOverride do |vo|
-        next false unless vo.hub.present? && vo.variant&.product&.supplier.present?
+        next false unless vo.hub.present? && vo.variant&.supplier.present?

        hub_auth = OpenFoodNetwork::Permissions.new(user).
          variant_override_hubs.
@@ -210,14 +211,14 @@ module Spree

        producer_auth = OpenFoodNetwork::Permissions.new(user).
          variant_override_producers.
-          include? vo.variant.product.supplier
+          include? vo.variant.supplier

        hub_auth && producer_auth
      end

      can [:admin, :create, :update], InventoryItem do |ii|
        next false unless ii.enterprise.present? &&
-                          ii.variant&.product&.supplier.present?
+                          ii.variant&.supplier.present?

        hub_auth = OpenFoodNetwork::Permissions.new(user).
          variant_override_hubs.
@@ -225,7 +226,7 @@ module Spree

        producer_auth = OpenFoodNetwork::Permissions.new(user).
          variant_override_producers.
-          include? ii.variant.product.supplier
+          include? ii.variant.supplier

        hub_auth && producer_auth
      end
--- a/app/models/spree/app_configuration.rb
+++ b/app/models/spree/app_configuration.rb
@@ -139,5 +139,8 @@ module Spree

    # Available units
    preference :available_units, :string, default: "g,kg,T,mL,L,kL"
+
+    # Connected Apps
+    preference :connected_apps_enabled, :string, default: nil
  end
 end
--- a/app/models/spree/credit_card.rb
+++ b/app/models/spree/credit_card.rb
@@ -30,7 +30,7 @@ module Spree

    def expiry=(expiry)
      self[:month], self[:year] = expiry.split(" / ")
-      self[:year] = "20" + self[:year]
+      self[:year] = "20#{self[:year]}"
    end

    def number=(num)
--- a/app/models/spree/image.rb
+++ b/app/models/spree/image.rb
@@ -1,5 +1,7 @@
 # frozen_string_literal: true

+require "mini_magick"
+
 module Spree
  class Image < Asset
    has_one_attached :attachment, service: image_service do |attachment|
--- a/Show More
+++ b/Show More